Jump to content

tacticaltal

Members
  • Content Count

    210
  • Joined

  • Last visited

Everything posted by tacticaltal

  1. I haven't had enough time to run eset yet, and the computer is doing a bit better, but I'm still having issues with a "low on memory" error. I don't know if this is malware or if it's a valid error. It's very annoying to have to reboot all the time.
  2. I wasn't able to find that folder. Here's the log from MalwareBytes: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 6/15/2016 Scan Time: 10:01 PM Logfile: Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.06.15.06 Rootkit Database: v2016.05.27.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 10 CPU: x64 File System: NTFS User: tacti_000 Scan Type: Threat Scan Result: Completed Objects Scanned: 304991 Time Elapsed: 5 min, 57 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 2 PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\HowToRemove, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25], PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25], Files: 21 PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\HowToRemove\HowToRemove.html, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25], PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\HowToRemove\chromium-min.jpg, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25], PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\HowToRemove\control panel-min-min.JPG, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25], PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\HowToRemove\down.png, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25], PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\HowToRemove\ff menu.JPG, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25], PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\HowToRemove\ff search engine-min.png, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25], PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\HowToRemove\hp-min ff.png, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25], PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\HowToRemove\hp-min ie.png, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25], PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\HowToRemove\search engine.gif, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25], PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\HowToRemove\setup pages.gif, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25], PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\HowToRemove\sp-min.png, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25], PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\HowToRemove\start-min.jpg, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25], PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\HowToRemove\up.png, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25], PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\config.dat, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25], PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\data, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25], PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\info.dat, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25], PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\install.log, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25], PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\Sqlite3.dll, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25], PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\STTL.DAT, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25], PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\TTL.DAT, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25], PUP.Optional.WinYahoo, C:\Users\tacti_000\AppData\Local\{D3C7E59B-F76F-8923-9AF7-ACCBBE9F5053}\uninst.dat, Quarantined, [d46eae4f3d5c48ee2fca6627c143db25], Physical Sectors: 0 (No malicious items detected) (end)
  3. I can't seem to find the "UNINST~1.EXE" part of C:\Users\TACTI_~1\AppData\Local\{D3C7E~1\UNINST~1.EXE. I find a UNINST.DAT file, would that be it, though it isn't an exe file? CORRECTION: I'm running Windows 10. Fix result of Farbar Recovery Scan Tool (x64) Version:15-06-2016 Ran by tacti_000 (2016-06-15 13:11:19) Run:1 Running from C:\Users\tacti_000\Desktop Loaded Profiles: tacti_000 (Available Profiles: tacti_000) Boot Mode: Normal ============================================== fixlist content: ***************** start CreateRestorePoint: CloseProcesses: HKLM-x32\...\Run: [] => [X] SearchScopes: HKU\S-1-5-21-4084636481-732014058-1395683245-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4084636481-732014058-1395683245-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = Task: {07DEEDD2-16C9-490B-A73F-2B2190810079} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {2F896C0F-E7F7-41C5-84C0-176BEFE21143} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {4A1C8436-5E1B-41D7-9F17-E8CAF8428E11} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {69366F22-A166-447F-873D-7F13E35F2718} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION Task: {6EA1074E-1992-4271-856B-ECCFB880591E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {7C54EF69-1F8D-43B7-ABA7-7D80E4F406A2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {82D4BAB0-7437-4713-BACF-2BD10FDD8F74} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {9AF879BA-F78C-4833-A58E-62CBE2093290} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {BA67C09E-7E9E-4849-9A2C-CC4E3732B1D1} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {BA6EA267-2DBD-42D5-B987-923814D8794E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {BCD69540-5540-4335-A9B0-B9F3672996DA} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {C64A147E-CF55-4508-9E04-0FE58F89E3D0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {F58E2DE7-2081-448F-8FA6-13F8F81A1045} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION EmptyTemp: Hosts: End ***************** Restore point was successfully created. Processes closed successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully "HKU\S-1-5-21-4084636481-732014058-1395683245-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. "HKU\S-1-5-21-4084636481-732014058-1395683245-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}" => key removed successfully HKCR\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{07DEEDD2-16C9-490B-A73F-2B2190810079}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07DEEDD2-16C9-490B-A73F-2B2190810079}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F896C0F-E7F7-41C5-84C0-176BEFE21143}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F896C0F-E7F7-41C5-84C0-176BEFE21143}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4A1C8436-5E1B-41D7-9F17-E8CAF8428E11}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A1C8436-5E1B-41D7-9F17-E8CAF8428E11}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{69366F22-A166-447F-873D-7F13E35F2718}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69366F22-A166-447F-873D-7F13E35F2718}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6EA1074E-1992-4271-856B-ECCFB880591E}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6EA1074E-1992-4271-856B-ECCFB880591E}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7C54EF69-1F8D-43B7-ABA7-7D80E4F406A2}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C54EF69-1F8D-43B7-ABA7-7D80E4F406A2}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{82D4BAB0-7437-4713-BACF-2BD10FDD8F74}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82D4BAB0-7437-4713-BACF-2BD10FDD8F74}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9AF879BA-F78C-4833-A58E-62CBE2093290}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9AF879BA-F78C-4833-A58E-62CBE2093290}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BA67C09E-7E9E-4849-9A2C-CC4E3732B1D1}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA67C09E-7E9E-4849-9A2C-CC4E3732B1D1}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BA6EA267-2DBD-42D5-B987-923814D8794E}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA6EA267-2DBD-42D5-B987-923814D8794E}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BCD69540-5540-4335-A9B0-B9F3672996DA}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BCD69540-5540-4335-A9B0-B9F3672996DA}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C64A147E-CF55-4508-9E04-0FE58F89E3D0}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C64A147E-CF55-4508-9E04-0FE58F89E3D0}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F58E2DE7-2081-448F-8FA6-13F8F81A1045}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F58E2DE7-2081-448F-8FA6-13F8F81A1045}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. EmptyTemp: => 968.2 MB temporary data Removed. The system needed a reboot. ==== End of Fixlog 13:11:51 ==== # AdwCleaner v5.200 - Logfile created 15/06/2016 at 13:19:29 # Updated 14/06/2016 by ToolsLib # Database : 2016-06-15.1 [server] # Operating system : Windows 10 Home (X64) # Username : tacti_000 - OFFICE # Running from : C:\Users\tacti_000\Desktop\AdwCleaner.exe # Option : Clean # Support : https://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** ***** [ Files ] ***** ***** [ DLLs ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** [-] Task Deleted : updateTask ***** [ Registry ] ***** [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1 [-] Key Deleted : HKCU\Software\darwendlm [-] Key Deleted : HKCU\Software\distromatic [-] Key Deleted : HKCU\Software\yahooprovidedsearch ***** [ Web browsers ] ***** [-] [C:\Users\tacti_000\AppData\Roaming\Mozilla\Firefox\Profiles\6y2xb6kv.default\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark._9pMembers_.lastActivePing", "1462763279639"); [-] [C:\Users\tacti_000\AppData\Roaming\Mozilla\Firefox\Profiles\6y2xb6kv.default\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", false); [-] [C:\Users\tacti_000\AppData\Roaming\Mozilla\Firefox\Profiles\6y2xb6kv.default\prefs.js] Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "[email protected]"); [-] [C:\Users\tacti_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : aol.com [-] [C:\Users\tacti_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : ask.com [-] [C:\Users\tacti_000\AppData\Local\Chromium\User Data\Default\Web Data] [search Provider] Deleted : search provided by yahoo [-] [C:\Users\tacti_000\AppData\Local\Chromium\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dwndlm_15_48_ssg01&param1=1&param2=f%3D1%26b%3Dchmm%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Fzz0BtCyDyC0Azy0AtBtA0FyCyBtCtAtN0D0Tzu0StCyEtBtBtN1L2XzutAtFtCyDtFtAtFtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StByC0C0Bzy0DyB0EtGtBtByD0BtGyEzz0BtBtGyDtA0D0BtG0E0C0DzztA0CtAyB0CyCtA0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtB0DtAtA0D0D0EtGyByD0C0FtGyEzz0BtCtGzy0DyCyCtGtC0EtCzy0CyEtB0ByE0F0Czz2QtN0A0LzuyE%26cr%3D1586293862%26a%3Dwncy_dwndlm_15_48_ssg01%26os%3DWindows%2B8&uref=chmm ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [2721 bytes] - [15/06/2016 13:19:29] C:\AdwCleaner\AdwCleaner[s1].txt - [2952 bytes] - [15/06/2016 13:16:29] ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2867 bytes] ##########
  4. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2016 Ran by tacti_000 (administrator) on OFFICE (14-06-2016 22:38:00) Running from C:\Users\tacti_000\Downloads Loaded Profiles: tacti_000 (Available Profiles: tacti_000) Platform: Windows 10 Home Version 1511 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe (Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-04] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1804432 2015-11-10] (NVIDIA Corporation) HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.) HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe HKU\S-1-5-21-4084636481-732014058-1395683245-1001\...\Run: [MP3 Skype recorder] => C:\Users\tacti_000\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe [2224280 2016-03-16] (Domit UK LTD) ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2015-12-07] (SoftThinks SAS) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2015-12-07] (SoftThinks SAS) ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2015-12-07] (SoftThinks SAS) ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2015-12-07] (SoftThinks SAS) Startup: C:\Users\tacti_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2016-05-30] ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech) Startup: C:\Users\tacti_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1510 series.lnk [2016-06-13] ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1510 series.lnk -> C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 64.233.219.99 64.233.206.99 Tcpip\..\Interfaces\{7ffd6809-9ae7-459f-9381-1c35b70d7daf}: [DhcpNameServer] 64.233.219.99 64.233.206.99 Internet Explorer: ================== HKU\S-1-5-21-4084636481-732014058-1395683245-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://yahoo.com/ SearchScopes: HKU\S-1-5-21-4084636481-732014058-1395683245-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4084636481-732014058-1395683245-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2012-12-28] (Qualcomm Atheros Commnucations) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.) Toolbar: HKU\S-1-5-21-4084636481-732014058-1395683245-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.) DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://www.pcpitstop.com/nirvana/controls/pcmatic.cab Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\tacti_000\AppData\Roaming\Mozilla\Firefox\Profiles\6y2xb6kv.default FF DefaultSearchEngine.US: Google FF Homepage: yahoo.com FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-12] () FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-07-16] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-07-16] (Intel Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File] FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-05] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-05] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.) FF Extension: Flash and Video Download - C:\Users\tacti_000\AppData\Roaming\Mozilla\Firefox\Profiles\6y2xb6kv.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2016-05-26] FF Extension: Flashblock - C:\Users\tacti_000\AppData\Roaming\Mozilla\Firefox\Profiles\6y2xb6kv.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2016-06-10] FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25] FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => not found Chrome: ======= CHR HomePage: Default -> hxxp://yahoo.com/ CHR Profile: C:\Users\tacti_000\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\tacti_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-11] CHR Extension: (Google Docs) - C:\Users\tacti_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-11] CHR Extension: (Google Drive) - C:\Users\tacti_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-11] CHR Extension: (YouTube) - C:\Users\tacti_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-11] CHR Extension: (Google Sheets) - C:\Users\tacti_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-11] CHR Extension: (Google Docs Offline) - C:\Users\tacti_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-11] CHR Extension: (Yahoo Homepage) - C:\Users\tacti_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccfgghhbihbhomnlnadpjhkhmmboanj [2016-06-11] CHR Extension: (My Browser Page) - C:\Users\tacti_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghfknlgajlcihkhkhnlcoffhbohnlbg [2016-06-11] CHR Extension: (Chrome Web Store Payments) - C:\Users\tacti_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-11] CHR Extension: (Gmail) - C:\Users\tacti_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-11] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation) R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-03-10] (Dell Inc.) R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-03-10] (Dell Inc.) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation) R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed] S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation) R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-07-16] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-07-16] (Intel Corporation) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] () R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-04] (Realtek Semiconductor) R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2065808 2016-01-04] (SoftThinks SAS) R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-04-22] (Dell Inc.) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation) R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros) [File not signed] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\System32\drivers\athw10x.sys [4318760 2015-08-13] (Qualcomm Atheros Communications, Inc.) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [32464 2015-09-11] (Dell Computer Corporation) R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-09-11] (Dell Computer Corporation) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197264 2012-05-28] (McAfee, Inc.) S3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [328976 2012-11-02] (McAfee, Inc.) S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [97208 2012-11-02] (McAfee, Inc.) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-06-14 22:38 - 2016-06-14 22:38 - 00018165 _____ C:\Users\tacti_000\Downloads\FRST.txt 2016-06-14 22:37 - 2016-06-14 22:38 - 00000000 ____D C:\FRST 2016-06-14 22:35 - 2016-06-14 22:37 - 02385920 _____ (Farbar) C:\Users\tacti_000\Downloads\FRST64.exe 2016-06-14 22:35 - 2016-06-14 22:35 - 01736192 _____ (Farbar) C:\Users\tacti_000\Downloads\FRST.exe 2016-06-13 23:46 - 2016-06-13 23:46 - 00000220 _____ C:\Users\tacti_000\Desktop\User to User Help - PC Pitstop Forums.url 2016-06-13 23:02 - 2016-06-13 23:02 - 00000239 _____ C:\Users\tacti_000\Desktop\SESSION_HAS_VALID_VIEWS_ON_EXIT - User to User Help - PC Pitstop Forums.url 2016-06-13 22:47 - 2016-06-13 22:47 - 542849877 _____ C:\WINDOWS\MEMORY.DMP 2016-06-13 22:47 - 2016-06-13 22:47 - 00179628 _____ C:\WINDOWS\Minidump\061316-21328-01.dmp 2016-06-13 22:47 - 2016-06-13 22:47 - 00000000 ____D C:\WINDOWS\Minidump 2016-06-11 23:56 - 2016-06-11 23:56 - 00000194 _____ C:\Users\tacti_000\Desktop\Guitar Lessons Upgrade.url 2016-06-11 00:42 - 2016-06-11 00:42 - 00002346 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-06-11 00:42 - 2016-06-11 00:42 - 00002334 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-06-10 22:51 - 2016-06-14 20:44 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1EF34483-6948-47F1-B858-96755E0D2AC4} 2016-06-09 18:24 - 2016-06-10 22:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-06-02 19:38 - 2016-06-02 19:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTML-Kit Tools 2016-06-02 19:38 - 2016-06-02 19:38 - 00000000 ____D C:\Program Files (x86)\HTML-Kit 2016-06-02 19:37 - 2016-06-02 19:37 - 00001382 _____ C:\Users\Public\Desktop\HTML-Kit.lnk 2016-06-02 19:37 - 2016-06-02 19:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTML-Kit 2016-06-02 19:37 - 2016-06-02 19:37 - 00000000 ____D C:\Program Files (x86)\Chami 2016-06-02 19:36 - 2016-06-02 19:37 - 02463779 _____ (HTMLKit.com ) C:\Users\tacti_000\Downloads\HKSetup.exe 2016-06-01 16:17 - 2016-06-01 16:17 - 00002113 _____ C:\Users\tacti_000\Desktop\shutdown.lnk 2016-05-30 19:50 - 2016-05-30 19:50 - 00000209 _____ C:\Users\tacti_000\Desktop\How to cook Cube Steak and Brown Gravy with Onions ! = Cooking - YouTube.url 2016-05-30 19:29 - 2016-05-30 19:29 - 00000222 _____ C:\Users\tacti_000\Desktop\pieguy3 - YouTube.url 2016-05-30 19:29 - 2016-05-30 19:29 - 00000192 _____ C:\Users\tacti_000\Desktop\HOW TO MAKE CUBE STEAKS (E-Z MEAL!!) - YouTube.url 2016-05-29 14:41 - 2016-06-12 15:59 - 00000362 _____ C:\WINDOWS\Tasks\HPCeeScheduleFortacti_000.job 2016-05-29 14:41 - 2016-06-12 14:56 - 00003270 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleFortacti_000 2016-05-27 00:17 - 2016-05-27 00:17 - 00024736 _____ C:\Users\tacti_000\Documents\physicians~genpract.pdf 2016-05-27 00:15 - 2016-05-27 00:15 - 00015908 _____ C:\Users\tacti_000\Downloads\ProviderDirectory(3).pdf 2016-05-27 00:14 - 2016-05-27 00:14 - 00020994 _____ C:\Users\tacti_000\Downloads\ProviderDirectory(1).pdf 2016-05-27 00:14 - 2016-05-27 00:14 - 00015875 _____ C:\Users\tacti_000\Downloads\ProviderDirectory(2).pdf 2016-05-26 17:01 - 2016-05-26 17:01 - 00019583 _____ C:\Users\tacti_000\Documents\physicians~Internal Med.pdf 2016-05-26 16:56 - 2016-05-26 16:56 - 00019616 _____ C:\Users\tacti_000\Documents\physicians~psych.pdf 2016-05-26 16:55 - 2016-05-26 16:55 - 00020994 _____ C:\Users\tacti_000\Downloads\ProviderDirectory.pdf 2016-05-25 16:17 - 2016-05-25 16:17 - 00265688 _____ C:\Users\tacti_000\Documents\ep153-slow-blues-lead.pdf 2016-05-24 22:31 - 2016-05-24 22:31 - 00000000 ____D C:\Users\tacti_000\AppData\Local\Deployment 2016-05-24 17:32 - 2016-05-24 17:32 - 00000000 ____D C:\Users\tacti_000\AppData\Local\Logitech® Webcam Software 2016-05-24 17:25 - 2016-05-24 17:25 - 00000000 ____D C:\ProgramData\LogiShrd 2016-05-24 17:24 - 2016-05-24 17:25 - 00000000 ____D C:\Program Files (x86)\Logitech 2016-05-24 17:24 - 2016-05-24 17:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech 2016-05-24 17:23 - 2016-05-24 17:23 - 74520472 _____ (Logitech, Inc.) C:\Users\tacti_000\Downloads\lws280.exe 2016-05-21 13:34 - 2016-05-21 13:34 - 00000000 ____D C:\Users\tacti_000\AppData\Roaming\Hewlett-Packard 2016-05-21 13:29 - 2016-05-24 22:21 - 00000000 ____D C:\ProgramData\Hewlett-Packard 2016-05-21 13:29 - 2016-05-21 13:29 - 00000000 ____D C:\Users\tacti_000\AppData\Roaming\hpqLog 2016-05-21 13:29 - 2016-05-21 13:29 - 00000000 ____D C:\System.sav 2016-05-21 13:29 - 2016-05-21 13:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support 2016-05-21 13:16 - 2016-05-28 13:22 - 00000000 ____D C:\Users\tacti_000\AppData\Roaming\HpUpdate 2016-05-21 13:16 - 2016-05-21 13:16 - 00003760 _____ C:\WINDOWS\System32\Tasks\HPCustParticipation HP Deskjet 1510 series 2016-05-21 13:16 - 2016-05-21 13:16 - 00000000 ____D C:\ProgramData\Visan 2016-05-21 13:16 - 2016-05-21 13:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2016-05-21 13:16 - 2016-05-21 13:16 - 00000000 ____D C:\ProgramData\HP Photo Creations 2016-05-21 13:16 - 2016-05-21 13:16 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations 2016-05-21 13:15 - 2016-05-21 13:16 - 00000000 ____D C:\Program Files (x86)\HP 2016-05-21 13:15 - 2016-05-21 13:15 - 00000057 _____ C:\ProgramData\Ament.ini 2016-05-21 13:15 - 2016-05-21 13:15 - 00000000 ____D C:\Program Files\HP 2016-05-21 13:14 - 2016-05-21 13:16 - 00000000 ____D C:\Users\tacti_000\AppData\Local\HP 2016-05-21 13:13 - 2016-05-29 14:41 - 00000000 ____D C:\Users\tacti_000\AppData\Local\Hewlett-Packard 2016-05-21 13:13 - 2016-05-21 13:14 - 00000000 ____D C:\Users\tacti_000\Downloads\HP Downloads 2016-05-21 13:11 - 2016-05-24 22:21 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard 2016-05-21 13:11 - 2016-05-21 13:29 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard 2016-05-21 13:10 - 2016-05-21 13:10 - 03836976 _____ (Oleg N. Scherbakov) C:\Users\tacti_000\Downloads\HPSupportSolutionsFramework-12.3.11.29.exe 2016-05-18 19:20 - 2016-05-18 19:20 - 00229467 _____ C:\Users\tacti_000\Downloads\statechamp_16.pdf 2016-05-17 11:08 - 2016-05-17 11:08 - 00919146 _____ C:\Users\tacti_000\Documents\matthew.pdf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-06-14 22:31 - 2015-12-26 23:08 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-06-14 22:22 - 2015-11-23 18:22 - 00000298 _____ C:\WINDOWS\Tasks\UpdateTask.job 2016-06-14 22:19 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-06-14 22:18 - 2015-11-21 04:22 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-06-14 22:16 - 2015-11-21 04:22 - 142482544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-06-14 21:53 - 2015-11-23 18:22 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-06-14 18:53 - 2015-11-23 18:22 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-06-14 15:10 - 2015-11-30 23:28 - 00000000 ____D C:\Users\tacti_000\Documents\ChessBase 2016-06-14 12:45 - 2016-04-18 17:57 - 00000000 ____D C:\ProgramData\NVIDIA 2016-06-14 12:45 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF 2016-06-14 12:16 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps 2016-06-14 12:16 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-06-13 22:55 - 2013-11-28 09:04 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery 2016-06-13 22:52 - 2016-04-18 18:12 - 00881036 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-06-13 22:47 - 2016-02-13 08:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-06-13 16:06 - 2015-12-23 23:28 - 00000000 ____D C:\Users\tacti_000\AppData\Local\ElevatedDiagnostics 2016-06-13 15:30 - 2015-11-21 19:45 - 04068352 _____ C:\Users\tacti_000\Documents\master20151120.FBK 2016-06-13 15:30 - 2015-11-21 19:44 - 04068352 _____ C:\Users\tacti_000\Documents\master20151120.FTW 2016-06-12 15:59 - 2016-04-18 18:00 - 00000000 ____D C:\Users\tacti_000 2016-06-11 00:42 - 2015-11-23 18:22 - 00000000 ____D C:\Users\tacti_000\AppData\Local\Google 2016-06-11 00:42 - 2015-11-23 18:22 - 00000000 ____D C:\Program Files (x86)\Google 2016-06-10 22:50 - 2015-12-21 16:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-06-10 22:50 - 2015-10-30 01:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2016-06-05 13:09 - 2016-01-29 20:07 - 00103976 _____ C:\Users\tacti_000\AppData\Local\GDIPFONTCACHEV1.DAT 2016-06-04 20:10 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\NDF 2016-06-03 22:11 - 2015-11-22 14:51 - 00000000 ____D C:\Users\tacti_000\Documents\My Chess Database 2016-06-03 06:26 - 2016-01-08 18:28 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-05-30 11:50 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2016-05-26 14:09 - 2016-04-02 13:57 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-05-24 22:34 - 2015-12-13 03:36 - 00000000 ____D C:\Users\tacti_000\AppData\Roaming\Family Tree Analyzer 2016-05-24 22:21 - 2015-12-22 00:00 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-05-24 21:55 - 2016-04-02 13:58 - 00000000 ____D C:\Users\tacti_000\AppData\Roaming\Skype 2016-05-24 17:25 - 2016-04-18 17:58 - 00000000 ____D C:\Program Files\Common Files\logishrd 2016-05-22 00:34 - 2016-02-13 08:11 - 00379248 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-05-21 13:29 - 2013-11-28 08:55 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-05-21 13:15 - 2015-11-26 15:03 - 00000000 ____D C:\ProgramData\HP ==================== Files in the root of some directories ======= 2015-11-23 19:22 - 2015-11-23 19:22 - 0000046 _____ () C:\Users\tacti_000\AppData\Roaming\WB.CFG 2016-05-21 13:15 - 2016-05-21 13:15 - 0000057 _____ () C:\ProgramData\Ament.ini 2016-04-18 17:57 - 2016-04-18 17:57 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2013-11-28 09:04 - 2013-11-28 09:04 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log 2013-11-28 09:01 - 2013-11-28 09:02 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log 2013-11-28 09:02 - 2013-11-28 09:03 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log 2013-11-28 09:01 - 2013-11-28 09:01 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log 2013-11-28 09:03 - 2013-11-28 09:04 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-06-13 13:45 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2016 Ran by tacti_000 (2016-06-14 22:38:42) Running from C:\Users\tacti_000\Downloads Windows 10 Home Version 1511 (X64) (2016-04-19 01:27:31) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4084636481-732014058-1395683245-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-4084636481-732014058-1395683245-503 - Limited - Disabled) Guest (S-1-5-21-4084636481-732014058-1395683245-501 - Limited - Disabled) tacti_000 (S-1-5-21-4084636481-732014058-1395683245-1001 - Administrator - Enabled) => C:\Users\tacti_000 ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated) Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated) BlitzIn 3.11 (HKLM-x32\...\BlitzIn 3.11) (Version: - Internet Chess Club) CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden Chromium (HKU\S-1-5-21-4084636481-732014058-1395683245-1001\...\Chromium) (Version: 46.0.2480.0 - Chromium) CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.9.2.8 - Dell Inc.) Dell Data Vault (Version: 4.3.8.0 - Dell Inc.) Hidden Dell Digital Delivery (HKLM-x32\...\{98CB551E-EDB1-4535-82A6-E3258597F64E}) (Version: 2.7.1000.0 - Dell Products, LP) Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.) Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6793.01 - Dell) Dell SupportAssistAgent (HKLM-x32\...\{3ED468C2-2235-4747-90AD-A7A34F0FE70A}) (Version: 1.2.2.8 - Dell) Dell Update (HKLM-x32\...\{713A4123-9417-4FF7-AC14-F000D6C0C7AD}) (Version: 0.9.1115.0 - Dell Inc.) Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.) erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden Family Tree Maker 2006 (HKLM-x32\...\{F2F4C144-7D1A-47C4-9D53-395A57B0CD64}) (Version: - ) Fritz 15 64-bit (HKLM\...\{0D98285E-7B98-4637-8114-155705273EDA}) (Version: 15.1.0.0 - ChessBase) FT Analyzer (HKU\S-1-5-21-4084636481-732014058-1395683245-1001\...\9fcd84de4bf45cd5) (Version: 5.1.0.5 - FT Analyzer) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.) Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google) Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden HP Deskjet 1510 series Basic Device Software (HKLM\...\{D17E60E8-478A-4D4A-8147-21D481B5CA55}) (Version: 32.2.188.47710 - Hewlett-Packard Co.) HP Deskjet 1510 series Help (HKLM-x32\...\{2E25FCEB-EFCB-4696-AA01-D3CBAC721831}) (Version: 30.0.0 - Hewlett Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.2.8.25 - HP) HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.4.18.7 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HTML-Kit 292 (HKLM-x32\...\HTMLKit_is1) (Version: 1.0 - HTMLKit.com) HTML-Kit Tools (HKLM-x32\...\HTMLKitTools_is1) (Version: 1.0 - HTML-Kit.com) ICC for Windows 1.0 beta 9.6.25 (HKLM-x32\...\{CFF71C5A-D887-429C-A1F6-FD395C1823E8}_is1) (Version: 1.0 - Internet Chess Club, Inc.) Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.13.1402 - Intel Corporation) Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.40 - Irfan Skiljan) Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6219.1000 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla) MP3 Skype recorder (HKLM-x32\...\{200C029F-CB1B-402B-ACDC-E345DAAC3EB8}) (Version: 4.20.1.0 - Domit LTD) NVIDIA 3D Vision Driver 358.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 358.91 - NVIDIA Corporation) NVIDIA Graphics Driver 358.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.91 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation) NVIDIA PhysX System Software 9.13.0325 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0325 - NVIDIA Corporation) NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation) Product Improvement Study for HP Deskjet 1510 series (HKLM\...\{35DB2630-846E-47C5-AF84-9D6AC3629F55}) (Version: 32.2.188.47710 - Hewlett-Packard Co.) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.218 - Qualcomm Atheros Communications) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation) Skype™ 7.22 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.109 - Skype Technologies S.A.) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) WinTD 4.20 (HKLM-x32\...\{8E7F4B9D-3F93-4E8E-AE26-E4E2A50ABA50}) (Version: 4.2.0 - Estima) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {07DEEDD2-16C9-490B-A73F-2B2190810079} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {0BB9C7CF-D1F2-4DB3-B265-A5DB2B748412} - System32\Tasks\Microsoft\Windows\Setup\UpgradeTriggers\UpgradeReminderTask => C:\Windows\System32\GWX\GWX.exe Task: {0BC9544D-D7BD-4DA3-AE80-09B00D63955E} - System32\Tasks\HPCustParticipation HP Deskjet 1510 series => C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.) Task: {0CC53981-5F86-4CF7-95F5-0579F35669EF} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {0CF28E95-27CE-4114-AD23-40B032129D50} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2016-03-24] (PC-Doctor, Inc.) Task: {0CF9D93D-008D-4065-A3D0-3EB4F0C67A1A} - System32\Tasks\HPCeeScheduleFortacti_000 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-01-22] (Hewlett-Packard) Task: {0FF7BE12-0A74-4485-8A65-E9687F0DA700} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-04-22] (HP Inc.) Task: {1EF54EDD-F1FE-4E90-913B-03D0E251E250} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company) Task: {2F896C0F-E7F7-41C5-84C0-176BEFE21143} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {30EA5090-D1C4-465B-8AEA-FAD8014D2E6A} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-04-22] (Dell Inc.) Task: {42E14AF4-0A78-494D-AA15-26364055CF24} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-05-18] (HP Inc.) Task: {4930CB12-1A35-42E2-8758-2DF182375CD0} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.) Task: {4A1C8436-5E1B-41D7-9F17-E8CAF8428E11} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {5DB6B591-6A05-4462-A74F-D27ACFEFE89C} - System32\Tasks\UpdateTask => C:\Users\TACTI_~1\AppData\Local\{D3C7E~1\UNINST~1.EXE Task: {69366F22-A166-447F-873D-7F13E35F2718} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION Task: {6DD9CC7B-5183-49F8-B845-C894DD8A62BE} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-12-03] (CyberLink Corp.) Task: {6EA1074E-1992-4271-856B-ECCFB880591E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {6EC92539-9787-4411-A15E-22199D436EEF} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-05-18] (HP Inc.) Task: {709FDB0E-12A7-48E9-813B-49F921BBD585} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-23] (Google Inc.) Task: {78C42508-9988-4602-BBE2-756E3559A46C} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-12-03] (CyberLink) Task: {7C54EF69-1F8D-43B7-ABA7-7D80E4F406A2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {82D4BAB0-7437-4713-BACF-2BD10FDD8F74} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {8A588C64-8C1D-4D04-88A3-99B892422494} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-05-04] (Hewlett-Packard) Task: {9AF879BA-F78C-4833-A58E-62CBE2093290} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {A906E757-8A9A-4192-B70C-1730A9887867} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company) Task: {A9ADFEAE-1406-4CB9-915F-921D565C2DE5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-23] (Google Inc.) Task: {B09229B5-E378-41D5-8CA2-611A43F839E5} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe Task: {B1AC362E-9075-40E0-8705-5CDD8459745A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard) Task: {BA67C09E-7E9E-4849-9A2C-CC4E3732B1D1} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {BA6EA267-2DBD-42D5-B987-923814D8794E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {BCD69540-5540-4335-A9B0-B9F3672996DA} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {C64A147E-CF55-4508-9E04-0FE58F89E3D0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {CA517EED-B06D-4ABA-8D27-56A564AD2C82} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-06-14] (Microsoft Corporation) Task: {CC50CD51-AC45-4D2E-9E12-F7E4AA31686C} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-03-24] (PC-Doctor, Inc.) Task: {D722159C-5E2B-49E7-91D0-1647A9D792EC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated) Task: {E8EA0242-3200-4E66-9192-5DB36C452B83} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-12] (Adobe Systems Incorporated) Task: {F0F4AF61-11F5-485D-A5D5-39F3D194DB97} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => c:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation) Task: {F2A3C167-995E-4580-B160-7C9A3A741C48} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => c:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation) Task: {F58E2DE7-2081-448F-8FA6-13F8F81A1045} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\HPCeeScheduleFortacti_000.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\WINDOWS\Tasks\UpdateTask.job => C:\Users\TACTI_~1\AppData\Local\{D3C7E~1\UNINST~1.EXE ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2013-11-28 09:03 - 2012-04-24 21:43 - 00254512 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 2016-04-18 20:50 - 2016-04-18 20:50 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-04-18 20:50 - 2016-04-18 20:50 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-02-13 07:54 - 2016-02-13 07:54 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-05-10 13:52 - 2016-04-22 23:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe 2016-04-18 21:11 - 2016-04-18 21:12 - 03746816 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe 2016-04-18 21:11 - 2016-04-18 21:12 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll 2016-06-03 10:44 - 2016-06-03 10:46 - 00017920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 2016-06-03 10:44 - 2016-06-03 10:46 - 13105152 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 2016-06-03 10:44 - 2016-06-03 10:46 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll 2016-04-18 21:05 - 2016-04-18 21:06 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll 2016-05-10 13:53 - 2016-04-22 23:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-05-10 13:53 - 2016-04-22 22:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-05-10 13:53 - 2016-04-22 22:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-05-10 13:53 - 2016-04-22 23:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll 2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll 2013-11-28 09:02 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2012-06-08 14:34 - 2012-06-08 14:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2013-08-07 17:27 - 2013-08-07 17:27 - 00110088 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll 2013-11-28 08:54 - 2013-07-16 20:39 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll 2016-01-05 12:17 - 2015-12-18 18:52 - 01607920 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll 2013-11-28 09:06 - 2012-11-26 02:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll 2016-01-05 12:17 - 2014-02-18 15:12 - 00117568 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4084636481-732014058-1395683245-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Dell\Win LTBLUE 1920x1200.jpg DNS Servers: 64.233.219.99 - 64.233.206.99 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "IAStorIcon" HKLM\...\StartupApproved\Run32: => "GrooveMonitor" HKLM\...\StartupApproved\Run32: => "RemoteControl10" HKU\S-1-5-21-4084636481-732014058-1395683245-1001\...\StartupApproved\StartupFolder: => "Logitech . Product Registration.lnk" HKU\S-1-5-21-4084636481-732014058-1395683245-1001\...\StartupApproved\Run: => "MP3 Skype recorder" HKU\S-1-5-21-4084636481-732014058-1395683245-1001\...\StartupApproved\Run: => "OneDrive" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [uDP Query User{F4B291F4-0F58-49D2-891B-624EC6422ED5}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{1D48813A-4609-48E0-A6DF-A4F9903FCF8B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{9A3F8FC8-B370-45F6-A374-9434457842AE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{ABE0AC04-A450-4FE5-8185-9D4D0AF27B4C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{AF24421F-D254-4FA8-8D9C-AE8CCA80E175}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE FirewallRules: [{A28FF453-E1F0-4638-86D4-AA250CAE430D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe FirewallRules: [{F3E662DB-681E-46AC-A9A9-714FB6D71E44}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE FirewallRules: [{02B32D95-B51A-4EBC-9F9F-455457C4CB2E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{D9F73E07-3D33-444B-861A-850ED26B370A}] => (Allow) LPort=2869 FirewallRules: [{51B1F39A-324B-49EC-8F7F-8F30DE725F1A}] => (Allow) LPort=1900 FirewallRules: [{31C755F3-231A-4743-80EE-F4DC4CE1D270}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{C916CF1A-447B-44B4-900B-EF32BF6ADA29}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{3293FA12-0732-482A-9933-02CB9FD78633}] => (Allow) C:\Users\tacti_000\AppData\Local\Chromium\Application\chrome.exe FirewallRules: [{6619302C-429A-4D5D-8488-F1DD6B502CAF}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\USBSetup.exe FirewallRules: [{6A555807-C02A-4E9A-9294-972FEE83A905}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{E7338802-F40B-477A-9C0D-7A2B328DA29F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 24-05-2016 16:20:59 Scheduled Checkpoint 02-06-2016 14:00:06 Scheduled Checkpoint 08-06-2016 00:34:18 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 14-06-2016 22:16:20 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/14/2016 10:16:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (06/14/2016 06:27:32 AM) (Source: HP Active Health) (EventID: 1100) (User: ) Description: Agent DiskPhysical threw an exception: System.NullReferenceException: Object reference not set to an instance of an object. at HP.ActiveHealth.Agents.DiskPhysical.DiskPhysicalAgent.CollectNewDataClasses(FileInfo agentStateFile, IDataClassCollector dataClassColector) at HP.ActiveHealth.API.DataGeneration.AgentRunner.QueryAgentDelegate(Object agentObj) Error: (06/14/2016 06:27:32 AM) (Source: HP Active Health) (EventID: 401) (User: ) Description: SmartDrive executable didn't pass digital signature validation. Execution aborted: [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\Executable Agent Data\_Shared\DiskCheck\ETD_GetSMART.exe] Error: (06/14/2016 06:27:32 AM) (Source: HP Active Health) (EventID: 1101) (User: ) Description: DiskPhysical executable didn't pass digital signature validation. Execution aborted: [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\Executable Agent Data\_Shared\DiskCheck\ETD_GetSMART.exe] Error: (06/14/2016 01:09:08 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IEXPLORE.EXE, version: 11.0.10586.20, time stamp: 0x56541caa Faulting module name: KERNELBASE.dll, version: 10.0.10586.306, time stamp: 0x571afb9a Exception code: 0xe06d7363 Fault offset: 0x000bdae8 Faulting process id: 0x1a70 Faulting application start time: 0xIEXPLORE.EXE0 Fault
  5. I ran the sfc, and followed the directions in the 1st link above. I'm not having the original issue now, but this could be a virus or something. I've been getting a lot of low on memory errors. I have changed my user group to allow me to login without using a password on restart, but every time the computer restarts after a low on memory error, I have to use the password. Can we see if we have any malware or viruses on here? Thanks.
  6. Hello all, While surfing the web, I'll get a blue (or black, can't really tell) screen, and the computer will restart, and the following message comes along: SESSION_HAS_VALID_VIEWS_ON_EXITI'm getting constant script errors, messages to check certificates, etc. And sometimes the computer just auto restarts on its own without any messages. This is all new to this computer. Please help as I'm not being able to use this machine very well anymore. I'm running Windows 8.1 IE 11 Thanks
  7. That link won't allow it either. Yes, the OD starts but then hangs up. I've tried both FF and IE, both running as Admin.
  8. OK, Juliet has helped me clear some malware over in Viruses, Spyware, Adware → and we think maybe you guys can help me here. As above, in my 1st post, I'm not able to run a Pit Test in either IE or FF.
  9. I removed AdAware, but I didn't see the Ad-Aware Security Toolbar. I did this in Add/Remove Programs, I guess that was the correct place in Control Panel (I HATE Windows 8). I did reset both browsers. I believe Hitman may have deleted the Cookies, but I didn't. I know how, I just didn't after I seen that I had to relog in with password everywhere. I guess the computer is running better, and I haven't seen a spam Ad, but I'm still unable to hit the Pit. Earlier you said "You had a high amount of bad extensions for Firefox/Chrome/ and IE" What are those, and did they get fixed?
  10. Well, there were no logs from ESET, but nothing was found. I get popup windows from Windows 8 Driver Optimizer, and I'm sure it's a scam because I never ask for it. Browsing with IE seems a bit better than with FF, which is my main browser. I am still unable to test at the Pit.
  11. How do I disable my virus and malware protections? I'm not sure if I have any other than a free McAfee tool. Meanwhile, here's the FixLog: Fix result of Farbar Recovery Scan Tool (x64) Version:10-09-2015 Ran by Terry (2015-09-10 13:04:22) Run:1 Running from C:\Users\Terry\Desktop Loaded Profiles: Terry (Available Profiles: Terry & tacti_000) Boot Mode: Normal ============================================== fixlist content: ***************** start CreateRestorePoint: CloseProcesses: AlternateDataStreams: C:\Users\tacti_000\SkyDrive:ms-properties AlternateDataStreams: C:\Users\Terry\OneDrive:ms-properties HKLM\...\Run: [] => [X] Internet Explorer: HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4084636481-732014058-1395683245-1001 -> {CDFEB210-C27F-4F71-8829-7BE6BC33E083} URL = C:\Users\Terry\AppData\Local\Temp\Quarantine.exe C:\Users\Terry\AppData\Local\Temp\sqlite3.dll C:\Users\Terry\AppData\Local\Temp\vlc-2.1.5-win32.exe EmptyTemp: End ***************** Restore point was successfully created. Processes closed successfully. "C:\Users\tacti_000\SkyDrive" => ":ms-properties" ADS not found. "C:\Users\Terry\OneDrive" => ":ms-properties" ADS not found. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully HKU\Internet Explorer: .DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully "HKU\S-1-5-21-4084636481-732014058-1395683245-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CDFEB210-C27F-4F71-8829-7BE6BC33E083}" => key removed successfully HKCR\CLSID\{CDFEB210-C27F-4F71-8829-7BE6BC33E083} => key not found. C:\Users\Terry\AppData\Local\Temp\Quarantine.exe => moved successfully C:\Users\Terry\AppData\Local\Temp\sqlite3.dll => moved successfully C:\Users\Terry\AppData\Local\Temp\vlc-2.1.5-win32.exe => moved successfully EmptyTemp: => 1.3 GB temporary data Removed. The system needed a reboot.. ==== End of Fixlog 13:05:33 ====
  12. Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-09-2015 Ran by Terry (2015-09-09 20:18:10) Running from C:\Users\Terry\Desktop Windows 8.1 (X64) (2014-02-13 07:18:05) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4084636481-732014058-1395683245-500 - Administrator - Disabled) Guest (S-1-5-21-4084636481-732014058-1395683245-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-4084636481-732014058-1395683245-1007 - Limited - Enabled) tacti_000 (S-1-5-21-4084636481-732014058-1395683245-1004 - Administrator - Enabled) => C:\Users\tacti_000 Terry (S-1-5-21-4084636481-732014058-1395683245-1001 - Administrator - Enabled) => C:\Users\Terry UpdatusUser (S-1-5-21-4084636481-732014058-1395683245-1005 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Ad-Aware Antivirus (Enabled - Up to date) {B0CC18C6-E527-6EE6-874C-9D19920E5619} AS: Ad-Aware Antivirus (Enabled - Up to date) {0BADF922-C31D-6168-BDFC-A66BE9891CA4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Ad-Aware Firewall (Disabled) {88F799E3-AF48-6FBE-AC13-342C6CDD1162} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4500_G510gm_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden 4500G510gm (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden 4500G510gm_Software_Min (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden Ad-Aware Antivirus (HKLM\...\{18A24EC3-2BA0-4438-AA5C-A3CF81194D22}_AdAwareUpdater) (Version: 11.8.586.8535 - Lavasoft) AdAwareInstaller (Version: 11.8.586.8535 - Lavasoft) Hidden AdAwareUpdater (Version: 11.8.586.8535 - Lavasoft) Hidden Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated) Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated) AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden BabasChess (HKLM-x32\...\{93CF9FA6-2A5E-4F8E-923E-F7D8741CB312}) (Version: 3.9.12275 - RRaf) BlitzIn 3.0 (HKLM-x32\...\BlitzIn 3.0) (Version: - Internet Chess Club) BlitzIn 3.10 (HKLM-x32\...\BlitzIn 3.10) (Version: - Internet Chess Club) BlitzIn 3.11 (HKLM-x32\...\BlitzIn 3.11) (Version: - Internet Chess Club) BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dasher (HKLM-x32\...\Dasher) (Version: - Internet Chess Club) Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.) Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.) Dell Customer Connect (HKLM-x32\...\{FEFDCDCF-C49C-45D0-AAF8-5345858ADEC7}) (Version: 1.2.1.0 - Dell Inc.) Dell Data Vault (Version: 4.3.4.0 - Dell Inc.) Hidden Dell Digital Delivery (HKLM-x32\...\{03A9F528-A754-460F-B2C1-AC125A147114}) (Version: 2.8.5000.0 - Dell Products, LP) Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell) Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.0.47 - Dell) Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.) Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.) Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Family Tree Maker 2006 (HKLM-x32\...\{F2F4C144-7D1A-47C4-9D53-395A57B0CD64}) (Version: - ) Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden Fritz8 (HKLM-x32\...\{0830FBE8-A848-4A37-BF62-D89CB3EF0F60}) (Version: - ) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro) HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP) HP Deskjet 1510 series Basic Device Software (HKLM\...\{D17E60E8-478A-4D4A-8147-21D481B5CA55}) (Version: 32.2.188.47710 - Hewlett-Packard Co.) HP Deskjet 1510 series Help (HKLM-x32\...\{2E25FCEB-EFCB-4696-AA01-D3CBAC721831}) (Version: 30.0.0 - Hewlett Packard) HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP Officejet 4500 G510g-m 14.0 Rel. 6 (HKLM\...\{C55BF64E-60E1-494C-B1EB-97A008141A55}) (Version: 14.0 - HP) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) HP Support Solutions Framework (HKLM-x32\...\{D2F04839-0AD0-4F06-A6B5-6DFF05E27B67}) (Version: 11.50.0019 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden HTML-Kit 292 (HKLM-x32\...\HTMLKit_is1) (Version: 1.0 - HTMLKit.com) ICC for Windows 1.0 beta 9.6.4 (HKLM-x32\...\{CFF71C5A-D887-429C-A1F6-FD395C1823E8}_is1) (Version: 1.0 - Internet Chess Club, Inc.) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.13.1402 - Intel Corporation) Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation) Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan) Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7230) - Logitech Inc..) Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.) Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla) Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden NVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation) NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation) NVIDIA PhysX System Software 9.13.0325 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0325 - NVIDIA Corporation) OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.218 - Qualcomm Atheros Communications) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6909 - Realtek Semiconductor Corp.) Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden Scid 4.5.2 (HKU\S-1-5-21-4084636481-732014058-1395683245-1001\...\Scid_is1) (Version: 4.5.2 - The Scid project) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.10.2 - Tweaking.com) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) WinTD 4.20 (HKLM-x32\...\{8E7F4B9D-3F93-4E8E-AE26-E4E2A50ABA50}) (Version: 4.2.0 - Estima) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 19-08-2015 06:18:38 Windows Update 26-08-2015 07:23:34 Scheduled Checkpoint 03-09-2015 14:24:22 AA11 07-09-2015 21:32:36 JRT Pre-Junkware Removal ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 08:25 - 2014-11-22 01:45 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1E505ABF-A94C-4A8F-8C11-DFA272CAB6AC} - System32\Tasks\{CB9B889B-D384-4485-9FC2-8F0E081C7B2B} => pcalua.exe -a D:\Setup\Setup.exe -d D:\Setup Task: {377CDA81-90B1-4745-B859-A6D2AA3525E1} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {66E3F6D1-830C-487E-94EE-EE067397BFED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {6E84D13E-644D-40D7-A690-0EE69CD13945} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-06-11] (Dell Inc.) Task: {6FFFAD23-DF49-4A5D-8BA8-5CB5BD12006C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {7B7CD299-5D69-4194-9A90-51CECFEB4340} - System32\Tasks\HP AR Program Upload - a89c880fc2ee41ceb0773925ee9ca50c49d8762af806478e9858678a98c4bf2f => C:\Program Files\HP\HP Deskjet 1510 series\bin\HPRewards.exe [2014-03-06] (TODO: <Company name>) Task: {A25A4403-5B4B-43C1-AEA6-050AC44C75B7} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser Task: {A6A10F8B-B250-4639-B71A-1FD90A2AA00E} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.) Task: {AB77367E-74D1-4E6B-8513-94B5C6762D49} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] () Task: {B9DC0E8F-3F7E-43DA-A863-1C60D3544F71} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-15] (Adobe Systems Incorporated) Task: {C63FB1EF-B377-4FC4-BCEB-93AC17F18C5F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated) Task: {F31FCAA1-C0C9-44CA-AAF0-D8989743FC20} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation) Task: {F6D6825C-FCC4-422D-ACDE-B50ECE89D9BA} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => c:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] () (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2013-11-28 09:06 - 2013-04-19 18:51 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll 2013-11-28 09:06 - 2013-04-19 18:52 - 00049440 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\STCommonShellIntegration.dll 2013-11-28 09:06 - 2013-04-19 18:51 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll 2013-11-28 09:06 - 2013-04-19 18:51 - 00034080 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll 2015-08-27 15:57 - 2015-08-27 15:57 - 02794744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareShellExtension.dll 2015-08-27 15:57 - 2015-08-27 15:57 - 03549904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\RCF.dll 2015-08-27 15:57 - 2015-08-27 15:57 - 00123656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_filesystem-vc120-mt-1_57.dll 2015-08-27 15:57 - 2015-08-27 15:57 - 00025856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_system-vc120-mt-1_57.dll 2014-02-13 02:04 - 2013-10-23 03:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2013-11-28 08:54 - 2013-07-16 20:39 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll 2014-02-13 19:17 - 2005-07-31 13:00 - 00017920 _____ () C:\Program Files (x86)\Family Tree Maker 2006\IMPLODE.DLL 2014-02-13 19:17 - 2005-07-31 13:00 - 00237568 _____ () C:\Program Files (x86)\Family Tree Maker 2006\FtwWrp32.dll 2014-02-13 19:17 - 2005-07-31 13:00 - 01048576 _____ () C:\Program Files (x86)\Family Tree Maker 2006\ftwmfc.dll 2014-02-13 19:17 - 2005-07-31 13:00 - 00057344 _____ () C:\Program Files (x86)\Family Tree Maker 2006\iebrowser.dll 2014-02-13 19:17 - 2005-07-31 13:00 - 00286720 _____ () C:\Program Files (x86)\Family Tree Maker 2006\KinRes.dll 2014-02-13 19:17 - 2005-07-31 13:00 - 00106496 _____ () C:\Program Files (x86)\Family Tree Maker 2006\Imaging.dll 2014-02-13 19:17 - 2005-07-31 13:00 - 00184320 _____ () C:\Program Files (x86)\Family Tree Maker 2006\TextEditor.dll 2014-02-13 19:17 - 2005-07-31 13:00 - 00385024 _____ () C:\Program Files (x86)\Family Tree Maker 2006\pg30.dll 2014-02-13 19:17 - 2005-07-31 13:00 - 00074240 _____ () C:\Program Files (x86)\Family Tree Maker 2006\infolink.dll 2014-02-13 19:17 - 2005-07-31 13:00 - 00053248 _____ () C:\Program Files (x86)\Family Tree Maker 2006\FtwTlbr.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\tacti_000\SkyDrive:ms-properties AlternateDataStreams: C:\Users\Terry\OneDrive:ms-properties ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4084636481-732014058-1395683245-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Dell\Win Chrome 1920x1200.jpg DNS Servers: 64.233.219.99 - 64.233.206.99 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk" HKLM\...\StartupApproved\Run: => "BtPreLoad" HKLM\...\StartupApproved\Run: => "IAStorIcon" HKLM\...\StartupApproved\Run32: => "GrooveMonitor" HKLM\...\StartupApproved\Run32: => "RemoteControl10" HKLM\...\StartupApproved\Run32: => "LWS" HKU\S-1-5-21-4084636481-732014058-1395683245-1001\...\StartupApproved\StartupFolder: => "Logitech . Product Registration.lnk" HKU\S-1-5-21-4084636481-732014058-1395683245-1001\...\StartupApproved\Run: => "swg" HKU\S-1-5-21-4084636481-732014058-1395683245-1001\...\StartupApproved\Run: => "SUPERAntiSpyware" HKU\S-1-5-21-4084636481-732014058-1395683245-1001\...\StartupApproved\Run: => "Logitech Vid" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{C916CF1A-447B-44B4-900B-EF32BF6ADA29}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{31C755F3-231A-4743-80EE-F4DC4CE1D270}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{51B1F39A-324B-49EC-8F7F-8F30DE725F1A}] => (Allow) LPort=1900 FirewallRules: [{D9F73E07-3D33-444B-861A-850ED26B370A}] => (Allow) LPort=2869 FirewallRules: [{02B32D95-B51A-4EBC-9F9F-455457C4CB2E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [TCP Query User{CC062FC1-FEB4-48DA-8ED7-481888BA118C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [uDP Query User{F0E19BFE-329B-474C-8BB1-D72DC22B666D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{0537AAB9-767A-4901-B598-670223C88E30}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe FirewallRules: [{A3932F1C-4F33-46BF-96D9-EAF66529AD71}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe FirewallRules: [{807BF75E-54A8-4825-B001-9A90F72F3DCB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe FirewallRules: [{2CA284F5-D70E-4842-B6CC-6674495AFE93}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe FirewallRules: [{80346F73-6544-44D4-85D0-9EEDF4BF05D5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe FirewallRules: [{97D066E7-50CB-42D8-8182-C4CAB5B6D732}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe FirewallRules: [{C4FBDB8C-EA45-4568-80A1-6FFF65E5BBF5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe FirewallRules: [{04F53C98-23F6-4F3A-BF83-15E6385BD278}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe FirewallRules: [{8356E528-913A-41B5-B2A2-ED4E949975CB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe FirewallRules: [{4A4037CA-10DF-473B-B55C-FE444097B4BC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe FirewallRules: [{8D367167-EE4F-40DB-BEC2-5FEB08EA8F92}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe FirewallRules: [{256ADA69-A6ED-4BAB-9EE9-7B07F971CB12}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe FirewallRules: [{C78664B9-C67F-47D2-98D2-5135AAC0A069}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe FirewallRules: [{1B1C5435-1BF5-4B1D-996B-0335D5729B4A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe FirewallRules: [{9F6FF33F-8DD5-4D5C-AC16-C8C4D75C6BAC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe FirewallRules: [{24977F1D-F4BE-449B-8294-2DDEF55E7F42}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe FirewallRules: [{3C8A59B8-A991-4379-9827-E41365B31AFF}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe FirewallRules: [sPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe FirewallRules: [sPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe FirewallRules: [{6EFB6BC1-772F-4AC6-BFA6-D666F8F14064}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{15A4B814-1671-48D8-A76E-39A4C78E8B77}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{39C53E2E-1C59-43F9-9CA0-3E9118E64060}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe FirewallRules: [uDP Query User{A90154D3-71C0-4D6F-84A8-4CB3EAE68304}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe FirewallRules: [{740994E3-D123-4761-919A-35DEEA72BCE3}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\USBSetup.exe FirewallRules: [{BF94E17E-3F31-49CC-B987-065C8A57C21D}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{40F3B7E0-8AE2-4CBE-9402-9A7801F81910}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe FirewallRules: [{F2968D75-D5F0-48D2-89AD-5D95AF5C68A5}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/07/2015 09:08:29 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program firefox.exe version 40.0.3.5716 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 14e0 Start Time: 01d0e9d1ce4ae11b Termination Time: 4294967295 Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Report Id: 7e68c0f3-55ce-11e5-bebf-34238711e4ce Faulting package full name: Faulting package-relative application ID: Error: (09/07/2015 09:08:29 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 40.0.3.5716, time stamp: 0x55ddb213 Faulting module name: mozglue.dll, version: 40.0.3.5716, time stamp: 0x55dda062 Exception code: 0x80000003 Fault offset: 0x0000e250 Faulting process id: 0x1ac8 Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Faulting package full name: plugin-container.exe4 Faulting package-relative application ID: plugin-container.exe5 Error: (09/07/2015 02:02:45 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: wintd32.exe, version: 0.0.0.0, time stamp: 0x5481fe4b Faulting module name: wintd32.exe, version: 0.0.0.0, time stamp: 0x5481fe4b Exception code: 0xc0000005 Fault offset: 0x00072cb3 Faulting process id: 0x1620 Faulting application start time: 0xwintd32.exe0 Faulting application path: wintd32.exe1 Faulting module path: wintd32.exe2 Report Id: wintd32.exe3 Faulting package full name: wintd32.exe4 Faulting package-relative application ID: wintd32.exe5 Error: (09/07/2015 01:57:37 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: wintd32.exe, version: 0.0.0.0, time stamp: 0x5481fe4b Faulting module name: wintd32.exe, version: 0.0.0.0, time stamp: 0x5481fe4b Exception code: 0xc0000005 Fault offset: 0x00072cb3 Faulting process id: 0x12e0 Faulting application start time: 0xwintd32.exe0 Faulting application path: wintd32.exe1 Faulting module path: wintd32.exe2 Report Id: wintd32.exe3 Faulting package full name: wintd32.exe4 Faulting package-relative application ID: wintd32.exe5 Error: (08/28/2015 11:40:54 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY) Description: There was an error with the Windows Location Provider database Error: (08/25/2015 02:05:14 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: rundll32.exe_winethc.dll, version: 6.3.9600.17415, time stamp: 0x54504eb8 Faulting module name: USER32.dll, version: 6.3.9600.17936, time stamp: 0x55a68e0c Exception code: 0xc0000142 Fault offset: 0x00000000000ec4e0 Faulting process id: 0x2034 Faulting application start time: 0xrundll32.exe_winethc.dll0 Faulting application path: rundll32.exe_winethc.dll1 Faulting module path: rundll32.exe_winethc.dll2 Report Id: rundll32.exe_winethc.dll3 Faulting package full name: rundll32.exe_winethc.dll4 Faulting package-relative application ID: rundll32.exe_winethc.dll5 Error: (08/17/2015 10:09:37 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program HTMLKit.exe version 1.0.0.292 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1d64 Start Time: 01d0d9631b2f8eee Termination Time: 15 Application Path: C:\Program Files (x86)\Chami\HTML-Kit\Bin\HTMLKit.exe Report Id: 8d422cc8-4556-11e5-bebc-34238711e4ce Faulting package full name: Faulting package-relative application ID: Error: (08/10/2015 10:11:57 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17840, time stamp: 0x555fe1bb Faulting module name: Flash.ocx, version: 18.0.0.209, time stamp: 0x55a1f0b1 Exception code: 0xc0000005 Fault offset: 0x000edbcf Faulting process id: 0x2a5c Faulting application start time: 0xIEXPLORE.EXE0 Faulting application path: IEXPLORE.EXE1 Faulting module path: IEXPLORE.EXE2 Report Id: IEXPLORE.EXE3 Faulting package full name: IEXPLORE.EXE4 Faulting package-relative application ID: IEXPLORE.EXE5 Error: (08/08/2015 12:07:07 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY) Description: There was an error with the Windows Location Provider database Error: (07/17/2015 09:46:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17840, time stamp: 0x555fe1bb Faulting module name: Flash.ocx, version: 18.0.0.209, time stamp: 0x55a1f0b1 Exception code: 0xc0000005 Fault offset: 0x0034716f Faulting process id: 0x5d0 Faulting application start time: 0xIEXPLORE.EXE0 Faulting application path: IEXPLORE.EXE1 Faulting module path: IEXPLORE.EXE2 Report Id: IEXPLORE.EXE3 Faulting package full name: IEXPLORE.EXE4 Faulting package-relative application ID: IEXPLORE.EXE5 System errors: ============= Error: (09/09/2015 03:43:33 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home. Error: (09/08/2015 08:18:16 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home. Error: (09/07/2015 09:41:29 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home. Error: (09/07/2015 09:33:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The WMI Performance Adapter service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (09/07/2015 09:33:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Dell Data Vault service terminated unexpectedly. It has done this 1 time(s). Error: (09/07/2015 09:33:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s). Error: (09/07/2015 09:33:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel® ME Service service terminated unexpectedly. It has done this 1 time(s). Error: (09/07/2015 09:33:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel® Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s). Error: (09/07/2015 09:33:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Dell Update Service service terminated unexpectedly. It has done this 1 time(s). Error: (09/07/2015 09:33:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Dell Data Vault Wizard service terminated unexpectedly. It has done this 1 time(s). Microsoft Office: ========================= CodeIntegrity: =================================== Date: 2015-09-03 06:48:24.620 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-03 06:48:24.511 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-03 06:48:24.386 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-03 06:48:19.807 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-03 06:48:19.698 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-02 05:42:13.962 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-02 05:42:13.852 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-02 05:42:13.727 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-02 05:42:08.899 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-02 05:42:08.790 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel® Core i7-4770 CPU @ 3.40GHz Percentage of memory in use: 22% Total physical RAM: 8143.21 MB Available physical RAM: 6316.64 MB Total Virtual: 9423.21 MB Available Virtual: 7695.63 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:917.41 GB) (Free:853.85 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 9D724E75) Partition: GPT. ==================== End of Addition.txt ============================ Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-09-2015 Ran by Terry (administrator) on KITCHEN (09-09-2015 20:17:46) Running from C:\Users\Terry\Desktop Loaded Profiles: Terry (Available Profiles: Terry & tacti_000) Platform: Windows 8.1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (MyFamily.com, Inc.) C:\Program Files (x86)\Family Tree Maker 2006\Ftw.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188040 2013-05-10] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1307720 2013-04-24] (Realtek Semiconductor) HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation) HKLM\...\Run: [btPreLoad] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtPreLoad.exe [64640 2012-12-28] () HKLM\...\Run: [] => [X] HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTray.exe [9558752 2015-08-27] () HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.) HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [129664 2012-12-28] (Qualcomm Atheros Commnucations) HKU\S-1-5-21-4084636481-732014058-1395683245-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-02-12] (Google Inc.) HKU\S-1-5-21-4084636481-732014058-1395683245-1001\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe [5904896 2010-08-27] (Logitech Inc.) ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-07-01] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2015-09-03] ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech) Startup: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1510 series.lnk [2015-05-14] ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1510 series.lnk -> C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 64.233.219.99 64.233.206.99 Tcpip\..\Interfaces\{7FFD6809-9AE7-459F-9381-1C35B70D7DAF}: [DhcpNameServer] 64.233.219.99 64.233.206.99 Internet Explorer: ================== HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-4084636481-732014058-1395683245-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/ HKU\S-1-5-21-4084636481-732014058-1395683245-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4084636481-732014058-1395683245-1001 -> {CDFEB210-C27F-4F71-8829-7BE6BC33E083} URL = BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2012-12-28] (Qualcomm Atheros Commnucations) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-14] (Google Inc.) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-14] (Google Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-14] (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-14] (Google Inc.) Toolbar: HKU\S-1-5-21-4084636481-732014058-1395683245-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-14] (Google Inc.) DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB FireFox: ======== FF ProfilePath: C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\gcmhupl0.default-1414872201493 FF DefaultSearchEngine: Google FF DefaultSearchEngine.US: Google FF Homepage: hxxps://www.yahoo.com/ FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-15] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-15] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-07-16] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-07-16] (Intel Corporation) FF Plugin-x32: @meadco.com/neptune plugin,version=2.0.0.29 -> C:\PROGRA~2\MEADCO~1\npmeadax.dll [2007-09-05] (MeadCo Corp.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-10-23] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-10-23] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\gcmhupl0.default-1414872201493\searchplugins\mozilla-support.xml [2015-09-02] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [226944 2012-12-28] (Qualcomm Atheros Commnucations) [File not signed] S2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe [145288 2015-04-09] (Dell Inc.) S2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2573520 2015-05-22] (Dell Inc.) S2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-05-22] (Dell Inc.) S2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.) R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed] S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-05-21] (Hewlett-Packard Company) S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation) R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed] S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation) S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-07-16] (Intel Corporation) S3 iumsvc; c:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] () S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-07-16] (Intel Corporation) S2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareService.exe [712432 2015-08-27] () S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [224840 2013-05-10] (Realtek Semiconductor) S2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) S2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros) [File not signed] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-28] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation) R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation) S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider) S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.98.0\gzflt.sys [155912 2015-01-22] (BitDefender LLC) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-03] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation) S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-01-22] (BitDefender S.R.L.) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-09 20:17 - 2015-09-09 20:18 - 00014672 _____ C:\Users\Terry\Desktop\FRST.txt 2015-09-09 20:17 - 2015-09-09 20:17 - 00000000 ____D C:\FRST 2015-09-09 20:15 - 2015-09-09 20:15 - 02190336 _____ (Farbar) C:\Users\Terry\Desktop\FRST64.exe 2015-09-09 03:47 - 2015-07-30 12:18 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll 2015-09-09 03:47 - 2015-07-30 11:22 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll 2015-09-09 03:47 - 2015-06-27 06:47 - 00118616 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe 2015-09-09 03:44 - 2015-08-03 16:15 - 00074928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll 2015-09-09 03:44 - 2015-08-03 16:15 - 00065600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll 2015-09-09 03:44 - 2015-08-01 09:22 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll 2015-09-09 03:44 - 2015-07-13 22:27 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsync.exe 2015-09-09 03:44 - 2015-07-13 14:10 - 00411455 _____ C:\WINDOWS\system32\ApnDatabase.xml 2015-09-08 12:42 - 2015-09-08 12:42 - 00003484 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask 2015-09-07 21:34 - 2015-09-07 21:34 - 00000871 _____ C:\Users\Terry\Desktop\JRT.txt 2015-09-07 21:32 - 2015-09-07 21:32 - 01799392 _____ (Malwarebytes Corporation) C:\Users\Terry\Downloads\JRT (1).exe 2015-09-07 21:29 - 2015-09-07 21:29 - 00000854 _____ C:\Users\Terry\Desktop\AdwCleaner[C6].txt 2015-09-07 21:29 - 2015-09-07 21:29 - 00000000 ___RD C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2015-09-07 21:25 - 2015-09-07 21:25 - 01654784 _____ C:\Users\Terry\Downloads\AdwCleaner (1).exe 2015-09-07 21:21 - 2015-09-07 21:21 - 01654784 _____ C:\Users\Terry\Downloads\AdwCleaner.exe 2015-09-03 20:15 - 2015-09-03 20:19 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Terry\Downloads\mbam-setup-2.1.8.1057(1).exe 2015-09-03 14:28 - 2015-09-03 14:28 - 00000000 ____D C:\Users\Terry\AppData\Roaming\Lavasoft 2015-09-03 14:26 - 2015-09-07 21:28 - 00002347 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk 2015-09-03 14:26 - 2015-09-03 14:26 - 00000000 ____D C:\Users\Terry\AppData\Roaming\LavasoftStatistics 2015-09-03 14:26 - 2015-09-03 14:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2015-09-03 14:26 - 2015-09-03 14:26 - 00000000 ____D C:\Program Files\Lavasoft 2015-09-03 14:24 - 2015-09-03 14:24 - 02012464 _____ C:\Users\Terry\Downloads\Adaware_Installer.exe 2015-09-03 14:24 - 2015-09-03 14:24 - 00000000 ____D C:\ProgramData\Lavasoft 2015-09-03 14:24 - 2015-09-03 14:24 - 00000000 ____D C:\Program Files\Common Files\Lavasoft 2015-09-03 14:21 - 2015-09-03 14:21 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Terry\Downloads\mbam-setup-2.1.8.1057.exe 2015-08-31 19:47 - 2015-08-31 19:47 - 00000000 ____D C:\Users\Terry\AppData\Local\Logitech® Webcam Software 2015-08-31 19:45 - 2015-08-31 19:45 - 00000000 ____D C:\ProgramData\LogiShrd 2015-08-31 19:44 - 2015-08-31 19:45 - 00004341 _____ C:\WINDOWS\LDPINST.LOG 2015-08-31 19:44 - 2015-08-31 19:44 - 00001658 _____ C:\Users\Public\Desktop\Logitech Webcam Software .lnk 2015-08-31 19:43 - 2015-08-31 19:44 - 74520472 _____ (Logitech, Inc.) C:\Users\Terry\Downloads\lws280.exe 2015-08-31 19:40 - 2015-08-31 19:40 - 15058768 _____ (Logitech Inc.) C:\Users\Terry\Downloads\LogitechVidSetup(1).exe 2015-08-31 19:38 - 2015-08-31 19:45 - 00000000 ____D C:\Program Files (x86)\Logitech 2015-08-31 19:38 - 2015-08-31 19:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech 2015-08-31 19:38 - 2015-08-31 19:40 - 00002023 _____ C:\Users\Public\Desktop\Logitech Vid HD.lnk 2015-08-31 19:38 - 2015-08-31 19:38 - 00000000 ____D C:\Users\Terry\Documents\SightSpeed Recordings 2015-08-31 19:38 - 2015-08-31 19:38 - 00000000 ____D C:\Users\Terry\AppData\Local\LogiShrd 2015-08-31 19:37 - 2015-08-31 19:37 - 15058768 _____ (Logitech Inc.) C:\Users\Terry\Downloads\LogitechVidSetup.exe 2015-08-28 23:57 - 2015-08-28 23:57 - 00000000 ____D C:\Program Files (x86)\Dell Update 2015-08-27 14:56 - 2015-08-28 23:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-08-23 13:24 - 2015-08-23 13:24 - 00515138 _____ C:\Users\Terry\Documents\master20150823.FBC 2015-08-19 06:19 - 2015-08-10 20:20 - 25191936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-08-19 06:19 - 2015-08-10 19:20 - 19871232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-08-17 21:41 - 2015-08-17 21:42 - 00042496 ___SH C:\Users\Terry\Downloads\Thumbs.db 2015-08-15 21:23 - 2015-08-15 21:23 - 18744520 _____ (Adobe Systems Incorporated) C:\Users\Terry\Downloads\install_flash_player.exe 2015-08-15 21:21 - 2015-08-15 21:21 - 18744520 _____ (Adobe Systems Incorporated) C:\Users\Terry\Downloads\install_flash_player_18_plugin.exe 2015-08-12 19:23 - 2015-08-12 19:42 - 00000375 _____ C:\Users\Terry\Documents\style~css.css 2015-08-12 19:19 - 2015-08-12 19:19 - 00000072 _____ C:\Users\Terry\Documents\style~css.txt 2015-08-12 19:13 - 2015-08-12 19:24 - 00000259 _____ C:\Users\Terry\Documents\index~cssclass.htm 2015-08-12 15:40 - 2015-08-12 15:40 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\2EB826DF.sys 2015-08-12 14:30 - 2015-07-30 09:04 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2015-08-12 14:30 - 2015-07-30 08:48 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-08-12 08:07 - 2015-07-18 20:58 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2015-08-12 08:07 - 2015-07-18 13:51 - 03704320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2015-08-12 08:07 - 2015-07-18 13:31 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2015-08-12 08:07 - 2015-07-18 13:31 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2015-08-12 08:07 - 2015-07-18 13:31 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2015-08-12 08:07 - 2015-07-18 13:29 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2015-08-12 08:07 - 2015-07-18 13:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2015-08-12 08:07 - 2015-07-18 13:29 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe 2015-08-12 08:07 - 2015-07-18 13:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2015-08-12 08:07 - 2015-07-18 13:12 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2015-08-12 08:07 - 2015-07-18 13:10 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2015-08-12 08:07 - 2015-07-18 13:09 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2015-08-12 08:06 - 2015-07-16 15:36 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-08-12 08:06 - 2015-07-16 15:36 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2015-08-12 08:06 - 2015-07-16 15:35 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-08-12 08:06 - 2015-07-16 15:26 - 05923328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-08-12 08:06 - 2015-07-16 15:23 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll 2015-08-12 08:06 - 2015-07-16 15:21 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-08-12 08:06 - 2015-07-16 14:53 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2015-08-12 08:06 - 2015-07-16 14:51 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-08-12 08:06 - 2015-07-16 14:50 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec 2015-08-12 08:06 - 2015-07-16 14:45 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-08-12 08:06 - 2015-07-16 14:45 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-08-12 08:06 - 2015-07-16 14:41 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll 2015-08-12 08:06 - 2015-07-16 14:39 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-08-12 08:06 - 2015-07-16 14:38 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2015-08-12 08:06 - 2015-07-16 14:36 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-08-12 08:06 - 2015-07-16 14:34 - 14451200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-08-12 08:06 - 2015-07-16 14:32 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-08-12 08:06 - 2015-07-16 14:14 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2015-08-12 08:06 - 2015-07-16 14:13 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-08-12 08:06 - 2015-07-16 14:12 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-08-12 08:06 - 2015-07-16 14:12 - 02427904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-08-12 08:06 - 2015-07-16 14:10 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-08-12 08:06 - 2015-07-16 14:06 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-08-12 08:06 - 2015-07-16 14:01 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-08-12 08:06 - 2015-07-16 13:52 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll 2015-08-12 08:06 - 2015-07-16 13:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2015-08-12 08:06 - 2015-07-16 13:42 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-08-12 08:06 - 2015-07-16 13:38 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-08-12 08:06 - 2015-07-16 13:37 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-08-12 08:06 - 2015-07-15 19:29 - 07458648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-08-12 08:06 - 2015-07-15 19:29 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-08-12 08:06 - 2015-07-15 19:29 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys 2015-08-12 08:06 - 2015-07-15 19:28 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2015-08-12 08:06 - 2015-07-10 12:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll 2015-08-12 08:06 - 2015-07-07 04:40 - 00270168 _
  13. # AdwCleaner v5.006 - Logfile created 07/09/2015 at 21:27:02 # Updated 06/09/2015 by Xplode # Database : 2015-09-07.1 [server] # Operating system : Windows 8.1 (x64) # Username : Terry - KITCHEN # Running from : C:\Users\Terry\Downloads\AdwCleaner (1).exe # Option : Cleaning # Support : http://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** ***** [ Files ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** [-] Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp [!] Key Not Deleted : HKU\S-1-5-21-4084636481-732014058-1395683245-1001\Software\AppDataLow\Software\adawarebp ***** [ Web browsers ] ***** ************************* :: Winsock settings cleared ########## EOF - C:\AdwCleaner\AdwCleaner[C6].txt - [776 bytes] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 7.6.0 (08.31.2015:1) OS: Windows 8.1 x64 Ran by Terry on Mon 09/07/2015 at 21:32:33.48 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks Successfully deleted: [Task] C:\WINDOWS\system32\tasks\PCDEventLauncherTask Successfully deleted: [Task] C:\WINDOWS\system32\tasks\PCDoctorBackgroundMonitorTask ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer ~~~ Files ~~~ Folders ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Mon 09/07/2015 at 21:34:06.18 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  14. Yes, and I deleted what was in quarantine. We are running a bit better right now, I think, though I still am unable to run a Pit Test.
  15. HijackThis File Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 8:48:23 PM, on 9/3/2015 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.9600.17840) FIREFOX: 40.0.3 (x86 en-US) Boot mode: Normal Running processes: C:\Program Files (x86)\Logitech\Vid HD\Vid.exe C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe C:\Program Files (x86)\Dell Update\DellUpTray.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Users\Terry\AppData\Local\Microsoft\Windows\INetCache\IE\Y8OB33YC\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode O4 - HKLM\..\Policies\Explorer\Run: [btvStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files (x86)\Logitech\Ereg\eReg.exe O4 - Startup: Monitor Ink Alerts - HP Deskjet 1510 series.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe O23 - Service: Dell Customer Connect - Dell Inc. - C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe O23 - Service: Dell Data Vault (DellDataVault) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVault.exe O23 - Service: Dell Data Vault Wizard (DellDataVaultWiz) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe O23 - Service: Dell Update Service (DellUpdate) - Dell Inc. - C:\Program Files (x86)\Dell Update\DellUpService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe O23 - Service: Intel® ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe O23 - Service: Intel® Update Manager (iumsvc) - Unknown owner - c:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Ad-Aware Service 11 (LavasoftAdAwareService11) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareService.exe O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: Dell SupportAssist Agent (SupportAssistAgent) - Dell Inc. - C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe -- End of file - 11591 bytes
  16. I just ran a scan via MBAM, but a log wasn't created. I did find a log from earlier today - I didn't realize that it actually scanned tho. here is the log from earlier: ------------------ Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 2/24/2015 Scan Time: 1:36:01 PM Logfile: malwarebytes.txt Administrator: Yes Version: 2.00.4.1028 Malware Database: v2015.02.24.06 Rootkit Database: v2015.02.22.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: Terry Scan Type: Threat Scan Result: Completed Objects Scanned: 393718 Time Elapsed: 8 min, 59 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 16 PUP.Optional.PastaLeads.A, C:\Program Files\Common Files\PastaLeads\PastaLeads Client\pastaleadss.exe, 6876, , [75d18999810952e44e118682bd49a957] PUP.Optional.Wajam.A, C:\Program Files\WajaWebEnhancer\wajam_64.exe, 6332, , [e85e2cf6fb8f47efa6b8b4b8d42cf709] PUP.Optional.Wajam.A, C:\Program Files\WajaWebEnhancer\wajam_64.exe, 6828, , [e85e2cf6fb8f47efa6b8b4b8d42cf709] PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\bin\utilBrowserGood.exe, 7128, , [f74f80a2d7b3af87ee585fa4f0128977] PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\updateBrowserGood.exe, 96, , [6fd745dd75154aec66e01ce7c83aa45c] PUP.Optional.Wajam.A, C:\Program Files\WajaWebEnhancer\wajam.exe, 5448, , [f55133ef64262d0965f9f874b44cfc04] PUP.Optional.TheAnswerFinder.A, C:\Users\Terry\AppData\Roaming\TheAnswerFinder\TheAnswerFinder.exe, 6296, , [51f5c062791190a6f1a9847942bf4db3] PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe, 8336, , [81c53de5d7b35fd7abb25599ef12cc34] PUP.Optional.ASPackage.A, C:\Users\Terry\AppData\Roaming\ASPackage\ASSrv.exe, 772, , [79cd37ebafdb171f567e69380102ce32] PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_890\ospd_us_890.exe, 4860, , [9fa7a67c9beff83e1b3e268c30d312ee] PUP.Optional.SearchModule.A, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smu.exe, 2324, , [82c43be76228d5619a6562394db6837d] PUP.Optional.OneSoftPerDay.A, C:\Users\Terry\AppData\Local\ospd_us_890\upospd_us_890.exe, 6704, , [0d3923ff1674e94d93b9087bc142aa56] PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\bin\BrowserGood.BrowserAdapter.exe, 6028, , [15317ea4b7d3cc6abfc32a6512f1e020] PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\bin\BrowserGood.BrowserAdapter64.exe, 1368, , [15317ea4b7d3cc6abfc32a6512f1e020] PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\bin\BrowserGood.expext.exe, 3440, , [15317ea4b7d3cc6abfc32a6512f1e020] PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\bin\BrowserGood.PurBrowse64.exe, 7916, , [15317ea4b7d3cc6abfc32a6512f1e020] Modules: 7 PUP.Optional.PastaLeads.A, C:\Program Files\Common Files\PastaLeads\PastaLeads Client\pastali32.dll, , [94b2ca58b6d40432f36c1aee5fa73ac6], PUP.Optional.PastaLeads.A, C:\Program Files\Common Files\PastaLeads\PastaLeads Client\pastali32.dll, , [94b2ca58b6d40432f36c1aee5fa73ac6], PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smci32.dll, , [d6700121b8d226100c44c4bb22e1659b], PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\bin\BrowserGood.expextdll.dll, , [15317ea4b7d3cc6abfc32a6512f1e020], PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\bin\f3daddfc782d4450a020ed3b44858e01.dll, , [15317ea4b7d3cc6abfc32a6512f1e020], PUP.Optional.Wajam.A, C:\Program Files\WajaWebEnhancer\dlls\qneyvbbfzsog.dll, , [d175938fddadca6c88e4761e73906e92], PUP.Optional.Wajam.A, C:\Program Files\WajaWebEnhancer\dlls\qneyvbbfzsog.dll, , [d175938fddadca6c88e4761e73906e92], Registry Keys: 61 PUP.Optional.PastaLeads.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\pastaleadsupd, , [75d18999810952e44e118682bd49a957], PUP.Optional.Wajam.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Wajam Web Enhancer, , [e85e2cf6fb8f47efa6b8b4b8d42cf709], PUP.Optional.BrowserGood.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util Browser Good, , [f74f80a2d7b3af87ee585fa4f0128977], PUP.Optional.BrowserGood.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Browser Good, , [6fd745dd75154aec66e01ce7c83aa45c], PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, , [96b082a0bfcb3501509ffc4d986ba65a], PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, , [96b082a0bfcb3501509ffc4d986ba65a], PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{2dd0916f-60de-4413-8198-d3c9d9b959d1}, , [e6601e04e0aa5ed8f57ee923a95ae41c], PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{45210C8B-D8C6-4FBE-99A0-2ADD70D53422}, , [e6601e04e0aa5ed8f57ee923a95ae41c], PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{75BF0BB6-E453-45E6-AA55-E8EC3DC236C3}, , [e6601e04e0aa5ed8f57ee923a95ae41c], PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{75BF0BB6-E453-45E6-AA55-E8EC3DC236C3}, , [e6601e04e0aa5ed8f57ee923a95ae41c], PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{45210C8B-D8C6-4FBE-99A0-2ADD70D53422}, , [e6601e04e0aa5ed8f57ee923a95ae41c], PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{2DD0916F-60DE-4413-8198-D3C9D9B959D1}, , [e6601e04e0aa5ed8f57ee923a95ae41c], PUP.Optional.BrowserGood.A, HKU\S-1-5-21-4084636481-732014058-1395683245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{2DD0916F-60DE-4413-8198-D3C9D9B959D1}, , [e6601e04e0aa5ed8f57ee923a95ae41c], PUP.Optional.BrowserGood.A, HKU\S-1-5-21-4084636481-732014058-1395683245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{2DD0916F-60DE-4413-8198-D3C9D9B959D1}, , [e6601e04e0aa5ed8f57ee923a95ae41c], PUP.Optional.Trovi.A, HKU\S-1-5-21-4084636481-732014058-1395683245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{589B893E-773C-4941-88C2-0DCC718E621C}, , [2f172cf67218cb6ba79b46c5e91a659b], PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{589B893E-773C-4941-88C2-0DCC718E621C}, , [2f172cf67218cb6ba79b46c5e91a659b], PUP.Optional.TheAnswerFinder.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\TheAnswerFinder, , [82c4968c7d0d86b04e4d906dd031ac54], PUP.Optional.ASPackage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ASPackage, , [79cd37ebafdb171f567e69380102ce32], PUP.Optional.ASPackage.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\serveras, , [79cd37ebafdb171f567e69380102ce32], PUP.Optional.MyPCBackup.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BackupStack, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.MyPCBackup.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MyPC Backup, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{f3daddfc-782d-4450-a020-ed3b44858e01}Gw64, , [4ef8bc66385277bf3ce594284eb5a35d], PUP.Optional.PastaLeads.A, HKLM\SOFTWARE\PastaLeadsAgent, , [0c3a3ae8177382b4247d80172ad9b34d], PUP.Optional.SpeedChecker.A, HKLM\SOFTWARE\Speedchecker Limited, , [ae98f1314545d0660c4debb9758ef808], PUP.Optional.Wajam.A, HKLM\SOFTWARE\Wajam Web Enhancer, , [92b453cf42480036e5894b5e00033ac6], PUP.Optional.MyPCBackup.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\MyPC Backup, , [6fd7c9596e1c082e021f079ae81b857b], PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\WOW6432NODE\Browser Good, , [3d099b87c3c7c076e9366142f11216ea], PUP.Optional.OneSoftPerDay.A, HKLM\SOFTWARE\WOW6432NODE\ONESOFTPERDAY, , [c581a67c8bff43f3b99e7b379c679868], PUP.Optional.PastaLeads.A, HKLM\SOFTWARE\WOW6432NODE\PastaLeadsAgent, , [67df46dc8cfed165960b583f659ed12f], PUP.Optional.SpeedChecker.A, HKLM\SOFTWARE\WOW6432NODE\Speedchecker Limited, , [a4a2ec368cfeb1854b0ef9abe61dd32d], PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\Wajam Web Enhancer, , [ca7cae745a3056e0a8c682270cf78b75], PUP.Optional.Taplika.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\MEDIAPLAYER\SHIMINCLUSIONLIST\taplika.exe, , [ea5c69b9d8b2df57b1f048518d763fc1], PUP.Optional.MyPCBackup.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\MyPC Backup, , [5fe7f52d0a80a096c55cf4ad788bf808], PUP.Optional.OneSoftPerDay.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ospd_us_890_is1, , [84c238ea3d4d241275e1347e877c659b], PUP.Optional.PastaLeads.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PastaLeads Client, , [ff47012118725dd9bfe1f99e4cb7d32d], PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Wajam Web Enhancer, , [9ea89f83c3c7ea4c4c21b3f60003f010], PUP.Optional.Taplika.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WSE_Taplika, , [95b1bb670a8092a4ee92fca4649f8f71], PUP.Optional.Tuto4Pc.A, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS, , [5bebf13176143204281ab1767491de22], PUP.Optional.PastaLeads.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PastaLUpdd, , [51f5d0527e0cc76fffa3e9ae669dec14], PUP.Optional.SearchModule.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SMUPDPLUS, , [82c43be76228d5619a6562394db6837d], PUP.Optional.BrowserGood.A, HKU\S-1-5-21-4084636481-732014058-1395683245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Browser Good, , [370f5fc32565989e29f77231f60d6c94], PUP.Optional.Taplika.A, HKU\S-1-5-21-4084636481-732014058-1395683245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Taplika, , [eb5b72b07d0d9e98c0b7d2ce877c21df], PUP.Optional.Taplika.A, HKU\S-1-5-21-4084636481-732014058-1395683245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Taplika Browser, , [ae9824fec6c473c39dda1e827a8920e0], PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-4084636481-732014058-1395683245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\TutoTag, , [a2a4e141dbaf24124d441effad58b44c], PUP.Optional.Wajam.A, HKU\S-1-5-21-4084636481-732014058-1395683245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\WajIEnhance, , [f3539191503ab87e6aed6a3812f1926e], PUP.Optional.Taplika.A, HKU\S-1-5-21-4084636481-732014058-1395683245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\wse_taplika, , [1333d64ca3e71f1798df712fdb286d93], PUP.Optional.Taplika.A, HKU\S-1-5-21-4084636481-732014058-1395683245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Taplika, , [0541cd55b6d46fc7552afba554af28d8], PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-4084636481-732014058-1395683245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\TUTORIALS\updatetutorialeshp, , [7ec848da18722412335ee3b77a8949b7], PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-4084636481-732014058-1395683245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\TUTORIALS\updatetutorialshp, , [2f17130f8efc1224c5cda1f9e81bb947], PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-4084636481-732014058-1395683245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\TUTORIALS\updv, , [f94d6cb6b4d6ae886e252f6b659e0ff1], PUP.Optional.Goobzo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Search Module Plus, , [d6700121b8d226100c44c4bb22e1659b], PUP.Optional.Goobzo, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SMUpdd, , [d6700121b8d226100c44c4bb22e1659b], PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Browser Good, , [15317ea4b7d3cc6abfc32a6512f1e020], PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, , [15317ea4b7d3cc6abfc32a6512f1e020], PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, , [15317ea4b7d3cc6abfc32a6512f1e020], PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, , [15317ea4b7d3cc6abfc32a6512f1e020], PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, , [15317ea4b7d3cc6abfc32a6512f1e020], PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, , [15317ea4b7d3cc6abfc32a6512f1e020], PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, , [15317ea4b7d3cc6abfc32a6512f1e020], PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, , [15317ea4b7d3cc6abfc32a6512f1e020], PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, , [15317ea4b7d3cc6abfc32a6512f1e020], Registry Values: 9 PUP.Optional.TheAnswerFinder.A, HKU\S-1-5-21-4084636481-732014058-1395683245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|TheAnswerFinder, "C:\Users\Terry\AppData\Roaming\TheAnswerFinder\TheAnswerFinder.exe", , [51f5c062791190a6f1a9847942bf4db3] PUP.Optional.OneSoftPerDay.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ospd_us_890, "C:\Program Files (x86)\ospd_us_890\ospd_us_890.exe", , [9fa7a67c9beff83e1b3e268c30d312ee] PUP.Optional.Taplika.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|Taplika, C:\WINDOWS\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\Terry\AppData\Roaming\Taplika\UpdateProc\bkup.dat", , [65e158ca43473ef856a811897c87cc34] PUP.Optional.Taplika.A, HKU\S-1-5-21-4084636481-732014058-1395683245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|Taplika, C:\WINDOWS\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\Terry\AppData\Roaming\Taplika\UpdateProc\bkup.dat", , [65e158ca43473ef856a811897c87cc34] PUP.Optional.Tuto4Pc.A, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS|HostGUID, 755FABDB-BADD-4027-81DC-B9BE49C41F14, , [5bebf13176143204281ab1767491de22] PUP.Optional.MyPCBackup.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BACKUPSTACK|ImagePath, C:\Program Files (x86)\MyPC Backup\BackupStack.exe, , [8bbb938f7d0dfe3878f6fab0cd36f808] PUP.Optional.SearchModule.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SMUPDPLUS|ImagePath, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smu.exe /service, , [82c43be76228d5619a6562394db6837d] PUP.Optional.OneSoftPerDay.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|upospd_us_890.exe, C:\Users\Terry\AppData\Local\ospd_us_890\upospd_us_890.exe -runonce, , [0d3923ff1674e94d93b9087bc142aa56] PUP.Optional.Taplika.A, HKU\S-1-5-21-4084636481-732014058-1395683245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|GoogleChromeAutoLaunch_F2197F60094F9CFD4C18AC811E6E7790, "C:\Users\Terry\AppData\Local\Taplika\Application\taplika.exe" --auto-launch-at-startup --profile-directory="Default", , [56f00f135832aa8c2b89deb3659e619f] Registry Data: 1 PUP.Optional.Taplika.A, HKU\S-1-5-21-4084636481-732014058-1395683245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://taplika.com/?f=1&a=tpl_tuto13_15_09&cd=2XzuyEtN2Y1L1Qzu0Fzz0BtCyDyC0Azy0AtBtA0F0FzyzzzztN0D0Tzu0StCtCyDtDtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyByByEyCzy0FyEyBtG0FtCzztAtGyDyEyCzytGtD0FyE0DtGyD0EtD0Bzz0BtCyD0AyDyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0DzztAtD0BzytDtG0DyEyC0FtGyEzy0D0BtG0A0DyE0CtGtD0DyC0B0A0F0EyEzzzyyC0C2Q&cr=1053447831&ir=, Good: (www.google.com), Bad: (http://taplika.com/?f=1&a=tpl_tuto13_15_09&cd=2XzuyEtN2Y1L1Qzu0Fzz0BtCyDyC0Azy0AtBtA0F0FzyzzzztN0D0Tzu0StCtCyDtDtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyByByEyCzy0FyEyBtG0FtCzztAtGyDyEyCzytGtD0FyE0DtGyD0EtD0Bzz0BtCyD0AyDyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0DzztAtD0BzytDtG0DyEyC0FtGyEzy0D0BtG0A0DyE0CtGtD0DyC0B0A0F0EyEzzzyyC0C2Q&cr=1053447831&ir=),,[9ea8ca585832c96d56a7f0d3f90c08f8] Folders: 169 PUP.Optional.ASPackage.A, C:\Users\Terry\AppData\Roaming\ASPackage, , [79cd37ebafdb171f567e69380102ce32], PUP.Optional.ASPackage.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage, , [d6702bf7c1c9fa3c8a4b267b11f245bb], PUP.Optional.MyPCBackup.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup, , [73d328fa6525d5612f3debbf56ad31cf], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\x64, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\x86, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Database, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo, , [d6700121b8d226100c44c4bb22e1659b], PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus, , [d6700121b8d226100c44c4bb22e1659b], PUP.Optional.OneSoftPerDay.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONESOFTPERDAY, , [bb8b67bb7f0b3cfa97b486fd7390f50b], PUP.Optional.OneSoftPerDay.A, C:\Users\Terry\AppData\Local\ospd_us_890, , [0d3923ff1674e94d93b9087bc142aa56], PUP.Optional.OneSoftPerDay.A, C:\Users\Terry\AppData\Local\ospd_us_890\Download, , [0d3923ff1674e94d93b9087bc142aa56], PUP.Optional.OneSoftPerDay.A, C:\Users\Terry\AppData\Local\ospd_us_890\ospd_us_890, , [0d3923ff1674e94d93b9087bc142aa56], PUP.Optional.OneSoftPerDay.A, C:\Users\Terry\AppData\Local\ospd_us_890\ospd_us_890\1.10, , [0d3923ff1674e94d93b9087bc142aa56], PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_882, , [5de95dc58a0050e64409fe8539ca6d93], PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_890, , [bc8a42e0f5950b2bbc91a0e353b0da26], PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer, , [82c41e047e0cc17565bfaae0d52e03fd], PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\Explore Social Search, , [82c41e047e0cc17565bfaae0d52e03fd], PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\Explore Social Shopping, , [82c41e047e0cc17565bfaae0d52e03fd], PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\Uninstall Wajam, , [82c41e047e0cc17565bfaae0d52e03fd], PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good, , [15317ea4b7d3cc6abfc32a6512f1e020], PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\bin, , [15317ea4b7d3cc6abfc32a6512f1e020], PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\bin\plugins, , [15317ea4b7d3cc6abfc32a6512f1e020], PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\bin\TEMP, , [15317ea4b7d3cc6abfc32a6512f1e020], PUP.Optional.Taplika.A, C:\Program Files (x86)\WSE_Taplika, , [eb5bfb27fa900630ab075a3749ba6799], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Roaming\Taplika, , [6cda9a88b3d7d16510a30f8256adbd43], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Roaming\Taplika\UpdateProc, , [6cda9a88b3d7d16510a30f8256adbd43], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\Application, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\Application\31.0.1650.23, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\Application\31.0.1650.23\Extensions, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\Application\31.0.1650.23\Installer, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\Application\31.0.1650.23\Locales, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\Application\31.0.1650.23\VisualElements, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Cache, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\databases, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app\spots, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app\spots\facebook, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app\spots\facebook\images, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app\spots\facebook\images\carousel, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app\spots\facebook\images\carousel\screenshots, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app\spots\gallery, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app\spots\gallery\data, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app\spots\gallery\images, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app\spots\gallery\images\blackfriday, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app\spots\weather, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app\spots\weather\images, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\css, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\about, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\apps, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\clean, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\discovery, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\favorites, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\ftue, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\icons, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\icons\pageAction, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\image-upload, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\loaders, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\notifications, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\phone, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\review-gifs, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\review-gifs\cat, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\search, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes\bubbles, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes\buttons, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes\city, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes\clean, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes\disco, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes\fishing, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes\forest, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes\mountains, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes\planets, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes\sea, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes\space, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes\strips, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes\sunset, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\user, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\js, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\lib, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\locales, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales\ar, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales\de, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales\en, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales\es, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales\fr, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales\he, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales\it, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales\ja, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales\nl, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales\pl, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales\pt_BR, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales\ru, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales\tr, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\css, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\html, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\bg, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ca, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\cs, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\da, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\de, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\el, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\en, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\en_GB, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\es, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\es_419, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\et, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fi, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fil, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fr, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hi, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hr, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hu, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\id, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\it, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ja, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ko, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\lt, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\lv, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\nb, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\nl, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pl, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pt_BR, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pt_PT, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ro, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ru, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sk, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sl, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sr, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sv, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\th, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\tr, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\uk, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\vi, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\zh_CN, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\zh_TW, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_metadata, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\GPUCache, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\IndexedDB, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\IndexedDB\chrome-extension_ecmgfadhlfnnjeldifpnbohpkbbgonfd_0.indexeddb.leveldb, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\JumpListIcons, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\JumpListIconsOld, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Local Extension Settings, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Local Storage, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\User StyleSheets, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\pnacl, , [56f00f135832aa8c2b89deb3659e619f], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Taplika, , [79cd4bd7ed9d1f175e570d841be8837d], PUP.Optional.Wajam.A, C:\Program Files\WajaWebEnhancer, , [d175938fddadca6c88e4761e73906e92], PUP.Optional.Wajam.A, C:\Program Files\WajaWebEnhancer\dlls, , [d175938fddadca6c88e4761e73906e92], PUP.Optional.Wajam.A, C:\Program Files\WajaWebEnhancer\logos, , [d175938fddadca6c88e4761e73906e92], PUP.Optional.BrowserGood.A, C:\Users\Terry\AppData\Local\Temp\Browser Good, , [291dc959305a3bfb81fde2b314effb05], PUP.Optional.FlashBeat.A, C:\ProgramData\FlashBeat, , [d67068ba197184b226c9e5b038cba55b], PUP.Optional.TheAnswerFinder.A, C:\Users\Terry\AppData\Roaming\TheAnswerFinder, , [ee58869c335770c68a8dfc9ad72ce020], PUP.Optional.PastaLeads.A, C:\ProgramData\PastaLeadsAgent, , [d96d52d0cebce74f447b504619ea7987], PUP.Optional.PastaLeads.A, C:\Program Files\Common Files\PastaLeads, , [0d39c161dfab49edbc04f1a54cb706fa], PUP.Optional.PastaLeads.A, C:\Program Files\Common Files\PastaLeads\PastaLeads Client, , [0d39c161dfab49edbc04f1a54cb706fa], Files: 935 PUP.Optional.PastaLeads.A, C:\Program Files\Common Files\PastaLeads\PastaLeads Client\pastaleadss.exe, , [75d18999810952e44e118682bd49a957], PUP.Optional.Wajam.A, C:\Program Files\WajaWebEnhancer\wajam_64.exe, , [e85e2cf6fb8f47efa6b8b4b8d42cf709], PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\bin\utilBrowserGood.exe, , [f74f80a2d7b3af87ee585fa4f0128977], PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\updateBrowserGood.exe, , [6fd745dd75154aec66e01ce7c83aa45c], PUP.Optional.Wajam.A, C:\Program Files\WajaWebEnhancer\wajam.exe, , [f55133ef64262d0965f9f874b44cfc04], PUP.Optional.TheAnswerFinder.A, C:\Users\Terry\AppData\Roaming\TheAnswerFinder\TheAnswerFinder.exe, , [51f5c062791190a6f1a9847942bf4db3], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe, , [81c53de5d7b35fd7abb25599ef12cc34], PUP.Optional.PastaLeads.A, C:\Program Files\Common Files\PastaLeads\PastaLeads Client\pastali32.dll, , [94b2ca58b6d40432f36c1aee5fa73ac6], PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\BrowserGoodbho.dll, , [e6601e04e0aa5ed8f57ee923a95ae41c], PUP.Optional.TheAnswerFinder.A, C:\Users\Terry\AppData\Roaming\TheAnswerFinder\TheAnswerFinderUninstall.exe, , [82c4968c7d0d86b04e4d906dd031ac54], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Service Start.exe, , [cf77bf639af046f01a434aa4f30ecb35], PUP.Optional.Goobzo, C:\Users\Terry\AppData\Local\Temp\Install_25101\ins_smk.exe, , [1333f72bacded462f521f5aa44c131cf], PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_speeditup_installer_multilang.exe, , [23239e849ceecf67f87c9d5cf40deb15], PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_stormpverti_installer_multilang.exe, , [0e38b969addd989e0371b14847bab54b], PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_StormWatch_Boost_Verti_installer_multilang.exe, , [fd492bf72664f145d89c1cddf70a9967], PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_superpc_installer_multilang.exe, , [b6909f83a5e5bd790a6aec0d669b946c], PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_taplika_installer_multilang.exe, , [0343bb678bffe74f561e58a15ca5f907], PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_zombie_installer_multilang.exe, , [a0a6bb67f19963d3601448b123de24dc], PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_boost_installer_multilang.exe, , [e16559c93a50bd79730125d46b96f907], PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_browsergood_installer_multilang.exe, , [d373ea38751548eed89c7188ae5343bd], PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_BubbleSound_installer_multilang.exe, , [c68041e1bad0a492700446b37b8629d7], PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_cp_desktopdock_installer_multilang.exe, , [9caaaf73315980b62c484faa1ee3cd33], PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_CubepileShopperz_installer_multilang.exe, , [093d42e07f0b1b1bb9bbfcfdb0516f91], PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_cubepile_speedcheck_installer_multilang.exe, , [47ffb270cfbb2610482c1ddca45d01ff], PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_FlashBeat_installer_multilang.exe, , [59edb0727e0c57dfd2a22ccda95810f0], PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_optimizerpro_installer_multilang.exe, , [74d2031fcfbb9a9c77fdfbfe758c8878], PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_piccolor_installer_multilang.exe, , [79cd99896c1ef93d60149564827faa56], PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_plumoweb_installer_multilang.exe, , [281ea47e8efc73c380f45d9cd62b6997], PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_plushd_installer_multilang.exe, , [fe48e43e8208f83e2f4506f3728fbe42], PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_psecprotwhite_installer_multilang.exe, , [c680ba682664a88e5e16cf2a669bc13f], PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_quickref_installer_multilang.exe, , [3016ad75cac0dc5a6c089168df228b75], PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_quickref_p_installer_multilang.exe, , [3610c062eaa0da5cd59f24d5ee1350b0], PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_SByoutube_installer_multilang.exe, , [370fca582862f541d2a2f60352af1fe1], PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_secureprotect_installer_multilang.exe, , [1b2bef331773e84e82f2ad4c47bac23e], PUP.Optional.SearchModule.A, C:\Windows\System32\Tasks\SMWPUpd, , [c1851909ccbe79bd8ef9158a0bf8ac54], PUP.Optional.Taplika.A, C:\Users\Terry\Desktop\Taplika.lnk, , [68de5ec46624b2844d2b920e2fd4a45c], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Taplika.lnk, , [ef57eb37f7931224b9c00a964cb75ba5], PUP.Optional.Taplika.A, C:\Windows\Tasks\Taplika.job, , [9babb86a72183105b6c7f4acaf540df3], PUP.Optional.Taplika.A, C:\Windows\System32\Tasks\Taplika, , [ac9a43dfafdb8bab542af4ac847f7f81], PUP.Optional.Taplika.A, C:\Users\tacti_000\AppData\Roaming\Mozilla\Firefox\Profiles\mv00qg8y.default\searchplugins\Taplika.xml, , [f94d77abbad0f046b2cff0b04ab917e9], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\gcmhupl0.default-1414872201493\searchplugins\Taplika.xml, , [fe4877abfb8f7cba99e8168aa16233cd], PUP.Optional.ASPackage.A, C:\Users\Terry\AppData\Roaming\ASPackage\Uninstall.exe, , [79cd37ebafdb171f567e69380102ce32], PUP.Optional.ASPackage.A, C:\Users\Terry\AppData\Roaming\ASPackage\ASPackage.exe, , [79cd37ebafdb171f567e69380102ce32], PUP.Optional.ASPackage.A, C:\Users\Terry\AppData\Roaming\ASPackage\asrunasu.exe, , [79cd37ebafdb171f567e69380102ce32], PUP.Optional.ASPackage.A, C:\Users\Terry\AppData\Roaming\ASPackage\ASSrv.exe, , [79cd37ebafdb171f567e69380102ce32], PUP.Optional.ASPackage.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage\Configure.lnk, , [d6702bf7c1c9fa3c8a4b267b11f245bb], PUP.Optional.MyPCBackup.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk, , [56f0b36fc8c25cda1159b4f654af49b7], PUP.Optional.MyPCBackup.A, C:\Users\Terry\Desktop\MyPC Backup.lnk, , [c18555cdd3b7bb7b6dfec0eaa45f3dc3], PUP.Optional.MyPCBackup.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup\MyPC Backup.lnk, , [73d328fa6525d5612f3debbf56ad31cf], PUP.Optional.MyPCBackup.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup\Uninstall.lnk, , [73d328fa6525d5612f3debbf56ad31cf], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\pt_PT.mo, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\BplusDotNet.dll, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\aff.conf, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaFS.dll, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaVSS.51.x86.dll, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaVSS.52.x64.dll, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaVSS.52.x86.dll, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaVSS.60.x64.dll, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaVSS.60.x86.dll, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaVSS.Common.dll, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\BackupStack.exe, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\BackupStackUI.dll, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\RegisterExtensionDotNet20_x64.exe, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\RegisterExtensionDotNet20_x86.exe, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\RegisterExtensionDotNet40_x64.exe, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\RegisterExtensionDotNet40_x86.exe, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Shared Stack.dll, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\SignupWizard.dll, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\syncicon.ico, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\System.Data.SQLite.DLL, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\uninst.exe, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\UnRegisterExtensions.exe, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Updater.exe, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Updater_.dll, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\websocket-sharp.dll, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Configuration Updater.exe, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\de_DE.mo, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\es_ES.mo, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\fr_FR.mo, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\GetText.dll, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\InstMgr.dll, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Ionic.Zip.dll, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\it_IT.mo, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\LogicNP.EZShellExtensions.dll, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Microsoft.Win32.TaskScheduler.dll, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\MPCBClient.dll, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\MPCBContextMenu.dll, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\mypcbackup.ico, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\NativeHashWrapper.dll, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Newtonsoft.Json.dll, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\ObjectListView.dll, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\PipeDiff.dll, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\x64\SQLite.Interop.dll, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\x86\SQLite.Interop.dll, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Database\mpcb_settings.db, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\WAIT_HANDLES.log, , [67df81a18109ea4ca8c53575748f06fa], PUP.Optional.Goobzo, C:\Windows\System32\Tasks\SMW_UpdateTask_Time_323932353639303831322d2323782a32455b4134572d32, , [70d6a181523854e2c2c207afda29b947], PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{f3daddfc-782d-4450-a020-ed3b44858e01}Gw64.sys, , [4ef8bc66385277bf3ce594284eb5a35d], PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_890\ospd_us_890.exe, , [9fa7a67c9beff83e1b3e268c30d312ee], PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Roaming\Taplika\UpdateProc\bkup.dat, , [65e158ca43473ef856a811897c87cc34], PUP.Optional.PastaLeads.A, C:\Program Files\Common Files\PastaLeads\PastaLeads Client\pastaldrw.sys, , [51f5d0527e0cc76fffa3e9ae669dec14], PUP.Optional.SearchModule.A, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smu.exe, , [82c43be76228d5619a6562394db6837d], PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\SBIEBrowserHelperObject.dll, , [d6700121b8d226100c44c4bb22e1659b], PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\SCHelper.exe, , [d6700121b8d226100c44c4bb22e1659b], PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\sma.exe, , [d6700121b8d226100c44c4bb22e1659b], PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smci32.dll, , [d6700121b8d226100c44c4bb22e1659b], PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smci64.dll, , [d6700121b8d226100c44c4bb22e1659b], PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smei32.dll, , [d6700121b8d226100c44c4bb22e1659b], PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smei64.dll, , [d6700121b8d226100c44c4bb22e1659b], PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smfi32.dll, , [d6700121b8d226100c44c4bb22e1659b], PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smfi64.dll, , [d6700121b8d226100c44c4bb22e1659b], PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smi32.exe, , [d6700121b8d226100c44c4bb22e1659b], PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smi64.exe, , [d6700121b8d226100c44c4bb22e1659b], PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smoi32.dll, , [d6700121b8d226100c44c4bb22e1659b], PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smoi64.dll, , [d6700121b8d226100c44c4bb22e1659b], PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smri32.dll, , [d6700121b8d226100c44c4bb22e1659b], PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smri64.dll, , [d6700121b8d226100c44c4bb22e1659b], PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\SMUninstall.exe, , [d6700121b8d226100c44c4bb22e1659b], PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smw.sys, , [d6700121b8d226100c44c4bb22e1659b], PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\Updater.exe, , [d6700121b8d226100c44c4bb22e1659b], PUP.Optional.OneSoftPerDay.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONESOFTPERDAY\Onesoftperday.lnk, , [bb8b67bb7f0b3cfa97b486fd7390f50b], PUP.Optional.OneSoftPerDay.A, C:\Users\Terry\AppData\Local\ospd_us_890\upospd_us_890.cyl, , [0d3923ff1674e94d93b9087bc142aa56], PUP.Optional.OneSoftPerDay.A, C:\Users\Terry\AppData\Local\ospd_us_890\upospd_us_890.exe, , [0d3923ff1674e94d93b9087bc142aa56], PUP.Optional.OneSoftPerDay.A, C:\Users\Terry\AppData\Local\ospd_us_890\user_profil.cyp, , [0d3923ff1674e94d93b9087bc142aa56], PUP.Optional.OneSoftPerDay.A, C:\Users\Terry\AppData\Local\ospd_us_890\Download\majmp_gentleeeuu.exe, , [0d3923ff1674e94d93b9087bc142aa56], PUP.Optional.OneSoftPerDay.A, C:\Users\Terry\AppData\Local\ospd_us_890\ospd_us_890\1.10\cnf.cyl, , [0d3923ff1674e94d93b9087bc142aa56], PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_890\onesoftperday_widget.exe, , [bc8a42e0f5950b2bbc91a0e353b0da26], PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_890\predm.exe, , [bc8a42e0f5950b2bbc91a0e353b0da26], PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_890\unins000.dat, , [bc8a42e0f5950b2bbc91a0e353b0da26], PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_890\unins000.exe, , [bc8a42e0f5950b2bbc91a0e353b0da26], PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_890\unins000.msg, , [bc8a42e0f5950b2bbc91a0e353b0da26], PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\Settings.lnk, , [82c41e047e0cc17565bfaae0d52e03fd], PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\SignIn with Facebook.lnk, , [82c41e047e0cc17565bfaae0d52e03fd], PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\SignIn with Twitter.lnk, , [82c41e047e0cc17565bfaae0d52e03fd], PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\Wajam Website.lnk, , [82c41e047e0cc17565bfaae0d52e03fd], PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\Explore Social Search\Ask.lnk, , [82c41e047e0cc17565bfaae0d52e03fd], PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\Explore Social Search\Google.lnk, , [82c41e047e0cc17565bfaae0d52e03fd], PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\Explore Social Search\IMDb.lnk, , [82c41e047e0cc17565bfaae0d52e03fd], PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\Explore Social Search\Shopping.com.lnk, , [82c41e047e0cc17565bfaae0d52e03fd], PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\Explore Social Search\TripAdvisor.lnk, , [82c41e047e0cc17565bfaae0d52e03fd], PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\Explore Social Search\Wikipedia.lnk, , [82c41e047e0cc17565bfaae0d52e03fd], PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\Explore Social Search\Yahoo!.lnk, , [82c41e047e0cc17565bfaae0d52e03fd], PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\Explore Social Shopping\Amazon.lnk, , [82c41e047e0cc17565bfaae0d52e03fd], PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\Explore Social Shopping\Argos.lnk, , [82c41e047e0cc17565bfaae0d52e03fd], PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\Explore Social Shopping\Ebay.lnk, , [82c41e047e0cc17565bfaae0d52e03fd], PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\Explore Social Shopping\Etsy.lnk, , [82c41e047e0cc17565bfaae0d52e03fd], PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\Explore Social Shopping\HomeDepot.lnk, , [
  17. I've posted in the Pitstop Issues forum about not being able to run a Pit test, but I think this may be a malware issue, so I'm hoping someone will help me. I'm running Windows 8.1 on IE 10 and Firefox. I'm out of Trial on Malwarebytes, so I wasn't able to use it. I have cleared my History several times. I have NOT cleared any Cookies, however. Thanks for any help.
  18. Yes, Caches had been cleared, security updates only from Microsoft, I suppose, but not sure of when they were updated. My browsing has been quite slow of late, and I'm fairly sure I have malware issues. Can you help with that?
  19. I've tried running both as Administrator and normal, and the tests don't start. I've tried both IE and Firefox, same problems.
  20. Everything seems ok, Juliet. Thank you.
  21. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.2 (02.02.2015:1) OS: Windows 8.1 x64 Ran by Terry on Wed 02/25/2015 at 18:57:29.03 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] C:\WINDOWS\prefetch\GOOGLETOOLBARUSER_32.EXE-CB694AEC.pf ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\pcdr" Successfully deleted: [Folder] "C:\Users\Terry\AppData\Roaming\pcdr" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Wed 02/25/2015 at 18:58:39.26 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  22. # AdwCleaner v4.111 - Logfile created 25/02/2015 at 18:53:44 # Updated 18/02/2015 by Xplode # Database : 2015-02-18.3 [server] # Operating system : Windows 8.1 (x64) # Username : Terry - KITCHEN # Running from : C:\Users\Terry\Downloads\adwcleaner_4.111.exe # Option : Cleaning ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Program Files (x86)\YTDownloader Folder Deleted : C:\Users\Terry\AppData\Local\CrashRpt Folder Deleted : C:\Users\Terry\AppData\Local\BrowserHelper ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Web browsers ] ***** -\\ Internet Explorer v11.0.9600.17416 -\\ Mozilla Firefox v36.0 (x86 en-US) -\\ Chromium v ************************* AdwCleaner[R0].txt - [2291 bytes] - [26/12/2014 22:51:06] AdwCleaner[R1].txt - [1034 bytes] - [25/02/2015 18:49:51] AdwCleaner[R2].txt - [1094 bytes] - [25/02/2015 18:52:16] AdwCleaner[s0].txt - [2382 bytes] - [26/12/2014 22:52:39] AdwCleaner[s1].txt - [1028 bytes] - [25/02/2015 18:53:44] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1087 bytes] ##########
×
×
  • Create New...