tacticaltal Report post Posted September 3, 2015 I've posted in the Pitstop Issues forum about not being able to run a Pit test, but I think this may be a malware issue, so I'm hoping someone will help me. I'm running Windows 8.1 on IE 10 and Firefox. I'm out of Trial on Malwarebytes, so I wasn't able to use it. I have cleared my History several times. I have NOT cleared any Cookies, however. Thanks for any help. Share this post Link to post Share on other sites
Juliet Report post Posted September 3, 2015 I'm out of Trial on Malwarebytes, so I wasn't able to use it. It's supposed to convert over to public. Open MBAM, click on updates, see if it will update? And see if it will allow you to run a Threat scan. Share this post Link to post Share on other sites
tacticaltal Report post Posted September 4, 2015 I just ran a scan via MBAM, but a log wasn't created. I did find a log from earlier today - I didn't realize that it actually scanned tho. here is the log from earlier: ------------------ Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 2/24/2015Scan Time: 1:36:01 PMLogfile: malwarebytes.txtAdministrator: YesVersion: 2.00.4.1028Malware Database: v2015.02.24.06Rootkit Database: v2015.02.22.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 8.1CPU: x64File System: NTFSUser: TerryScan Type: Threat ScanResult: CompletedObjects Scanned: 393718Time Elapsed: 8 min, 59 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 16PUP.Optional.PastaLeads.A, C:\Program Files\Common Files\PastaLeads\PastaLeads Client\pastaleadss.exe, 6876, , [75d18999810952e44e118682bd49a957]PUP.Optional.Wajam.A, C:\Program Files\WajaWebEnhancer\wajam_64.exe, 6332, , [e85e2cf6fb8f47efa6b8b4b8d42cf709]PUP.Optional.Wajam.A, C:\Program Files\WajaWebEnhancer\wajam_64.exe, 6828, , [e85e2cf6fb8f47efa6b8b4b8d42cf709]PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\bin\utilBrowserGood.exe, 7128, , [f74f80a2d7b3af87ee585fa4f0128977]PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\updateBrowserGood.exe, 96, , [6fd745dd75154aec66e01ce7c83aa45c]PUP.Optional.Wajam.A, C:\Program Files\WajaWebEnhancer\wajam.exe, 5448, , [f55133ef64262d0965f9f874b44cfc04]PUP.Optional.TheAnswerFinder.A, C:\Users\Terry\AppData\Roaming\TheAnswerFinder\TheAnswerFinder.exe, 6296, , [51f5c062791190a6f1a9847942bf4db3]PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe, 8336, , [81c53de5d7b35fd7abb25599ef12cc34]PUP.Optional.ASPackage.A, C:\Users\Terry\AppData\Roaming\ASPackage\ASSrv.exe, 772, , [79cd37ebafdb171f567e69380102ce32]PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_890\ospd_us_890.exe, 4860, , [9fa7a67c9beff83e1b3e268c30d312ee]PUP.Optional.SearchModule.A, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smu.exe, 2324, , [82c43be76228d5619a6562394db6837d]PUP.Optional.OneSoftPerDay.A, C:\Users\Terry\AppData\Local\ospd_us_890\upospd_us_890.exe, 6704, , [0d3923ff1674e94d93b9087bc142aa56]PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\bin\BrowserGood.BrowserAdapter.exe, 6028, , [15317ea4b7d3cc6abfc32a6512f1e020]PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\bin\BrowserGood.BrowserAdapter64.exe, 1368, , [15317ea4b7d3cc6abfc32a6512f1e020]PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\bin\BrowserGood.expext.exe, 3440, , [15317ea4b7d3cc6abfc32a6512f1e020]PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\bin\BrowserGood.PurBrowse64.exe, 7916, , [15317ea4b7d3cc6abfc32a6512f1e020]Modules: 7PUP.Optional.PastaLeads.A, C:\Program Files\Common Files\PastaLeads\PastaLeads Client\pastali32.dll, , [94b2ca58b6d40432f36c1aee5fa73ac6],PUP.Optional.PastaLeads.A, C:\Program Files\Common Files\PastaLeads\PastaLeads Client\pastali32.dll, , [94b2ca58b6d40432f36c1aee5fa73ac6],PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smci32.dll, , [d6700121b8d226100c44c4bb22e1659b],PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\bin\BrowserGood.expextdll.dll, , [15317ea4b7d3cc6abfc32a6512f1e020],PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\bin\f3daddfc782d4450a020ed3b44858e01.dll, , [15317ea4b7d3cc6abfc32a6512f1e020],PUP.Optional.Wajam.A, C:\Program Files\WajaWebEnhancer\dlls\qneyvbbfzsog.dll, , [d175938fddadca6c88e4761e73906e92],PUP.Optional.Wajam.A, C:\Program Files\WajaWebEnhancer\dlls\qneyvbbfzsog.dll, , [d175938fddadca6c88e4761e73906e92],Registry Keys: 61PUP.Optional.PastaLeads.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\pastaleadsupd, , [75d18999810952e44e118682bd49a957],PUP.Optional.Wajam.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Wajam Web Enhancer, , [e85e2cf6fb8f47efa6b8b4b8d42cf709],PUP.Optional.BrowserGood.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util Browser Good, , [f74f80a2d7b3af87ee585fa4f0128977],PUP.Optional.BrowserGood.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Browser Good, , [6fd745dd75154aec66e01ce7c83aa45c],PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, , [96b082a0bfcb3501509ffc4d986ba65a],PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, , [96b082a0bfcb3501509ffc4d986ba65a],PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{2dd0916f-60de-4413-8198-d3c9d9b959d1}, , [e6601e04e0aa5ed8f57ee923a95ae41c],PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{45210C8B-D8C6-4FBE-99A0-2ADD70D53422}, , [e6601e04e0aa5ed8f57ee923a95ae41c],PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{75BF0BB6-E453-45E6-AA55-E8EC3DC236C3}, , [e6601e04e0aa5ed8f57ee923a95ae41c],PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{75BF0BB6-E453-45E6-AA55-E8EC3DC236C3}, , [e6601e04e0aa5ed8f57ee923a95ae41c],PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{45210C8B-D8C6-4FBE-99A0-2ADD70D53422}, , [e6601e04e0aa5ed8f57ee923a95ae41c],PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{2DD0916F-60DE-4413-8198-D3C9D9B959D1}, , [e6601e04e0aa5ed8f57ee923a95ae41c],PUP.Optional.BrowserGood.A, HKU\S-1-5-21-4084636481-732014058-1395683245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{2DD0916F-60DE-4413-8198-D3C9D9B959D1}, , [e6601e04e0aa5ed8f57ee923a95ae41c],PUP.Optional.BrowserGood.A, HKU\S-1-5-21-4084636481-732014058-1395683245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{2DD0916F-60DE-4413-8198-D3C9D9B959D1}, , [e6601e04e0aa5ed8f57ee923a95ae41c],PUP.Optional.Trovi.A, HKU\S-1-5-21-4084636481-732014058-1395683245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{589B893E-773C-4941-88C2-0DCC718E621C}, , [2f172cf67218cb6ba79b46c5e91a659b],PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{589B893E-773C-4941-88C2-0DCC718E621C}, , [2f172cf67218cb6ba79b46c5e91a659b],PUP.Optional.TheAnswerFinder.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\TheAnswerFinder, , [82c4968c7d0d86b04e4d906dd031ac54],PUP.Optional.ASPackage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ASPackage, , [79cd37ebafdb171f567e69380102ce32],PUP.Optional.ASPackage.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\serveras, , [79cd37ebafdb171f567e69380102ce32],PUP.Optional.MyPCBackup.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BackupStack, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.MyPCBackup.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MyPC Backup, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{f3daddfc-782d-4450-a020-ed3b44858e01}Gw64, , [4ef8bc66385277bf3ce594284eb5a35d],PUP.Optional.PastaLeads.A, HKLM\SOFTWARE\PastaLeadsAgent, , [0c3a3ae8177382b4247d80172ad9b34d],PUP.Optional.SpeedChecker.A, HKLM\SOFTWARE\Speedchecker Limited, , [ae98f1314545d0660c4debb9758ef808],PUP.Optional.Wajam.A, HKLM\SOFTWARE\Wajam Web Enhancer, , [92b453cf42480036e5894b5e00033ac6],PUP.Optional.MyPCBackup.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\MyPC Backup, , [6fd7c9596e1c082e021f079ae81b857b],PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\WOW6432NODE\Browser Good, , [3d099b87c3c7c076e9366142f11216ea],PUP.Optional.OneSoftPerDay.A, HKLM\SOFTWARE\WOW6432NODE\ONESOFTPERDAY, , [c581a67c8bff43f3b99e7b379c679868],PUP.Optional.PastaLeads.A, HKLM\SOFTWARE\WOW6432NODE\PastaLeadsAgent, , [67df46dc8cfed165960b583f659ed12f],PUP.Optional.SpeedChecker.A, HKLM\SOFTWARE\WOW6432NODE\Speedchecker Limited, , [a4a2ec368cfeb1854b0ef9abe61dd32d],PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\Wajam Web Enhancer, , [ca7cae745a3056e0a8c682270cf78b75],PUP.Optional.Taplika.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\MEDIAPLAYER\SHIMINCLUSIONLIST\taplika.exe, , [ea5c69b9d8b2df57b1f048518d763fc1],PUP.Optional.MyPCBackup.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\MyPC Backup, , [5fe7f52d0a80a096c55cf4ad788bf808],PUP.Optional.OneSoftPerDay.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ospd_us_890_is1, , [84c238ea3d4d241275e1347e877c659b],PUP.Optional.PastaLeads.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PastaLeads Client, , [ff47012118725dd9bfe1f99e4cb7d32d],PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Wajam Web Enhancer, , [9ea89f83c3c7ea4c4c21b3f60003f010],PUP.Optional.Taplika.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WSE_Taplika, , [95b1bb670a8092a4ee92fca4649f8f71],PUP.Optional.Tuto4Pc.A, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS, , [5bebf13176143204281ab1767491de22],PUP.Optional.PastaLeads.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PastaLUpdd, , [51f5d0527e0cc76fffa3e9ae669dec14],PUP.Optional.SearchModule.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SMUPDPLUS, , [82c43be76228d5619a6562394db6837d],PUP.Optional.BrowserGood.A, HKU\S-1-5-21-4084636481-732014058-1395683245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Browser Good, , [370f5fc32565989e29f77231f60d6c94],PUP.Optional.Taplika.A, HKU\S-1-5-21-4084636481-732014058-1395683245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Taplika, , [eb5b72b07d0d9e98c0b7d2ce877c21df],PUP.Optional.Taplika.A, HKU\S-1-5-21-4084636481-732014058-1395683245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Taplika Browser, , [ae9824fec6c473c39dda1e827a8920e0],PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-4084636481-732014058-1395683245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\TutoTag, , [a2a4e141dbaf24124d441effad58b44c],PUP.Optional.Wajam.A, HKU\S-1-5-21-4084636481-732014058-1395683245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\WajIEnhance, , [f3539191503ab87e6aed6a3812f1926e],PUP.Optional.Taplika.A, HKU\S-1-5-21-4084636481-732014058-1395683245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\wse_taplika, , [1333d64ca3e71f1798df712fdb286d93],PUP.Optional.Taplika.A, HKU\S-1-5-21-4084636481-732014058-1395683245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Taplika, , [0541cd55b6d46fc7552afba554af28d8],PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-4084636481-732014058-1395683245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\TUTORIALS\updatetutorialeshp, , [7ec848da18722412335ee3b77a8949b7],PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-4084636481-732014058-1395683245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\TUTORIALS\updatetutorialshp, , [2f17130f8efc1224c5cda1f9e81bb947],PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-4084636481-732014058-1395683245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\TUTORIALS\updv, , [f94d6cb6b4d6ae886e252f6b659e0ff1],PUP.Optional.Goobzo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Search Module Plus, , [d6700121b8d226100c44c4bb22e1659b],PUP.Optional.Goobzo, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SMUpdd, , [d6700121b8d226100c44c4bb22e1659b],PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Browser Good, , [15317ea4b7d3cc6abfc32a6512f1e020],PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, , [15317ea4b7d3cc6abfc32a6512f1e020],PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, , [15317ea4b7d3cc6abfc32a6512f1e020],PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, , [15317ea4b7d3cc6abfc32a6512f1e020],PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, , [15317ea4b7d3cc6abfc32a6512f1e020],PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, , [15317ea4b7d3cc6abfc32a6512f1e020],PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, , [15317ea4b7d3cc6abfc32a6512f1e020],PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, , [15317ea4b7d3cc6abfc32a6512f1e020],PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, , [15317ea4b7d3cc6abfc32a6512f1e020],Registry Values: 9PUP.Optional.TheAnswerFinder.A, HKU\S-1-5-21-4084636481-732014058-1395683245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|TheAnswerFinder, "C:\Users\Terry\AppData\Roaming\TheAnswerFinder\TheAnswerFinder.exe", , [51f5c062791190a6f1a9847942bf4db3]PUP.Optional.OneSoftPerDay.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ospd_us_890, "C:\Program Files (x86)\ospd_us_890\ospd_us_890.exe", , [9fa7a67c9beff83e1b3e268c30d312ee]PUP.Optional.Taplika.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|Taplika, C:\WINDOWS\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\Terry\AppData\Roaming\Taplika\UpdateProc\bkup.dat", , [65e158ca43473ef856a811897c87cc34]PUP.Optional.Taplika.A, HKU\S-1-5-21-4084636481-732014058-1395683245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|Taplika, C:\WINDOWS\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\Terry\AppData\Roaming\Taplika\UpdateProc\bkup.dat", , [65e158ca43473ef856a811897c87cc34]PUP.Optional.Tuto4Pc.A, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS|HostGUID, 755FABDB-BADD-4027-81DC-B9BE49C41F14, , [5bebf13176143204281ab1767491de22]PUP.Optional.MyPCBackup.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BACKUPSTACK|ImagePath, C:\Program Files (x86)\MyPC Backup\BackupStack.exe, , [8bbb938f7d0dfe3878f6fab0cd36f808]PUP.Optional.SearchModule.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SMUPDPLUS|ImagePath, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smu.exe /service, , [82c43be76228d5619a6562394db6837d]PUP.Optional.OneSoftPerDay.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|upospd_us_890.exe, C:\Users\Terry\AppData\Local\ospd_us_890\upospd_us_890.exe -runonce, , [0d3923ff1674e94d93b9087bc142aa56]PUP.Optional.Taplika.A, HKU\S-1-5-21-4084636481-732014058-1395683245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|GoogleChromeAutoLaunch_F2197F60094F9CFD4C18AC811E6E7790, "C:\Users\Terry\AppData\Local\Taplika\Application\taplika.exe" --auto-launch-at-startup --profile-directory="Default", , [56f00f135832aa8c2b89deb3659e619f]Registry Data: 1PUP.Optional.Taplika.A, HKU\S-1-5-21-4084636481-732014058-1395683245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://taplika.com/?f=1&a=tpl_tuto13_15_09&cd=2XzuyEtN2Y1L1Qzu0Fzz0BtCyDyC0Azy0AtBtA0F0FzyzzzztN0D0Tzu0StCtCyDtDtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyByByEyCzy0FyEyBtG0FtCzztAtGyDyEyCzytGtD0FyE0DtGyD0EtD0Bzz0BtCyD0AyDyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0DzztAtD0BzytDtG0DyEyC0FtGyEzy0D0BtG0A0DyE0CtGtD0DyC0B0A0F0EyEzzzyyC0C2Q&cr=1053447831&ir=, Good: (www.google.com), Bad: (http://taplika.com/?f=1&a=tpl_tuto13_15_09&cd=2XzuyEtN2Y1L1Qzu0Fzz0BtCyDyC0Azy0AtBtA0F0FzyzzzztN0D0Tzu0StCtCyDtDtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyByByEyCzy0FyEyBtG0FtCzztAtGyDyEyCzytGtD0FyE0DtGyD0EtD0Bzz0BtCyD0AyDyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0DzztAtD0BzytDtG0DyEyC0FtGyEzy0D0BtG0A0DyE0CtGtD0DyC0B0A0F0EyEzzzyyC0C2Q&cr=1053447831&ir=),,[9ea8ca585832c96d56a7f0d3f90c08f8] Folders: 169PUP.Optional.ASPackage.A, C:\Users\Terry\AppData\Roaming\ASPackage, , [79cd37ebafdb171f567e69380102ce32],PUP.Optional.ASPackage.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage, , [d6702bf7c1c9fa3c8a4b267b11f245bb],PUP.Optional.MyPCBackup.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup, , [73d328fa6525d5612f3debbf56ad31cf],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\x64, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\x86, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Database, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo, , [d6700121b8d226100c44c4bb22e1659b],PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus, , [d6700121b8d226100c44c4bb22e1659b],PUP.Optional.OneSoftPerDay.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONESOFTPERDAY, , [bb8b67bb7f0b3cfa97b486fd7390f50b],PUP.Optional.OneSoftPerDay.A, C:\Users\Terry\AppData\Local\ospd_us_890, , [0d3923ff1674e94d93b9087bc142aa56],PUP.Optional.OneSoftPerDay.A, C:\Users\Terry\AppData\Local\ospd_us_890\Download, , [0d3923ff1674e94d93b9087bc142aa56],PUP.Optional.OneSoftPerDay.A, C:\Users\Terry\AppData\Local\ospd_us_890\ospd_us_890, , [0d3923ff1674e94d93b9087bc142aa56],PUP.Optional.OneSoftPerDay.A, C:\Users\Terry\AppData\Local\ospd_us_890\ospd_us_890\1.10, , [0d3923ff1674e94d93b9087bc142aa56],PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_882, , [5de95dc58a0050e64409fe8539ca6d93],PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_890, , [bc8a42e0f5950b2bbc91a0e353b0da26],PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer, , [82c41e047e0cc17565bfaae0d52e03fd],PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\Explore Social Search, , [82c41e047e0cc17565bfaae0d52e03fd],PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\Explore Social Shopping, , [82c41e047e0cc17565bfaae0d52e03fd],PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\Uninstall Wajam, , [82c41e047e0cc17565bfaae0d52e03fd],PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good, , [15317ea4b7d3cc6abfc32a6512f1e020],PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\bin, , [15317ea4b7d3cc6abfc32a6512f1e020],PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\bin\plugins, , [15317ea4b7d3cc6abfc32a6512f1e020],PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\bin\TEMP, , [15317ea4b7d3cc6abfc32a6512f1e020],PUP.Optional.Taplika.A, C:\Program Files (x86)\WSE_Taplika, , [eb5bfb27fa900630ab075a3749ba6799],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Roaming\Taplika, , [6cda9a88b3d7d16510a30f8256adbd43],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Roaming\Taplika\UpdateProc, , [6cda9a88b3d7d16510a30f8256adbd43],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\Application, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\Application\31.0.1650.23, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\Application\31.0.1650.23\Extensions, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\Application\31.0.1650.23\Installer, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\Application\31.0.1650.23\Locales, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\Application\31.0.1650.23\VisualElements, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Cache, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\databases, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app\spots, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app\spots\facebook, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app\spots\facebook\images, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app\spots\facebook\images\carousel, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app\spots\facebook\images\carousel\screenshots, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app\spots\gallery, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app\spots\gallery\data, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app\spots\gallery\images, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app\spots\gallery\images\blackfriday, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app\spots\weather, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app\spots\weather\images, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\css, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\about, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\apps, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\clean, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\discovery, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\favorites, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\ftue, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\icons, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\icons\pageAction, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\image-upload, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\loaders, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\notifications, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\phone, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\review-gifs, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\review-gifs\cat, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\search, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes\bubbles, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes\buttons, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes\city, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes\clean, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes\disco, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes\fishing, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes\forest, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes\mountains, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes\planets, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes\sea, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes\space, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes\strips, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes\sunset, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\user, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\js, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\lib, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\locales, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales\ar, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales\de, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales\en, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales\es, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales\fr, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales\he, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales\it, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales\ja, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales\nl, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales\pl, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales\pt_BR, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales\ru, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales\tr, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\css, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\html, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\bg, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ca, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\cs, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\da, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\de, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\el, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\en, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\en_GB, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\es, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\es_419, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\et, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fi, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fil, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fr, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hi, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hr, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hu, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\id, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\it, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ja, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ko, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\lt, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\lv, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\nb, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\nl, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pl, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pt_BR, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pt_PT, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ro, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ru, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sk, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sl, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sr, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sv, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\th, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\tr, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\uk, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\vi, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\zh_CN, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\zh_TW, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_metadata, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\GPUCache, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\IndexedDB, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\IndexedDB\chrome-extension_ecmgfadhlfnnjeldifpnbohpkbbgonfd_0.indexeddb.leveldb, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\JumpListIcons, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\JumpListIconsOld, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Local Extension Settings, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Local Storage, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\User StyleSheets, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\pnacl, , [56f00f135832aa8c2b89deb3659e619f],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Taplika, , [79cd4bd7ed9d1f175e570d841be8837d],PUP.Optional.Wajam.A, C:\Program Files\WajaWebEnhancer, , [d175938fddadca6c88e4761e73906e92],PUP.Optional.Wajam.A, C:\Program Files\WajaWebEnhancer\dlls, , [d175938fddadca6c88e4761e73906e92],PUP.Optional.Wajam.A, C:\Program Files\WajaWebEnhancer\logos, , [d175938fddadca6c88e4761e73906e92],PUP.Optional.BrowserGood.A, C:\Users\Terry\AppData\Local\Temp\Browser Good, , [291dc959305a3bfb81fde2b314effb05],PUP.Optional.FlashBeat.A, C:\ProgramData\FlashBeat, , [d67068ba197184b226c9e5b038cba55b],PUP.Optional.TheAnswerFinder.A, C:\Users\Terry\AppData\Roaming\TheAnswerFinder, , [ee58869c335770c68a8dfc9ad72ce020],PUP.Optional.PastaLeads.A, C:\ProgramData\PastaLeadsAgent, , [d96d52d0cebce74f447b504619ea7987],PUP.Optional.PastaLeads.A, C:\Program Files\Common Files\PastaLeads, , [0d39c161dfab49edbc04f1a54cb706fa],PUP.Optional.PastaLeads.A, C:\Program Files\Common Files\PastaLeads\PastaLeads Client, , [0d39c161dfab49edbc04f1a54cb706fa],Files: 935PUP.Optional.PastaLeads.A, C:\Program Files\Common Files\PastaLeads\PastaLeads Client\pastaleadss.exe, , [75d18999810952e44e118682bd49a957],PUP.Optional.Wajam.A, C:\Program Files\WajaWebEnhancer\wajam_64.exe, , [e85e2cf6fb8f47efa6b8b4b8d42cf709],PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\bin\utilBrowserGood.exe, , [f74f80a2d7b3af87ee585fa4f0128977],PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\updateBrowserGood.exe, , [6fd745dd75154aec66e01ce7c83aa45c],PUP.Optional.Wajam.A, C:\Program Files\WajaWebEnhancer\wajam.exe, , [f55133ef64262d0965f9f874b44cfc04],PUP.Optional.TheAnswerFinder.A, C:\Users\Terry\AppData\Roaming\TheAnswerFinder\TheAnswerFinder.exe, , [51f5c062791190a6f1a9847942bf4db3],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe, , [81c53de5d7b35fd7abb25599ef12cc34],PUP.Optional.PastaLeads.A, C:\Program Files\Common Files\PastaLeads\PastaLeads Client\pastali32.dll, , [94b2ca58b6d40432f36c1aee5fa73ac6],PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\BrowserGoodbho.dll, , [e6601e04e0aa5ed8f57ee923a95ae41c],PUP.Optional.TheAnswerFinder.A, C:\Users\Terry\AppData\Roaming\TheAnswerFinder\TheAnswerFinderUninstall.exe, , [82c4968c7d0d86b04e4d906dd031ac54],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Service Start.exe, , [cf77bf639af046f01a434aa4f30ecb35],PUP.Optional.Goobzo, C:\Users\Terry\AppData\Local\Temp\Install_25101\ins_smk.exe, , [1333f72bacded462f521f5aa44c131cf],PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_speeditup_installer_multilang.exe, , [23239e849ceecf67f87c9d5cf40deb15],PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_stormpverti_installer_multilang.exe, , [0e38b969addd989e0371b14847bab54b],PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_StormWatch_Boost_Verti_installer_multilang.exe, , [fd492bf72664f145d89c1cddf70a9967],PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_superpc_installer_multilang.exe, , [b6909f83a5e5bd790a6aec0d669b946c],PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_taplika_installer_multilang.exe, , [0343bb678bffe74f561e58a15ca5f907],PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_zombie_installer_multilang.exe, , [a0a6bb67f19963d3601448b123de24dc],PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_boost_installer_multilang.exe, , [e16559c93a50bd79730125d46b96f907],PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_browsergood_installer_multilang.exe, , [d373ea38751548eed89c7188ae5343bd],PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_BubbleSound_installer_multilang.exe, , [c68041e1bad0a492700446b37b8629d7],PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_cp_desktopdock_installer_multilang.exe, , [9caaaf73315980b62c484faa1ee3cd33],PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_CubepileShopperz_installer_multilang.exe, , [093d42e07f0b1b1bb9bbfcfdb0516f91],PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_cubepile_speedcheck_installer_multilang.exe, , [47ffb270cfbb2610482c1ddca45d01ff],PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_FlashBeat_installer_multilang.exe, , [59edb0727e0c57dfd2a22ccda95810f0],PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_optimizerpro_installer_multilang.exe, , [74d2031fcfbb9a9c77fdfbfe758c8878],PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_piccolor_installer_multilang.exe, , [79cd99896c1ef93d60149564827faa56],PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_plumoweb_installer_multilang.exe, , [281ea47e8efc73c380f45d9cd62b6997],PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_plushd_installer_multilang.exe, , [fe48e43e8208f83e2f4506f3728fbe42],PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_psecprotwhite_installer_multilang.exe, , [c680ba682664a88e5e16cf2a669bc13f],PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_quickref_installer_multilang.exe, , [3016ad75cac0dc5a6c089168df228b75],PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_quickref_p_installer_multilang.exe, , [3610c062eaa0da5cd59f24d5ee1350b0],PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_SByoutube_installer_multilang.exe, , [370fca582862f541d2a2f60352af1fe1],PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_secureprotect_installer_multilang.exe, , [1b2bef331773e84e82f2ad4c47bac23e],PUP.Optional.SearchModule.A, C:\Windows\System32\Tasks\SMWPUpd, , [c1851909ccbe79bd8ef9158a0bf8ac54],PUP.Optional.Taplika.A, C:\Users\Terry\Desktop\Taplika.lnk, , [68de5ec46624b2844d2b920e2fd4a45c],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Taplika.lnk, , [ef57eb37f7931224b9c00a964cb75ba5],PUP.Optional.Taplika.A, C:\Windows\Tasks\Taplika.job, , [9babb86a72183105b6c7f4acaf540df3],PUP.Optional.Taplika.A, C:\Windows\System32\Tasks\Taplika, , [ac9a43dfafdb8bab542af4ac847f7f81],PUP.Optional.Taplika.A, C:\Users\tacti_000\AppData\Roaming\Mozilla\Firefox\Profiles\mv00qg8y.default\searchplugins\Taplika.xml, , [f94d77abbad0f046b2cff0b04ab917e9],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\gcmhupl0.default-1414872201493\searchplugins\Taplika.xml, , [fe4877abfb8f7cba99e8168aa16233cd],PUP.Optional.ASPackage.A, C:\Users\Terry\AppData\Roaming\ASPackage\Uninstall.exe, , [79cd37ebafdb171f567e69380102ce32],PUP.Optional.ASPackage.A, C:\Users\Terry\AppData\Roaming\ASPackage\ASPackage.exe, , [79cd37ebafdb171f567e69380102ce32],PUP.Optional.ASPackage.A, C:\Users\Terry\AppData\Roaming\ASPackage\asrunasu.exe, , [79cd37ebafdb171f567e69380102ce32],PUP.Optional.ASPackage.A, C:\Users\Terry\AppData\Roaming\ASPackage\ASSrv.exe, , [79cd37ebafdb171f567e69380102ce32],PUP.Optional.ASPackage.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage\Configure.lnk, , [d6702bf7c1c9fa3c8a4b267b11f245bb],PUP.Optional.MyPCBackup.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk, , [56f0b36fc8c25cda1159b4f654af49b7],PUP.Optional.MyPCBackup.A, C:\Users\Terry\Desktop\MyPC Backup.lnk, , [c18555cdd3b7bb7b6dfec0eaa45f3dc3],PUP.Optional.MyPCBackup.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup\MyPC Backup.lnk, , [73d328fa6525d5612f3debbf56ad31cf],PUP.Optional.MyPCBackup.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup\Uninstall.lnk, , [73d328fa6525d5612f3debbf56ad31cf],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\pt_PT.mo, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\BplusDotNet.dll, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\aff.conf, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaFS.dll, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaVSS.51.x86.dll, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaVSS.52.x64.dll, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaVSS.52.x86.dll, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaVSS.60.x64.dll, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaVSS.60.x86.dll, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaVSS.Common.dll, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\BackupStack.exe, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\BackupStackUI.dll, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\RegisterExtensionDotNet20_x64.exe, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\RegisterExtensionDotNet20_x86.exe, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\RegisterExtensionDotNet40_x64.exe, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\RegisterExtensionDotNet40_x86.exe, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Shared Stack.dll, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\SignupWizard.dll, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\syncicon.ico, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\System.Data.SQLite.DLL, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\uninst.exe, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\UnRegisterExtensions.exe, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Updater.exe, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Updater_.dll, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\websocket-sharp.dll, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Configuration Updater.exe, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\de_DE.mo, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\es_ES.mo, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\fr_FR.mo, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\GetText.dll, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\InstMgr.dll, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Ionic.Zip.dll, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\it_IT.mo, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\LogicNP.EZShellExtensions.dll, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Microsoft.Win32.TaskScheduler.dll, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\MPCBClient.dll, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\MPCBContextMenu.dll, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\mypcbackup.ico, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\NativeHashWrapper.dll, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Newtonsoft.Json.dll, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\ObjectListView.dll, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\PipeDiff.dll, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\x64\SQLite.Interop.dll, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\x86\SQLite.Interop.dll, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Database\mpcb_settings.db, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\WAIT_HANDLES.log, , [67df81a18109ea4ca8c53575748f06fa],PUP.Optional.Goobzo, C:\Windows\System32\Tasks\SMW_UpdateTask_Time_323932353639303831322d2323782a32455b4134572d32, , [70d6a181523854e2c2c207afda29b947],PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{f3daddfc-782d-4450-a020-ed3b44858e01}Gw64.sys, , [4ef8bc66385277bf3ce594284eb5a35d],PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_890\ospd_us_890.exe, , [9fa7a67c9beff83e1b3e268c30d312ee],PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Roaming\Taplika\UpdateProc\bkup.dat, , [65e158ca43473ef856a811897c87cc34],PUP.Optional.PastaLeads.A, C:\Program Files\Common Files\PastaLeads\PastaLeads Client\pastaldrw.sys, , [51f5d0527e0cc76fffa3e9ae669dec14],PUP.Optional.SearchModule.A, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smu.exe, , [82c43be76228d5619a6562394db6837d],PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\SBIEBrowserHelperObject.dll, , [d6700121b8d226100c44c4bb22e1659b],PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\SCHelper.exe, , [d6700121b8d226100c44c4bb22e1659b],PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\sma.exe, , [d6700121b8d226100c44c4bb22e1659b],PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smci32.dll, , [d6700121b8d226100c44c4bb22e1659b],PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smci64.dll, , [d6700121b8d226100c44c4bb22e1659b],PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smei32.dll, , [d6700121b8d226100c44c4bb22e1659b],PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smei64.dll, , [d6700121b8d226100c44c4bb22e1659b],PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smfi32.dll, , [d6700121b8d226100c44c4bb22e1659b],PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smfi64.dll, , [d6700121b8d226100c44c4bb22e1659b],PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smi32.exe, , [d6700121b8d226100c44c4bb22e1659b],PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smi64.exe, , [d6700121b8d226100c44c4bb22e1659b],PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smoi32.dll, , [d6700121b8d226100c44c4bb22e1659b],PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smoi64.dll, , [d6700121b8d226100c44c4bb22e1659b],PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smri32.dll, , [d6700121b8d226100c44c4bb22e1659b],PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smri64.dll, , [d6700121b8d226100c44c4bb22e1659b],PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\SMUninstall.exe, , [d6700121b8d226100c44c4bb22e1659b],PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smw.sys, , [d6700121b8d226100c44c4bb22e1659b],PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\Updater.exe, , [d6700121b8d226100c44c4bb22e1659b],PUP.Optional.OneSoftPerDay.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONESOFTPERDAY\Onesoftperday.lnk, , [bb8b67bb7f0b3cfa97b486fd7390f50b],PUP.Optional.OneSoftPerDay.A, C:\Users\Terry\AppData\Local\ospd_us_890\upospd_us_890.cyl, , [0d3923ff1674e94d93b9087bc142aa56],PUP.Optional.OneSoftPerDay.A, C:\Users\Terry\AppData\Local\ospd_us_890\upospd_us_890.exe, , [0d3923ff1674e94d93b9087bc142aa56],PUP.Optional.OneSoftPerDay.A, C:\Users\Terry\AppData\Local\ospd_us_890\user_profil.cyp, , [0d3923ff1674e94d93b9087bc142aa56],PUP.Optional.OneSoftPerDay.A, C:\Users\Terry\AppData\Local\ospd_us_890\Download\majmp_gentleeeuu.exe, , [0d3923ff1674e94d93b9087bc142aa56],PUP.Optional.OneSoftPerDay.A, C:\Users\Terry\AppData\Local\ospd_us_890\ospd_us_890\1.10\cnf.cyl, , [0d3923ff1674e94d93b9087bc142aa56],PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_890\onesoftperday_widget.exe, , [bc8a42e0f5950b2bbc91a0e353b0da26],PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_890\predm.exe, , [bc8a42e0f5950b2bbc91a0e353b0da26],PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_890\unins000.dat, , [bc8a42e0f5950b2bbc91a0e353b0da26],PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_890\unins000.exe, , [bc8a42e0f5950b2bbc91a0e353b0da26],PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_890\unins000.msg, , [bc8a42e0f5950b2bbc91a0e353b0da26],PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\Settings.lnk, , [82c41e047e0cc17565bfaae0d52e03fd],PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\SignIn with Facebook.lnk, , [82c41e047e0cc17565bfaae0d52e03fd],PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\SignIn with Twitter.lnk, , [82c41e047e0cc17565bfaae0d52e03fd],PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\Wajam Website.lnk, , [82c41e047e0cc17565bfaae0d52e03fd],PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\Explore Social Search\Ask.lnk, , [82c41e047e0cc17565bfaae0d52e03fd],PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\Explore Social Search\Google.lnk, , [82c41e047e0cc17565bfaae0d52e03fd],PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\Explore Social Search\IMDb.lnk, , [82c41e047e0cc17565bfaae0d52e03fd],PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\Explore Social Search\Shopping.com.lnk, , [82c41e047e0cc17565bfaae0d52e03fd],PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\Explore Social Search\TripAdvisor.lnk, , [82c41e047e0cc17565bfaae0d52e03fd],PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\Explore Social Search\Wikipedia.lnk, , [82c41e047e0cc17565bfaae0d52e03fd],PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\Explore Social Search\Yahoo!.lnk, , [82c41e047e0cc17565bfaae0d52e03fd],PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\Explore Social Shopping\Amazon.lnk, , [82c41e047e0cc17565bfaae0d52e03fd],PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\Explore Social Shopping\Argos.lnk, , [82c41e047e0cc17565bfaae0d52e03fd],PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\Explore Social Shopping\Ebay.lnk, , [82c41e047e0cc17565bfaae0d52e03fd],PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\Explore Social Shopping\Etsy.lnk, , [82c41e047e0cc17565bfaae0d52e03fd],PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\Explore Social Shopping\HomeDepot.lnk, , [ Share this post Link to post Share on other sites
tacticaltal Report post Posted September 4, 2015 HijackThis File Logfile of Trend Micro HijackThis v2.0.5Scan saved at 8:48:23 PM, on 9/3/2015Platform: Unknown Windows (WinNT 6.02.1008)MSIE: Internet Explorer v11.0 (11.00.9600.17840) FIREFOX: 40.0.3 (x86 en-US)Boot mode: Normal Running processes:C:\Program Files (x86)\Logitech\Vid HD\Vid.exeC:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exeC:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exeC:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exeC:\Program Files (x86)\Dell Update\DellUpTray.exeC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exeC:\Users\Terry\AppData\Local\Microsoft\Windows\INetCache\IE\Y8OB33YC\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJBR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =F2 - REG:system.ini: UserInit=userinit.exe,O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllO3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hideO4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmodeO4 - HKLM\..\Policies\Explorer\Run: [btvStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files (x86)\Logitech\Ereg\eReg.exeO4 - Startup: Monitor Ink Alerts - HP Deskjet 1510 series.lnk = ?O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exeO9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exeO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLLO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CABO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dllO18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllO23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exeO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exeO23 - Service: Dell Customer Connect - Dell Inc. - C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exeO23 - Service: Dell Data Vault (DellDataVault) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVault.exeO23 - Service: Dell Data Vault Wizard (DellDataVaultWiz) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exeO23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exeO23 - Service: Dell Update Service (DellUpdate) - Dell Inc. - C:\Program Files (x86)\Dell Update\DellUpService.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exeO23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeO23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exeO23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - c:\Program Files\Intel\iCLS Client\SocketHeciServer.exeO23 - Service: Intel® ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exeO23 - Service: Intel® Update Manager (iumsvc) - Unknown owner - c:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exeO23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)O23 - Service: Ad-Aware Service 11 (LavasoftAdAwareService11) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareService.exeO23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeO23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeO23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exeO23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exeO23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeO23 - Service: Dell SupportAssist Agent (SupportAssistAgent) - Dell Inc. - C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe --End of file - 11591 bytes Share this post Link to post Share on other sites
Juliet Report post Posted September 4, 2015 Did you allow MBAM to remove/quarantine what it found? Share this post Link to post Share on other sites
tacticaltal Report post Posted September 4, 2015 Did you allow MBAM to remove/quarantine what it found? Yes, and I deleted what was in quarantine. We are running a bit better right now, I think, though I still am unable to run a Pit Test. Share this post Link to post Share on other sites
Juliet Report post Posted September 4, 2015 Run these 2 tools and let's see if you can get further improvements. AdwCleaner Please download AdwCleaner and save the file to your Desktop. Right-Click AdwCleaner.exe and select Run as administrator to run the programme. Follow the prompts. Click Scan. Upon completion, click Report. A log (AdwCleaner[sX].txt) will open. Briefly check the log for anything you know to be legitimate. Ensure anything you know to be legitimate does not have a checkmark, and click Clean. Follow the prompts and allow your computer to reboot. After rebooting, a log (AdwCleaner[sX].txt) will open. Copy the contents of the log and paste in your next reply. -- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Please download Junkware Removal Tool or from here http://downloads.malwarebytes.org/file/jrt to your desktop. Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message. please post AdwCleaner[CX].txt JRT.txt Share this post Link to post Share on other sites
tacticaltal Report post Posted September 8, 2015 # AdwCleaner v5.006 - Logfile created 07/09/2015 at 21:27:02# Updated 06/09/2015 by Xplode# Database : 2015-09-07.1 [server]# Operating system : Windows 8.1 (x64)# Username : Terry - KITCHEN# Running from : C:\Users\Terry\Downloads\AdwCleaner (1).exe# Option : Cleaning# Support : http://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** ***** [ Files ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** [-] Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp[!] Key Not Deleted : HKU\S-1-5-21-4084636481-732014058-1395683245-1001\Software\AppDataLow\Software\adawarebp ***** [ Web browsers ] ***** ************************* :: Winsock settings cleared ########## EOF - C:\AdwCleaner\AdwCleaner[C6].txt - [776 bytes] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by MalwarebytesVersion: 7.6.0 (08.31.2015:1)OS: Windows 8.1 x64Ran by Terry on Mon 09/07/2015 at 21:32:33.48~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks Successfully deleted: [Task] C:\WINDOWS\system32\tasks\PCDEventLauncherTaskSuccessfully deleted: [Task] C:\WINDOWS\system32\tasks\PCDoctorBackgroundMonitorTask ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer ~~~ Files ~~~ Folders ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Mon 09/07/2015 at 21:34:06.18End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Share this post Link to post Share on other sites
tacticaltal Report post Posted September 8, 2015 Still unable to run a Pit Test Share this post Link to post Share on other sites
Juliet Report post Posted September 8, 2015 Farbar Recovery Scan Tool (FRST) ScanPlease download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop. Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run. Right-Click FRST.exe / FRST64.exe and select Run as administrator to run the programme. Click Yes to the disclaimer. Ensure the Addition.txt box is checked. Click the Scan button and let the programme run. Upon completion, click OK, then OK on the Addition.txt pop up screen. Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. Share this post Link to post Share on other sites
tacticaltal Report post Posted September 10, 2015 Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-09-2015Ran by Terry (2015-09-09 20:18:10)Running from C:\Users\Terry\DesktopWindows 8.1 (X64) (2014-02-13 07:18:05)Boot Mode: Normal============================================================================== Accounts: =============================Administrator (S-1-5-21-4084636481-732014058-1395683245-500 - Administrator - Disabled)Guest (S-1-5-21-4084636481-732014058-1395683245-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-4084636481-732014058-1395683245-1007 - Limited - Enabled)tacti_000 (S-1-5-21-4084636481-732014058-1395683245-1004 - Administrator - Enabled) => C:\Users\tacti_000Terry (S-1-5-21-4084636481-732014058-1395683245-1001 - Administrator - Enabled) => C:\Users\TerryUpdatusUser (S-1-5-21-4084636481-732014058-1395683245-1005 - Limited - Enabled)==================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AV: Ad-Aware Antivirus (Enabled - Up to date) {B0CC18C6-E527-6EE6-874C-9D19920E5619}AS: Ad-Aware Antivirus (Enabled - Up to date) {0BADF922-C31D-6168-BDFC-A66BE9891CA4}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: Ad-Aware Firewall (Disabled) {88F799E3-AF48-6FBE-AC13-342C6CDD1162}==================== Installed Programs ======================(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)4500_G510gm_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden4500G510gm (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden4500G510gm_Software_Min (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) HiddenAd-Aware Antivirus (HKLM\...\{18A24EC3-2BA0-4438-AA5C-A3CF81194D22}_AdAwareUpdater) (Version: 11.8.586.8535 - Lavasoft)AdAwareInstaller (Version: 11.8.586.8535 - Lavasoft) HiddenAdAwareUpdater (Version: 11.8.586.8535 - Lavasoft) HiddenAdobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) HiddenBabasChess (HKLM-x32\...\{93CF9FA6-2A5E-4F8E-923E-F7D8741CB312}) (Version: 3.9.12275 - RRaf)BlitzIn 3.0 (HKLM-x32\...\BlitzIn 3.0) (Version: - Internet Chess Club)BlitzIn 3.10 (HKLM-x32\...\BlitzIn 3.10) (Version: - Internet Chess Club)BlitzIn 3.11 (HKLM-x32\...\BlitzIn 3.11) (Version: - Internet Chess Club)BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) HiddenCameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) HiddenD3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDasher (HKLM-x32\...\Dasher) (Version: - Internet Chess Club)Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)Dell Customer Connect (HKLM-x32\...\{FEFDCDCF-C49C-45D0-AAF8-5345858ADEC7}) (Version: 1.2.1.0 - Dell Inc.)Dell Data Vault (Version: 4.3.4.0 - Dell Inc.) HiddenDell Digital Delivery (HKLM-x32\...\{03A9F528-A754-460F-B2C1-AC125A147114}) (Version: 2.8.5000.0 - Dell Products, LP)Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.0.47 - Dell)Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) HiddenDeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) HiddenDocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) HiddenerLT (x32 Version: 1.20.138.34 - Logitech, Inc.) HiddenESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )Family Tree Maker 2006 (HKLM-x32\...\{F2F4C144-7D1A-47C4-9D53-395A57B0CD64}) (Version: - )Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) HiddenFritz8 (HKLM-x32\...\{0830FBE8-A848-4A37-BF62-D89CB3EF0F60}) (Version: - )Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.28.13 - Google Inc.) HiddenGPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) HiddenHiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)HP Deskjet 1510 series Basic Device Software (HKLM\...\{D17E60E8-478A-4D4A-8147-21D481B5CA55}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)HP Deskjet 1510 series Help (HKLM-x32\...\{2E25FCEB-EFCB-4696-AA01-D3CBAC721831}) (Version: 30.0.0 - Hewlett Packard)HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)HP Officejet 4500 G510g-m 14.0 Rel. 6 (HKLM\...\{C55BF64E-60E1-494C-B1EB-97A008141A55}) (Version: 14.0 - HP)HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)HP Support Solutions Framework (HKLM-x32\...\{D2F04839-0AD0-4F06-A6B5-6DFF05E27B67}) (Version: 11.50.0019 - Hewlett-Packard Company)HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) HiddenHPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) HiddenHPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) HiddenHTML-Kit 292 (HKLM-x32\...\HTMLKit_is1) (Version: 1.0 - HTMLKit.com)ICC for Windows 1.0 beta 9.6.4 (HKLM-x32\...\{CFF71C5A-D887-429C-A1F6-FD395C1823E8}_is1) (Version: 1.0 - Internet Chess Club, Inc.)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.13.1402 - Intel Corporation)Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7230) - Logitech Inc..)Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) HiddenMicrosoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenMozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)Network64 (Version: 140.0.306.000 - Hewlett-Packard) HiddenNVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)NVIDIA PhysX System Software 9.13.0325 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0325 - NVIDIA Corporation)OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.218 - Qualcomm Atheros Communications)Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6909 - Realtek Semiconductor Corp.)Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) HiddenScid 4.5.2 (HKU\S-1-5-21-4084636481-732014058-1395683245-1001\...\Scid_is1) (Version: 4.5.2 - The Scid project)Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) HiddenStatus (x32 Version: 140.0.342.000 - Hewlett-Packard) HiddenToolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) HiddenTrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) HiddenTweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.10.2 - Tweaking.com)Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)WinTD 4.20 (HKLM-x32\...\{8E7F4B9D-3F93-4E8E-AE26-E4E2A50ABA50}) (Version: 4.2.0 - Estima)==================== Custom CLSID (Whitelisted): ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== Restore Points =========================19-08-2015 06:18:38 Windows Update26-08-2015 07:23:34 Scheduled Checkpoint03-09-2015 14:24:22 AA1107-09-2015 21:32:36 JRT Pre-Junkware Removal==================== Hosts content: ===============================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2013-08-22 08:25 - 2014-11-22 01:45 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts127.0.0.1 localhost==================== Scheduled Tasks (Whitelisted) =============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)Task: {1E505ABF-A94C-4A8F-8C11-DFA272CAB6AC} - System32\Tasks\{CB9B889B-D384-4485-9FC2-8F0E081C7B2B} => pcalua.exe -a D:\Setup\Setup.exe -d D:\SetupTask: {377CDA81-90B1-4745-B859-A6D2AA3525E1} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exeTask: {66E3F6D1-830C-487E-94EE-EE067397BFED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)Task: {6E84D13E-644D-40D7-A690-0EE69CD13945} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-06-11] (Dell Inc.)Task: {6FFFAD23-DF49-4A5D-8BA8-5CB5BD12006C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)Task: {7B7CD299-5D69-4194-9A90-51CECFEB4340} - System32\Tasks\HP AR Program Upload - a89c880fc2ee41ceb0773925ee9ca50c49d8762af806478e9858678a98c4bf2f => C:\Program Files\HP\HP Deskjet 1510 series\bin\HPRewards.exe [2014-03-06] (TODO: <Company name>)Task: {A25A4403-5B4B-43C1-AEA6-050AC44C75B7} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiserTask: {A6A10F8B-B250-4639-B71A-1FD90A2AA00E} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)Task: {AB77367E-74D1-4E6B-8513-94B5C6762D49} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()Task: {B9DC0E8F-3F7E-43DA-A863-1C60D3544F71} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-15] (Adobe Systems Incorporated)Task: {C63FB1EF-B377-4FC4-BCEB-93AC17F18C5F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)Task: {F31FCAA1-C0C9-44CA-AAF0-D8989743FC20} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)Task: {F6D6825C-FCC4-422D-ACDE-B50ECE89D9BA} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => c:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe==================== Loaded Modules (Whitelisted) ==============2013-11-28 09:06 - 2013-04-19 18:51 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll2013-11-28 09:06 - 2013-04-19 18:52 - 00049440 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\STCommonShellIntegration.dll2013-11-28 09:06 - 2013-04-19 18:51 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll2013-11-28 09:06 - 2013-04-19 18:51 - 00034080 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll2015-08-27 15:57 - 2015-08-27 15:57 - 02794744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareShellExtension.dll2015-08-27 15:57 - 2015-08-27 15:57 - 03549904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\RCF.dll2015-08-27 15:57 - 2015-08-27 15:57 - 00123656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_filesystem-vc120-mt-1_57.dll2015-08-27 15:57 - 2015-08-27 15:57 - 00025856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_system-vc120-mt-1_57.dll2014-02-13 02:04 - 2013-10-23 03:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll2013-11-28 08:54 - 2013-07-16 20:39 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll2014-02-13 19:17 - 2005-07-31 13:00 - 00017920 _____ () C:\Program Files (x86)\Family Tree Maker 2006\IMPLODE.DLL2014-02-13 19:17 - 2005-07-31 13:00 - 00237568 _____ () C:\Program Files (x86)\Family Tree Maker 2006\FtwWrp32.dll2014-02-13 19:17 - 2005-07-31 13:00 - 01048576 _____ () C:\Program Files (x86)\Family Tree Maker 2006\ftwmfc.dll2014-02-13 19:17 - 2005-07-31 13:00 - 00057344 _____ () C:\Program Files (x86)\Family Tree Maker 2006\iebrowser.dll2014-02-13 19:17 - 2005-07-31 13:00 - 00286720 _____ () C:\Program Files (x86)\Family Tree Maker 2006\KinRes.dll2014-02-13 19:17 - 2005-07-31 13:00 - 00106496 _____ () C:\Program Files (x86)\Family Tree Maker 2006\Imaging.dll2014-02-13 19:17 - 2005-07-31 13:00 - 00184320 _____ () C:\Program Files (x86)\Family Tree Maker 2006\TextEditor.dll2014-02-13 19:17 - 2005-07-31 13:00 - 00385024 _____ () C:\Program Files (x86)\Family Tree Maker 2006\pg30.dll2014-02-13 19:17 - 2005-07-31 13:00 - 00074240 _____ () C:\Program Files (x86)\Family Tree Maker 2006\infolink.dll2014-02-13 19:17 - 2005-07-31 13:00 - 00053248 _____ () C:\Program Files (x86)\Family Tree Maker 2006\FtwTlbr.dll==================== Alternate Data Streams (Whitelisted) =========(If an entry is included in the fixlist, only the ADS will be removed.)AlternateDataStreams: C:\Users\tacti_000\SkyDrive:ms-propertiesAlternateDataStreams: C:\Users\Terry\OneDrive:ms-properties==================== Safe Mode (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)==================== EXE Association (Whitelisted) ===============(If an entry is included in the fixlist, the registry item will be restored to default or removed.)==================== Internet Explorer trusted/restricted ===============(If an entry is included in the fixlist, it will be removed from the registry.)==================== Other Areas ============================(Currently there is no automatic fix for this section.)HKU\S-1-5-21-4084636481-732014058-1395683245-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Dell\Win Chrome 1920x1200.jpgDNS Servers: 64.233.219.99 - 64.233.206.99HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)Windows Firewall is enabled.==================== MSCONFIG/TASK MANAGER disabled items ==(Currently there is no automatic fix for this section.)HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"HKLM\...\StartupApproved\Run: => "BtPreLoad"HKLM\...\StartupApproved\Run: => "IAStorIcon"HKLM\...\StartupApproved\Run32: => "GrooveMonitor"HKLM\...\StartupApproved\Run32: => "RemoteControl10"HKLM\...\StartupApproved\Run32: => "LWS"HKU\S-1-5-21-4084636481-732014058-1395683245-1001\...\StartupApproved\StartupFolder: => "Logitech . Product Registration.lnk"HKU\S-1-5-21-4084636481-732014058-1395683245-1001\...\StartupApproved\Run: => "swg"HKU\S-1-5-21-4084636481-732014058-1395683245-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"HKU\S-1-5-21-4084636481-732014058-1395683245-1001\...\StartupApproved\Run: => "Logitech Vid"==================== FirewallRules (Whitelisted) ===============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139FirewallRules: [{C916CF1A-447B-44B4-900B-EF32BF6ADA29}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exeFirewallRules: [{31C755F3-231A-4743-80EE-F4DC4CE1D270}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exeFirewallRules: [{51B1F39A-324B-49EC-8F7F-8F30DE725F1A}] => (Allow) LPort=1900FirewallRules: [{D9F73E07-3D33-444B-861A-850ED26B370A}] => (Allow) LPort=2869FirewallRules: [{02B32D95-B51A-4EBC-9F9F-455457C4CB2E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exeFirewallRules: [TCP Query User{CC062FC1-FEB4-48DA-8ED7-481888BA118C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exeFirewallRules: [uDP Query User{F0E19BFE-329B-474C-8BB1-D72DC22B666D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exeFirewallRules: [{0537AAB9-767A-4901-B598-670223C88E30}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exeFirewallRules: [{A3932F1C-4F33-46BF-96D9-EAF66529AD71}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exeFirewallRules: [{807BF75E-54A8-4825-B001-9A90F72F3DCB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exeFirewallRules: [{2CA284F5-D70E-4842-B6CC-6674495AFE93}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exeFirewallRules: [{80346F73-6544-44D4-85D0-9EEDF4BF05D5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exeFirewallRules: [{97D066E7-50CB-42D8-8182-C4CAB5B6D732}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exeFirewallRules: [{C4FBDB8C-EA45-4568-80A1-6FFF65E5BBF5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exeFirewallRules: [{04F53C98-23F6-4F3A-BF83-15E6385BD278}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exeFirewallRules: [{8356E528-913A-41B5-B2A2-ED4E949975CB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exeFirewallRules: [{4A4037CA-10DF-473B-B55C-FE444097B4BC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exeFirewallRules: [{8D367167-EE4F-40DB-BEC2-5FEB08EA8F92}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exeFirewallRules: [{256ADA69-A6ED-4BAB-9EE9-7B07F971CB12}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exeFirewallRules: [{C78664B9-C67F-47D2-98D2-5135AAC0A069}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exeFirewallRules: [{1B1C5435-1BF5-4B1D-996B-0335D5729B4A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exeFirewallRules: [{9F6FF33F-8DD5-4D5C-AC16-C8C4D75C6BAC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exeFirewallRules: [{24977F1D-F4BE-449B-8294-2DDEF55E7F42}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exeFirewallRules: [{3C8A59B8-A991-4379-9827-E41365B31AFF}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exeFirewallRules: [sPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exeFirewallRules: [sPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exeFirewallRules: [{6EFB6BC1-772F-4AC6-BFA6-D666F8F14064}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exeFirewallRules: [{15A4B814-1671-48D8-A76E-39A4C78E8B77}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exeFirewallRules: [TCP Query User{39C53E2E-1C59-43F9-9CA0-3E9118E64060}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exeFirewallRules: [uDP Query User{A90154D3-71C0-4D6F-84A8-4CB3EAE68304}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exeFirewallRules: [{740994E3-D123-4761-919A-35DEEA72BCE3}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\USBSetup.exeFirewallRules: [{BF94E17E-3F31-49CC-B987-065C8A57C21D}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPNetworkCommunicatorCom.exeFirewallRules: [{40F3B7E0-8AE2-4CBE-9402-9A7801F81910}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exeFirewallRules: [{F2968D75-D5F0-48D2-89AD-5D95AF5C68A5}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe==================== Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================Error: (09/07/2015 09:08:29 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program firefox.exe version 40.0.3.5716 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.Process ID: 14e0Start Time: 01d0e9d1ce4ae11bTermination Time: 4294967295Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exeReport Id: 7e68c0f3-55ce-11e5-bebf-34238711e4ceFaulting package full name:Faulting package-relative application ID:Error: (09/07/2015 09:08:29 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: plugin-container.exe, version: 40.0.3.5716, time stamp: 0x55ddb213Faulting module name: mozglue.dll, version: 40.0.3.5716, time stamp: 0x55dda062Exception code: 0x80000003Fault offset: 0x0000e250Faulting process id: 0x1ac8Faulting application start time: 0xplugin-container.exe0Faulting application path: plugin-container.exe1Faulting module path: plugin-container.exe2Report Id: plugin-container.exe3Faulting package full name: plugin-container.exe4Faulting package-relative application ID: plugin-container.exe5Error: (09/07/2015 02:02:45 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: wintd32.exe, version: 0.0.0.0, time stamp: 0x5481fe4bFaulting module name: wintd32.exe, version: 0.0.0.0, time stamp: 0x5481fe4bException code: 0xc0000005Fault offset: 0x00072cb3Faulting process id: 0x1620Faulting application start time: 0xwintd32.exe0Faulting application path: wintd32.exe1Faulting module path: wintd32.exe2Report Id: wintd32.exe3Faulting package full name: wintd32.exe4Faulting package-relative application ID: wintd32.exe5Error: (09/07/2015 01:57:37 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: wintd32.exe, version: 0.0.0.0, time stamp: 0x5481fe4bFaulting module name: wintd32.exe, version: 0.0.0.0, time stamp: 0x5481fe4bException code: 0xc0000005Fault offset: 0x00072cb3Faulting process id: 0x12e0Faulting application start time: 0xwintd32.exe0Faulting application path: wintd32.exe1Faulting module path: wintd32.exe2Report Id: wintd32.exe3Faulting package full name: wintd32.exe4Faulting package-relative application ID: wintd32.exe5Error: (08/28/2015 11:40:54 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)Description: There was an error with the Windows Location Provider databaseError: (08/25/2015 02:05:14 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: rundll32.exe_winethc.dll, version: 6.3.9600.17415, time stamp: 0x54504eb8Faulting module name: USER32.dll, version: 6.3.9600.17936, time stamp: 0x55a68e0cException code: 0xc0000142Fault offset: 0x00000000000ec4e0Faulting process id: 0x2034Faulting application start time: 0xrundll32.exe_winethc.dll0Faulting application path: rundll32.exe_winethc.dll1Faulting module path: rundll32.exe_winethc.dll2Report Id: rundll32.exe_winethc.dll3Faulting package full name: rundll32.exe_winethc.dll4Faulting package-relative application ID: rundll32.exe_winethc.dll5Error: (08/17/2015 10:09:37 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program HTMLKit.exe version 1.0.0.292 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.Process ID: 1d64Start Time: 01d0d9631b2f8eeeTermination Time: 15Application Path: C:\Program Files (x86)\Chami\HTML-Kit\Bin\HTMLKit.exeReport Id: 8d422cc8-4556-11e5-bebc-34238711e4ceFaulting package full name:Faulting package-relative application ID:Error: (08/10/2015 10:11:57 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17840, time stamp: 0x555fe1bbFaulting module name: Flash.ocx, version: 18.0.0.209, time stamp: 0x55a1f0b1Exception code: 0xc0000005Fault offset: 0x000edbcfFaulting process id: 0x2a5cFaulting application start time: 0xIEXPLORE.EXE0Faulting application path: IEXPLORE.EXE1Faulting module path: IEXPLORE.EXE2Report Id: IEXPLORE.EXE3Faulting package full name: IEXPLORE.EXE4Faulting package-relative application ID: IEXPLORE.EXE5Error: (08/08/2015 12:07:07 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)Description: There was an error with the Windows Location Provider databaseError: (07/17/2015 09:46:48 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17840, time stamp: 0x555fe1bbFaulting module name: Flash.ocx, version: 18.0.0.209, time stamp: 0x55a1f0b1Exception code: 0xc0000005Fault offset: 0x0034716fFaulting process id: 0x5d0Faulting application start time: 0xIEXPLORE.EXE0Faulting application path: IEXPLORE.EXE1Faulting module path: IEXPLORE.EXE2Report Id: IEXPLORE.EXE3Faulting package full name: IEXPLORE.EXE4Faulting package-relative application ID: IEXPLORE.EXE5System errors:=============Error: (09/09/2015 03:43:33 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.Error: (09/08/2015 08:18:16 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.Error: (09/07/2015 09:41:29 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.Error: (09/07/2015 09:33:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The WMI Performance Adapter service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.Error: (09/07/2015 09:33:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The Dell Data Vault service terminated unexpectedly. It has done this 1 time(s).Error: (09/07/2015 09:33:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).Error: (09/07/2015 09:33:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The Intel® ME Service service terminated unexpectedly. It has done this 1 time(s).Error: (09/07/2015 09:33:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The Intel® Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).Error: (09/07/2015 09:33:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The Dell Update Service service terminated unexpectedly. It has done this 1 time(s).Error: (09/07/2015 09:33:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The Dell Data Vault Wizard service terminated unexpectedly. It has done this 1 time(s).Microsoft Office:=========================CodeIntegrity:=================================== Date: 2015-09-03 06:48:24.620 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-03 06:48:24.511 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-03 06:48:24.386 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-03 06:48:19.807 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-03 06:48:19.698 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-02 05:42:13.962 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-02 05:42:13.852 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-02 05:42:13.727 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-02 05:42:08.899 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-02 05:42:08.790 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.==================== Memory info ===========================Processor: Intel® Core i7-4770 CPU @ 3.40GHzPercentage of memory in use: 22%Total physical RAM: 8143.21 MBAvailable physical RAM: 6316.64 MBTotal Virtual: 9423.21 MBAvailable Virtual: 7695.63 MB==================== Drives ================================Drive c: (OS) (Fixed) (Total:917.41 GB) (Free:853.85 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (Size: 931.5 GB) (Disk ID: 9D724E75)Partition: GPT.==================== End of Addition.txt ============================ Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-09-2015Ran by Terry (administrator) on KITCHEN (09-09-2015 20:17:46)Running from C:\Users\Terry\DesktopLoaded Profiles: Terry (Available Profiles: Terry & tacti_000)Platform: Windows 8.1 (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: FF)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe(MyFamily.com, Inc.) C:\Program Files (x86)\Family Tree Maker 2006\Ftw.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe==================== Registry (Whitelisted) ===========================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188040 2013-05-10] (Realtek Semiconductor)HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1307720 2013-04-24] (Realtek Semiconductor)HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)HKLM\...\Run: [btPreLoad] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtPreLoad.exe [64640 2012-12-28] ()HKLM\...\Run: [] => [X]HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTray.exe [9558752 2015-08-27] ()HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [129664 2012-12-28] (Qualcomm Atheros Commnucations)HKU\S-1-5-21-4084636481-732014058-1395683245-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-02-12] (Google Inc.)HKU\S-1-5-21-4084636481-732014058-1395683245-1001\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe [5904896 2010-08-27] (Logitech Inc.)ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-07-01]ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)Startup: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2015-09-03]ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)Startup: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1510 series.lnk [2015-05-14]ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1510 series.lnk -> C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)Tcpip\Parameters: [DhcpNameServer] 64.233.219.99 64.233.206.99Tcpip\..\Interfaces\{7FFD6809-9AE7-459F-9381-1C35B70D7DAF}: [DhcpNameServer] 64.233.219.99 64.233.206.99Internet Explorer:==================HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-4084636481-732014058-1395683245-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/HKU\S-1-5-21-4084636481-732014058-1395683245-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJBSearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKU\S-1-5-21-4084636481-732014058-1395683245-1001 -> {CDFEB210-C27F-4F71-8829-7BE6BC33E083} URL =BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2012-12-28] (Qualcomm Atheros Commnucations)BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-14] (Google Inc.)BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-14] (Google Inc.)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-14] (Google Inc.)Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-14] (Google Inc.)Toolbar: HKU\S-1-5-21-4084636481-732014058-1395683245-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-14] (Google Inc.)DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://www.pcpitstop.com/betapit/PCPitStop.CABFireFox:========FF ProfilePath: C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\gcmhupl0.default-1414872201493FF DefaultSearchEngine: GoogleFF DefaultSearchEngine.US: GoogleFF Homepage: hxxps://www.yahoo.com/FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-15] ()FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-15] ()FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-07-16] (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-07-16] (Intel Corporation)FF Plugin-x32: @meadco.com/neptune plugin,version=2.0.0.29 -> C:\PROGRA~2\MEADCO~1\npmeadax.dll [2007-09-05] (MeadCo Corp.)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-10-23] (NVIDIA Corporation)FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-10-23] (NVIDIA Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)FF SearchPlugin: C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\gcmhupl0.default-1414872201493\searchplugins\mozilla-support.xml [2015-09-02]==================== Services (Whitelisted) ========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)S2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [226944 2012-12-28] (Qualcomm Atheros Commnucations) [File not signed]S2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe [145288 2015-04-09] (Dell Inc.)S2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2573520 2015-05-22] (Dell Inc.)S2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-05-22] (Dell Inc.)S2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-05-21] (Hewlett-Packard Company)S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-07-16] (Intel Corporation)S3 iumsvc; c:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-07-16] (Intel Corporation)S2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareService.exe [712432 2015-08-27] ()S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [224840 2013-05-10] (Realtek Semiconductor)S2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc.)S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)S2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros) [File not signed]===================== Drivers (Whitelisted) ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-28] (Qualcomm Atheros)R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.98.0\gzflt.sys [155912 2015-01-22] (BitDefender LLC)R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-03] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-01-22] (BitDefender S.R.L.)S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)==================== NetSvcs (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== One Month Created files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-09-09 20:17 - 2015-09-09 20:18 - 00014672 _____ C:\Users\Terry\Desktop\FRST.txt2015-09-09 20:17 - 2015-09-09 20:17 - 00000000 ____D C:\FRST2015-09-09 20:15 - 2015-09-09 20:15 - 02190336 _____ (Farbar) C:\Users\Terry\Desktop\FRST64.exe2015-09-09 03:47 - 2015-07-30 12:18 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll2015-09-09 03:47 - 2015-07-30 11:22 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll2015-09-09 03:47 - 2015-06-27 06:47 - 00118616 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe2015-09-09 03:44 - 2015-08-03 16:15 - 00074928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll2015-09-09 03:44 - 2015-08-03 16:15 - 00065600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll2015-09-09 03:44 - 2015-08-01 09:22 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll2015-09-09 03:44 - 2015-07-13 22:27 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsync.exe2015-09-09 03:44 - 2015-07-13 14:10 - 00411455 _____ C:\WINDOWS\system32\ApnDatabase.xml2015-09-08 12:42 - 2015-09-08 12:42 - 00003484 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask2015-09-07 21:34 - 2015-09-07 21:34 - 00000871 _____ C:\Users\Terry\Desktop\JRT.txt2015-09-07 21:32 - 2015-09-07 21:32 - 01799392 _____ (Malwarebytes Corporation) C:\Users\Terry\Downloads\JRT (1).exe2015-09-07 21:29 - 2015-09-07 21:29 - 00000854 _____ C:\Users\Terry\Desktop\AdwCleaner[C6].txt2015-09-07 21:29 - 2015-09-07 21:29 - 00000000 ___RD C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices2015-09-07 21:25 - 2015-09-07 21:25 - 01654784 _____ C:\Users\Terry\Downloads\AdwCleaner (1).exe2015-09-07 21:21 - 2015-09-07 21:21 - 01654784 _____ C:\Users\Terry\Downloads\AdwCleaner.exe2015-09-03 20:15 - 2015-09-03 20:19 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Terry\Downloads\mbam-setup-2.1.8.1057(1).exe2015-09-03 14:28 - 2015-09-03 14:28 - 00000000 ____D C:\Users\Terry\AppData\Roaming\Lavasoft2015-09-03 14:26 - 2015-09-07 21:28 - 00002347 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk2015-09-03 14:26 - 2015-09-03 14:26 - 00000000 ____D C:\Users\Terry\AppData\Roaming\LavasoftStatistics2015-09-03 14:26 - 2015-09-03 14:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft2015-09-03 14:26 - 2015-09-03 14:26 - 00000000 ____D C:\Program Files\Lavasoft2015-09-03 14:24 - 2015-09-03 14:24 - 02012464 _____ C:\Users\Terry\Downloads\Adaware_Installer.exe2015-09-03 14:24 - 2015-09-03 14:24 - 00000000 ____D C:\ProgramData\Lavasoft2015-09-03 14:24 - 2015-09-03 14:24 - 00000000 ____D C:\Program Files\Common Files\Lavasoft2015-09-03 14:21 - 2015-09-03 14:21 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Terry\Downloads\mbam-setup-2.1.8.1057.exe2015-08-31 19:47 - 2015-08-31 19:47 - 00000000 ____D C:\Users\Terry\AppData\Local\Logitech® Webcam Software2015-08-31 19:45 - 2015-08-31 19:45 - 00000000 ____D C:\ProgramData\LogiShrd2015-08-31 19:44 - 2015-08-31 19:45 - 00004341 _____ C:\WINDOWS\LDPINST.LOG2015-08-31 19:44 - 2015-08-31 19:44 - 00001658 _____ C:\Users\Public\Desktop\Logitech Webcam Software .lnk2015-08-31 19:43 - 2015-08-31 19:44 - 74520472 _____ (Logitech, Inc.) C:\Users\Terry\Downloads\lws280.exe2015-08-31 19:40 - 2015-08-31 19:40 - 15058768 _____ (Logitech Inc.) C:\Users\Terry\Downloads\LogitechVidSetup(1).exe2015-08-31 19:38 - 2015-08-31 19:45 - 00000000 ____D C:\Program Files (x86)\Logitech2015-08-31 19:38 - 2015-08-31 19:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech2015-08-31 19:38 - 2015-08-31 19:40 - 00002023 _____ C:\Users\Public\Desktop\Logitech Vid HD.lnk2015-08-31 19:38 - 2015-08-31 19:38 - 00000000 ____D C:\Users\Terry\Documents\SightSpeed Recordings2015-08-31 19:38 - 2015-08-31 19:38 - 00000000 ____D C:\Users\Terry\AppData\Local\LogiShrd2015-08-31 19:37 - 2015-08-31 19:37 - 15058768 _____ (Logitech Inc.) C:\Users\Terry\Downloads\LogitechVidSetup.exe2015-08-28 23:57 - 2015-08-28 23:57 - 00000000 ____D C:\Program Files (x86)\Dell Update2015-08-27 14:56 - 2015-08-28 23:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2015-08-23 13:24 - 2015-08-23 13:24 - 00515138 _____ C:\Users\Terry\Documents\master20150823.FBC2015-08-19 06:19 - 2015-08-10 20:20 - 25191936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2015-08-19 06:19 - 2015-08-10 19:20 - 19871232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2015-08-17 21:41 - 2015-08-17 21:42 - 00042496 ___SH C:\Users\Terry\Downloads\Thumbs.db2015-08-15 21:23 - 2015-08-15 21:23 - 18744520 _____ (Adobe Systems Incorporated) C:\Users\Terry\Downloads\install_flash_player.exe2015-08-15 21:21 - 2015-08-15 21:21 - 18744520 _____ (Adobe Systems Incorporated) C:\Users\Terry\Downloads\install_flash_player_18_plugin.exe2015-08-12 19:23 - 2015-08-12 19:42 - 00000375 _____ C:\Users\Terry\Documents\style~css.css2015-08-12 19:19 - 2015-08-12 19:19 - 00000072 _____ C:\Users\Terry\Documents\style~css.txt2015-08-12 19:13 - 2015-08-12 19:24 - 00000259 _____ C:\Users\Terry\Documents\index~cssclass.htm2015-08-12 15:40 - 2015-08-12 15:40 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\2EB826DF.sys2015-08-12 14:30 - 2015-07-30 09:04 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll2015-08-12 14:30 - 2015-07-30 08:48 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll2015-08-12 08:07 - 2015-07-18 20:58 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe2015-08-12 08:07 - 2015-07-18 13:51 - 03704320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll2015-08-12 08:07 - 2015-07-18 13:31 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll2015-08-12 08:07 - 2015-07-18 13:31 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll2015-08-12 08:07 - 2015-07-18 13:31 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe2015-08-12 08:07 - 2015-07-18 13:29 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll2015-08-12 08:07 - 2015-07-18 13:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll2015-08-12 08:07 - 2015-07-18 13:29 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe2015-08-12 08:07 - 2015-07-18 13:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll2015-08-12 08:07 - 2015-07-18 13:12 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll2015-08-12 08:07 - 2015-07-18 13:10 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll2015-08-12 08:07 - 2015-07-18 13:09 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll2015-08-12 08:06 - 2015-07-16 15:36 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll2015-08-12 08:06 - 2015-07-16 15:36 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec2015-08-12 08:06 - 2015-07-16 15:35 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll2015-08-12 08:06 - 2015-07-16 15:26 - 05923328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll2015-08-12 08:06 - 2015-07-16 15:23 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll2015-08-12 08:06 - 2015-07-16 15:21 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll2015-08-12 08:06 - 2015-07-16 14:53 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll2015-08-12 08:06 - 2015-07-16 14:51 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll2015-08-12 08:06 - 2015-07-16 14:50 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec2015-08-12 08:06 - 2015-07-16 14:45 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll2015-08-12 08:06 - 2015-07-16 14:45 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll2015-08-12 08:06 - 2015-07-16 14:41 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll2015-08-12 08:06 - 2015-07-16 14:39 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll2015-08-12 08:06 - 2015-07-16 14:38 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll2015-08-12 08:06 - 2015-07-16 14:36 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll2015-08-12 08:06 - 2015-07-16 14:34 - 14451200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll2015-08-12 08:06 - 2015-07-16 14:32 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl2015-08-12 08:06 - 2015-07-16 14:14 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll2015-08-12 08:06 - 2015-07-16 14:13 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll2015-08-12 08:06 - 2015-07-16 14:12 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll2015-08-12 08:06 - 2015-07-16 14:12 - 02427904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll2015-08-12 08:06 - 2015-07-16 14:10 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll2015-08-12 08:06 - 2015-07-16 14:06 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll2015-08-12 08:06 - 2015-07-16 14:01 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll2015-08-12 08:06 - 2015-07-16 13:52 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll2015-08-12 08:06 - 2015-07-16 13:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll2015-08-12 08:06 - 2015-07-16 13:42 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll2015-08-12 08:06 - 2015-07-16 13:38 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll2015-08-12 08:06 - 2015-07-16 13:37 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll2015-08-12 08:06 - 2015-07-15 19:29 - 07458648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe2015-08-12 08:06 - 2015-07-15 19:29 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll2015-08-12 08:06 - 2015-07-15 19:29 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys2015-08-12 08:06 - 2015-07-15 19:28 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll2015-08-12 08:06 - 2015-07-10 12:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll2015-08-12 08:06 - 2015-07-07 04:40 - 00270168 _ Share this post Link to post Share on other sites
Juliet Report post Posted September 10, 2015 Doesn't show much. I think some of your problem could be your antivirus. Try disabling it when you want to try the Pit test again. Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below: To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. save it to the Desktop as fixlist.txt NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow) start CreateRestorePoint: CloseProcesses: AlternateDataStreams: C:\Users\tacti_000\SkyDrive:ms-properties AlternateDataStreams: C:\Users\Terry\OneDrive:ms-properties HKLM\...\Run: [] => [X] Internet Explorer: HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4084636481-732014058-1395683245-1001 -> {CDFEB210-C27F-4F71-8829-7BE6BC33E083} URL = C:\Users\Terry\AppData\Local\Temp\Quarantine.exe C:\Users\Terry\AppData\Local\Temp\sqlite3.dll C:\Users\Terry\AppData\Local\Temp\vlc-2.1.5-win32.exe EmptyTemp: End Open FRST/FRST64 and press the > Fix < button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply. ~~~~~~~~~~~~~~` What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner. Most reliable and thorough. The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find. This scanner can take quite a bit of time to run, depending of course how full your computer is. Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled. ESET Online Scan Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled. Please download ESET Online Scan and save the file to your Desktop. Temporarily disable your anti-virus software. For instructions, please refer to the following link. Double-click esetsmartinstaller_enu.exe to run the programme. Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start. Agree to the Terms of Use once more and click Start. Allow components to download. Place a checkmark next to Enable detection of potentially unwanted applications. Click Advanced settings. Place a checkmark next to:Scan archives Scan for potentially unsafe applications Enable Anti-Stealth technology Ensure Remove found threats is unchecked. Click Start. Wait for the scan to finish. Please be patient as this can take some time. Upon completion, click . If no threats were found, skip the next two bullet points. Click and save the file to your Desktop, naming it something such as "MyEsetScan". Push the Back button. Place a checkmark next to and click . Re-enable your anti-virus software. Copy the contents of the log and paste in your next reply. Please post these 2 logs when finished. How's your computer now? Share this post Link to post Share on other sites
tacticaltal Report post Posted September 10, 2015 How do I disable my virus and malware protections? I'm not sure if I have any other than a free McAfee tool. Meanwhile, here's the FixLog: Fix result of Farbar Recovery Scan Tool (x64) Version:10-09-2015Ran by Terry (2015-09-10 13:04:22) Run:1Running from C:\Users\Terry\DesktopLoaded Profiles: Terry (Available Profiles: Terry & tacti_000)Boot Mode: Normal==============================================fixlist content:*****************startCreateRestorePoint:CloseProcesses:AlternateDataStreams: C:\Users\tacti_000\SkyDrive:ms-propertiesAlternateDataStreams: C:\Users\Terry\OneDrive:ms-propertiesHKLM\...\Run: [] => [X]Internet Explorer: HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONSearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKU\S-1-5-21-4084636481-732014058-1395683245-1001 -> {CDFEB210-C27F-4F71-8829-7BE6BC33E083} URL =C:\Users\Terry\AppData\Local\Temp\Quarantine.exeC:\Users\Terry\AppData\Local\Temp\sqlite3.dllC:\Users\Terry\AppData\Local\Temp\vlc-2.1.5-win32.exeEmptyTemp:End*****************Restore point was successfully created.Processes closed successfully."C:\Users\tacti_000\SkyDrive" => ":ms-properties" ADS not found."C:\Users\Terry\OneDrive" => ":ms-properties" ADS not found.HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfullyHKU\Internet Explorer: .DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfullyHKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfullyHKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully"HKU\S-1-5-21-4084636481-732014058-1395683245-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CDFEB210-C27F-4F71-8829-7BE6BC33E083}" => key removed successfullyHKCR\CLSID\{CDFEB210-C27F-4F71-8829-7BE6BC33E083} => key not found.C:\Users\Terry\AppData\Local\Temp\Quarantine.exe => moved successfullyC:\Users\Terry\AppData\Local\Temp\sqlite3.dll => moved successfullyC:\Users\Terry\AppData\Local\Temp\vlc-2.1.5-win32.exe => moved successfullyEmptyTemp: => 1.3 GB temporary data Removed.The system needed a reboot..==== End of Fixlog 13:05:33 ==== Share this post Link to post Share on other sites
Juliet Report post Posted September 11, 2015 According to your logs, you have Ad-Aware Antivirus http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html the above link has instructions on how to disable temporarily to try and run a Pit test. overall, how is your computer now? Share this post Link to post Share on other sites
tacticaltal Report post Posted September 13, 2015 Well, there were no logs from ESET, but nothing was found. I get popup windows from Windows 8 Driver Optimizer, and I'm sure it's a scam because I never ask for it. Browsing with IE seems a bit better than with FF, which is my main browser. I am still unable to test at the Pit. Share this post Link to post Share on other sites
Juliet Report post Posted September 13, 2015 You had a high amount of bad extensions for Firefox/Chrome/ and IE. Instructions on how to backup your Favorites/Bookmarks and other data can be found below. Backup Internet Explorer Favourites Backup Firefox Bookmarks Backup Chrome Bookmarks Proceed with the reset once done. Internet Explorer: How to reset Internet Explorer settings Firefox: Reset Firefox Chrome: Chrome - Reset browser settings ~~~~~~~~~~~~~~~~~~~~~~` Please locate AdwCleaner and JRT and drag to the recycle bin. I would like for you to download again and run the scans over. AdwCleaner Please download AdwCleaner and save the file to your Desktop. Right-Click AdwCleaner.exe and select Run as administrator to run the programme. Follow the prompts. Click Scan. Upon completion, click Report. A log (AdwCleaner[sX].txt) will open. Briefly check the log for anything you know to be legitimate. Ensure anything you know to be legitimate does not have a checkmark, and click Clean. Follow the prompts and allow your computer to reboot. After rebooting, a log (AdwCleaner[sX].txt) will open. Copy the contents of the log and paste in your next reply. -- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Please download Junkware Removal Tool or from here http://downloads.malwarebytes.org/file/jrt to your desktop. Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message. ~~~~~~~~~~~~~~~~~~~~` 1.Please download HitmanPro For 32-bit Operating System - . For 64-bit Operating System - 2.Launch the program by double clicking on the icon. Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded. 3.Click on the next button. You must agree with the terms of EULA. (if asked) 4.Check the box beside "No, I only want to perform a one-time scan to check this computer". 5.Click on the next button. 6.The program will start to scan the computer. The scan will typically take no more than 5-10 minutes. 7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!! 8.Click on the next button. 9.Click on the "Save Log" button. 10.Save that file to your desktop and post the content of that file in your next reply. Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro Navigate to C:\Documents and Settings\All Users\Application Data\HitmanPro\Logs (for Windows XP) or to C:\ProgramData\HitmanPro\Logs (for Windows Vista/7) open the report and copy and paste it to your next reply. ~~~~~~~~~~~~~~~~~~~~~~~~~~~` please post AdwCleaner[CX].txt JRT.txt HitmanPro log Share this post Link to post Share on other sites
cheddaboy Report post Posted September 13, 2015 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by MalwarebytesVersion: 7.6.1 (09.08.2015:1)OS: Windows 8.1 x64Ran by Terry on Sun 09/13/2015 at 17:00:36.49~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks Successfully deleted: [Task] C:\WINDOWS\system32\tasks\PCDEventLauncherTask ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Sun 09/13/2015 at 17:02:04.50End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v5.007 - Logfile created 13/09/2015 at 16:54:34# Updated 08/09/2015 by Xplode# Database : 2015-09-10.1 [server]# Operating system : Windows 8.1 (x64)# Username : Terry - KITCHEN# Running from : C:\Users\Terry\Desktop\AdwCleaner (2).exe# Option : Cleaning# Support : http://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder Deleted : C:\ProgramData\{4B9BA358-1B19-72DE-AA9F-025C7A1DD1D2}[-] Folder Deleted : C:\ProgramData\{7417E72F-E156-403E-9DFA-EB0ED1DB06F1}[-] Folder Deleted : C:\ProgramData\{8AF32939-989B-460A-8726-CA2C776032A1} ***** [ Files ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** [-] Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp[!] Key Not Deleted : HKU\S-1-5-21-4084636481-732014058-1395683245-1001\Software\AppDataLow\Software\adawarebp ***** [ Web browsers ] ***** ************************* :: Winsock settings cleared ########## EOF - C:\AdwCleaner\AdwCleaner[C7].txt - [1002 bytes] ########## HitmanPro 3.7.9.245 www.hitmanpro.com Computer name . . . . : KITCHEN Windows . . . . . . . : 6.3.0.9600.X64/8 User name . . . . . . : KITCHEN\Terry UAC . . . . . . . . . : Enabled License . . . . . . . : Free Scan date . . . . . . : 2015-09-13 17:04:41 Scan mode . . . . . . : Normal Scan duration . . . . : 3m 41s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 48 Objects scanned . . . : 1,725,694 Files scanned . . . . : 39,436 Remnants scanned . . : 375,711 files / 1,310,547 keys Suspicious files ____________________________________________________________ C:\Users\Terry\Desktop\FRST-OlderVersion\FRST64.exe Size . . . . . . . : 2,190,336 bytes Age . . . . . . . : 3.9 days (2015-09-09 20:15:38) Entropy . . . . . : 7.5 SHA-256 . . . . . : 18FE5FED416A8674D19B3735348EAF7AF9C27CF342AF5DA4968436294AC383F2 Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. C:\Users\Terry\Desktop\FRST64.exe Size . . . . . . . : 2,190,848 bytes Age . . . . . . . : 3.2 days (2015-09-10 13:04:16) Entropy . . . . . : 7.5 SHA-256 . . . . . : 91AEFEC0D643AED08373A2815CECC770BE3D25A576AE037FB409130FAA3D15CB Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Forensic Cluster 0.0s C:\Users\Terry\Desktop\FRST64.exe 1.6s C:\Users\Terry\Desktop\FRST-OlderVersion\ 6.2s C:\FRST\Logs\ct 6.2s C:\Users\Terry\Desktop\Fixlog.txt Cookies _____________________________________________________________________ C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ad.360yield.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ad.doubleclick.net C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:adlegend.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ads.creative-serving.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ads.pointroll.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ads.pubmatic.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ads.smartstream.tv C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ads.stickyadstv.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ads.undertone.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ads.vidible.tv C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:adserver.adreactor.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:adtech.de C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:adtechus.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:advertising.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ar.atwola.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:at.atwola.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:atdmt.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:atwola.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:bs.serving-sys.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:burstnet.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:casalemedia.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:collective-media.net C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:dmtracker.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:doubleclick.net C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:fastclick.net C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:in.getclicky.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:kontera.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:media6degrees.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:mediaplex.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:msnbc.112.2o7.net C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:pointroll.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:questionmarket.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:revsci.net C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ru4.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:serving-sys.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:smartadserver.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:stat.komoona.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:statcounter.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:stats.paypal.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:statse.webtrendslive.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:survey.g.doubleclick.net C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:tacoda.at.atwola.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:tribalfusion.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:www.burstnet.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:yellgroup.122.2o7.net C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:zedo.com HitmanPro 3.7.9.245 www.hitmanpro.com Computer name . . . . : KITCHEN Windows . . . . . . . : 6.3.0.9600.X64/8 User name . . . . . . : KITCHEN\Terry UAC . . . . . . . . . : Enabled License . . . . . . . : Free Scan date . . . . . . : 2015-09-13 17:04:41 Scan mode . . . . . . : Normal Scan duration . . . . : 3m 41s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 48 Objects scanned . . . : 1,725,694 Files scanned . . . . : 39,436 Remnants scanned . . : 375,711 files / 1,310,547 keys Suspicious files ____________________________________________________________ C:\Users\Terry\Desktop\FRST-OlderVersion\FRST64.exe Size . . . . . . . : 2,190,336 bytes Age . . . . . . . : 3.9 days (2015-09-09 20:15:38) Entropy . . . . . : 7.5 SHA-256 . . . . . : 18FE5FED416A8674D19B3735348EAF7AF9C27CF342AF5DA4968436294AC383F2 Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. C:\Users\Terry\Desktop\FRST64.exe Size . . . . . . . : 2,190,848 bytes Age . . . . . . . : 3.2 days (2015-09-10 13:04:16) Entropy . . . . . : 7.5 SHA-256 . . . . . : 91AEFEC0D643AED08373A2815CECC770BE3D25A576AE037FB409130FAA3D15CB Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Forensic Cluster 0.0s C:\Users\Terry\Desktop\FRST64.exe 1.6s C:\Users\Terry\Desktop\FRST-OlderVersion\ 6.2s C:\FRST\Logs\ct 6.2s C:\Users\Terry\Desktop\Fixlog.txt Cookies _____________________________________________________________________ C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ad.360yield.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ad.doubleclick.net C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:adlegend.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ads.creative-serving.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ads.pointroll.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ads.pubmatic.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ads.smartstream.tv C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ads.stickyadstv.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ads.undertone.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ads.vidible.tv C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:adserver.adreactor.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:adtech.de C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:adtechus.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:advertising.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ar.atwola.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:at.atwola.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:atdmt.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:atwola.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:bs.serving-sys.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:burstnet.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:casalemedia.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:collective-media.net C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:dmtracker.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:doubleclick.net C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:fastclick.net C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:in.getclicky.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:kontera.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:media6degrees.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:mediaplex.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:msnbc.112.2o7.net C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:pointroll.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:questionmarket.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:revsci.net C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ru4.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:serving-sys.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:smartadserver.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:stat.komoona.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:statcounter.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:stats.paypal.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:statse.webtrendslive.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:survey.g.doubleclick.net C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:tacoda.at.atwola.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:tribalfusion.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:www.burstnet.com C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:yellgroup.122.2o7.net C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:zedo.com Share this post Link to post Share on other sites
Juliet Report post Posted September 14, 2015 (edited) Did you reset browsers? What Hitman found was cookies Delete cookies Firefox https://support.mozilla.org/en-US/kb/delete-cookies-remove-info-websites-stored ~~~~~~~~~~~~~~ The item AdwCleaner did not remove [!] Key Not Deleted : HKU\S-1-5-21-4084636481-732014058-1395683245-1001\Software\AppDataLow\Software\adawarebp adawarebp.exe. Command: %CommonAppData%\Ad-Aware Browsing Protection\adawarebp.exe. Description: This file is part Safe Browsing component of the Ad-Aware Security Toolbar by Lavasoft which may be installed as a separate program and is also bundled with their AdAware program. Ad-Aware Security Toolbar You can go to the control panel and remove the toolbar. http://www.bleepingcomputer.com/startups/adawarebp-27154.html This file is part Safe Browsing component of the Ad-Aware Security Toolbar by Lavasoft which may be installed as a separate program and is also bundled with their AdAware program. This startup is responsible for the appearance of www.pagenotfound.co in certain situations. Starting with version 10 of AdAware, this program cannot be run in tandem with other security programs. If you are experiencing problems with the Safe Browsing element of AdAware, it is advised to completely uninstall the entire software package and choose another security product. How is the computer now? Edited September 14, 2015 by Juliet Share this post Link to post Share on other sites
tacticaltal Report post Posted September 14, 2015 I removed AdAware, but I didn't see the Ad-Aware Security Toolbar. I did this in Add/Remove Programs, I guess that was the correct place in Control Panel (I HATE Windows 8). I did reset both browsers. I believe Hitman may have deleted the Cookies, but I didn't. I know how, I just didn't after I seen that I had to relog in with password everywhere. I guess the computer is running better, and I haven't seen a spam Ad, but I'm still unable to hit the Pit. Earlier you said "You had a high amount of bad extensions for Firefox/Chrome/ and IE" What are those, and did they get fixed? Share this post Link to post Share on other sites
Juliet Report post Posted September 14, 2015 I guess the computer is running better, and I haven't seen a spam Ad, but I'm still unable to hit the Pit. Earlier you said "You had a high amount of bad extensions for Firefox/Chrome/ and IE" What are those, and did they get fixed? I'll have to send you to a different forum for help with not being able to run a pit test. Since it's not related to malware but rather maybe system settings.(my opinion) http://forums.pcpitstop.com/index.php?/forum/19-post-your-pit-test-results/ Post a topic in this forum and see if the guys there can help figure out why the Pit Test wont run. You did have a few bad extensions early on and the tools we ran took care of those. I removed AdAware, but I didn't see the Ad-Aware Security Toolbar The Ad-Aware Security Toolbar should had come out with it when you removed it. Are we ready to remove tools and quarantine folders? Share this post Link to post Share on other sites
Juliet Report post Posted September 14, 2015 Also, read over this article for different antivirus software for windows 8 http://www.pcworld.com/article/259876/antivirus_on_windows_8_looking_at_your_options.html Share this post Link to post Share on other sites
tacticaltal Report post Posted September 15, 2015 Are we ready to remove tools and quarantine folders? Yes. Share this post Link to post Share on other sites
Juliet Report post Posted September 15, 2015 DelFix Please download DelFix or from Here and save the file to your Desktop. Double-click DelFix.exe to run the programme. Place a checkmark next to the following items: Activate UAC Remove disinfection tools Click the Run button. -- This will remove the specialized tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete). ~~~~~~~~~~~~~~~~~~~~~~~~~~~ Answers to common security questions - Best Practices by quietman7, MVP How Malware Spreads - How did I get infected? by quietman7, MVP Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams, MVP How to Prevent Malware by miekiemoes, MVP How to backup and restore your data using Cobian Backup by YourHighness Slow Computer/browser? It May Not Be Malware by quietman7, MVP The following programmes come highly recommended in the security community. AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads. CryptoPrevent places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted. Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software. Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution. NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology. Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you. Secuina PSI will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you. SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies. Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website. Want to help others? Join the ClassRoom and learn how. Share this post Link to post Share on other sites
Juliet Report post Posted September 16, 2015 Glad we could help. Since this issue appears resolved ... this Topic is closed. Share this post Link to post Share on other sites