Internet Slow and Hanging

[tacticaltal]

I've posted in the Pitstop Issues forum about not being able to run a Pit test, but I think this may be a malware issue, so I'm hoping someone will help me.

 

I'm running Windows 8.1 on IE 10 and Firefox.

 

I'm out of Trial on Malwarebytes, so I wasn't able to use it.

 

I have cleared my History several times. I have NOT cleared any Cookies, however.

 

Thanks for any help.

[Juliet]

 

I'm out of Trial on Malwarebytes, so I wasn't able to use it.

It's supposed to convert over to public.

 

Open MBAM, click on updates, see if it will update? And see if it will allow you to run a Threat scan.

[tacticaltal]

I just ran a scan via MBAM, but a log wasn't created. I did find a log from earlier today - I didn't realize that it actually scanned tho. here is the log from earlier:

 

------------------

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/24/2015
Scan Time: 1:36:01 PM
Logfile: malwarebytes.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.24.06
Rootkit Database: v2015.02.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Terry

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 393718
Time Elapsed: 8 min, 59 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 16
PUP.Optional.PastaLeads.A, C:\Program Files\Common Files\PastaLeads\PastaLeads Client\pastaleadss.exe, 6876, , [75d18999810952e44e118682bd49a957]
PUP.Optional.Wajam.A, C:\Program Files\WajaWebEnhancer\wajam_64.exe, 6332, , [e85e2cf6fb8f47efa6b8b4b8d42cf709]
PUP.Optional.Wajam.A, C:\Program Files\WajaWebEnhancer\wajam_64.exe, 6828, , [e85e2cf6fb8f47efa6b8b4b8d42cf709]
PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\bin\utilBrowserGood.exe, 7128, , [f74f80a2d7b3af87ee585fa4f0128977]
PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\updateBrowserGood.exe, 96, , [6fd745dd75154aec66e01ce7c83aa45c]
PUP.Optional.Wajam.A, C:\Program Files\WajaWebEnhancer\wajam.exe, 5448, , [f55133ef64262d0965f9f874b44cfc04]
PUP.Optional.TheAnswerFinder.A, C:\Users\Terry\AppData\Roaming\TheAnswerFinder\TheAnswerFinder.exe, 6296, , [51f5c062791190a6f1a9847942bf4db3]
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe, 8336, , [81c53de5d7b35fd7abb25599ef12cc34]
PUP.Optional.ASPackage.A, C:\Users\Terry\AppData\Roaming\ASPackage\ASSrv.exe, 772, , [79cd37ebafdb171f567e69380102ce32]
PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_890\ospd_us_890.exe, 4860, , [9fa7a67c9beff83e1b3e268c30d312ee]
PUP.Optional.SearchModule.A, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smu.exe, 2324, , [82c43be76228d5619a6562394db6837d]
PUP.Optional.OneSoftPerDay.A, C:\Users\Terry\AppData\Local\ospd_us_890\upospd_us_890.exe, 6704, , [0d3923ff1674e94d93b9087bc142aa56]
PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\bin\BrowserGood.BrowserAdapter.exe, 6028, , [15317ea4b7d3cc6abfc32a6512f1e020]
PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\bin\BrowserGood.BrowserAdapter64.exe, 1368, , [15317ea4b7d3cc6abfc32a6512f1e020]
PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\bin\BrowserGood.expext.exe, 3440, , [15317ea4b7d3cc6abfc32a6512f1e020]
PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\bin\BrowserGood.PurBrowse64.exe, 7916, , [15317ea4b7d3cc6abfc32a6512f1e020]

Modules: 7
PUP.Optional.PastaLeads.A, C:\Program Files\Common Files\PastaLeads\PastaLeads Client\pastali32.dll, , [94b2ca58b6d40432f36c1aee5fa73ac6],
PUP.Optional.PastaLeads.A, C:\Program Files\Common Files\PastaLeads\PastaLeads Client\pastali32.dll, , [94b2ca58b6d40432f36c1aee5fa73ac6],
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smci32.dll, , [d6700121b8d226100c44c4bb22e1659b],
PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\bin\BrowserGood.expextdll.dll, , [15317ea4b7d3cc6abfc32a6512f1e020],
PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\bin\f3daddfc782d4450a020ed3b44858e01.dll, , [15317ea4b7d3cc6abfc32a6512f1e020],
PUP.Optional.Wajam.A, C:\Program Files\WajaWebEnhancer\dlls\qneyvbbfzsog.dll, , [d175938fddadca6c88e4761e73906e92],
PUP.Optional.Wajam.A, C:\Program Files\WajaWebEnhancer\dlls\qneyvbbfzsog.dll, , [d175938fddadca6c88e4761e73906e92],

Registry Keys: 61
PUP.Optional.PastaLeads.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\pastaleadsupd, , [75d18999810952e44e118682bd49a957],
PUP.Optional.Wajam.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Wajam Web Enhancer, , [e85e2cf6fb8f47efa6b8b4b8d42cf709],
PUP.Optional.BrowserGood.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util Browser Good, , [f74f80a2d7b3af87ee585fa4f0128977],
PUP.Optional.BrowserGood.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Browser Good, , [6fd745dd75154aec66e01ce7c83aa45c],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, , [96b082a0bfcb3501509ffc4d986ba65a],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, , [96b082a0bfcb3501509ffc4d986ba65a],
PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{2dd0916f-60de-4413-8198-d3c9d9b959d1}, , [e6601e04e0aa5ed8f57ee923a95ae41c],
PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{45210C8B-D8C6-4FBE-99A0-2ADD70D53422}, , [e6601e04e0aa5ed8f57ee923a95ae41c],
PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{75BF0BB6-E453-45E6-AA55-E8EC3DC236C3}, , [e6601e04e0aa5ed8f57ee923a95ae41c],
PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{75BF0BB6-E453-45E6-AA55-E8EC3DC236C3}, , [e6601e04e0aa5ed8f57ee923a95ae41c],
PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{45210C8B-D8C6-4FBE-99A0-2ADD70D53422}, , [e6601e04e0aa5ed8f57ee923a95ae41c],
PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{2DD0916F-60DE-4413-8198-D3C9D9B959D1}, , [e6601e04e0aa5ed8f57ee923a95ae41c],
PUP.Optional.BrowserGood.A, HKU\S-1-5-21-4084636481-732014058-1395683245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{2DD0916F-60DE-4413-8198-D3C9D9B959D1}, , [e6601e04e0aa5ed8f57ee923a95ae41c],
PUP.Optional.BrowserGood.A, HKU\S-1-5-21-4084636481-732014058-1395683245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{2DD0916F-60DE-4413-8198-D3C9D9B959D1}, , [e6601e04e0aa5ed8f57ee923a95ae41c],
PUP.Optional.Trovi.A, HKU\S-1-5-21-4084636481-732014058-1395683245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{589B893E-773C-4941-88C2-0DCC718E621C}, , [2f172cf67218cb6ba79b46c5e91a659b],
PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{589B893E-773C-4941-88C2-0DCC718E621C}, , [2f172cf67218cb6ba79b46c5e91a659b],
PUP.Optional.TheAnswerFinder.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\TheAnswerFinder, , [82c4968c7d0d86b04e4d906dd031ac54],
PUP.Optional.ASPackage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ASPackage, , [79cd37ebafdb171f567e69380102ce32],
PUP.Optional.ASPackage.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\serveras, , [79cd37ebafdb171f567e69380102ce32],
PUP.Optional.MyPCBackup.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BackupStack, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.MyPCBackup.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MyPC Backup, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{f3daddfc-782d-4450-a020-ed3b44858e01}Gw64, , [4ef8bc66385277bf3ce594284eb5a35d],
PUP.Optional.PastaLeads.A, HKLM\SOFTWARE\PastaLeadsAgent, , [0c3a3ae8177382b4247d80172ad9b34d],
PUP.Optional.SpeedChecker.A, HKLM\SOFTWARE\Speedchecker Limited, , [ae98f1314545d0660c4debb9758ef808],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\Wajam Web Enhancer, , [92b453cf42480036e5894b5e00033ac6],
PUP.Optional.MyPCBackup.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\MyPC Backup, , [6fd7c9596e1c082e021f079ae81b857b],
PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\WOW6432NODE\Browser Good, , [3d099b87c3c7c076e9366142f11216ea],
PUP.Optional.OneSoftPerDay.A, HKLM\SOFTWARE\WOW6432NODE\ONESOFTPERDAY, , [c581a67c8bff43f3b99e7b379c679868],
PUP.Optional.PastaLeads.A, HKLM\SOFTWARE\WOW6432NODE\PastaLeadsAgent, , [67df46dc8cfed165960b583f659ed12f],
PUP.Optional.SpeedChecker.A, HKLM\SOFTWARE\WOW6432NODE\Speedchecker Limited, , [a4a2ec368cfeb1854b0ef9abe61dd32d],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\Wajam Web Enhancer, , [ca7cae745a3056e0a8c682270cf78b75],
PUP.Optional.Taplika.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\MEDIAPLAYER\SHIMINCLUSIONLIST\taplika.exe, , [ea5c69b9d8b2df57b1f048518d763fc1],
PUP.Optional.MyPCBackup.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\MyPC Backup, , [5fe7f52d0a80a096c55cf4ad788bf808],
PUP.Optional.OneSoftPerDay.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ospd_us_890_is1, , [84c238ea3d4d241275e1347e877c659b],
PUP.Optional.PastaLeads.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PastaLeads Client, , [ff47012118725dd9bfe1f99e4cb7d32d],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Wajam Web Enhancer, , [9ea89f83c3c7ea4c4c21b3f60003f010],
PUP.Optional.Taplika.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WSE_Taplika, , [95b1bb670a8092a4ee92fca4649f8f71],
PUP.Optional.Tuto4Pc.A, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS, , [5bebf13176143204281ab1767491de22],
PUP.Optional.PastaLeads.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PastaLUpdd, , [51f5d0527e0cc76fffa3e9ae669dec14],
PUP.Optional.SearchModule.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SMUPDPLUS, , [82c43be76228d5619a6562394db6837d],
PUP.Optional.BrowserGood.A, HKU\S-1-5-21-4084636481-732014058-1395683245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Browser Good, , [370f5fc32565989e29f77231f60d6c94],
PUP.Optional.Taplika.A, HKU\S-1-5-21-4084636481-732014058-1395683245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Taplika, , [eb5b72b07d0d9e98c0b7d2ce877c21df],
PUP.Optional.Taplika.A, HKU\S-1-5-21-4084636481-732014058-1395683245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Taplika Browser, , [ae9824fec6c473c39dda1e827a8920e0],
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-4084636481-732014058-1395683245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\TutoTag, , [a2a4e141dbaf24124d441effad58b44c],
PUP.Optional.Wajam.A, HKU\S-1-5-21-4084636481-732014058-1395683245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\WajIEnhance, , [f3539191503ab87e6aed6a3812f1926e],
PUP.Optional.Taplika.A, HKU\S-1-5-21-4084636481-732014058-1395683245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\wse_taplika, , [1333d64ca3e71f1798df712fdb286d93],
PUP.Optional.Taplika.A, HKU\S-1-5-21-4084636481-732014058-1395683245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Taplika, , [0541cd55b6d46fc7552afba554af28d8],
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-4084636481-732014058-1395683245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\TUTORIALS\updatetutorialeshp, , [7ec848da18722412335ee3b77a8949b7],
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-4084636481-732014058-1395683245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\TUTORIALS\updatetutorialshp, , [2f17130f8efc1224c5cda1f9e81bb947],
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-4084636481-732014058-1395683245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\TUTORIALS\updv, , [f94d6cb6b4d6ae886e252f6b659e0ff1],
PUP.Optional.Goobzo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Search Module Plus, , [d6700121b8d226100c44c4bb22e1659b],
PUP.Optional.Goobzo, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SMUpdd, , [d6700121b8d226100c44c4bb22e1659b],
PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Browser Good, , [15317ea4b7d3cc6abfc32a6512f1e020],
PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, , [15317ea4b7d3cc6abfc32a6512f1e020],
PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, , [15317ea4b7d3cc6abfc32a6512f1e020],
PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, , [15317ea4b7d3cc6abfc32a6512f1e020],
PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, , [15317ea4b7d3cc6abfc32a6512f1e020],
PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, , [15317ea4b7d3cc6abfc32a6512f1e020],
PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, , [15317ea4b7d3cc6abfc32a6512f1e020],
PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, , [15317ea4b7d3cc6abfc32a6512f1e020],
PUP.Optional.BrowserGood.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, , [15317ea4b7d3cc6abfc32a6512f1e020],

Registry Values: 9
PUP.Optional.TheAnswerFinder.A, HKU\S-1-5-21-4084636481-732014058-1395683245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|TheAnswerFinder, "C:\Users\Terry\AppData\Roaming\TheAnswerFinder\TheAnswerFinder.exe", , [51f5c062791190a6f1a9847942bf4db3]
PUP.Optional.OneSoftPerDay.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ospd_us_890, "C:\Program Files (x86)\ospd_us_890\ospd_us_890.exe", , [9fa7a67c9beff83e1b3e268c30d312ee]
PUP.Optional.Taplika.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|Taplika, C:\WINDOWS\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\Terry\AppData\Roaming\Taplika\UpdateProc\bkup.dat", , [65e158ca43473ef856a811897c87cc34]
PUP.Optional.Taplika.A, HKU\S-1-5-21-4084636481-732014058-1395683245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|Taplika, C:\WINDOWS\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\Terry\AppData\Roaming\Taplika\UpdateProc\bkup.dat", , [65e158ca43473ef856a811897c87cc34]
PUP.Optional.Tuto4Pc.A, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS|HostGUID, 755FABDB-BADD-4027-81DC-B9BE49C41F14, , [5bebf13176143204281ab1767491de22]
PUP.Optional.MyPCBackup.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BACKUPSTACK|ImagePath, C:\Program Files (x86)\MyPC Backup\BackupStack.exe, , [8bbb938f7d0dfe3878f6fab0cd36f808]
PUP.Optional.SearchModule.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SMUPDPLUS|ImagePath, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smu.exe /service, , [82c43be76228d5619a6562394db6837d]
PUP.Optional.OneSoftPerDay.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|upospd_us_890.exe, C:\Users\Terry\AppData\Local\ospd_us_890\upospd_us_890.exe -runonce, , [0d3923ff1674e94d93b9087bc142aa56]
PUP.Optional.Taplika.A, HKU\S-1-5-21-4084636481-732014058-1395683245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|GoogleChromeAutoLaunch_F2197F60094F9CFD4C18AC811E6E7790, "C:\Users\Terry\AppData\Local\Taplika\Application\taplika.exe" --auto-launch-at-startup --profile-directory="Default", , [56f00f135832aa8c2b89deb3659e619f]

Registry Data: 1
PUP.Optional.Taplika.A, HKU\S-1-5-21-4084636481-732014058-1395683245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://taplika.com/?f=1&a=tpl_tuto13_15_09&cd=2XzuyEtN2Y1L1Qzu0Fzz0BtCyDyC0Azy0AtBtA0F0FzyzzzztN0D0Tzu0StCtCyDtDtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyByByEyCzy0FyEyBtG0FtCzztAtGyDyEyCzytGtD0FyE0DtGyD0EtD0Bzz0BtCyD0AyDyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0DzztAtD0BzytDtG0DyEyC0FtGyEzy0D0BtG0A0DyE0CtGtD0DyC0B0A0F0EyEzzzyyC0C2Q&cr=1053447831&ir=, Good: (www.google.com), Bad: (http://taplika.com/?f=1&a=tpl_tuto13_15_09&cd=2XzuyEtN2Y1L1Qzu0Fzz0BtCyDyC0Azy0AtBtA0F0FzyzzzztN0D0Tzu0StCtCyDtDtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyByByEyCzy0FyEyBtG0FtCzztAtGyDyEyCzytGtD0FyE0DtGyD0EtD0Bzz0BtCyD0AyDyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0DzztAtD0BzytDtG0DyEyC0FtGyEzy0D0BtG0A0DyE0CtGtD0DyC0B0A0F0EyEzzzyyC0C2Q&cr=1053447831&ir=),,[9ea8ca585832c96d56a7f0d3f90c08f8]

Folders: 169
PUP.Optional.ASPackage.A, C:\Users\Terry\AppData\Roaming\ASPackage, , [79cd37ebafdb171f567e69380102ce32],
PUP.Optional.ASPackage.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage, , [d6702bf7c1c9fa3c8a4b267b11f245bb],
PUP.Optional.MyPCBackup.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup, , [73d328fa6525d5612f3debbf56ad31cf],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\x64, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\x86, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Database, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo, , [d6700121b8d226100c44c4bb22e1659b],
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus, , [d6700121b8d226100c44c4bb22e1659b],
PUP.Optional.OneSoftPerDay.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONESOFTPERDAY, , [bb8b67bb7f0b3cfa97b486fd7390f50b],
PUP.Optional.OneSoftPerDay.A, C:\Users\Terry\AppData\Local\ospd_us_890, , [0d3923ff1674e94d93b9087bc142aa56],
PUP.Optional.OneSoftPerDay.A, C:\Users\Terry\AppData\Local\ospd_us_890\Download, , [0d3923ff1674e94d93b9087bc142aa56],
PUP.Optional.OneSoftPerDay.A, C:\Users\Terry\AppData\Local\ospd_us_890\ospd_us_890, , [0d3923ff1674e94d93b9087bc142aa56],
PUP.Optional.OneSoftPerDay.A, C:\Users\Terry\AppData\Local\ospd_us_890\ospd_us_890\1.10, , [0d3923ff1674e94d93b9087bc142aa56],
PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_882, , [5de95dc58a0050e64409fe8539ca6d93],
PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_890, , [bc8a42e0f5950b2bbc91a0e353b0da26],
PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer, , [82c41e047e0cc17565bfaae0d52e03fd],
PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\Explore Social Search, , [82c41e047e0cc17565bfaae0d52e03fd],
PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\Explore Social Shopping, , [82c41e047e0cc17565bfaae0d52e03fd],
PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\Uninstall Wajam, , [82c41e047e0cc17565bfaae0d52e03fd],
PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good, , [15317ea4b7d3cc6abfc32a6512f1e020],
PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\bin, , [15317ea4b7d3cc6abfc32a6512f1e020],
PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\bin\plugins, , [15317ea4b7d3cc6abfc32a6512f1e020],
PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\bin\TEMP, , [15317ea4b7d3cc6abfc32a6512f1e020],
PUP.Optional.Taplika.A, C:\Program Files (x86)\WSE_Taplika, , [eb5bfb27fa900630ab075a3749ba6799],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Roaming\Taplika, , [6cda9a88b3d7d16510a30f8256adbd43],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Roaming\Taplika\UpdateProc, , [6cda9a88b3d7d16510a30f8256adbd43],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\Application, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\Application\31.0.1650.23, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\Application\31.0.1650.23\Extensions, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\Application\31.0.1650.23\Installer, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\Application\31.0.1650.23\Locales, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\Application\31.0.1650.23\VisualElements, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Cache, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\databases, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app\spots, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app\spots\facebook, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app\spots\facebook\images, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app\spots\facebook\images\carousel, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app\spots\facebook\images\carousel\screenshots, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app\spots\gallery, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app\spots\gallery\data, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app\spots\gallery\images, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app\spots\gallery\images\blackfriday, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app\spots\weather, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\app\spots\weather\images, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\css, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\about, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\apps, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\clean, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\discovery, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\favorites, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\ftue, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\icons, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\icons\pageAction, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\image-upload, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\loaders, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\notifications, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\phone, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\review-gifs, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\review-gifs\cat, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\search, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes\bubbles, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes\buttons, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes\city, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes\clean, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes\disco, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes\fishing, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes\forest, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes\mountains, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes\planets, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes\sea, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes\space, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes\strips, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\themes\sunset, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\img\user, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\js, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\lib, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\locales, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales\ar, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales\de, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales\en, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales\es, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales\fr, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales\he, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales\it, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales\ja, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales\nl, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales\pl, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales\pt_BR, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales\ru, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\ecmgfadhlfnnjeldifpnbohpkbbgonfd\0.3.8_0\_locales\tr, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\css, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\html, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\bg, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ca, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\cs, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\da, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\de, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\el, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\en, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\en_GB, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\es, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\es_419, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\et, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fi, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fil, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fr, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hi, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hr, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hu, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\id, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\it, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ja, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ko, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\lt, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\lv, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\nb, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\nl, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pl, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pt_BR, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pt_PT, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ro, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ru, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sk, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sl, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sr, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sv, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\th, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\tr, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\uk, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\vi, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\zh_CN, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\zh_TW, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_metadata, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\GPUCache, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\IndexedDB, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\IndexedDB\chrome-extension_ecmgfadhlfnnjeldifpnbohpkbbgonfd_0.indexeddb.leveldb, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\JumpListIcons, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\JumpListIconsOld, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Local Extension Settings, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\Local Storage, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\Default\User StyleSheets, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Local\Taplika\User Data\pnacl, , [56f00f135832aa8c2b89deb3659e619f],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Taplika, , [79cd4bd7ed9d1f175e570d841be8837d],
PUP.Optional.Wajam.A, C:\Program Files\WajaWebEnhancer, , [d175938fddadca6c88e4761e73906e92],
PUP.Optional.Wajam.A, C:\Program Files\WajaWebEnhancer\dlls, , [d175938fddadca6c88e4761e73906e92],
PUP.Optional.Wajam.A, C:\Program Files\WajaWebEnhancer\logos, , [d175938fddadca6c88e4761e73906e92],
PUP.Optional.BrowserGood.A, C:\Users\Terry\AppData\Local\Temp\Browser Good, , [291dc959305a3bfb81fde2b314effb05],
PUP.Optional.FlashBeat.A, C:\ProgramData\FlashBeat, , [d67068ba197184b226c9e5b038cba55b],
PUP.Optional.TheAnswerFinder.A, C:\Users\Terry\AppData\Roaming\TheAnswerFinder, , [ee58869c335770c68a8dfc9ad72ce020],
PUP.Optional.PastaLeads.A, C:\ProgramData\PastaLeadsAgent, , [d96d52d0cebce74f447b504619ea7987],
PUP.Optional.PastaLeads.A, C:\Program Files\Common Files\PastaLeads, , [0d39c161dfab49edbc04f1a54cb706fa],
PUP.Optional.PastaLeads.A, C:\Program Files\Common Files\PastaLeads\PastaLeads Client, , [0d39c161dfab49edbc04f1a54cb706fa],

Files: 935
PUP.Optional.PastaLeads.A, C:\Program Files\Common Files\PastaLeads\PastaLeads Client\pastaleadss.exe, , [75d18999810952e44e118682bd49a957],
PUP.Optional.Wajam.A, C:\Program Files\WajaWebEnhancer\wajam_64.exe, , [e85e2cf6fb8f47efa6b8b4b8d42cf709],
PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\bin\utilBrowserGood.exe, , [f74f80a2d7b3af87ee585fa4f0128977],
PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\updateBrowserGood.exe, , [6fd745dd75154aec66e01ce7c83aa45c],
PUP.Optional.Wajam.A, C:\Program Files\WajaWebEnhancer\wajam.exe, , [f55133ef64262d0965f9f874b44cfc04],
PUP.Optional.TheAnswerFinder.A, C:\Users\Terry\AppData\Roaming\TheAnswerFinder\TheAnswerFinder.exe, , [51f5c062791190a6f1a9847942bf4db3],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe, , [81c53de5d7b35fd7abb25599ef12cc34],
PUP.Optional.PastaLeads.A, C:\Program Files\Common Files\PastaLeads\PastaLeads Client\pastali32.dll, , [94b2ca58b6d40432f36c1aee5fa73ac6],
PUP.Optional.BrowserGood.A, C:\Program Files (x86)\Browser Good\BrowserGoodbho.dll, , [e6601e04e0aa5ed8f57ee923a95ae41c],
PUP.Optional.TheAnswerFinder.A, C:\Users\Terry\AppData\Roaming\TheAnswerFinder\TheAnswerFinderUninstall.exe, , [82c4968c7d0d86b04e4d906dd031ac54],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Service Start.exe, , [cf77bf639af046f01a434aa4f30ecb35],
PUP.Optional.Goobzo, C:\Users\Terry\AppData\Local\Temp\Install_25101\ins_smk.exe, , [1333f72bacded462f521f5aa44c131cf],
PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_speeditup_installer_multilang.exe, , [23239e849ceecf67f87c9d5cf40deb15],
PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_stormpverti_installer_multilang.exe, , [0e38b969addd989e0371b14847bab54b],
PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_StormWatch_Boost_Verti_installer_multilang.exe, , [fd492bf72664f145d89c1cddf70a9967],
PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_superpc_installer_multilang.exe, , [b6909f83a5e5bd790a6aec0d669b946c],
PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_taplika_installer_multilang.exe, , [0343bb678bffe74f561e58a15ca5f907],
PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_zombie_installer_multilang.exe, , [a0a6bb67f19963d3601448b123de24dc],
PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_boost_installer_multilang.exe, , [e16559c93a50bd79730125d46b96f907],
PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_browsergood_installer_multilang.exe, , [d373ea38751548eed89c7188ae5343bd],
PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_BubbleSound_installer_multilang.exe, , [c68041e1bad0a492700446b37b8629d7],
PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_cp_desktopdock_installer_multilang.exe, , [9caaaf73315980b62c484faa1ee3cd33],
PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_CubepileShopperz_installer_multilang.exe, , [093d42e07f0b1b1bb9bbfcfdb0516f91],
PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_cubepile_speedcheck_installer_multilang.exe, , [47ffb270cfbb2610482c1ddca45d01ff],
PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_FlashBeat_installer_multilang.exe, , [59edb0727e0c57dfd2a22ccda95810f0],
PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_optimizerpro_installer_multilang.exe, , [74d2031fcfbb9a9c77fdfbfe758c8878],
PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_piccolor_installer_multilang.exe, , [79cd99896c1ef93d60149564827faa56],
PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_plumoweb_installer_multilang.exe, , [281ea47e8efc73c380f45d9cd62b6997],
PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_plushd_installer_multilang.exe, , [fe48e43e8208f83e2f4506f3728fbe42],
PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_psecprotwhite_installer_multilang.exe, , [c680ba682664a88e5e16cf2a669bc13f],
PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_quickref_installer_multilang.exe, , [3016ad75cac0dc5a6c089168df228b75],
PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_quickref_p_installer_multilang.exe, , [3610c062eaa0da5cd59f24d5ee1350b0],
PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_SByoutube_installer_multilang.exe, , [370fca582862f541d2a2f60352af1fe1],
PUP.Optional.Tuto4PC.A, C:\Users\Terry\AppData\Local\Temp\is-AOFI5.tmp\package_secureprotect_installer_multilang.exe, , [1b2bef331773e84e82f2ad4c47bac23e],
PUP.Optional.SearchModule.A, C:\Windows\System32\Tasks\SMWPUpd, , [c1851909ccbe79bd8ef9158a0bf8ac54],
PUP.Optional.Taplika.A, C:\Users\Terry\Desktop\Taplika.lnk, , [68de5ec46624b2844d2b920e2fd4a45c],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Taplika.lnk, , [ef57eb37f7931224b9c00a964cb75ba5],
PUP.Optional.Taplika.A, C:\Windows\Tasks\Taplika.job, , [9babb86a72183105b6c7f4acaf540df3],
PUP.Optional.Taplika.A, C:\Windows\System32\Tasks\Taplika, , [ac9a43dfafdb8bab542af4ac847f7f81],
PUP.Optional.Taplika.A, C:\Users\tacti_000\AppData\Roaming\Mozilla\Firefox\Profiles\mv00qg8y.default\searchplugins\Taplika.xml, , [f94d77abbad0f046b2cff0b04ab917e9],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\gcmhupl0.default-1414872201493\searchplugins\Taplika.xml, , [fe4877abfb8f7cba99e8168aa16233cd],
PUP.Optional.ASPackage.A, C:\Users\Terry\AppData\Roaming\ASPackage\Uninstall.exe, , [79cd37ebafdb171f567e69380102ce32],
PUP.Optional.ASPackage.A, C:\Users\Terry\AppData\Roaming\ASPackage\ASPackage.exe, , [79cd37ebafdb171f567e69380102ce32],
PUP.Optional.ASPackage.A, C:\Users\Terry\AppData\Roaming\ASPackage\asrunasu.exe, , [79cd37ebafdb171f567e69380102ce32],
PUP.Optional.ASPackage.A, C:\Users\Terry\AppData\Roaming\ASPackage\ASSrv.exe, , [79cd37ebafdb171f567e69380102ce32],
PUP.Optional.ASPackage.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage\Configure.lnk, , [d6702bf7c1c9fa3c8a4b267b11f245bb],
PUP.Optional.MyPCBackup.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk, , [56f0b36fc8c25cda1159b4f654af49b7],
PUP.Optional.MyPCBackup.A, C:\Users\Terry\Desktop\MyPC Backup.lnk, , [c18555cdd3b7bb7b6dfec0eaa45f3dc3],
PUP.Optional.MyPCBackup.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup\MyPC Backup.lnk, , [73d328fa6525d5612f3debbf56ad31cf],
PUP.Optional.MyPCBackup.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup\Uninstall.lnk, , [73d328fa6525d5612f3debbf56ad31cf],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\pt_PT.mo, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\BplusDotNet.dll, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\aff.conf, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaFS.dll, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaVSS.51.x86.dll, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaVSS.52.x64.dll, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaVSS.52.x86.dll, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaVSS.60.x64.dll, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaVSS.60.x86.dll, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaVSS.Common.dll, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\BackupStack.exe, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\BackupStackUI.dll, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\RegisterExtensionDotNet20_x64.exe, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\RegisterExtensionDotNet20_x86.exe, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\RegisterExtensionDotNet40_x64.exe, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\RegisterExtensionDotNet40_x86.exe, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Shared Stack.dll, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\SignupWizard.dll, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\syncicon.ico, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\System.Data.SQLite.DLL, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\uninst.exe, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\UnRegisterExtensions.exe, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Updater.exe, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Updater_.dll, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\websocket-sharp.dll, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Configuration Updater.exe, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\de_DE.mo, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\es_ES.mo, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\fr_FR.mo, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\GetText.dll, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\InstMgr.dll, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Ionic.Zip.dll, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\it_IT.mo, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\LogicNP.EZShellExtensions.dll, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Microsoft.Win32.TaskScheduler.dll, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\MPCBClient.dll, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\MPCBContextMenu.dll, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\mypcbackup.ico, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\NativeHashWrapper.dll, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Newtonsoft.Json.dll, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\ObjectListView.dll, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\PipeDiff.dll, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\x64\SQLite.Interop.dll, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\x86\SQLite.Interop.dll, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Database\mpcb_settings.db, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\WAIT_HANDLES.log, , [67df81a18109ea4ca8c53575748f06fa],
PUP.Optional.Goobzo, C:\Windows\System32\Tasks\SMW_UpdateTask_Time_323932353639303831322d2323782a32455b4134572d32, , [70d6a181523854e2c2c207afda29b947],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{f3daddfc-782d-4450-a020-ed3b44858e01}Gw64.sys, , [4ef8bc66385277bf3ce594284eb5a35d],
PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_890\ospd_us_890.exe, , [9fa7a67c9beff83e1b3e268c30d312ee],
PUP.Optional.Taplika.A, C:\Users\Terry\AppData\Roaming\Taplika\UpdateProc\bkup.dat, , [65e158ca43473ef856a811897c87cc34],
PUP.Optional.PastaLeads.A, C:\Program Files\Common Files\PastaLeads\PastaLeads Client\pastaldrw.sys, , [51f5d0527e0cc76fffa3e9ae669dec14],
PUP.Optional.SearchModule.A, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smu.exe, , [82c43be76228d5619a6562394db6837d],
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\SBIEBrowserHelperObject.dll, , [d6700121b8d226100c44c4bb22e1659b],
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\SCHelper.exe, , [d6700121b8d226100c44c4bb22e1659b],
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\sma.exe, , [d6700121b8d226100c44c4bb22e1659b],
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smci32.dll, , [d6700121b8d226100c44c4bb22e1659b],
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smci64.dll, , [d6700121b8d226100c44c4bb22e1659b],
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smei32.dll, , [d6700121b8d226100c44c4bb22e1659b],
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smei64.dll, , [d6700121b8d226100c44c4bb22e1659b],
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smfi32.dll, , [d6700121b8d226100c44c4bb22e1659b],
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smfi64.dll, , [d6700121b8d226100c44c4bb22e1659b],
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smi32.exe, , [d6700121b8d226100c44c4bb22e1659b],
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smi64.exe, , [d6700121b8d226100c44c4bb22e1659b],
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smoi32.dll, , [d6700121b8d226100c44c4bb22e1659b],
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smoi64.dll, , [d6700121b8d226100c44c4bb22e1659b],
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smri32.dll, , [d6700121b8d226100c44c4bb22e1659b],
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smri64.dll, , [d6700121b8d226100c44c4bb22e1659b],
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\SMUninstall.exe, , [d6700121b8d226100c44c4bb22e1659b],
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smw.sys, , [d6700121b8d226100c44c4bb22e1659b],
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdatePlus\Updater.exe, , [d6700121b8d226100c44c4bb22e1659b],
PUP.Optional.OneSoftPerDay.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONESOFTPERDAY\Onesoftperday.lnk, , [bb8b67bb7f0b3cfa97b486fd7390f50b],
PUP.Optional.OneSoftPerDay.A, C:\Users\Terry\AppData\Local\ospd_us_890\upospd_us_890.cyl, , [0d3923ff1674e94d93b9087bc142aa56],
PUP.Optional.OneSoftPerDay.A, C:\Users\Terry\AppData\Local\ospd_us_890\upospd_us_890.exe, , [0d3923ff1674e94d93b9087bc142aa56],
PUP.Optional.OneSoftPerDay.A, C:\Users\Terry\AppData\Local\ospd_us_890\user_profil.cyp, , [0d3923ff1674e94d93b9087bc142aa56],
PUP.Optional.OneSoftPerDay.A, C:\Users\Terry\AppData\Local\ospd_us_890\Download\majmp_gentleeeuu.exe, , [0d3923ff1674e94d93b9087bc142aa56],
PUP.Optional.OneSoftPerDay.A, C:\Users\Terry\AppData\Local\ospd_us_890\ospd_us_890\1.10\cnf.cyl, , [0d3923ff1674e94d93b9087bc142aa56],
PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_890\onesoftperday_widget.exe, , [bc8a42e0f5950b2bbc91a0e353b0da26],
PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_890\predm.exe, , [bc8a42e0f5950b2bbc91a0e353b0da26],
PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_890\unins000.dat, , [bc8a42e0f5950b2bbc91a0e353b0da26],
PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_890\unins000.exe, , [bc8a42e0f5950b2bbc91a0e353b0da26],
PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_890\unins000.msg, , [bc8a42e0f5950b2bbc91a0e353b0da26],
PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\Settings.lnk, , [82c41e047e0cc17565bfaae0d52e03fd],
PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\SignIn with Facebook.lnk, , [82c41e047e0cc17565bfaae0d52e03fd],
PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\SignIn with Twitter.lnk, , [82c41e047e0cc17565bfaae0d52e03fd],
PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\Wajam Website.lnk, , [82c41e047e0cc17565bfaae0d52e03fd],
PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\Explore Social Search\Ask.lnk, , [82c41e047e0cc17565bfaae0d52e03fd],
PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\Explore Social Search\Google.lnk, , [82c41e047e0cc17565bfaae0d52e03fd],
PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\Explore Social Search\IMDb.lnk, , [82c41e047e0cc17565bfaae0d52e03fd],
PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\Explore Social Search\Shopping.com.lnk, , [82c41e047e0cc17565bfaae0d52e03fd],
PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\Explore Social Search\TripAdvisor.lnk, , [82c41e047e0cc17565bfaae0d52e03fd],
PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\Explore Social Search\Wikipedia.lnk, , [82c41e047e0cc17565bfaae0d52e03fd],
PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\Explore Social Search\Yahoo!.lnk, , [82c41e047e0cc17565bfaae0d52e03fd],
PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\Explore Social Shopping\Amazon.lnk, , [82c41e047e0cc17565bfaae0d52e03fd],
PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\Explore Social Shopping\Argos.lnk, , [82c41e047e0cc17565bfaae0d52e03fd],
PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\Explore Social Shopping\Ebay.lnk, , [82c41e047e0cc17565bfaae0d52e03fd],
PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\Explore Social Shopping\Etsy.lnk, , [82c41e047e0cc17565bfaae0d52e03fd],
PUP.Optional.Wajam.A, C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Web Enhancer\Explore Social Shopping\HomeDepot.lnk, , [

[tacticaltal]

HijackThis File

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 8:48:23 PM, on 9/3/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)

FIREFOX: 40.0.3 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Dell Update\DellUpTray.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Users\Terry\AppData\Local\Microsoft\Windows\INetCache\IE\Y8OB33YC\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
O4 - HKLM\..\Policies\Explorer\Run: [btvStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files (x86)\Logitech\Ereg\eReg.exe
O4 - Startup: Monitor Ink Alerts - HP Deskjet 1510 series.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
O23 - Service: Dell Customer Connect - Dell Inc. - C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe
O23 - Service: Dell Data Vault (DellDataVault) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVault.exe
O23 - Service: Dell Data Vault Wizard (DellDataVaultWiz) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
O23 - Service: Dell Update Service (DellUpdate) - Dell Inc. - C:\Program Files (x86)\Dell Update\DellUpService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel® ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel® Update Manager (iumsvc) - Unknown owner - c:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Ad-Aware Service 11 (LavasoftAdAwareService11) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareService.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Dell SupportAssist Agent (SupportAssistAgent) - Dell Inc. - C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe

--
End of file - 11591 bytes

[Juliet]

Did you allow MBAM to remove/quarantine what it found?

[tacticaltal]

Did you allow MBAM to remove/quarantine what it found?

 

Yes, and I deleted what was in quarantine.

 

We are running a bit better right now, I think, though I still am unable to run a Pit Test.

[Juliet]

Run these 2 tools and let's see if you can get further improvements.

 

AdwCleaner

• Please download AdwCleaner and save the file to your Desktop.
• Right-Click AdwCleaner.exe and select Run as administrator to run the programme.
• Follow the prompts.
• Click Scan.
• Upon completion, click Report. A log (AdwCleaner[sX].txt) will open. Briefly check the log for anything you know to be legitimate.
• Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
• Follow the prompts and allow your computer to reboot.
• After rebooting, a log (AdwCleaner[sX].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

Please download Junkware Removal Tool

or from here http://downloads.malwarebytes.org/file/jrt

to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

please post

AdwCleaner[CX].txt

JRT.txt

[tacticaltal]

# AdwCleaner v5.006 - Logfile created 07/09/2015 at 21:27:02
# Updated 06/09/2015 by Xplode
# Database : 2015-09-07.1 [server]
# Operating system : Windows 8.1 (x64)
# Username : Terry - KITCHEN
# Running from : C:\Users\Terry\Downloads\AdwCleaner (1).exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
[!] Key Not Deleted : HKU\S-1-5-21-4084636481-732014058-1395683245-1001\Software\AppDataLow\Software\adawarebp

***** [ Web browsers ] *****

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C6].txt - [776 bytes] ##########

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.0 (08.31.2015:1)
OS: Windows 8.1 x64
Ran by Terry on Mon 09/07/2015 at 21:32:33.48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Tasks

Successfully deleted: [Task] C:\WINDOWS\system32\tasks\PCDEventLauncherTask
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\PCDoctorBackgroundMonitorTask

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer

 

~~~ Files

 

~~~ Folders

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 09/07/2015 at 21:34:06.18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[tacticaltal]

Still unable to run a Pit Test

[Juliet]

Farbar Recovery Scan Tool (FRST) Scan

• Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
• Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
• Right-Click FRST.exe / FRST64.exe and select Run as administrator to run the programme.
• Click Yes to the disclaimer.
• Ensure the Addition.txt box is checked.
• Click the Scan button and let the programme run.
• Upon completion, click OK, then OK on the Addition.txt pop up screen.
• Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

[tacticaltal]

Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-09-2015
Ran by Terry (2015-09-09 20:18:10)
Running from C:\Users\Terry\Desktop
Windows 8.1 (X64) (2014-02-13 07:18:05)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4084636481-732014058-1395683245-500 - Administrator - Disabled)
Guest (S-1-5-21-4084636481-732014058-1395683245-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4084636481-732014058-1395683245-1007 - Limited - Enabled)
tacti_000 (S-1-5-21-4084636481-732014058-1395683245-1004 - Administrator - Enabled) => C:\Users\tacti_000
Terry (S-1-5-21-4084636481-732014058-1395683245-1001 - Administrator - Enabled) => C:\Users\Terry
UpdatusUser (S-1-5-21-4084636481-732014058-1395683245-1005 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Ad-Aware Antivirus (Enabled - Up to date) {B0CC18C6-E527-6EE6-874C-9D19920E5619}
AS: Ad-Aware Antivirus (Enabled - Up to date) {0BADF922-C31D-6168-BDFC-A66BE9891CA4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {88F799E3-AF48-6FBE-AC13-342C6CDD1162}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4500_G510gm_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
4500G510gm (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
4500G510gm_Software_Min (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Ad-Aware Antivirus (HKLM\...\{18A24EC3-2BA0-4438-AA5C-A3CF81194D22}_AdAwareUpdater) (Version: 11.8.586.8535 - Lavasoft)
AdAwareInstaller (Version: 11.8.586.8535 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.8.586.8535 - Lavasoft) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden
BabasChess (HKLM-x32\...\{93CF9FA6-2A5E-4F8E-923E-F7D8741CB312}) (Version: 3.9.12275 - RRaf)
BlitzIn 3.0 (HKLM-x32\...\BlitzIn 3.0) (Version: - Internet Chess Club)
BlitzIn 3.10 (HKLM-x32\...\BlitzIn 3.10) (Version: - Internet Chess Club)
BlitzIn 3.11 (HKLM-x32\...\BlitzIn 3.11) (Version: - Internet Chess Club)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dasher (HKLM-x32\...\Dasher) (Version: - Internet Chess Club)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)
Dell Customer Connect (HKLM-x32\...\{FEFDCDCF-C49C-45D0-AAF8-5345858ADEC7}) (Version: 1.2.1.0 - Dell Inc.)
Dell Data Vault (Version: 4.3.4.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{03A9F528-A754-460F-B2C1-AC125A147114}) (Version: 2.8.5000.0 - Dell Products, LP)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.0.47 - Dell)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Family Tree Maker 2006 (HKLM-x32\...\{F2F4C144-7D1A-47C4-9D53-395A57B0CD64}) (Version: - )
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
Fritz8 (HKLM-x32\...\{0830FBE8-A848-4A37-BF62-D89CB3EF0F60}) (Version: - )
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet 1510 series Basic Device Software (HKLM\...\{D17E60E8-478A-4D4A-8147-21D481B5CA55}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 1510 series Help (HKLM-x32\...\{2E25FCEB-EFCB-4696-AA01-D3CBAC721831}) (Version: 30.0.0 - Hewlett Packard)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 4500 G510g-m 14.0 Rel. 6 (HKLM\...\{C55BF64E-60E1-494C-B1EB-97A008141A55}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{D2F04839-0AD0-4F06-A6B5-6DFF05E27B67}) (Version: 11.50.0019 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HTML-Kit 292 (HKLM-x32\...\HTMLKit_is1) (Version: 1.0 - HTMLKit.com)
ICC for Windows 1.0 beta 9.6.4 (HKLM-x32\...\{CFF71C5A-D887-429C-A1F6-FD395C1823E8}_is1) (Version: 1.0 - Internet Chess Club, Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.13.1402 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7230) - Logitech Inc..)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
NVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0325 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0325 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.218 - Qualcomm Atheros Communications)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6909 - Realtek Semiconductor Corp.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Scid 4.5.2 (HKU\S-1-5-21-4084636481-732014058-1395683245-1001\...\Scid_is1) (Version: 4.5.2 - The Scid project)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.10.2 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinTD 4.20 (HKLM-x32\...\{8E7F4B9D-3F93-4E8E-AE26-E4E2A50ABA50}) (Version: 4.2.0 - Estima)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

19-08-2015 06:18:38 Windows Update
26-08-2015 07:23:34 Scheduled Checkpoint
03-09-2015 14:24:22 AA11
07-09-2015 21:32:36 JRT Pre-Junkware Removal

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2014-11-22 01:45 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1E505ABF-A94C-4A8F-8C11-DFA272CAB6AC} - System32\Tasks\{CB9B889B-D384-4485-9FC2-8F0E081C7B2B} => pcalua.exe -a D:\Setup\Setup.exe -d D:\Setup
Task: {377CDA81-90B1-4745-B859-A6D2AA3525E1} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {66E3F6D1-830C-487E-94EE-EE067397BFED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {6E84D13E-644D-40D7-A690-0EE69CD13945} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-06-11] (Dell Inc.)
Task: {6FFFAD23-DF49-4A5D-8BA8-5CB5BD12006C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {7B7CD299-5D69-4194-9A90-51CECFEB4340} - System32\Tasks\HP AR Program Upload - a89c880fc2ee41ceb0773925ee9ca50c49d8762af806478e9858678a98c4bf2f => C:\Program Files\HP\HP Deskjet 1510 series\bin\HPRewards.exe [2014-03-06] (TODO: <Company name>)
Task: {A25A4403-5B4B-43C1-AEA6-050AC44C75B7} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {A6A10F8B-B250-4639-B71A-1FD90A2AA00E} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {AB77367E-74D1-4E6B-8513-94B5C6762D49} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {B9DC0E8F-3F7E-43DA-A863-1C60D3544F71} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-15] (Adobe Systems Incorporated)
Task: {C63FB1EF-B377-4FC4-BCEB-93AC17F18C5F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {F31FCAA1-C0C9-44CA-AAF0-D8989743FC20} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {F6D6825C-FCC4-422D-ACDE-B50ECE89D9BA} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => c:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-11-28 09:06 - 2013-04-19 18:51 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2013-11-28 09:06 - 2013-04-19 18:52 - 00049440 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\STCommonShellIntegration.dll
2013-11-28 09:06 - 2013-04-19 18:51 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2013-11-28 09:06 - 2013-04-19 18:51 - 00034080 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 02794744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareShellExtension.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 03549904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\RCF.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00123656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_filesystem-vc120-mt-1_57.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00025856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_system-vc120-mt-1_57.dll
2014-02-13 02:04 - 2013-10-23 03:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-11-28 08:54 - 2013-07-16 20:39 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-02-13 19:17 - 2005-07-31 13:00 - 00017920 _____ () C:\Program Files (x86)\Family Tree Maker 2006\IMPLODE.DLL
2014-02-13 19:17 - 2005-07-31 13:00 - 00237568 _____ () C:\Program Files (x86)\Family Tree Maker 2006\FtwWrp32.dll
2014-02-13 19:17 - 2005-07-31 13:00 - 01048576 _____ () C:\Program Files (x86)\Family Tree Maker 2006\ftwmfc.dll
2014-02-13 19:17 - 2005-07-31 13:00 - 00057344 _____ () C:\Program Files (x86)\Family Tree Maker 2006\iebrowser.dll
2014-02-13 19:17 - 2005-07-31 13:00 - 00286720 _____ () C:\Program Files (x86)\Family Tree Maker 2006\KinRes.dll
2014-02-13 19:17 - 2005-07-31 13:00 - 00106496 _____ () C:\Program Files (x86)\Family Tree Maker 2006\Imaging.dll
2014-02-13 19:17 - 2005-07-31 13:00 - 00184320 _____ () C:\Program Files (x86)\Family Tree Maker 2006\TextEditor.dll
2014-02-13 19:17 - 2005-07-31 13:00 - 00385024 _____ () C:\Program Files (x86)\Family Tree Maker 2006\pg30.dll
2014-02-13 19:17 - 2005-07-31 13:00 - 00074240 _____ () C:\Program Files (x86)\Family Tree Maker 2006\infolink.dll
2014-02-13 19:17 - 2005-07-31 13:00 - 00053248 _____ () C:\Program Files (x86)\Family Tree Maker 2006\FtwTlbr.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\tacti_000\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Terry\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4084636481-732014058-1395683245-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Dell\Win Chrome 1920x1200.jpg
DNS Servers: 64.233.219.99 - 64.233.206.99
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "BtPreLoad"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "LWS"
HKU\S-1-5-21-4084636481-732014058-1395683245-1001\...\StartupApproved\StartupFolder: => "Logitech . Product Registration.lnk"
HKU\S-1-5-21-4084636481-732014058-1395683245-1001\...\StartupApproved\Run: => "swg"
HKU\S-1-5-21-4084636481-732014058-1395683245-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
HKU\S-1-5-21-4084636481-732014058-1395683245-1001\...\StartupApproved\Run: => "Logitech Vid"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{C916CF1A-447B-44B4-900B-EF32BF6ADA29}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{31C755F3-231A-4743-80EE-F4DC4CE1D270}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{51B1F39A-324B-49EC-8F7F-8F30DE725F1A}] => (Allow) LPort=1900
FirewallRules: [{D9F73E07-3D33-444B-861A-850ED26B370A}] => (Allow) LPort=2869
FirewallRules: [{02B32D95-B51A-4EBC-9F9F-455457C4CB2E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [TCP Query User{CC062FC1-FEB4-48DA-8ED7-481888BA118C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [uDP Query User{F0E19BFE-329B-474C-8BB1-D72DC22B666D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{0537AAB9-767A-4901-B598-670223C88E30}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{A3932F1C-4F33-46BF-96D9-EAF66529AD71}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{807BF75E-54A8-4825-B001-9A90F72F3DCB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{2CA284F5-D70E-4842-B6CC-6674495AFE93}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{80346F73-6544-44D4-85D0-9EEDF4BF05D5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{97D066E7-50CB-42D8-8182-C4CAB5B6D732}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{C4FBDB8C-EA45-4568-80A1-6FFF65E5BBF5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{04F53C98-23F6-4F3A-BF83-15E6385BD278}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{8356E528-913A-41B5-B2A2-ED4E949975CB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{4A4037CA-10DF-473B-B55C-FE444097B4BC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{8D367167-EE4F-40DB-BEC2-5FEB08EA8F92}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{256ADA69-A6ED-4BAB-9EE9-7B07F971CB12}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{C78664B9-C67F-47D2-98D2-5135AAC0A069}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{1B1C5435-1BF5-4B1D-996B-0335D5729B4A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{9F6FF33F-8DD5-4D5C-AC16-C8C4D75C6BAC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{24977F1D-F4BE-449B-8294-2DDEF55E7F42}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{3C8A59B8-A991-4379-9827-E41365B31AFF}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [sPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [sPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{6EFB6BC1-772F-4AC6-BFA6-D666F8F14064}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{15A4B814-1671-48D8-A76E-39A4C78E8B77}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{39C53E2E-1C59-43F9-9CA0-3E9118E64060}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [uDP Query User{A90154D3-71C0-4D6F-84A8-4CB3EAE68304}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{740994E3-D123-4761-919A-35DEEA72BCE3}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\USBSetup.exe
FirewallRules: [{BF94E17E-3F31-49CC-B987-065C8A57C21D}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{40F3B7E0-8AE2-4CBE-9402-9A7801F81910}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
FirewallRules: [{F2968D75-D5F0-48D2-89AD-5D95AF5C68A5}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/07/2015 09:08:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 40.0.3.5716 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 14e0

Start Time: 01d0e9d1ce4ae11b

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 7e68c0f3-55ce-11e5-bebf-34238711e4ce

Faulting package full name:

Faulting package-relative application ID:

Error: (09/07/2015 09:08:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 40.0.3.5716, time stamp: 0x55ddb213
Faulting module name: mozglue.dll, version: 40.0.3.5716, time stamp: 0x55dda062
Exception code: 0x80000003
Fault offset: 0x0000e250
Faulting process id: 0x1ac8
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (09/07/2015 02:02:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wintd32.exe, version: 0.0.0.0, time stamp: 0x5481fe4b
Faulting module name: wintd32.exe, version: 0.0.0.0, time stamp: 0x5481fe4b
Exception code: 0xc0000005
Fault offset: 0x00072cb3
Faulting process id: 0x1620
Faulting application start time: 0xwintd32.exe0
Faulting application path: wintd32.exe1
Faulting module path: wintd32.exe2
Report Id: wintd32.exe3
Faulting package full name: wintd32.exe4
Faulting package-relative application ID: wintd32.exe5

Error: (09/07/2015 01:57:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wintd32.exe, version: 0.0.0.0, time stamp: 0x5481fe4b
Faulting module name: wintd32.exe, version: 0.0.0.0, time stamp: 0x5481fe4b
Exception code: 0xc0000005
Fault offset: 0x00072cb3
Faulting process id: 0x12e0
Faulting application start time: 0xwintd32.exe0
Faulting application path: wintd32.exe1
Faulting module path: wintd32.exe2
Report Id: wintd32.exe3
Faulting package full name: wintd32.exe4
Faulting package-relative application ID: wintd32.exe5

Error: (08/28/2015 11:40:54 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (08/25/2015 02:05:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_winethc.dll, version: 6.3.9600.17415, time stamp: 0x54504eb8
Faulting module name: USER32.dll, version: 6.3.9600.17936, time stamp: 0x55a68e0c
Exception code: 0xc0000142
Fault offset: 0x00000000000ec4e0
Faulting process id: 0x2034
Faulting application start time: 0xrundll32.exe_winethc.dll0
Faulting application path: rundll32.exe_winethc.dll1
Faulting module path: rundll32.exe_winethc.dll2
Report Id: rundll32.exe_winethc.dll3
Faulting package full name: rundll32.exe_winethc.dll4
Faulting package-relative application ID: rundll32.exe_winethc.dll5

Error: (08/17/2015 10:09:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program HTMLKit.exe version 1.0.0.292 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1d64

Start Time: 01d0d9631b2f8eee

Termination Time: 15

Application Path: C:\Program Files (x86)\Chami\HTML-Kit\Bin\HTMLKit.exe

Report Id: 8d422cc8-4556-11e5-bebc-34238711e4ce

Faulting package full name:

Faulting package-relative application ID:

Error: (08/10/2015 10:11:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17840, time stamp: 0x555fe1bb
Faulting module name: Flash.ocx, version: 18.0.0.209, time stamp: 0x55a1f0b1
Exception code: 0xc0000005
Fault offset: 0x000edbcf
Faulting process id: 0x2a5c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (08/08/2015 12:07:07 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (07/17/2015 09:46:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17840, time stamp: 0x555fe1bb
Faulting module name: Flash.ocx, version: 18.0.0.209, time stamp: 0x55a1f0b1
Exception code: 0xc0000005
Fault offset: 0x0034716f
Faulting process id: 0x5d0
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5


System errors:
=============
Error: (09/09/2015 03:43:33 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.

Error: (09/08/2015 08:18:16 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.

Error: (09/07/2015 09:41:29 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.

Error: (09/07/2015 09:33:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WMI Performance Adapter service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (09/07/2015 09:33:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Data Vault service terminated unexpectedly. It has done this 1 time(s).

Error: (09/07/2015 09:33:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/07/2015 09:33:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® ME Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/07/2015 09:33:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).

Error: (09/07/2015 09:33:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/07/2015 09:33:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Data Vault Wizard service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office:
=========================

CodeIntegrity:
===================================
Date: 2015-09-03 06:48:24.620
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-03 06:48:24.511
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-03 06:48:24.386
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-03 06:48:19.807
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-03 06:48:19.698
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-02 05:42:13.962
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-02 05:42:13.852
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-02 05:42:13.727
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-02 05:42:08.899
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-02 05:42:08.790
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 22%
Total physical RAM: 8143.21 MB
Available physical RAM: 6316.64 MB
Total Virtual: 9423.21 MB
Available Virtual: 7695.63 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:917.41 GB) (Free:853.85 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 9D724E75)

Partition: GPT.

==================== End of Addition.txt ============================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-09-2015
Ran by Terry (administrator) on KITCHEN (09-09-2015 20:17:46)
Running from C:\Users\Terry\Desktop
Loaded Profiles: Terry (Available Profiles: Terry & tacti_000)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(MyFamily.com, Inc.) C:\Program Files (x86)\Family Tree Maker 2006\Ftw.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188040 2013-05-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1307720 2013-04-24] (Realtek Semiconductor)
HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)
HKLM\...\Run: [btPreLoad] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtPreLoad.exe [64640 2012-12-28] ()
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTray.exe [9558752 2015-08-27] ()
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [129664 2012-12-28] (Qualcomm Atheros Commnucations)
HKU\S-1-5-21-4084636481-732014058-1395683245-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-02-12] (Google Inc.)
HKU\S-1-5-21-4084636481-732014058-1395683245-1001\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe [5904896 2010-08-27] (Logitech Inc.)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-07-01]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2015-09-03]
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
Startup: C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1510 series.lnk [2015-05-14]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1510 series.lnk -> C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 64.233.219.99 64.233.206.99
Tcpip\..\Interfaces\{7FFD6809-9AE7-459F-9381-1C35B70D7DAF}: [DhcpNameServer] 64.233.219.99 64.233.206.99

Internet Explorer:
==================
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4084636481-732014058-1395683245-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/
HKU\S-1-5-21-4084636481-732014058-1395683245-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4084636481-732014058-1395683245-1001 -> {CDFEB210-C27F-4F71-8829-7BE6BC33E083} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2012-12-28] (Qualcomm Atheros Commnucations)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-14] (Google Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-14] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-14] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-14] (Google Inc.)
Toolbar: HKU\S-1-5-21-4084636481-732014058-1395683245-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-14] (Google Inc.)
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB

FireFox:
========
FF ProfilePath: C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\gcmhupl0.default-1414872201493
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: hxxps://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-15] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-07-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-07-16] (Intel Corporation)
FF Plugin-x32: @meadco.com/neptune plugin,version=2.0.0.29 -> C:\PROGRA~2\MEADCO~1\npmeadax.dll [2007-09-05] (MeadCo Corp.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-10-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-10-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\gcmhupl0.default-1414872201493\searchplugins\mozilla-support.xml [2015-09-02]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [226944 2012-12-28] (Qualcomm Atheros Commnucations) [File not signed]
S2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe [145288 2015-04-09] (Dell Inc.)
S2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2573520 2015-05-22] (Dell Inc.)
S2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-05-22] (Dell Inc.)
S2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-05-21] (Hewlett-Packard Company)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-07-16] (Intel Corporation)
S3 iumsvc; c:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-07-16] (Intel Corporation)
S2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareService.exe [712432 2015-08-27] ()
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [224840 2013-05-10] (Realtek Semiconductor)
S2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.98.0\gzflt.sys [155912 2015-01-22] (BitDefender LLC)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-03] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-01-22] (BitDefender S.R.L.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-09 20:17 - 2015-09-09 20:18 - 00014672 _____ C:\Users\Terry\Desktop\FRST.txt
2015-09-09 20:17 - 2015-09-09 20:17 - 00000000 ____D C:\FRST
2015-09-09 20:15 - 2015-09-09 20:15 - 02190336 _____ (Farbar) C:\Users\Terry\Desktop\FRST64.exe
2015-09-09 03:47 - 2015-07-30 12:18 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2015-09-09 03:47 - 2015-07-30 11:22 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll
2015-09-09 03:47 - 2015-06-27 06:47 - 00118616 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-09-09 03:44 - 2015-08-03 16:15 - 00074928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2015-09-09 03:44 - 2015-08-03 16:15 - 00065600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2015-09-09 03:44 - 2015-08-01 09:22 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2015-09-09 03:44 - 2015-07-13 22:27 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsync.exe
2015-09-09 03:44 - 2015-07-13 14:10 - 00411455 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-09-08 12:42 - 2015-09-08 12:42 - 00003484 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
2015-09-07 21:34 - 2015-09-07 21:34 - 00000871 _____ C:\Users\Terry\Desktop\JRT.txt
2015-09-07 21:32 - 2015-09-07 21:32 - 01799392 _____ (Malwarebytes Corporation) C:\Users\Terry\Downloads\JRT (1).exe
2015-09-07 21:29 - 2015-09-07 21:29 - 00000854 _____ C:\Users\Terry\Desktop\AdwCleaner[C6].txt
2015-09-07 21:29 - 2015-09-07 21:29 - 00000000 ___RD C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-09-07 21:25 - 2015-09-07 21:25 - 01654784 _____ C:\Users\Terry\Downloads\AdwCleaner (1).exe
2015-09-07 21:21 - 2015-09-07 21:21 - 01654784 _____ C:\Users\Terry\Downloads\AdwCleaner.exe
2015-09-03 20:15 - 2015-09-03 20:19 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Terry\Downloads\mbam-setup-2.1.8.1057(1).exe
2015-09-03 14:28 - 2015-09-03 14:28 - 00000000 ____D C:\Users\Terry\AppData\Roaming\Lavasoft
2015-09-03 14:26 - 2015-09-07 21:28 - 00002347 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-09-03 14:26 - 2015-09-03 14:26 - 00000000 ____D C:\Users\Terry\AppData\Roaming\LavasoftStatistics
2015-09-03 14:26 - 2015-09-03 14:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-09-03 14:26 - 2015-09-03 14:26 - 00000000 ____D C:\Program Files\Lavasoft
2015-09-03 14:24 - 2015-09-03 14:24 - 02012464 _____ C:\Users\Terry\Downloads\Adaware_Installer.exe
2015-09-03 14:24 - 2015-09-03 14:24 - 00000000 ____D C:\ProgramData\Lavasoft
2015-09-03 14:24 - 2015-09-03 14:24 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2015-09-03 14:21 - 2015-09-03 14:21 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Terry\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-31 19:47 - 2015-08-31 19:47 - 00000000 ____D C:\Users\Terry\AppData\Local\Logitech® Webcam Software
2015-08-31 19:45 - 2015-08-31 19:45 - 00000000 ____D C:\ProgramData\LogiShrd
2015-08-31 19:44 - 2015-08-31 19:45 - 00004341 _____ C:\WINDOWS\LDPINST.LOG
2015-08-31 19:44 - 2015-08-31 19:44 - 00001658 _____ C:\Users\Public\Desktop\Logitech Webcam Software .lnk
2015-08-31 19:43 - 2015-08-31 19:44 - 74520472 _____ (Logitech, Inc.) C:\Users\Terry\Downloads\lws280.exe
2015-08-31 19:40 - 2015-08-31 19:40 - 15058768 _____ (Logitech Inc.) C:\Users\Terry\Downloads\LogitechVidSetup(1).exe
2015-08-31 19:38 - 2015-08-31 19:45 - 00000000 ____D C:\Program Files (x86)\Logitech
2015-08-31 19:38 - 2015-08-31 19:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-08-31 19:38 - 2015-08-31 19:40 - 00002023 _____ C:\Users\Public\Desktop\Logitech Vid HD.lnk
2015-08-31 19:38 - 2015-08-31 19:38 - 00000000 ____D C:\Users\Terry\Documents\SightSpeed Recordings
2015-08-31 19:38 - 2015-08-31 19:38 - 00000000 ____D C:\Users\Terry\AppData\Local\LogiShrd
2015-08-31 19:37 - 2015-08-31 19:37 - 15058768 _____ (Logitech Inc.) C:\Users\Terry\Downloads\LogitechVidSetup.exe
2015-08-28 23:57 - 2015-08-28 23:57 - 00000000 ____D C:\Program Files (x86)\Dell Update
2015-08-27 14:56 - 2015-08-28 23:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-23 13:24 - 2015-08-23 13:24 - 00515138 _____ C:\Users\Terry\Documents\master20150823.FBC
2015-08-19 06:19 - 2015-08-10 20:20 - 25191936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-08-19 06:19 - 2015-08-10 19:20 - 19871232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-08-17 21:41 - 2015-08-17 21:42 - 00042496 ___SH C:\Users\Terry\Downloads\Thumbs.db
2015-08-15 21:23 - 2015-08-15 21:23 - 18744520 _____ (Adobe Systems Incorporated) C:\Users\Terry\Downloads\install_flash_player.exe
2015-08-15 21:21 - 2015-08-15 21:21 - 18744520 _____ (Adobe Systems Incorporated) C:\Users\Terry\Downloads\install_flash_player_18_plugin.exe
2015-08-12 19:23 - 2015-08-12 19:42 - 00000375 _____ C:\Users\Terry\Documents\style~css.css
2015-08-12 19:19 - 2015-08-12 19:19 - 00000072 _____ C:\Users\Terry\Documents\style~css.txt
2015-08-12 19:13 - 2015-08-12 19:24 - 00000259 _____ C:\Users\Terry\Documents\index~cssclass.htm
2015-08-12 15:40 - 2015-08-12 15:40 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\2EB826DF.sys
2015-08-12 14:30 - 2015-07-30 09:04 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 14:30 - 2015-07-30 08:48 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 08:07 - 2015-07-18 20:58 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-08-12 08:07 - 2015-07-18 13:51 - 03704320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-12 08:07 - 2015-07-18 13:31 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-08-12 08:07 - 2015-07-18 13:31 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-08-12 08:07 - 2015-07-18 13:31 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-08-12 08:07 - 2015-07-18 13:29 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-08-12 08:07 - 2015-07-18 13:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-08-12 08:07 - 2015-07-18 13:29 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-08-12 08:07 - 2015-07-18 13:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-08-12 08:07 - 2015-07-18 13:12 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-08-12 08:07 - 2015-07-18 13:10 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-08-12 08:07 - 2015-07-18 13:09 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-08-12 08:06 - 2015-07-16 15:36 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-08-12 08:06 - 2015-07-16 15:36 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-08-12 08:06 - 2015-07-16 15:35 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-08-12 08:06 - 2015-07-16 15:26 - 05923328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-08-12 08:06 - 2015-07-16 15:23 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-08-12 08:06 - 2015-07-16 15:21 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-08-12 08:06 - 2015-07-16 14:53 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-08-12 08:06 - 2015-07-16 14:51 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-08-12 08:06 - 2015-07-16 14:50 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-08-12 08:06 - 2015-07-16 14:45 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-08-12 08:06 - 2015-07-16 14:45 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-08-12 08:06 - 2015-07-16 14:41 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-08-12 08:06 - 2015-07-16 14:39 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-08-12 08:06 - 2015-07-16 14:38 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-08-12 08:06 - 2015-07-16 14:36 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-08-12 08:06 - 2015-07-16 14:34 - 14451200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-08-12 08:06 - 2015-07-16 14:32 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-08-12 08:06 - 2015-07-16 14:14 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-08-12 08:06 - 2015-07-16 14:13 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-08-12 08:06 - 2015-07-16 14:12 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-08-12 08:06 - 2015-07-16 14:12 - 02427904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-08-12 08:06 - 2015-07-16 14:10 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-08-12 08:06 - 2015-07-16 14:06 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-08-12 08:06 - 2015-07-16 14:01 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-08-12 08:06 - 2015-07-16 13:52 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-08-12 08:06 - 2015-07-16 13:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-08-12 08:06 - 2015-07-16 13:42 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-08-12 08:06 - 2015-07-16 13:38 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-08-12 08:06 - 2015-07-16 13:37 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-08-12 08:06 - 2015-07-15 19:29 - 07458648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-12 08:06 - 2015-07-15 19:29 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-08-12 08:06 - 2015-07-15 19:29 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-12 08:06 - 2015-07-15 19:28 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-08-12 08:06 - 2015-07-10 12:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-12 08:06 - 2015-07-07 04:40 - 00270168 _

[Juliet]

Doesn't show much.

 

I think some of your problem could be your antivirus. Try disabling it when you want to try the Pit test again.

 

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:

To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

 

 

 

 

start

CreateRestorePoint:

CloseProcesses:

AlternateDataStreams: C:\Users\tacti_000\SkyDrive:ms-properties

AlternateDataStreams: C:\Users\Terry\OneDrive:ms-properties

HKLM\...\Run: [] => [X]

Internet Explorer: HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-4084636481-732014058-1395683245-1001 -> {CDFEB210-C27F-4F71-8829-7BE6BC33E083} URL =

C:\Users\Terry\AppData\Local\Temp\Quarantine.exe

C:\Users\Terry\AppData\Local\Temp\sqlite3.dll

C:\Users\Terry\AppData\Local\Temp\vlc-2.1.5-win32.exe

EmptyTemp:

End

Open FRST/FRST64 and press the > Fix < button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

~~~~~~~~~~~~~~`

 

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.

Most reliable and thorough.

The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.

This scanner can take quite a bit of time to run, depending of course how full your computer is.

 

 

 

Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

 

ESET Online Scan

Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

• Please download ESET Online Scan and save the file to your Desktop.
• Temporarily disable your anti-virus software. For instructions, please refer to the following link.
• Double-click esetsmartinstaller_enu.exe to run the programme.
• Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
• Agree to the Terms of Use once more and click Start. Allow components to download.
• Place a checkmark next to Enable detection of potentially unwanted applications.
• Click Advanced settings. Place a checkmark next to:
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
• Ensure Remove found threats is unchecked.
• Click Start.
• Wait for the scan to finish. Please be patient as this can take some time.
• Upon completion, click . If no threats were found, skip the next two bullet points.
• Click and save the file to your Desktop, naming it something such as "MyEsetScan".
• Push the Back button.
• Place a checkmark next to and click .
• Re-enable your anti-virus software.
• Copy the contents of the log and paste in your next reply.

Please post these 2 logs when finished.

 

How's your computer now?

[tacticaltal]

How do I disable my virus and malware protections? I'm not sure if I have any other than a free McAfee tool.

 

Meanwhile, here's the FixLog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:10-09-2015
Ran by Terry (2015-09-10 13:04:22) Run:1
Running from C:\Users\Terry\Desktop
Loaded Profiles: Terry (Available Profiles: Terry & tacti_000)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
AlternateDataStreams: C:\Users\tacti_000\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Terry\OneDrive:ms-properties
HKLM\...\Run: [] => [X]
Internet Explorer: HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4084636481-732014058-1395683245-1001 -> {CDFEB210-C27F-4F71-8829-7BE6BC33E083} URL =
C:\Users\Terry\AppData\Local\Temp\Quarantine.exe
C:\Users\Terry\AppData\Local\Temp\sqlite3.dll
C:\Users\Terry\AppData\Local\Temp\vlc-2.1.5-win32.exe
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
"C:\Users\tacti_000\SkyDrive" => ":ms-properties" ADS not found.
"C:\Users\Terry\OneDrive" => ":ms-properties" ADS not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\Internet Explorer: .DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-4084636481-732014058-1395683245-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CDFEB210-C27F-4F71-8829-7BE6BC33E083}" => key removed successfully
HKCR\CLSID\{CDFEB210-C27F-4F71-8829-7BE6BC33E083} => key not found.
C:\Users\Terry\AppData\Local\Temp\Quarantine.exe => moved successfully
C:\Users\Terry\AppData\Local\Temp\sqlite3.dll => moved successfully
C:\Users\Terry\AppData\Local\Temp\vlc-2.1.5-win32.exe => moved successfully
EmptyTemp: => 1.3 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 13:05:33 ====

[Juliet]

According to your logs, you have

Ad-Aware Antivirus

 

http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html

 

the above link has instructions on how to disable temporarily to try and run a Pit test.

 

overall, how is your computer now?

[tacticaltal]

Well, there were no logs from ESET, but nothing was found.

 

I get popup windows from Windows 8 Driver Optimizer, and I'm sure it's a scam because I never ask for it.

 

Browsing with IE seems a bit better than with FF, which is my main browser.

 

I am still unable to test at the Pit.

[Juliet]

You had a high amount of bad extensions for Firefox/Chrome/ and IE.

 

Instructions on how to backup your Favorites/Bookmarks and other data can be found below.

• Backup Internet Explorer Favourites
• Backup Firefox Bookmarks
• Backup Chrome Bookmarks

   

  Proceed with the reset once done.

• Internet Explorer: How to reset Internet Explorer settings
• Firefox: Reset Firefox
• Chrome: Chrome - Reset browser settings

~~~~~~~~~~~~~~~~~~~~~~`

 

Please locate AdwCleaner and JRT and drag to the recycle bin.

 

I would like for you to download again and run the scans over.

 

AdwCleaner

• Please download AdwCleaner and save the file to your Desktop.
• Right-Click AdwCleaner.exe and select Run as administrator to run the programme.
• Follow the prompts.
• Click Scan.
• Upon completion, click Report. A log (AdwCleaner[sX].txt) will open. Briefly check the log for anything you know to be legitimate.
• Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
• Follow the prompts and allow your computer to reboot.
• After rebooting, a log (AdwCleaner[sX].txt) will open. Copy the contents of the log and paste in your next reply.
• -- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

   

  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

   

   

  

  Please download Junkware Removal Tool

  or from here http://downloads.malwarebytes.org/file/jrt

  to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  ~~~~~~~~~~~~~~~~~~~~`

   

  1.Please download HitmanPro

  • For 32-bit Operating System - .
  • For 64-bit Operating System -
  2.Launch the program by double clicking on the icon.

   

  Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

   

  3.Click on the next button. You must agree with the terms of EULA. (if asked)

   

  4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

   

  5.Click on the next button.

   

  6.The program will start to scan the computer. The scan will typically take no more than 5-10 minutes.

   

  7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!

   

  8.Click on the next button.

   

  9.Click on the "Save Log" button.

   

  10.Save that file to your desktop and post the content of that file in your next reply.

   

  Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

   

  

   

  Navigate to C:\Documents and Settings\All Users\Application Data\HitmanPro\Logs (for Windows XP) or to C:\ProgramData\HitmanPro\Logs (for Windows Vista/7) open the report and copy and paste it to your next reply.

   

  ~~~~~~~~~~~~~~~~~~~~~~~~~~~`

  please post

  AdwCleaner[CX].txt

  JRT.txt

  HitmanPro log

[cheddaboy]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.1 (09.08.2015:1)
OS: Windows 8.1 x64
Ran by Terry on Sun 09/13/2015 at 17:00:36.49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Tasks

Successfully deleted: [Task] C:\WINDOWS\system32\tasks\PCDEventLauncherTask

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 09/13/2015 at 17:02:04.50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

# AdwCleaner v5.007 - Logfile created 13/09/2015 at 16:54:34
# Updated 08/09/2015 by Xplode
# Database : 2015-09-10.1 [server]
# Operating system : Windows 8.1 (x64)
# Username : Terry - KITCHEN
# Running from : C:\Users\Terry\Desktop\AdwCleaner (2).exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\{4B9BA358-1B19-72DE-AA9F-025C7A1DD1D2}
[-] Folder Deleted : C:\ProgramData\{7417E72F-E156-403E-9DFA-EB0ED1DB06F1}
[-] Folder Deleted : C:\ProgramData\{8AF32939-989B-460A-8726-CA2C776032A1}

***** [ Files ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
[!] Key Not Deleted : HKU\S-1-5-21-4084636481-732014058-1395683245-1001\Software\AppDataLow\Software\adawarebp

***** [ Web browsers ] *****

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C7].txt - [1002 bytes] ##########

 

 

HitmanPro 3.7.9.245
www.hitmanpro.com
   Computer name . . . . : KITCHEN
   Windows . . . . . . . : 6.3.0.9600.X64/8
   User name . . . . . . : KITCHEN\Terry
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
   Scan date . . . . . . : 2015-09-13 17:04:41
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 3m 41s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 48
   Objects scanned . . . : 1,725,694
   Files scanned . . . . : 39,436
   Remnants scanned  . . : 375,711 files / 1,310,547 keys
Suspicious files ____________________________________________________________
   C:\Users\Terry\Desktop\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2,190,336 bytes
      Age  . . . . . . . : 3.9 days (2015-09-09 20:15:38)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 18FE5FED416A8674D19B3735348EAF7AF9C27CF342AF5DA4968436294AC383F2
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
   C:\Users\Terry\Desktop\FRST64.exe
      Size . . . . . . . : 2,190,848 bytes
      Age  . . . . . . . : 3.2 days (2015-09-10 13:04:16)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 91AEFEC0D643AED08373A2815CECC770BE3D25A576AE037FB409130FAA3D15CB
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\Terry\Desktop\FRST64.exe
          1.6s C:\Users\Terry\Desktop\FRST-OlderVersion\
          6.2s C:\FRST\Logs\ct
          6.2s C:\Users\Terry\Desktop\Fixlog.txt

Cookies _____________________________________________________________________
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ad.360yield.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ad.doubleclick.net
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:adlegend.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ads.creative-serving.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ads.pointroll.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ads.pubmatic.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ads.smartstream.tv
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ads.stickyadstv.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ads.undertone.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ads.vidible.tv
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:adserver.adreactor.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:adtech.de
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:adtechus.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:advertising.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ar.atwola.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:at.atwola.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:atdmt.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:atwola.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:bs.serving-sys.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:burstnet.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:casalemedia.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:collective-media.net
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:dmtracker.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:doubleclick.net
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:fastclick.net
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:in.getclicky.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:kontera.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:media6degrees.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:mediaplex.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:msnbc.112.2o7.net
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:pointroll.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:questionmarket.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:revsci.net
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ru4.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:serving-sys.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:smartadserver.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:stat.komoona.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:statcounter.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:stats.paypal.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:statse.webtrendslive.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:survey.g.doubleclick.net
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:tacoda.at.atwola.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:tribalfusion.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:www.burstnet.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:yellgroup.122.2o7.net
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:zedo.com

 

 

HitmanPro 3.7.9.245
www.hitmanpro.com
   Computer name . . . . : KITCHEN
   Windows . . . . . . . : 6.3.0.9600.X64/8
   User name . . . . . . : KITCHEN\Terry
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
   Scan date . . . . . . : 2015-09-13 17:04:41
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 3m 41s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 48
   Objects scanned . . . : 1,725,694
   Files scanned . . . . : 39,436
   Remnants scanned  . . : 375,711 files / 1,310,547 keys
Suspicious files ____________________________________________________________
   C:\Users\Terry\Desktop\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2,190,336 bytes
      Age  . . . . . . . : 3.9 days (2015-09-09 20:15:38)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 18FE5FED416A8674D19B3735348EAF7AF9C27CF342AF5DA4968436294AC383F2
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
   C:\Users\Terry\Desktop\FRST64.exe
      Size . . . . . . . : 2,190,848 bytes
      Age  . . . . . . . : 3.2 days (2015-09-10 13:04:16)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 91AEFEC0D643AED08373A2815CECC770BE3D25A576AE037FB409130FAA3D15CB
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\Terry\Desktop\FRST64.exe
          1.6s C:\Users\Terry\Desktop\FRST-OlderVersion\
          6.2s C:\FRST\Logs\ct
          6.2s C:\Users\Terry\Desktop\Fixlog.txt

Cookies _____________________________________________________________________
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ad.360yield.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ad.doubleclick.net
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:adlegend.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ads.creative-serving.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ads.pointroll.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ads.pubmatic.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ads.smartstream.tv
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ads.stickyadstv.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ads.undertone.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ads.vidible.tv
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:adserver.adreactor.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:adtech.de
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:adtechus.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:advertising.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ar.atwola.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:at.atwola.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:atdmt.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:atwola.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:bs.serving-sys.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:burstnet.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:casalemedia.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:collective-media.net
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:dmtracker.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:doubleclick.net
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:fastclick.net
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:in.getclicky.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:kontera.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:media6degrees.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:mediaplex.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:msnbc.112.2o7.net
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:pointroll.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:questionmarket.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:revsci.net
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:ru4.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:serving-sys.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:smartadserver.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:stat.komoona.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:statcounter.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:stats.paypal.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:statse.webtrendslive.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:survey.g.doubleclick.net
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:tacoda.at.atwola.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:tribalfusion.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:www.burstnet.com
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:yellgroup.122.2o7.net
   C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\z02a8snm.default-1442180732148\cookies.sqlite:zedo.com

[Juliet]

Did you reset browsers?

 

What Hitman found was cookies

 

Delete cookies Firefox

https://support.mozilla.org/en-US/kb/delete-cookies-remove-info-websites-stored

 

~~~~~~~~~~~~~~

 

The item AdwCleaner did not remove

[!] Key Not Deleted : HKU\S-1-5-21-4084636481-732014058-1395683245-1001\Software\AppDataLow\Software\adawarebp

 

adawarebp.exe. Command: %CommonAppData%\Ad-Aware Browsing Protection\adawarebp.exe. Description: This file is part Safe Browsing component of the Ad-Aware Security Toolbar by Lavasoft which may be installed as a separate program and is also bundled with their AdAware program.

Ad-Aware Security Toolbar

You can go to the control panel and remove the toolbar.

 

http://www.bleepingcomputer.com/startups/adawarebp-27154.html

 

This file is part Safe Browsing component of the Ad-Aware Security Toolbar by Lavasoft which may be installed as a separate program and is also bundled with their AdAware program. This startup is responsible for the appearance of www.pagenotfound.co in certain situations. Starting with version 10 of AdAware, this program cannot be run in tandem with other security programs. If you are experiencing problems with the Safe Browsing element of AdAware, it is advised to completely uninstall the entire software package and choose another security product.

 

How is the computer now?

Edited September 14, 2015 by Juliet

[tacticaltal]

I removed AdAware, but I didn't see the Ad-Aware Security Toolbar. I did this in Add/Remove Programs, I guess that was the correct place in Control Panel (I HATE Windows 8).

 

I did reset both browsers.

 

I believe Hitman may have deleted the Cookies, but I didn't. I know how, I just didn't after I seen that I had to relog in with password everywhere.

 

I guess the computer is running better, and I haven't seen a spam Ad, but I'm still unable to hit the Pit.

 

Earlier you said "You had a high amount of bad extensions for Firefox/Chrome/ and IE" What are those, and did they get fixed?

[Juliet]

 

I guess the computer is running better, and I haven't seen a spam Ad, but I'm still unable to hit the Pit.

 

Earlier you said "You had a high amount of bad extensions for Firefox/Chrome/ and IE" What are those, and did they get fixed?

 

I'll have to send you to a different forum for help with not being able to run a pit test. Since it's not related to malware but rather maybe system settings.(my opinion)

 

http://forums.pcpitstop.com/index.php?/forum/19-post-your-pit-test-results/

Post a topic in this forum and see if the guys there can help figure out why the Pit Test wont run.

 

You did have a few bad extensions early on and the tools we ran took care of those.

 

 

I removed AdAware, but I didn't see the Ad-Aware Security Toolbar

The Ad-Aware Security Toolbar should had come out with it when you removed it.

 

 

Are we ready to remove tools and quarantine folders?

[Juliet]

Also, read over this article for different antivirus software for windows 8

 

http://www.pcworld.com/article/259876/antivirus_on_windows_8_looking_at_your_options.html

[tacticaltal]

Are we ready to remove tools and quarantine folders?

 

Yes.

[Juliet]

DelFix

• Please download DelFix or from Here and save the file to your Desktop.
• Double-click DelFix.exe to run the programme.
• Place a checkmark next to the following items:
• Activate UAC
• Remove disinfection tools
• Click the Run button.
• -- This will remove the specialized tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

   

  ~~~~~~~~~~~~~~~~~~~~~~~~~~~

   

• Answers to common security questions - Best Practices by quietman7, MVP
• How Malware Spreads - How did I get infected? by quietman7, MVP
• Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams, MVP
• How to Prevent Malware by miekiemoes, MVP
• How to backup and restore your data using Cobian Backup by YourHighness
• Slow Computer/browser? It May Not Be Malware by quietman7, MVP

   

  The following programmes come highly recommended in the security community.

• AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
• CryptoPrevent places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
• Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
• Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
• NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
• Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
• Secuina PSI will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
• SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
• Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

   

  Want to help others? Join the ClassRoom and learn how.

[Juliet]

Glad we could help.

 

Since this issue appears resolved ... this Topic is closed.