Jump to content

Unwanted pop-up windows, hypertext and who knows what else


baldyj

Recommended Posts

I borrowed my son's laptop a few hours ago to check my email and noticed a slew of unorthodox search engines showed up in Chrome.  Then, I noticed strange hypertext directing me to links in "Shop Browser," and also some miscellaneous search suggestions from Conduit search.  Well, I ran MWBAM; around 150 items were found and I quarantined 'em all.  I restarted, got rid of some settings (home page stuff, unwanted search engines) in Chrome, closed Chrome and then ran another MWBAM scan.  The second scan showed up clean; zero malicious items detected.


 


Still, however, these pop-ups are appearing; also the hypertext.  So, here are my Farbar FRST.txt and Addition.txt scans (attached).  Please help!


 


FRST.txt


Addition.txt


Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

    [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Link to post
Share on other sites

Hello Marius,

 

Thanks very much for responding so quickly.  As for me, this may be my last post for a few hours, as I have to go to work (without the computer) shortly.  In any event, your help is much appreciated.  Here, then, are the results of my GMER scan:

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-09-10 07:51:07
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000003f ST500LT012-1DG142 rev.1002YAM1 465.76GB
Running: 344rms33.exe; Driver: C:\Users\Carl\AppData\Local\Temp\kwtirpod.sys
 
 
---- Threads - GMER 2.1 ----
 
Thread   C:\Windows\system32\csrss.exe [6280:6316]                                                                                                                                                                                                                      fffff960009775e8
Thread   C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe [5812:912]                                                                                                                                      000007fcdb5323a8
Thread   C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe [5812:3820]                                                                                                                                     000007fcd27b77b0
Thread   C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe [5812:3524]                                                                                                                                     000007fcd27b77b0
Thread   C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe [5812:6704]                                                                                                                                     000007fcdbf35b20
Thread   C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe [5812:1476]                                                                                                                                     000007fcda485990
Thread   C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe [5812:56]                                                                                                                                       000007fcdad33af0
---- Processes - GMER 2.1 ----
 
Library  C:\Windows\SYSTEM32\RTCOM\RtDataProc.dll (*** suspicious ***) @ C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe [1276] (                                                                                                                            0000000072d20000
Library  C:\Users\Carl\AppData\Local\VNT\vntsrv.dll (*** suspicious ***) @ C:\Users\Carl\AppData\Local\VNT\vntldr.exe [6844] (Virtual New Tab Server/APN LLC.)(2014-03-14 01:32:15)                                                                                     000000006a990000
Process  C:\Users\Carl\AppData\Local\Temp\ocr2CAE.tmp\bin\rubyw.exe (*** suspicious ***) @ C:\Users\Carl\AppData\Local\Temp\ocr2CAE.tmp\bin\rubyw.exe [2908] (Ruby interpreter (GUI) 1.9.3p448 [i386-mingw32]/http://www.ruby-lang.org/)(2014-09-10 13:43:57)           0000000000400000
Library  C:\Users\Carl\AppData\Local\Temp\ocr2CAE.tmp\bin\msvcrt-ruby191.dll (*** suspicious ***) @ C:\Users\Carl\AppData\Local\Temp\ocr2CAE.tmp\bin\rubyw.exe [2908] (Ruby interpreter (DLL) 1.9.3p448 [i386-mingw32]/http://www.ruby-lang.org/)(2014-09-10 13:43:57)  0000000062d00000
Library  C:\Users\Carl\AppData\Local\Temp\ocr2CAE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so (*** suspicious ***) @ C:\Users\Carl\AppData\Local\Temp\ocr2CAE.tmp\bin\rubyw.exe [2908](2014-09-10 13:43:59)                                                            0000000071280000
Library  C:\Users\Carl\AppData\Local\Temp\ocr2CAE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so (*** suspicious ***) @ C:\Users\Carl\AppData\Local\Temp\ocr2CAE.tmp\bin\rubyw.exe [2908](2014-09-10 13:43:59)                                                       0000000070600000
Library  C:\Users\Carl\AppData\Local\Temp\ocr2CAE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so (*** suspicious ***) @ C:\Users\Carl\AppData\Local\Temp\ocr2CAE.tmp\bin\rubyw.exe [2908](2014-09-10 13:43:59)                                                    000000006dd40000
Library  C:\Users\Carl\AppData\Local\Temp\ocr2CAE.tmp\src\rgloader\rgloader193.mswin.so (*** suspicious ***) @ C:\Users\Carl\AppData\Local\Temp\ocr2CAE.tmp\bin\rubyw.exe [2908](2014-09-10 13:43:51)                                                                   0000000010000000
Library  C:\Users\Carl\AppData\Local\Temp\ocr2CAE.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so (*** suspicious ***) @ C:\Users\Carl\AppData\Local\Temp\ocr2CAE.tmp\bin\rubyw.exe [2908](2014-09-10 13:44:26)                                                                  0000000065000000
Process  C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\bin\rubyw.exe (*** suspicious ***) @ C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\bin\rubyw.exe [6364] (Ruby interpreter (GUI) 1.9.3p448 [i386-mingw32]/http://www.ruby-lang.org/)(2014-09-10 13:44:50)           0000000000400000
Library  C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\bin\msvcrt-ruby191.dll (*** suspicious ***) @ C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\bin\rubyw.exe [6364] (Ruby interpreter (DLL) 1.9.3p448 [i386-mingw32]/http://www.ruby-lang.org/)(2014-09-10 13:44:50)  0000000062d00000
Library  C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so (*** suspicious ***) @ C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\bin\rubyw.exe [6364](2014-09-10 13:44:51)                                                            0000000071280000
Library  C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so (*** suspicious ***) @ C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\bin\rubyw.exe [6364](2014-09-10 13:44:51)                                                       0000000070600000
Library  C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so (*** suspicious ***) @ C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\bin\rubyw.exe [6364](2014-09-10 13:44:51)                                                    000000006dd40000
Library  C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\src\rgloader\rgloader193.mswin.so (*** suspicious ***) @ C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\bin\rubyw.exe [6364](2014-09-10 13:44:50)                                                                   0000000010000000
Library  C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so (*** suspicious ***) @ C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\bin\rubyw.exe [6364](2014-09-10 13:44:51)                                              0000000002640000
Library  C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so (*** suspicious ***) @ C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\bin\rubyw.exe [6364](2014-09-10 13:44:52)                                                               000000006e600000
Library  C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so (*** suspicious ***) @ C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\bin\rubyw.exe [6364](2014-09-10 13:44:52)                                                                 000000006a400000
Library  C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\bin\zlib1.dll (*** suspicious ***) @ C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\bin\rubyw.exe [6364](2014-09-10 13:44:50)                                                                                       0000000002660000
Library  C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so (*** suspicious ***) @ C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\bin\rubyw.exe [6364](2014-09-10 13:44:52)                                                             0000000065080000
Library  C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so (*** suspicious ***) @ C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\bin\rubyw.exe [6364](2014-09-10 13:44:52)                                                              00000000671c0000
Library  C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\bin\LIBEAY32.dll (*** suspicious ***) @ C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\bin\rubyw.exe [6364] (OpenSSL shared library/The OpenSSL Project, http://www.openssl.org/)(2014-09-10 13:44:50)              0000000063000000
Library  C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\bin\SSLEAY32.dll (*** suspicious ***) @ C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\bin\rubyw.exe [6364] (OpenSSL shared library/The OpenSSL Project, http://www.openssl.org/)(2014-09-10 13:44:51)              000000006e400000
Library  C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so (*** suspicious ***) @ C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\bin\rubyw.exe [6364](2014-09-10 13:44:52)                                                               0000000068000000
Library  C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so (*** suspicious ***) @ C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\bin\rubyw.exe [6364](2014-09-10 13:44:52)                                                                000000006a1c0000
Library  C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so (*** suspicious ***) @ C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\bin\rubyw.exe [6364](2014-09-10 13:44:53)                                                                  0000000065000000
Library  C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so (*** suspicious ***) @ C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\bin\rubyw.exe [6364](2014-09-10 13:44:53)                                                      000000006fac0000
Library  C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so (*** suspicious ***) @ C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\bin\rubyw.exe [6364](2014-09-10 13:44:53)                                                         0000000070f40000
Library  C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so (*** suspicious ***) @ C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\bin\rubyw.exe [6364](2014-09-10 13:44:51)                                                         0000000065480000
Library  C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so (*** suspicious ***) @ C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\bin\rubyw.exe [6364](2014-09-10 13:44:53)                                                         000000006ffc0000
Library  C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so (*** suspicious ***) @ C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\bin\rubyw.exe [6364](2014-09-10 13:44:53)                                                         000000006d100000
Library  C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so (*** suspicious ***) @ C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\bin\rubyw.exe [6364](2014-09-10 13:44:53)                                                   000000006adc0000
Library  C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so (*** suspicious ***) @ C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\bin\rubyw.exe [6364](2014-09-10 13:44:53)                                                             000000006ab80000
Library  C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so (*** suspicious ***) @ C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\bin\rubyw.exe [6364](2014-09-10 13:44:53)                                                                   000000006c280000
Library  C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so (*** suspicious ***) @ C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\bin\rubyw.exe [6364](2014-09-10 13:44:53)                                                               0000000070a40000
Library  C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\bin\libffi-6.dll (*** suspicious ***) @ C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\bin\rubyw.exe [6364](2014-09-10 13:44:51)                                                                                    000000006b740000
Library  C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so (*** suspicious ***) @ C:\Users\Carl\AppData\Local\Temp\ocr145E.tmp\bin\rubyw.exe [6364](2014-09-10 13:44:51)                                                  000000006d400000
 
---- Disk sectors - GMER 2.1 ----
 
Disk     \Device\Harddisk0\DR0                                                                                                                                                                                                                                          unknown MBR code
 
---- EOF - GMER 2.1 ----
Link to post
Share on other sites

Sorry, I´ve missed your topic.

 

Please post into code boxes in the future.

 

You told us that you removed several items with Malwarebytes´ Antimalware. This tool creates a log on every run and we need to see them.

  • The logs can be found here:

-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-yyyy-mm-dd

-- Vista, Windows 7, 2008: C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-yyyy-mm-dd

  • Zip any and all of these logs and attach the file to your next reply.
Link to post
Share on other sites

Please see the log (pasted below) from that 10 September MWBAM scan.  In the meantime, I've noticed and uninstalled an annoying piece of software called Blitz Media Player.  Getting rid of that seems to have eliminated some of the problems; not all.  In any event, here's that MWBAM log:

Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 9/10/2014Scan Time: 3:40:46 AMLogfile: sep10.txtAdministrator: YesVersion: 2.00.2.1012Malware Database: v2014.09.10.03Rootkit Database: v2014.08.21.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 8CPU: x64File System: NTFSUser: CarlScan Type: Threat ScanResult: CompletedObjects Scanned: 326587Time Elapsed: 32 min, 44 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: WarnPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 76PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{FCAA1E14-027D-A4C3-2D75-BCC1751CF48E}, Quarantined, [5aa1519a6a1164d2b18e6fea4cb59070], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{FCAA1E14-027D-A4C3-2D75-BCC1751CF48E}, Quarantined, [5aa1519a6a1164d2b18e6fea4cb59070], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\safEweb.safEweb, Quarantined, [5aa1519a6a1164d2b18e6fea4cb59070], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\safEweb.safEweb.1.1, Quarantined, [5aa1519a6a1164d2b18e6fea4cb59070], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\safEweb.safEweb, Quarantined, [5aa1519a6a1164d2b18e6fea4cb59070], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\safEweb.safEweb.1.1, Quarantined, [5aa1519a6a1164d2b18e6fea4cb59070], PUP.Optional.MultiPlug.A, HKU\S-1-5-21-2247102669-272500150-425611537-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FCAA1E14-027D-A4C3-2D75-BCC1751CF48E}, Quarantined, [5aa1519a6a1164d2b18e6fea4cb59070], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{FCAA1E14-027D-A4C3-2D75-BCC1751CF48E}, Quarantined, [5aa1519a6a1164d2b18e6fea4cb59070], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{FCAA1E14-027D-A4C3-2D75-BCC1751CF48E}\INPROCSERVER32, Quarantined, [5aa1519a6a1164d2b18e6fea4cb59070], PUP.Optional.VBates, HKLM\SOFTWARE\CLASSES\CLSID\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}, Quarantined, [22d9effc7704eb4b84387114748e27d9], PUP.Optional.VBates, HKLM\SOFTWARE\CLASSES\CLSID\{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}\INPROCSERVER32, Quarantined, [22d9effc7704eb4b84387114748e27d9], PUP.Optional.VBates, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}, Quarantined, [22d9effc7704eb4b84387114748e27d9], PUP.Optional.Linkey.A, HKLM\SOFTWARE\CLASSES\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, Quarantined, [ae4d5b9097e462d43aeadca7dd25b34d], PUP.Optional.Linkey.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, Quarantined, [ae4d5b9097e462d43aeadca7dd25b34d], PUP.Optional.SavingsWizard.A, HKLM\SOFTWARE\CLASSES\CLSID\{5682CA62-1A80-40AE-82A0-B67833CE75FF}, Quarantined, [17e47873aecd989ece37add8d72b758b], PUP.Optional.SavingsWizard.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{5682CA62-1A80-40AE-82A0-B67833CE75FF}, Quarantined, [17e47873aecd989ece37add8d72b758b], PUP.Optional.FreeFileConverter.A, HKLM\SOFTWARE\CLASSES\CLSID\{59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB}, Quarantined, [9962a645c6b576c0a264047f8b7735cb], PUP.Optional.FreeFileConverter.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{59A062A1-5ECA-4A1A-BC44-B2A9283A8ACB}, Quarantined, [9962a645c6b576c0a264047f8b7735cb], PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}, Quarantined, [e01b8764592248ee80236519f11134cc], PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}, Quarantined, [e01b8764592248ee80236519f11134cc], PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}, Quarantined, [e01b8764592248ee80236519f11134cc], PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}, Quarantined, [e01b8764592248ee80236519f11134cc], PUP.Optional.MySearchDial.A, HKU\S-1-5-21-2247102669-272500150-425611537-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [9b603cafe99203339a561f6016ecea16], PUP.Optional.SavingsWizard.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{39B931CF-F1E2-4D04-8129-9EE8159A91C5}, Quarantined, [01faf8f3afcce15511f5d4b10ef4ce32], PUP.Optional.SavingsWizard.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{CEADAE6E-E08C-4950-BEBF-149EFD998248}, Quarantined, [f308806bf7841b1be224b8cdda286b95], PUP.Optional.SavingsWizard.A, HKLM\SOFTWARE\CLASSES\TypeLib\{39B931CF-F1E2-4D04-8129-9EE8159A91C5}, Quarantined, [a655d01bc6b5e84e8e785f269d652bd5], PUP.Optional.GetNow.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{237FDFDB-3722-470E-8BA8-90196DABE967}, Quarantined, [e01b569580fbbf7757f224622dd5a957], PUP.Optional.GetNow.A, HKLM\SOFTWARE\CLASSES\TypeLib\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}, Quarantined, [8c6fc823304b80b64702a0e6af53ab55], PUP.Optional.VbatesHelper.A, HKLM\SOFTWARE\V-bates, Quarantined, [09f29a515a2136004edaf23b9c674cb4], PUP.Optional.Linkey.A, HKLM\SOFTWARE\LINKEY, Quarantined, [1ae1cd1ec9b2ee48b22741ddd52edf21], PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\bitguard.exe, Quarantined, [6992f3f886f51e18e27484df17ede61a], PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\bprotect.exe, Quarantined, [62996f7cf18a5ed821367ee51be943bd], PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\bpsvc.exe, Quarantined, [699213d8d2a9310579df66fda361936d], PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\browserdefender.exe, Quarantined, [9764aa413c3f42f42c2d362df11359a7], PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\browserprotect.exe, Quarantined, [a7542ac1225941f570ea0f54e1231fe1], PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\browsersafeguard.exe, Quarantined, [5aa127c41962d75f0b50243f10f451af], PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\dprotectsvc.exe, Quarantined, [c93232b91665ce68005c81e206fe55ab], PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\protectedsearch.exe, Quarantined, [1edde7046f0c38fec797540f2ada27d9], PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\searchprotection.exe, Quarantined, [f704e308403b75c1bba5550ebe46cd33], PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\snapdo.exe, Quarantined, [7f7cfeed06753204471d2e35ab597789], PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\stinst32.exe, Quarantined, [15e66e7d413a2b0b60054f143acad927], PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\stinst64.exe, Quarantined, [22d90cdf5a2160d683e2471c7193ac54], PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\utiljumpflip.exe, Quarantined, [a853a04bde9dfa3cff68eb7863a1a65a], PUP.Optional.VBates, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}_IS1, Quarantined, [7e7df9f21d5e1620abf3550edc28ed13], PUP.Optional.SWBooster.A, HKLM\SOFTWARE\WOW6432NODE\SW-Booster, Quarantined, [38c33dae13688babb5b731d921e2bf41], PUP.Optional.FastSearchings, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, Quarantined, [af4ce70491eaec4a346fb1b2f80c9868], PUP.Optional.IFEO.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\bitguard.exe, Quarantined, [29d2e2090f6ca98dcf879bc84eb6f50b], PUP.Optional.IFEO.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\bprotect.exe, Quarantined, [42b906e5700bae88d483ef742adad42c], PUP.Optional.IFEO.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\bpsvc.exe, Quarantined, [2ccfeefd4e2d5cdab6a2a3c0ca3a34cc], PUP.Optional.IFEO.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\browserdefender.exe, Quarantined, [ac4f668596e569cdd089ec775ca8fb05], PUP.Optional.IFEO.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\browserprotect.exe, Quarantined, [39c2b635b5c6043267f390d341c317e9], PUP.Optional.IFEO.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\browsersafeguard.exe, Quarantined, [2ccff8f3d9a28caaff5c9dc68f75ff01], PUP.Optional.IFEO.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\dprotectsvc.exe, Quarantined, [7487ffec99e2d4622339bea5b64eea16], PUP.Optional.IFEO.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\protectedsearch.exe, Quarantined, [13e84ba01f5cf14562fc01622adadf21], PUP.Optional.IFEO.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\searchprotection.exe, Quarantined, [cd2e6b805b2072c48bd586ddb84c48b8], PUP.Optional.IFEO.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\snapdo.exe, Quarantined, [a05b9b501e5d290d1b49e77c64a0cc34], PUP.Optional.IFEO.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\stinst32.exe, Quarantined, [a853ac3fbbc09a9cfe67c0a3b64ef50b], PUP.Optional.IFEO.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\stinst64.exe, Quarantined, [f10a2fbcef8c7abc95d03b28768e9a66], PUP.Optional.IFEO.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\utiljumpflip.exe, Quarantined, [b44722c9d2a91b1be087075cae56a957], PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4820778D-AB0D-6D18-C316-52A6A0E1D507}, Quarantined, [58a34c9f5f1cf442713a7980bc46c739], PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5F189DF5-2D05-472B-9091-84D9848AE48B}{d0e87c27}, Quarantined, [04f703e80477280ed35d24e304ff6898], PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT, Quarantined, [4fac0cdf017a85b1b374f315857e18e8], PUP.Optional.AdvancedSystemProtector.A, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\Advanced System Protector, Quarantined, [82791ccfa7d4c0763c195f9ca35f24dc], PUP.Optional.RegCleanPro.A, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\RegClean Pro, Quarantined, [30cbd9123348f73f57831ce9b94a926e], PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd, Quarantined, [5f9c6883eb90280ebf73858160a317e9], PUP.Optional.Booster, HKLM\SOFTWARE\WOW6432NODE\{5F189DF5-2D05-472B-9091-84D9848AE48B}\_D0E87C27, Quarantined, [6596e30888f3fb3bb9ef6003996bb64a], PUP.Optional.Booster, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\D0E87C27, Quarantined, [26d50ae1ccaf5adcbceba5be4bb9ac54], PUP.Optional.SystemK.A, HKU\S-1-5-21-2247102669-272500150-425611537-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SystemK, Quarantined, [31ca48a34b30d363008f917bc83b10f0], PUP.Optional.SystemSpeedup, HKU\S-1-5-21-2247102669-272500150-425611537-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\ssd, Quarantined, [09f2519a3d3eb38380b149bdb84b35cb], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{142F566A-D7F5-36F4-E487-45A2AF816F3D}, Quarantined, [b9420cdf106b88ae1da00deeba4ab24e], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{142F566A-D7F5-36F4-E487-45A2AF816F3D}, Quarantined, [b9420cdf106b88ae1da00deeba4ab24e], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\SNT.SNT, Quarantined, [b9420cdf106b88ae1da00deeba4ab24e], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\SNT.SNT.2.1, Quarantined, [b9420cdf106b88ae1da00deeba4ab24e], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SNT.SNT, Quarantined, [b9420cdf106b88ae1da00deeba4ab24e], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SNT.SNT.2.1, Quarantined, [b9420cdf106b88ae1da00deeba4ab24e], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{142F566A-D7F5-36F4-E487-45A2AF816F3D}, Quarantined, [b9420cdf106b88ae1da00deeba4ab24e], Registry Values: 8PUP.Optional.VBates, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}, C:\Program Files\V-bates\Firefox, Quarantined, [22d9effc7704eb4b84387114748e27d9]PUP.Optional.VBates, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}, Quarantined, [db2038b30576e452d5e73f46f012956b], PUP.Optional.Linkey.A, HKLM\SOFTWARE\LINKEY|ie_jsurl, http://app.linkeyproject.com/popup/IE/background.js, Quarantined, [1ae1cd1ec9b2ee48b22741ddd52edf21]PUP.Optional.VBates, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}_IS1|UninstallString, "C:\Program Files\V-bates\unins000.exe", Quarantined, [7e7df9f21d5e1620abf3550edc28ed13]PUP.Optional.WebSearchInfo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, Quarantined, [c338f0fb215a1c1aeafdd68f689c13ed]PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT|InstallDir, C:\PROGRA~2\SearchProtect, Quarantined, [4fac0cdf017a85b1b374f315857e18e8]PUP.Optional.Booster, HKLM\SOFTWARE\WOW6432NODE\{5F189DF5-2D05-472B-9091-84D9848AE48B}\_D0E87C27|svn, SW-Sustainer, Quarantined, [6596e30888f3fb3bb9ef6003996bb64a]PUP.Optional.Booster, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\D0E87C27|DisplayName, SW-Sustainer, Quarantined, [26d50ae1ccaf5adcbceba5be4bb9ac54]Registry Data: 0(No malicious items detected)Folders: 28PUP.Optional.SearchProtect.A, C:\Users\Carl\AppData\Local\SearchProtect, Quarantined, [48b34c9f344789ad28246c7613efd030], PUP.Optional.SearchProtect.A, C:\Users\Carl\AppData\Local\SearchProtect\Logs, Quarantined, [48b34c9f344789ad28246c7613efd030], PUP.Optional.SearchProtect.A, C:\Users\Carl\AppData\Local\SearchProtect\SearchProtect, Quarantined, [48b34c9f344789ad28246c7613efd030], PUP.Optional.SearchProtect.A, C:\Users\Carl\AppData\Local\SearchProtect\SearchProtect\Logs, Quarantined, [48b34c9f344789ad28246c7613efd030], PUP.Optional.SearchProtect.A, C:\Users\Carl\AppData\Local\SearchProtect\SearchProtect\rep, Quarantined, [48b34c9f344789ad28246c7613efd030], PUP.Optional.SearchProtect.A, C:\Users\Carl\AppData\Local\SearchProtect\SearchProtect\STG, Quarantined, [48b34c9f344789ad28246c7613efd030], PUP.Optional.SearchProtect.A, C:\Users\Carl\AppData\Local\SearchProtect\UI, Quarantined, [48b34c9f344789ad28246c7613efd030], PUP.Optional.SearchProtect.A, C:\Users\Carl\AppData\Local\SearchProtect\UI\rep, Quarantined, [48b34c9f344789ad28246c7613efd030], PUP.Optional.WSBooster.A, C:\ProgramData\SnowApp\SW-Booster, Quarantined, [6d8ed3184338d95d1914bd269a6850b0], PUP.Optional.WSBooster.A, C:\ProgramData\SnowApp\SW-Booster\5121721648, Quarantined, [6d8ed3184338d95d1914bd269a6850b0], PUP.Optional.Extutil.A, C:\Users\Carl\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, Quarantined, [1be0c12a82f91c1a2388e103fa08d52b], PUP.Optional.Managera.A, C:\Users\Carl\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, Quarantined, [17e4e605eb901323703cde06a2601ae6], PUP.Optional.Booster.A, C:\Program Files (x86)\SW-Booster, Quarantined, [57a4e506fa814fe7bf833aab877b02fe], PUP.Optional.SystemSpeedup, C:\Users\Carl\AppData\Roaming\Systweak\ssd, Quarantined, [9863e209abd05dd95d00fde829d96c94], PUP.Optional.Vbates.A, C:\Program Files\V-bates, Quarantined, [0dee9a51512acf6765bedd09b25024dc], PUP.Optional.Vbates.A, C:\Program Files\V-bates\Firefox, Quarantined, [0dee9a51512acf6765bedd09b25024dc], PUP.Optional.Vbates.A, C:\Program Files\V-bates\Firefox\chrome, Quarantined, [0dee9a51512acf6765bedd09b25024dc], PUP.Optional.Vbates.A, C:\Program Files\V-bates\Firefox\chrome\content, Quarantined, [0dee9a51512acf6765bedd09b25024dc], PUP.Optional.Vbates.A, C:\Program Files\V-bates\Firefox\chrome\content\libraries, Quarantined, [0dee9a51512acf6765bedd09b25024dc], PUP.Optional.Vbates.A, C:\Program Files\V-bates\Firefox\chrome\content\resources, Quarantined, [0dee9a51512acf6765bedd09b25024dc], PUP.Optional.Vbates.A, C:\Program Files\V-bates\Firefox\chrome\locale, Quarantined, [0dee9a51512acf6765bedd09b25024dc], PUP.Optional.Vbates.A, C:\Program Files\V-bates\Firefox\chrome\locale\en-US, Quarantined, [0dee9a51512acf6765bedd09b25024dc], PUP.Optional.Vbates.A, C:\Program Files\V-bates\Firefox\chrome\skin, Quarantined, [0dee9a51512acf6765bedd09b25024dc], PUP.Optional.Vbates.A, C:\Program Files\V-bates\Firefox\defaults, Quarantined, [0dee9a51512acf6765bedd09b25024dc], PUP.Optional.Vbates.A, C:\Program Files\V-bates\Firefox\defaults\preferences, Quarantined, [0dee9a51512acf6765bedd09b25024dc], PUP.Optional.Vbates.A, C:\Program Files\V-bates\libraries, Quarantined, [0dee9a51512acf6765bedd09b25024dc], PUP.Optional.Vbates.A, C:\Program Files\V-bates\resources, Quarantined, [0dee9a51512acf6765bedd09b25024dc], PUP.Optional.EZDownloader, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader, Quarantined, [699227c487f4a78fe9f4bc3708fa4eb2], Files: 49PUP.Optional.MultiPlug.A, C:\Program Files (x86)\soafeweb\SNQgE72871.x64.dll, Quarantined, [5aa1519a6a1164d2b18e6fea4cb59070], PUP.Optional.VBates, C:\Program Files\V-bates\Extension64.dll, Quarantined, [22d9effc7704eb4b84387114748e27d9], PUP.Optional.Multiplug, C:\Users\Carl\AppData\Local\Temp\s5k4.exe, Quarantined, [e01b8764592248ee80236519f11134cc], Trojan.SProtector, C:\Program Files (x86)\SW-Booster\Assistant_x64.dll, Quarantined, [d2299853accf8bab50afd0d802ff669a], PUP.Optional.Multiplug, C:\$Recycle.Bin\S-1-5-21-2247102669-272500150-425611537-1002\$R9IDPU0.exe, Quarantined, [9467bc2f8cef132379992b8c52afbe42], PUP.Optional.AdvancedSystemProtector, C:\Windows\System32\sasnative64.exe, Quarantined, [ca31806b80fbd2645ea4ecc09b669769], PUP.Optional.Multiplug, C:\Users\Carl\AppData\Local\Temp\s5qs.exe, Quarantined, [ca31ac3fed8e6bcb0b07486fa55c20e0], PUP.Optional.MultiPlug.A, C:\Users\Carl\AppData\Local\Temp\{677AC6EA-5503-4BEF-A904-1D21BC99E41C}\Addons\search_installer.exe, Quarantined, [fcff16d5d1aac27499d2dfe340c111ef], PUP.Optional.AdvancedSystemProtector, C:\Windows\System32\Tasks\Advanced System Protector_startup, Quarantined, [6c8f955686f52b0bb0cabb43b151758b], PUP.Optional.RegCleanerPro, C:\Windows\System32\Tasks\RegClean Pro, Quarantined, [51aac922c3b877bfbebdcd3138ca6997], PUP.Optional.VBates, C:\Windows\System32\Tasks\FF Watcher {9FE8026B-217F-43B4-8CED-4BFA1FC0BCEF}, Quarantined, [28d3dd0e136836008fee837b0df531cf], PUP.Optional.VBates, C:\Windows\Tasks\FF Watcher {9FE8026B-217F-43B4-8CED-4BFA1FC0BCEF}.job, Quarantined, [bf3c28c39eddde585826d9251ee408f8], PUP.Optional.ContinueToSave.A, C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_continuetosave.info_0.localstorage, Quarantined, [54a7e308e7948caa717a05fb3ec56b95], PUP.Optional.ContinueToSave.A, C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_continuetosave.info_0.localstorage-journal, Quarantined, [f308eb00cab1e254a645af5131d224dc], PUP.Optional.MySearchDial.A, C:\Windows\System32\Tasks\MySearchDial, Quarantined, [eb10effc304b85b1f6aa36d27e8523dd], PUP.Optional.MySearchDial.A, C:\Windows\Tasks\MySearchDial.job, Quarantined, [c239bb303249989e8ecb6aa0d62d59a7], PUP.Optional.SearchProtect.A, C:\Users\Carl\AppData\Local\SearchProtect\SearchProtect\rep\Cvc.dat, Quarantined, [48b34c9f344789ad28246c7613efd030], PUP.Optional.SearchProtect.A, C:\Users\Carl\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, Quarantined, [48b34c9f344789ad28246c7613efd030], PUP.Optional.SearchProtect.A, C:\Users\Carl\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat, Quarantined, [48b34c9f344789ad28246c7613efd030], PUP.Optional.SearchProtect.A, C:\Users\Carl\AppData\Local\SearchProtect\UI\rep\UIRepository.dat, Quarantined, [48b34c9f344789ad28246c7613efd030], PUP.Optional.WSBooster.A, C:\ProgramData\SnowApp\SW-Booster\5121721648.ini, Quarantined, [6d8ed3184338d95d1914bd269a6850b0], PUP.Optional.Extutil.A, C:\Users\Carl\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, Quarantined, [1be0c12a82f91c1a2388e103fa08d52b], PUP.Optional.Extutil.A, C:\Users\Carl\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, Quarantined, [1be0c12a82f91c1a2388e103fa08d52b], PUP.Optional.Extutil.A, C:\Users\Carl\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, Quarantined, [1be0c12a82f91c1a2388e103fa08d52b], PUP.Optional.Managera.A, C:\Users\Carl\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, Quarantined, [17e4e605eb901323703cde06a2601ae6], PUP.Optional.Managera.A, C:\Users\Carl\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, Quarantined, [17e4e605eb901323703cde06a2601ae6], PUP.Optional.Booster.A, C:\Program Files (x86)\SW-Booster\Assistant_x64.dll, Quarantined, [57a4e506fa814fe7bf833aab877b02fe], PUP.Optional.SystemSpeedup, C:\Users\Carl\AppData\Roaming\Systweak\ssd\SSDPTstub.exe, Quarantined, [9863e209abd05dd95d00fde829d96c94], PUP.Optional.Vbates.A, C:\Program Files\V-bates\InstallerHelper.dll, Quarantined, [0dee9a51512acf6765bedd09b25024dc], PUP.Optional.Vbates.A, C:\Program Files\V-bates\NMHClient.exe, Quarantined, [0dee9a51512acf6765bedd09b25024dc], PUP.Optional.Vbates.A, C:\Program Files\V-bates\PrefHelper.exe, Quarantined, [0dee9a51512acf6765bedd09b25024dc], PUP.Optional.Vbates.A, C:\Program Files\V-bates\unins000.dat, Quarantined, [0dee9a51512acf6765bedd09b25024dc], PUP.Optional.Vbates.A, C:\Program Files\V-bates\unins000.exe, Quarantined, [0dee9a51512acf6765bedd09b25024dc], PUP.Optional.Vbates.A, C:\Program Files\V-bates\Firefox\chrome.manifest, Quarantined, [0dee9a51512acf6765bedd09b25024dc], PUP.Optional.Vbates.A, C:\Program Files\V-bates\Firefox\icon.png, Quarantined, [0dee9a51512acf6765bedd09b25024dc], PUP.Optional.Vbates.A, C:\Program Files\V-bates\Firefox\install.rdf, Quarantined, [0dee9a51512acf6765bedd09b25024dc], PUP.Optional.Vbates.A, C:\Program Files\V-bates\Firefox\chrome\content\main.js, Quarantined, [0dee9a51512acf6765bedd09b25024dc], PUP.Optional.Vbates.A, C:\Program Files\V-bates\Firefox\chrome\content\main.xul, Quarantined, [0dee9a51512acf6765bedd09b25024dc], PUP.Optional.Vbates.A, C:\Program Files\V-bates\Firefox\chrome\content\libraries\DataExchangeScript.js, Quarantined, [0dee9a51512acf6765bedd09b25024dc], PUP.Optional.Vbates.A, C:\Program Files\V-bates\Firefox\chrome\content\resources\LocalScript.js, Quarantined, [0dee9a51512acf6765bedd09b25024dc], PUP.Optional.Vbates.A, C:\Program Files\V-bates\Firefox\chrome\locale\en-US\overlay.dtd, Quarantined, [0dee9a51512acf6765bedd09b25024dc], PUP.Optional.Vbates.A, C:\Program Files\V-bates\Firefox\chrome\skin\overlay.css, Quarantined, [0dee9a51512acf6765bedd09b25024dc], PUP.Optional.Vbates.A, C:\Program Files\V-bates\Firefox\defaults\preferences\defaults.js, Quarantined, [0dee9a51512acf6765bedd09b25024dc], PUP.Optional.Vbates.A, C:\Program Files\V-bates\libraries\DataExchangeScript.js, Quarantined, [0dee9a51512acf6765bedd09b25024dc], PUP.Optional.Vbates.A, C:\Program Files\V-bates\resources\LocalScript.js, Quarantined, [0dee9a51512acf6765bedd09b25024dc], PUP.Optional.EZDownloader, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader\EZDownloader.lnk, Quarantined, [699227c487f4a78fe9f4bc3708fa4eb2], PUP.Optional.DefaultSearch.A, C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ "http://search.conduit.com/?ctid=CT3322283&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP725B3737-F879-452B-ADE6-8C7ED193FD20&SSPV=", "http://search.conduit.com/?ctid=CT3321727&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP7D54C37C-D705-48D1-9AE8-A25A553F79C9&SSPV=", "http://websearch.exitingsearch.info/?pid=2145&r=2014/03/14&hid=3670700679127379196&lg=EN&cc=US&unqvl=50", "http://www.default-search.net?sid=476&aid=100&itype=n&ver=11471&tm=288&src=hmp", "http://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-synd1&type=W3i_SP,221,0_0,StartPage,20140519,19670,0,GC34,8178" ],), Replaced,[c43700ebe29944f2148b7eaabd4805fb]PUP.Optional.Conduit.A, C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (   "homepage": "http://search.conduit.com/?SearchSource=10&ctid=CT3220468&UP=SP725B3737-F879-452B-ADE6-8C7ED193FD20&SSPV=",), Replaced,[8279e80354270a2c4c3e2efb22e321df]Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Good: (), Bad: (54.204.28.26	ajakpekbmnkgnjbpajgkdhimcbeoocam), Replaced,[9b6059929ddec76ff2866fb88a7b42be]Physical Sectors: 0(No malicious items detected)(end)
Link to post
Share on other sites

We need to remove some programs with Revo Uninstaller Free:


Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an altenate method of removal.

  • Please download and install Revo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
    Ask ToolbarBlitz Media Player - a modern video playerConsumer Input
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

 

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

 

fixlist.txt

Link to post
Share on other sites

Sorry, but there are some problems now plaguing my son's computer (the one in question), problems associated with a failed Microsoft update.  Anyway, as a result I'll have to postpone your fixes (Revo and FRST) until later in the day.  I'll write again when I do so.  Thanks in the meantime.

Link to post
Share on other sites

Well, you may have some new advice for me, based on what happened today.  As I wrote earlier, there was a problem with my son's computer; it occurred coincidentally (or not) as I was installing a Microsoft update.  The update got to the 100% mark, but was unable to boot due to the following error code:  0xc000021a.  A web search for that error code revealed that many people running 8 or 8.1 have significant troubles with that code.  Anyway, I ended up resetting the computer in order to get it to boot up.

 

Perhaps as a result of the reset, none of the three items you designated for removal by Revo (Ask Toolbar, Blitz Media Player and Consumer Input) appeared on the list generated by Revo.  I considered, briefly, continuing with FRST, using your fixit list.  However, it occurred to me that your list may now be obsolete as a result of whatever happened during the reset.

 

So, now, I'm wondering what you suggest I do next.  The pop-ups do seem to have ceased, and no ads are showing in any browser windows.  Nonetheless, the way in which this was all accomplished--as a side effect of resolving the 0xc000021a error--doesn't give me confidence.  So, what do you think I should do?  

 

Thanks for your time. 

Link to post
Share on other sites

Hello again.  Thanks very much for responding.  I've run FRST again now, and here are the two logs (below):

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014Ran by Carl (administrator) on CARLBALDY on 16-09-2014 04:47:46Running from C:\Users\Carl\DesktopPlatform: Windows 8 (X64) OS Language: English (United States)Internet Explorer Version 10Boot Mode: NormalThe only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(AMD) C:\Windows\System32\atiesrxx.exe(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe(AMD) C:\Windows\System32\atieclxx.exe(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe() C:\Program Files\pia_manager\pia_manager.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe(http://www.ruby-lang.org/) C:\Users\Carl\AppData\Local\Temp\ocrE1A5.tmp\bin\rubyw.exe() C:\Program Files\pia_manager\pia_manager.exe(http://www.ruby-lang.org/) C:\Users\Carl\AppData\Local\Temp\ocr644B.tmp\bin\rubyw.exe() C:\Program Files\pia_manager\pia_tray\pia_tray.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\core-static\MOM.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\core-static\CCC.exe() C:\Program Files\pia_manager\openvpn.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-17] (Realtek Semiconductor)HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2994928 2013-06-04] (Synaptics Incorporated)HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-04-17] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [387832 2013-05-14] (IVT Corporation)HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-03-01] (Hewlett-Packard Company)HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-05-22] (CyberLink Corp.)HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-05-03] (Hewlett-Packard Development Company, L.P.)ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No FileShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No FileShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No FileShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No FileShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No FileShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-synd1&type=W3i_SP,221,0_0,StartPage,20140519,19670,0,GC34,8178HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJSSearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJSSearchScopes: HKLM - {64E6D209-2D67-4BFA-A76D-05AC8E8CA955} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJSSearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJSSearchScopes: HKLM-x32 - {64E6D209-2D67-4BFA-A76D-05AC8E8CA955} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJSSearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJSSearchScopes: HKCU - {64E6D209-2D67-4BFA-A76D-05AC8E8CA955} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No FileHandler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 209.222.18.222 209.222.18.218FireFox:========FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()Chrome: =======CHR HomePage: Default -> CHR StartupUrls: Default -> "https://www.google.com/"CHR DefaultSearchKeyword: Default -> DD31A6D26498ABDE260AD3BE9E494768C64CD45CF88B762C205CF5CB6D2F3801CHR DefaultSearchURL: Default -> FBD288EC44AC5F6BFD3D6BBB9303607C5104356815CE1C5DCC6E1BF98D1504E8CHR Profile: C:\Users\Carl\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Slides) - C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-15]CHR Extension: (Google Docs) - C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-15]CHR Extension: (Google Drive) - C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-15]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-15]CHR Extension: (YouTube) - C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-15]CHR Extension: (Google Search) - C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-15]CHR Extension: (Google Sheets) - C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-15]CHR Extension: (Extensions Manager (aka Switcher)) - C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc [2014-09-15]CHR Extension: (Google Wallet) - C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-15]CHR Extension: (Adblock Pro) - C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2014-09-15]CHR Extension: (Gmail) - C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-15]==================== Services (Whitelisted) =================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [103424 2013-04-17] () [File not signed]R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-17] (Advanced Micro Devices, Inc.) [File not signed]R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1630456 2013-06-07] (IVT Corporation)R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [145656 2013-05-14] (IVT Corporation)R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-06-25] (CyberLink)R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-06-25] (CyberLink)R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe [411024 2013-02-01] (Nuance Communications, Inc.)R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-06-07] (Hewlett-Packard Company) [File not signed]R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-05-03] (Hewlett-Packard Development Company, L.P.)S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-07-19] (Microsoft Corporation)==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17504 2013-02-08] (Advanced Micro Devices, INC.)R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98744 2013-04-23] (Advanced Micro Devices)U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)S4 BthAvrcpTg; No ImagePathS4 BthHFEnum; No ImagePathS4 bthhfhid; No ImagePathS3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [54064 2013-04-26] (Ralink Corporation)S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)S3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [49584 2013-03-25] (Ralink Corporation)R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288840 2013-04-10] (Realtek Semiconductor Corp.)R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-06-04] (Synaptics Incorporated)S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [33008 2013-06-04] (Synaptics Incorporated)R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)==================== NetSvcs (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)==================== One Month Created Files and Folders ========(If an entry is included in the fixlist, the file\folder will be moved.)2014-09-16 04:47 - 2014-09-16 04:48 - 00016372 _____ () C:\Users\Carl\Desktop\FRST.txt2014-09-16 04:46 - 2014-09-16 04:46 - 00000000 ____D () C:\Users\Carl\AppData\Roaming\hpqlog2014-09-15 20:32 - 2014-09-15 20:32 - 00001271 _____ () C:\Users\Carl\Desktop\Revo Uninstaller.lnk2014-09-15 20:32 - 2014-09-15 20:32 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group2014-09-15 20:18 - 2014-09-15 20:19 - 00000000 ____D () C:\Program Files\pia_manager2014-09-15 20:18 - 2014-09-15 20:18 - 00031232 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys2014-09-15 20:18 - 2014-09-15 20:18 - 00003158 _____ () C:\Windows\System32\Tasks\Private Internet Access Startup2014-09-15 20:18 - 2014-09-15 20:18 - 00000000 ____D () C:\Users\Carl\AppData\Roaming\Titanium2014-09-15 20:18 - 2014-09-15 20:18 - 00000000 ____D () C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access2014-09-15 20:18 - 2014-09-15 20:18 - 00000000 ____D () C:\Users\Carl\AppData\Roaming\Apple Computer2014-09-15 20:18 - 2014-09-15 20:18 - 00000000 ____D () C:\Users\Carl\AppData\Local\Apple Computer2014-09-15 20:17 - 2014-09-15 20:17 - 00004024 _____ () C:\Windows\System32\Tasks\HPGenoobeReminder2014-09-15 20:12 - 2014-09-15 20:17 - 00000000 ____D () C:\Users\Carl\AppData\Roaming\Hewlett-Packard2014-09-15 17:52 - 2014-09-15 21:29 - 00000000 ____D () C:\Windows.old2014-09-15 17:51 - 2014-09-15 17:51 - 00262144 _____ () C:\Windows\system32\config\userdiff2014-09-15 17:25 - 2014-09-15 21:16 - 00000000 ___HD () C:\$SysReset2014-09-15 17:06 - 2014-09-15 17:06 - 00000000 ____D () C:\Windows\LastGood2014-09-15 16:37 - 2014-05-14 19:02 - 00059424 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe2014-09-15 16:37 - 2014-05-14 16:43 - 03286528 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll2014-09-15 16:37 - 2014-05-14 16:43 - 01623040 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll2014-09-15 16:37 - 2014-05-14 16:43 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll2014-09-15 16:37 - 2014-05-14 16:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll2014-09-15 16:36 - 2013-08-15 23:21 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll2014-09-15 16:16 - 2014-09-15 16:16 - 00002262 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-09-15 16:16 - 2014-09-15 16:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome2014-09-15 16:14 - 2014-09-16 04:42 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-09-15 16:14 - 2014-09-15 21:19 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-09-15 16:14 - 2014-09-15 16:16 - 00000000 ____D () C:\Users\Carl\AppData\Local\Google2014-09-15 16:14 - 2014-09-15 16:16 - 00000000 ____D () C:\Program Files (x86)\Google2014-09-15 16:14 - 2014-09-15 16:14 - 00003886 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-09-15 16:14 - 2014-09-15 16:14 - 00003650 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-09-15 16:13 - 2014-09-15 16:13 - 00000000 ____D () C:\Users\Carl\AppData\Local\Deployment2014-09-15 16:13 - 2014-09-15 16:13 - 00000000 ____D () C:\Users\Carl\AppData\Local\Apps\2.02014-09-15 16:12 - 2014-09-15 21:16 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2247102669-272500150-425611537-10022014-09-15 16:11 - 2014-09-15 16:11 - 00000000 ____D () C:\Users\Carl\AppData\Roaming\Macromedia2014-09-15 16:09 - 2014-09-15 16:09 - 00000000 ____D () C:\Users\Carl\AppData\Local\AMD2014-09-15 16:08 - 2014-09-15 16:08 - 00000000 ____D () C:\Users\Carl\AppData\Roaming\ATI2014-09-15 16:08 - 2014-09-15 16:08 - 00000000 ____D () C:\Users\Carl\AppData\Local\CyberLink2014-09-15 16:08 - 2014-09-15 16:08 - 00000000 ____D () C:\Users\Carl\AppData\Local\ATI2014-09-15 16:07 - 2014-09-15 16:07 - 00011064 _____ () C:\Users\Carl\Desktop\Removed Apps.html2014-09-15 16:07 - 2014-09-15 16:07 - 00000000 ____D () C:\Windows\System32\Tasks\WPD2014-09-15 16:07 - 2014-09-15 16:07 - 00000000 ____D () C:\Users\Carl\Documents\Bluetooth2014-09-15 16:07 - 2014-09-15 16:07 - 00000000 ____D () C:\Users\Carl\AppData\Local\bluesoleil2014-09-15 16:06 - 2014-09-15 16:06 - 00001437 _____ () C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2014-09-15 16:06 - 2014-09-15 16:06 - 00000000 ____D () C:\Users\Carl\AppData\Roaming\Adobe2014-09-15 16:05 - 2014-09-15 16:05 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services2014-09-15 16:05 - 2013-11-27 07:58 - 00002225 _____ () C:\Users\Public\Desktop\Snapfish.lnk2014-09-15 16:03 - 2014-09-16 04:45 - 00000000 ____D () C:\Users\Carl\AppData\Local\Hewlett-Packard2014-09-15 16:03 - 2014-09-15 16:03 - 00000000 ____D () C:\Users\Carl\AppData\Local\Power2Go82014-09-15 16:02 - 2014-09-15 16:02 - 00000000 ____D () C:\Users\Carl\AppData\Roaming\Synaptics2014-09-15 16:00 - 2014-09-15 16:00 - 00000020 ___SH () C:\Users\Carl\ntuser.ini2014-09-15 16:00 - 2014-09-15 16:00 - 00000000 ____D () C:\Users\Carl\AppData\Local\VirtualStore2014-09-15 15:59 - 2014-09-15 20:31 - 00478876 _____ () C:\Windows\WindowsUpdate.log2014-09-15 15:58 - 2014-09-16 04:42 - 00000000 ____D () C:\Users\Carl2014-09-15 15:58 - 2014-09-15 15:58 - 00017148 _____ () C:\Windows\diagwrn.xml2014-09-15 15:58 - 2014-09-15 15:58 - 00017148 _____ () C:\Windows\diagerr.xml2014-09-15 15:58 - 2014-09-15 15:58 - 00002080 _____ () C:\Users\Administrator\AppData\Local\Application.xml2014-09-15 15:58 - 2014-09-15 15:58 - 00000000 ___HD () C:\Users\Carl\Documents\hp.system.package.metadata2014-09-15 15:58 - 2013-07-19 22:06 - 00002100 _____ () C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk2014-09-15 15:58 - 2013-07-19 21:51 - 00000000 ___RD () C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2014-09-15 15:58 - 2012-07-26 02:13 - 00000000 ___RD () C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2014-09-15 15:58 - 2012-07-26 02:13 - 00000000 ___RD () C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility2014-09-15 15:58 - 2012-07-26 02:13 - 00000000 ____D () C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2014-09-15 15:55 - 2014-09-15 15:55 - 00000110 _____ () C:\CTOERROR.flg2014-09-15 15:54 - 2014-09-15 15:54 - 00002312 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2247102669-272500150-425611537-5002014-09-15 15:53 - 2014-09-15 15:54 - 00280416 _____ () C:\Windows\Minidump\091514-53664-01.dmp2014-09-15 15:53 - 2014-09-15 15:53 - 316515804 _____ () C:\Windows\MEMORY.DMP2014-09-15 15:53 - 2014-09-15 15:53 - 00000000 ____D () C:\Windows\Minidump2014-09-15 08:31 - 2014-09-15 08:31 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Carl\Desktop\revosetup.exe2014-09-14 09:27 - 2014-09-14 09:27 - 00025801 _____ () C:\Users\Carl\Desktop\sep10.txt2014-09-10 08:02 - 2014-09-16 04:46 - 00000000 ____D () C:\Users\Carl\Desktop\MWBAM stuff2014-09-10 06:00 - 2014-09-16 04:48 - 00000000 ____D () C:\FRST2014-09-10 05:58 - 2014-09-10 05:58 - 02105856 _____ (Farbar) C:\Users\Carl\Desktop\FRST64.exe2014-09-09 14:33 - 2014-09-09 14:33 - 00000000 __RHD () C:\MSOCache==================== One Month Modified Files and Folders =======(If an entry is included in the fixlist, the file\folder will be moved.)2014-09-16 04:48 - 2014-09-16 04:47 - 00016372 _____ () C:\Users\Carl\Desktop\FRST.txt2014-09-16 04:48 - 2014-09-10 06:00 - 00000000 ____D () C:\FRST2014-09-16 04:46 - 2014-09-16 04:46 - 00000000 ____D () C:\Users\Carl\AppData\Roaming\hpqlog2014-09-16 04:46 - 2014-09-10 08:02 - 00000000 ____D () C:\Users\Carl\Desktop\MWBAM stuff2014-09-16 04:45 - 2014-09-15 16:03 - 00000000 ____D () C:\Users\Carl\AppData\Local\Hewlett-Packard2014-09-16 04:45 - 2012-07-25 23:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM2014-09-16 04:43 - 2014-02-20 08:26 - 00000000 ____D () C:\Users\Carl\Documents\Youcam2014-09-16 04:43 - 2012-07-26 02:12 - 00000000 ____D () C:\Windows\system32\sru2014-09-16 04:42 - 2014-09-15 16:14 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-09-16 04:42 - 2014-09-15 15:58 - 00000000 ____D () C:\Users\Carl2014-09-15 21:30 - 2013-11-27 07:25 - 00065536 _____ () C:\Windows\system32\spu_storage.bin2014-09-15 21:29 - 2014-09-15 17:52 - 00000000 ____D () C:\Windows.old2014-09-15 21:19 - 2014-09-15 16:14 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-09-15 21:16 - 2014-09-15 17:25 - 00000000 ___HD () C:\$SysReset2014-09-15 21:16 - 2014-09-15 16:12 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2247102669-272500150-425611537-10022014-09-15 20:32 - 2014-09-15 20:32 - 00001271 _____ () C:\Users\Carl\Desktop\Revo Uninstaller.lnk2014-09-15 20:32 - 2014-09-15 20:32 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group2014-09-15 20:31 - 2014-09-15 15:59 - 00478876 _____ () C:\Windows\WindowsUpdate.log2014-09-15 20:23 - 2013-11-27 07:42 - 00003620 _____ () C:\Windows\SysWOW64\LOCALSERVICE.INI2014-09-15 20:23 - 2013-11-27 07:42 - 00000043 _____ () C:\Windows\SysWOW64\LOCALDEVICE.INI2014-09-15 20:23 - 2013-06-07 11:40 - 00001017 _____ () C:\Windows\SysWOW64\bscs.ini2014-09-15 20:19 - 2014-09-15 20:18 - 00000000 ____D () C:\Program Files\pia_manager2014-09-15 20:18 - 2014-09-15 20:18 - 00031232 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys2014-09-15 20:18 - 2014-09-15 20:18 - 00003158 _____ () C:\Windows\System32\Tasks\Private Internet Access Startup2014-09-15 20:18 - 2014-09-15 20:18 - 00000000 ____D () C:\Users\Carl\AppData\Roaming\Titanium2014-09-15 20:18 - 2014-09-15 20:18 - 00000000 ____D () C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access2014-09-15 20:18 - 2014-09-15 20:18 - 00000000 ____D () C:\Users\Carl\AppData\Roaming\Apple Computer2014-09-15 20:18 - 2014-09-15 20:18 - 00000000 ____D () C:\Users\Carl\AppData\Local\Apple Computer2014-09-15 20:17 - 2014-09-15 20:17 - 00004024 _____ () C:\Windows\System32\Tasks\HPGenoobeReminder2014-09-15 20:17 - 2014-09-15 20:12 - 00000000 ____D () C:\Users\Carl\AppData\Roaming\Hewlett-Packard2014-09-15 17:52 - 2012-07-26 02:13 - 00262144 _____ () C:\Windows\system32\config\BCD-Template2014-09-15 17:51 - 2014-09-15 17:51 - 00262144 _____ () C:\Windows\system32\config\userdiff2014-09-15 17:33 - 2012-07-26 02:12 - 00000000 ____D () C:\Windows\rescache2014-09-15 17:06 - 2014-09-15 17:06 - 00000000 ____D () C:\Windows\LastGood2014-09-15 17:06 - 2013-11-27 07:32 - 00002720 _____ () C:\Windows\system32\RaCoInst.log2014-09-15 16:58 - 2012-07-26 01:59 - 00000000 ____D () C:\Windows\CbsTemp2014-09-15 16:37 - 2012-08-03 17:21 - 00000000 ____D () C:\Windows\Panther2014-09-15 16:37 - 2012-07-26 01:28 - 00941050 _____ () C:\Windows\system32\PerfStringBackup.INI2014-09-15 16:35 - 2012-07-26 02:12 - 00000000 ____D () C:\Windows\system32\restore2014-09-15 16:22 - 2013-07-19 21:36 - 00291288 _____ () C:\Windows\system32\FNTCACHE.DAT2014-09-15 16:22 - 2012-07-26 01:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-09-15 16:21 - 2013-11-27 08:24 - 00000000 ____D () C:\ProgramData\Norton2014-09-15 16:21 - 2012-08-03 16:23 - 00444656 _____ () C:\Windows\PFRO.log2014-09-15 16:20 - 2012-07-26 02:12 - 00000000 ___HD () C:\Windows\ELAMBKUP2014-09-15 16:16 - 2014-09-15 16:16 - 00002262 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-09-15 16:16 - 2014-09-15 16:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome2014-09-15 16:16 - 2014-09-15 16:14 - 00000000 ____D () C:\Users\Carl\AppData\Local\Google2014-09-15 16:16 - 2014-09-15 16:14 - 00000000 ____D () C:\Program Files (x86)\Google2014-09-15 16:14 - 2014-09-15 16:14 - 00003886 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-09-15 16:14 - 2014-09-15 16:14 - 00003650 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-09-15 16:13 - 2014-09-15 16:13 - 00000000 ____D () C:\Users\Carl\AppData\Local\Deployment2014-09-15 16:13 - 2014-09-15 16:13 - 00000000 ____D () C:\Users\Carl\AppData\Local\Apps\2.02014-09-15 16:12 - 2012-07-26 02:12 - 00000000 ____D () C:\Windows\AUInstallAgent2014-09-15 16:11 - 2014-09-15 16:11 - 00000000 ____D () C:\Users\Carl\AppData\Roaming\Macromedia2014-09-15 16:09 - 2014-09-15 16:09 - 00000000 ____D () C:\Users\Carl\AppData\Local\AMD2014-09-15 16:08 - 2014-09-15 16:08 - 00000000 ____D () C:\Users\Carl\AppData\Roaming\ATI2014-09-15 16:08 - 2014-09-15 16:08 - 00000000 ____D () C:\Users\Carl\AppData\Local\CyberLink2014-09-15 16:08 - 2014-09-15 16:08 - 00000000 ____D () C:\Users\Carl\AppData\Local\ATI2014-09-15 16:07 - 2014-09-15 16:07 - 00011064 _____ () C:\Users\Carl\Desktop\Removed Apps.html2014-09-15 16:07 - 2014-09-15 16:07 - 00000000 ____D () C:\Windows\System32\Tasks\WPD2014-09-15 16:07 - 2014-09-15 16:07 - 00000000 ____D () C:\Users\Carl\Documents\Bluetooth2014-09-15 16:07 - 2014-09-15 16:07 - 00000000 ____D () C:\Users\Carl\AppData\Local\bluesoleil2014-09-15 16:06 - 2014-09-15 16:06 - 00001437 _____ () C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2014-09-15 16:06 - 2014-09-15 16:06 - 00000000 ____D () C:\Users\Carl\AppData\Roaming\Adobe2014-09-15 16:06 - 2013-12-25 09:46 - 00000000 ____D () C:\Users\Carl\AppData\Local\Packages2014-09-15 16:05 - 2014-09-15 16:05 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services2014-09-15 16:05 - 2013-12-25 09:47 - 00002099 _____ () C:\Users\Public\Desktop\HP Games.lnk2014-09-15 16:05 - 2013-11-27 07:49 - 00000000 ___RD () C:\Program Files\Online Services2014-09-15 16:05 - 2013-07-19 22:13 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support2014-09-15 16:05 - 2013-07-19 22:10 - 00000000 ___RD () C:\Program Files (x86)\Online Services2014-09-15 16:05 - 2013-07-19 22:02 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat2014-09-15 16:05 - 2013-07-19 22:01 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection2014-09-15 16:05 - 2013-07-19 21:59 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools2014-09-15 16:05 - 2012-08-03 18:02 - 00000000 ___HD () C:\SYSTEM.SAV2014-09-15 16:03 - 2014-09-15 16:03 - 00000000 ____D () C:\Users\Carl\AppData\Local\Power2Go82014-09-15 16:02 - 2014-09-15 16:02 - 00000000 ____D () C:\Users\Carl\AppData\Roaming\Synaptics2014-09-15 16:00 - 2014-09-15 16:00 - 00000020 ___SH () C:\Users\Carl\ntuser.ini2014-09-15 16:00 - 2014-09-15 16:00 - 00000000 ____D () C:\Users\Carl\AppData\Local\VirtualStore2014-09-15 15:59 - 2012-07-26 02:12 - 00000000 ____D () C:\Windows\system32\Recovery2014-09-15 15:58 - 2014-09-15 15:58 - 00017148 _____ () C:\Windows\diagwrn.xml2014-09-15 15:58 - 2014-09-15 15:58 - 00017148 _____ () C:\Windows\diagerr.xml2014-09-15 15:58 - 2014-09-15 15:58 - 00002080 _____ () C:\Users\Administrator\AppData\Local\Application.xml2014-09-15 15:58 - 2014-09-15 15:58 - 00000000 ___HD () C:\Users\Carl\Documents\hp.system.package.metadata2014-09-15 15:58 - 2012-07-26 02:12 - 00000000 __RHD () C:\Users\Public\Libraries2014-09-15 15:58 - 2012-07-26 01:21 - 00038192 _____ () C:\Windows\setupact.log2014-09-15 15:57 - 2012-07-25 23:37 - 00000000 __RHD () C:\Users\Default2014-09-15 15:55 - 2014-09-15 15:55 - 00000110 _____ () C:\CTOERROR.flg2014-09-15 15:55 - 2012-08-03 18:02 - 00000000 ____D () C:\SWSetup2014-09-15 15:55 - 2012-07-25 23:26 - 00262144 ___SH () C:\Windows\system32\config\BBI2014-09-15 15:54 - 2014-09-15 15:54 - 00002312 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2247102669-272500150-425611537-5002014-09-15 15:54 - 2014-09-15 15:53 - 00280416 _____ () C:\Windows\Minidump\091514-53664-01.dmp2014-09-15 15:54 - 2012-08-03 16:40 - 00010171 _____ () C:\Windows\iis.log2014-09-15 15:54 - 2012-07-26 02:13 - 00004552 _____ () C:\Windows\DtcInstall.log2014-09-15 15:53 - 2014-09-15 15:53 - 316515804 _____ () C:\Windows\MEMORY.DMP2014-09-15 15:53 - 2014-09-15 15:53 - 00000000 ____D () C:\Windows\Minidump2014-09-15 08:31 - 2014-09-15 08:31 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Carl\Desktop\revosetup.exe2014-09-14 09:27 - 2014-09-14 09:27 - 00025801 _____ () C:\Users\Carl\Desktop\sep10.txt2014-09-10 05:58 - 2014-09-10 05:58 - 02105856 _____ (Farbar) C:\Users\Carl\Desktop\FRST64.exe2014-09-09 14:33 - 2014-09-09 14:33 - 00000000 __RHD () C:\MSOCache==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2012-08-03 16:23==================== End Of Log ============================

Here's the Addition.txt log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-09-2014Ran by Carl at 2014-09-16 04:49:46Running from C:\Users\Carl\DesktopBoot Mode: Normal============================================================================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}==================== Installed Programs ======================(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)Airport Mania (x32 Version: 2.2.0.95 - WildTangent) HiddenAMD Accelerated Video Transcoding (Version: 12.10.100.30416 - Advanced Micro Devices, Inc.) HiddenAMD Catalyst Install Manager (HKLM\...\{F196C498-5681-BCA2-8029-5BF070368F35}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)AMD Fuel (Version: 2013.0416.2338.40605 - Advanced Micro Devices, Inc.) HiddenAMD Start Now (Version: 2013.0416.2338.40605 - Advanced Micro Devices, Inc.) HiddenAMD VISION Engine Control Center (x32 Version: 2013.0416.2338.40605 - Advanced Micro Devices, Inc.) HiddenAzteca (x32 Version: 2.2.0.97 - WildTangent) HiddenBejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) HiddenBonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) HiddenBuild-a-lot (x32 Version: 2.2.0.98 - WildTangent) HiddenCatalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) HiddenCatalyst Control Center Graphics Previews Common (x32 Version: 2013.0416.2338.40605 - Advanced Micro Devices, Inc.) HiddenCatalyst Control Center InstallProxy (x32 Version: 2013.0416.2338.40605 - Advanced Micro Devices, Inc.) HiddenCatalyst Control Center Localization All (x32 Version: 2013.0416.2338.40605 - Advanced Micro Devices, Inc.) HiddenCCC Help Chinese Standard (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) HiddenCCC Help Chinese Traditional (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) HiddenCCC Help Czech (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) HiddenCCC Help Danish (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) HiddenCCC Help Dutch (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) HiddenCCC Help English (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) HiddenCCC Help Finnish (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) HiddenCCC Help French (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) HiddenCCC Help German (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) HiddenCCC Help Greek (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) HiddenCCC Help Hungarian (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) HiddenCCC Help Italian (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) HiddenCCC Help Japanese (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) HiddenCCC Help Korean (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) HiddenCCC Help Norwegian (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) HiddenCCC Help Polish (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) HiddenCCC Help Portuguese (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) HiddenCCC Help Russian (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) HiddenCCC Help Spanish (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) HiddenCCC Help Swedish (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) HiddenCCC Help Thai (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) HiddenCCC Help Turkish (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hiddenccc-utility64 (Version: 2013.0416.2338.40605 - Advanced Micro Devices, Inc.) HiddenCradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) HiddenCradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) HiddenCurse at Twilight (x32 Version: 3.0.2.32 - WildTangent) HiddenCyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6515 - CyberLink Corp.)CyberLink LabelPrint (x32 Version: 2.5.4.6515 - CyberLink Corp.) HiddenCyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.2928 - CyberLink Corp.)CyberLink Media Suite 10 (x32 Version: 10.0.4.2928 - CyberLink Corp.) HiddenCyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.2.4128 - CyberLink Corp.)Cyberlink PhotoDirector (x32 Version: 3.0.2.4128 - CyberLink Corp.) HiddenCyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.4.3026 - CyberLink Corp.)CyberLink Power2Go 8 (x32 Version: 8.0.4.3026 - CyberLink Corp.) HiddenCyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3021 - CyberLink Corp.)CyberLink PowerDirector 10 (x32 Version: 10.0.4.3021 - CyberLink Corp.) HiddenCyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.1.3024 - CyberLink Corp.)CyberLink PowerDVD 12 (x32 Version: 12.0.1.3024 - CyberLink Corp.) HiddenCyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.1.2922 - CyberLink Corp.)CyberLink YouCam (x32 Version: 5.0.1.2922 - CyberLink Corp.) HiddenD3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDelicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) HiddenDisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) HiddenDragon Notes en-US (HKLM-x32\...\{C438C1D0-A46C-4BFA-AFCD-11261DE9CCE0}) (Version: 01.00.100.011 - Nuance Communications Inc.)Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) HiddenGoogle Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) HiddenGovernor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) HiddenHewlett-Packard ACLM.NET v1.2.2.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) HiddenHouse of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) HiddenHP 3D DriveGuard (HKLM-x32\...\{AE2F1669-5B1F-47C5-B639-78D74DD0BCE4}) (Version: 6.0.9.1 - Hewlett-Packard Company)HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) HiddenHP Documentation (HKLM-x32\...\{61245005-66F1-4001-AEE8-2E2D36F65C28}) (Version: 1.1.0.0 - Hewlett-Packard)HP Postscript Converter (Version: 4.0.4100 - Hewlett-Packard) HiddenHP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)HP Recovery Manager (x32 Version: 11.00 - Hewlett-Packard) HiddenHP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6838.4521 - Hewlett-Packard)HP Support Assistant (HKLM-x32\...\{C88F84E5-AE23-44BD-922C-2ABEACACAF7A}) (Version: 7.2.23.56 - Hewlett-Packard Company)HP System Event Utility (HKLM-x32\...\{1C5BBAD8-4079-4014-8803-751333FBC112}) (Version: 1.0.8 - Hewlett-Packard Company)HP Utility Center (HKLM\...\{A48BD764-CFDF-40A5-A07A-710908044F5D}) (Version: 2.2.2 - Hewlett-Packard Company)HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) HiddenLuxor Evolved (x32 Version: 2.2.0.98 - WildTangent) HiddenMah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) HiddenMahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) HiddenMicrosoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) HiddenMovie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenMSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) HiddenMSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) HiddenMystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) HiddenOEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) HiddenPhoto Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenPinger (HKLM-x32\...\Pinger 1.1.1.2) (Version: 1.1.1.2 - Pinger Inc.)Pinger (x32 Version: 1.1.1.2 - Pinger Inc.) HiddenPlants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) HiddenPolar Bowler (x32 Version: 2.2.0.97 - WildTangent) HiddenPrivate Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)Ralink Bluetooth Stack64 (HKLM\...\{931210CE-36BC-BB05-9559-D2320932312E}) (Version: 11.0.738.3 - Mediatek)Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.27.0 - Mediatek)Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.29060 - Realtek Semiconductor Corp.)Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.15.410.2013 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6950 - Realtek Semiconductor Corp.)Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) HiddenRoyal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) HiddenswMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) HiddenSynaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.5.1 - Synaptics Incorporated)Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) HiddenUpdate Installer for WildTangent Games App (x32 Version:  - WildTangent) HiddenVacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) HiddenWildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) HiddenWindows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenYouda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) HiddenZuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden==================== Custom CLSID (selected items): ==========================(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)==================== Restore Points  =========================15-09-2014 22:35:23 Windows Update==================== Hosts content: ==========================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2012-07-25 23:26 - 2012-07-25 23:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts==================== Scheduled Tasks (whitelisted) =============(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTaskTask: {1D8F2C9B-2CBC-4577-B8B4-3B8B52BA3F50} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-15] (Google Inc.)Task: {20A6CF1F-3F58-4046-8F62-E5081E3E096C} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-06-07] (Hewlett-Packard Development Company, L.P.)Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsListTask: {2519D683-5F5E-4C4F-94C6-37555836CEFA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company)Task: {3729566B-CE3A-40D3-B723-46519AD33384} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)Task: {46D0107B-61DC-4A67-A778-655847E9F16A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-15] (Google Inc.)Task: {59F7227C-6D51-4737-89F0-E072D589A40F} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-12] (CyberLink)Task: {5BCF7F70-DBD7-4806-814C-71E21600E438} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-06-04] (Synaptics Incorporated)Task: {751FEC5C-86EC-46FD-B826-A4C172A7587D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2013-06-07] (Hewlett-Packard Company)Task: {8A97365B-F561-42EC-86D6-A91B64154D91} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company)Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensingTask: {AB96B97B-39C2-46A2-876A-EEB6AE199033} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup => C:\Windows\system32\dism.exe [2012-07-25] (Microsoft Corporation)Task: {BA544CCE-1DAB-4EA2-8123-2A070CC7BF7B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-11-29] (Hewlett-Packard Company)Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryStateTask: {DCA5443B-06A7-4673-8DF7-4035195539BE} - System32\Tasks\HPGenoobeReminder => C:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HP GenOOBE\HPGenOOBE.exe [2013-06-20] ()Task: {E5692F48-5C5B-4CE7-955B-F612AA40A2DB} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2014-09-15] ()Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTaskTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe==================== Loaded Modules (whitelisted) =============2013-04-17 01:51 - 2013-04-17 01:51 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe2013-04-17 01:50 - 2013-04-17 01:50 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll2013-05-14 19:33 - 2013-05-14 19:33 - 00016632 _____ () C:\Windows\system32\BsHelpCSps.dll2014-09-15 20:18 - 2014-09-15 20:18 - 08817230 _____ () C:\Program Files\pia_manager\pia_manager.exe2013-05-14 19:33 - 2013-05-14 19:33 - 00371448 _____ () C:\Windows\system32\BsExtendFunc.dll2013-05-14 19:33 - 2013-05-14 19:33 - 00029432 _____ () C:\Windows\system32\BsTrace.dll2013-05-14 19:33 - 2013-05-14 19:33 - 00062200 _____ () C:\Windows\system32\BlueSoleilCSps.dll2014-09-15 20:18 - 2014-09-15 20:18 - 00184320 _____ () C:\Program Files\pia_manager\pia_tray\pia_tray.exe2013-04-17 01:50 - 2013-04-17 01:50 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll2013-04-17 01:51 - 2013-04-17 01:51 - 00016896 _____ () C:\Program Files\ATI Technologies\ATI.ACE\a4\AS4.NativeProxy.dll2014-09-15 20:18 - 2014-09-15 20:18 - 00690176 _____ () C:\Program Files\pia_manager\openvpn.exe2014-09-15 20:18 - 2014-09-15 20:18 - 00190317 _____ () C:\Program Files\pia_manager\liblzo2-2.dll2014-09-15 20:18 - 2014-09-15 20:18 - 00108441 _____ () C:\Program Files\pia_manager\libpkcs11-helper-1.dll2013-05-14 19:33 - 2013-05-14 19:33 - 00029432 _____ () C:\Windows\SYSTEM32\BsTrace.dll2013-05-14 19:33 - 2013-05-14 19:33 - 00016632 _____ () C:\Windows\SYSTEM32\BsHelpCSps.dll2013-05-14 19:33 - 2013-05-14 19:33 - 00062200 _____ () C:\Windows\SYSTEM32\BlueSoleilCSps.dll2013-11-27 08:08 - 2013-02-01 13:16 - 00387984 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\fl_core.dll2013-11-27 08:08 - 2013-02-01 13:16 - 01165712 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_asr.dll2013-11-27 08:08 - 2013-02-01 13:16 - 00199056 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_base.dll2013-11-27 08:08 - 2013-02-01 13:16 - 01132944 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_pron.dll2013-11-27 08:08 - 2013-02-01 13:16 - 00035216 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_platform.dll2013-11-27 08:08 - 2013-02-01 13:16 - 00229264 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\sdxg.dll2013-11-27 08:08 - 2013-02-01 13:15 - 00027136 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\WASAPIResamplingStreamCOMServer.dll2013-05-14 19:33 - 2013-05-14 19:33 - 00080120 _____ () C:\Windows\SYSTEM32\BsProfilefunc.dll2013-05-14 19:33 - 2013-05-14 19:33 - 00371448 _____ () C:\Windows\SYSTEM32\BsExtendFunc.dll2013-11-27 08:04 - 2013-03-12 08:51 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll2013-03-13 00:53 - 2013-03-13 00:53 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll2014-09-16 04:42 - 2014-09-16 04:42 - 00012800 _____ () C:\Users\Carl\AppData\Local\Temp\ocrE1A5.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so2014-09-16 04:42 - 2014-09-16 04:42 - 00009728 _____ () C:\Users\Carl\AppData\Local\Temp\ocrE1A5.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so2014-09-16 04:42 - 2014-09-16 04:42 - 00014848 _____ () C:\Users\Carl\AppData\Local\Temp\ocrE1A5.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so2014-09-16 04:42 - 2014-09-16 04:42 - 00094208 _____ () C:\Users\Carl\AppData\Local\Temp\ocrE1A5.tmp\src\rgloader\rgloader193.mswin.so2014-09-16 04:42 - 2014-09-16 04:42 - 00009216 _____ () C:\Users\Carl\AppData\Local\Temp\ocrE1A5.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so2014-09-16 04:42 - 2014-09-16 04:42 - 00094208 _____ () C:\Users\Carl\AppData\Local\Temp\ocrE1A5.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so2014-09-16 04:42 - 2014-09-16 04:42 - 00126976 _____ () C:\Users\Carl\AppData\Local\Temp\ocrE1A5.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so2014-09-16 04:42 - 2014-09-16 04:42 - 00087552 _____ () C:\Users\Carl\AppData\Local\Temp\ocrE1A5.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so2014-09-16 04:42 - 2014-09-16 04:42 - 00016384 _____ () C:\Users\Carl\AppData\Local\Temp\ocrE1A5.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so2014-09-16 04:42 - 2014-09-16 04:42 - 00127316 _____ () C:\Users\Carl\AppData\Local\Temp\ocrE1A5.tmp\bin\libffi-6.dll2014-09-16 04:42 - 2014-09-16 04:42 - 00008704 _____ () C:\Users\Carl\AppData\Local\Temp\ocrE1A5.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so2014-09-16 04:42 - 2014-09-16 04:42 - 00013312 _____ () C:\Users\Carl\AppData\Local\Temp\ocrE1A5.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so2014-09-16 04:42 - 2014-09-16 04:42 - 00095744 _____ () C:\Users\Carl\AppData\Local\Temp\ocrE1A5.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so2014-09-16 04:42 - 2014-09-16 04:42 - 00026624 _____ () C:\Users\Carl\AppData\Local\Temp\ocrE1A5.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so2014-09-16 04:42 - 2014-09-16 04:42 - 00012800 _____ () C:\Users\Carl\AppData\Local\Temp\ocr644B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so2014-09-16 04:42 - 2014-09-16 04:42 - 00009728 _____ () C:\Users\Carl\AppData\Local\Temp\ocr644B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so2014-09-16 04:42 - 2014-09-16 04:42 - 00014848 _____ () C:\Users\Carl\AppData\Local\Temp\ocr644B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so2014-09-16 04:42 - 2014-09-16 04:42 - 00094208 _____ () C:\Users\Carl\AppData\Local\Temp\ocr644B.tmp\src\rgloader\rgloader193.mswin.so2014-09-16 04:42 - 2014-09-16 04:42 - 00094208 _____ () C:\Users\Carl\AppData\Local\Temp\ocr644B.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so2014-09-16 04:42 - 2014-09-16 04:42 - 00118784 _____ () C:\Users\Carl\AppData\Local\Temp\ocr644B.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so2014-09-16 04:42 - 2014-09-16 04:42 - 00069120 _____ () C:\Users\Carl\AppData\Local\Temp\ocr644B.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so2014-09-16 04:42 - 2014-09-16 04:42 - 00083968 _____ () C:\Users\Carl\AppData\Local\Temp\ocr644B.tmp\bin\zlib1.dll2014-09-16 04:42 - 2014-09-16 04:42 - 00026624 _____ () C:\Users\Carl\AppData\Local\Temp\ocr644B.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so2014-09-16 04:42 - 2014-09-16 04:42 - 00275968 _____ () C:\Users\Carl\AppData\Local\Temp\ocr644B.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so2014-09-16 04:42 - 2014-09-16 04:42 - 00015360 _____ () C:\Users\Carl\AppData\Local\Temp\ocr644B.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so2014-09-16 04:42 - 2014-09-16 04:42 - 00008192 _____ () C:\Users\Carl\AppData\Local\Temp\ocr644B.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so2014-09-16 04:43 - 2014-09-16 04:43 - 00009216 _____ () C:\Users\Carl\AppData\Local\Temp\ocr644B.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so2014-09-16 04:43 - 2014-09-16 04:43 - 00023552 _____ () C:\Users\Carl\AppData\Local\Temp\ocr644B.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so2014-09-16 04:43 - 2014-09-16 04:43 - 00008704 _____ () C:\Users\Carl\AppData\Local\Temp\ocr644B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so2014-09-16 04:42 - 2014-09-16 04:42 - 00008704 _____ () C:\Users\Carl\AppData\Local\Temp\ocr644B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so2014-09-16 04:43 - 2014-09-16 04:43 - 00008704 _____ () C:\Users\Carl\AppData\Local\Temp\ocr644B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so2014-09-16 04:43 - 2014-09-16 04:43 - 00008704 _____ () C:\Users\Carl\AppData\Local\Temp\ocr644B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so2014-09-16 04:43 - 2014-09-16 04:43 - 00036352 _____ () C:\Users\Carl\AppData\Local\Temp\ocr644B.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so2014-09-16 04:43 - 2014-09-16 04:43 - 00126976 _____ () C:\Users\Carl\AppData\Local\Temp\ocr644B.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so2014-09-16 04:43 - 2014-09-16 04:43 - 00087552 _____ () C:\Users\Carl\AppData\Local\Temp\ocr644B.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so2014-09-16 04:43 - 2014-09-16 04:43 - 00016384 _____ () C:\Users\Carl\AppData\Local\Temp\ocr644B.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so2014-09-16 04:42 - 2014-09-16 04:42 - 00127316 _____ () C:\Users\Carl\AppData\Local\Temp\ocr644B.tmp\bin\libffi-6.dll2014-09-16 04:42 - 2014-09-16 04:42 - 00013312 _____ () C:\Users\Carl\AppData\Local\Temp\ocr644B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so2014-09-16 04:42 - 2014-09-16 04:42 - 00095744 _____ () C:\Users\Carl\AppData\Local\Temp\ocr644B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so2014-09-16 04:43 - 2014-09-16 04:43 - 00026624 _____ () C:\Users\Carl\AppData\Local\Temp\ocr644B.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so2014-09-15 20:18 - 2014-09-15 20:18 - 00815104 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\khost.dll2014-09-15 20:18 - 2014-09-15 20:18 - 01198592 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoFoundation.dll2014-09-15 20:18 - 2014-09-15 20:18 - 00745472 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.dll2014-09-15 20:18 - 2014-09-15 20:18 - 01234944 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libxml2.dll2014-09-15 20:18 - 2014-09-15 20:18 - 00059904 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\zlib1.dll2014-09-15 20:18 - 2014-09-15 20:18 - 00200704 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiapp\1.2.0.RC6d\tiappmodule.dll2014-09-15 20:18 - 2014-09-15 20:18 - 00290816 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoUtil.dll2014-09-15 20:18 - 2014-09-15 20:18 - 00511488 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoXML.dll2014-09-15 20:18 - 2014-09-15 20:18 - 00180224 _____ () C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d\tifilesystemmodule.dll2014-09-15 20:18 - 2014-09-15 20:18 - 00344064 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\tiuimodule.dll2014-09-15 20:18 - 2014-09-15 20:18 - 00368640 _____ () C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d\tinetworkmodule.dll2014-09-15 20:18 - 2014-09-15 20:18 - 00642048 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoNet.dll2014-09-15 20:18 - 2014-09-15 20:18 - 00217088 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d\tiprocessmodule.dll2014-09-15 16:16 - 2014-09-03 21:01 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libglesv2.dll2014-09-15 16:16 - 2014-09-03 21:01 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libegl.dll2014-09-15 16:16 - 2014-09-03 21:01 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll2014-09-15 16:16 - 2014-09-03 21:01 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll2014-09-15 16:16 - 2014-09-03 21:01 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll==================== Alternate Data Streams (whitelisted) =========(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)==================== Safe Mode (whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)==================== EXE Association (whitelisted) =============(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)==================== MSCONFIG/TASK MANAGER disabled items =========(Currently there is no automatic fix for this section.)==================== Faulty Device Manager Devices =============Name: Ralink Bluetooth 4.0 AdapterDescription: Ralink Bluetooth 4.0 AdapterClass Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}Manufacturer: Ralink CorporationService: BTHUSBProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.==================== Event log errors: =========================Application errors:==================Error: (09/15/2014 08:17:36 PM) (Source: HP Registration Service) (EventID: 0) (User: )Description: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)     at TaskScheduler.ITaskFolder.DeleteTask(String Name, Int32 flags)   at HPMetrics.ScheduleTask.DeleteTask(String TaskName)Error: (09/15/2014 04:10:41 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program wwahost.exe version 6.2.9200.16420 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.Process ID: cc4Start Time: 01cfd131ccdcff03Termination Time: 4294967295Application Path: C:\Windows\system32\wwahost.exeReport Id: 17ca95d5-3d25-11e4-be73-485ab61ec1c2Faulting package full name: Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbweFaulting package-relative application ID: AppexFinanceError: (09/15/2014 04:10:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: CARLBALDY)Description: Package Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe was terminated because it took too long to suspend.Error: (09/15/2014 03:55:43 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: HPRecovery.exe, version: 11.0.1.0, time stamp: 0x51930359Faulting module name: HPRecovery.exe, version: 11.0.1.0, time stamp: 0x51930359Exception code: 0xc0000005Fault offset: 0x0000000000023b5cFaulting process id: 0x86cFaulting application start time: 0xHPRecovery.exe0Faulting application path: HPRecovery.exe1Faulting module path: HPRecovery.exe2Report Id: HPRecovery.exe3Faulting package full name: HPRecovery.exe4Faulting package-relative application ID: HPRecovery.exe5System errors:=============Error: (09/15/2014 09:29:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 2 time(s).Error: (09/15/2014 09:29:52 PM) (Source: DCOM) (EventID: 10010) (User: CARLBALDY)Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}Error: (09/15/2014 05:42:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 1 time(s).Error: (09/15/2014 04:02:43 PM) (Source: Service Control Manager) (EventID: 7022) (User: )Description: The Windows Search service hung on starting.Error: (09/15/2014 03:54:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: The Network List Service service terminated with the following error: %%21Error: (09/15/2014 03:54:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: The IP Helper service terminated with the following error: %%1058Error: (09/15/2014 03:54:09 PM) (Source: BugCheck) (EventID: 1001) (User: )Description: 0xc000021a (0xfffff8a001edf650, 0xffffffffc0000428, 0xfffff8a00002a690, 0x0000000000000000)C:\Windows\MEMORY.DMP091514-53664-01Error: (11/27/2013 08:43:21 AM) (Source: DCOM) (EventID: 10010) (User: )Description: {9E175B6D-F52A-11D8-B9A5-505054503030}Error: (11/27/2013 08:41:21 AM) (Source: DCOM) (EventID: 10010) (User: )Description: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}Microsoft Office Sessions:=========================Error: (09/15/2014 08:17:36 PM) (Source: HP Registration Service) (EventID: 0) (User: )Description: The system cannot find the file specified. (Exception from HRESULT: 0x80070002)     at TaskScheduler.ITaskFolder.DeleteTask(String Name, Int32 flags)   at HPMetrics.ScheduleTask.DeleteTask(String TaskName)Error: (09/15/2014 04:10:41 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: wwahost.exe6.2.9200.16420cc401cfd131ccdcff034294967295C:\Windows\system32\wwahost.exe17ca95d5-3d25-11e4-be73-485ab61ec1c2Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbweAppexFinanceError: (09/15/2014 04:10:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: CARLBALDY)Description: Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbweError: (09/15/2014 03:55:43 PM) (Source: Application Error) (EventID: 1000) (User: )Description: HPRecovery.exe11.0.1.051930359HPRecovery.exe11.0.1.051930359c00000050000000000023b5c86c01cfd12fcb77f2a8c:\SYSTEM.SAV\ExitProc\util\HPRecovery.exec:\SYSTEM.SAV\ExitProc\util\HPRecovery.exe09cd7c55-3d23-11e4-be72-485ab61ec1c2==================== Memory info =========================== Processor: AMD A4-5000 APU with Radeon(TM) HD Graphics Percentage of memory in use: 52%Total physical RAM: 3554.07 MBAvailable physical RAM: 1683.52 MBTotal Pagefile: 7138.07 MBAvailable Pagefile: 4652.69 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.85 MB==================== Drives ================================Drive c: (Windows) (Fixed) (Total:439.62 GB) (Free:384.67 GB) NTFS ==>[System with boot components (obtained from reading drive)]Drive d: (RECOVERY) (Fixed) (Total:25.37 GB) (Free:2.57 GB) NTFS ==>[System with boot components (obtained from reading drive)]Drive e: (OJ_J46X0) (CDROM) (Total:0.41 GB) (Free:0 GB) CDFS==================== MBR & Partition Table ==========================================================================Disk: 0 (Size: 465.8 GB) (Disk ID: 0324B0BA)Partition: GPT Partition Type.==================== End Of Log ============================

Thanks.

Link to post
Share on other sites

Looks much better.

 

 

Full System Scan with Malwarebytes Antimalware


  • If not existing, please download
Malwarebytes Anti-Malware to your desktop. Double-click the downloaded setup file and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following:

  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

[*]Click Finish.



If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

Well, I've run both scans now -- meaning Malwarebytes and ESET -- and am pasting the logs below.  Note there was a 24-hour lag between scans due to the fact the ESET scan froze midway a couple of times.  I was finally able to complete it overnight.

 

First, the Malwarebytes log:

Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 9/16/2014Scan Time: 8:06:30 AMLogfile: MWBAM_09-16-2014.txtAdministrator: YesVersion: 2.00.2.1012Malware Database: v2014.09.16.04Rootkit Database: v2014.09.15.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 8CPU: x64File System: NTFSUser: CarlScan Type: Threat ScanResult: CompletedObjects Scanned: 335430Time Elapsed: 26 min, 9 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 0(No malicious items detected)Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 0(No malicious items detected)Files: 0(No malicious items detected)Physical Sectors: 0(No malicious items detected)(end)

And now, the ESET log:

C:\Users\Carl\Documents\APNSetup.exe	Win32/Bundled.Toolbar.Ask.E potentially unsafe applicationC:\Windows.old\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\File System\003\t\00\00000000	a variant of Win32/InstalleRex.Q potentially unwanted applicationC:\Windows.old\Users\Carl\AppData\Roaming\ Angry_Birds\ Angry_Birds.exe	a variant of Win32/Toolbar.Iminent.C potentially unwanted application

Thanks!

Link to post
Share on other sites

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.





SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Link to post
Share on other sites

O.K., all three operations--AdwCleaner, JRT and SecurityCheck--are done.  Their log files, in order, are below.

 

AdwCleaner log (AdwCleaner[s0].txt):

# AdwCleaner v3.310 - Report created 17/09/2014 at 20:42:06# Updated 12/09/2014 by Xplode# Operating System : Windows 8  (64 bits)# Username : Carl - CARLBALDY# Running from : C:\Users\Carl\Desktop\adwcleaner_3.310.exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] *****File Deleted : C:\END***** [ Scheduled Tasks ] ********** [ Shortcuts ] *****Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Start Now Technology.lnk***** [ Registry ] ********** [ Browsers ] *****-\\ Internet Explorer v10.0.9200.16537-\\ Google Chrome v37.0.2062.120[ File : C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\preferences ]*************************AdwCleaner[R0].txt - [915 octets] - [17/09/2014 20:39:13]AdwCleaner[S0].txt - [826 octets] - [17/09/2014 20:42:06]########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [885 octets] ##########

JRT log (JRT.txt):

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.1.5 (09.16.2014:1)OS: Windows 8 x64Ran by Carl on Wed 09/17/2014 at 20:51:48.36~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry Values~~~ Registry KeysSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{64E6D209-2D67-4BFA-A76D-05AC8E8CA955}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{64E6D209-2D67-4BFA-A76D-05AC8E8CA955}~~~ Files~~~ Folders~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Wed 09/17/2014 at 20:59:47.86End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SecurityCheck log (checkup.txt):

 Results of screen317's Security Check version 0.99.87     x64 (UAC is enabled)   Internet Explorer 10 [color=red][b]Out of date![/b][/color] [b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u]  Windows Firewall Enabled!  Windows Defender    [size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size] [b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u]  Google Chrome 37.0.2062.120  [b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]   Windows Defender MSMpEng.exe  Windows Defender MSASCui.exe  Windows Defender MsMpEng.exe    Windows Defender MSASCui.exe   [b][u]`````````````````System Health check`````````````````[/b][/u]  Total Fragmentation on Drive C:  % [b][u]````````````````````End of Log``````````````````````[/b][/u] 

Thanks very much.

Link to post
Share on other sites

Your system is clean now! :)

 

 

Internet Explorer out of date

Your version of Internet Explorer is outdated.

  1. Please download IE 11 from here
  2. Save it to your desktop.
  3. Double click on the file on your desktop to start the installation process.
  4. Reboot

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  1. In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  2. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  3. In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process

[*] If there is still something left please delete it manualy.





Delete System Restore Points

To ensure your System Restore Points are free of malware, we will delete all of them but the most recent or create a new one.

On Windows Vista: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows 7/8: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows XP: Please follow these instructions to delete all but the most common System Protection Restore Points.




Temp File Cleaner

We need to download Temp File Cleaner (TFC) by OldTimer:

  • Please download TFC.exe by Oldtimer at one of the two links: Link 1 Link 2
  • Save and close all running applications
  • Double-click on TFC.exe to run the program
  • Click on Start to begin the cleaning process note: this program may close running applications, make your screen disappear temporarily, or require a reboot of your PC - this is normal and part of the cleanup
  • When the scan is complete, if you were not asked to reboot the computer, please do so now

More Information can be found about the tool here: http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/

 

 

 

 

Recommendations: How to protect yourself

  • System Updates
    Please ensure to have automatic updates activated in your control panel.
    For further information and a tutorial, see this Microsoft Support article.
  • Protection
    What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
    Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
    • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
      It will filter unwanted advertising out of the website´s content.
    • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
      It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
      In addition, before accessing a dangerous classified web site, a warning screen is displayed.

    [*]Up to date Software
    Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:

    [*]Backup
    Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system. [*]Behaviour
    The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.

    • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
    • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
    • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
      They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.



Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.