Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trying to root out "PCTechHotline", MyPC Backup, and SystemOptimizer Pro


  • This topic is locked This topic is locked
17 replies to this topic

#1 Urza

Urza

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 06 July 2014 - 04:38 PM

Hello folks, I had no clue what I was signing up for when I gave the magical words "Sure, I'll take a look at it." This system has been through the ringer by the owner (someone I know). I've tried to get as much as I can off but I'm left with some of the more pesky items which are listed in the title.

 

A few notes:

  • MalwareBytes Anti-Malware has been ran numerous times and is now "only" showing a few PUP entries when I run it.
  • I've used Revo Uninstaller to get rid of a lot of things but I hit something interesting when uninstalling a package called "VO". It found thousands of files left behind and once I was done with the uninstall, there were only 2 or 3 programs listed in Revo. One of them being Revo. After the "VO" uninstall, it had gotten rid of things like Microsoft Office, Sql Express, various Microsoft installs, different games that were installed. I mean it really did a number. I was able to restore to an earlier state and proceed from there but I left the "VO" part installed for now.
  • Browser hi-jacking is in place.
  • The "PCTechHotline" issue is one where any window that is opened has a neon green button added to the titlebar that has "PCTechHotline" in it. If you click it, it prompts you to call a number to talk to a "specialist".
  • SystemOptimizer Pro was uninstalled but still shows up.
  • I can't find any packages for PCTechHotline or MyPC Backup.

Thanks in advance!

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16537
Run by Judy at 22:43:10 on 2014-07-05
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3968.2813 [GMT -5:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton AntiVirus *Disabled/Outdated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton AntiVirus *Disabled/Outdated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\dwm.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\21.3.0.12\NAV.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\NST.exe
C:\Program Files (x86)\PCTechHotline\PCTechHotlineSvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Users\Judy\AppData\Roaming\VOPackage\VOsrv.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskhostex.exe
C:\Program Files (x86)\TidyNetwork.com\tidy2start.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\21.3.0.12\NAV.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\NST.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\System32\RuntimeBroker.exe
c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
C:\Windows\System32\TiltWheelMouse.exe
C:\Program Files (x86)\Mobile App Sync\D2MClient.exe
C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe
C:\Program Files (x86)\PCTechHotline\PCTHHook.exe
C:\Program Files (x86)\PCTechHotline\PCTHHook64.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
C:\Program Files (x86)\Cobian Backup 11\cbService.exe
C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
C:\windows\system32\vssvc.exe
C:\windows\System32\svchost.exe -k swprv
C:\Users\Judy\AppData\Roaming\VOPackage\VOPackage.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:tabs
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://search.us.com/?guid={97B2325B-649F-4FFE-A622-CBF7AD9524C1}
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - <orphaned>
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\21.3.0.12\ips\ipsbho.dll
BHO: TidyNetwork.com: {7736C7FA-512D-11E2-B871-DEC36088709B} - 
BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\coieplg.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: TNT2-lbar Toolbar: {89E3A51B-29F1-4FAD-98BD-03D0325E380F} - 
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\coieplg.dll
TB: TNT2-lbar Toolbar: {89E3A51B-29F1-4FAD-98BD-03D0325E380F} - 
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\coieplg.dll
TB: Muvic: {ae07101b-46d4-4a98-af68-0333ea26e113} - 
uRun: [MobileAppSync] "C:\Program Files (x86)\Mobile App Sync\D2MClient.exe"
uRun: [Driver Restore] C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe /applicationMode:systemTray /showWelcome:false
uRun: [fastclean] "C:\Program Files (x86)\FastClean PRO\fastcleanpro.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [PCTechHotline] "C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe" /STARTUP
mRun: [ChromeHelper] C:\Program Files (x86)\Common Files\ChromeHelper\ChromeHelper.exe
mRun: [Cobian Backup 11 interface] "C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe" -service
StartupFolder: C:\Users\Judy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MYPCBA~1.LNK - C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\SOFTWA~1.LNK - C:\Program Files (x86)\Software Updater\SoftwareUpdater.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - 
TCP: NameServer = 208.180.42.68 208.180.42.100
TCP: Interfaces\{694BC613-BE96-4E24-B588-93640DF282EC} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{93578F22-B61D-4E42-9782-08EF2463F0BC} : DHCPNameServer = 208.180.42.68 208.180.42.100
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
IFEO: bitguard.exe - tasklist.exe
IFEO: bprotect.exe - tasklist.exe
IFEO: bpsvc.exe - tasklist.exe
IFEO: browserdefender.exe - tasklist.exe
IFEO: browserprotect.exe - tasklist.exe
x64-mStart Page = hxxp://www.google.com
x64-BHO: {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - <orphaned>
x64-BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.0.47\coieplg.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: TNT2-lbar Toolbar: {89E3A51B-29F1-4FAD-98BD-03D0325E380F} - 
x64-TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.0.47\coieplg.dll
x64-TB: Muvic: {ae07101b-46d4-4a98-af68-0333ea26e113} - 
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [MouseDriver] TiltWheelMouse.exe
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-IFEO: bitguard.exe - tasklist.exe
x64-IFEO: bprotect.exe - tasklist.exe
x64-IFEO: bpsvc.exe - tasklist.exe
x64-IFEO: browserdefender.exe - tasklist.exe
x64-IFEO: browserprotect.exe - tasklist.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\windows\System32\Drivers\NAVx64\1503000.00C\symds64.sys [2014-5-24 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\Drivers\NAVx64\1503000.00C\symefa64.sys [2014-5-24 1148120]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20131101.003\BHDrvx64.sys [2013-11-5 1524824]
R1 ccSet_NAV;NAV Settings Manager;C:\windows\System32\Drivers\NAVx64\1503000.00C\ccsetx64.sys [2014-5-24 162392]
R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\windows\System32\Drivers\NSTx64\7DE07000.02F\ccsetx64.sys [2014-5-22 162392]
R1 CLVirtualDrive;CLVirtualDrive;C:\windows\System32\Drivers\CLVirtualDrive.sys [2013-4-30 92536]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20131115.001\IDSviA64.sys [2013-11-15 521816]
R1 SymIRON;Symantec Iron Driver;C:\windows\System32\Drivers\NAVx64\1503000.00C\ironx64.sys [2014-5-24 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\Drivers\NAVx64\1503000.00C\symnets.sys [2014-5-24 593112]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [2014-7-5 67584]
R2 CobianBackup11;Cobian Backup 11 Gravity;C:\Program Files (x86)\Cobian Backup 11\cbService.exe [2014-7-5 1131008]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160]
R2 HTCMonitorService;HTCMonitorService;C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-4-12 87368]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-4-30 128896]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-4-30 165760]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-7-3 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-7-3 860472]
R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\21.3.0.12\nav.exe [2014-5-24 262968]
R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\nst.exe [2014-5-22 130104]
R2 PCTechHotlineSvc;PCTechHotlineService;C:\Program Files (x86)\PCTechHotline\PCTechHotlineSvc.exe [2014-3-24 701800]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2013-9-14 245832]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-4-30 364416]
R2 vosr;Service Component of VO;C:\Users\Judy\AppData\Roaming\VOPackage\VOsrv.exe [2014-3-21 355328]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-4-30 169752]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\Drivers\mbam.sys [2014-7-3 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\Drivers\MBAMSwissArmy.sys [2014-7-3 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\windows\System32\Drivers\mwac.sys [2014-7-3 64216]
R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2013-2-19 772680]
S3 SWDUMon;SWDUMon;C:\windows\System32\Drivers\SWDUMon.sys [2013-10-23 16152]
S3 t_mouse.sys;HID-compliand device;C:\windows\System32\Drivers\t_mouse.sys [2013-4-9 6144]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\Drivers\usbaapl64.sys [2012-9-28 53760]
S3 WSDScan;WSD Scan Support;C:\windows\System32\Drivers\WSDScan.sys [2013-4-30 23552]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
S4 SymELAM;Symantec ELAM Driver;C:\windows\System32\Drivers\NAVx64\1503000.00C\symelam.sys [2014-5-24 23568]
.
=============== Created Last 30 ================
.
2014-07-06 03:19:05 -------- d-----w- C:\Program Files (x86)\Cobian Backup 11
2014-07-05 21:33:50 -------- d-----w- C:\ProgramData\Activeris
2014-07-05 09:07:02 -------- d-sh--w- C:\found.000
2014-07-05 07:39:06 -------- d-----w- C:\Program Files (x86)\predm
2014-07-05 04:37:09 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2014-07-04 01:40:15 122584 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-07-04 01:40:02 91352 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-07-04 01:40:02 64216 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-07-04 01:40:02 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-07-04 01:40:02 -------- d-----w- C:\ProgramData\Malwarebytes
2014-07-04 01:40:02 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-04 00:45:02 0 ---ha-w- C:\Users\Judy\BIT6E66.tmp
2014-06-29 01:01:03 -------- d-----w- C:\windows\Microsoft Antimalware
2014-06-28 22:06:21 159232 ----a-w- C:\windows\System32\itpcoin8.dll
2014-06-18 13:43:15 -------- d-----w- C:\Users\Judy\AppData\Local\fst_us_108
2014-06-14 08:24:07 -------- d-----w- C:\Users\Judy\AppData\Local\fst_us_99
2014-06-11 16:31:40 283312 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10242.bin
2014-06-11 12:13:06 -------- d-----w- C:\Users\Judy\AppData\Local\fst_us_95
.
==================== Find3M  ====================
.
2014-07-06 03:16:53 570 ----a-w- C:\windows\SysWow64\ff.bin
2014-07-06 02:17:28 552 ----a-w- C:\windows\SysWow64\schtasks.bin
2014-05-26 16:14:29 78336 ----a-w- C:\windows\SysWow64\rp.dll
2014-04-29 12:36:27 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2014-04-29 12:25:38 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-04-28 09:33:58 98040 ----a-w- C:\windows\SysWow64\Packet.dll
2014-04-28 09:33:58 53299 ----a-w- C:\windows\SysWow64\pthreadVC.dll
2014-04-28 09:33:58 370424 ----a-w- C:\windows\System32\wpcap.dll
2014-04-28 09:33:58 36600 ----a-w- C:\windows\System32\drivers\npf.sys
2014-04-28 09:33:58 282360 ----a-w- C:\windows\SysWow64\wpcap.dll
2014-04-28 09:33:58 107768 ----a-w- C:\windows\System32\Packet.dll
2014-04-22 23:47:16 78296 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-22 23:47:16 694232 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 22:43:35.91 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:50 AM

Posted 06 July 2014 - 04:58 PM

Hello 

Urza

,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

2.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Urza

Urza
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 06 July 2014 - 06:07 PM

Hello fireman4it,
 
I must say that I am happily surprised at the speed of your response. Thank you very much for assisting me.
 
Before I post the logs, I wanted to mention one more thing: Due to the problems exhibited by the system, I have avoid placing it on my network. Currently, I'm passing files back and forth by burning cds/dvds. I haven't used a USB stick for the same reasons. Please advise, if you are comfortable in doing so, when you feel it would be safe for me to put it on the network.
 
Now, here are the requested log results (Note that the Post option isn't letting me put all 3 logs in here, perhaps it's too many characters. I'm going to split up the replies):
----------------------AdwCleaner-------------------------------------
# AdwCleaner v3.214 - Report created 06/07/2014 at 00:19:03
# Updated 29/06/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Judy - JUDYGUIDRY
# Running from : E:\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : PCTechHotlineSvc
[#] Service Deleted : qknfd
Service Deleted : vosr
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\SearchProtect
Folder Deleted : C:\ProgramData\Activeris
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\PC Optimizer Pro
Folder Deleted : C:\ProgramData\PCFixSpeed
Folder Deleted : C:\ProgramData\PriceMeterLiveUpdate
Folder Deleted : C:\ProgramData\Systweak
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiDefMedia
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Elite Max
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Optimizer Pro
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\GamesBar
Folder Deleted : C:\Program Files (x86)\HiDefMedia
Folder Deleted : C:\Program Files (x86)\Mobogenie
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\PCTechHotline
Folder Deleted : C:\Program Files (x86)\predm
Folder Deleted : C:\Program Files (x86)\PriceMeterLiveUpdate
Folder Deleted : C:\Program Files (x86)\Software Updater
Folder Deleted : C:\Program Files (x86)\System Optimizer Pro
Folder Deleted : C:\Program Files (x86)\TidyNetwork.com
Folder Deleted : C:\Program Files (x86)\Uniblue
Folder Deleted : C:\windows\Installer\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}
Folder Deleted : C:\windows\SysWOW64\SearchProtect
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Users\Judy\AppData\Local\Conduit
Folder Deleted : C:\Users\Judy\AppData\Local\DefineExt
Folder Deleted : C:\Users\Judy\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Judy\AppData\Local\PriceMeterLiveUpdate
Folder Deleted : C:\Users\Judy\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Judy\AppData\Local\fst_us_108
Folder Deleted : C:\Users\Judy\AppData\Local\fst_us_14
Folder Deleted : C:\Users\Judy\AppData\Local\fst_us_87
Folder Deleted : C:\Users\Judy\AppData\Local\fst_us_95
Folder Deleted : C:\Users\Judy\AppData\Local\fst_us_99
Folder Deleted : C:\Users\Judy\AppData\Local\Temp\AirInstaller
Folder Deleted : C:\Users\Judy\AppData\Local\Temp\mt_ffx
Folder Deleted : C:\Users\Judy\AppData\LocalLow\buenosearch LTD
Folder Deleted : C:\Users\Judy\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Judy\AppData\LocalLow\DataMngr
Folder Deleted : C:\Users\Judy\AppData\LocalLow\iWebar
Folder Deleted : C:\Users\Judy\AppData\LocalLow\Mysearchdial
Folder Deleted : C:\Users\Judy\AppData\LocalLow\Object Browser
Folder Deleted : C:\Users\Judy\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Judy\AppData\LocalLow\Smartbar
Folder Deleted : C:\Users\Judy\AppData\Roaming\Activeris
Folder Deleted : C:\Users\Judy\AppData\Roaming\BabSolution
Folder Deleted : C:\Users\Judy\AppData\Roaming\iSafe
Folder Deleted : C:\Users\Judy\AppData\Roaming\iWin
Folder Deleted : C:\Users\Judy\AppData\Roaming\Optimizer Elite Max
Folder Deleted : C:\Users\Judy\AppData\Roaming\PC Tech Hotline
Folder Deleted : C:\Users\Judy\AppData\Roaming\PriceMeterUpdater
Folder Deleted : C:\Users\Judy\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Judy\AppData\Roaming\VOPackage
Folder Deleted : C:\Users\Judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
Folder Deleted : C:\Users\Judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Deleted : C:\Users\Judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Folder Deleted : C:\Users\Judy\Documents\Mobogenie
Folder Deleted : C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm
Folder Deleted : C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip
File Deleted : C:\Users\Public\Desktop\Advanced System Protector.lnk
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Users\Public\Desktop\RegClean Pro.lnk
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftwareUpdater.lnk
File Deleted : C:\windows\System32\acrisnative64.exe
File Deleted : C:\windows\System32\sasnative64.exe
File Deleted : C:\Users\Judy\daemonprocess.txt
File Deleted : C:\Users\Judy\AppData\Local\AnyProtectScannerSetup.exe
File Deleted : C:\Users\Judy\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Judy\AppData\Roaming\aps.scan.quick.results
File Deleted : C:\Users\Judy\AppData\Roaming\aps.scan.results
File Deleted : C:\Users\Judy\AppData\Roaming\aps.uninstall.scan.results
File Deleted : C:\Users\Judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Deleted : C:\Users\Judy\Desktop\Continue VuuPC Installation.lnk
File Deleted : C:\windows\System32\Tasks\Activeris AntiMalware_startup
File Deleted : C:\windows\System32\Tasks\Advanced System Protector_startup
File Deleted : C:\windows\Tasks\APSnotifierPP1.job
File Deleted : C:\windows\System32\Tasks\APSnotifierPP1
File Deleted : C:\windows\Tasks\APSnotifierPP2.job
File Deleted : C:\windows\System32\Tasks\APSnotifierPP2
File Deleted : C:\windows\Tasks\APSnotifierPP3.job
File Deleted : C:\windows\System32\Tasks\APSnotifierPP3
File Deleted : C:\windows\System32\Tasks\BrowserSafeguard Update Task
File Deleted : C:\windows\Tasks\MySearchDial.job
File Deleted : C:\windows\System32\Tasks\MySearchDial
File Deleted : C:\windows\Tasks\PriceMeterUpdater.job
File Deleted : C:\windows\System32\Tasks\PriceMeterUpdater
File Deleted : C:\windows\System32\Tasks\RegClean Pro
File Deleted : C:\windows\System32\Tasks\SMupdate1
File Deleted : C:\windows\Tasks\SpeedUpMyPC Maintenance.job
File Deleted : C:\windows\System32\Tasks\SpeedUpMyPC Maintenance
File Deleted : C:\windows\Tasks\SpeedUpMyPC Startup.job
File Deleted : C:\windows\System32\Tasks\SpeedUpMyPC Startup
File Deleted : C:\windows\Tasks\FF Watcher {98640F34-8AE9-4B03-AF63-03ED1B0A54B5}.job
File Deleted : C:\windows\System32\Tasks\FF Watcher {98640F34-8AE9-4B03-AF63-03ED1B0A54B5}
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ActiverisAntiMalware_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ActiverisAntiMalware_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [PCTechHotline]
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\webcakeupdater
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{67FCE87F-F3EF-4A3C-87C2-8BD46E68807B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4CC15FBA-46A4-4CB5-BFAF-F2335365AE76}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5B6E533F-F78F-4525-B316-312BAF1295D1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8322EB6E-B594-41F6-A30B-CF3F800E1874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0BDDE35F-64F7-49C3-99B2-404E899C49F7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{24236608-609C-42C5-B13C-A8A3EC921850}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28B1A706-4B97-4EB1-8B32-125042685AD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{33575A26-D9CF-40C6-8A3E-116F17201C7F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4BDFD19F-93D7-49CE-B554-5C215FDC0136}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7307CF0F-7173-4FBF-8649-B149916DD322}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80A5E38C-5F6B-485F-BD97-0B5BE991FAD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9544D727-A26F-4D57-AF38-4496088640EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC4C30BF-7D5F-4EAB-9C2A-454178F079AA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BC6F9C26-93EA-4C6D-A4A7-C1FA333B4BBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E975527B-ABE7-40B3-B5C1-385016913E3B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA4B5B1-6C76-4B20-BCDB-D41A93E79053}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E6772887-C1E1-405E-94BB-D8760A1CF8DF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7736C7FA-512D-11E2-B871-DEC36088709B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7736C7FA-512D-11E2-B871-DEC36088709B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7736C7FA-512D-11E2-B871-DEC36088709B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{708D0DD7-FBC0-4437-B525-C098F450A62C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0BDDE35F-64F7-49C3-99B2-404E899C49F7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{24236608-609C-42C5-B13C-A8A3EC921850}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28B1A706-4B97-4EB1-8B32-125042685AD9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{33575A26-D9CF-40C6-8A3E-116F17201C7F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4BDFD19F-93D7-49CE-B554-5C215FDC0136}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7307CF0F-7173-4FBF-8649-B149916DD322}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{80A5E38C-5F6B-485F-BD97-0B5BE991FAD5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9544D727-A26F-4D57-AF38-4496088640EA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC4C30BF-7D5F-4EAB-9C2A-454178F079AA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BC6F9C26-93EA-4C6D-A4A7-C1FA333B4BBE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E975527B-ABE7-40B3-B5C1-385016913E3B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA4B5B1-6C76-4B20-BCDB-D41A93E79053}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\BABSOLUTION
Key Deleted : HKCU\Software\BrowserSafeguardInstalled
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\distromatic
Key Deleted : HKCU\Software\FreeSoftToday
Key Deleted : HKCU\Software\GOffers
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\Optimizer Elite Max
Key Deleted : HKCU\Software\PriceMeterLiveUpdate
Key Deleted : HKCU\Software\PriceMeterUpdater
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\SoftwareUpdater
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\free_soft_to_day
Key Deleted : HKLM\Software\Free_soft_today
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKLM\Software\installedbrowserextensions
Key Deleted : HKLM\Software\mysearchdial
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\PriceMeterLiveUpdate
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : HKLM\Software\Tutorials
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Deleted : [x64] HKLM\SOFTWARE\installedbrowserextensions
Key Deleted : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : HKLM\Software\Classes\Installer\Features\1708EDD6AB4EB164A86999D0AF0ABE1D
Key Deleted : HKLM\Software\Classes\Installer\Products\1708EDD6AB4EB164A86999D0AF0ABE1D
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
 
-\\ Google Chrome v
 
[ File : C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Extension] : deghekbbihbapplmbffglehkdhkeibbm
Deleted [Extension] : jpmbfleldcgkldadpdinhjjopdfpjfjp
Deleted [Extension] : ljmibnagodajacnnbifpamhggcohblip
 
*************************
 
AdwCleaner[R0].txt - [23511 octets] - [06/07/2014 00:18:28]
AdwCleaner[S0].txt - [21594 octets] - [06/07/2014 00:19:03]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [21655 octets] ##########

----------------------FRST-------------------------------------
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01
Ran by Judy (administrator) on JUDYGUIDRY on 06-07-2014 00:26:27
Running from C:\FRST64
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbService.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.3.0.12\nav.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\nst.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\nst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.3.0.12\nav.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Appcaster) C:\Program Files (x86)\Mobile App Sync\D2MClient.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [MouseDriver] => C:\windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [ChromeHelper] => C:\Program Files (x86)\Common Files\ChromeHelper\ChromeHelper.exe
HKLM-x32\...\Run: [Cobian Backup 11 interface] => C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe [4407808 2013-03-07] (Luis Cobian, CobianSoft)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-06-10] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1136573245-473900340-3302145837-1001\...\Run: [MobileAppSync] => C:\Program Files (x86)\Mobile App Sync\D2MClient.exe [332800 2013-10-20] (Appcaster)
HKU\S-1-5-21-1136573245-473900340-3302145837-1001\...\Run: [Driver Restore] => C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe /applicationMode:systemTray /showWelcome:false
HKU\S-1-5-21-1136573245-473900340-3302145837-1001\...\Run: [fastclean] => "C:\Program Files (x86)\FastClean PRO\fastcleanpro.exe"
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:tabs
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.us.com/?guid={97B2325B-649F-4FFE-A622-CBF7AD9524C1}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
BHO: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.0.47\coIEPlg.dll (Symantec Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: No Name - {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} -  No File
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\coIEPlg.dll (Symantec Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - TNT2-lbar Toolbar - {89E3A51B-29F1-4FAD-98BD-03D0325E380F} - C:\Users\Judy\AppData\Local\TNT2\Profiles\lbar\passport64.dll No File
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.0.47\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - TNT2-lbar Toolbar - {89E3A51B-29F1-4FAD-98BD-03D0325E380F} - C:\Users\Judy\AppData\Local\TNT2\Profiles\lbar\passport.dll No File
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - TNT2-lbar Toolbar - {89E3A51B-29F1-4FAD-98BD-03D0325E380F} - C:\Users\Judy\AppData\Local\TNT2\Profiles\lbar\passport64.dll No File
Toolbar: HKCU - Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.0.47\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll (Oberon-Media )
FF Plugin HKCU: @tightropeinteractive.com/Plugin - C:\Users\Judy\AppData\Local\TNT2\2.0.0.1627\npTNT2.dll No File
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF [2013-10-17]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn [2014-07-06]
 
Chrome: 
=======
CHR HomePage: 
CHR NewTab: "chrome-extension://pkfdkodllekkocndolbbjbnddogjacod/pinnedSearch.htm"
CHR Extension: (Docs) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-04]
CHR Extension: (Google Drive) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-04]
CHR Extension: (Feven 2.2) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdhbagplpkkoeifmpmpdaieomnggppmo [2014-01-12]
CHR Extension: (YouTube) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-04]
CHR Extension: (Google Search) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-04]
CHR Extension: (No Name) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm [2014-03-21]
CHR Extension: (TidyNetwork.com) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecfmpjpgkginnlphabancemomdeocol [2013-08-10]
CHR Extension: (No Name) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip [2014-04-13]
CHR Extension: (Norton Identity Protection) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-08-04]
CHR Extension: (Gmail) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-04]
CHR Extension: (TNT2-lbar Toolbar) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkfdkodllekkocndolbbjbnddogjacod [2013-08-10]
CHR HKCU\...\Chrome\Extension: [bpfboklmeiefoedekjeigdcnfbpjeaii] - C:\Users\Judy\AppData\Local\CRE\bpfboklmeiefoedekjeigdcnfbpjeaii.crx [2013-08-08]
CHR HKLM-x32\...\Chrome\Extension: [bpfboklmeiefoedekjeigdcnfbpjeaii] - C:\Users\Judy\AppData\Local\CRE\bpfboklmeiefoedekjeigdcnfbpjeaii.crx [2013-08-08]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\Exts\Chrome.crx [2014-05-22]
 
==================== Services (Whitelisted) =================
 
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 CobianBackup11; C:\Program Files (x86)\Cobian Backup 11\cbService.exe [1131008 2013-03-07] (Luis Cobian, CobianSoft) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-04-12] (Nero AG)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.3.0.12\NAV.exe [262968 2014-05-11] (Symantec Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\NST.exe [130104 2014-05-14] (Symantec Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832 2013-09-14] (Realtek Semiconductor)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20131101.003\BHDrvx64.sys [1524824 2013-10-22] (Symantec Corporation)
R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1503000.00C\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07000.02F\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-10-04] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20131115.001\IDSvia64.sys [521816 2013-10-28] (Symantec Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20131116.006\ENG64.SYS [126040 2013-11-13] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20131116.006\EX64.SYS [2099288 2013-11-13] (Symantec Corporation)
R2 npf; C:\windows\System32\drivers\npf.sys [36600 2014-04-28] (Riverbed Technology, Inc.)
S3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1503000.00C\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1503000.00C\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2013-10-23] ()
R0 SymDS; C:\Windows\System32\drivers\NAVx64\1503000.00C\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NAVx64\1503000.00C\SymELAM.sys [23568 2013-09-09] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-10-17] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1503000.00C\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1503000.00C\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
S3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-06 00:26 - 2014-07-06 00:26 - 00000000 ____D () C:\FRST64
2014-07-06 00:25 - 2014-07-06 00:25 - 00000000 ____D () C:\New folder
2014-07-06 00:24 - 2014-07-06 00:26 - 00000000 ____D () C:\FRST
2014-07-06 00:18 - 2014-07-06 00:19 - 00000000 ____D () C:\AdwCleaner
2014-07-05 22:43 - 2014-07-05 22:43 - 00015687 _____ () C:\Users\Judy\Desktop\dds.txt
2014-07-05 22:43 - 2014-07-05 22:43 - 00008954 _____ () C:\Users\Judy\Desktop\attach.txt
2014-07-05 22:42 - 2014-07-06 15:36 - 00688992 ____R (Swearware) C:\Users\Judy\Desktop\dds (1).com
2014-07-05 22:19 - 2014-07-05 22:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2014-07-05 22:19 - 2014-07-05 22:19 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-07-05 04:07 - 2014-07-05 04:07 - 00000000 __SHD () C:\found.000
2014-07-04 23:37 - 2014-07-04 23:37 - 00001271 _____ () C:\Users\Judy\Desktop\Revo Uninstaller.lnk
2014-07-04 23:37 - 2014-07-04 23:37 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-03 20:40 - 2014-07-06 00:20 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-03 20:40 - 2014-07-03 20:40 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-03 20:40 - 2014-07-03 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-03 20:40 - 2014-07-03 20:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-03 20:40 - 2014-07-03 20:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-03 20:40 - 2014-05-12 07:35 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-07-03 20:40 - 2014-05-12 07:35 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-07-03 20:40 - 2014-05-12 07:35 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-07-03 19:45 - 2014-07-03 19:45 - 00000000 ____H () C:\Users\Judy\BIT6E66.tmp
2014-06-28 20:01 - 2014-06-28 22:03 - 00000000 ____D () C:\windows\Microsoft Antimalware
2014-06-28 17:06 - 2006-07-04 13:01 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\itpcoin8.dll
 
==================== One Month Modified Files and Folders =======
 
2014-07-06 15:36 - 2014-07-05 22:42 - 00688992 ____R (Swearware) C:\Users\Judy\Desktop\dds (1).com
2014-07-06 00:26 - 2014-07-06 00:26 - 00000000 ____D () C:\FRST64
2014-07-06 00:26 - 2014-07-06 00:24 - 00000000 ____D () C:\FRST
2014-07-06 00:26 - 2013-07-05 18:49 - 00003596 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1136573245-473900340-3302145837-1001
2014-07-06 00:25 - 2014-07-06 00:25 - 00000000 ____D () C:\New folder
2014-07-06 00:23 - 2013-07-05 18:40 - 01657330 _____ () C:\windows\WindowsUpdate.log
2014-07-06 00:20 - 2014-07-03 20:40 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-06 00:20 - 2014-03-21 21:04 - 00003100 _____ () C:\windows\Tasks\HQTotalS-chromeinstaller.job
2014-07-06 00:20 - 2014-03-21 21:04 - 00002538 _____ () C:\windows\Tasks\HQTotalS-firefoxinstaller.job
2014-07-06 00:20 - 2014-03-21 21:04 - 00001510 _____ () C:\windows\Tasks\HQTotalS-updater.job
2014-07-06 00:20 - 2014-03-21 21:04 - 00001464 _____ () C:\windows\Tasks\HQTotalS-codedownloader.job
2014-07-06 00:20 - 2014-03-21 21:04 - 00001364 _____ () C:\windows\Tasks\HQTotalS-enabler.job
2014-07-06 00:20 - 2014-02-11 17:11 - 00000434 _____ () C:\windows\Tasks\PC Optimizer Pro64 startups.job
2014-07-06 00:20 - 2013-09-01 11:13 - 00000000 ____D () C:\Users\Judy\AppData\Local\HTC MediaHub
2014-07-06 00:20 - 2012-08-10 18:49 - 01511922 _____ () C:\windows\PFRO.log
2014-07-06 00:20 - 2012-07-26 02:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-06 00:19 - 2014-07-06 00:18 - 00000000 ____D () C:\AdwCleaner
2014-07-06 00:19 - 2013-07-05 18:39 - 00000000 ____D () C:\Users\Judy
2014-07-06 00:19 - 2012-07-26 00:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-07-05 23:32 - 2013-08-03 20:45 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-07-05 23:00 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\sru
2014-07-05 22:43 - 2014-07-05 22:43 - 00015687 _____ () C:\Users\Judy\Desktop\dds.txt
2014-07-05 22:43 - 2014-07-05 22:43 - 00008954 _____ () C:\Users\Judy\Desktop\attach.txt
2014-07-05 22:19 - 2014-07-05 22:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2014-07-05 22:19 - 2014-07-05 22:19 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-07-05 22:16 - 2014-03-25 21:51 - 00000570 _____ () C:\windows\SysWOW64\ff.bin
2014-07-05 21:20 - 2012-07-26 02:28 - 00876558 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-05 21:17 - 2014-03-25 21:46 - 00000552 _____ () C:\windows\SysWOW64\schtasks.bin
2014-07-05 21:17 - 2014-03-24 19:02 - 00003322 _____ () C:\windows\System32\Tasks\SuperFastPC_AutorunOnStartup
2014-07-05 20:42 - 2014-03-24 19:29 - 00000000 ____D () C:\Program Files (x86)\PC Driver Kit
2014-07-05 20:42 - 2014-01-21 12:14 - 00000000 ____D () C:\Program Files (x86)\YTDownloader
2014-07-05 20:42 - 2013-08-03 20:45 - 00000000 ____D () C:\ProgramData\Yahoo! Companion
2014-07-05 20:41 - 2013-08-03 20:45 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-07-05 20:40 - 2013-08-03 20:45 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-07-05 20:36 - 2013-07-08 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Weather Channel
2014-07-05 18:55 - 2014-01-21 12:14 - 00000000 ____D () C:\ProgramData\SearchModule
2014-07-05 18:55 - 2014-01-21 12:14 - 00000000 ____D () C:\Program Files\Common Files\Goobzo
2014-07-05 18:55 - 2013-07-05 18:42 - 00001449 _____ () C:\Users\Judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-05 18:54 - 2014-03-21 21:03 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-07-05 18:53 - 2014-03-24 19:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Fix Speed with PC Tech Hotline
2014-07-05 18:52 - 2014-03-24 19:29 - 00000000 ____D () C:\Users\Judy\AppData\Roaming\PC Driver Kit
2014-07-05 18:49 - 2014-04-11 00:37 - 00000000 ____D () C:\ProgramData\iWin Games
2014-07-05 16:45 - 2013-09-01 11:12 - 00032322 _____ () C:\windows\DPINST.LOG
2014-07-05 16:45 - 2013-09-01 11:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
2014-07-05 16:43 - 2013-08-03 20:46 - 00000000 ____D () C:\Users\Judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yahoo US
2014-07-05 16:39 - 2014-03-24 18:56 - 00000000 ____D () C:\ProgramData\Driver Restore
2014-07-05 16:38 - 2013-10-31 09:26 - 00000000 ____D () C:\Users\Judy\AppData\Local\CrashDumps
2014-07-05 04:20 - 2014-04-11 00:37 - 00000000 ____D () C:\Users\Judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iWin.com Games
2014-07-05 04:20 - 2014-03-24 18:59 - 00000000 ____D () C:\Users\Judy\AppData\Local\PC_Drivers_Headquarters
2014-07-05 04:20 - 2013-07-05 18:40 - 00000000 ___RD () C:\Users\Judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-07-05 04:20 - 2013-07-05 18:40 - 00000000 ___RD () C:\Users\Judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-05 04:20 - 2013-07-05 18:40 - 00000000 ___RD () C:\Users\Judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-05 04:20 - 2013-07-05 18:40 - 00000000 ____D () C:\Users\Judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-05 04:20 - 2012-07-26 03:12 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2014-07-05 04:20 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\SysWOW64\GroupPolicy
2014-07-05 04:17 - 2014-04-11 00:37 - 00000000 ____D () C:\Program Files (x86)\iWin.com Games
2014-07-05 04:17 - 2013-09-01 11:12 - 00000000 ____D () C:\Program Files (x86)\HTC
2014-07-05 04:16 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\registration
2014-07-05 04:07 - 2014-07-05 04:07 - 00000000 __SHD () C:\found.000
2014-07-04 23:37 - 2014-07-04 23:37 - 00001271 _____ () C:\Users\Judy\Desktop\Revo Uninstaller.lnk
2014-07-04 23:37 - 2014-07-04 23:37 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-04 15:56 - 2012-07-26 02:20 - 00000000 ____D () C:\windows\Setup
2014-07-04 05:29 - 2014-03-22 22:34 - 00001350 _____ () C:\Users\Judy\Desktop\Clean Registry for Free!.lnk
2014-07-04 05:07 - 2012-07-26 00:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-07-03 20:40 - 2014-07-03 20:40 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-03 20:40 - 2014-07-03 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-03 20:40 - 2014-07-03 20:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-03 20:40 - 2014-07-03 20:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-03 19:45 - 2014-07-03 19:45 - 00000000 ____H () C:\Users\Judy\BIT6E66.tmp
2014-07-03 19:45 - 2014-03-16 12:04 - 00003162 _____ () C:\windows\System32\Tasks\HPCeeScheduleForJudy
2014-07-03 19:45 - 2014-03-16 12:04 - 00000350 _____ () C:\windows\Tasks\HPCeeScheduleForJudy.job
2014-07-01 19:04 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-06-28 22:03 - 2014-06-28 20:01 - 00000000 ____D () C:\windows\Microsoft Antimalware
2014-06-28 21:54 - 2014-04-13 03:58 - 00000000 ____D () C:\temp
2014-06-14 07:13 - 2013-08-24 07:39 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2014-06-14 07:13 - 2013-08-24 07:39 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-06-13 03:34 - 2012-07-26 02:59 - 00000000 ____D () C:\windows\CbsTemp
2014-06-13 03:29 - 2013-08-15 03:08 - 00000000 ____D () C:\windows\system32\MRT
2014-06-13 03:26 - 2013-07-12 03:44 - 95414520 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
 
Some content of TEMP:
====================
C:\Users\Judy\AppData\Local\Temp\8B01_HiDefMedia-1.1.12-win32B.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_135579_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_17267_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_191196_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_195308_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_195366_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_212734_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_223336_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_226898_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_232743_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_249747_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_251091_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_252874_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_2536_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_263682_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_276224_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_299472_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_299498_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_301891_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_306702_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_334131_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_337480_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_392769_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_414910_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_421998_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_438024_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_454871_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_459157_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_461775_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_475986_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_493555_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_520132_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_527768_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_541121_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_544959_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_577022_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_577057_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_597960_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_610532_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_635541_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_646731_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_654714_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_666039_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_674152_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_70366_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_707929_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_740169_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_759455_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_771260_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_792115_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_805058_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_816595_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_829334_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_842843_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_852576_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_906573_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_922043_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_923934_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_924514_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_958052_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_981855_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_991889_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_995095_setup.exe
C:\Users\Judy\AppData\Local\Temp\air293B.exe
C:\Users\Judy\AppData\Local\Temp\air2DD7.exe
C:\Users\Judy\AppData\Local\Temp\air3BE5.exe
C:\Users\Judy\AppData\Local\Temp\air3E63.exe
C:\Users\Judy\AppData\Local\Temp\air5F1.exe
C:\Users\Judy\AppData\Local\Temp\air6025.exe
C:\Users\Judy\AppData\Local\Temp\air61A1.exe
C:\Users\Judy\AppData\Local\Temp\air6965.exe
C:\Users\Judy\AppData\Local\Temp\air6F6B.exe
C:\Users\Judy\AppData\Local\Temp\air8DE3.exe
C:\Users\Judy\AppData\Local\Temp\airB2EF.exe
C:\Users\Judy\AppData\Local\Temp\airB2F3.exe
C:\Users\Judy\AppData\Local\Temp\airB36B.exe
C:\Users\Judy\AppData\Local\Temp\airB831.exe
C:\Users\Judy\AppData\Local\Temp\airBCA7.exe
C:\Users\Judy\AppData\Local\Temp\airBD2B.exe
C:\Users\Judy\AppData\Local\Temp\airC3C1.exe
C:\Users\Judy\AppData\Local\Temp\airC450.exe
C:\Users\Judy\AppData\Local\Temp\airC6C1.exe
C:\Users\Judy\AppData\Local\Temp\airD6FF.exe
C:\Users\Judy\AppData\Local\Temp\airE7D4.exe
C:\Users\Judy\AppData\Local\Temp\airEF90.exe
C:\Users\Judy\AppData\Local\Temp\airEFDB.exe
C:\Users\Judy\AppData\Local\Temp\airF73F.exe
C:\Users\Judy\AppData\Local\Temp\BackupSetup.exe
C:\Users\Judy\AppData\Local\Temp\BC9E_SoftwareUpdaterSetupD.exe
C:\Users\Judy\AppData\Local\Temp\bfguni.exe
C:\Users\Judy\AppData\Local\Temp\C451_FPPSetup.exe
C:\Users\Judy\AppData\Local\Temp\checktbexist.exe
C:\Users\Judy\AppData\Local\Temp\dufgmr4c.exe
C:\Users\Judy\AppData\Local\Temp\Extract.exe
C:\Users\Judy\AppData\Local\Temp\FastFreeConverterUpdt_v5.5.exe
C:\Users\Judy\AppData\Local\Temp\helper.exe
C:\Users\Judy\AppData\Local\Temp\IEHistory.exe
C:\Users\Judy\AppData\Local\Temp\InstalledPrograms.exe
C:\Users\Judy\AppData\Local\Temp\nsaCE26.exe
C:\Users\Judy\AppData\Local\Temp\nsc7CD5.exe
C:\Users\Judy\AppData\Local\Temp\nsd5790.exe
C:\Users\Judy\AppData\Local\Temp\nsdA263.exe
C:\Users\Judy\AppData\Local\Temp\nsh54B9.exe
C:\Users\Judy\AppData\Local\Temp\nsiC673.exe
C:\Users\Judy\AppData\Local\Temp\nsn574A.exe
C:\Users\Judy\AppData\Local\Temp\nsr384C.exe
C:\Users\Judy\AppData\Local\Temp\nsr7B5D.exe
C:\Users\Judy\AppData\Local\Temp\oi_{593962EB-6485-45E4-B1F4-37DDB4E560AB}.exe
C:\Users\Judy\AppData\Local\Temp\PreferencesJson.exe
C:\Users\Judy\AppData\Local\Temp\Quarantine.exe
C:\Users\Judy\AppData\Local\Temp\SecondStepInstaller.exe
C:\Users\Judy\AppData\Local\Temp\setup.exe
C:\Users\Judy\AppData\Local\Temp\SfpcHelper_installFinish.exe
C:\Users\Judy\AppData\Local\Temp\SfpcHelper_installStart.exe
C:\Users\Judy\AppData\Local\Temp\SP62523.exe
C:\Users\Judy\AppData\Local\Temp\SP63146.exe
C:\Users\Judy\AppData\Local\Temp\sp64126.exe
C:\Users\Judy\AppData\Local\Temp\SPSetup.exe
C:\Users\Judy\AppData\Local\Temp\SPStub.exe
C:\Users\Judy\AppData\Local\Temp\sqlite3.exe
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite10610.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite11154.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite13184.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite13281.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite19279.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite19486.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite19502.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite22311.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite22553.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite25251.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite26621.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite26870.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite28942.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite31993.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite32757.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite34320.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite35797.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite36240.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite37290.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite38466.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite40764.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite41249.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite41662.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite41971.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite42449.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite42457.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite44015.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite46172.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite46881.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite46976.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite47490.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite48301.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite49317.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite50203.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite52590.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite53201.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite54015.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite54589.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite64438.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite69721.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite72554.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite75593.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite76456.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite76479.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite76952.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite77159.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite77529.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite77626.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite78823.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite79428.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite81021.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite81404.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite85688.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite86551.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite86734.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite87268.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite89025.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite91022.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite94430.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite95554.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite96088.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite96308.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite97736.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite99024.dll
C:\Users\Judy\AppData\Local\Temp\ToolbarHelper.exe
C:\Users\Judy\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Judy\AppData\Local\Temp\Upgrader.exe
C:\Users\Judy\AppData\Local\Temp\vcredist_x64.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-06-26 03:00
 
==================== End Of Log ============================
----------------------FRST-Addition-------------------------------------
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-07-2014 01
Ran by Judy at 2014-07-06 00:26:48
Running from C:\FRST64
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton AntiVirus (Disabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton AntiVirus (Disabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
100% Hidden Objects (x32 Version: 3.0.2.51 - WildTangent) Hidden
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
7-Zip 9.21 (HKLM-x32\...\{23170F69-40C1-2701-0921-000001000000}) (Version: 9.21.00.0 - Igor Pavlov)
Adobe Flash Player 11 Plugin (HKLM-x32\...\{3D3085B0-BC4D-4559-B0AE-F5C879DEFFC4}) (Version: 11.3.300.257 - Adobe Systems Incorporated)
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bejeweled Twist 1.0 (HKLM-x32\...\Bejeweled Twist 1.0) (Version: 1.0 - PopCap Games)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.5901 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.3.5901 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.3.2509 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.3.2509 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2301 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.3.2301 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.5511 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.8.5511 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HiDef Media Player 1.1.12 (HKLM-x32\...\HiDef Media Player) (Version: 1.1.12 - HiDefMedia)
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Postscript Converter (Version: 4.0.4100 - Hewlett-Packard) Hidden
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6263.4289 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HTC Sync Manager (HKLM-x32\...\{F838C3DD-5785-4F19-AD0F-BD532C8A31F4}) (Version: 2.1.55.0 - HTC)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Jane Austen's Estate of Affairs (x32 Version: 3.0.2.51 - WildTangent) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Legends of Mystery (HKLM-x32\...\Legends_0) (Version:  - On Hand Software)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mahjong Quest 2 (remove only) (HKLM-x32\...\Mahjong Quest 2) (Version:  - )
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2011.0627 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Mobile App Sync (HKLM-x32\...\Mobile App Sync) (Version:  - Mobile App Sync)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mystery Valley (x32 Version: 2.2.0.110 - WildTangent) Hidden
Norton AntiVirus (HKLM-x32\...\NAV) (Version: 21.3.0.12 - Symantec Corporation)
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.0.47 - Symantec Corporation)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6942 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.6208 - CyberLink Corp.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Restore Points  =========================
 
04-07-2014 00:23:45 Removed FastClean PRO
05-07-2014 04:38:18 Revo Uninstaller's restore point - Activeris AntiMalware
05-07-2014 09:11:08 Restore Operation
 
==================== Hosts content: ==========================
 
2012-07-26 00:26 - 2012-07-26 00:26 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {00F1B1BB-B223-48E9-B161-5B79F950220E} - \APSnotifierPP3 No Task File <==== ATTENTION
Task: {02AF1B5F-BF3C-4145-91B5-AAF11F900CE8} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton AntiVirus\Engine\21.3.0.12\WSCStub.exe [2014-05-10] (Symantec Corporation)
Task: {0702502F-170E-4794-89A0-43814E7AE515} - System32\Tasks\HPCeeScheduleForJudy => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {0B58B2C6-C918-4FA6-B3CE-CAB6585152B0} - \PCHelpers_period No Task File <==== ATTENTION
Task: {15FCE1E4-80A5-47C9-A0C4-EE8720179048} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1E01B813-76B1-4F23-96CE-B032A6934959} - \BrowserSafeguard Update Task No Task File <==== ATTENTION
Task: {22917774-9188-4E42-9D21-F70F5FB49A86} - System32\Tasks\Driver Restore-RTMScan => C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe
Task: {22A71955-BEAF-4AB7-A92F-877D7CDF068A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-06-13] (Microsoft Corporation)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {27673A8C-8119-4C87-AF5B-EAE5F2D0F04F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {2808276F-763D-4ECE-B02F-0027965B0029} - System32\Tasks\HQTotalS-updater => C:\Program Files (x86)\HQTotalS\HQTotalS-updater.exe
Task: {29ADB6E2-6980-44D2-9146-71E46DC3C829} - \SMupdate1 No Task File <==== ATTENTION
Task: {2D5D641D-E9DF-4924-B9F1-3DFB7478D0A1} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe
Task: {3290F613-B5F4-45B5-80D7-65064F73F030} - \FF Watcher {98640F34-8AE9-4B03-AF63-03ED1B0A54B5} No Task File <==== ATTENTION
Task: {3B2688FE-C319-4525-A771-EFA28184FE7A} - \APSnotifierPP2 No Task File <==== ATTENTION
Task: {3CE69115-3B0F-4B12-9DCB-22CFF6895214} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-01-30] (Microsoft Corporation)
Task: {3F469B18-8D67-4CB1-8459-905F96496AA3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {43FBE9B6-1687-4081-937B-B62623E22D78} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3
Task: {487DBC73-6394-441B-A5EC-CF54B0040A31} - \MySearchDial No Task File <==== ATTENTION
Task: {4EEF5ADA-619F-4B39-819E-AED1B120251A} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-11-01] (CyberLink Corp.)
Task: {58BACC91-AC10-4376-9FAC-A00193626B51} - System32\Tasks\SuperFastPC_AutorunOnStartup => C:\Program Files (x86)\System Optimizer Pro\SystemOptimizerPro.exe <==== ATTENTION
Task: {66CB398D-918B-4036-84F8-2A9D977CB654} - \RegClean Pro No Task File <==== ATTENTION
Task: {6A35C1A0-A127-4B53-B74E-D74F9628AFA7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {6D155AE2-5328-4CB0-AC35-51D3BB3C4FFF} - System32\Tasks\HQTotalS-enabler => C:\Program Files (x86)\HQTotalS\HQTotalS-enabler.exe <==== ATTENTION
Task: {704E198E-545A-4284-B3B0-C5B633D85CB6} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-03] (Adobe Systems Incorporated)
Task: {773AD113-A259-43F6-9C2E-F58C369034D0} - System32\Tasks\HQTotalS-codedownloader => C:\Program Files (x86)\HQTotalS\HQTotalS-codedownloader.exe
Task: {840B59EF-810C-4B41-B0C3-E7E6C9648A6B} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {8689F96E-8571-476A-831D-C66A565F1C50} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {8825D8E9-398A-4A77-BD66-4A6A0374E1DB} - \APSnotifierPP1 No Task File <==== ATTENTION
Task: {8F27DAF3-F606-4693-B734-EB24AB5846C6} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {93658202-AFAC-4A02-AB6E-848BBE8F1043} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {938EF6E1-076E-4631-8742-7984237A8355} - System32\Tasks\Driver Restore-RTMUpdater => C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe
Task: {9BF8497E-3380-43F6-8092-C7D1155612FF} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-11-01] (CyberLink)
Task: {9EFCDCFD-B678-47A1-8FC2-6D2EA5000962} - System32\Tasks\ComputerSpeedOptimizer_Popup => C:\Program Files (x86)\Computer Speed Optimizer\Splash.exe
Task: {A0E1695C-8093-4B08-8C89-46DF29079A88} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\Pogo Games\PogoDGC.exe
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {B378DAEA-973D-4A99-A990-AEE337DA8CB4} - \Advanced System Protector_startup No Task File <==== ATTENTION
Task: {B6A3C84B-729B-457A-860E-818CBB2A8266} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {B89F5768-B775-4CC3-88A8-44C344D54FE4} - System32\Tasks\Driver Restore-RTMScanRunOnce => C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe
Task: {BAB51943-2A5A-4AE1-B53C-A7BC8D5FF109} - System32\Tasks\ComputerSpeedOptimizer_Start => C:\Program Files (x86)\Computer Speed Optimizer\ComputerSpeedOptimizer.exe
Task: {BB7AD7C4-2C6E-49A7-8466-DF2CE4A38436} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C2604D29-0C76-4667-9D67-E1D38051B990} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.47\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CDDB1D34-6661-42F9-AA04-2DDACBE17167} - System32\Tasks\HQTotalS-firefoxinstaller => C:\Program Files (x86)\HQTotalS\HQTotalS-firefoxinstaller.exe
Task: {DEAA9C65-1A8C-4B46-AE48-A528E1E64E70} - \PCHelpers1st No Task File <==== ATTENTION
Task: {E8864D28-44D2-488E-BC1D-0E9E73C2DC5D} - \Activeris AntiMalware_startup No Task File <==== ATTENTION
Task: {EB868BA5-0C20-4840-B516-CE783C6D592E} - \PriceMeterUpdater No Task File <==== ATTENTION
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {ECF48F7D-F6A5-49EC-90E4-91CD8C3CA4DC} - System32\Tasks\Driver Restore-RTMRules => C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe
Task: {EDBBE5D3-D762-40CF-806A-0BB00FD02377} - System32\Tasks\HQTotalS-chromeinstaller => C:\Program Files (x86)\HQTotalS\HQTotalS-chromeinstaller.exe
Task: {F6B49F03-BC51-4334-BA95-7EBDF786D5B8} - System32\Tasks\TidyNetwork Metro => C:\Program Files (x86)\TidyNetwork.com\tidy2start.exe
Task: {F761AB2A-3BBB-4FA9-B255-9FF87BEBC527} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2
Task: {FB4FA9A0-F322-42D5-A8CB-9203F37B5155} - System32\Tasks\TidyNetwork Update => C:\Users\Judy\AppData\Local\TidyNetwork.com\tidy2update.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\HPCeeScheduleForJudy.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\windows\Tasks\HQTotalS-chromeinstaller.job => C:\Program Files (x86)\HQTotalS\HQTotalS-chromeinstaller.exe
Task: C:\windows\Tasks\HQTotalS-codedownloader.job => C:\Program Files (x86)\HQTotalS\HQTotalS-codedownloader.exe
Task: C:\windows\Tasks\HQTotalS-enabler.job => C:\Program Files (x86)\HQTotalS\HQTotalS-enabler.exe <==== ATTENTION
Task: C:\windows\Tasks\HQTotalS-firefoxinstaller.job => C:\Program Files (x86)\HQTotalS\HQTotalS-firefoxinstaller.exe
Task: C:\windows\Tasks\HQTotalS-updater.job => C:\Program Files (x86)\HQTotalS\HQTotalS-updater.exe
Task: C:\windows\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
 
==================== Loaded Modules (whitelisted) =============
 
2013-08-15 18:19 - 2013-08-15 18:19 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2012-12-13 11:38 - 2012-12-13 11:38 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-15 18:17 - 2013-08-15 18:17 - 00030056 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2013-08-15 18:18 - 2013-08-15 18:18 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2013-08-15 18:18 - 2013-08-15 18:18 - 00044392 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2013-08-15 18:18 - 2013-08-15 18:18 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2013-08-15 18:19 - 2013-08-15 18:19 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2013-08-15 18:25 - 2013-08-15 18:25 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2013-04-30 14:01 - 2012-06-07 22:34 - 00627216 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-04-30 13:57 - 2012-07-18 03:50 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\Temp:02DD996C
AlternateDataStreams: C:\ProgramData\Temp:04BC9A2C
AlternateDataStreams: C:\ProgramData\Temp:09AEED56
AlternateDataStreams: C:\ProgramData\Temp:0C2F9CC7
AlternateDataStreams: C:\ProgramData\Temp:0F64164E
AlternateDataStreams: C:\ProgramData\Temp:11590865
AlternateDataStreams: C:\ProgramData\Temp:123A86B5
AlternateDataStreams: C:\ProgramData\Temp:16A4620C
AlternateDataStreams: C:\ProgramData\Temp:186F8A82
AlternateDataStreams: C:\ProgramData\Temp:1A15E356
AlternateDataStreams: C:\ProgramData\Temp:1A8FDBA3
AlternateDataStreams: C:\ProgramData\Temp:1DB77A89
AlternateDataStreams: C:\ProgramData\Temp:1E17A249
AlternateDataStreams: C:\ProgramData\Temp:206470A5
AlternateDataStreams: C:\ProgramData\Temp:2701CA70
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:2E33E4A6
AlternateDataStreams: C:\ProgramData\Temp:30A9192A
AlternateDataStreams: C:\ProgramData\Temp:330B710D
AlternateDataStreams: C:\ProgramData\Temp:363E775E
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:394EB021
AlternateDataStreams: C:\ProgramData\Temp:395F6776
AlternateDataStreams: C:\ProgramData\Temp:413177C4
AlternateDataStreams: C:\ProgramData\Temp:460638C7
AlternateDataStreams: C:\ProgramData\Temp:4673E9EA
AlternateDataStreams: C:\ProgramData\Temp:48862C37
AlternateDataStreams: C:\ProgramData\Temp:494E4266
AlternateDataStreams: C:\ProgramData\Temp:4B6A9FDA
AlternateDataStreams: C:\ProgramData\Temp:5133A494
AlternateDataStreams: C:\ProgramData\Temp:55F44B88
AlternateDataStreams: C:\ProgramData\Temp:56699AAF
AlternateDataStreams: C:\ProgramData\Temp:57173DB4
AlternateDataStreams: C:\ProgramData\Temp:57B374AB
AlternateDataStreams: C:\ProgramData\Temp:583FE1DA
AlternateDataStreams: C:\ProgramData\Temp:5E73E1C2
AlternateDataStreams: C:\ProgramData\Temp:67FC3CEB
AlternateDataStreams: C:\ProgramData\Temp:6C74C778
AlternateDataStreams: C:\ProgramData\Temp:6CF828C2
AlternateDataStreams: C:\ProgramData\Temp:7247FE29
AlternateDataStreams: C:\ProgramData\Temp:78E0DF72
AlternateDataStreams: C:\ProgramData\Temp:79A7F369
AlternateDataStreams: C:\ProgramData\Temp:7B52659E
AlternateDataStreams: C:\ProgramData\Temp:7BA83BF4
AlternateDataStreams: C:\ProgramData\Temp:7FA0D639
AlternateDataStreams: C:\ProgramData\Temp:82756AB7
AlternateDataStreams: C:\ProgramData\Temp:86B7FDDB
AlternateDataStreams: C:\ProgramData\Temp:8751B175
AlternateDataStreams: C:\ProgramData\Temp:88FB7F72
AlternateDataStreams: C:\ProgramData\Temp:8999FD56
AlternateDataStreams: C:\ProgramData\Temp:89CF6F9C
AlternateDataStreams: C:\ProgramData\Temp:8E11CC80
AlternateDataStreams: C:\ProgramData\Temp:8E7F155B
AlternateDataStreams: C:\ProgramData\Temp:92BD9737
AlternateDataStreams: C:\ProgramData\Temp:95079543
AlternateDataStreams: C:\ProgramData\Temp:97427454
AlternateDataStreams: C:\ProgramData\Temp:993185CB
AlternateDataStreams: C:\ProgramData\Temp:A02025CE
AlternateDataStreams: C:\ProgramData\Temp:A20F1AF8
AlternateDataStreams: C:\ProgramData\Temp:A745DB5D
AlternateDataStreams: C:\ProgramData\Temp:A774141A
AlternateDataStreams: C:\ProgramData\Temp:A9562832
AlternateDataStreams: C:\ProgramData\Temp:A9EBEE99
AlternateDataStreams: C:\ProgramData\Temp:AE34D87E
AlternateDataStreams: C:\ProgramData\Temp:BA516E94
AlternateDataStreams: C:\ProgramData\Temp:C2F24DB5
AlternateDataStreams: C:\ProgramData\Temp:C46848E8
AlternateDataStreams: C:\ProgramData\Temp:C76D8487
AlternateDataStreams: C:\ProgramData\Temp:CA7E8F16
AlternateDataStreams: C:\ProgramData\Temp:D7D0B4AF
AlternateDataStreams: C:\ProgramData\Temp:D8A1AC56
AlternateDataStreams: C:\ProgramData\Temp:DE6EED8B
AlternateDataStreams: C:\ProgramData\Temp:E1D06077
AlternateDataStreams: C:\ProgramData\Temp:E32966C0
AlternateDataStreams: C:\ProgramData\Temp:E774F04D
AlternateDataStreams: C:\ProgramData\Temp:E7B4296D
AlternateDataStreams: C:\ProgramData\Temp:E87AB4E3
AlternateDataStreams: C:\ProgramData\Temp:E8B61305
AlternateDataStreams: C:\ProgramData\Temp:E9C2F553
AlternateDataStreams: C:\ProgramData\Temp:ED92736E
AlternateDataStreams: C:\ProgramData\Temp:FBD274CF
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
HKCU\...\StartupApproved\Run: => "Optimizer Pro"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/06/2014 00:19:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine IMultiInterfaceEventControl::GetSubscriptions.  hr = 0x80010108, The object invoked has disconnected from its clients.
.
 
Error: (07/05/2014 11:21:04 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {6f24da68-b976-4948-b4fd-2c59c99babde}
 
Error: (07/05/2014 10:27:51 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {6f24da68-b976-4948-b4fd-2c59c99babde}
 
Error: (07/05/2014 10:17:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemOptimizerPro.exe version 1.0.2.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: e8c
 
Start Time: 01cf98c064fada87
 
Termination Time: 4294967295
 
Application Path: C:\Program Files (x86)\System Optimizer Pro\SystemOptimizerPro.exe
 
Report Id: 06f9a5ec-04bc-11e4-beb0-7c050734d7ca
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (07/05/2014 08:49:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemOptimizerPro.exe version 1.0.2.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 12b4
 
Start Time: 01cf98bbf086e334
 
Termination Time: 4294967295
 
Application Path: C:\Program Files (x86)\System Optimizer Pro\SystemOptimizerPro.exe
 
Report Id: c9d66a1d-04af-11e4-beae-7c050734d7ca
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (07/05/2014 06:50:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program TWCApp.exe version 7.6.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 10d0
 
Start Time: 01cf98ab595723b8
 
Termination Time: 4294967295
 
Application Path: C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe
 
Report Id: 185cac81-049f-11e4-bead-7c050734d7ca
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (07/05/2014 06:50:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemOptimizerPro.exe version 1.0.2.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1068
 
Start Time: 01cf98ab5bc59994
 
Termination Time: 4294967295
 
Application Path: C:\Program Files (x86)\System Optimizer Pro\SystemOptimizerPro.exe
 
Report Id: 16a29c16-049f-11e4-bead-7c050734d7ca
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (07/05/2014 04:46:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: smu.exe, version: 2.1.0.80, time stamp: 0x5371b9eb
Faulting module name: ntdll.dll, version: 6.2.9200.16579, time stamp: 0x51637f77
Exception code: 0xc0000374
Fault offset: 0x00000000000ebd59
Faulting process id: 0x82c
Faulting application start time: 0xsmu.exe0
Faulting application path: smu.exe1
Faulting module path: smu.exe2
Report Id: smu.exe3
Faulting package full name: smu.exe4
Faulting package-relative application ID: smu.exe5
 
Error: (07/05/2014 04:39:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ActiverisAntiMalware.exe version 1.0.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: ce8
 
Start Time: 01cf9898ba98b743
 
Termination Time: 4294967295
 
Application Path: C:\Program Files (x86)\Activeris AntiMalware\ActiverisAntiMalware.exe
 
Report Id: e5444e88-048c-11e4-beac-7c050734d7ca
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (07/05/2014 04:38:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 6.2.9200.16384, time stamp: 0x50109e4e
Faulting module name: SysMenu.dll, version: 1.0.0.5, time stamp: 0x52b449c7
Exception code: 0xc0000005
Fault offset: 0x0006ce5c
Faulting process id: 0x1620
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3
Faulting package full name: rundll32.exe4
Faulting package-relative application ID: rundll32.exe5
 
 
System errors:
=============
Error: (07/06/2014 00:19:42 AM) (Source: DCOM) (EventID: 10010) (User: JUDYGUIDRY)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (07/05/2014 04:46:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Search Module Update service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/05/2014 04:45:42 PM) (Source: DCOM) (EventID: 10010) (User: JUDYGUIDRY)
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}
 
Error: (07/05/2014 04:23:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Search Module Update service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/04/2014 11:44:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Search Module Update service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/04/2014 03:57:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Search Module Update service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/04/2014 05:26:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Norton AntiVirus service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (07/04/2014 05:26:38 AM) (Source: Ntfs) (EventID: 131) (User: NT AUTHORITY)
Description: The file system structure on volume C: cannot be corrected.
Please run the chkdsk utility on the volume C:.
 
Error: (07/04/2014 05:08:00 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Search Module Update service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/04/2014 05:07:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WajamUpdaterV3 service failed to start due to the following error: 
%%1053
 
 
Microsoft Office Sessions:
=========================
Error: (07/06/2014 00:19:44 AM) (Source: VSS) (EventID: 8193) (User: )
Description: IMultiInterfaceEventControl::GetSubscriptions0x80010108, The object invoked has disconnected from its clients.
 
Error: (07/05/2014 11:21:04 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {6f24da68-b976-4948-b4fd-2c59c99babde}
 
Error: (07/05/2014 10:27:51 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {6f24da68-b976-4948-b4fd-2c59c99babde}
 
Error: (07/05/2014 10:17:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SystemOptimizerPro.exe1.0.2.0e8c01cf98c064fada874294967295C:\Program Files (x86)\System Optimizer Pro\SystemOptimizerPro.exe06f9a5ec-04bc-11e4-beb0-7c050734d7ca
 
Error: (07/05/2014 08:49:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SystemOptimizerPro.exe1.0.2.012b401cf98bbf086e3344294967295C:\Program Files (x86)\System Optimizer Pro\SystemOptimizerPro.exec9d66a1d-04af-11e4-beae-7c050734d7ca
 
Error: (07/05/2014 06:50:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: TWCApp.exe7.6.0.010d001cf98ab595723b84294967295C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe185cac81-049f-11e4-bead-7c050734d7ca
 
Error: (07/05/2014 06:50:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SystemOptimizerPro.exe1.0.2.0106801cf98ab5bc599944294967295C:\Program Files (x86)\System Optimizer Pro\SystemOptimizerPro.exe16a29c16-049f-11e4-bead-7c050734d7ca
 
Error: (07/05/2014 04:46:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: smu.exe2.1.0.805371b9ebntdll.dll6.2.9200.1657951637f77c000037400000000000ebd5982c01cf989a98c000e3C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exeC:\windows\SYSTEM32\ntdll.dlldbf29a76-048d-11e4-bead-7c050734d7ca
 
Error: (07/05/2014 04:39:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: ActiverisAntiMalware.exe1.0.0.1ce801cf9898ba98b7434294967295C:\Program Files (x86)\Activeris AntiMalware\ActiverisAntiMalware.exee5444e88-048c-11e4-beac-7c050734d7ca
 
Error: (07/05/2014 04:38:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe6.2.9200.1638450109e4eSysMenu.dll1.0.0.552b449c7c00000050006ce5c162001cf98996e16dbfcC:\windows\SysWOW64\rundll32.exeC:\PROGRA~1\COMMON~1\System\SysMenu.dllabe4c930-048c-11e4-beac-7c050734d7ca
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 32%
Total physical RAM: 3967.77 MB
Available physical RAM: 2687.72 MB
Total Pagefile: 7423.77 MB
Available Pagefile: 6067.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:914.58 GB) (Free:858.12 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:15.46 GB) (Free:1.92 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 8B27467F)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:50 AM

Posted 06 July 2014 - 07:45 PM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   18.61KB   1 downloads

 

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 Urza

Urza
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 06 July 2014 - 09:22 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-07-2014 01
Ran by Judy at 2014-07-06 03:46:35 Run:1
Running from C:\FRST64
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-1136573245-473900340-3302145837-1001\...\Run: [fastclean] => "C:\Program Files (x86)\FastClean PRO\fastcleanpro.exe"
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKU\S-1-5-21-1136573245-473900340-3302145837-1001\...\Run: [Driver Restore] => C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe /applicationMode:systemTray /showWelcome:false
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
BHO-x32: No Name - {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} -  No File
Toolbar: HKLM - TNT2-lbar Toolbar - {89E3A51B-29F1-4FAD-98BD-03D0325E380F} - C:\Users\Judy\AppData\Local\TNT2\Profiles\lbar\passport64.dll No File
Toolbar: HKLM-x32 - TNT2-lbar Toolbar - {89E3A51B-29F1-4FAD-98BD-03D0325E380F} - C:\Users\Judy\AppData\Local\TNT2\Profiles\lbar\passport.dll No File
Toolbar: HKCU - TNT2-lbar Toolbar - {89E3A51B-29F1-4FAD-98BD-03D0325E380F} - C:\Users\Judy\AppData\Local\TNT2\Profiles\lbar\passport64.dll No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
FF Plugin HKCU: @tightropeinteractive.com/Plugin - C:\Users\Judy\AppData\Local\TNT2\2.0.0.1627\npTNT2.dll No File
C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkfdkodllekkocndolbbjbnddogjacod
2014-07-03 19:45 - 2014-07-03 19:45 - 00000000 ____H () C:\Users\Judy\BIT6E66.tmp
2014-07-05 18:55 - 2014-01-21 12:14 - 00000000 ____D () C:\Program Files\Common Files\Goobzo
C:\Users\Judy\AppData\Local\Temp\8B01_HiDefMedia-1.1.12-win32B.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_135579_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_17267_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_191196_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_195308_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_195366_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_212734_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_223336_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_226898_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_232743_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_249747_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_251091_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_252874_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_2536_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_263682_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_276224_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_299472_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_299498_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_301891_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_306702_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_334131_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_337480_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_392769_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_414910_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_421998_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_438024_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_454871_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_459157_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_461775_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_475986_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_493555_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_520132_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_527768_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_541121_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_544959_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_577022_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_577057_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_597960_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_610532_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_635541_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_646731_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_654714_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_666039_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_674152_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_70366_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_707929_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_740169_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_759455_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_771260_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_792115_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_805058_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_816595_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_829334_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_842843_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_852576_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_906573_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_922043_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_923934_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_924514_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_958052_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_981855_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_991889_setup.exe
C:\Users\Judy\AppData\Local\Temp\afgytdrp_995095_setup.exe
C:\Users\Judy\AppData\Local\Temp\air293B.exe
C:\Users\Judy\AppData\Local\Temp\air2DD7.exe
C:\Users\Judy\AppData\Local\Temp\air3BE5.exe
C:\Users\Judy\AppData\Local\Temp\air3E63.exe
C:\Users\Judy\AppData\Local\Temp\air5F1.exe
C:\Users\Judy\AppData\Local\Temp\air6025.exe
C:\Users\Judy\AppData\Local\Temp\air61A1.exe
C:\Users\Judy\AppData\Local\Temp\air6965.exe
C:\Users\Judy\AppData\Local\Temp\air6F6B.exe
C:\Users\Judy\AppData\Local\Temp\air8DE3.exe
C:\Users\Judy\AppData\Local\Temp\airB2EF.exe
C:\Users\Judy\AppData\Local\Temp\airB2F3.exe
C:\Users\Judy\AppData\Local\Temp\airB36B.exe
C:\Users\Judy\AppData\Local\Temp\airB831.exe
C:\Users\Judy\AppData\Local\Temp\airBCA7.exe
C:\Users\Judy\AppData\Local\Temp\airBD2B.exe
C:\Users\Judy\AppData\Local\Temp\airC3C1.exe
C:\Users\Judy\AppData\Local\Temp\airC450.exe
C:\Users\Judy\AppData\Local\Temp\airC6C1.exe
C:\Users\Judy\AppData\Local\Temp\airD6FF.exe
C:\Users\Judy\AppData\Local\Temp\airE7D4.exe
C:\Users\Judy\AppData\Local\Temp\airEF90.exe
C:\Users\Judy\AppData\Local\Temp\airEFDB.exe
C:\Users\Judy\AppData\Local\Temp\airF73F.exe
C:\Users\Judy\AppData\Local\Temp\BackupSetup.exe
C:\Users\Judy\AppData\Local\Temp\BC9E_SoftwareUpdaterSetupD.exe
C:\Users\Judy\AppData\Local\Temp\bfguni.exe
C:\Users\Judy\AppData\Local\Temp\C451_FPPSetup.exe
C:\Users\Judy\AppData\Local\Temp\checktbexist.exe
C:\Users\Judy\AppData\Local\Temp\dufgmr4c.exe
C:\Users\Judy\AppData\Local\Temp\Extract.exe
C:\Users\Judy\AppData\Local\Temp\FastFreeConverterUpdt_v5.5.exe
C:\Users\Judy\AppData\Local\Temp\helper.exe
C:\Users\Judy\AppData\Local\Temp\IEHistory.exe
C:\Users\Judy\AppData\Local\Temp\InstalledPrograms.exe
C:\Users\Judy\AppData\Local\Temp\nsaCE26.exe
C:\Users\Judy\AppData\Local\Temp\nsc7CD5.exe
C:\Users\Judy\AppData\Local\Temp\nsd5790.exe
C:\Users\Judy\AppData\Local\Temp\nsdA263.exe
C:\Users\Judy\AppData\Local\Temp\nsh54B9.exe
C:\Users\Judy\AppData\Local\Temp\nsiC673.exe
C:\Users\Judy\AppData\Local\Temp\nsn574A.exe
C:\Users\Judy\AppData\Local\Temp\nsr384C.exe
C:\Users\Judy\AppData\Local\Temp\nsr7B5D.exe
C:\Users\Judy\AppData\Local\Temp\oi_{593962EB-6485-45E4-B1F4-37DDB4E560AB}.exe
C:\Users\Judy\AppData\Local\Temp\PreferencesJson.exe
C:\Users\Judy\AppData\Local\Temp\Quarantine.exe
C:\Users\Judy\AppData\Local\Temp\SecondStepInstaller.exe
C:\Users\Judy\AppData\Local\Temp\setup.exe
C:\Users\Judy\AppData\Local\Temp\SfpcHelper_installFinish.exe
C:\Users\Judy\AppData\Local\Temp\SfpcHelper_installStart.exe
C:\Users\Judy\AppData\Local\Temp\SP62523.exe
C:\Users\Judy\AppData\Local\Temp\SP63146.exe
C:\Users\Judy\AppData\Local\Temp\sp64126.exe
C:\Users\Judy\AppData\Local\Temp\SPSetup.exe
C:\Users\Judy\AppData\Local\Temp\SPStub.exe
C:\Users\Judy\AppData\Local\Temp\sqlite3.exe
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite10610.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite11154.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite13184.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite13281.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite19279.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite19486.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite19502.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite22311.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite22553.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite25251.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite26621.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite26870.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite28942.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite31993.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite32757.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite34320.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite35797.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite36240.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite37290.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite38466.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite40764.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite41249.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite41662.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite41971.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite42449.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite42457.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite44015.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite46172.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite46881.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite46976.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite47490.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite48301.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite49317.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite50203.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite52590.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite53201.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite54015.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite54589.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite64438.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite69721.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite72554.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite75593.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite76456.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite76479.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite76952.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite77159.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite77529.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite77626.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite78823.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite79428.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite81021.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite81404.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite85688.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite86551.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite86734.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite87268.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite89025.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite91022.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite94430.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite95554.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite96088.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite96308.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite97736.dll
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite99024.dll
C:\Users\Judy\AppData\Local\Temp\ToolbarHelper.exe
C:\Users\Judy\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Judy\AppData\Local\Temp\Upgrader.exe
C:\Users\Judy\AppData\Local\Temp\vcredist_x64.exe
Task: {00F1B1BB-B223-48E9-B161-5B79F950220E} - \APSnotifierPP3 No Task File <==== ATTENTION
Task: {0B58B2C6-C918-4FA6-B3CE-CAB6585152B0} - \PCHelpers_period No Task File <==== ATTENTION
Task: {1E01B813-76B1-4F23-96CE-B032A6934959} - \BrowserSafeguard Update Task No Task File <==== ATTENTION
Task: {29ADB6E2-6980-44D2-9146-71E46DC3C829} - \SMupdate1 No Task File <==== ATTENTION
Task: {3290F613-B5F4-45B5-80D7-65064F73F030} - \FF Watcher {98640F34-8AE9-4B03-AF63-03ED1B0A54B5} No Task File <==== ATTENTION
Task: {3B2688FE-C319-4525-A771-EFA28184FE7A} - \APSnotifierPP2 No Task File <==== ATTENTION
Task: {487DBC73-6394-441B-A5EC-CF54B0040A31} - \MySearchDial No Task File <==== ATTENTION
Task: {58BACC91-AC10-4376-9FAC-A00193626B51} - System32\Tasks\SuperFastPC_AutorunOnStartup => C:\Program Files (x86)\System Optimizer Pro\SystemOptimizerPro.exe <==== ATTENTION
Task: {66CB398D-918B-4036-84F8-2A9D977CB654} - \RegClean Pro No Task File <==== ATTENTION
Task: {8825D8E9-398A-4A77-BD66-4A6A0374E1DB} - \APSnotifierPP1 No Task File <==== ATTENTION
Task: {93658202-AFAC-4A02-AB6E-848BBE8F1043} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {B378DAEA-973D-4A99-A990-AEE337DA8CB4} - \Advanced System Protector_startup No Task File <==== ATTENTION
Task: {DEAA9C65-1A8C-4B46-AE48-A528E1E64E70} - \PCHelpers1st No Task File <==== ATTENTION
Task: {E8864D28-44D2-488E-BC1D-0E9E73C2DC5D} - \Activeris AntiMalware_startup No Task File <==== ATTENTION
Task: {EB868BA5-0C20-4840-B516-CE783C6D592E} - \PriceMeterUpdater No Task File <==== ATTENTION
Task: C:\windows\Tasks\HQTotalS-enabler.job => C:\Program Files (x86)\HQTotalS\HQTotalS-enabler.exe <==== ATTENTION
Task: C:\windows\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:02DD996C
AlternateDataStreams: C:\ProgramData\Temp:04BC9A2C
AlternateDataStreams: C:\ProgramData\Temp:09AEED56
AlternateDataStreams: C:\ProgramData\Temp:0C2F9CC7
AlternateDataStreams: C:\ProgramData\Temp:0F64164E
AlternateDataStreams: C:\ProgramData\Temp:11590865
AlternateDataStreams: C:\ProgramData\Temp:123A86B5
AlternateDataStreams: C:\ProgramData\Temp:16A4620C
AlternateDataStreams: C:\ProgramData\Temp:186F8A82
AlternateDataStreams: C:\ProgramData\Temp:1A15E356
AlternateDataStreams: C:\ProgramData\Temp:1A8FDBA3
AlternateDataStreams: C:\ProgramData\Temp:1DB77A89
AlternateDataStreams: C:\ProgramData\Temp:1E17A249
AlternateDataStreams: C:\ProgramData\Temp:206470A5
AlternateDataStreams: C:\ProgramData\Temp:2701CA70
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:2E33E4A6
AlternateDataStreams: C:\ProgramData\Temp:30A9192A
AlternateDataStreams: C:\ProgramData\Temp:330B710D
AlternateDataStreams: C:\ProgramData\Temp:363E775E
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:394EB021
AlternateDataStreams: C:\ProgramData\Temp:395F6776
AlternateDataStreams: C:\ProgramData\Temp:413177C4
AlternateDataStreams: C:\ProgramData\Temp:460638C7
AlternateDataStreams: C:\ProgramData\Temp:4673E9EA
AlternateDataStreams: C:\ProgramData\Temp:48862C37
AlternateDataStreams: C:\ProgramData\Temp:494E4266
AlternateDataStreams: C:\ProgramData\Temp:4B6A9FDA
AlternateDataStreams: C:\ProgramData\Temp:5133A494
AlternateDataStreams: C:\ProgramData\Temp:55F44B88
AlternateDataStreams: C:\ProgramData\Temp:56699AAF
AlternateDataStreams: C:\ProgramData\Temp:57173DB4
AlternateDataStreams: C:\ProgramData\Temp:57B374AB
AlternateDataStreams: C:\ProgramData\Temp:583FE1DA
AlternateDataStreams: C:\ProgramData\Temp:5E73E1C2
AlternateDataStreams: C:\ProgramData\Temp:67FC3CEB
AlternateDataStreams: C:\ProgramData\Temp:6C74C778
AlternateDataStreams: C:\ProgramData\Temp:6CF828C2
AlternateDataStreams: C:\ProgramData\Temp:7247FE29
AlternateDataStreams: C:\ProgramData\Temp:78E0DF72
AlternateDataStreams: C:\ProgramData\Temp:79A7F369
AlternateDataStreams: C:\ProgramData\Temp:7B52659E
AlternateDataStreams: C:\ProgramData\Temp:7BA83BF4
AlternateDataStreams: C:\ProgramData\Temp:7FA0D639
AlternateDataStreams: C:\ProgramData\Temp:82756AB7
AlternateDataStreams: C:\ProgramData\Temp:86B7FDDB
AlternateDataStreams: C:\ProgramData\Temp:8751B175
AlternateDataStreams: C:\ProgramData\Temp:88FB7F72
AlternateDataStreams: C:\ProgramData\Temp:8999FD56
AlternateDataStreams: C:\ProgramData\Temp:89CF6F9C
AlternateDataStreams: C:\ProgramData\Temp:8E11CC80
AlternateDataStreams: C:\ProgramData\Temp:8E7F155B
AlternateDataStreams: C:\ProgramData\Temp:92BD9737
AlternateDataStreams: C:\ProgramData\Temp:95079543
AlternateDataStreams: C:\ProgramData\Temp:97427454
AlternateDataStreams: C:\ProgramData\Temp:993185CB
AlternateDataStreams: C:\ProgramData\Temp:A02025CE
AlternateDataStreams: C:\ProgramData\Temp:A20F1AF8
AlternateDataStreams: C:\ProgramData\Temp:A745DB5D
AlternateDataStreams: C:\ProgramData\Temp:A774141A
AlternateDataStreams: C:\ProgramData\Temp:A9562832
AlternateDataStreams: C:\ProgramData\Temp:A9EBEE99
AlternateDataStreams: C:\ProgramData\Temp:AE34D87E
AlternateDataStreams: C:\ProgramData\Temp:BA516E94
AlternateDataStreams: C:\ProgramData\Temp:C2F24DB5
AlternateDataStreams: C:\ProgramData\Temp:C46848E8
AlternateDataStreams: C:\ProgramData\Temp:C76D8487
AlternateDataStreams: C:\ProgramData\Temp:CA7E8F16
AlternateDataStreams: C:\ProgramData\Temp:D7D0B4AF
AlternateDataStreams: C:\ProgramData\Temp:D8A1AC56
AlternateDataStreams: C:\ProgramData\Temp:DE6EED8B
AlternateDataStreams: C:\ProgramData\Temp:E1D06077
AlternateDataStreams: C:\ProgramData\Temp:E32966C0
AlternateDataStreams: C:\ProgramData\Temp:E774F04D
AlternateDataStreams: C:\ProgramData\Temp:E7B4296D
AlternateDataStreams: C:\ProgramData\Temp:E87AB4E3
AlternateDataStreams: C:\ProgramData\Temp:E8B61305
AlternateDataStreams: C:\ProgramData\Temp:E9C2F553
AlternateDataStreams: C:\ProgramData\Temp:ED92736E
AlternateDataStreams: C:\ProgramData\Temp:FBD274CF
HKCU\...\StartupApproved\Run: => "Optimizer Pro"
 
*****************
 
HKU\S-1-5-21-1136573245-473900340-3302145837-1001\Software\Microsoft\Windows\CurrentVersion\Run\\fastclean => value deleted successfully.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}'=> Key not found.
'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1' => Key deleted successfully.
'HKLM\Software\Wow6432Node\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}'=> Key not found.
'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2' => Key deleted successfully.
'HKLM\Software\Wow6432Node\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}'=> Key not found.
'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3' => Key deleted successfully.
'HKLM\Software\Wow6432Node\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}'=> Key not found.
C:\windows\system32\GroupPolicy\Machine => Moved successfully.
C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKU\S-1-5-21-1136573245-473900340-3302145837-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Driver Restore => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}' => Key deleted successfully.
'HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB}'=> Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{89E3A51B-29F1-4FAD-98BD-03D0325E380F} => value deleted successfully.
'HKCR\CLSID\{89E3A51B-29F1-4FAD-98BD-03D0325E380F}' => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{89E3A51B-29F1-4FAD-98BD-03D0325E380F} => value deleted successfully.
'HKCR\Wow6432Node\CLSID\{89E3A51B-29F1-4FAD-98BD-03D0325E380F}' => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{89E3A51B-29F1-4FAD-98BD-03D0325E380F} => value deleted successfully.
'HKCR\CLSID\{89E3A51B-29F1-4FAD-98BD-03D0325E380F}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{6A060448-60F9-11D5-A6CD-0002B31F7455}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{6A060448-60F9-11D5-A6CD-0002B31F7455}' => Key deleted successfully.
'HKCU\Software\MozillaPlugins\@tightropeinteractive.com/Plugin' => Key deleted successfully.
C:\Users\Judy\AppData\Local\TNT2\2.0.0.1627\npTNT2.dll not found.
C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkfdkodllekkocndolbbjbnddogjacod => Moved successfully.
C:\Users\Judy\BIT6E66.tmp => Moved successfully.
C:\Program Files\Common Files\Goobzo => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\8B01_HiDefMedia-1.1.12-win32B.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_135579_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_17267_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_191196_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_195308_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_195366_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_212734_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_223336_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_226898_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_232743_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_249747_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_251091_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_252874_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_2536_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_263682_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_276224_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_299472_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_299498_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_301891_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_306702_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_334131_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_337480_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_392769_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_414910_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_421998_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_438024_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_454871_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_459157_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_461775_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_475986_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_493555_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_520132_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_527768_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_541121_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_544959_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_577022_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_577057_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_597960_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_610532_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_635541_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_646731_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_654714_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_666039_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_674152_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_70366_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_707929_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_740169_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_759455_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_771260_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_792115_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_805058_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_816595_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_829334_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_842843_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_852576_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_906573_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_922043_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_923934_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_924514_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_958052_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_981855_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_991889_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\afgytdrp_995095_setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\air293B.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\air2DD7.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\air3BE5.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\air3E63.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\air5F1.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\air6025.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\air61A1.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\air6965.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\air6F6B.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\air8DE3.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\airB2EF.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\airB2F3.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\airB36B.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\airB831.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\airBCA7.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\airBD2B.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\airC3C1.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\airC450.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\airC6C1.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\airD6FF.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\airE7D4.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\airEF90.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\airEFDB.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\airF73F.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\BC9E_SoftwareUpdaterSetupD.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\bfguni.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\C451_FPPSetup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\checktbexist.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\dufgmr4c.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\Extract.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\FastFreeConverterUpdt_v5.5.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\helper.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\IEHistory.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\InstalledPrograms.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\nsaCE26.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\nsc7CD5.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\nsd5790.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\nsdA263.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\nsh54B9.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\nsiC673.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\nsn574A.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\nsr384C.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\nsr7B5D.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\oi_{593962EB-6485-45E4-B1F4-37DDB4E560AB}.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\PreferencesJson.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\SecondStepInstaller.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\setup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\SfpcHelper_installFinish.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\SfpcHelper_installStart.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\SP62523.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\SP63146.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\sp64126.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\SPSetup.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\SPStub.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\sqlite3.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite10610.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite11154.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite13184.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite13281.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite19279.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite19486.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite19502.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite22311.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite22553.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite25251.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite26621.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite26870.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite28942.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite31993.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite32757.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite34320.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite35797.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite36240.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite37290.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite38466.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite40764.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite41249.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite41662.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite41971.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite42449.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite42457.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite44015.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite46172.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite46881.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite46976.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite47490.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite48301.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite49317.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite50203.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite52590.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite53201.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite54015.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite54589.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite64438.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite69721.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite72554.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite75593.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite76456.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite76479.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite76952.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite77159.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite77529.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite77626.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite78823.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite79428.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite81021.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite81404.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite85688.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite86551.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite86734.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite87268.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite89025.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite91022.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite94430.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite95554.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite96088.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite96308.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite97736.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\System.Data.SQLite99024.dll => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\ToolbarHelper.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\UninstallHPSA.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\Upgrader.exe => Moved successfully.
C:\Users\Judy\AppData\Local\Temp\vcredist_x64.exe => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{00F1B1BB-B223-48E9-B161-5B79F950220E}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00F1B1BB-B223-48E9-B161-5B79F950220E}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B58B2C6-C918-4FA6-B3CE-CAB6585152B0}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B58B2C6-C918-4FA6-B3CE-CAB6585152B0}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCHelpers_period' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1E01B813-76B1-4F23-96CE-B032A6934959}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E01B813-76B1-4F23-96CE-B032A6934959}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserSafeguard Update Task' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{29ADB6E2-6980-44D2-9146-71E46DC3C829}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29ADB6E2-6980-44D2-9146-71E46DC3C829}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMupdate1' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3290F613-B5F4-45B5-80D7-65064F73F030}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3290F613-B5F4-45B5-80D7-65064F73F030}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FF Watcher {98640F34-8AE9-4B03-AF63-03ED1B0A54B5}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3B2688FE-C319-4525-A771-EFA28184FE7A}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B2688FE-C319-4525-A771-EFA28184FE7A}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{487DBC73-6394-441B-A5EC-CF54B0040A31}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{487DBC73-6394-441B-A5EC-CF54B0040A31}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MySearchDial' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{58BACC91-AC10-4376-9FAC-A00193626B51}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58BACC91-AC10-4376-9FAC-A00193626B51}' => Key deleted successfully.
C:\Windows\System32\Tasks\SuperFastPC_AutorunOnStartup => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SuperFastPC_AutorunOnStartup' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{66CB398D-918B-4036-84F8-2A9D977CB654}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66CB398D-918B-4036-84F8-2A9D977CB654}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8825D8E9-398A-4A77-BD66-4A6A0374E1DB}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8825D8E9-398A-4A77-BD66-4A6A0374E1DB}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{93658202-AFAC-4A02-AB6E-848BBE8F1043}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93658202-AFAC-4A02-AB6E-848BBE8F1043}' => Key deleted successfully.
C:\Windows\System32\Tasks\PC Optimizer Pro64 startups => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Optimizer Pro64 startups' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B378DAEA-973D-4A99-A990-AEE337DA8CB4}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B378DAEA-973D-4A99-A990-AEE337DA8CB4}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector_startup' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DEAA9C65-1A8C-4B46-AE48-A528E1E64E70}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DEAA9C65-1A8C-4B46-AE48-A528E1E64E70}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCHelpers1st' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E8864D28-44D2-488E-BC1D-0E9E73C2DC5D}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8864D28-44D2-488E-BC1D-0E9E73C2DC5D}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Activeris AntiMalware_startup' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EB868BA5-0C20-4840-B516-CE783C6D592E}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB868BA5-0C20-4840-B516-CE783C6D592E}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PriceMeterUpdater' => Key deleted successfully.
C:\windows\Tasks\HQTotalS-enabler.job => Moved successfully.
C:\windows\Tasks\PC Optimizer Pro64 startups.job => Moved successfully.
C:\ProgramData\Temp => ":02DD996C" ADS removed successfully.
C:\ProgramData\Temp => ":04BC9A2C" ADS removed successfully.
C:\ProgramData\Temp => ":09AEED56" ADS removed successfully.
C:\ProgramData\Temp => ":0C2F9CC7" ADS removed successfully.
C:\ProgramData\Temp => ":0F64164E" ADS removed successfully.
C:\ProgramData\Temp => ":11590865" ADS removed successfully.
C:\ProgramData\Temp => ":123A86B5" ADS removed successfully.
C:\ProgramData\Temp => ":16A4620C" ADS removed successfully.
C:\ProgramData\Temp => ":186F8A82" ADS removed successfully.
C:\ProgramData\Temp => ":1A15E356" ADS removed successfully.
C:\ProgramData\Temp => ":1A8FDBA3" ADS removed successfully.
C:\ProgramData\Temp => ":1DB77A89" ADS removed successfully.
C:\ProgramData\Temp => ":1E17A249" ADS removed successfully.
C:\ProgramData\Temp => ":206470A5" ADS removed successfully.
C:\ProgramData\Temp => ":2701CA70" ADS removed successfully.
C:\ProgramData\Temp => ":2CB9631F" ADS removed successfully.
C:\ProgramData\Temp => ":2E33E4A6" ADS removed successfully.
C:\ProgramData\Temp => ":30A9192A" ADS removed successfully.
C:\ProgramData\Temp => ":330B710D" ADS removed successfully.
C:\ProgramData\Temp => ":363E775E" ADS removed successfully.
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.
C:\ProgramData\Temp => ":394EB021" ADS removed successfully.
C:\ProgramData\Temp => ":395F6776" ADS removed successfully.
C:\ProgramData\Temp => ":413177C4" ADS removed successfully.
C:\ProgramData\Temp => ":460638C7" ADS removed successfully.
C:\ProgramData\Temp => ":4673E9EA" ADS removed successfully.
C:\ProgramData\Temp => ":48862C37" ADS removed successfully.
C:\ProgramData\Temp => ":494E4266" ADS removed successfully.
C:\ProgramData\Temp => ":4B6A9FDA" ADS removed successfully.
C:\ProgramData\Temp => ":5133A494" ADS removed successfully.
C:\ProgramData\Temp => ":55F44B88" ADS removed successfully.
C:\ProgramData\Temp => ":56699AAF" ADS removed successfully.
C:\ProgramData\Temp => ":57173DB4" ADS removed successfully.
C:\ProgramData\Temp => ":57B374AB" ADS removed successfully.
C:\ProgramData\Temp => ":583FE1DA" ADS removed successfully.
C:\ProgramData\Temp => ":5E73E1C2" ADS removed successfully.
C:\ProgramData\Temp => ":67FC3CEB" ADS removed successfully.
C:\ProgramData\Temp => ":6C74C778" ADS removed successfully.
C:\ProgramData\Temp => ":6CF828C2" ADS removed successfully.
C:\ProgramData\Temp => ":7247FE29" ADS removed successfully.
C:\ProgramData\Temp => ":78E0DF72" ADS removed successfully.
C:\ProgramData\Temp => ":79A7F369" ADS removed successfully.
C:\ProgramData\Temp => ":7B52659E" ADS removed successfully.
C:\ProgramData\Temp => ":7BA83BF4" ADS removed successfully.
C:\ProgramData\Temp => ":7FA0D639" ADS removed successfully.
C:\ProgramData\Temp => ":82756AB7" ADS removed successfully.
C:\ProgramData\Temp => ":86B7FDDB" ADS removed successfully.
C:\ProgramData\Temp => ":8751B175" ADS removed successfully.
C:\ProgramData\Temp => ":88FB7F72" ADS removed successfully.
C:\ProgramData\Temp => ":8999FD56" ADS removed successfully.
C:\ProgramData\Temp => ":89CF6F9C" ADS removed successfully.
C:\ProgramData\Temp => ":8E11CC80" ADS removed successfully.
C:\ProgramData\Temp => ":8E7F155B" ADS removed successfully.
C:\ProgramData\Temp => ":92BD9737" ADS removed successfully.
C:\ProgramData\Temp => ":95079543" ADS removed successfully.
C:\ProgramData\Temp => ":97427454" ADS removed successfully.
C:\ProgramData\Temp => ":993185CB" ADS removed successfully.
C:\ProgramData\Temp => ":A02025CE" ADS removed successfully.
C:\ProgramData\Temp => ":A20F1AF8" ADS removed successfully.
C:\ProgramData\Temp => ":A745DB5D" ADS removed successfully.
C:\ProgramData\Temp => ":A774141A" ADS removed successfully.
C:\ProgramData\Temp => ":A9562832" ADS removed successfully.
C:\ProgramData\Temp => ":A9EBEE99" ADS removed successfully.
C:\ProgramData\Temp => ":AE34D87E" ADS removed successfully.
C:\ProgramData\Temp => ":BA516E94" ADS removed successfully.
C:\ProgramData\Temp => ":C2F24DB5" ADS removed successfully.
C:\ProgramData\Temp => ":C46848E8" ADS removed successfully.
C:\ProgramData\Temp => ":C76D8487" ADS removed successfully.
C:\ProgramData\Temp => ":CA7E8F16" ADS removed successfully.
C:\ProgramData\Temp => ":D7D0B4AF" ADS removed successfully.
C:\ProgramData\Temp => ":D8A1AC56" ADS removed successfully.
C:\ProgramData\Temp => ":DE6EED8B" ADS removed successfully.
C:\ProgramData\Temp => ":E1D06077" ADS removed successfully.
C:\ProgramData\Temp => ":E32966C0" ADS removed successfully.
C:\ProgramData\Temp => ":E774F04D" ADS removed successfully.
C:\ProgramData\Temp => ":E7B4296D" ADS removed successfully.
C:\ProgramData\Temp => ":E87AB4E3" ADS removed successfully.
C:\ProgramData\Temp => ":E8B61305" ADS removed successfully.
C:\ProgramData\Temp => ":E9C2F553" ADS removed successfully.
C:\ProgramData\Temp => ":ED92736E" ADS removed successfully.
C:\ProgramData\Temp => ":FBD274CF" ADS removed successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====


#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:50 AM

Posted 07 July 2014 - 07:38 PM

How is the machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 Urza

Urza
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 07 July 2014 - 08:24 PM

It is running much better now. I'm still having a few concerns now that the bigger issues are out of the way.

 

If you are still able to help, here is what I'm seeing:

  1. Upon booting up, a Internet Explorer window opens up trying to reach: http://client.d2m.adk-mobile.com/client/login?userid=91113298-ffc2-46dd-8d3e-a6d43bf5f426&uc=20131020&source=myfreedownload_iewin764_out_iealtc11_anba_lp9b2_frontier.c_appcaster2&sub=&appv=4.02&r=0.973512633691315&pitch=
  2. The processes configured to start at launch are:
    -Apple Push | Publisher=Apple Inc.
    -Cobian backup 11 Gravity - Interface | Publisher = Luis Cobian, CobianSoft
    -D2MClient | Publisher = Appcaster (4 sub items for it: Conhost, D@MClient, Microsoft Resource File To COFF Object Conversion Utility, Visual C# Command Line Compiler)
    -hkcmd Module | Publisher = Intell Corporation
    -igfxTray Module | Publisher = Intel Corporation
    -persistence Module | Publisher = Intel Corporation
    -Program | Publisher = (Nothing is showing here)
    -pximouse | Pixart Imaging Inc

That's about all I'm seeing. It's really only the pop up that I'm wondering about, the startup items are listed mainly because of the pop up occurring at start up.



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:50 AM

Posted 07 July 2014 - 09:52 PM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Attached File  fixlist.txt   162bytes   2 downloads

 

 

Still getting that popup on startup?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 Urza

Urza
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 08 July 2014 - 08:13 PM

Hi fireman, that took care of the pop up. I don't see anything else that I'm concerned about. Do you need me to do anything else or are we done?



#10 Urza

Urza
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 08 July 2014 - 09:40 PM

Shucks, I found one more concern. I brought the machine onto the network so that I could download and install Windows Updates. That worked just fine, after updates, I launched Internet Explorer to go download Google Chrome and saw that Malwarebytes Anti-Malware blocked 2 PUP events.

 

According to the logs I see from Malwarebytes:

Type|Time|User|System|Source|Details|ID

Detection|7/8/2014 3:58:52 AM|SYSTEM\JUDYGUIDRY|Protection|Malware Protection, File, PUP.Optional.AztecMedia.A, C:\Users\Judy\AppData\Local\Temp\nso94BD.tmp\Helper.dll, Quarantine|[75a72f6ee89321155a63513309fba25e]

Detection|7/8/2014 3:58:56 AM|SYSTEM|JUDYGUIDRY|Protection|Malware Protection, File, PUP.Optional.AztecMedia.A, c:\users\judy\appdata\local\temp\nso94bd.tmp\helper.dll, Quarantine|75a72f6ee89321155a63513309fba25e]

Protection|7/8/2014 3:58:56 AM|SYSTEM|JUDYGUIDRY|Protection|SDKQuarantine, 2, Failed, c:\users\judy\appdata\local\temp\nso94bd.tmp\helper.dll|

Error|7/8/2014 3:58:56 AM|SYSTEM|JUDYGRUIDRY|Protection|SDKQuarantine, 2, Failed, c:\users\judy\appdata\local\temp\nso94bd.tmp\helper.dll|

 

A few notes:

  1. The time it mentions matches what the time of the computer is set at. I haven't updated time settings yet.
  2. In preparation for getting the system back to the owner, I have demoted the "Judy" account from administrator to standard user. If this will affect any fixes, please let me know and I'll change it back.


#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:50 AM

Posted 09 July 2014 - 12:22 PM

1.

Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.

  • Extract the ZIP archive and double-click "mbar.exe" to start the tool.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"

[/*]

 

 

2.

 ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is  checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 Urza

Urza
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 10 July 2014 - 10:12 AM

Hi Fireman, status update: I ran the requested tools and a large number of hits were found. Particularly by ESET, however that one took much longer to run than I anticipated so I let it run overnight. I'll post the logs tonight.

#13 Urza

Urza
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 10 July 2014 - 07:42 PM

Malwarebytes Anti-Rootkit BETA 1.07.0.1012

www.malwarebytes.org
 
Database version: v2014.07.09.13
 
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.17028
TheBoss :: JUDYGUIDRY [administrator]
 
7/9/2014 2:39:10 AM
mbar-log-2014-07-09 (02-39-10).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 317530
Time elapsed: 11 minute(s), 1 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\Users\Judy\AppData\Local\Temp\4de3f27c-69b3-4ced-9630-d83cdbba0878\software\Freesofttoday.exe (Adware.EoRezo) -> Delete on reboot. [7e0199041665f640efec7ff4699842be]
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)


#14 Urza

Urza
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 10 July 2014 - 07:45 PM

The C:\Program Files (x86)\ESET\EsetOnlineScanner\log.txt file in the ESET folder didn't have much in it:

--------------------------------------------------------------------------
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
--------------------------------------------------------------------------
 
So I made an export of the list of threats that ESET found:
C:\Users\Judy\AppData\Local\Temp\nsqD32E.tmp Win32/InstallCore.OH potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\nsqD852.tmp a variant of Win32/InstallCore.PO potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\nsqEEE.tmp Win32/InstallCore.PD potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\nsqF852.tmp a variant of Win32/Injected.F trojan
C:\Users\Judy\AppData\Local\Temp\nsr6A3B.tmp Win32/InstallCore.OH potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\nsrE8AD.tmp a variant of Win32/InstallCore.OH potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\nsrF797.tmp a variant of Win32/InstallCore.OD potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\nss2662.tmp Win32/InstallCore.OH potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\nss30E0.tmp a variant of Win32/InstallCore.OH potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\nssD808.tmp Win32/InstallCore.NH potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\nstCEF5.tmp a variant of Win32/InstallCore.OZ potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\nsu2CA8.tmp a variant of Win32/InstallCore.OH potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\nsu9D98.tmp a variant of Win32/InstallCore.OD potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\nsuB0B8.tmp Win32/InstallCore.OH potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\nsv3C3.tmp a variant of Win32/InstallCore.OH potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\nsv7A95.tmp a variant of Win32/InstallCore.OZ potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\nsvCA79.tmp a variant of Win32/InstallCore.PO potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\nsw26.tmp a variant of Win32/Injected.F trojan
C:\Users\Judy\AppData\Local\Temp\nswC14.tmp a variant of Win32/InstallCore.OZ potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\nswE7D4.tmp Win32/InstallCore.PD potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\nsyBD7A.tmp Win32/InstallCore.PD potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\nsyE716.tmp Win32/InstallCore.PD potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\nsz34F1.tmp a variant of Win32/InstallCore.OH potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\4de3f27c-69b3-4ced-9630-d83cdbba0878\software\amsetup_activeris_default_tuguu_installer.exe a variant of MSIL/AdvancedSystemProtector.A potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\4de3f27c-69b3-4ced-9630-d83cdbba0878\software\Installer.exe a variant of Win32/Toolbar.Linkury.E potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\4de3f27c-69b3-4ced-9630-d83cdbba0878\software\Re-markit_2040-2082.exe a variant of Win32/AdWare.AddLyrics.AH application
C:\Users\Judy\AppData\Local\Temp\4de3f27c-69b3-4ced-9630-d83cdbba0878\software\setup.exe a variant of Win32/Packed.ScrambleWrapper.K potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\4de3f27c-69b3-4ced-9630-d83cdbba0878\software\VOPackage.exe Win32/VOPackage.F potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\Install_22168\iwebar.exe Win32/Packed.ScrambleWrapper.H potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\is-4CRSB.tmp\package_bueno_installer_multilang.exe Win32/Adware.EoRezo.AS application
C:\Users\Judy\AppData\Local\Temp\is-OHJJ8.tmp\package_wajam_installer_ch_1668.exe Win32/Wajam.B potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\is45637729\123647661_stp\AnyProtectScannerSetup.exe Win32/AnyProtect.D potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\is45637729\131257589_stp\AnyProtectScannerSetup.exe Win32/AnyProtect.D potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\is45637729\163378848_stp\AnyProtectScannerSetup.exe Win32/AnyProtect.D potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\is45637729\167133202_stp\AnyProtectScannerSetup.exe Win32/AnyProtect.D potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\is45637729\175244887_stp\AnyProtectScannerSetup.exe Win32/AnyProtect.D potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\is45637729\175810505_stp\AnyProtectScannerSetup.exe Win32/AnyProtect.D potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\is45637729\179987044_stp\AnyProtectScannerSetup.exe Win32/AnyProtect.D potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\is45637729\181079880_stp\AnyProtectScannerSetup.exe Win32/AnyProtect.D potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\is45637729\1875705_stp\AnyProtectScannerSetup.exe Win32/AnyProtect.D potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\is45637729\1900927_stp\AnyProtectScannerSetup.exe Win32/AnyProtect.D potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\is45637729\1945329_stp\AnyProtectScannerSetup.exe Win32/AnyProtect.D potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\is45637729\218236601_stp\AnyProtectScannerSetup.exe Win32/AnyProtect.D potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\is45637729\251950268_stp\AnyProtectScannerSetup.exe Win32/AnyProtect.D potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\is45637729\255730598_stp\AnyProtectScannerSetup.exe Win32/AnyProtect.D potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\is45637729\262150280_stp\AnyProtectScannerSetup.exe Win32/AnyProtect.D potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\is45637729\263160810_stp\AnyProtectScannerSetup.exe Win32/AnyProtect.D potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\is45637729\266997387_stp\AnyProtectScannerSetup.exe Win32/AnyProtect.D potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\is45637729\305570914_stp\AnyProtectScannerSetup.exe Win32/AnyProtect.D potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\is45637729\339683159_stp\AnyProtectScannerSetup.exe Win32/AnyProtect.D potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\is45637729\344579991_stp\AnyProtectScannerSetup.exe Win32/AnyProtect.D potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\is45637729\349192504_stp\AnyProtectScannerSetup.exe Win32/AnyProtect.D potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\is45637729\350909618_stp\AnyProtectScannerSetup.exe Win32/AnyProtect.D potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\is45637729\36393196_stp\AnyProtectScannerSetup.exe Win32/AnyProtect.D potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\is45637729\390530513_stp\AnyProtectScannerSetup.exe Win32/AnyProtect.D potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\is45637729\399499870_stp\AnyProtectScannerSetup.exe Win32/AnyProtect.D potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\is45637729\429012871_stp\AnyProtectScannerSetup.exe Win32/AnyProtect.D potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\is45637729\436879020_stp\AnyProtectScannerSetup.exe Win32/AnyProtect.D potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\is45637729\439020899_stp\AnyProtectScannerSetup.exe Win32/AnyProtect.D potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\is45637729\44274733_stp\AnyProtectScannerSetup.exe Win32/AnyProtect.D potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\is45637729\44274985_stp\quiknowledge-setup-1.9.0.1.exe a variant of Win32/AdWare.Vitruvian.C application
C:\Users\Judy\AppData\Local\Temp\is45637729\486207192_stp\AnyProtectScannerSetup.exe Win32/AnyProtect.D potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\is45637729\516681819_stp\AnyProtectScannerSetup.exe Win32/AnyProtect.D potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\is45637729\524776598_stp\AnyProtectScannerSetup.exe Win32/AnyProtect.D potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\is45637729\526640617_stp\AnyProtectScannerSetup.exe Win32/AnyProtect.D potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\is45637729\6363952_stp\AnyProtectScannerSetup.exe Win32/AnyProtect.D potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\is45637729\75044470_stp\AnyProtectScannerSetup.exe Win32/AnyProtect.D potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\is45637729\78371276_stp\AnyProtectScannerSetup.exe Win32/AnyProtect.D potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\is45637729\88449921_stp\AnyProtectScannerSetup.exe Win32/AnyProtect.D potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\is45637729\88616855_stp\AnyProtectScannerSetup.exe Win32/AnyProtect.D potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\is45637729\88854101_stp\AnyProtectScannerSetup.exe Win32/AnyProtect.D potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\is45637729\93216428_stp\AnyProtectScannerSetup.exe Win32/AnyProtect.D potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\nsv5564.tmp\Helper.dll a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application
C:\Users\Judy\AppData\Local\Temp\nsv5564.tmp\Starter.exe a variant of Win32/Toolbar.SearchSuite.M potentially unwanted application
C:\Users\Judy\AppData\LocalLow\MixiDJ_V44\hk64tbMixi.dll Win64/Toolbar.Conduit.A potentially unwanted application
C:\Users\Judy\AppData\LocalLow\MixiDJ_V44\hktbMixi.dll Win32/Toolbar.Conduit.W potentially unwanted application
C:\Users\Judy\AppData\LocalLow\MixiDJ_V44\ldrtbMixi.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\Users\Judy\AppData\LocalLow\MixiDJ_V44\tbMixi.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\Users\Judy\AppData\LocalLow\MixiDJ_V44\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\update[1] a variant of Win32/Toolbar.BitCocktail.B potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\update[1] a variant of Win32/Toolbar.BitCocktail.B potentially unwanted application
C:\Windows\Temp\Pac5DFC.tmp Win32/SBWatchman.A potentially unwanted application
C:\Windows\Temp\PacAFF2.tmp Win32/SBWatchman.A potentially unwanted application
C:\Windows\Temp\PacCC73.tmp Win32/SBWatchman.A potentially unwanted application
C:\Windows\Temp\PacD51D.tmp Win32/SBWatchman.A potentially unwanted application
C:\Windows\Temp\PacFCF4.tmp a variant of Win32/SBWatchman.A potentially unwanted application
C:\Windows\Temp\INJ001\ExtensionUpdate.exe a variant of Win32/Toolbar.BitCocktail.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\CT3298580\plugins\TBVerifier.dll.vir Win32/Toolbar.Conduit.AC potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Judy\AppData\Local\AnyProtectScannerSetup.exe.vir Win32/AnyProtect.D potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.23_0\extensionData\plugins\242_price_gong_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.23_0\extensionData\plugins\91_monetizationLoader.js.js.vir JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Judy\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir Win32/Toolbar.Babylon.I potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Judy\AppData\Roaming\PriceMeterUpdater\UpdateProc\UpdateTask.exe.vir a variant of Win32/DealPly.S potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Judy\AppData\Roaming\VOPackage\VOPackage.exe.vir Win32/VOPackage.F potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Judy\AppData\Roaming\VOPackage\VOsrv.exe.vir a variant of Win32/VOPackage.D potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Judy\AppData\Local\Temp\airBCA7.exe.xBAD a variant of Win32/AirAdInstaller.A potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Judy\AppData\Local\Temp\airC3C1.exe.xBAD a variant of Win32/AirAdInstaller.A potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Judy\AppData\Local\Temp\airEF90.exe.xBAD a variant of Win32/DealPly.R potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Judy\AppData\Local\Temp\airF73F.exe.xBAD multiple threats cleaned by deleting - quarantined
C:\temp\InstallFilter64.msi multiple threats deleted - quarantined
C:\Users\Judy\AppData\Local\nsvB5A5.tmp Win32/AnyProtect.D potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\CRE\bpfboklmeiefoedekjeigdcnfbpjeaii.crx a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Installer\Install_27962\ytdi_adk_setup_20131212.exe a variant of Win32/SpeedBit.A potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Installer\Install_32145\ytdi_adk_setup_20131212.exe a variant of Win32/SpeedBit.A potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3UJ1UPG9\monetizationLoader[1].js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5KZ1C4CE\Setup[1].exe a variant of Win32/InstallCore.OZ potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\90CSIWX3\monetizationLoader[1].js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\90CSIWX3\monkey-trouble-2.exe a variant of Win32/InstallCore.BY potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\90CSIWX3\wajam_validate[1].exe Win32/Wajam.F potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AIHUUCTQ\monetizationLoader[1].js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5OXE120\v-bates[1].exe a variant of Win32/Toolbar.BitCocktail.B potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IGEONFON\Setup[1].exe a variant of Win32/InstallCore.OZ potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OTW4H1S2\Buzz-it_2090-5301[1].exe a variant of Win32/AdWare.AddLyrics.AH application cleaned by deleting - quarantined
C:\Users\Judy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R158Q1KJ\monetizationLoader[1].js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN3BOHFG\monetizationLoader[1].js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN3BOHFG\Setup[1].exe a variant of Win32/Injected.F trojan cleaned by deleting - quarantined
C:\Users\Judy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZ5KU4VQ\iTunes64Setup107.exe a variant of Win32/DomaIQ.AY.gen potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2X472X8\BlockAndSurf_2222-5510[1].exe a variant of Win32/AdWare.AddLyrics.AS application cleaned by deleting - quarantined
C:\Users\Judy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2X472X8\monetizationLoader[1].js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X60382SD\setup_fst_us[1].exe multiple threats cleaned by deleting - quarantined
C:\Users\Judy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X60382SD\WajamChecker[1].exe Win32/Wajam.F potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XQA8HUSS\DinerDash5_Game_Downloader.exe a variant of Win32/AdWare.iBryte.Q application cleaned by deleting - quarantined
C:\Users\Judy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z319L868\monetizationLoader[1].js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z319L868\VuuPC_VO2_8907[1].exe Win32/InstallMonetizer.AZ potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z4ROLVO7\installer[1].exe a variant of MSIL/Adware.iBryte.D application cleaned by deleting - quarantined
C:\Users\Judy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z4ROLVO7\OfferBrokerage_14220I[1].exe a variant of Win32/InstallIQ.A potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\ICReinstall_nsa279E.tmp a variant of Win32/InstallCore.PO potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\ICReinstall_nsa4566.tmp a variant of Win32/InstallCore.PO potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\ICReinstall_nsb181D.tmp Win32/InstallCore.PD potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\ICReinstall_nsc9564.tmp Win32/InstallCore.OH potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\ICReinstall_nsd59E5.tmp Win32/InstallCore.PD potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\ICReinstall_nsf1C63.tmp a variant of Win32/InstallCore.OH potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\ICReinstall_nsf3755.tmp Win32/InstallCore.PD potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\ICReinstall_nsf5C0F.tmp Win32/InstallCore.PD potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\ICReinstall_nsh4EE1.tmp a variant of Win32/Injected.F trojan cleaned by deleting - quarantined
C:\Users\Judy\AppData\Local\Temp\ICReinstall_nshFAC5.tmp Win32/InstallCore.OB potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\ICReinstall_nsiE734.tmp a variant of Win32/InstallCore.PO potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\ICReinstall_nsj1C3D.tmp Win32/InstallCore.OY potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\ICReinstall_nsjA529.tmp a variant of Win32/InstallCore.PO potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\ICReinstall_nskA092.tmp a variant of Win32/InstallCore.OZ potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\ICReinstall_nsl4EB.tmp Win32/InstallCore.PD potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\ICReinstall_nsl9CA5.tmp a variant of Win32/Injected.F trojan cleaned by deleting - quarantined
C:\Users\Judy\AppData\Local\Temp\ICReinstall_nsm6098.tmp a variant of Win32/Injected.F trojan cleaned by deleting - quarantined
C:\Users\Judy\AppData\Local\Temp\ICReinstall_nsm699A.tmp a variant of Win32/InstallCore.OH potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\ICReinstall_nsm6F54.tmp a variant of Win32/InstallCore.OH potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\ICReinstall_nsm74FA.tmp a variant of Win32/InstallCore.OI potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\ICReinstall_nsnA91.tmp a variant of Win32/InstallCore.OD potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\ICReinstall_nsnD19F.tmp Win32/InstallCore.OY potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\ICReinstall_nsnDD67.tmp Win32/InstallCore.OY potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\ICReinstall_nsoE59C.tmp a variant of Win32/InstallCore.PO potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\ICReinstall_nsp1341.tmp a variant of Win32/InstallCore.OZ potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\ICReinstall_nsp2329.tmp a variant of Win32/InstallCore.OZ potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\ICReinstall_nsp7B51.tmp a variant of Win32/InstallCore.OZ potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\ICReinstall_nsqD32E.tmp Win32/InstallCore.OH potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\ICReinstall_nsqD852.tmp a variant of Win32/InstallCore.PO potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\ICReinstall_nsqEEE.tmp Win32/InstallCore.PD potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\ICReinstall_nsqF852.tmp a variant of Win32/Injected.F trojan cleaned by deleting - quarantined
C:\Users\Judy\AppData\Local\Temp\ICReinstall_nsr6A3B.tmp Win32/InstallCore.OH potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\ICReinstall_nsr7EA7.tmp a variant of Win32/Injected.F trojan cleaned by deleting - quarantined
C:\Users\Judy\AppData\Local\Temp\ICReinstall_nsrE8AD.tmp a variant of Win32/InstallCore.OH potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\ICReinstall_nsrF797.tmp a variant of Win32/InstallCore.OD potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\ICReinstall_nss2662.tmp Win32/InstallCore.OH potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\ICReinstall_nss30E0.tmp a variant of Win32/InstallCore.OH potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\ICReinstall_nssD808.tmp Win32/InstallCore.NH potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\ICReinstall_nst8AEB.tmp Win32/InstallCore.PD potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\ICReinstall_nstD2CD.tmp Win32/InstallCore.OY potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\ICReinstall_nsu2CA8.tmp a variant of Win32/InstallCore.OH potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\ICReinstall_nsu9D98.tmp a variant of Win32/InstallCore.OD potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\ICReinstall_nsuB0B8.tmp Win32/InstallCore.OH potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\ICReinstall_nsv3C3.tmp a variant of Win32/InstallCore.OH potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\ICReinstall_nsvCA79.tmp a variant of Win32/InstallCore.PO potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\ICReinstall_nsw26.tmp a variant of Win32/Injected.F trojan cleaned by deleting - quarantined
C:\Users\Judy\AppData\Local\Temp\ICReinstall_nswE7D4.tmp Win32/InstallCore.PD potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\ICReinstall_nsz34F1.tmp a variant of Win32/InstallCore.OH potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\ICReinstall_nsz953B.tmp a variant of Win32/Injected.F trojan cleaned by deleting - quarantined
C:\Users\Judy\AppData\Local\Temp\jkiFD15.tmp a variant of MSIL/DomaIQ.W potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\nsa279E.tmp a variant of Win32/InstallCore.PO potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\nsa4566.tmp a variant of Win32/InstallCore.PO potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\nsc9564.tmp Win32/InstallCore.OH potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\nsd59E5.tmp Win32/InstallCore.PD potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\nsdCF97.tmp a variant of Win32/Injected.F trojan cleaned by deleting - quarantined
C:\Users\Judy\AppData\Local\Temp\nsf1C63.tmp a variant of Win32/InstallCore.OH potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\nsf3755.tmp Win32/InstallCore.PD potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\nsf5C0F.tmp Win32/InstallCore.PD potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\nsh4EE1.tmp a variant of Win32/Injected.F trojan cleaned by deleting - quarantined
C:\Users\Judy\AppData\Local\Temp\nshFAC5.tmp Win32/InstallCore.OB potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\nsiA414.tmp Win32/InstallCore.MQ potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\nsiE734.tmp a variant of Win32/InstallCore.PO potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\nsjA529.tmp a variant of Win32/InstallCore.PO potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\nskA092.tmp a variant of Win32/InstallCore.OZ potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\nskC5B4.tmp Win32/InstallCore.MQ potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\nsl4EB.tmp Win32/InstallCore.PD potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\nsl9CA5.tmp a variant of Win32/Injected.F trojan cleaned by deleting - quarantined
C:\Users\Judy\AppData\Local\Temp\nsm699A.tmp a variant of Win32/InstallCore.OH potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\nsm6F54.tmp a variant of Win32/InstallCore.OH potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\nsm74FA.tmp a variant of Win32/InstallCore.OI potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\nsm8CA8.tmp a variant of Win32/Injected.F trojan cleaned by deleting - quarantined
C:\Users\Judy\AppData\Local\Temp\nsnA91.tmp a variant of Win32/InstallCore.OD potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\nsnD19F.tmp Win32/InstallCore.OY potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\nsnDD67.tmp Win32/InstallCore.OY potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\nsoE59C.tmp a variant of Win32/InstallCore.PO potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\nsp1341.tmp a variant of Win32/InstallCore.OZ potentially unwanted application deleted - quarantined
C:\Users\Judy\AppData\Local\Temp\nsp2329.tmp a variant of Win32/InstallCore.OZ potentially unwanted application deleted - quarantined
 


#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:50 AM

Posted 11 July 2014 - 06:45 PM

Please run Eset again and post the log.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users