Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer freezing up [Solved]

Started by kaleb82 , Jul 25 2014 11:52 AM

  • This topic is locked This topic is locked

#1
kaleb82
Posted 25 July 2014 - 11:52 AM

kaleb82

    Member

  • Member
  • PipPip
  • 64 posts

I'm running windows 7 on an HP notebook. 

When I am on the internet, the screen will freeze and I have to reboot. 

I ran (scan) mbam and the screen will freeze after some issues are found and i have to reboot. 
I also ran a full system scan with Microsoft Security Essentials and the same thing happened (screen freezing up).
I ran the quick scan with no problems and it indicated that no issues were found, but when I start the computer, the real time protection had been turned off and I have to turn it back on. 

 

I tried rkill.exe and it ran okay and indicated that there were no issues found, but when I tried running mbam (in safe mode and normal), it still froze up. 
I'm suspecting a nasty virus or malware of some kind?

 

What can I try next?
 


Edited by kaleb82, 25 July 2014 - 11:53 AM.

  • 0

Advertisements

#2
LiquidTension
Posted 26 July 2014 - 10:27 AM

LiquidTension

    Expert

  • Expert
  • 1,151 posts

Hello kaleb82,
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. :)
 
======================================================

Important: I have laid out some "ground rules" I would appreciate you follow. Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
  • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation & providing the best set of instructions for you.
  • Please backup important documents before proceeding with my instructions.
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before you run anything.
  • Topics are locked if no response is made after 5 days. Please inform me if you require additional time to complete my instructions.

======================================================
 
Please be advised that I am currently in training at WhattheTech.com. My responses will need to be approved by a instructor at WhattheTech.com before I post in order to ensure you are receiving accurate instructions. I will return as soon as possible.


  • 0

#3
LiquidTension
Posted 26 July 2014 - 12:20 PM

LiquidTension

    Expert

  • Expert
  • 1,151 posts

Hi kaleb82, 
 

I ran (scan) mbam and the screen will freeze after some issues are found and i have to reboot.

Do you know what "issues" were found by MBAM?
 

I tried rkill.exe and it ran okay and indicated that there were no issues found

If you still have the log, please include the contents in your next reply.
 

What can I try next?

Please run the following programmes and post the logs generated. 

STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your desktop.
  • Note: Run the version compatible with your system (32 or 64-bit). Run both if you do not know your system's bit-type. One will run.  
  • Right-Click FRST.exe or FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your desktop. Copy the contents of both logs and paste in your next reply. 
     

STEP 2
YARWD1t.png TDSSKiller Scan

  • Please download TDSSKiller and save the file to your desktop.
  • Right-Click TDSSKiller.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • ​Click Start Scan.
  • Note: Do not use the computer during the scan.
  • If objects are found, change the action to skip.
  • Click Continue and close the window.
  • A log will be created and saved to the root directory (usually C:\). Copy the contents of the log and paste in your next reply. You may require multiple posts. 
     

======================================================
 
STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • RKill.txt (if applicable)
  • FRST.txt
  • Addition.txt
  • TDSSKiller log

  • 0

#4
kaleb82
Posted 27 July 2014 - 08:16 AM

kaleb82

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Hi Adam,

My name is Lynn.  Thank you for your assistance, it is much appreciated.  The mbam scan found 38 issues (pup), but that's when it freezes and I can't access the log.  I ran the programs you requested and here are the logs.  Thanks again for your help.

Rkill 2.6.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingc...opic308364.html

Program started at: 07/24/2014 03:34:40 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 07/24/2014 03:40:03 PM
Execution time: 0 hours(s), 5 minute(s), and 22 seconds(s)

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by Mr B (administrator) on MRB-HP on 27-07-2014 06:50:14
Running from C:\Users\Mr B\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDFWJWU6
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1340460696\ee\aolsoftware.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
(AOL Inc.) C:\Program Files (x86)\AOL Toolbar\aoltbServer.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2281256 2012-01-16] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6489704 2011-08-14] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe [8192 2010-06-18] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [NACAgentUI] => C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe [529848 2011-10-31] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1644680 2013-02-08] (Ask)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1340460696\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-07-08] (Hewlett-Packard)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-185013668-2475104059-2432215777-1000\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\S-1-5-21-185013668-2475104059-2432215777-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company)
HKU\S-1-5-21-185013668-2475104059-2432215777-1000\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-185013668-2475104059-2432215777-1000\...\MountPoints2: {24ba61ed-6238-11e0-95ee-3c4a9250f383} - F:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
URLSearchHook: HKCU - (No Name) - {752929fc-c897-4620-9fa8-0303247277e2} - C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin\4nSrcAs.dll No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {31126677-7102-41CF-8E2A-E24C85BE5F8B} URL = http://en.wikipedia....ch={searchTerms}
SearchScopes: HKLM - {44498E43-575E-4D26-AFC7-5A71B0AEEF10} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKLM - {C2C0A915-EC75-473C-83EE-BB964469DE90} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {31126677-7102-41CF-8E2A-E24C85BE5F8B} URL = http://en.wikipedia....ch={searchTerms}
SearchScopes: HKLM-x32 - {44498E43-575E-4D26-AFC7-5A71B0AEEF10} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKLM-x32 - {461fc775-35b6-4d0b-9ff3-af280bfaba83} URL = http://search.mywebs...or={searchTerms}
SearchScopes: HKLM-x32 - {9BA96309-4106-4D98-84F5-CF124D86517E} URL = http://search.aol.co...ionType=msie70a
SearchScopes: HKLM-x32 - {C2C0A915-EC75-473C-83EE-BB964469DE90} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKCU - 7EEC74E46FEA427BB063F2301358B51C URL = http://search.aol.co...ionType=msie70a
SearchScopes: HKCU - {2AF34C33-EC41-42EC-A910-4D238A7A9646} URL = http://websearch.ask...0F-55615E5E7B6C
SearchScopes: HKCU - {31126677-7102-41CF-8E2A-E24C85BE5F8B} URL = http://en.wikipedia....ch={searchTerms}
SearchScopes: HKCU - {44498E43-575E-4D26-AFC7-5A71B0AEEF10} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKCU - {461fc775-35b6-4d0b-9ff3-af280bfaba83} URL = http://search.mywebs...or={searchTerms}
SearchScopes: HKCU - {C2C0A915-EC75-473C-83EE-BB964469DE90} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKCU - {E310198E-A3E4-4A64-A835-DFAE73A55B9B} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: AOL Toolbar Loader -> {3ef64538-8b54-4573-b48f-4d34b0238ab2} -> C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Search Assistant BHO -> {af77c74d-a46e-4671-afa0-1a09b1d4be39} -> C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin\4nSrcAs.dll No File
BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Toolbar BHO -> {e5af9d32-01d7-47b8-9eb6-87d9afce744f} -> C:\PROGRA~2\CONSER~2\bar\1.bin\4nbar.dll No File
Toolbar: HKLM-x32 - @c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - ConservativeTalkNow - {533329c9-ca91-42a2-8792-7f91c7b4172a} - C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin\4nbar.dll No File
Toolbar: HKLM-x32 - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
Toolbar: HKCU - No Name - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} -  No File
Toolbar: HKCU - No Name - {533329C9-CA91-42A2-8792-7F91C7B4172A} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @viewpoint.com/VMP - C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2011-08-03]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-08-03]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR DefaultSearchKeyword: ask.com
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin\NP4nStub.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U37) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\SysWOW64\npdeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mr B\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-05]
CHR Extension: (Google Wallet) - C:\Users\Mr B\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [72992 2014-07-07] (Hewlett-Packard Company)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 NACAgent; C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [1151928 2011-10-31] (Cisco Systems, Inc.)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-06-24] (Realtek Semiconductor Corp.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ATWPKT2; C:\Windows\system32\drivers\ATWPKT264.SYS [33400 2010-07-13] (America Online)
S3 ATWPKT2; C:\Windows\SysWOW64\drivers\ATWPKT264.SYS [34080 2012-09-18] (America Online)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-27] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-02-15] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-27 06:50 - 2014-07-27 06:50 - 00000000 ____D () C:\FRST
2014-07-24 15:34 - 2014-07-24 15:40 - 00002040 _____ () C:\Users\Mr B\Desktop\Rkill.txt
2014-07-24 15:18 - 2014-07-25 11:02 - 00000768 _____ () C:\Users\Mr B\Desktop\geeks.txt
2014-07-24 08:51 - 2014-07-24 08:51 - 00000000 ____D () C:\Program Files (x86)\Hp
2014-07-17 09:09 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-17 09:08 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-17 09:08 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-17 09:08 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-17 09:07 - 2014-07-17 09:08 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-17 07:30 - 2014-07-27 06:44 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-17 07:30 - 2014-07-17 07:30 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-17 07:30 - 2014-07-17 07:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-17 07:30 - 2014-07-17 07:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-17 07:30 - 2014-07-17 07:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-17 07:30 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-17 07:30 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-17 07:30 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-12 08:07 - 2014-06-29 19:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-12 08:07 - 2014-06-29 19:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-12 08:06 - 2014-06-20 13:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-12 08:06 - 2014-06-20 12:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-12 08:06 - 2014-06-18 18:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-12 08:06 - 2014-06-18 18:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-12 08:06 - 2014-06-18 17:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-12 08:06 - 2014-06-18 17:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-12 08:06 - 2014-06-18 17:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-12 08:06 - 2014-06-18 17:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-12 08:06 - 2014-06-18 17:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-12 08:06 - 2014-06-18 17:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-12 08:06 - 2014-06-18 17:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-12 08:06 - 2014-06-18 17:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-12 08:06 - 2014-06-18 16:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-12 08:06 - 2014-06-18 16:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-12 08:06 - 2014-06-18 16:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-12 08:06 - 2014-06-18 16:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-12 08:06 - 2014-06-18 16:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-12 08:06 - 2014-06-18 16:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-12 08:06 - 2014-06-18 16:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-12 08:06 - 2014-06-18 16:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-12 08:06 - 2014-06-18 16:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-12 08:06 - 2014-06-18 16:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-12 08:06 - 2014-06-18 16:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-12 08:06 - 2014-06-18 16:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-12 08:06 - 2014-06-18 16:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-12 08:06 - 2014-06-18 16:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-12 08:06 - 2014-06-18 16:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-12 08:06 - 2014-06-18 16:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-12 08:06 - 2014-06-18 16:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-12 08:06 - 2014-06-18 16:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-12 08:06 - 2014-06-18 15:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-12 08:06 - 2014-06-18 15:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-12 08:06 - 2014-06-18 15:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-12 08:06 - 2014-06-18 15:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-12 08:06 - 2014-06-18 15:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-12 08:06 - 2014-06-18 15:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-12 08:06 - 2014-06-18 15:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-12 08:06 - 2014-06-18 15:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-12 08:06 - 2014-06-18 15:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-12 08:06 - 2014-06-18 15:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-12 08:06 - 2014-06-18 15:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-12 08:06 - 2014-06-17 19:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-12 08:06 - 2014-06-17 18:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-12 08:06 - 2014-06-17 18:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-12 08:06 - 2014-06-06 03:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-12 08:06 - 2014-06-06 02:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-12 08:06 - 2014-05-30 01:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-12 08:06 - 2014-05-30 01:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-12 08:06 - 2014-05-30 01:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-12 08:06 - 2014-05-30 01:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-12 08:06 - 2014-05-30 01:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-12 08:06 - 2014-05-30 01:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-12 08:06 - 2014-05-30 01:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-12 08:06 - 2014-05-30 00:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-12 08:06 - 2014-05-30 00:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-12 08:06 - 2014-05-30 00:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-12 08:06 - 2014-05-30 00:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-12 08:06 - 2014-05-30 00:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-12 08:06 - 2014-05-30 00:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-12 08:06 - 2014-05-30 00:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-12 08:06 - 2014-05-29 23:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-12 08:05 - 2014-06-18 18:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-12 08:05 - 2014-06-18 17:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-12 08:05 - 2014-06-18 17:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-12 08:05 - 2014-06-18 17:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-12 08:05 - 2014-06-18 17:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-12 08:05 - 2014-06-18 17:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-12 08:05 - 2014-06-18 17:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-12 08:05 - 2014-06-18 16:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-12 08:05 - 2014-06-18 16:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-12 08:05 - 2014-06-18 16:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-12 08:05 - 2014-06-18 16:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-12 08:05 - 2014-06-18 16:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-12 08:05 - 2014-06-18 15:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-12 08:05 - 2014-06-18 15:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-12 08:05 - 2014-06-18 15:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-12 08:04 - 2014-06-05 07:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-12 08:04 - 2014-06-05 07:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-12 08:04 - 2014-06-05 07:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-12 07:51 - 2014-07-12 07:51 - 00000000 ____D () C:\Users\Mr B\AppData\Local\Adobe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-27 06:50 - 2014-07-27 06:50 - 00000000 ____D () C:\FRST
2014-07-27 06:50 - 2009-07-13 21:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-27 06:50 - 2009-07-13 21:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-27 06:47 - 2010-11-20 01:45 - 01466327 _____ () C:\Windows\WindowsUpdate.log
2014-07-27 06:44 - 2014-07-17 07:30 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-27 06:42 - 2013-01-08 08:31 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-27 06:42 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-27 06:42 - 2009-07-13 21:51 - 00089934 _____ () C:\Windows\setupact.log
2014-07-26 19:31 - 2013-01-08 08:31 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-26 19:29 - 2012-03-30 07:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-26 19:29 - 2012-03-25 14:20 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForMr B.job
2014-07-25 11:02 - 2014-07-24 15:18 - 00000768 _____ () C:\Users\Mr B\Desktop\geeks.txt
2014-07-24 15:40 - 2014-07-24 15:34 - 00002040 _____ () C:\Users\Mr B\Desktop\Rkill.txt
2014-07-24 15:36 - 2013-11-14 08:16 - 00000000 ____D () C:\Program Files (x86)\AOL Desktop 9.7a
2014-07-24 15:22 - 2013-03-13 07:12 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 15:22 - 2013-03-13 07:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-24 15:21 - 2013-03-13 07:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 15:18 - 2011-09-03 15:59 - 00000000 ____D () C:\Users\Mr B\AppData\Local\CrashDumps
2014-07-24 10:54 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-24 10:36 - 2011-03-12 13:38 - 00064232 _____ () C:\Users\Mr B\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-24 10:35 - 2009-07-13 21:45 - 00283640 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-24 08:51 - 2014-07-24 08:51 - 00000000 ____D () C:\Program Files (x86)\Hp
2014-07-24 08:50 - 2010-07-10 21:08 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-07-21 06:13 - 2011-12-28 09:47 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-07-21 06:13 - 2011-03-13 10:02 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-07-18 23:03 - 2013-01-08 08:32 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-18 16:08 - 2009-07-13 22:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-18 07:06 - 2009-07-13 22:08 - 00032548 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-17 10:43 - 2011-03-12 21:23 - 00475100 _____ () C:\Windows\PFRO.log
2014-07-17 09:09 - 2013-10-17 06:46 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-17 09:08 - 2014-07-17 09:07 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-17 09:08 - 2012-03-03 08:46 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-17 07:30 - 2014-07-17 07:30 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-17 07:30 - 2014-07-17 07:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-17 07:30 - 2014-07-17 07:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-17 07:30 - 2014-07-17 07:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-16 12:12 - 2011-03-12 13:51 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-07-15 11:44 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-07-14 07:00 - 2012-03-25 14:20 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMr B
2014-07-13 08:50 - 2014-05-01 09:27 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-13 08:50 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-13 08:50 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-13 08:32 - 2013-08-14 06:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-13 08:30 - 2011-03-22 11:04 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-12 08:08 - 2012-03-30 07:06 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-12 08:07 - 2012-03-30 07:06 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-12 08:07 - 2011-06-15 07:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-12 07:51 - 2014-07-12 07:51 - 00000000 ____D () C:\Users\Mr B\AppData\Local\Adobe
2014-07-11 03:02 - 2014-07-17 09:08 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-11 02:56 - 2014-07-17 09:09 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-11 02:56 - 2014-07-17 09:08 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-11 02:55 - 2014-07-17 09:08 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-29 19:09 - 2014-07-12 08:07 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-29 19:04 - 2014-07-12 08:07 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

Some content of TEMP:
====================
C:\Users\Mr B\AppData\Local\Temp\AcsInstall.dll
C:\Users\Mr B\AppData\Local\Temp\ApnStub.exe
C:\Users\Mr B\AppData\Local\Temp\Extract.exe
C:\Users\Mr B\AppData\Local\Temp\gdfz0qtw.dll
C:\Users\Mr B\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Mr B\AppData\Local\Temp\HPQSi.exe
C:\Users\Mr B\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Mr B\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Mr B\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Mr B\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\Mr B\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Mr B\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Mr B\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Mr B\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Mr B\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Mr B\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Mr B\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Mr B\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Mr B\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Mr B\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Mr B\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Mr B\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Mr B\AppData\Local\Temp\Resource.exe
C:\Users\Mr B\AppData\Local\Temp\SHFOLDER.DLL
C:\Users\Mr B\AppData\Local\Temp\SP50498.exe
C:\Users\Mr B\AppData\Local\Temp\SP50718.exe
C:\Users\Mr B\AppData\Local\Temp\SP50720.exe
C:\Users\Mr B\AppData\Local\Temp\sp50843.exe.exe
C:\Users\Mr B\AppData\Local\Temp\SP51650.exe
C:\Users\Mr B\AppData\Local\Temp\SP51976.exe
C:\Users\Mr B\AppData\Local\Temp\sp52110.exe.exe
C:\Users\Mr B\AppData\Local\Temp\SP52131.exe
C:\Users\Mr B\AppData\Local\Temp\SP52407.exe
C:\Users\Mr B\AppData\Local\Temp\SP52509.exe
C:\Users\Mr B\AppData\Local\Temp\SP52598.exe
C:\Users\Mr B\AppData\Local\Temp\sp54373.exe
C:\Users\Mr B\AppData\Local\Temp\sp54620.exe
C:\Users\Mr B\AppData\Local\Temp\sp58915.exe
C:\Users\Mr B\AppData\Local\Temp\sp64126.exe
C:\Users\Mr B\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Mr B\AppData\Local\Temp\UninstallHPTCA.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-19 14:46

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-07-2014
Ran by Mr B at 2014-07-27 06:51:39
Running from C:\Users\Mr B\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDFWJWU6
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc)
AMD USB Filter Driver (x32 Version: 1.0.15.94 - Advanced Micro Devices, Inc.) Hidden
AOL Toolbar (HKCU\...\AOL Toolbar) (Version:  - )
AOL Toolbar (HKLM-x32\...\AOL Toolbar) (Version:  - AOL Inc.)
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version:  - AOL Inc.)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.15.0 - Ask.com) <==== ATTENTION
Ask Toolbar Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.4.36191 - Ask.com) <==== ATTENTION
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{ECD0D4B5-FFA9-6E1B-A08D-58E82EA5EEB9}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 6.3.2380.0 - Microsoft Corporation)
Bing Bar Platform (x32 Version: 6.3.2380.0 - Microsoft Corporation) Hidden
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0617.855.14122 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0617.855.14122 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0617.855.14122 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0617.855.14122 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0617.855.14122 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0617.855.14122 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0617.855.14122 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0617.855.14122 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help English (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help French (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help German (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0617.855.14122 - ATI) Hidden
ccc-utility64 (Version: 2010.0617.855.14122 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco NAC Agent  (HKLM-x32\...\{78C4B30C-E152-423F-B024-8FF58D874E35}) (Version: 4.8.3.1 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
ConservativeTalkNow Toolbar (HKLM-x32\...\ConservativeTalkNow_4nbar Uninstall) (Version:  - Mindspark Interactive Network) <==== ATTENTION
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3003 - CyberLink Corp.)
CyberLink DVD Suite (x32 Version: 7.0.3003 - CyberLink Corp.) Hidden
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1616 - CyberLink Corp.)
CyberLink MediaShow (x32 Version: 5.0.1616 - CyberLink Corp.) Hidden
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1.4217 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.1.4217 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2511 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.0.2511 - CyberLink Corp.) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Download Updater (AOL Inc.) (HKLM-x32\...\SoftwareUpdUtility) (Version:  - AOL Inc.) <==== ATTENTION
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{5E25081D-9CB4-4B17-AD2B-8DF2DC335E85}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Game Console (x32 Version:  - WildTangent) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)
HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3611 - HP Photo Creations Powered by RocketLife)
HP Power Manager (HKLM-x32\...\{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}) (Version: 1.0.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{97174E88-52F9-445A-A28E-704A45332D19}) (Version: 4.0.108.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{C43602FE-988C-47BA-9F9F-B95FDDAFB624}) (Version: 11.50.0031 - Hewlett-Packard Company)
HP Wireless Assistant (HKLM\...\{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}) (Version: 4.0.9.0 - Hewlett-Packard Company)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Jewel Quest 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2907 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2907 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Default Manager (x32 Version: 2.2.114.0 - Microsoft Corporation) Hidden
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Search Enhancement Pack (x32 Version: 3.0.131.0 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 1.0.0 - AOL Inc.) Hidden
Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4204 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4204 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3003 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3003 - CyberLink Corp.) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6206 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30120 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) Hidden
Roxio CinemaNow 2.0 (x32 Version: 1.0.278 - Hewlett-Packard) Hidden
RtVOsd (HKLM\...\{091A0130-A82F-4A6D-9C61-3BBBB3289030}) (Version: 1.0.6 - Realtek Semiconductor Corp.)
Secure Download Manager (HKLM-x32\...\{6CEF2BC6-8929-44EE-8360-175513E1A49A}) (Version: 3.0.5 - e-academy Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.64 - Synaptics Incorporated)
Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version:  - )
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

22-06-2014 16:54:46 Windows Update
26-06-2014 15:18:57 Windows Update
30-06-2014 16:37:41 Windows Update
03-07-2014 17:31:14 Windows Update
07-07-2014 13:48:47 Windows Update
12-07-2014 15:07:35 Windows Update
13-07-2014 15:26:34 Windows Update
16-07-2014 19:13:37 Windows Update
17-07-2014 16:06:40 Installed Java 7 Update 65
20-07-2014 13:14:01 Windows Update
23-07-2014 13:51:42 Windows Update
24-07-2014 15:50:39 Installed HP Support Solutions Framework
24-07-2014 22:19:21 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2B868AA3-0F42-4E64-89D5-393E25EC29F8} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {2F891A7A-5CA0-4BA4-B3F3-FFB9257342DB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-08] (Google Inc.)
Task: {57BACB09-375D-491E-8B69-2338C9022926} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {5907396C-AB62-4BD0-A9A4-C1785228A5A7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6BCFDD86-9DB2-4435-887A-0C52E2A95FF3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-08] (Google Inc.)
Task: {70CAF730-C565-4955-965F-7338C694409E} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {743F3849-387B-4316-ABCE-8CF39507ACC8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {88CAA8B2-F16E-4A62-8AC0-EB37FC951CE8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {8DE83A2E-4827-43C1-9CA3-1491D9CDC11D} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2013-02-08] () <==== ATTENTION
Task: {933284E3-53B1-4488-B823-A59A84C51065} - System32\Tasks\{D5638C85-DEF9-4985-80DD-662071BE175A} => C:\Users\Mr B\AppData\Local\e-academy Inc\SecureDownloadManager\SecureDownloadManager.exe [2012-04-09] (e-academy Inc.)
Task: {9864F70C-87C5-4661-A834-4500C3585D49} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-12] (Adobe Systems Incorporated)
Task: {CAC91BC2-785E-469C-A387-2850B579375E} - System32\Tasks\HPCeeScheduleForMr B => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {D17804A0-BFCA-4772-9B47-97DBA3EAD414} - System32\Tasks\Hewlett-Packard\HP Support Assistant\NetworkCheck => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_NetworkCheck.exe [2014-04-22] (Hewlett-Packard)
Task: {E07B6C58-C96C-4BE2-B9AA-FE37F0099997} - System32\Tasks\{D6539C61-4F50-4365-8B26-8EC316E2AD4E} => C:\Users\Mr B\AppData\Local\e-academy Inc\SecureDownloadManager\SecureDownloadManager.exe [2012-04-09] (e-academy Inc.)
Task: {E63D2C43-D3CD-47BE-B715-5654B6390B12} - System32\Tasks\Games\UpdateCheck_S-1-5-21-185013668-2475104059-2432215777-1000
Task: {E7E32AE2-3599-437F-AE07-8491CFE81A3F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMr B.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2010-06-10 17:42 - 2010-06-10 17:42 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-11-20 01:44 - 2010-11-20 01:44 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-06-18 16:26 - 2010-06-18 16:26 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2010-06-18 16:26 - 2010-06-18 16:26 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-06-18 16:26 - 2010-06-18 16:26 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-05-19 11:05 - 2010-05-19 11:05 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2010-05-19 11:05 - 2010-05-19 11:05 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2010-05-19 11:05 - 2010-05-19 11:05 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2010-02-09 18:58 - 2010-02-09 18:58 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2010-02-09 18:58 - 2010-02-09 18:58 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2010-02-09 18:58 - 2010-02-09 18:58 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2010-02-09 18:58 - 2010-02-09 18:58 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2010-02-09 18:58 - 2010-02-09 18:58 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2010-02-09 18:58 - 2010-02-09 18:58 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2010-02-09 18:58 - 2010-02-09 18:58 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2010-02-09 18:58 - 2010-02-09 18:58 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/24/2014 03:18:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: aoltbServer.exe, version: 5.74.1.9659, time stamp: 0x5205374e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x01ca00c6
Faulting process id: 0x1354
Faulting application start time: 0xaoltbServer.exe0
Faulting application path: aoltbServer.exe1
Faulting module path: aoltbServer.exe2
Report Id: aoltbServer.exe3

Error: (07/24/2014 01:50:04 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (07/23/2014 09:54:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9780436

Error: (07/23/2014 09:54:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9780436

Error: (07/23/2014 09:54:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/22/2014 02:38:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9560677

Error: (07/22/2014 02:38:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9560677

Error: (07/22/2014 02:38:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/22/2014 11:40:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4319028

Error: (07/22/2014 11:40:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4319028

System errors:
=============
Error: (07/26/2014 07:40:23 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:39:26 PM on ‎7/‎26/‎2014 was unexpected.

Error: (07/26/2014 07:37:40 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:36:01 PM on ‎7/‎26/‎2014 was unexpected.

Error: (07/25/2014 10:28:59 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:27:54 AM on ‎7/‎25/‎2014 was unexpected.

Error: (07/24/2014 03:49:23 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:47:46 PM on ‎7/‎24/‎2014 was unexpected.

Error: (07/24/2014 03:44:21 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\athihvs.dll
Error Code: 21

Error: (07/24/2014 03:44:22 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (07/24/2014 03:44:22 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (07/24/2014 03:44:09 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
discache
MpFilter
spldr
Wanarpv6

Error: (07/24/2014 03:44:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error:
%%31

Error: (07/24/2014 03:44:19 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Microsoft Office Sessions:
=========================
Error: (07/24/2014 03:18:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: aoltbServer.exe5.74.1.96595205374eunknown0.0.0.000000000c000000501ca00c6135401cfa78d02d4a181c:\program files (x86)\aol toolbar\aoltbServer.exeunknown67d1665f-1380-11e4-a95f-00038a000015

Error: (07/24/2014 01:50:04 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (07/23/2014 09:54:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9780436

Error: (07/23/2014 09:54:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9780436

Error: (07/23/2014 09:54:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/22/2014 02:38:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9560677

Error: (07/22/2014 02:38:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9560677

Error: (07/22/2014 02:38:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/22/2014 11:40:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4319028

Error: (07/22/2014 11:40:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4319028

 

 

The TDSSKiller scan results was empty - 459 objects were scanned and 0 threats were found - I tried copying the report, but it won't copy and paste.


Edited by kaleb82, 27 July 2014 - 08:17 AM.

  • 0

#5
kaleb82
Posted 28 July 2014 - 07:52 AM

kaleb82

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Hi Adam,

I tried running mbam again, stopped the program when 38 objects (PUP) were found, I quarantined them, and when I tried to open the log, the computer shut down.  I tried running the program again, the 38 objects did not show up, but the program froze again.  When I started the internet this morning it froze up immediately, so I had to reboot.  I will not do or run anything else until I hear from you as to our next course of action. 


  • 0

#6
LiquidTension
Posted 28 July 2014 - 08:08 AM

LiquidTension

    Expert

  • Expert
  • 1,151 posts
Hi Lynn,

Apologies for the delay, and thank you for the update.

I will return with instructions for you shortly.
  • 0

#7
LiquidTension
Posted 28 July 2014 - 10:51 AM

LiquidTension

    Expert

  • Expert
  • 1,151 posts

Hi Lynn,
 
There isn't anything particularly concerning in your logs. Please run the following programmes to remove the Adware and Potentially Unwanted Programmes (PUPs) present on your computer. Let me know how your computer is performing after carrying out the steps.
 
STEP 1
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 

STEP 2
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your desktop.
  • Note: If you unchecked any items in AdwCleaner, please backup the associated folders/files.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

======================================================

STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • AdwCleaner[S0].txt
  • JRT.txt
  • How is the computer performing?

  • 0

#8
kaleb82
Posted 28 July 2014 - 12:52 PM

kaleb82

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Hi Adam,

Here are the logs. 

 

# AdwCleaner v3.301 - Report created 28/07/2014 at 11:29:41
# Updated 28/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Mr B - MRB-HP
# Running from : C:\Users\Mr B\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

[x] Not Deleted : C:\ProgramData\AOL Toolbar
[x] Not Deleted : C:\ProgramData\Ask
[x] Not Deleted : C:\ProgramData\Viewpoint
[x] Not Deleted : C:\Program Files (x86)\AOL Toolbar
[x] Not Deleted : C:\Program Files (x86)\Ask.com
[x] Not Deleted : C:\Program Files (x86)\Viewpoint
[x] Not Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
[x] Not Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
[x] Not Deleted : C:\Users\Mr B\AppData\Local\AOL Toolbar
[x] Not Deleted : C:\Users\Mr B\AppData\Local\apn
[x] Not Deleted : C:\Users\Mr B\AppData\Local\iac
[x] Not Deleted : C:\Users\Mr B\AppData\LocalLow\AskToolbar
[x] Not Deleted : C:\Users\Mr B\AppData\LocalLow\iac
[x] Not Deleted : C:\Users\Public\Desktop\eBay.lnk
[x] Not Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

***** [ Scheduled Tasks ] *****

[x] Not Deleted : Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****

***** [ Registry ] *****

[x] Not Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
[x] Not Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
[x] Not Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
[x] Not Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
[x] Not Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
[x] Not Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
[x] Not Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
[x] Not Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
[x] Not Deleted : HKLM\SOFTWARE\Classes\dnUpdate
[x] Not Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
[x] Not Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
[x] Not Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
[x] Not Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
[x] Not Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
[x] Not Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
[x] Not Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
[x] Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
[x] Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
[x] Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
[x] Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
[x] Not Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
[x] Not Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
[x] Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
[x] Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
[x] Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
[x] Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
[x] Not Deleted : HKCU\Software\APN
[x] Not Deleted : HKCU\Software\Ask.com
[x] Not Deleted : HKCU\Software\YahooPartnerToolbar
[x] Not Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
[x] Not Deleted : HKLM\Software\APN
[x] Not Deleted : HKLM\Software\AskToolbar
[x] Not Deleted : HKLM\Software\MetaStream
[x] Not Deleted : HKLM\Software\Viewpoint
[x] Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
[x] Not Deleted : [x64] HKCU\Software\APN
[x] Not Deleted : [x64] HKCU\Software\Ask.com
[x] Not Deleted : [x64] HKCU\Software\YahooPartnerToolbar
[x] Not Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
[x] Not Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207

-\\ Google Chrome v36.0.1985.125

[ File : C:\Users\Mr B\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=7688F4A6-5BC1-40F2-8748-B2F742220FE8&apn_ptnrs=TV&apn_sauid=2BC65A32-174C-4D4E-820F-55615E5E7B6C&apn_dtid=OSJ000YYUS&q={searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh

*************************

AdwCleaner[R0].txt - [5691 octets] - [28/07/2014 11:21:24]
AdwCleaner[S0].txt - [5952 octets] - [28/07/2014 11:29:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6012 octets] ##########

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Mr B on Mon 07/28/2014 at 11:38:59.29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apnupdater

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\dnu.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\aol toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\aol toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdate
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\viewpointmediaplayer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86d4b82a-abed-442a-be86-96357b70f4fe}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2AF34C33-EC41-42EC-A910-4D238A7A9646}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{31126677-7102-41CF-8E2A-E24C85BE5F8B}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{461fc775-35b6-4d0b-9ff3-af280bfaba83}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{31126677-7102-41CF-8E2A-E24C85BE5F8B}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{461fc775-35b6-4d0b-9ff3-af280bfaba83}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BA96309-4106-4D98-84F5-CF124D86517E}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3EF64538-8B54-4573-B48F-4D34B0238AB2}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\{9b0cb95c-933a-4b8c-b6d4-edcd19a43874}"

 

~~~ Files

Successfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk"

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\aol toolbar"
Successfully deleted: [Folder] "C:\ProgramData\viewpoint"
Successfully deleted: [Folder] "C:\Users\Mr B\appdata\locallow\iac"
Failed to delete: [Folder] "C:\Program Files (x86)\aol toolbar"
Failed to delete: [Folder] "C:\Program Files (x86)\viewpoint"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\software update utility"
Successfully deleted: [Folder] "C:\ProgramData\ask"
Successfully deleted: [Folder] "C:\Users\Mr B\appdata\locallow\asktoolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\ask.com"
Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 07/28/2014 at 11:48:05.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


  • 0

#9
kaleb82
Posted 28 July 2014 - 01:32 PM

kaleb82

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Hi Adam,

I tried running mbam again and it froze up again.  It seems when it gets to the File System Objects, it freezes when it's on C:\Windows\System32\NlsData004b.dll.  Also, when I rebooted, Microsoft Security Essentials indicated that the app's services was stopped and the real time protection was turned off.  I had turned security essentials back on after I was done running the junkware removal tool.


  • 0

#10
LiquidTension
Posted 28 July 2014 - 04:10 PM

LiquidTension

    Expert

  • Expert
  • 1,151 posts

Hi Lynn,
 
Your AdwCleaner log indicates the majority of items detected were not removed ([x] Not Deleted). Did you intentionally uncheck the items? If not, please rerun AdwCleaner and leave the items checked. 
 

I tried running mbam again and it froze up again.

We'll get to this in due course. For now, please do this:
 
STEP 1
EtQetiM.png Uninstall Software

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programme, right-click and click Uninstall.
    • ConservativeTalkNow Toolbar 
  • Follow the prompts. Ensure you carefully read each page of the uninstaller, and do not inadvertently agree to the installation of additional software. 
  • Reboot if necessary.
     

STEP 2
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Please delete your current copy of FRST64. 
  • Download a fresh copy of Farbar Recovery Scan Tool (x64) and ensure you save the file to your Desktop << Important! 
  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your desktop. Copy the contents of both logs and paste in your next reply. 
     

======================================================

STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Did ConservativeTalkNow Toolbar uninstall successfully?
  • FRST.txt
  • Addition.txt

  • 0

Advertisements

#11
kaleb82
Posted 28 July 2014 - 05:16 PM

kaleb82

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Hi Adam,

Thanks again for your help.  I located the ConservativeTalkNow Toolbar and tried to uninstall, but was unable to.  I received the following message:

 

There was a problem starting

C:\PROGRA~CONSER~2\bar\1.bin\4nBar.dll

The specified module could not be found.

 

Here are the logs.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by Mr B (administrator) on MRB-HP on 28-07-2014 16:04:16
Running from C:\Users\Mr B\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1340460696\ee\aolsoftware.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1340460696\ee\aolupdates.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2281256 2012-01-16] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6489704 2011-08-14] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe [8192 2010-06-18] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [NACAgentUI] => C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe [529848 2011-10-31] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1340460696\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-07-23] (Hewlett-Packard)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-185013668-2475104059-2432215777-1000\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\S-1-5-21-185013668-2475104059-2432215777-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company)
HKU\S-1-5-21-185013668-2475104059-2432215777-1000\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-185013668-2475104059-2432215777-1000\...\MountPoints2: {24ba61ed-6238-11e0-95ee-3c4a9250f383} - F:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
SearchScopes: HKLM - {31126677-7102-41CF-8E2A-E24C85BE5F8B} URL = http://en.wikipedia....ch={searchTerms}
SearchScopes: HKLM - {44498E43-575E-4D26-AFC7-5A71B0AEEF10} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKLM - {C2C0A915-EC75-473C-83EE-BB964469DE90} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {44498E43-575E-4D26-AFC7-5A71B0AEEF10} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKLM-x32 - {C2C0A915-EC75-473C-83EE-BB964469DE90} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKCU - 7EEC74E46FEA427BB063F2301358B51C URL = http://search.aol.co...ionType=msie70a
SearchScopes: HKCU - {44498E43-575E-4D26-AFC7-5A71B0AEEF10} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKCU - {C2C0A915-EC75-473C-83EE-BB964469DE90} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKCU - {E310198E-A3E4-4A64-A835-DFAE73A55B9B} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - @c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll No File
Toolbar: HKCU - No Name - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @viewpoint.com/VMP - C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2011-08-03]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-08-03]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR DefaultSearchKeyword: ask.com
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin\NP4nStub.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U37) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\SysWOW64\npdeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mr B\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-05]
CHR Extension: (Google Wallet) - C:\Users\Mr B\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [72992 2014-07-07] (Hewlett-Packard Company)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 NACAgent; C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [1151928 2011-10-31] (Cisco Systems, Inc.)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-06-24] (Realtek Semiconductor Corp.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-02-15] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-28 16:04 - 2014-07-28 16:05 - 00019257 _____ () C:\Users\Mr B\Desktop\FRST.txt
2014-07-28 16:02 - 2014-07-28 16:02 - 02093568 _____ (Farbar) C:\Users\Mr B\Desktop\FRST64.exe
2014-07-28 12:05 - 2014-07-28 12:05 - 00000000 ____D () C:\ProgramData\Viewpoint
2014-07-28 11:48 - 2014-07-28 11:48 - 00005705 _____ () C:\Users\Mr B\Desktop\JRT.txt
2014-07-28 11:38 - 2014-07-28 11:38 - 01016261 _____ (Thisisu) C:\Users\Mr B\Desktop\JRT.exe
2014-07-28 11:38 - 2014-07-28 11:38 - 00000000 ____D () C:\Windows\ERUNT
2014-07-28 11:22 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-28 11:21 - 2014-07-28 11:29 - 00000000 ____D () C:\AdwCleaner
2014-07-28 11:20 - 2014-07-28 11:20 - 01365525 _____ () C:\Users\Mr B\Desktop\AdwCleaner.exe
2014-07-28 07:19 - 2014-07-28 07:19 - 01251680 _____ () C:\Windows\Minidump\072814-26161-01.dmp
2014-07-27 07:01 - 2014-07-27 07:01 - 04161313 _____ () C:\Users\Mr B\Desktop\tdsskiller.zip
2014-07-27 06:55 - 2014-07-27 06:55 - 00414397 _____ () C:\Users\Mr B\Downloads\utility.htm
2014-07-27 06:50 - 2014-07-28 16:04 - 00000000 ____D () C:\FRST
2014-07-24 15:34 - 2014-07-24 15:40 - 00002040 _____ () C:\Users\Mr B\Desktop\Rkill.txt
2014-07-24 15:18 - 2014-07-25 11:02 - 00000768 _____ () C:\Users\Mr B\Desktop\geeks.txt
2014-07-24 08:51 - 2014-07-24 08:51 - 00000000 ____D () C:\Program Files (x86)\Hp
2014-07-17 09:09 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-17 09:08 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-17 09:08 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-17 09:08 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-17 09:07 - 2014-07-17 09:08 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-12 08:07 - 2014-06-29 19:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-12 08:07 - 2014-06-29 19:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-12 08:06 - 2014-06-20 13:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-12 08:06 - 2014-06-20 12:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-12 08:06 - 2014-06-18 18:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-12 08:06 - 2014-06-18 18:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-12 08:06 - 2014-06-18 17:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-12 08:06 - 2014-06-18 17:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-12 08:06 - 2014-06-18 17:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-12 08:06 - 2014-06-18 17:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-12 08:06 - 2014-06-18 17:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-12 08:06 - 2014-06-18 17:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-12 08:06 - 2014-06-18 17:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-12 08:06 - 2014-06-18 17:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-12 08:06 - 2014-06-18 16:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-12 08:06 - 2014-06-18 16:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-12 08:06 - 2014-06-18 16:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-12 08:06 - 2014-06-18 16:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-12 08:06 - 2014-06-18 16:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-12 08:06 - 2014-06-18 16:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-12 08:06 - 2014-06-18 16:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-12 08:06 - 2014-06-18 16:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-12 08:06 - 2014-06-18 16:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-12 08:06 - 2014-06-18 16:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-12 08:06 - 2014-06-18 16:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-12 08:06 - 2014-06-18 16:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-12 08:06 - 2014-06-18 16:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-12 08:06 - 2014-06-18 16:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-12 08:06 - 2014-06-18 16:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-12 08:06 - 2014-06-18 16:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-12 08:06 - 2014-06-18 16:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-12 08:06 - 2014-06-18 16:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-12 08:06 - 2014-06-18 15:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-12 08:06 - 2014-06-18 15:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-12 08:06 - 2014-06-18 15:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-12 08:06 - 2014-06-18 15:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-12 08:06 - 2014-06-18 15:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-12 08:06 - 2014-06-18 15:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-12 08:06 - 2014-06-18 15:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-12 08:06 - 2014-06-18 15:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-12 08:06 - 2014-06-18 15:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-12 08:06 - 2014-06-18 15:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-12 08:06 - 2014-06-18 15:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-12 08:06 - 2014-06-17 19:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-12 08:06 - 2014-06-17 18:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-12 08:06 - 2014-06-17 18:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-12 08:06 - 2014-06-06 03:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-12 08:06 - 2014-06-06 02:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-12 08:06 - 2014-05-30 01:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-12 08:06 - 2014-05-30 01:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-12 08:06 - 2014-05-30 01:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-12 08:06 - 2014-05-30 01:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-12 08:06 - 2014-05-30 01:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-12 08:06 - 2014-05-30 01:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-12 08:06 - 2014-05-30 01:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-12 08:06 - 2014-05-30 00:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-12 08:06 - 2014-05-30 00:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-12 08:06 - 2014-05-30 00:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-12 08:06 - 2014-05-30 00:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-12 08:06 - 2014-05-30 00:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-12 08:06 - 2014-05-30 00:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-12 08:06 - 2014-05-30 00:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-12 08:06 - 2014-05-29 23:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-12 08:05 - 2014-06-18 18:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-12 08:05 - 2014-06-18 17:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-12 08:05 - 2014-06-18 17:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-12 08:05 - 2014-06-18 17:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-12 08:05 - 2014-06-18 17:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-12 08:05 - 2014-06-18 17:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-12 08:05 - 2014-06-18 17:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-12 08:05 - 2014-06-18 16:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-12 08:05 - 2014-06-18 16:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-12 08:05 - 2014-06-18 16:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-12 08:05 - 2014-06-18 16:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-12 08:05 - 2014-06-18 16:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-12 08:05 - 2014-06-18 15:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-12 08:05 - 2014-06-18 15:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-12 08:05 - 2014-06-18 15:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-12 08:04 - 2014-06-05 07:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-12 08:04 - 2014-06-05 07:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-12 08:04 - 2014-06-05 07:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-12 07:51 - 2014-07-12 07:51 - 00000000 ____D () C:\Users\Mr B\AppData\Local\Adobe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-28 16:05 - 2014-07-28 16:04 - 00019257 _____ () C:\Users\Mr B\Desktop\FRST.txt
2014-07-28 16:04 - 2014-07-27 06:50 - 00000000 ____D () C:\FRST
2014-07-28 16:04 - 2013-01-08 08:31 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-28 16:02 - 2014-07-28 16:02 - 02093568 _____ (Farbar) C:\Users\Mr B\Desktop\FRST64.exe
2014-07-28 15:58 - 2012-03-30 07:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-28 15:58 - 2010-11-20 01:45 - 01562445 _____ () C:\Windows\WindowsUpdate.log
2014-07-28 14:32 - 2013-01-08 08:31 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-28 14:26 - 2009-07-13 21:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-28 14:26 - 2009-07-13 21:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-28 14:18 - 2011-03-12 21:23 - 00490144 _____ () C:\Windows\PFRO.log
2014-07-28 14:18 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-28 14:18 - 2009-07-13 21:51 - 00090326 _____ () C:\Windows\setupact.log
2014-07-28 13:00 - 2012-03-25 14:20 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForMr B.job
2014-07-28 12:05 - 2014-07-28 12:05 - 00000000 ____D () C:\ProgramData\Viewpoint
2014-07-28 11:48 - 2014-07-28 11:48 - 00005705 _____ () C:\Users\Mr B\Desktop\JRT.txt
2014-07-28 11:42 - 2013-11-14 08:18 - 00000000 ____D () C:\Program Files (x86)\AOL Toolbar
2014-07-28 11:38 - 2014-07-28 11:38 - 01016261 _____ (Thisisu) C:\Users\Mr B\Desktop\JRT.exe
2014-07-28 11:38 - 2014-07-28 11:38 - 00000000 ____D () C:\Windows\ERUNT
2014-07-28 11:29 - 2014-07-28 11:21 - 00000000 ____D () C:\AdwCleaner
2014-07-28 11:20 - 2014-07-28 11:20 - 01365525 _____ () C:\Users\Mr B\Desktop\AdwCleaner.exe
2014-07-28 09:58 - 2011-09-03 15:59 - 00000000 ____D () C:\Users\Mr B\AppData\Local\CrashDumps
2014-07-28 07:19 - 2014-07-28 07:19 - 01251680 _____ () C:\Windows\Minidump\072814-26161-01.dmp
2014-07-28 07:19 - 2012-11-10 09:03 - 425412957 _____ () C:\Windows\MEMORY.DMP
2014-07-28 07:19 - 2012-11-10 09:03 - 00000000 ____D () C:\Windows\Minidump
2014-07-28 06:34 - 2011-12-28 09:47 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-07-28 06:34 - 2011-03-13 10:02 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-07-27 17:10 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\Performance
2014-07-27 07:01 - 2014-07-27 07:01 - 04161313 _____ () C:\Users\Mr B\Desktop\tdsskiller.zip
2014-07-27 06:55 - 2014-07-27 06:55 - 00414397 _____ () C:\Users\Mr B\Downloads\utility.htm
2014-07-25 11:02 - 2014-07-24 15:18 - 00000768 _____ () C:\Users\Mr B\Desktop\geeks.txt
2014-07-24 15:40 - 2014-07-24 15:34 - 00002040 _____ () C:\Users\Mr B\Desktop\Rkill.txt
2014-07-24 15:36 - 2013-11-14 08:16 - 00000000 ____D () C:\Program Files (x86)\AOL Desktop 9.7a
2014-07-24 15:22 - 2013-03-13 07:12 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 15:22 - 2013-03-13 07:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-24 15:21 - 2013-03-13 07:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 10:54 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-24 10:36 - 2011-03-12 13:38 - 00064232 _____ () C:\Users\Mr B\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-24 10:35 - 2009-07-13 21:45 - 00283640 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-24 08:51 - 2014-07-24 08:51 - 00000000 ____D () C:\Program Files (x86)\Hp
2014-07-24 08:50 - 2010-07-10 21:08 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-07-18 23:03 - 2013-01-08 08:32 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-18 16:08 - 2009-07-13 22:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-18 07:06 - 2009-07-13 22:08 - 00032548 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-17 09:09 - 2013-10-17 06:46 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-17 09:08 - 2014-07-17 09:07 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-17 09:08 - 2012-03-03 08:46 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-16 12:12 - 2011-03-12 13:51 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-07-15 11:44 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-07-14 07:00 - 2012-03-25 14:20 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMr B
2014-07-13 08:50 - 2014-05-01 09:27 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-13 08:50 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-13 08:50 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-13 08:32 - 2013-08-14 06:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-13 08:30 - 2011-03-22 11:04 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-12 08:08 - 2012-03-30 07:06 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-12 08:07 - 2012-03-30 07:06 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-12 08:07 - 2011-06-15 07:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-12 07:51 - 2014-07-12 07:51 - 00000000 ____D () C:\Users\Mr B\AppData\Local\Adobe
2014-07-11 03:02 - 2014-07-17 09:08 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-11 02:56 - 2014-07-17 09:09 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-11 02:56 - 2014-07-17 09:08 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-11 02:55 - 2014-07-17 09:08 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-29 19:09 - 2014-07-12 08:07 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-29 19:04 - 2014-07-12 08:07 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

Some content of TEMP:
====================
C:\Users\Mr B\AppData\Local\Temp\AcsInstall.dll
C:\Users\Mr B\AppData\Local\Temp\ApnStub.exe
C:\Users\Mr B\AppData\Local\Temp\Extract.exe
C:\Users\Mr B\AppData\Local\Temp\gdfz0qtw.dll
C:\Users\Mr B\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Mr B\AppData\Local\Temp\HPQSi.exe
C:\Users\Mr B\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Mr B\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Mr B\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Mr B\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\Mr B\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Mr B\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Mr B\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Mr B\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Mr B\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Mr B\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Mr B\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Mr B\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Mr B\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Mr B\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Mr B\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Mr B\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Mr B\AppData\Local\Temp\Quarantine.exe
C:\Users\Mr B\AppData\Local\Temp\Resource.exe
C:\Users\Mr B\AppData\Local\Temp\SHFOLDER.DLL
C:\Users\Mr B\AppData\Local\Temp\SP50498.exe
C:\Users\Mr B\AppData\Local\Temp\SP50718.exe
C:\Users\Mr B\AppData\Local\Temp\SP50720.exe
C:\Users\Mr B\AppData\Local\Temp\sp50843.exe.exe
C:\Users\Mr B\AppData\Local\Temp\SP51650.exe
C:\Users\Mr B\AppData\Local\Temp\SP51976.exe
C:\Users\Mr B\AppData\Local\Temp\sp52110.exe.exe
C:\Users\Mr B\AppData\Local\Temp\SP52131.exe
C:\Users\Mr B\AppData\Local\Temp\SP52407.exe
C:\Users\Mr B\AppData\Local\Temp\SP52509.exe
C:\Users\Mr B\AppData\Local\Temp\SP52598.exe
C:\Users\Mr B\AppData\Local\Temp\sp54373.exe
C:\Users\Mr B\AppData\Local\Temp\sp54620.exe
C:\Users\Mr B\AppData\Local\Temp\sp58915.exe
C:\Users\Mr B\AppData\Local\Temp\sp64126.exe
C:\Users\Mr B\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Mr B\AppData\Local\Temp\UninstallHPTCA.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-19 14:46

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-07-2014
Ran by Mr B at 2014-07-28 16:06:10
Running from C:\Users\Mr B\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc)
AMD USB Filter Driver (x32 Version: 1.0.15.94 - Advanced Micro Devices, Inc.) Hidden
AOL Toolbar (HKCU\...\AOL Toolbar) (Version:  - )
AOL Toolbar (HKLM-x32\...\AOL Toolbar) (Version:  - AOL Inc.)
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version:  - AOL Inc.)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.4.36191 - Ask.com) <==== ATTENTION
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{ECD0D4B5-FFA9-6E1B-A08D-58E82EA5EEB9}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 6.3.2380.0 - Microsoft Corporation)
Bing Bar Platform (x32 Version: 6.3.2380.0 - Microsoft Corporation) Hidden
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0617.855.14122 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0617.855.14122 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0617.855.14122 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0617.855.14122 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0617.855.14122 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0617.855.14122 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0617.855.14122 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0617.855.14122 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help English (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help French (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help German (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0617.0854.14122 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0617.855.14122 - ATI) Hidden
ccc-utility64 (Version: 2010.0617.855.14122 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco NAC Agent  (HKLM-x32\...\{78C4B30C-E152-423F-B024-8FF58D874E35}) (Version: 4.8.3.1 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
ConservativeTalkNow Toolbar (HKLM-x32\...\ConservativeTalkNow_4nbar Uninstall) (Version:  - Mindspark Interactive Network) <==== ATTENTION
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3003 - CyberLink Corp.)
CyberLink DVD Suite (x32 Version: 7.0.3003 - CyberLink Corp.) Hidden
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1616 - CyberLink Corp.)
CyberLink MediaShow (x32 Version: 5.0.1616 - CyberLink Corp.) Hidden
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1.4217 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.1.4217 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2511 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.0.2511 - CyberLink Corp.) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Download Updater (AOL Inc.) (HKLM-x32\...\SoftwareUpdUtility) (Version:  - AOL Inc.) <==== ATTENTION
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{5E25081D-9CB4-4B17-AD2B-8DF2DC335E85}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Game Console (x32 Version:  - WildTangent) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)
HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3611 - HP Photo Creations Powered by RocketLife)
HP Power Manager (HKLM-x32\...\{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}) (Version: 1.0.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{97174E88-52F9-445A-A28E-704A45332D19}) (Version: 4.0.108.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{C43602FE-988C-47BA-9F9F-B95FDDAFB624}) (Version: 11.50.0031 - Hewlett-Packard Company)
HP Wireless Assistant (HKLM\...\{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}) (Version: 4.0.9.0 - Hewlett-Packard Company)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Jewel Quest 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2907 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2907 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Default Manager (x32 Version: 2.2.114.0 - Microsoft Corporation) Hidden
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Search Enhancement Pack (x32 Version: 3.0.131.0 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 1.0.0 - AOL Inc.) Hidden
Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4204 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4204 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3003 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3003 - CyberLink Corp.) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6206 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30120 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) Hidden
Roxio CinemaNow 2.0 (x32 Version: 1.0.278 - Hewlett-Packard) Hidden
RtVOsd (HKLM\...\{091A0130-A82F-4A6D-9C61-3BBBB3289030}) (Version: 1.0.6 - Realtek Semiconductor Corp.)
Secure Download Manager (HKLM-x32\...\{6CEF2BC6-8929-44EE-8360-175513E1A49A}) (Version: 3.0.5 - e-academy Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.64 - Synaptics Incorporated)
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

26-06-2014 15:18:57 Windows Update
30-06-2014 16:37:41 Windows Update
03-07-2014 17:31:14 Windows Update
07-07-2014 13:48:47 Windows Update
12-07-2014 15:07:35 Windows Update
13-07-2014 15:26:34 Windows Update
16-07-2014 19:13:37 Windows Update
17-07-2014 16:06:40 Installed Java 7 Update 65
20-07-2014 13:14:01 Windows Update
23-07-2014 13:51:42 Windows Update
24-07-2014 15:50:39 Installed HP Support Solutions Framework
24-07-2014 22:19:21 Windows Update
27-07-2014 23:49:50 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2B868AA3-0F42-4E64-89D5-393E25EC29F8} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {2F891A7A-5CA0-4BA4-B3F3-FFB9257342DB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-08] (Google Inc.)
Task: {57BACB09-375D-491E-8B69-2338C9022926} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {5907396C-AB62-4BD0-A9A4-C1785228A5A7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6BCFDD86-9DB2-4435-887A-0C52E2A95FF3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-08] (Google Inc.)
Task: {70CAF730-C565-4955-965F-7338C694409E} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {743F3849-387B-4316-ABCE-8CF39507ACC8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {88CAA8B2-F16E-4A62-8AC0-EB37FC951CE8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {8DE83A2E-4827-43C1-9CA3-1491D9CDC11D} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION
Task: {933284E3-53B1-4488-B823-A59A84C51065} - System32\Tasks\{D5638C85-DEF9-4985-80DD-662071BE175A} => C:\Users\Mr B\AppData\Local\e-academy Inc\SecureDownloadManager\SecureDownloadManager.exe [2012-04-09] (e-academy Inc.)
Task: {9864F70C-87C5-4661-A834-4500C3585D49} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-12] (Adobe Systems Incorporated)
Task: {CAC91BC2-785E-469C-A387-2850B579375E} - System32\Tasks\HPCeeScheduleForMr B => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {D17804A0-BFCA-4772-9B47-97DBA3EAD414} - System32\Tasks\Hewlett-Packard\HP Support Assistant\NetworkCheck => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_NetworkCheck.exe [2014-04-22] (Hewlett-Packard)
Task: {E07B6C58-C96C-4BE2-B9AA-FE37F0099997} - System32\Tasks\{D6539C61-4F50-4365-8B26-8EC316E2AD4E} => C:\Users\Mr B\AppData\Local\e-academy Inc\SecureDownloadManager\SecureDownloadManager.exe [2012-04-09] (e-academy Inc.)
Task: {E63D2C43-D3CD-47BE-B715-5654B6390B12} - System32\Tasks\Games\UpdateCheck_S-1-5-21-185013668-2475104059-2432215777-1000
Task: {E7E32AE2-3599-437F-AE07-8491CFE81A3F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMr B.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2010-06-18 16:26 - 2010-06-18 16:26 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2010-06-10 17:42 - 2010-06-10 17:42 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-11-20 01:44 - 2010-11-20 01:44 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-06-18 16:26 - 2010-06-18 16:26 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-06-18 16:26 - 2010-06-18 16:26 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-05-19 11:05 - 2010-05-19 11:05 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2010-05-19 11:05 - 2010-05-19 11:05 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2010-05-19 11:05 - 2010-05-19 11:05 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2010-02-09 18:58 - 2010-02-09 18:58 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2010-02-09 18:58 - 2010-02-09 18:58 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2010-02-09 18:58 - 2010-02-09 18:58 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2010-02-09 18:58 - 2010-02-09 18:58 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2010-02-09 18:58 - 2010-02-09 18:58 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2010-02-09 18:58 - 2010-02-09 18:58 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2010-02-09 18:58 - 2010-02-09 18:58 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2010-02-09 18:58 - 2010-02-09 18:58 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/28/2014 01:32:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17207 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 14d8

Start Time: 01cfaaa3009dbf7f

Termination Time: 15

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

System errors:
=============
Error: (07/28/2014 00:56:00 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (07/28/2014 00:11:43 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:09:00 PM on ‎7/‎28/‎2014 was unexpected.

Microsoft Office Sessions:
=========================
Error: (07/28/2014 01:32:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.1720714d801cfaaa3009dbf7f15C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

==================== Memory info ===========================

Percentage of memory in use: 47%
Total physical RAM: 2810.9 MB
Available physical RAM: 1468.89 MB
Total Pagefile: 5619.98 MB
Available Pagefile: 3940.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:448.12 GB) (Free:388.93 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:17.35 GB) (Free:2.51 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 82337274)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=448 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End Of Log ============================


Edited by kaleb82, 28 July 2014 - 05:17 PM.

  • 0

#12
kaleb82
Posted 28 July 2014 - 05:30 PM

kaleb82

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Hi Adam,

I messed up on the AdwCleaner.  I did uncheck the items.  I ran it again, but after running the farbar recovery scan tool.  I hope I didn't mess up too bad.  Here is the log from AdwCleaner.

 

# AdwCleaner v3.301 - Report created 28/07/2014 at 16:21:57
# Updated 28/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Mr B - MRB-HP
# Running from : C:\Users\Mr B\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Program Files (x86)\AOL Toolbar
Folder Deleted : C:\Program Files (x86)\Viewpoint
Folder Deleted : C:\Users\Mr B\AppData\Local\AOL Toolbar
Folder Deleted : C:\Users\Mr B\AppData\Local\apn
Folder Deleted : C:\Users\Mr B\AppData\Local\iac
File Deleted : C:\Users\Public\Desktop\eBay.lnk

***** [ Scheduled Tasks ] *****

Task Deleted : Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207

-\\ Google Chrome v36.0.1985.125

[ File : C:\Users\Mr B\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [5691 octets] - [28/07/2014 11:21:24]
AdwCleaner[R1].txt - [3182 octets] - [28/07/2014 16:20:52]
AdwCleaner[S0].txt - [6112 octets] - [28/07/2014 11:29:41]
AdwCleaner[S1].txt - [3155 octets] - [28/07/2014 16:21:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3215 octets] ##########


  • 0

#13
LiquidTension
Posted 28 July 2014 - 07:09 PM

LiquidTension

    Expert

  • Expert
  • 1,151 posts

Hi Lynn,
 

I messed up on the AdwCleaner.  I did uncheck the items.  I ran it again, but after running the farbar recovery scan tool.  I hope I didn't mess up too bad.  Here is the log from AdwCleaner.

That's quite alright.  :)
 

Thanks again for your help.  I located the ConservativeTalkNow Toolbar and tried to uninstall, but was unable to.  I received the following message:

Okay, not to worry. We will manually remove the associated files/folders/registry keys for this unwanted programme. 
 
STEP 1
EtQetiM.png Uninstall Software

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programme, right-click and click Uninstall (if present).
    • Ask Toolbar Updater
  • Follow the prompts. Ensure you carefully read each page of the uninstaller, and do not inadvertently agree to the installation of additional software. 
  • Reboot if necessary.
     

STEP 2
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-185013668-2475104059-2432215777-1000\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-185013668-2475104059-2432215777-1000\...\MountPoints2: {24ba61ed-6238-11e0-95ee-3c4a9250f383} - F:\LaunchU3.exe -a
SearchScopes: HKLM - {C2C0A915-EC75-473C-83EE-BB964469DE90} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {C2C0A915-EC75-473C-83EE-BB964469DE90} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKCU - {C2C0A915-EC75-473C-83EE-BB964469DE90} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {461fc775-35b6-4d0b-9ff3-af280bfaba83} URL = http://search.mywebs...r={searchTerms}
SearchScopes: HKCU - {461fc775-35b6-4d0b-9ff3-af280bfaba83} URL = http://search.mywebs...r={searchTerms}
SearchScopes: HKCU - {E310198E-A3E4-4A64-A835-DFAE73A55B9B} URL =
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
Toolbar: HKCU - No Name - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No File
FF Plugin-x32: @viewpoint.com/VMP - C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File
2014-07-28 12:05 - 2014-07-28 12:05 - 00000000 ____D () C:\ProgramData\Viewpoint
Task: {8DE83A2E-4827-43C1-9CA3-1491D9CDC11D} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION
C:\Program Files (x86)\Ask.com
CMD: DEL %TEMP%\*.* /F /S /Q
CMD: RD /S /Q %TEMP%
end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 3
U5NwUGc.png Edit Chrome Search Engines

  • Open Chrome.
  • Type chrome://settings/searchengines into the URL bar. 
  • Remove any entries associated with Ask.com by hovering over the entry and clicking the X.
     

STEP 4
U5NwUGc.png Manually Removing Chrome Extension

  • Open Chrome.
  • Type chrome://extensions into the URL bar. 
  • Click the cCN6rtf.png button next to the following extensions (if present).
    • MetaStream 3 Plugin
    • MindSpark Toolbar Platform Plugin Stub
       

STEP 5
YjhLJro.png SystemLook

  • Please download SystemLook (x64) and save the file to your desktop.
  • Right-Click SystemLook_x64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Copy the entire contents of the codebox below and paste into the textfield.
    :filefind
*ConservativeTalkNow*
*4nbar*
*Mindspark*
*Viewpoint*

:folderfind
*ConservativeTalkNow*
*4nbar*
*Mindspark*
*Viewpoint*

:regfind
ConservativeTalkNow
4nbar
Mindspark
Viewpoint
  • Click the Ji0XpU4.png button to start the scan.
  • Upon completion, a log (SystemLook.txt) will open. Copy the contents of the log and paste in your next reply.
  • Click the OCFv7xc.png button. 

======================================================
 
STEP 6
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt
  • Could you alter Chrome settings OK?
  • SystemLook.txt

  • 0

#14
kaleb82
Posted 28 July 2014 - 11:54 PM

kaleb82

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Hi Adam,

Okay, the Ask Toolbar Updater was not present and I was successful in removing the Ask.com entries in Chrome.  There were no extensions in Chrome.  I was successful in running the programs.  Here is the SystemLook log.  The Fixlog.txt log won't paste.  I think the log is too big, so I'll send it in two posts.  Thanks again :).

 

SystemLook 30.07.11 by jpshortstuff
Log created at 22:19 on 28/07/2014 by Mr B
Administrator - Elevation successful

========== filefind ==========

Searching for "*ConservativeTalkNow*"
No files found.

Searching for "*4nbar*"
No files found.

Searching for "*Mindspark*"
No files found.

Searching for "*Viewpoint*"
C:\Program Files (x86)\AOL Desktop 9.7\Jiti\viewpoint.exe --a---- 3858056 bytes [14:14 23/06/2012] [22:55 20/04/2012] FC393CFF7BC091C6733A7DF192A4D133
C:\Program Files (x86)\AOL Desktop 9.7a\Jiti\viewpoint.exe --a---- 3858056 bytes [15:18 14/11/2013] [20:40 07/09/2013] FC393CFF7BC091C6733A7DF192A4D133

========== folderfind ==========

Searching for "*ConservativeTalkNow*"
No folders found.

Searching for "*4nbar*"
No folders found.

Searching for "*Mindspark*"
No folders found.

Searching for "*Viewpoint*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Viewpoint d------ [23:21 28/07/2014]
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Viewpoint\Viewpoint Experience Technology d------ [23:21 28/07/2014]
C:\AdwCleaner\Quarantine\C\ProgramData\Viewpoint d------ [23:21 28/07/2014]
C:\AdwCleaner\Quarantine\C\ProgramData\Viewpoint\Viewpoint Experience Technology d------ [23:21 28/07/2014]
C:\Users\Mr B\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\ProgramData\Viewpoint d------ [16:08 30/11/2013]
C:\Users\Mr B\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\ProgramData\Viewpoint\Viewpoint Experience Technology d------ [16:08 30/11/2013]

========== regfind ==========

Searching for "ConservativeTalkNow"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{752929fc-c897-4620-9fa8-0303247277e2}\InprocServer32]
@="C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin\4nSrcAs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ConservativeTalkNow_4n.HTMLMenu]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ConservativeTalkNow_4n.HTMLMenu]
@="ConservativeTalkNow_4n HTML Menu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ConservativeTalkNow_4n.HTMLMenu\CurVer]
@="ConservativeTalkNow_4n.HTMLMenu.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ConservativeTalkNow_4n.HTMLMenu.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ConservativeTalkNow_4n.HTMLMenu.1]
@="ConservativeTalkNow_4n HTML Menu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ConservativeTalkNow_4n.Radio]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ConservativeTalkNow_4n.Radio\CurVer]
@="ConservativeTalkNow_4n.Radio.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ConservativeTalkNow_4n.Radio.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ConservativeTalkNow_4n.RadioSettings]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ConservativeTalkNow_4n.RadioSettings\CurVer]
@="ConservativeTalkNow_4n.RadioSettings.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ConservativeTalkNow_4n.RadioSettings.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ConservativeTalkNow_4n.SettingsPlugin]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ConservativeTalkNow_4n.SettingsPlugin\CurVer]
@="ConservativeTalkNow_4n.SettingsPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ConservativeTalkNow_4n.SettingsPlugin.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{41569195-F4B7-4837-B83A-ED80ADD8672A}\1.0\0\win32]
@="C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin\t8res.dll\1604"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{41569195-F4B7-4837-B83A-ED80ADD8672A}\1.0\HELPDIR]
@="C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{42CE1C53-100A-4937-8C9C-5533BCE20D57}\1.0\0\win32]
@="C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin\t8res.dll\1003"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{42CE1C53-100A-4937-8C9C-5533BCE20D57}\1.0\HELPDIR]
@="C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B42A16AE-ED06-4BC9-A2B4-AB7BE1C76DAC}\1.0\0\win32]
@="C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin\t8res.dll\625"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B42A16AE-ED06-4BC9-A2B4-AB7BE1C76DAC}\1.0\HELPDIR]
@="C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D6CAA194-242B-4EC1-853D-885AF2776659}\1.0\0\win32]
@="C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin\t8res.dll\626"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D6CAA194-242B-4EC1-853D-885AF2776659}\1.0\HELPDIR]
@="C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5fc11356-4449-4a31-a786-139a4bfda0eb}\InprocServer32]
@="C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin\4nradio.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5fc11356-4449-4a31-a786-139a4bfda0eb}\ProgID]
@="ConservativeTalkNow_4n.Radio.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5fc11356-4449-4a31-a786-139a4bfda0eb}\VersionIndependentProgID]
@="ConservativeTalkNow_4n.Radio"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8a309664-9ce3-447c-b714-e9c4aba2cb11}\InprocServer32]
@="C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin\4nradio.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8a309664-9ce3-447c-b714-e9c4aba2cb11}\ProgID]
@="ConservativeTalkNow_4n.RadioSettings.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8a309664-9ce3-447c-b714-e9c4aba2cb11}\VersionIndependentProgID]
@="ConservativeTalkNow_4n.RadioSettings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{e5280609-bf3f-4b1c-aa62-d3f6e69d00b3}\InprocServer32]
@="C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin\4nbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{e5280609-bf3f-4b1c-aa62-d3f6e69d00b3}\ProgID]
@="ConservativeTalkNow_4n.SettingsPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{e5280609-bf3f-4b1c-aa62-d3f6e69d00b3}\VersionIndependentProgID]
@="ConservativeTalkNow_4n.SettingsPlugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{eb3cdcf7-d1d6-4cd8-817b-f4de2cbcda34}\InprocServer32]
@="C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin\4ndlghk.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F24CE9B7-7F63-4BA7-B81F-2BCCCD881403}]
@="ConservativeTalkNow_4n HTML Menu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F24CE9B7-7F63-4BA7-B81F-2BCCCD881403}\InprocServer32]
@="C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin\4nhtmlmu.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F24CE9B7-7F63-4BA7-B81F-2BCCCD881403}\ProgID]
@="ConservativeTalkNow_4n.HTMLMenu.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F24CE9B7-7F63-4BA7-B81F-2BCCCD881403}\VersionIndependentProgID]
@="ConservativeTalkNow_4n.HTMLMenu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{41569195-F4B7-4837-B83A-ED80ADD8672A}\1.0\0\win32]
@="C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin\t8res.dll\1604"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{41569195-F4B7-4837-B83A-ED80ADD8672A}\1.0\HELPDIR]
@="C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{42CE1C53-100A-4937-8C9C-5533BCE20D57}\1.0\0\win32]
@="C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin\t8res.dll\1003"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{42CE1C53-100A-4937-8C9C-5533BCE20D57}\1.0\HELPDIR]
@="C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{B42A16AE-ED06-4BC9-A2B4-AB7BE1C76DAC}\1.0\0\win32]
@="C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin\t8res.dll\625"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{B42A16AE-ED06-4BC9-A2B4-AB7BE1C76DAC}\1.0\HELPDIR]
@="C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D6CAA194-242B-4EC1-853D-885AF2776659}\1.0\0\win32]
@="C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin\t8res.dll\626"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D6CAA194-242B-4EC1-853D-885AF2776659}\1.0\HELPDIR]
@="C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{330832c2-2e2f-4443-86b5-bfc09dd73fb1}]
"AppPath"="C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6866e1ba-3ed6-4a50-ba15-d0dc5154ea3f}]
"AppPath"="C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{af9406f1-79fb-4747-9bfb-948f8fc0690f}]
"AppPath"="C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b05788f6-da1c-4f39-a2f0-fe42760fa60c}]
"AppPath"="C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ConservativeTalkNow_4nbar Uninstall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ConservativeTalkNow_4nbar Uninstall]
"DisplayName"="ConservativeTalkNow Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{5fc11356-4449-4a31-a786-139a4bfda0eb}\InprocServer32]
@="C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin\4nradio.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{5fc11356-4449-4a31-a786-139a4bfda0eb}\ProgID]
@="ConservativeTalkNow_4n.Radio.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{5fc11356-4449-4a31-a786-139a4bfda0eb}\VersionIndependentProgID]
@="ConservativeTalkNow_4n.Radio"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{8a309664-9ce3-447c-b714-e9c4aba2cb11}\InprocServer32]
@="C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin\4nradio.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{8a309664-9ce3-447c-b714-e9c4aba2cb11}\ProgID]
@="ConservativeTalkNow_4n.RadioSettings.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{8a309664-9ce3-447c-b714-e9c4aba2cb11}\VersionIndependentProgID]
@="ConservativeTalkNow_4n.RadioSettings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{e5280609-bf3f-4b1c-aa62-d3f6e69d00b3}\InprocServer32]
@="C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin\4nbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{e5280609-bf3f-4b1c-aa62-d3f6e69d00b3}\ProgID]
@="ConservativeTalkNow_4n.SettingsPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{e5280609-bf3f-4b1c-aa62-d3f6e69d00b3}\VersionIndependentProgID]
@="ConservativeTalkNow_4n.SettingsPlugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{eb3cdcf7-d1d6-4cd8-817b-f4de2cbcda34}\InprocServer32]
@="C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin\4ndlghk.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F24CE9B7-7F63-4BA7-B81F-2BCCCD881403}]
@="ConservativeTalkNow_4n HTML Menu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F24CE9B7-7F63-4BA7-B81F-2BCCCD881403}\InprocServer32]
@="C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin\4nhtmlmu.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F24CE9B7-7F63-4BA7-B81F-2BCCCD881403}\ProgID]
@="ConservativeTalkNow_4n.HTMLMenu.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F24CE9B7-7F63-4BA7-B81F-2BCCCD881403}\VersionIndependentProgID]
@="ConservativeTalkNow_4n.HTMLMenu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{41569195-F4B7-4837-B83A-ED80ADD8672A}\1.0\0\win32]
@="C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin\t8res.dll\1604"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{41569195-F4B7-4837-B83A-ED80ADD8672A}\1.0\HELPDIR]
@="C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{42CE1C53-100A-4937-8C9C-5533BCE20D57}\1.0\0\win32]
@="C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin\t8res.dll\1003"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{42CE1C53-100A-4937-8C9C-5533BCE20D57}\1.0\HELPDIR]
@="C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{B42A16AE-ED06-4BC9-A2B4-AB7BE1C76DAC}\1.0\0\win32]
@="C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin\t8res.dll\625"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{B42A16AE-ED06-4BC9-A2B4-AB7BE1C76DAC}\1.0\HELPDIR]
@="C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{D6CAA194-242B-4EC1-853D-885AF2776659}\1.0\0\win32]
@="C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin\t8res.dll\626"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{D6CAA194-242B-4EC1-853D-885AF2776659}\1.0\HELPDIR]
@="C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin"
[HKEY_USERS\S-1-5-21-185013668-2475104059-2432215777-1000\Software\Classes\Wow6432Node\CLSID\{752929fc-c897-4620-9fa8-0303247277e2}\InprocServer32]
@="C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin\4nSrcAs.dll"
[HKEY_USERS\S-1-5-21-185013668-2475104059-2432215777-1000_Classes\Wow6432Node\CLSID\{752929fc-c897-4620-9fa8-0303247277e2}\InprocServer32]
@="C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin\4nSrcAs.dll"

Searching for "4nbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{e5280609-bf3f-4b1c-aa62-d3f6e69d00b3}\InprocServer32]
@="C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin\4nbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ConservativeTalkNow_4nbar Uninstall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ConservativeTalkNow_4nbar Uninstall]
"UninstallString"="rundll32 C:\PROGRA~2\CONSER~2\bar\1.bin\4nBar.dll,O"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{e5280609-bf3f-4b1c-aa62-d3f6e69d00b3}\InprocServer32]
@="C:\Program Files (x86)\ConservativeTalkNow_4n\bar\1.bin\4nbar.dll"

Searching for "Mindspark"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ConservativeTalkNow_4nbar Uninstall]
"Publisher"="Mindspark Interactive Network"

Searching for "Viewpoint"
No data found.

-= EOF =-


  • 0

#15
kaleb82
Posted 29 July 2014 - 12:18 AM

kaleb82

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Hi Adam,

I can't send the Fixlog.txt log.  When I try to cut and paste, I get a no response from the website.  I copied it to a Wordpad document.  I'll try to attach the document.

Attached Files


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP