Pop up attacks and home page hijack

**Red Prince** · 2014-05-11, 20:37

Hello

I am helping my neighbor who lives across the street get his computer cleaned. I have used you guys myself many times and you have been fantastic at solving problems. As he is not so tech savvy (nor am I really) and mostly uses his computer for browsing, I am walking him through this process.

First off, he is running windows 8 (not 8.1) so we could not run a backup of the registry with ERUNT.

I see he has a CD for Webroot, but he said it was installed a few years ago and since he doesn't do much if any online purchasing, he doesn't believe he ever renewed it. Therefore, I told him I am not surprised that he picked up a virus. I don't see where the Webroot program is even installed (I am not very good at navigating windows 8, so maybe it's just me).

Anyways, his home page was hijacked (I have since set it back to Verizon.net and it seems to be staying), but his IE is constantly bombarded with pop ups and phony problem messages.

Below are the results of his logs:

DDS:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by abruzzeseredbklyn706 at 11:09:11 on 2014-05-11
Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.3798.2617 [GMT -7:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe
C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
C:\Program Files\Elantech\ETDService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\system32\taskhost.exe
C:\windows\System32\dwm.exe
C:\windows\system32\taskhostex.exe
C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
C:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exe
C:\windows\Explorer.EXE
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe
C:\windows\system32\igfxext.exe
C:\Program Files (x86)\Samsung\Settings\sSettings.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\PC Health Kit\PCHKSmartScan.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\StormAlerts.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\StormAlertsApp.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files\Samsung\S Agent\CommonAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
C:\windows\SysWOW64\NOTEPAD.EXE
C:\windows\SysWOW64\NOTEPAD.EXE
C:\windows\system32\taskhost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://entertainment.verizon.com/
uDefault_Page_URL = hxxp://samsung13.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: ConvertFilesforFree: {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [PC Driver Kit] C:\Program Files (x86)\PC Driver Kit\PCDKLauncher.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
StartupFolder: C:\Users\ABRUZZ~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STORMA~2.LNK - C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\StormAlerts.exe
StartupFolder: C:\Users\ABRUZZ~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STORMA~1.LNK - C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\StormAlertsApp.exe
mPolicies-System: DisableCAD = dword:1
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{AB88A77F-F920-488D-BF20-8E0840706A82} : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
SSODL: WebCheck - <orphaned>
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
x64-BHO: ConvertFilesforFree: {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree_x64.dll
x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /S3HpProtect
x64-Run: [BtTray] "C:\Program Files (x86)\Bluetooth Suite\BtTray.exe"
x64-Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Bitcasa] C:\Program Files\Bitcasa\Bitcasa.exe /startup
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-mPolicies-System: DisableCAD = dword:1
x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\System32\CbFsMntNtf3.dll
x64-STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\System32\CbFsMntNtf3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2013-2-28 645952]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\Drivers\PxHlpa64.sys [2013-2-28 56336]
R1 cbfs3;cbfs3;C:\windows\System32\Drivers\cbfs3.sys [2013-2-28 352456]
R1 ccSet_NARA;NARA Settings Manager;C:\windows\System32\Drivers\NARAx64\0401000.00E\ccSetx64.sys [2013-2-28 168608]
R1 CLVirtualDrive;CLVirtualDrive;C:\windows\System32\Drivers\CLVirtualDrive.sys [2013-2-28 92536]
R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2013-1-26 172104]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-10-31 231040]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-4-11 1390720]
R2 CltMngSvc;Search Protect by Conduit Service;C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [2014-4-8 2470688]
R2 ConvertFilesforFreeUpdt;ConvertFilesforFreeUpdt;C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe [2014-4-7 252928]
R2 Easy Launcher;Easy Launcher;C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [2012-11-30 1591176]
R2 ETDService;Elan Service;C:\Program Files\Elantech\ETDService.exe [2012-10-17 90992]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-19 635104]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-2-28 128896]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-2-28 165760]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2012-8-14 3943104]
R2 SWUpdateService;SW Update Service;C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2013-1-24 2883120]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-2-28 364416]
R2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-10-31 323584]
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\windows\System32\Drivers\btath_flt.sys [2013-2-28 88728]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\System32\Drivers\btath_a2dp.sys [2013-2-28 344216]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\windows\System32\Drivers\btath_avdt.sys [2013-2-28 114840]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\windows\System32\Drivers\btath_bus.sys [2013-2-28 33944]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\System32\Drivers\btath_hcrp.sys [2013-2-28 178840]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\System32\Drivers\btath_lwflt.sys [2013-2-28 76952]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\System32\Drivers\btath_rcp.sys [2013-2-28 135832]
R3 BtFilter;BtFilter;C:\windows\System32\Drivers\btfilter.sys [2013-2-28 576152]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
R3 ETD;Samsung PS/2 Port Input Device;C:\windows\System32\Drivers\ETD.sys [2012-10-17 325488]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\Drivers\IntcDAud.sys [2012-6-18 342528]
R3 RadioHIDMini;Radio HID Mini-driver;C:\windows\System32\Drivers\RadioHIDMini.sys [2012-11-13 23408]
R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2013-2-27 719504]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
.
=============== Created Last 30 ================
.
2014-05-11 17:03:38 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FAA5E5F4-F279-44A5-A11A-9EA007244489}\offreg.dll
2014-05-11 16:51:14 10651704 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FAA5E5F4-F279-44A5-A11A-9EA007244489}\mpengine.dll
2014-05-09 17:21:59 272048 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10238.bin
2014-05-09 17:20:34 10651704 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-05-06 22:03:32 628024 ----a-w- C:\windows\System32\NotificationUI.exe
2014-05-06 22:03:31 693760 ----a-w- C:\windows\System32\WSShared.dll
2014-05-06 22:03:28 566784 ----a-w- C:\windows\SysWow64\WSShared.dll
2014-05-06 22:03:26 124928 ----a-w- C:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-06 22:03:22 163840 ----a-w- C:\windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-03 23:31:00 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-05-03 23:30:58 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2014-05-03 21:42:59 -------- d-----w- C:\Users\abruzzeseredbklyn706\AppData\Roaming\CompuClever
2014-05-03 21:42:56 -------- d-----w- C:\ProgramData\CompuClever
2014-05-03 21:42:47 -------- d-----w- C:\Program Files (x86)\CompuClever
2014-05-03 21:42:36 -------- d-----w- C:\Program Files (x86)\HiDefMedia
2014-05-03 21:41:19 -------- d-----w- C:\Program Files (x86)\File Type Helper
2014-05-03 21:41:17 -------- d-----w- C:\Program Files (x86)\Convert Files for Free
2014-05-03 21:40:21 -------- d-----w- C:\Users\abruzzeseredbklyn706\AppData\Roaming\PC Health Kit
2014-05-03 21:40:14 -------- d-----w- C:\Program Files (x86)\PC Health Kit
2014-04-12 18:48:47 1084928 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2014-04-12 18:48:44 3959808 ----a-w- C:\windows\System32\jscript9.dll
2014-04-12 18:48:44 2877952 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-04-12 18:48:38 108032 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
2014-04-12 18:42:03 2232664 ----a-w- C:\windows\System32\drivers\tcpip.sys
2014-04-12 18:41:57 5979648 ----a-w- C:\windows\System32\mstscax.dll
2014-04-12 18:41:57 1939288 ----a-w- C:\windows\System32\drivers\ntfs.sys
2014-04-12 18:41:56 599040 ----a-w- C:\windows\System32\WSDApi.dll
2014-04-12 18:41:56 523264 ----a-w- C:\windows\System32\XpsGdiConverter.dll
2014-04-12 18:41:55 485888 ----a-w- C:\windows\SysWow64\WSDApi.dll
2014-04-12 18:41:54 5092352 ----a-w- C:\windows\SysWow64\mstscax.dll
2014-04-12 18:41:54 365568 ----a-w- C:\windows\SysWow64\XpsGdiConverter.dll
2014-04-12 18:41:54 278872 ----a-w- C:\windows\System32\drivers\msiscsi.sys
2014-04-12 18:41:53 332632 ----a-w- C:\windows\System32\drivers\storport.sys
2014-04-12 18:41:53 143872 ----a-w- C:\windows\SysWow64\Windows.ApplicationModel.Store.dll
2014-04-12 18:41:53 118784 ----a-w- C:\windows\System32\drivers\dfsc.sys
.
==================== Find3M ====================
.
2014-04-22 23:47:16 78296 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-22 23:47:16 694232 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-03-07 00:48:11 1766400 ----a-w- C:\windows\SysWow64\wininet.dll
2014-03-07 00:08:30 2240000 ----a-w- C:\windows\System32\wininet.dll
2014-03-07 00:08:27 915968 ----a-w- C:\windows\System32\uxtheme.dll

AswMBR:

something happened with this log. After it updated avast files, it said there was an error in the logfile (?). I don't know if I deleted the log by accident, but I ran it again and all I get is the below:

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-05-11 11:07:12
-----------------------------
11:07:12.538 OS Version: Windows x64 6.2.9200
11:07:12.538 Number of processors: 4 586 0x3A09
11:07:12.538 ComputerName: REDPRINCE UserName:
11:07:12.538 Initialze error 1
11:07:24.462 The log file has been saved successfully to "C:\Users\abruzzeseredbklyn706\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-05-11 11:29:40
-----------------------------
11:29:40.263 OS Version: Windows x64 6.2.9200
11:29:40.263 Number of processors: 4 586 0x3A09
11:29:40.264 ComputerName: REDPRINCE UserName:
11:29:40.266 Initialze error 1
11:29:53.248 The log file has been saved successfully to "C:\Users\abruzzeseredbklyn706\Desktop\aswMBR.txt"

I've tried to open ASW again but it doe not give me the option to scan again, only to print the log file (which I did above) and to Exit. Do I need to uninstall the program and reinstall it to run it again?

Help on next steps would be much appreciated.

Thanks

**OCD** · 2014-05-15, 04:16

Hi Red Prince,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

Security Check

Download Security Check by screen317 from here or here.

Save it to your Desktop.
- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=========================

Malwarebytes Anti-Rootkit

Download Malwarebytes Anti-Rootkit
Once the file has been downloaded, right click on the downloaded file and select the Extract all menu option.
Follow the instructions to extract the ZIP file to a folder called mbar-versionnumber on your desktop.
Once the ZIP file has been extracted, open the folder and when that folder opens, double-click on the mbar folder.
- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Double-click on the mbar.exe file to launch Malwarebytes Anti-Rootkit.
After you double-click on the mbar.exe file, you may receive a User Account Control (UAC) message if you are sure you wish to allow the program to run. Please allow to start Malwarebytes Anti-Rootkit correctly.
Malwarebytes Anti-Rootkit will now install necessary drivers that are required for the program to operate correctly.
If you receive a DDA driver message like could not load DDA driver, click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer and will start automatically.

Please click by the introduction screen on the Next button to continue.

Next you will see the Update Database screen.
Click on the Update button so Malwarebytes Anti-Rootkit can download the latest definition updates.

When the update has finished, click on the Next button.

Next you can select some basic scanning options. Make sure the Drivers, Sectors, and System scan targets are selected before you click on the Scan button.
Malwarebytes Anti-Rootkit will now start scanning your computer for rootkits. This scan can take some time, so please be patient.

When the scan with Malwarebytes Anti-Rootkit is finished, the program will display a screen with the results from the scan.
Make sure everything is selected and that the option to create a restore point is checked.
Next click on the Cleanup button. Malwarebytes Anti-Rootkit will then prompt you to reboot your computer.
Click on Yes button to restart your computer.

There will now be two log files created in the mbar folder called system-log.txt and one that starts with mbar-log.
The mbar-log file will always start with mbar-log, but the rest will be named using a timestamp indicating the time it was run.
- For example, mbar-log-2012-11-12 (19-13-32).txt corresponds to mbar-log-year-month-day (hour-minute-second).txt.
The system-log.txt contains information about each time you have run MBAR and contains diagnostic information from the program.

=========================

Download Farbar Recovery Scan Tool and save to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click and select "Run as Administrator" to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply

=========================

You do not need to post the Addition.txt, do not delete it at this time.

=========================

In your next post please provide the following:
checkup.txt
system-log.txt
mbar-log
FRST.txt

**Red Prince** · 2014-05-17, 06:38

Hi OCD

Looking forward to your help on this. FYI, after running malwarebytes scan and cleanup, seems like pop-ups and redirect are still active. Nonetheless, attached below are the three logs you requested from each of the programs we downloaded.

Thanks again for your help, standing by for next instructions.

Red Prince

MBAR Log:

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.05.17.03

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16897
abruzzeseredbklyn706 :: REDPRINCE [limited]

5/16/2014 8:59:25 PM
mbar-log-2014-05-16 (20-59-25).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 257871
Time elapsed: 11 minute(s), 46 second(s)

Memory Processes Detected: 1
C:\Program Files (x86)\PC Health Kit\PCHKSmartScan.exe (Rogue.PCHealthKit) -> 11564 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PC Health Kit_is1 (Rogue.PCHealthKit) -> Delete on reboot.
HKCU\SOFTWARE\PC Health Kit (Rogue.PCHealthKit) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\Program Files (x86)\PC Health Kit (Rogue.PCHealthKit) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Kit (Rogue.PCHealthKit) -> Delete on reboot.

Files Detected: 22
C:\Program Files (x86)\PC Health Kit\PCHealthKit.chm (Rogue.PCHealthKit) -> Delete on reboot.
C:\Program Files (x86)\PC Health Kit\CookiesException.txt (Rogue.PCHealthKit) -> Delete on reboot.
C:\Program Files (x86)\PC Health Kit\English.ini (Rogue.PCHealthKit) -> Delete on reboot.
C:\Program Files (x86)\PC Health Kit\file_id.diz (Rogue.PCHealthKit) -> Delete on reboot.
C:\Program Files (x86)\PC Health Kit\HomePage.url (Rogue.PCHealthKit) -> Delete on reboot.
C:\Program Files (x86)\PC Health Kit\PCHealthKit.exe (Rogue.PCHealthKit) -> Delete on reboot.
C:\Program Files (x86)\PC Health Kit\PCHKGuard.exe (Rogue.PCHealthKit) -> Delete on reboot.
C:\Program Files (x86)\PC Health Kit\PCHKLauncher.exe (Rogue.PCHealthKit) -> Delete on reboot.
C:\Program Files (x86)\PC Health Kit\PCHKReminder.exe (Rogue.PCHealthKit) -> Delete on reboot.
C:\Program Files (x86)\PC Health Kit\PCHKSchedule.exe (Rogue.PCHealthKit) -> Delete on reboot.
C:\Program Files (x86)\PC Health Kit\PCHKSmartScan.exe (Rogue.PCHealthKit) -> Delete on reboot.
C:\Program Files (x86)\PC Health Kit\PCHKUninstaller.exe (Rogue.PCHealthKit) -> Delete on reboot.
C:\Program Files (x86)\PC Health Kit\scan.gif (Rogue.PCHealthKit) -> Delete on reboot.
C:\Program Files (x86)\PC Health Kit\sqlite3.dll (Rogue.PCHealthKit) -> Delete on reboot.
C:\Program Files (x86)\PC Health Kit\StartupList.txt (Rogue.PCHealthKit) -> Delete on reboot.
C:\Program Files (x86)\PC Health Kit\unins000.dat (Rogue.PCHealthKit) -> Delete on reboot.
C:\Program Files (x86)\PC Health Kit\unins000.exe (Rogue.PCHealthKit) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Kit\PC Health Kit.lnk (Rogue.PCHealthKit) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Kit\Check updates.lnk (Rogue.PCHealthKit) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Kit\Help.lnk (Rogue.PCHealthKit) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Kit\PC Health Kit on the Web.lnk (Rogue.PCHealthKit) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Kit\Uninstall PC Health Kit.lnk (Rogue.PCHealthKit) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)

System-log:

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Non-administrative

Internet Explorer version: 10.0.9200.16897

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.896000 GHz
Memory total: 3981996032, free: 1979232256

Downloaded database version: v2014.05.17.03
Downloaded database version: v2014.03.27.01
Initializing...
======================
------------ Kernel report ------------
05/16/2014 20:59:18
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\system32\drivers\tpm.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\CLVirtualDrive.sys
\??\C:\windows\system32\drivers\cbfs3.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athw8x.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt630x64.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\RadioHIDMini.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\btath_bus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\DRIVERS\BthLEEnum.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\System32\drivers\btath_rcp.sys
\SystemRoot\system32\drivers\btath_avdt.sys
\SystemRoot\system32\drivers\btath_a2dp.sys
\SystemRoot\System32\drivers\btath_hcrp.sys
\SystemRoot\system32\DRIVERS\btath_flt.sys
\SystemRoot\system32\DRIVERS\btath_lwflt.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\drivers\rdpvideominiport.sys
\??\C:\Users\ABRUZZ~1\AppData\Local\Temp\aswMBR.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\cdd.dll
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8005c12060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000003b\
Lower Device Object: 0xfffffa8003bb4060
Lower Device Driver Name: \Driver\iaStorA\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8005c12060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004962980, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005c12060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8003bb4060, DeviceName: \Device\0000003b\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Read File: File "C:\Windows\System32\Drivers\vwifibus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 11372AD9

GPT Protective MBR Partition information:

Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

GPT Partition information:

GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 258679324
GPT Header CurrentLba = 1 BackupLba 976773167
GPT Header FirstUsableLba 34 LastUsableLba 976773134
GPT Header Guid 99f23383-eb08-4ec6-b796-8831bc51c2d
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128

Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 258679324
Backup GPT header CurrentLba = 976773167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 976773134
Backup GPT header Guid 99f23383-eb08-4ec6-b796-8831bc51c2d
Backup GPT header Contains 128 partition entries starting at LBA 976773135
Backup GPT header Partition entry size = 128

Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID f9d7d9c2-c57b-4d77-804-c176158bd031
FirstLBA 2048 Last LBA 1023999
Attributes 1
Partition Name Basic data partition

Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID f4f7049e-bb9b-49dd-82b6-c11466804c70
FirstLBA 1024000 Last LBA 1638399
Attributes 0
Partition Name EFI system partition

GPT Partition 1 is bootable
Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID f697f674-20ca-4dda-917-7ec313ffbc32
FirstLBA 1638400 Last LBA 1900543
Attributes 0
Partition Name Microsoft reserved partition

Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID ee9e068d-10d9-4a31-a084-8b23706ae06b
FirstLBA 1900544 Last LBA 928827392
Attributes 0
Partition Name Basic data partition

Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 4f5cb26d-8280-4b92-83fe-952380b0e7ca
FirstLBA 928827393 Last LBA 974675968
Attributes 1
Partition Name Basic data partition

Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 9138b5ec-3380-4f77-4173-636c65706975
FirstLBA 974675969 Last LBA 976773120
Attributes 1
Partition Name Basic data partition

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Infected: C:\Program Files (x86)\PC Health Kit\PCHealthKit.chm --> [Rogue.PCHealthKit]
Infected: C:\Program Files (x86)\PC Health Kit --> [Rogue.PCHealthKit]
Infected: C:\Program Files (x86)\PC Health Kit\CookiesException.txt --> [Rogue.PCHealthKit]
Infected: C:\Program Files (x86)\PC Health Kit\English.ini --> [Rogue.PCHealthKit]
Infected: C:\Program Files (x86)\PC Health Kit\file_id.diz --> [Rogue.PCHealthKit]
Infected: C:\Program Files (x86)\PC Health Kit\HomePage.url --> [Rogue.PCHealthKit]
Infected: C:\Program Files (x86)\PC Health Kit\PCHealthKit.exe --> [Rogue.PCHealthKit]
Infected: C:\Program Files (x86)\PC Health Kit\PCHKGuard.exe --> [Rogue.PCHealthKit]
Infected: C:\Program Files (x86)\PC Health Kit\PCHKLauncher.exe --> [Rogue.PCHealthKit]
Infected: C:\Program Files (x86)\PC Health Kit\PCHKReminder.exe --> [Rogue.PCHealthKit]
Infected: C:\Program Files (x86)\PC Health Kit\PCHKSchedule.exe --> [Rogue.PCHealthKit]
Infected: C:\Program Files (x86)\PC Health Kit\PCHKSmartScan.exe --> [Rogue.PCHealthKit]
Infected: C:\Program Files (x86)\PC Health Kit\PCHKSmartScan.exe --> [Rogue.PCHealthKit]
Infected: C:\Program Files (x86)\PC Health Kit\PCHKUninstaller.exe --> [Rogue.PCHealthKit]
Infected: C:\Program Files (x86)\PC Health Kit\scan.gif --> [Rogue.PCHealthKit]
Infected: C:\Program Files (x86)\PC Health Kit\sqlite3.dll --> [Rogue.PCHealthKit]
Infected: C:\Program Files (x86)\PC Health Kit\StartupList.txt --> [Rogue.PCHealthKit]
Infected: C:\Program Files (x86)\PC Health Kit\unins000.dat --> [Rogue.PCHealthKit]
Infected: C:\Program Files (x86)\PC Health Kit\unins000.exe --> [Rogue.PCHealthKit]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PC Health Kit_is1 --> [Rogue.PCHealthKit]
Infected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Kit\PC Health Kit.lnk --> [Rogue.PCHealthKit]
Infected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Kit --> [Rogue.PCHealthKit]
Infected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Kit\Check updates.lnk --> [Rogue.PCHealthKit]
Infected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Kit\Help.lnk --> [Rogue.PCHealthKit]
Infected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Kit\PC Health Kit on the Web.lnk --> [Rogue.PCHealthKit]
Infected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Kit\Uninstall PC Health Kit.lnk --> [Rogue.PCHealthKit]
Infected: HKCU\SOFTWARE\PC Health Kit --> [Rogue.PCHealthKit]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================

Check Up log:

Results of screen317's Security Check version 0.99.83
x64 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Adobe Reader 10.1.3 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
abruzzeseredbklyn706 AppData Local StormAlerts\StormAlerts.exe
abruzzeseredbklyn706 AppData Local StormAlerts\StormAlertsApp.exe
Windows Defender MsMpEng.exe
Symantec Norton Online Backup NOBuAgent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

FRST SCAN:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-05-2014
Ran by abruzzeseredbklyn706 (administrator) on REDPRINCE on 16-05-2014 21:28:49
Running from C:\Users\abruzzeseredbklyn706\Desktop
Platform: Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(CompuClever Systems Inc) C:\Program Files (x86)\CompuClever\PC Clean Maestro\pccum.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
() C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Weather Warnings LLC) C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\StormAlerts.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
() C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\StormAlertsApp.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
() C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1260256 2013-01-04] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-10-31] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-10-31] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\Bitcasa.exe [4365824 2012-12-27] (Bitcasa, Inc)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2872176 2012-10-08] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-14] (Symantec Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2700142147-97012374-720385256-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2700142147-97012374-720385256-1001\...\Run: [PC Driver Kit] => C:\Program Files (x86)\PC Driver Kit\PCDKLauncher.exe [201528 2013-10-07] (PC Health Labs)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [202560 2014-05-03] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [171840 2014-05-03] (Client Connect LTD)
Startup: C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Storm Alerts.lnk
ShortcutTarget: Storm Alerts.lnk -> C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\StormAlerts.exe (Weather Warnings LLC)
Startup: C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormAlerts.lnk
ShortcutTarget: StormAlerts.lnk -> C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\StormAlertsApp.exe ()
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?gd=&ctid=...3078A191&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
SearchScopes: HKLM - DefaultScope {CA263134-BB82-4DF6-B504-6BB870E632DA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM - {CA263134-BB82-4DF6-B504-6BB870E632DA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - DefaultScope {CA263134-BB82-4DF6-B504-6BB870E632DA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - {CA263134-BB82-4DF6-B504-6BB870E632DA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3319613&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP3A270495-5635-4FAF-901D-71483078A191&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3319613&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP3A270495-5635-4FAF-901D-71483078A191&q={searchTerms}&SSPV=
SearchScopes: HKCU - {CA263134-BB82-4DF6-B504-6BB870E632DA} URL =
BHO: ConvertFilesforFree - {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree_x64.dll (Convert Files for Free)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: ConvertFilesforFree - {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree.dll (Convert Files for Free)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [172104 2013-01-26] (Adobe Systems Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-10-31] (Qualcomm Atheros Commnucations)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2496320 2014-05-03] (Client Connect LTD)
R2 ConvertFilesforFreeUpdt; C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe [252928 2014-04-07] ()
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1591176 2012-11-30] (Samsung Electronics CO., LTD.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [90992 2012-10-08] (ELAN Microelectronics Corp.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-14] (Symantec Corporation)
R2 SWUpdateService; C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2883120 2013-01-24] (Samsung Electronics CO., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-10-31] (Atheros)

==================== Drivers (Whitelisted) ====================

R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-10-31] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-05] (EldoS Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-24] (CyberLink)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-16 21:28 - 2014-05-16 21:29 - 00014500 _____ () C:\Users\abruzzeseredbklyn706\Desktop\FRST.txt
2014-05-16 21:28 - 2014-05-16 21:28 - 00000000 ____D () C:\FRST
2014-05-16 21:27 - 2014-05-16 21:27 - 02067456 _____ (Farbar) C:\Users\abruzzeseredbklyn706\Desktop\FRST64.exe
2014-05-16 21:25 - 2014-05-16 21:26 - 01056768 _____ (Farbar) C:\Users\abruzzeseredbklyn706\Desktop\FRST.exe
2014-05-16 21:14 - 2014-05-16 21:14 - 00000000 ___RD () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-05-16 20:59 - 2014-05-16 21:13 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-05-16 20:59 - 2014-05-16 20:59 - 00119000 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-16 20:59 - 2014-05-16 20:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-16 20:55 - 2014-05-16 20:55 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-05-16 20:54 - 2014-05-16 21:11 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\Desktop\mbar
2014-05-16 20:50 - 2014-05-16 20:52 - 12589848 _____ (Malwarebytes Corp.) C:\Users\abruzzeseredbklyn706\Desktop\mbar-1.07.0.1009.exe
2014-05-16 20:49 - 2014-05-16 20:49 - 00000998 _____ () C:\Users\abruzzeseredbklyn706\Desktop\checkup.txt
2014-05-16 20:46 - 2014-05-16 20:46 - 00854367 _____ () C:\Users\abruzzeseredbklyn706\Desktop\SecurityCheck.exe
2014-05-11 11:49 - 2014-05-11 11:49 - 00000429 _____ () C:\Users\abruzzeseredbklyn706\Desktop\aswMBR.txt
2014-05-11 11:48 - 2014-05-11 11:48 - 04745728 _____ (AVAST Software) C:\Users\abruzzeseredbklyn706\Desktop\aswMBR.exe
2014-05-11 11:08 - 2014-05-11 11:08 - 00001915 _____ () C:\Users\abruzzeseredbklyn706\Desktop\attach.zip
2014-05-11 10:05 - 2014-05-11 11:09 - 00016496 _____ () C:\Users\abruzzeseredbklyn706\Desktop\dds.txt
2014-05-11 10:05 - 2014-05-11 11:09 - 00005830 _____ () C:\Users\abruzzeseredbklyn706\Desktop\attach.txt
2014-05-11 09:59 - 2014-05-11 09:59 - 00688992 ____R (Swearware) C:\Users\abruzzeseredbklyn706\Desktop\dds.scr
2014-05-06 15:03 - 2014-04-19 02:39 - 00628024 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2014-05-06 15:03 - 2014-04-19 01:45 - 00693760 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-05-06 15:03 - 2014-04-19 01:45 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-06 15:03 - 2014-04-18 23:57 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-05-06 15:03 - 2014-04-18 23:57 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-03 16:31 - 2014-04-29 07:14 - 19275264 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-03 16:31 - 2014-04-29 05:47 - 14357504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-03 16:31 - 2014-04-29 05:25 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-03 16:30 - 2014-04-29 05:36 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-03 14:43 - 2014-05-03 14:43 - 00003824 _____ () C:\windows\System32\Tasks\PC Clean Maestro Scan
2014-05-03 14:43 - 2014-05-03 14:43 - 00003540 _____ () C:\windows\System32\Tasks\PC Clean Maestro Scan SecondTime
2014-05-03 14:43 - 2014-05-03 14:43 - 00003538 _____ () C:\windows\System32\Tasks\PC Clean Maestro Scan FirstTime
2014-05-03 14:43 - 2014-05-03 14:43 - 00003358 _____ () C:\windows\System32\Tasks\PC Clean Maestro Startup
2014-05-03 14:43 - 2014-05-03 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiDefMedia
2014-05-03 14:42 - 2014-05-03 14:42 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CompuClever
2014-05-03 14:42 - 2014-05-03 14:42 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Roaming\CompuClever
2014-05-03 14:42 - 2014-05-03 14:42 - 00000000 ____D () C:\ProgramData\CompuClever
2014-05-03 14:42 - 2014-05-03 14:42 - 00000000 ____D () C:\Program Files (x86)\HiDefMedia
2014-05-03 14:42 - 2014-05-03 14:42 - 00000000 ____D () C:\Program Files (x86)\CompuClever
2014-05-03 14:41 - 2014-05-03 14:41 - 00000002 _____ () C:\END
2014-05-03 14:41 - 2014-05-03 14:41 - 00000000 ____D () C:\Program Files (x86)\File Type Helper
2014-05-03 14:41 - 2014-05-03 14:41 - 00000000 ____D () C:\Program Files (x86)\Convert Files for Free
2014-05-03 14:40 - 2014-05-16 20:36 - 00003302 _____ () C:\windows\System32\Tasks\PC Health Kit Schedule
2014-05-03 14:40 - 2014-05-03 14:40 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\Documents\PC Health Kit
2014-05-03 14:40 - 2014-05-03 14:40 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Roaming\PC Health Kit

==================== One Month Modified Files and Folders =======

2014-05-16 21:29 - 2014-05-16 21:28 - 00014500 _____ () C:\Users\abruzzeseredbklyn706\Desktop\FRST.txt
2014-05-16 21:28 - 2014-05-16 21:28 - 00000000 ____D () C:\FRST
2014-05-16 21:28 - 2013-02-27 23:23 - 01231774 _____ () C:\windows\WindowsUpdate.log
2014-05-16 21:27 - 2014-05-16 21:27 - 02067456 _____ (Farbar) C:\Users\abruzzeseredbklyn706\Desktop\FRST64.exe
2014-05-16 21:27 - 2014-01-22 11:45 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts
2014-05-16 21:26 - 2014-05-16 21:25 - 01056768 _____ (Farbar) C:\Users\abruzzeseredbklyn706\Desktop\FRST.exe
2014-05-16 21:26 - 2013-09-26 22:39 - 00003592 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2700142147-97012374-720385256-1001
2014-05-16 21:18 - 2013-02-28 00:35 - 00000000 ____D () C:\ProgramData\WinClon
2014-05-16 21:18 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-05-16 21:14 - 2014-05-16 21:14 - 00000000 ___RD () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-05-16 21:13 - 2014-05-16 20:59 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-05-16 21:13 - 2012-08-05 14:07 - 00459244 _____ () C:\windows\PFRO.log
2014-05-16 21:13 - 2012-07-26 00:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-05-16 21:12 - 2012-07-25 22:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-05-16 21:11 - 2014-05-16 20:54 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\Desktop\mbar
2014-05-16 21:00 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\system32\sru
2014-05-16 20:59 - 2014-05-16 20:59 - 00119000 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-16 20:59 - 2014-05-16 20:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-16 20:55 - 2014-05-16 20:55 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-05-16 20:52 - 2014-05-16 20:50 - 12589848 _____ (Malwarebytes Corp.) C:\Users\abruzzeseredbklyn706\Desktop\mbar-1.07.0.1009.exe
2014-05-16 20:49 - 2014-05-16 20:49 - 00000998 _____ () C:\Users\abruzzeseredbklyn706\Desktop\checkup.txt
2014-05-16 20:46 - 2014-05-16 20:46 - 00854367 _____ () C:\Users\abruzzeseredbklyn706\Desktop\SecurityCheck.exe
2014-05-16 20:36 - 2014-05-03 14:40 - 00003302 _____ () C:\windows\System32\Tasks\PC Health Kit Schedule
2014-05-12 10:37 - 2014-01-18 13:52 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-05-11 11:49 - 2014-05-11 11:49 - 00000429 _____ () C:\Users\abruzzeseredbklyn706\Desktop\aswMBR.txt
2014-05-11 11:48 - 2014-05-11 11:48 - 04745728 _____ (AVAST Software) C:\Users\abruzzeseredbklyn706\Desktop\aswMBR.exe
2014-05-11 11:09 - 2014-05-11 10:05 - 00016496 _____ () C:\Users\abruzzeseredbklyn706\Desktop\dds.txt
2014-05-11 11:09 - 2014-05-11 10:05 - 00005830 _____ () C:\Users\abruzzeseredbklyn706\Desktop\attach.txt
2014-05-11 11:08 - 2014-05-11 11:08 - 00001915 _____ () C:\Users\abruzzeseredbklyn706\Desktop\attach.zip
2014-05-11 11:05 - 2013-12-29 12:08 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Local\CrashDumps
2014-05-11 10:45 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\rescache
2014-05-11 09:59 - 2014-05-11 09:59 - 00688992 ____R (Swearware) C:\Users\abruzzeseredbklyn706\Desktop\dds.scr
2014-05-08 09:08 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\WinStore
2014-05-03 14:43 - 2014-05-03 14:43 - 00003824 _____ () C:\windows\System32\Tasks\PC Clean Maestro Scan
2014-05-03 14:43 - 2014-05-03 14:43 - 00003540 _____ () C:\windows\System32\Tasks\PC Clean Maestro Scan SecondTime
2014-05-03 14:43 - 2014-05-03 14:43 - 00003538 _____ () C:\windows\System32\Tasks\PC Clean Maestro Scan FirstTime
2014-05-03 14:43 - 2014-05-03 14:43 - 00003358 _____ () C:\windows\System32\Tasks\PC Clean Maestro Startup
2014-05-03 14:43 - 2014-05-03 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiDefMedia
2014-05-03 14:42 - 2014-05-03 14:42 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CompuClever
2014-05-03 14:42 - 2014-05-03 14:42 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Roaming\CompuClever
2014-05-03 14:42 - 2014-05-03 14:42 - 00000000 ____D () C:\ProgramData\CompuClever
2014-05-03 14:42 - 2014-05-03 14:42 - 00000000 ____D () C:\Program Files (x86)\HiDefMedia
2014-05-03 14:42 - 2014-05-03 14:42 - 00000000 ____D () C:\Program Files (x86)\CompuClever
2014-05-03 14:41 - 2014-05-03 14:41 - 00000002 _____ () C:\END
2014-05-03 14:41 - 2014-05-03 14:41 - 00000000 ____D () C:\Program Files (x86)\File Type Helper
2014-05-03 14:41 - 2014-05-03 14:41 - 00000000 ____D () C:\Program Files (x86)\Convert Files for Free
2014-05-03 14:40 - 2014-05-03 14:40 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\Documents\PC Health Kit
2014-05-03 14:40 - 2014-05-03 14:40 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Roaming\PC Health Kit
2014-04-29 07:14 - 2014-05-03 16:31 - 19275264 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-04-29 05:47 - 2014-05-03 16:31 - 14357504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-04-29 05:36 - 2014-05-03 16:30 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-04-29 05:25 - 2014-05-03 16:31 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-04-22 16:47 - 2013-10-28 15:08 - 00694232 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-04-22 16:47 - 2013-10-28 15:08 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-19 02:39 - 2014-05-06 15:03 - 00628024 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2014-04-19 01:45 - 2014-05-06 15:03 - 00693760 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-04-19 01:45 - 2014-05-06 15:03 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-18 23:57 - 2014-05-06 15:03 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-04-18 23:57 - 2014-05-06 15:03 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-18 12:09 - 2013-12-29 11:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-18 12:08 - 2013-09-26 22:33 - 00000000 ___RD () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-18 12:08 - 2013-09-26 22:33 - 00000000 ___RD () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-18 12:04 - 2012-07-26 01:12 - 00000000 ___RD () C:\windows\ToastData
2014-04-17 13:26 - 2012-07-25 22:26 - 00262144 ___SH () C:\windows\system32\config\ELAM

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe

Some content of TEMP:
====================
C:\Users\abruzzeseredbklyn706\AppData\Local\Temp\SPSetup.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-05-11 09:39

==================== End Of Log ============================

**OCD** · 2014-05-17, 07:10

Hi Red Prince,

Uninstall via Programs and Features

Locate the following listed in Programs and Features and click the Remove button:

CompuClever
SearchProtect

=========================

FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt

Code:

(CompuClever Systems Inc) C:\Program Files (x86)\CompuClever\PC Clean Maestro\pccum.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [202560 2014-05-03] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [171840 2014-05-03] (Client Connect LTD)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?gd=&ctid=...3078A191&SSPV=
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3319613&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP3A270495-5635-4FAF-901D-71483078A191&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3319613&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP3A270495-5635-4FAF-901D-71483078A191&q={searchTerms}&SSPV=
SearchScopes: HKCU - {CA263134-BB82-4DF6-B504-6BB870E632DA} URL = 
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2496320 2014-05-03] (Client Connect LTD)
2014-05-03 14:43 - 2014-05-03 14:43 - 00003824 _____ () C:\windows\System32\Tasks\PC Clean Maestro Scan
2014-05-03 14:43 - 2014-05-03 14:43 - 00003540 _____ () C:\windows\System32\Tasks\PC Clean Maestro Scan SecondTime
2014-05-03 14:43 - 2014-05-03 14:43 - 00003538 _____ () C:\windows\System32\Tasks\PC Clean Maestro Scan FirstTime
2014-05-03 14:43 - 2014-05-03 14:43 - 00003358 _____ () C:\windows\System32\Tasks\PC Clean Maestro Startup
2014-05-03 14:42 - 2014-05-03 14:42 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CompuClever
2014-05-03 14:42 - 2014-05-03 14:42 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Roaming\CompuClever
2014-05-03 14:42 - 2014-05-03 14:42 - 00000000 ____D () C:\ProgramData\CompuClever
2014-05-03 14:42 - 2014-05-03 14:42 - 00000000 ____D () C:\Program Files (x86)\CompuClever
2014-05-03 14:40 - 2014-05-16 20:36 - 00003302 _____ () C:\windows\System32\Tasks\PC Health Kit Schedule
2014-05-03 14:40 - 2014-05-03 14:40 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\Documents\PC Health Kit
2014-05-03 14:40 - 2014-05-03 14:40 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Roaming\PC Health Kit
2014-05-16 20:36 - 2014-05-03 14:40 - 00003302 _____ () C:\windows\System32\Tasks\PC Health Kit Schedule
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

Reboot

=========================

Re-run Farbar Recovery Scan Tool it should be on your desktop.

- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

=========================

In your next post please provide the following:
Fixlog.txt
FRST.txt
Any change in performance?

**Red Prince** · 2014-05-18, 05:39

Fixlog:

Thanks OCD. Followed instructions and posted the two logs requested below.

Good news is that homepage is no longer hijacked and goes to MSN but still seeing pop-ups a la "java update" and "pdf creator" and "downloadcypher.com" etc. But overall, seems a tad better.

looking forward to next steps.

thanks

Red Prince

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-05-2014
Ran by abruzzeseredbklyn706 at 2014-05-17 20:19:28 Run:1
Running from C:\Users\abruzzeseredbklyn706\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
(CompuClever Systems Inc) C:\Program Files (x86)\CompuClever\PC Clean Maestro\pccum.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [202560 2014-05-03] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [171840 2014-05-03] (Client Connect LTD)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?gd=&ctid=...3078A191&SSPV=
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3319613&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP3A270495-5635-4FAF-901D-71483078A191&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3319613&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP3A270495-5635-4FAF-901D-71483078A191&q={searchTerms}&SSPV=
SearchScopes: HKCU - {CA263134-BB82-4DF6-B504-6BB870E632DA} URL =
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2496320 2014-05-03] (Client Connect LTD)
2014-05-03 14:43 - 2014-05-03 14: 43 - 00003824 _____ () C:\windows\System32\Tasks\PC Clean Maestro Scan
2014-05-03 14:43 - 2014-05-03 14: 43 - 00003540 _____ () C:\windows\System32\Tasks\PC Clean Maestro Scan SecondTime
2014-05-03 14:43 - 2014-05-03 14: 43 - 00003538 _____ () C:\windows\System32\Tasks\PC Clean Maestro Scan FirstTime
2014-05-03 14:43 - 2014-05-03 14: 43 - 00003358 _____ () C:\windows\System32\Tasks\PC Clean Maestro Startup
2014-05-03 14:42 - 2014-05-03 14:42 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CompuClever
2014-05-03 14:42 - 2014-05-03 14:42 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Roaming\CompuClever
2014-05-03 14:42 - 2014-05-03 14:42 - 00000000 ____D () C:\ProgramData\CompuClever
2014-05-03 14:42 - 2014-05-03 14:42 - 00000000 ____D () C:\Program Files (x86)\CompuClever
2014-05-03 14:40 - 2014-05-16 20: 36 - 00003302 _____ () C:\windows\System32\Tasks\PC Health Kit Schedule
2014-05-03 14:40 - 2014-05-03 14:40 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\Documents\PC Health Kit
2014-05-03 14:40 - 2014-05-03 14:40 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Roaming\PC Health Kit
2014-05-16 20:36 - 2014-05-03 14:40 - 00003302 _____ () C:\windows\System32\Tasks\PC Health Kit Schedule
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe
*****************

C:\Program Files (x86)\CompuClever\PC Clean Maestro\pccum.exe => No running process found
C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe => No running process found
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe => No running process found
C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe => No running process found
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll" => Value Data not found.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" => Value Data not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key deleted successfully.
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CA263134-BB82-4DF6-B504-6BB870E632DA} => Key deleted successfully.
HKCR\CLSID\{CA263134-BB82-4DF6-B504-6BB870E632DA} => Key not found.
CltMngSvc => Service not found.
"C:\windows\System32\Tasks\PC Clean Maestro Scan" => File/Directory not found.
"C:\windows\System32\Tasks\PC Clean Maestro Scan SecondTime" => File/Directory not found.
"C:\windows\System32\Tasks\PC Clean Maestro Scan FirstTime" => File/Directory not found.
"C:\windows\System32\Tasks\PC Clean Maestro Startup" => File/Directory not found.
"C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CompuClever" => File/Directory not found.
C:\Users\abruzzeseredbklyn706\AppData\Roaming\CompuClever => Moved successfully.
"C:\ProgramData\CompuClever" => File/Directory not found.
C:\Program Files (x86)\CompuClever => Moved successfully.
C:\windows\System32\Tasks\PC Health Kit Schedule => Moved successfully.
C:\Users\abruzzeseredbklyn706\Documents\PC Health Kit => Moved successfully.
C:\Users\abruzzeseredbklyn706\AppData\Roaming\PC Health Kit => Moved successfully.
"C:\windows\System32\Tasks\PC Health Kit Schedule" => File/Directory not found.
C:\ProgramData\MakeMarkerFile.exe => Moved successfully.
C:\Users\EasySurvey\EasySurvey.exe => Moved successfully.

==== End of Fixlog ====

FRST log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-05-2014
Ran by abruzzeseredbklyn706 (administrator) on REDPRINCE on 17-05-2014 20:34:13
Running from C:\Users\abruzzeseredbklyn706\Desktop
Platform: Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
() C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Weather Warnings LLC) C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\StormAlerts.exe
() C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\StormAlertsApp.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1260256 2013-01-04] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-10-31] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-10-31] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\Bitcasa.exe [4365824 2012-12-27] (Bitcasa, Inc)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2872176 2012-10-08] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-14] (Symantec Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2700142147-97012374-720385256-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2700142147-97012374-720385256-1001\...\Run: [PC Driver Kit] => C:\Program Files (x86)\PC Driver Kit\PCDKLauncher.exe [201528 2013-10-07] (PC Health Labs)
Startup: C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Storm Alerts.lnk
ShortcutTarget: Storm Alerts.lnk -> C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\StormAlerts.exe (Weather Warnings LLC)
Startup: C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormAlerts.lnk
ShortcutTarget: StormAlerts.lnk -> C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\StormAlertsApp.exe ()
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
SearchScopes: HKLM - DefaultScope {CA263134-BB82-4DF6-B504-6BB870E632DA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM - {CA263134-BB82-4DF6-B504-6BB870E632DA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - DefaultScope {CA263134-BB82-4DF6-B504-6BB870E632DA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - {CA263134-BB82-4DF6-B504-6BB870E632DA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKCU - DefaultScope {CA263134-BB82-4DF6-B504-6BB870E632DA} URL =
SearchScopes: HKCU - {CA263134-BB82-4DF6-B504-6BB870E632DA} URL =
BHO: ConvertFilesforFree - {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree_x64.dll (Convert Files for Free)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: ConvertFilesforFree - {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree.dll (Convert Files for Free)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [172104 2013-01-26] (Adobe Systems Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-10-31] (Qualcomm Atheros Commnucations)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 ConvertFilesforFreeUpdt; C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe [252928 2014-04-07] ()
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1591176 2012-11-30] (Samsung Electronics CO., LTD.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [90992 2012-10-08] (ELAN Microelectronics Corp.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-14] (Symantec Corporation)
R2 SWUpdateService; C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2883120 2013-01-24] (Samsung Electronics CO., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-10-31] (Atheros)

==================== Drivers (Whitelisted) ====================

R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-10-31] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-05] (EldoS Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-24] (CyberLink)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-17 20:29 - 2014-05-17 20:29 - 00000000 ___RD () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-05-16 21:29 - 2014-05-16 21:29 - 00023839 _____ () C:\Users\abruzzeseredbklyn706\Desktop\Addition.txt
2014-05-16 21:28 - 2014-05-17 20:34 - 00012764 _____ () C:\Users\abruzzeseredbklyn706\Desktop\FRST.txt
2014-05-16 21:28 - 2014-05-17 20:34 - 00000000 ____D () C:\FRST
2014-05-16 21:27 - 2014-05-16 21:27 - 02067456 _____ (Farbar) C:\Users\abruzzeseredbklyn706\Desktop\FRST64.exe
2014-05-16 21:25 - 2014-05-16 21:26 - 01056768 _____ (Farbar) C:\Users\abruzzeseredbklyn706\Desktop\FRST.exe
2014-05-16 21:07 - 2014-05-05 22:14 - 19274752 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-16 21:07 - 2014-05-05 22:14 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-16 21:07 - 2014-05-05 20:48 - 14367232 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-16 21:07 - 2014-05-05 20:48 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-05-16 21:07 - 2014-05-05 20:37 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-16 21:07 - 2014-05-05 20:26 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-16 21:03 - 2014-03-28 01:23 - 19759104 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-05-16 21:03 - 2014-03-27 23:18 - 17562112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-05-16 21:02 - 2014-04-12 02:27 - 00172888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-05-16 21:02 - 2014-04-12 02:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-05-16 21:02 - 2014-04-12 02:09 - 01043968 _____ (Microsoft Corporation) C:\windows\system32\usercpl.dll
2014-05-16 21:02 - 2014-04-12 02:09 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
2014-05-16 21:02 - 2014-04-12 02:09 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-05-16 21:02 - 2014-04-12 02:09 - 00094720 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-05-16 21:02 - 2014-04-12 02:08 - 01281536 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-05-16 21:02 - 2014-04-12 02:08 - 00827904 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-05-16 21:02 - 2014-04-12 02:08 - 00439808 _____ (Microsoft Corporation) C:\windows\system32\lsm.dll
2014-05-16 21:02 - 2014-04-12 02:08 - 00318464 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-05-16 21:02 - 2014-04-12 02:07 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-05-16 21:02 - 2014-04-12 00:23 - 00961536 _____ (Microsoft Corporation) C:\windows\SysWOW64\usercpl.dll
2014-05-16 21:02 - 2014-04-12 00:23 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
2014-05-16 21:02 - 2014-04-12 00:23 - 00273920 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-05-16 21:02 - 2014-04-12 00:23 - 00178688 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-05-16 21:02 - 2014-04-12 00:23 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-05-16 21:02 - 2014-04-12 00:22 - 00666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-05-16 21:02 - 2014-04-12 00:22 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-05-16 21:02 - 2014-04-11 23:58 - 00014848 _____ (Microsoft Corporation) C:\windows\system32\workerdd.dll
2014-05-16 21:02 - 2014-03-28 12:19 - 00035856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
2014-05-16 21:02 - 2014-03-23 15:11 - 00269592 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
2014-05-16 21:02 - 2014-03-10 20:32 - 06987096 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-05-16 21:02 - 2014-03-10 20:25 - 00100184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2014-05-16 21:02 - 2014-03-10 17:41 - 00559104 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll
2014-05-16 21:02 - 2014-03-10 17:41 - 00323072 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-05-16 21:02 - 2014-03-10 17:41 - 00038400 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll
2014-05-16 21:02 - 2014-03-10 17:39 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2014-05-16 21:02 - 2014-03-10 17:38 - 00982016 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-05-16 21:02 - 2014-03-10 17:38 - 00684032 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll
2014-05-16 21:02 - 2014-03-10 17:38 - 00419328 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-05-16 21:02 - 2014-03-10 17:38 - 00179712 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll
2014-05-16 21:02 - 2014-03-10 17:38 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2014-05-16 21:02 - 2014-03-10 17:38 - 00045056 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll
2014-05-16 21:02 - 2014-03-10 17:38 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2014-05-16 21:02 - 2014-03-09 20:05 - 00668160 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2014-05-16 21:02 - 2014-03-09 18:27 - 00099840 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-05-16 21:02 - 2014-03-03 16:07 - 00570216 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2014-05-16 21:00 - 2014-03-28 01:23 - 01287168 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll
2014-05-16 20:59 - 2014-05-16 20:59 - 00119000 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-16 20:59 - 2014-05-16 20:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-16 20:55 - 2014-05-16 20:55 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-05-16 20:55 - 2014-03-01 02:47 - 01258496 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-05-16 20:55 - 2014-03-01 02:47 - 01120768 _____ (Microsoft Corporation) C:\windows\system32\gpedit.dll
2014-05-16 20:55 - 2014-03-01 01:07 - 01075200 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpedit.dll
2014-05-16 20:55 - 2014-02-28 23:59 - 00974848 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-05-16 20:55 - 2014-02-26 16:18 - 00621568 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2014-05-16 20:55 - 2014-02-26 16:18 - 00370688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2014-05-16 20:55 - 2014-02-26 16:18 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2014-05-16 20:55 - 2014-02-26 16:18 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2014-05-16 20:55 - 2014-02-14 21:15 - 00078336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\IPMIDrv.sys
2014-05-16 20:54 - 2014-05-16 21:11 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\Desktop\mbar
2014-05-16 20:50 - 2014-05-16 20:52 - 12589848 _____ (Malwarebytes Corp.) C:\Users\abruzzeseredbklyn706\Desktop\mbar-1.07.0.1009.exe
2014-05-16 20:49 - 2014-05-16 20:49 - 00000998 _____ () C:\Users\abruzzeseredbklyn706\Desktop\checkup.txt
2014-05-16 20:46 - 2014-05-16 20:46 - 00854367 _____ () C:\Users\abruzzeseredbklyn706\Desktop\SecurityCheck.exe
2014-05-11 11:49 - 2014-05-11 11:49 - 00000429 _____ () C:\Users\abruzzeseredbklyn706\Desktop\aswMBR.txt
2014-05-11 11:48 - 2014-05-11 11:48 - 04745728 _____ (AVAST Software) C:\Users\abruzzeseredbklyn706\Desktop\aswMBR.exe
2014-05-11 11:08 - 2014-05-11 11:08 - 00001915 _____ () C:\Users\abruzzeseredbklyn706\Desktop\attach.zip
2014-05-11 10:05 - 2014-05-11 11:09 - 00016496 _____ () C:\Users\abruzzeseredbklyn706\Desktop\dds.txt
2014-05-11 10:05 - 2014-05-11 11:09 - 00005830 _____ () C:\Users\abruzzeseredbklyn706\Desktop\attach.txt
2014-05-11 09:59 - 2014-05-11 09:59 - 00688992 ____R (Swearware) C:\Users\abruzzeseredbklyn706\Desktop\dds.scr
2014-05-06 15:03 - 2014-04-19 02:39 - 00628024 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2014-05-06 15:03 - 2014-04-19 01:45 - 00693760 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-05-06 15:03 - 2014-04-19 01:45 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-06 15:03 - 2014-04-18 23:57 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-05-06 15:03 - 2014-04-18 23:57 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-03 14:43 - 2014-05-03 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiDefMedia
2014-05-03 14:42 - 2014-05-03 14:42 - 00000000 ____D () C:\Program Files (x86)\HiDefMedia
2014-05-03 14:41 - 2014-05-03 14:41 - 00000002 _____ () C:\END
2014-05-03 14:41 - 2014-05-03 14:41 - 00000000 ____D () C:\Program Files (x86)\File Type Helper
2014-05-03 14:41 - 2014-05-03 14:41 - 00000000 ____D () C:\Program Files (x86)\Convert Files for Free

==================== One Month Modified Files and Folders =======

2014-05-17 20:34 - 2014-05-16 21:28 - 00012764 _____ () C:\Users\abruzzeseredbklyn706\Desktop\FRST.txt
2014-05-17 20:34 - 2014-05-16 21:28 - 00000000 ____D () C:\FRST
2014-05-17 20:33 - 2013-09-26 22:39 - 00003592 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2700142147-97012374-720385256-1001
2014-05-17 20:32 - 2014-01-22 11:45 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts
2014-05-17 20:32 - 2013-02-28 00:35 - 00000000 ____D () C:\ProgramData\WinClon
2014-05-17 20:29 - 2014-05-17 20:29 - 00000000 ___RD () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-05-17 20:28 - 2013-09-26 22:33 - 00000000 ___RD () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-17 20:28 - 2013-09-26 22:33 - 00000000 ___RD () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-17 20:27 - 2013-02-27 23:23 - 02077651 _____ () C:\windows\WindowsUpdate.log
2014-05-17 20:26 - 2012-08-05 14:07 - 00459830 _____ () C:\windows\PFRO.log
2014-05-17 20:26 - 2012-07-26 00:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-05-17 20:26 - 2012-07-25 22:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-05-17 20:25 - 2012-07-26 01:12 - 00000000 ___RD () C:\windows\ToastData
2014-05-17 20:25 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-17 20:25 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-17 20:25 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\system32\SecureBootUpdates
2014-05-17 20:25 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-17 20:25 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-17 20:23 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-05-17 20:22 - 2013-10-08 17:33 - 93223848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-05-17 20:22 - 2013-10-08 17:33 - 00000000 ____D () C:\windows\system32\MRT
2014-05-17 20:19 - 2013-02-28 00:47 - 00000000 ____D () C:\Users\EasySurvey
2014-05-17 20:06 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\system32\sru
2014-05-16 21:29 - 2014-05-16 21:29 - 00023839 _____ () C:\Users\abruzzeseredbklyn706\Desktop\Addition.txt
2014-05-16 21:27 - 2014-05-16 21:27 - 02067456 _____ (Farbar) C:\Users\abruzzeseredbklyn706\Desktop\FRST64.exe
2014-05-16 21:26 - 2014-05-16 21:25 - 01056768 _____ (Farbar) C:\Users\abruzzeseredbklyn706\Desktop\FRST.exe
2014-05-16 21:11 - 2014-05-16 20:54 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\Desktop\mbar
2014-05-16 20:59 - 2014-05-16 20:59 - 00119000 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-16 20:59 - 2014-05-16 20:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-16 20:55 - 2014-05-16 20:55 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-05-16 20:52 - 2014-05-16 20:50 - 12589848 _____ (Malwarebytes Corp.) C:\Users\abruzzeseredbklyn706\Desktop\mbar-1.07.0.1009.exe
2014-05-16 20:49 - 2014-05-16 20:49 - 00000998 _____ () C:\Users\abruzzeseredbklyn706\Desktop\checkup.txt
2014-05-16 20:46 - 2014-05-16 20:46 - 00854367 _____ () C:\Users\abruzzeseredbklyn706\Desktop\SecurityCheck.exe
2014-05-11 11:49 - 2014-05-11 11:49 - 00000429 _____ () C:\Users\abruzzeseredbklyn706\Desktop\aswMBR.txt
2014-05-11 11:48 - 2014-05-11 11:48 - 04745728 _____ (AVAST Software) C:\Users\abruzzeseredbklyn706\Desktop\aswMBR.exe
2014-05-11 11:09 - 2014-05-11 10:05 - 00016496 _____ () C:\Users\abruzzeseredbklyn706\Desktop\dds.txt
2014-05-11 11:09 - 2014-05-11 10:05 - 00005830 _____ () C:\Users\abruzzeseredbklyn706\Desktop\attach.txt
2014-05-11 11:08 - 2014-05-11 11:08 - 00001915 _____ () C:\Users\abruzzeseredbklyn706\Desktop\attach.zip
2014-05-11 11:05 - 2013-12-29 12:08 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Local\CrashDumps
2014-05-11 10:45 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\rescache
2014-05-11 09:59 - 2014-05-11 09:59 - 00688992 ____R (Swearware) C:\Users\abruzzeseredbklyn706\Desktop\dds.scr
2014-05-08 09:08 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\WinStore
2014-05-05 22:14 - 2014-05-16 21:07 - 19274752 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-05 22:14 - 2014-05-16 21:07 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-05 20:48 - 2014-05-16 21:07 - 14367232 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-05 20:48 - 2014-05-16 21:07 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-05-05 20:37 - 2014-05-16 21:07 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-05 20:26 - 2014-05-16 21:07 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-03 14:43 - 2014-05-03 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiDefMedia
2014-05-03 14:42 - 2014-05-03 14:42 - 00000000 ____D () C:\Program Files (x86)\HiDefMedia
2014-05-03 14:41 - 2014-05-03 14:41 - 00000002 _____ () C:\END
2014-05-03 14:41 - 2014-05-03 14:41 - 00000000 ____D () C:\Program Files (x86)\File Type Helper
2014-05-03 14:41 - 2014-05-03 14:41 - 00000000 ____D () C:\Program Files (x86)\Convert Files for Free
2014-05-01 13:37 - 2013-10-28 15:08 - 00694240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-05-01 13:37 - 2013-10-28 15:08 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-19 02:39 - 2014-05-06 15:03 - 00628024 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2014-04-19 01:45 - 2014-05-06 15:03 - 00693760 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-04-19 01:45 - 2014-05-06 15:03 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-18 23:57 - 2014-05-06 15:03 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-04-18 23:57 - 2014-05-06 15:03 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-18 12:09 - 2013-12-29 11:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-17 13:26 - 2012-07-25 22:26 - 00262144 ___SH () C:\windows\system32\config\ELAM

Some content of TEMP:
====================
C:\Users\abruzzeseredbklyn706\AppData\Local\Temp\nsb97EF.exe
C:\Users\abruzzeseredbklyn706\AppData\Local\Temp\SPSetup.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2014-05-16 21:02] - [2014-04-12 02:10] - 0578048 ____A (Microsoft Corporation) 75DD70A14145499C9F7D903CF9A8C91B

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-05-11 09:39

==================== End Of Log ============================

**OCD** · 2014-05-18, 06:16

Hi Red Prince,

Glad to hear we are making progress. Let's continue . . .

Disable Plug-ins in Google Chrome

Click the Chrome menu on the browser toolbar.
Select Settings.
Scroll down to Show advanced settings...
Locate the Privacy Section, select Content Settings
In the pop up window scoll to Plug-Ins, select Disable individual plug-ins...
Locate the following plug-ins and set them to Disable:
- downloadcypher.com
Exit Chrome settings menu.

=========================

Disable FireFox plug-in

At the top of the Firefox window, click on the Firefox button (Tools menu in Windows XP), and then click Add-ons. The Add-ons Manager tab will open.
In the Add-ons Manager tab, select the Extensions or Appearance panel.
Select the add-on you wish to disable.
- downloadcypher.com
Click the Disable button.
Click Restart now if it pops up. Your tabs will be saved and restored after the restart.

=========================

Manage Add-Ons in Internet Explorer

Locate the in the upper right hand corner of the Internet Explorer browser window.
Left click, then choose Manage add-ons > Toolbars and Extensions
Locate the following add-ons (if present)
- downloadcypher.com
Select the add-on, and click the Disable button.
Do this for each entry present, then close

=========================

FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt

Code:

SearchScopes: HKCU - DefaultScope {CA263134-BB82-4DF6-B504-6BB870E632DA} URL =
SearchScopes: HKCU - {CA263134-BB82-4DF6-B504-6BB870E632DA} URL =

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

AdwCleaner v3: Scan & Clean

- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
Click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that log file in your next reply.
A copy of that log file will also be saved in the C:\AdwCleaner folder.

=========================

Reboot

=========================

Re-run Farbar Recovery Scan Tool it should be on your desktop.

- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

=========================

In your next post please provide the following:
Fixlog.txt
AdwCleaner[S0].txt
Fresh FRST.txt
Update of symptoms experiencing

**Red Prince** · 2014-05-21, 06:35

Hi OCD

sorry for a few days delay; working on my neighbor's computer, so timing isn't always easy......

regarding your last instructions:

1. I could not find google chrome on the toolbar, so couldn't do anything with that
2. I could not find firefox plug-in anywhere on toolbar, so didn't do anything with that either
3. could not find downloadcypher.com in the IE add-ons, so nothing done with that

All other instructions were followed and overall not much changes as far as pop-ups, but maybe these are normal pop-ups (java and Microsoft update recommendation)? Oh, and just got an eboom pop up as I type this with music blasting, so I guess still not cleaned.

see logs you requested below:

Adaware:

# AdwCleaner v3.210 - Report created 20/05/2014 at 21:15:47
# Updated 19/05/2014 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : abruzzeseredbklyn706 - REDPRINCE
# Running from : C:\Users\abruzzeseredbklyn706\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiDefMedia
Folder Deleted : C:\Program Files (x86)\File Type Helper
Folder Deleted : C:\Program Files (x86)\HiDefMedia
Folder Deleted : C:\windows\SysWOW64\SearchProtect
Folder Deleted : C:\Users\abruzzeseredbklyn706\AppData\Roaming\Activeris
Folder Deleted : C:\Users\abruzzeseredbklyn706\Documents\Optimizer Pro
File Deleted : C:\END

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ActiverisAntiMalware_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ActiverisAntiMalware_RASMANCS
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537

*************************

AdwCleaner[R0].txt - [1542 octets] - [20/05/2014 21:14:22]
AdwCleaner[S0].txt - [1450 octets] - [20/05/2014 21:15:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1510 octets] ##########

FRST. TXT:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-05-2014
Ran by abruzzeseredbklyn706 (administrator) on REDPRINCE on 20-05-2014 21:21:50
Running from C:\Users\abruzzeseredbklyn706\Desktop
Platform: Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
() C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Weather Warnings LLC) C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\StormAlerts.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
() C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\StormAlertsApp.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1260256 2013-01-04] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-10-31] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-10-31] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\Bitcasa.exe [4365824 2012-12-27] (Bitcasa, Inc)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2872176 2012-10-08] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-14] (Symantec Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2700142147-97012374-720385256-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2700142147-97012374-720385256-1001\...\Run: [PC Driver Kit] => C:\Program Files (x86)\PC Driver Kit\PCDKLauncher.exe [201528 2013-10-07] (PC Health Labs)
Startup: C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Storm Alerts.lnk
ShortcutTarget: Storm Alerts.lnk -> C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\StormAlerts.exe (Weather Warnings LLC)
Startup: C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormAlerts.lnk
ShortcutTarget: StormAlerts.lnk -> C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\StormAlertsApp.exe ()
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
SearchScopes: HKLM - DefaultScope {CA263134-BB82-4DF6-B504-6BB870E632DA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM - {CA263134-BB82-4DF6-B504-6BB870E632DA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - {CA263134-BB82-4DF6-B504-6BB870E632DA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKCU - DefaultScope {CA263134-BB82-4DF6-B504-6BB870E632DA} URL =
SearchScopes: HKCU - {CA263134-BB82-4DF6-B504-6BB870E632DA} URL =
BHO: ConvertFilesforFree - {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree_x64.dll (Convert Files for Free)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: ConvertFilesforFree - {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree.dll (Convert Files for Free)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [172104 2013-01-26] (Adobe Systems Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-10-31] (Qualcomm Atheros Commnucations)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 ConvertFilesforFreeUpdt; C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe [252928 2014-04-07] ()
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1591176 2012-11-30] (Samsung Electronics CO., LTD.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [90992 2012-10-08] (ELAN Microelectronics Corp.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-14] (Symantec Corporation)
R2 SWUpdateService; C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2883120 2013-01-24] (Samsung Electronics CO., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-10-31] (Atheros)

==================== Drivers (Whitelisted) ====================

R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-10-31] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-05] (EldoS Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-24] (CyberLink)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-20 21:17 - 2014-05-20 21:17 - 00000000 ___RD () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-05-20 21:14 - 2014-05-20 21:15 - 00000000 ____D () C:\AdwCleaner
2014-05-20 21:13 - 2014-05-20 21:13 - 01326389 _____ () C:\Users\abruzzeseredbklyn706\Desktop\AdwCleaner.exe
2014-05-16 21:29 - 2014-05-16 21:29 - 00023839 _____ () C:\Users\abruzzeseredbklyn706\Desktop\Addition.txt
2014-05-16 21:28 - 2014-05-20 21:21 - 00012455 _____ () C:\Users\abruzzeseredbklyn706\Desktop\FRST.txt
2014-05-16 21:28 - 2014-05-20 21:21 - 00000000 ____D () C:\FRST
2014-05-16 21:27 - 2014-05-16 21:27 - 02067456 _____ (Farbar) C:\Users\abruzzeseredbklyn706\Desktop\FRST64.exe
2014-05-16 21:25 - 2014-05-16 21:26 - 01056768 _____ (Farbar) C:\Users\abruzzeseredbklyn706\Desktop\FRST.exe
2014-05-16 21:07 - 2014-05-05 22:14 - 19274752 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-16 21:07 - 2014-05-05 22:14 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-16 21:07 - 2014-05-05 20:48 - 14367232 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-16 21:07 - 2014-05-05 20:48 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-05-16 21:07 - 2014-05-05 20:37 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-16 21:07 - 2014-05-05 20:26 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-16 21:03 - 2014-03-28 01:23 - 19759104 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-05-16 21:03 - 2014-03-27 23:18 - 17562112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-05-16 21:02 - 2014-04-12 02:27 - 00172888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-05-16 21:02 - 2014-04-12 02:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-05-16 21:02 - 2014-04-12 02:09 - 01043968 _____ (Microsoft Corporation) C:\windows\system32\usercpl.dll
2014-05-16 21:02 - 2014-04-12 02:09 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
2014-05-16 21:02 - 2014-04-12 02:09 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-05-16 21:02 - 2014-04-12 02:09 - 00094720 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-05-16 21:02 - 2014-04-12 02:08 - 01281536 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-05-16 21:02 - 2014-04-12 02:08 - 00827904 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-05-16 21:02 - 2014-04-12 02:08 - 00439808 _____ (Microsoft Corporation) C:\windows\system32\lsm.dll
2014-05-16 21:02 - 2014-04-12 02:08 - 00318464 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-05-16 21:02 - 2014-04-12 02:07 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-05-16 21:02 - 2014-04-12 00:23 - 00961536 _____ (Microsoft Corporation) C:\windows\SysWOW64\usercpl.dll
2014-05-16 21:02 - 2014-04-12 00:23 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
2014-05-16 21:02 - 2014-04-12 00:23 - 00273920 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-05-16 21:02 - 2014-04-12 00:23 - 00178688 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-05-16 21:02 - 2014-04-12 00:23 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-05-16 21:02 - 2014-04-12 00:22 - 00666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-05-16 21:02 - 2014-04-12 00:22 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-05-16 21:02 - 2014-04-11 23:58 - 00014848 _____ (Microsoft Corporation) C:\windows\system32\workerdd.dll
2014-05-16 21:02 - 2014-03-28 12:19 - 00035856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
2014-05-16 21:02 - 2014-03-23 15:11 - 00269592 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
2014-05-16 21:02 - 2014-03-10 20:32 - 06987096 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-05-16 21:02 - 2014-03-10 20:25 - 00100184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2014-05-16 21:02 - 2014-03-10 17:41 - 00559104 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll
2014-05-16 21:02 - 2014-03-10 17:41 - 00323072 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-05-16 21:02 - 2014-03-10 17:41 - 00038400 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll
2014-05-16 21:02 - 2014-03-10 17:39 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2014-05-16 21:02 - 2014-03-10 17:38 - 00982016 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-05-16 21:02 - 2014-03-10 17:38 - 00684032 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll
2014-05-16 21:02 - 2014-03-10 17:38 - 00419328 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-05-16 21:02 - 2014-03-10 17:38 - 00179712 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll
2014-05-16 21:02 - 2014-03-10 17:38 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2014-05-16 21:02 - 2014-03-10 17:38 - 00045056 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll
2014-05-16 21:02 - 2014-03-10 17:38 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2014-05-16 21:02 - 2014-03-09 20:05 - 00668160 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2014-05-16 21:02 - 2014-03-09 18:27 - 00099840 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-05-16 21:02 - 2014-03-03 16:07 - 00570216 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2014-05-16 21:00 - 2014-03-28 01:23 - 01287168 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll
2014-05-16 20:59 - 2014-05-16 20:59 - 00119000 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-16 20:59 - 2014-05-16 20:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-16 20:55 - 2014-05-16 20:55 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-05-16 20:55 - 2014-03-01 02:47 - 01258496 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-05-16 20:55 - 2014-03-01 02:47 - 01120768 _____ (Microsoft Corporation) C:\windows\system32\gpedit.dll
2014-05-16 20:55 - 2014-03-01 01:07 - 01075200 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpedit.dll
2014-05-16 20:55 - 2014-02-28 23:59 - 00974848 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-05-16 20:55 - 2014-02-26 16:18 - 00621568 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2014-05-16 20:55 - 2014-02-26 16:18 - 00370688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2014-05-16 20:55 - 2014-02-26 16:18 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2014-05-16 20:55 - 2014-02-26 16:18 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2014-05-16 20:55 - 2014-02-14 21:15 - 00078336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\IPMIDrv.sys
2014-05-16 20:54 - 2014-05-16 21:11 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\Desktop\mbar
2014-05-16 20:50 - 2014-05-16 20:52 - 12589848 _____ (Malwarebytes Corp.) C:\Users\abruzzeseredbklyn706\Desktop\mbar-1.07.0.1009.exe
2014-05-16 20:49 - 2014-05-16 20:49 - 00000998 _____ () C:\Users\abruzzeseredbklyn706\Desktop\checkup.txt
2014-05-16 20:46 - 2014-05-16 20:46 - 00854367 _____ () C:\Users\abruzzeseredbklyn706\Desktop\SecurityCheck.exe
2014-05-11 11:49 - 2014-05-11 11:49 - 00000429 _____ () C:\Users\abruzzeseredbklyn706\Desktop\aswMBR.txt
2014-05-11 11:48 - 2014-05-11 11:48 - 04745728 _____ (AVAST Software) C:\Users\abruzzeseredbklyn706\Desktop\aswMBR.exe
2014-05-11 11:08 - 2014-05-11 11:08 - 00001915 _____ () C:\Users\abruzzeseredbklyn706\Desktop\attach.zip
2014-05-11 10:05 - 2014-05-11 11:09 - 00016496 _____ () C:\Users\abruzzeseredbklyn706\Desktop\dds.txt
2014-05-11 10:05 - 2014-05-11 11:09 - 00005830 _____ () C:\Users\abruzzeseredbklyn706\Desktop\attach.txt
2014-05-11 09:59 - 2014-05-11 09:59 - 00688992 ____R (Swearware) C:\Users\abruzzeseredbklyn706\Desktop\dds.scr
2014-05-06 15:03 - 2014-04-19 02:39 - 00628024 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2014-05-06 15:03 - 2014-04-19 01:45 - 00693760 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-05-06 15:03 - 2014-04-19 01:45 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-06 15:03 - 2014-04-18 23:57 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-05-06 15:03 - 2014-04-18 23:57 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-03 14:41 - 2014-05-03 14:41 - 00000000 ____D () C:\Program Files (x86)\Convert Files for Free

==================== One Month Modified Files and Folders =======

2014-05-20 21:22 - 2014-05-16 21:28 - 00012455 _____ () C:\Users\abruzzeseredbklyn706\Desktop\FRST.txt
2014-05-20 21:21 - 2014-05-16 21:28 - 00000000 ____D () C:\FRST
2014-05-20 21:20 - 2013-02-28 00:35 - 00000000 ____D () C:\ProgramData\WinClon
2014-05-20 21:19 - 2014-01-22 11:45 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts
2014-05-20 21:17 - 2014-05-20 21:17 - 00000000 ___RD () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-05-20 21:17 - 2013-12-29 11:42 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Skype
2014-05-20 21:17 - 2013-02-27 23:23 - 01108489 _____ () C:\windows\WindowsUpdate.log
2014-05-20 21:16 - 2012-08-05 14:07 - 00460144 _____ () C:\windows\PFRO.log
2014-05-20 21:16 - 2012-07-26 00:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-05-20 21:16 - 2012-07-25 22:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-05-20 21:15 - 2014-05-20 21:14 - 00000000 ____D () C:\AdwCleaner
2014-05-20 21:13 - 2014-05-20 21:13 - 01326389 _____ () C:\Users\abruzzeseredbklyn706\Desktop\AdwCleaner.exe
2014-05-20 21:11 - 2013-09-26 22:39 - 00003592 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2700142147-97012374-720385256-1001
2014-05-20 21:00 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\system32\sru
2014-05-17 20:28 - 2013-09-26 22:33 - 00000000 ___RD () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-17 20:28 - 2013-09-26 22:33 - 00000000 ___RD () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-17 20:25 - 2012-07-26 01:12 - 00000000 ___RD () C:\windows\ToastData
2014-05-17 20:25 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-17 20:25 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-17 20:25 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\system32\SecureBootUpdates
2014-05-17 20:25 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-17 20:25 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-17 20:23 - 2013-10-08 17:33 - 00000000 ____D () C:\windows\system32\MRT
2014-05-17 20:23 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-05-17 20:22 - 2013-10-08 17:33 - 93223848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-05-17 20:19 - 2013-02-28 00:47 - 00000000 ____D () C:\Users\EasySurvey
2014-05-16 21:29 - 2014-05-16 21:29 - 00023839 _____ () C:\Users\abruzzeseredbklyn706\Desktop\Addition.txt
2014-05-16 21:27 - 2014-05-16 21:27 - 02067456 _____ (Farbar) C:\Users\abruzzeseredbklyn706\Desktop\FRST64.exe
2014-05-16 21:26 - 2014-05-16 21:25 - 01056768 _____ (Farbar) C:\Users\abruzzeseredbklyn706\Desktop\FRST.exe
2014-05-16 21:11 - 2014-05-16 20:54 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\Desktop\mbar
2014-05-16 20:59 - 2014-05-16 20:59 - 00119000 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-16 20:59 - 2014-05-16 20:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-16 20:55 - 2014-05-16 20:55 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-05-16 20:52 - 2014-05-16 20:50 - 12589848 _____ (Malwarebytes Corp.) C:\Users\abruzzeseredbklyn706\Desktop\mbar-1.07.0.1009.exe
2014-05-16 20:49 - 2014-05-16 20:49 - 00000998 _____ () C:\Users\abruzzeseredbklyn706\Desktop\checkup.txt
2014-05-16 20:46 - 2014-05-16 20:46 - 00854367 _____ () C:\Users\abruzzeseredbklyn706\Desktop\SecurityCheck.exe
2014-05-11 11:49 - 2014-05-11 11:49 - 00000429 _____ () C:\Users\abruzzeseredbklyn706\Desktop\aswMBR.txt
2014-05-11 11:48 - 2014-05-11 11:48 - 04745728 _____ (AVAST Software) C:\Users\abruzzeseredbklyn706\Desktop\aswMBR.exe
2014-05-11 11:09 - 2014-05-11 10:05 - 00016496 _____ () C:\Users\abruzzeseredbklyn706\Desktop\dds.txt
2014-05-11 11:09 - 2014-05-11 10:05 - 00005830 _____ () C:\Users\abruzzeseredbklyn706\Desktop\attach.txt
2014-05-11 11:08 - 2014-05-11 11:08 - 00001915 _____ () C:\Users\abruzzeseredbklyn706\Desktop\attach.zip
2014-05-11 11:05 - 2013-12-29 12:08 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Local\CrashDumps
2014-05-11 10:45 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\rescache
2014-05-11 09:59 - 2014-05-11 09:59 - 00688992 ____R (Swearware) C:\Users\abruzzeseredbklyn706\Desktop\dds.scr
2014-05-08 09:08 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\WinStore
2014-05-05 22:14 - 2014-05-16 21:07 - 19274752 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-05 22:14 - 2014-05-16 21:07 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-05 20:48 - 2014-05-16 21:07 - 14367232 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-05 20:48 - 2014-05-16 21:07 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-05-05 20:37 - 2014-05-16 21:07 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-05 20:26 - 2014-05-16 21:07 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-03 14:41 - 2014-05-03 14:41 - 00000000 ____D () C:\Program Files (x86)\Convert Files for Free
2014-05-01 13:37 - 2013-10-28 15:08 - 00694240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-05-01 13:37 - 2013-10-28 15:08 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\abruzzeseredbklyn706\AppData\Local\Temp\nsb97EF.exe
C:\Users\abruzzeseredbklyn706\AppData\Local\Temp\Quarantine.exe
C:\Users\abruzzeseredbklyn706\AppData\Local\Temp\SPSetup.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2014-05-16 21:02] - [2014-04-12 02:10] - 0578048 ____A (Microsoft Corporation) 75DD70A14145499C9F7D903CF9A8C91B

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-05-11 09:39

==================== End Of Log ============================

FIX LOG:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-05-2014
Ran by abruzzeseredbklyn706 at 2014-05-20 21:11:09 Run:2
Running from C:\Users\abruzzeseredbklyn706\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKCU - DefaultScope {CA263134-BB82-4DF6-B504-6BB870E632DA} URL =
SearchScopes: HKCU - {CA263134-BB82-4DF6-B504-6BB870E632DA} URL =
*****************

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CA263134-BB82-4DF6-B504-6BB870E632DA} => Key deleted successfully.
HKCR\CLSID\{CA263134-BB82-4DF6-B504-6BB870E632DA} => Key not found.

==== End of Fixlog ====

**OCD** · 2014-05-21, 07:50

Hi Red Prince,

sorry for a few days delay; working on my neighbor's computer, so timing isn't always easy......

Thanks for the reminder. I will allow extra time between replies to compensate for this.

as far as pop-ups, but maybe these are normal pop-ups (java and Microsoft update recommendation)

Yes, these are most likely normal updates. But Java is not showing as being installed, so I'm a bit unsure why you are getting pop-ups to update.

The Windows update will probably include and update from Windows 8 to 8.1. If your neighbor does not want to update to 8.1 then you can ignore this update notice. With that being said, you should always have the latest updates available for your operating system to help patch any issues that may have been corrected since the last update.

eboom pop up as I type this with music blasting

Please explain what you mean by an eboom pop-up.
Also does the pop up indicate any information as to what program might be causing it?
Is there any information in the header of the pop-up window?

=========================

FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt

Code:

() C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe
BHO: ConvertFilesforFree - {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree_x64.dll (Convert Files for Free)
BHO-x32: ConvertFilesforFree - {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree.dll (Convert Files for Free)
R2 ConvertFilesforFreeUpdt; C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe [252928 2014-04-07] ()
2014-05-03 14:41 - 2014-05-03 14:41 - 00000000 ____D () C:\Program Files (x86)\Convert Files for Free

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

Re- run AdwCleaner

It should be on your desktop

- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
This time, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that log file in your next reply.
A copy of that log file will also be saved in the C:\AdwCleaner folder.

=========================

Junkware Removal Tool

Download Junkware Removal Tool to your desktop.

- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Shut down your protection software now to avoid potential conflicts.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

=========================

Re-run Farbar Recovery Scan Tool it should be on your desktop.

- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

=========================

In your next post please provide the following:
FRST fixlog.txt
AdwCleaner[S1].txt
JRT.txt
Fresh FRST.txt
Update on performance.

**Red Prince** · 2014-05-23, 06:11

Hi OCD

A couple of notes:

1. I will be out of town until Sunday so I won't be able to help Red Prince until I return ( I am loopy by the way)

2. I've tried to do some "print screen" shots but I can't figure out why this computer won't paste the "print Screen" into the field. These new keyboards with the "Fn" button are confusing. The reason is that I want to show you some of the popups you were asking about. Regarding Eboom, I can't recall what it was, but it was an annoying pop up with music playing in the background. If I could figure out how to do "print screen" I could paste the image so you could see all the parameters you were asking about. Overall, it still seems as though there are some "popups" which is why I would like to be able to "print screen" them so you can see what they really amount to.

3. I assume this is normal, but when I run FRST sometimes, I get a "pending" notice, but I just assume it has completed it's task....it probably has, it just doesn't always look "finished".

4. I didn't know that you can upgrade your OS from 8.0 to 8.1 via online updates, I thought it was part of the "BIOS". I've heard that 8.0 is pretty bad...so if there is a way to make Red Prince's system more secure, i'm all for it.

Below are the logs you requested, and thank you so much for your patience and your help, I know Red Prince appreciates it (he is 80 years old) and I love him dearly as a neighbor and a friend.

Adaware log:

# AdwCleaner v3.210 - Report created 22/05/2014 at 20:43:06
# Updated 19/05/2014 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : abruzzeseredbklyn706 - REDPRINCE
# Running from : C:\Users\abruzzeseredbklyn706\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537

*************************

AdwCleaner[R0].txt - [1542 octets] - [20/05/2014 21:14:22]
AdwCleaner[R1].txt - [760 octets] - [22/05/2014 20:40:34]
AdwCleaner[R2].txt - [819 octets] - [22/05/2014 20:42:06]
AdwCleaner[S0].txt - [1590 octets] - [20/05/2014 21:15:47]
AdwCleaner[S1].txt - [741 octets] - [22/05/2014 20:43:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [800 octets] ##########

FRST log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-05-2014
Ran by abruzzeseredbklyn706 (administrator) on REDPRINCE on 22-05-2014 20:54:55
Running from C:\Users\abruzzeseredbklyn706\Desktop
Platform: Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Weather Warnings LLC) C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\StormAlerts.exe
() C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\StormAlertsApp.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
() C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\StormAlertsBrowser.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1260256 2013-01-04] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-10-31] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-10-31] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\Bitcasa.exe [4365824 2012-12-27] (Bitcasa, Inc)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2872176 2012-10-08] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-14] (Symantec Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2700142147-97012374-720385256-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2700142147-97012374-720385256-1001\...\Run: [PC Driver Kit] => C:\Program Files (x86)\PC Driver Kit\PCDKLauncher.exe [201528 2013-10-07] (PC Health Labs)
Startup: C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Storm Alerts.lnk
ShortcutTarget: Storm Alerts.lnk -> C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\StormAlerts.exe (Weather Warnings LLC)
Startup: C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormAlerts.lnk
ShortcutTarget: StormAlerts.lnk -> C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\StormAlertsApp.exe ()
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
SearchScopes: HKLM - DefaultScope {CA263134-BB82-4DF6-B504-6BB870E632DA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM - {CA263134-BB82-4DF6-B504-6BB870E632DA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - {CA263134-BB82-4DF6-B504-6BB870E632DA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKCU - DefaultScope {CA263134-BB82-4DF6-B504-6BB870E632DA} URL =
SearchScopes: HKCU - {CA263134-BB82-4DF6-B504-6BB870E632DA} URL =
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [172104 2013-01-26] (Adobe Systems Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-10-31] (Qualcomm Atheros Commnucations)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1591176 2012-11-30] (Samsung Electronics CO., LTD.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [90992 2012-10-08] (ELAN Microelectronics Corp.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-14] (Symantec Corporation)
R2 SWUpdateService; C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2883120 2013-01-24] (Samsung Electronics CO., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-10-31] (Atheros)

==================== Drivers (Whitelisted) ====================

R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-10-31] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-05] (EldoS Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-24] (CyberLink)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-22 20:53 - 2014-05-22 20:53 - 00000701 _____ () C:\Users\abruzzeseredbklyn706\Desktop\JRT.txt
2014-05-22 20:48 - 2014-05-22 20:48 - 00000000 ____D () C:\windows\ERUNT
2014-05-22 20:47 - 2014-05-22 20:47 - 01016261 _____ (Thisisu) C:\Users\abruzzeseredbklyn706\Desktop\JRT.exe
2014-05-22 20:45 - 2014-05-22 20:45 - 00000000 ___RD () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-05-20 21:14 - 2014-05-22 20:43 - 00000000 ____D () C:\AdwCleaner
2014-05-20 21:13 - 2014-05-20 21:13 - 01326389 _____ () C:\Users\abruzzeseredbklyn706\Desktop\AdwCleaner.exe
2014-05-16 21:29 - 2014-05-16 21:29 - 00023839 _____ () C:\Users\abruzzeseredbklyn706\Desktop\Addition.txt
2014-05-16 21:28 - 2014-05-22 20:54 - 00011998 _____ () C:\Users\abruzzeseredbklyn706\Desktop\FRST.txt
2014-05-16 21:28 - 2014-05-22 20:54 - 00000000 ____D () C:\FRST
2014-05-16 21:27 - 2014-05-16 21:27 - 02067456 _____ (Farbar) C:\Users\abruzzeseredbklyn706\Desktop\FRST64.exe
2014-05-16 21:25 - 2014-05-16 21:26 - 01056768 _____ (Farbar) C:\Users\abruzzeseredbklyn706\Desktop\FRST.exe
2014-05-16 21:07 - 2014-05-05 22:14 - 19274752 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-16 21:07 - 2014-05-05 22:14 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-16 21:07 - 2014-05-05 20:48 - 14367232 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-16 21:07 - 2014-05-05 20:48 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-05-16 21:07 - 2014-05-05 20:37 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-16 21:07 - 2014-05-05 20:26 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-16 21:03 - 2014-03-28 01:23 - 19759104 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-05-16 21:03 - 2014-03-27 23:18 - 17562112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-05-16 21:02 - 2014-04-12 02:27 - 00172888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-05-16 21:02 - 2014-04-12 02:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-05-16 21:02 - 2014-04-12 02:09 - 01043968 _____ (Microsoft Corporation) C:\windows\system32\usercpl.dll
2014-05-16 21:02 - 2014-04-12 02:09 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
2014-05-16 21:02 - 2014-04-12 02:09 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-05-16 21:02 - 2014-04-12 02:09 - 00094720 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-05-16 21:02 - 2014-04-12 02:08 - 01281536 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-05-16 21:02 - 2014-04-12 02:08 - 00827904 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-05-16 21:02 - 2014-04-12 02:08 - 00439808 _____ (Microsoft Corporation) C:\windows\system32\lsm.dll
2014-05-16 21:02 - 2014-04-12 02:08 - 00318464 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-05-16 21:02 - 2014-04-12 02:07 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-05-16 21:02 - 2014-04-12 00:23 - 00961536 _____ (Microsoft Corporation) C:\windows\SysWOW64\usercpl.dll
2014-05-16 21:02 - 2014-04-12 00:23 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
2014-05-16 21:02 - 2014-04-12 00:23 - 00273920 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-05-16 21:02 - 2014-04-12 00:23 - 00178688 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-05-16 21:02 - 2014-04-12 00:23 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-05-16 21:02 - 2014-04-12 00:22 - 00666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-05-16 21:02 - 2014-04-12 00:22 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-05-16 21:02 - 2014-04-11 23:58 - 00014848 _____ (Microsoft Corporation) C:\windows\system32\workerdd.dll
2014-05-16 21:02 - 2014-03-28 12:19 - 00035856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
2014-05-16 21:02 - 2014-03-23 15:11 - 00269592 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
2014-05-16 21:02 - 2014-03-10 20:32 - 06987096 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-05-16 21:02 - 2014-03-10 20:25 - 00100184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2014-05-16 21:02 - 2014-03-10 17:41 - 00559104 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll
2014-05-16 21:02 - 2014-03-10 17:41 - 00323072 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-05-16 21:02 - 2014-03-10 17:41 - 00038400 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll
2014-05-16 21:02 - 2014-03-10 17:39 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2014-05-16 21:02 - 2014-03-10 17:38 - 00982016 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-05-16 21:02 - 2014-03-10 17:38 - 00684032 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll
2014-05-16 21:02 - 2014-03-10 17:38 - 00419328 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-05-16 21:02 - 2014-03-10 17:38 - 00179712 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll
2014-05-16 21:02 - 2014-03-10 17:38 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2014-05-16 21:02 - 2014-03-10 17:38 - 00045056 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll
2014-05-16 21:02 - 2014-03-10 17:38 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2014-05-16 21:02 - 2014-03-09 20:05 - 00668160 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2014-05-16 21:02 - 2014-03-09 18:27 - 00099840 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-05-16 21:02 - 2014-03-03 16:07 - 00570216 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2014-05-16 21:00 - 2014-03-28 01:23 - 01287168 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll
2014-05-16 20:59 - 2014-05-16 20:59 - 00119000 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-16 20:59 - 2014-05-16 20:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-16 20:55 - 2014-05-16 20:55 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-05-16 20:55 - 2014-03-01 02:47 - 01258496 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-05-16 20:55 - 2014-03-01 02:47 - 01120768 _____ (Microsoft Corporation) C:\windows\system32\gpedit.dll
2014-05-16 20:55 - 2014-03-01 01:07 - 01075200 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpedit.dll
2014-05-16 20:55 - 2014-02-28 23:59 - 00974848 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-05-16 20:55 - 2014-02-26 16:18 - 00621568 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2014-05-16 20:55 - 2014-02-26 16:18 - 00370688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2014-05-16 20:55 - 2014-02-26 16:18 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2014-05-16 20:55 - 2014-02-26 16:18 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2014-05-16 20:55 - 2014-02-14 21:15 - 00078336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\IPMIDrv.sys
2014-05-16 20:54 - 2014-05-16 21:11 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\Desktop\mbar
2014-05-16 20:50 - 2014-05-16 20:52 - 12589848 _____ (Malwarebytes Corp.) C:\Users\abruzzeseredbklyn706\Desktop\mbar-1.07.0.1009.exe
2014-05-16 20:49 - 2014-05-16 20:49 - 00000998 _____ () C:\Users\abruzzeseredbklyn706\Desktop\checkup.txt
2014-05-16 20:46 - 2014-05-16 20:46 - 00854367 _____ () C:\Users\abruzzeseredbklyn706\Desktop\SecurityCheck.exe
2014-05-11 11:49 - 2014-05-11 11:49 - 00000429 _____ () C:\Users\abruzzeseredbklyn706\Desktop\aswMBR.txt
2014-05-11 11:48 - 2014-05-11 11:48 - 04745728 _____ (AVAST Software) C:\Users\abruzzeseredbklyn706\Desktop\aswMBR.exe
2014-05-11 11:08 - 2014-05-11 11:08 - 00001915 _____ () C:\Users\abruzzeseredbklyn706\Desktop\attach.zip
2014-05-11 10:05 - 2014-05-11 11:09 - 00016496 _____ () C:\Users\abruzzeseredbklyn706\Desktop\dds.txt
2014-05-11 10:05 - 2014-05-11 11:09 - 00005830 _____ () C:\Users\abruzzeseredbklyn706\Desktop\attach.txt
2014-05-11 09:59 - 2014-05-11 09:59 - 00688992 ____R (Swearware) C:\Users\abruzzeseredbklyn706\Desktop\dds.scr
2014-05-06 15:03 - 2014-04-19 02:39 - 00628024 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2014-05-06 15:03 - 2014-04-19 01:45 - 00693760 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-05-06 15:03 - 2014-04-19 01:45 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-06 15:03 - 2014-04-18 23:57 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-05-06 15:03 - 2014-04-18 23:57 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

==================== One Month Modified Files and Folders =======

2014-05-22 20:55 - 2014-05-16 21:28 - 00011998 _____ () C:\Users\abruzzeseredbklyn706\Desktop\FRST.txt
2014-05-22 20:54 - 2014-05-16 21:28 - 00000000 ____D () C:\FRST
2014-05-22 20:53 - 2014-05-22 20:53 - 00000701 _____ () C:\Users\abruzzeseredbklyn706\Desktop\JRT.txt
2014-05-22 20:48 - 2014-05-22 20:48 - 00000000 ____D () C:\windows\ERUNT
2014-05-22 20:47 - 2014-05-22 20:47 - 01016261 _____ (Thisisu) C:\Users\abruzzeseredbklyn706\Desktop\JRT.exe
2014-05-22 20:47 - 2013-02-28 00:35 - 00000000 ____D () C:\ProgramData\WinClon
2014-05-22 20:47 - 2013-02-27 23:23 - 01182850 _____ () C:\windows\WindowsUpdate.log
2014-05-22 20:46 - 2014-01-22 11:45 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts
2014-05-22 20:45 - 2014-05-22 20:45 - 00000000 ___RD () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-05-22 20:44 - 2013-12-29 11:42 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Skype
2014-05-22 20:43 - 2014-05-20 21:14 - 00000000 ____D () C:\AdwCleaner
2014-05-22 20:43 - 2012-08-05 14:07 - 00460458 _____ () C:\windows\PFRO.log
2014-05-22 20:43 - 2012-07-26 00:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-05-22 20:43 - 2012-07-25 22:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-05-22 20:25 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\system32\sru
2014-05-20 21:13 - 2014-05-20 21:13 - 01326389 _____ () C:\Users\abruzzeseredbklyn706\Desktop\AdwCleaner.exe
2014-05-20 21:11 - 2013-09-26 22:39 - 00003592 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2700142147-97012374-720385256-1001
2014-05-17 20:28 - 2013-09-26 22:33 - 00000000 ___RD () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-17 20:28 - 2013-09-26 22:33 - 00000000 ___RD () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-17 20:25 - 2012-07-26 01:12 - 00000000 ___RD () C:\windows\ToastData
2014-05-17 20:25 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-17 20:25 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-17 20:25 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\system32\SecureBootUpdates
2014-05-17 20:25 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-17 20:25 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-17 20:23 - 2013-10-08 17:33 - 00000000 ____D () C:\windows\system32\MRT
2014-05-17 20:23 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-05-17 20:22 - 2013-10-08 17:33 - 93223848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-05-17 20:19 - 2013-02-28 00:47 - 00000000 ____D () C:\Users\EasySurvey
2014-05-16 21:29 - 2014-05-16 21:29 - 00023839 _____ () C:\Users\abruzzeseredbklyn706\Desktop\Addition.txt
2014-05-16 21:27 - 2014-05-16 21:27 - 02067456 _____ (Farbar) C:\Users\abruzzeseredbklyn706\Desktop\FRST64.exe
2014-05-16 21:26 - 2014-05-16 21:25 - 01056768 _____ (Farbar) C:\Users\abruzzeseredbklyn706\Desktop\FRST.exe
2014-05-16 21:11 - 2014-05-16 20:54 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\Desktop\mbar
2014-05-16 20:59 - 2014-05-16 20:59 - 00119000 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-16 20:59 - 2014-05-16 20:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-16 20:55 - 2014-05-16 20:55 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-05-16 20:52 - 2014-05-16 20:50 - 12589848 _____ (Malwarebytes Corp.) C:\Users\abruzzeseredbklyn706\Desktop\mbar-1.07.0.1009.exe
2014-05-16 20:49 - 2014-05-16 20:49 - 00000998 _____ () C:\Users\abruzzeseredbklyn706\Desktop\checkup.txt
2014-05-16 20:46 - 2014-05-16 20:46 - 00854367 _____ () C:\Users\abruzzeseredbklyn706\Desktop\SecurityCheck.exe
2014-05-11 11:49 - 2014-05-11 11:49 - 00000429 _____ () C:\Users\abruzzeseredbklyn706\Desktop\aswMBR.txt
2014-05-11 11:48 - 2014-05-11 11:48 - 04745728 _____ (AVAST Software) C:\Users\abruzzeseredbklyn706\Desktop\aswMBR.exe
2014-05-11 11:09 - 2014-05-11 10:05 - 00016496 _____ () C:\Users\abruzzeseredbklyn706\Desktop\dds.txt
2014-05-11 11:09 - 2014-05-11 10:05 - 00005830 _____ () C:\Users\abruzzeseredbklyn706\Desktop\attach.txt
2014-05-11 11:08 - 2014-05-11 11:08 - 00001915 _____ () C:\Users\abruzzeseredbklyn706\Desktop\attach.zip
2014-05-11 11:05 - 2013-12-29 12:08 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Local\CrashDumps
2014-05-11 10:45 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\rescache
2014-05-11 09:59 - 2014-05-11 09:59 - 00688992 ____R (Swearware) C:\Users\abruzzeseredbklyn706\Desktop\dds.scr
2014-05-08 09:08 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\WinStore
2014-05-05 22:14 - 2014-05-16 21:07 - 19274752 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-05 22:14 - 2014-05-16 21:07 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-05 20:48 - 2014-05-16 21:07 - 14367232 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-05 20:48 - 2014-05-16 21:07 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-05-05 20:37 - 2014-05-16 21:07 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-05 20:26 - 2014-05-16 21:07 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-01 13:37 - 2013-10-28 15:08 - 00694240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-05-01 13:37 - 2013-10-28 15:08 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\abruzzeseredbklyn706\AppData\Local\Temp\nsb97EF.exe
C:\Users\abruzzeseredbklyn706\AppData\Local\Temp\Quarantine.exe
C:\Users\abruzzeseredbklyn706\AppData\Local\Temp\SPSetup.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2014-05-16 21:02] - [2014-04-12 02:10] - 0578048 ____A (Microsoft Corporation) 75DD70A14145499C9F7D903CF9A8C91B

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-05-11 09:39

==================== End Of Log ============================

Junkware log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by abruzzeseredbklyn706 on Thu 05/22/2014 at 20:48:27.09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 05/22/2014 at 20:53:20.31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST List Log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-05-2014
Ran by abruzzeseredbklyn706 at 2014-05-22 20:39:36 Run:3
Running from C:\Users\abruzzeseredbklyn706\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************

() C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe
BHO: ConvertFilesforFree - {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree_x64.dll (Convert Files for Free)
BHO-x32: ConvertFilesforFree - {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree.dll (Convert Files for Free)
R2 ConvertFilesforFreeUpdt; C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe [252928 2014-04-07] ()
2014-05-03 14:41 - 2014-05-03 14: 41 - 00000000 ____D () C:\Program Files (x86)\Convert Files for Free
*****************

[1916] C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe => Process closed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} => Key deleted successfully.
HKCR\CLSID\{59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} => Key deleted successfully.
ConvertFilesforFreeUpdt => Service deleted successfully.
C:\Program Files (x86)\Convert Files for Free => Moved successfully.

==== End of Fixlog ====

**OCD** · 2014-05-23, 06:35

Hi Red Prince,

I will be out of town until Sunday so I won't be able to help Red Prince until I return

No problem, just continue when you return. I will leave the thread open until I hear back from you.

= = = = = = = = = = = = = = = = = = = =

There is a tool that comes with Windows that should handle the task your looking for. It's called the Snipping Tool, follow this link for directions on how to use it.
http://windows.microsoft.com/en-us/w...#1TC=windows-8

OR

How to take a screenshot in Windows 8
http://blog.laptopmag.com/how-to-tak...t-in-windows-8

= = = = = = = = = = = = = = = = = = = =

Your FRST logs you have posted are complete logs so the tool is working fine.

= = = = = = = = = = = = = = = = = = = =

Windows 8 upgrade to 8.1
Here is a tutorial about how the upgrade process works. The best way to keep the computer as secure as possible is to have all the latest updates, and to always have a firewall and an anti-virus program installed and active.
http://windows.microsoft.com/en-us/w...ows-8-tutorial

If you are contemplating doing the upgrade to 8.1 please hold off for now until we get all the issues sorted out. Then we will make sure everything is in place to ensure the security of the system.

= = = = = = = = = = = = = = = = = = = =

I won't post any new instructions until you can get me the screenshots of the pop-ups. But as a side note the last FRST log is looking good, so we are making progress.

Thread: Pop up attacks and home page hijack

Thread Tools

Display

Pop up attacks and home page hijack

Posting Permissions