tikk

It seems to be fine, thanks. I was concerned about the following directory, which appeared at about the same time as the unisales/youtube downloader and which I was only just able to delete without it reappearing. C:\ProgramData\Optimizer\program winapp_Test002.exe Gone now though, and there seems to be peace in the valley again. Thanks much TwinHeadedEagle!

Fixlog attached. Fixlog.txt

Sorry, didn't see the option to attach files. See below: Addition.txt FRST.txt mbar-log-2015-01-04 (14-13-24).txt system-log.txt

-------------------------------------------- system-log -------------------------------------------- --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.08.2.1001 © Malwarebytes Corporation 2011-2012 OS version: 6.3.9200 Windows 8.1 x64 Account is Administrative Internet Explorer version: 11.0.9600.17498 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.394000 GHz Memory total: 17100267520, free: 14192001024 Downloaded database version: v2015.01.04.12 Downloaded database version: v2014.12.30.01 Downloaded database version: v2014.12.06.01 Initializing... ====================== This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue. ======================================= Initializing... This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue. ======================================= Initializing... DDA Driver installation error. Could not install driver on boot. Scan can't continue ======================================= Initializing... DDA Driver installation error. User declined to install driver on boot. Scan Aborted. ======================================= Initializing... DDA Driver installation error. Could not install driver on boot. Scan can't continue ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.08.2.1001 © Malwarebytes Corporation 2011-2012 OS version: 6.3.9200 Windows 8.1 x64 Account is Administrative Internet Explorer version: 11.0.9600.17498 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.394000 GHz Memory total: 17100267520, free: 15308984320 ======================================= Initializing... This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue. ======================================= Initializing... This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue. ======================================= Initializing... This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue. ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.08.2.1001 © Malwarebytes Corporation 2011-2012 OS version: 6.3.9200 Windows 8.1 x64 Account is Administrative Internet Explorer version: 11.0.9600.17498 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.394000 GHz Memory total: 17100267520, free: 15521050624 Initializing... ====================== ------------ Kernel report ------------ 01/04/2015 14:13:19 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kd.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\System32\drivers\werkernel.sys \SystemRoot\System32\drivers\CLFS.SYS \SystemRoot\System32\drivers\tm.sys \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\system32\CI.dll \SystemRoot\System32\drivers\msrpc.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\System32\Drivers\acpiex.sys \SystemRoot\System32\Drivers\WppRecorder.sys \SystemRoot\System32\drivers\ACPI.sys \SystemRoot\System32\drivers\WMILIB.SYS \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\msisadrv.sys \SystemRoot\System32\drivers\pci.sys \SystemRoot\System32\drivers\vdrvroot.sys \SystemRoot\system32\drivers\pdc.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\System32\drivers\spaceport.sys \SystemRoot\System32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\System32\drivers\iaStorA.sys \SystemRoot\System32\drivers\storport.sys \SystemRoot\System32\drivers\EhStorClass.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\System32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Wof.sys \SystemRoot\System32\Drivers\PxHlpa64.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\DRIVERS\wfplwfs.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\thpdrv.sys \SystemRoot\System32\drivers\volsnap.sys \SystemRoot\System32\drivers\TVALZ_O.SYS \SystemRoot\System32\drivers\tos_sps64.sys \SystemRoot\System32\drivers\Thpevm.SYS \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\system32\DRIVERS\nvpciflt.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\intelpep.sys \SystemRoot\System32\drivers\disk.sys \SystemRoot\System32\drivers\CLASSPNP.SYS \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\drivers\cdrom.sys \SystemRoot\system32\drivers\NATx64\010A000.009\ccSetx64.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\BasicRender.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\System32\drivers\BasicDisplay.sys \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\System32\drivers\npsvctrig.sys \SystemRoot\System32\drivers\mssmbios.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\ahcache.sys \SystemRoot\System32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\kdnic.sys \SystemRoot\System32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\system32\DRIVERS\igdkmd64.sys \SystemRoot\System32\drivers\HDAudBus.sys \SystemRoot\System32\drivers\USBXHCI.SYS \SystemRoot\System32\drivers\ucx01000.sys \SystemRoot\system32\DRIVERS\TeeDriverx64.sys \SystemRoot\System32\drivers\usbehci.sys \SystemRoot\System32\drivers\USBPORT.SYS \SystemRoot\system32\DRIVERS\NETwew00.sys \SystemRoot\System32\drivers\vwifibus.sys \SystemRoot\system32\DRIVERS\L1C63x64.sys \SystemRoot\system32\DRIVERS\RtsP2Stor.sys \SystemRoot\System32\drivers\i8042prt.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\System32\drivers\kbdclass.sys \SystemRoot\System32\drivers\mouclass.sys \SystemRoot\system32\DRIVERS\tdcmdpst.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys \SystemRoot\System32\drivers\wmiacpi.sys \SystemRoot\System32\drivers\intelppm.sys \SystemRoot\System32\drivers\CmBatt.sys \SystemRoot\System32\drivers\BATTC.SYS \SystemRoot\System32\drivers\tosrfec.sys \SystemRoot\System32\drivers\QIOMem.sys \SystemRoot\System32\drivers\Thotkey.sys \SystemRoot\System32\drivers\mshidkmdf.sys \SystemRoot\System32\drivers\HIDCLASS.SYS \SystemRoot\System32\drivers\HIDPARSE.SYS \SystemRoot\system32\drivers\nvvad64v.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\System32\drivers\NdisVirtualBus.sys \SystemRoot\System32\drivers\swenum.sys \SystemRoot\System32\drivers\iwdbus.sys \SystemRoot\System32\drivers\rdpbus.sys \SystemRoot\System32\drivers\usbhub.sys \SystemRoot\System32\drivers\UsbHub3.sys \SystemRoot\system32\drivers\CHDRT64.sys \SystemRoot\System32\drivers\usbccgp.sys \SystemRoot\System32\drivers\hidusb.sys \SystemRoot\System32\drivers\kbdhid.sys \SystemRoot\System32\drivers\mouhid.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\DRIVERS\udfs.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\monitor.sys \SystemRoot\System32\Drivers\BTHUSB.sys \SystemRoot\System32\Drivers\bthport.sys \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_iaStorA.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\System32\drivers\rfcomm.sys \SystemRoot\System32\drivers\BthEnum.sys \SystemRoot\System32\drivers\bthpan.sys \SystemRoot\system32\drivers\BthA2DP.sys \SystemRoot\system32\drivers\btampm.sys \SystemRoot\System32\drivers\BthAvrcpTg.sys \SystemRoot\system32\drivers\luafv.sys \??\C:\Windows\system32\drivers\mbam.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\vwifimp.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\drivers\Ndu.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\System32\drivers\condrv.sys \??\C:\Windows\system32\drivers\mwac.sys \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xffffe0016b9b1060 Upper Device Driver Name: \Driver\disk\ Lower Device Name: \Device\00000037\ Lower Device Object: 0xffffe0016a3bb7f0 Lower Device Driver Name: \Driver\iaStorA\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffe0016b9b3060 Upper Device Driver Name: \Driver\disk\ Lower Device Name: \Device\00000036\ Lower Device Object: 0xffffe0016a3bd060 Lower Device Driver Name: \Driver\iaStorA\ <<<2>>> Physical Sector Size: 512 Drive: 1, DevicePointer: 0xffffe0016b9b1060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffe0016b9b2b20, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffe0016b9b1060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ DevicePointer: 0xffffe0016a3bb7f0, DeviceName: \Device\00000037\, DriverName: \Driver\iaStorA\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\acpipagr.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\acpitime.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\AGP440.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\amdppm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\intelpep.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\npsvctrig.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\npsvctrig.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\ataport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BasicDisplay.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BasicDisplay.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BasicRender.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BasicRender.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\battc.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BtaMPM.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BthA2DP.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BthA2DP.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BthAvrcpTg.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BthAvrcpTg.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthenum.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\bthenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthhfenum.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\bthhfenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BthhfHid.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\bthmodem.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthpan.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\bthpan.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\bthport.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\bthport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\BTHUSB.SYS" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\BTHUSB.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\circlass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\CmBatt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\CompositeBus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\drmk.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\dumpsd.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\errdev.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\mouhid.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\uaspstor.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\kdnic.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\kdnic.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\monitor.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\mouclass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\stornvme.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\terminpt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\tpm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\TsUsbGD.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\portcls.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\rfcomm.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\rfcomm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\UCX01000.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\uefi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\umbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\umpass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbcir.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbd.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbehci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbhub.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\USBHUB3.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbohci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\USBSTOR.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\usbvideo.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\usbvideo.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\USBXHCI.SYS" is compressed (flags = 1) File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\vhdmp.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\volmgr.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\winusb.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\winusb.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\WSDPrint.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\WSDPrint.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\sdbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\sdstor.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\sermouse.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\spaceport.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\spaceport.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\msgpiowin32.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\msgpiowin32.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\MTConfig.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\fxppm.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\HdAudio.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\HdAudio.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidbatt.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidi2c.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1) File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1) File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1) Done! Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffe0016b9b3060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffe0016b9b3b20, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffe0016b9b3060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ DevicePointer: 0xffffe0016b9b7060, DeviceName: \Device\THPDRV1\, DriverName: \Driver\Thpdrv\ DevicePointer: 0xffffe0016a3bd060, DeviceName: \Device\00000036\, DriverName: \Driver\iaStorA\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 769A6F63 Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 1953519616 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 1000204886016 bytes Sector size: 512 bytes Done! Drive 1 This is a System drive Scanning MBR on drive 1... Inspecting partition table: This drive is a GPT Drive. MBR Signature: 55AA Disk Signature: 0 GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 4294967295 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 665780240 GPT Header CurrentLba = 1 BackupLba 500118191 GPT Header FirstUsableLba 34 LastUsableLba 500118158 GPT Header Guid 30ef065c-2a13-11e3-a895-a67aabe62594 GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 665780240 Backup GPT header CurrentLba = 500118191 BackupLba 1 Backup GPT header FirstUsableLba 34 LastUsableLba 500118158 Backup GPT header Guid 30ef065c-2a13-11e3-a895-a67aabe62594 Backup GPT header Contains 128 partition entries starting at LBA 500118159 Backup GPT header Partition entry size = 128 Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID 30ef065d-2a13-11e3-a895-a67aabe62594 FirstLBA 2048 Last LBA 2099199 Attributes 1 Partition Name Basic data partition Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b Partition ID 30ef0665-2a13-11e3-a895-a67aabe62594 FirstLBA 2099200 Last LBA 2303999 Attributes 0 Partition Name Basic data partition GPT Partition 1 is bootable Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae Partition ID 30ef0667-2a13-11e3-a895-a67aabe62594 FirstLBA 2304000 Last LBA 2566143 Attributes 0 Partition Name Basic data partition Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID 30ef066f-2a13-11e3-a895-a67aabe62594 FirstLBA 2566144 Last LBA 477949951 Attributes 0 Partition Name Basic data partition Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID 3b951873-4e58-11e3-8749-89e1f36082 FirstLBA 477949952 Last LBA 500117503 Attributes 1 Partition Name Basic data partition Disk Size: 256060514304 bytes Sector size: 512 bytes Done! Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam... Removal finished

Am getting error messages for replying with all four files' content, so will break into separate files: --------------------------------------------mbar-log-2015-01-04 (14-13-24)--------------------------------------------Malwarebytes Anti-Rootkit BETA 1.08.2.1001www.malwarebytes.org Database version: v2015.01.04.12 Windows 8.1 x64 NTFSInternet Explorer 11.0.9600.17498tikk :: SCOTT-TOSHIBA [administrator] 1/4/2015 2:13:24 PMmbar-log-2015-01-04 (14-13-24).txt Scan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/ShurikenScan options disabled: Objects scanned: 352230Time elapsed: 4 minute(s), 36 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) Physical Sectors Detected: 0(No malicious items detected) (end)

Thanks TwinHeadedEagle. See below for zoek-results.log: Zoek.exe v5.0.0.0 Updated 31-12-2014Tool run by tikk on Sun 01/04/2015 at 13:35:58.68.Microsoft Windows 8.1 6.3.9600 x64Running in: Normal Mode Internet Access DetectedLaunched: C:\Users\tikk\Desktop\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 1/4/2015 1:37:19 PM Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\AGEIA Technologies deleted successfullyC:\PROGRA~3\Oracle deleted successfullyC:\PROGRA~3\Yahoo! deleted successfullyC:\Users\tikk\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3547218074-2381322829-1360127456-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9ABC3959-6C0B-44E8-B158-1BFE929AE047} deleted successfullyHKEY_USERS\S-1-5-21-3547218074-2381322829-1360127456-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C106BEFA-F4FE-4605-BF8B-CD734A49A31E} deleted successfullyHKEY_USERS\S-1-5-21-3547218074-2381322829-1360127456-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EA463D72-2C8-4FF9-92EE-4733F78AB5A2} deleted successfullyHKEY_USERS\S-1-5-21-3547218074-2381322829-1360127456-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FF1D1734-9575-41A8-96F9-F754EB263B13} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\tikk\AppData\Roaming\Mozilla\Firefox\Profiles\69npxn4n.default user.js not found---- Lines extensions.pnmoVnVzRbUeR53h removed from prefs.js ----user_pref("extensions.pnmoVnVzRbUeR53h.epoch", "1420401445");---- Lines extensions.zvLq9QhWXNqxIq9I removed from prefs.js ----user_pref("extensions.zvLq9QhWXNqxIq9I.epoch", "1420401445");user_pref("extensions.zvLq9QhWXNqxIq9I.url", "http://veterance.info/sync2/?q=hfZ9oflKAfqZBylHrGhEAen0rTwEqTUMg708BNmGWj8lkGhGheDUojw8rdwErTsErdrEpihIC---- FireFox user.js and prefs.js backups ---- prefs_20150104_0144_.backup ==== Batch Command(s) Run By Tool====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Software Update Services deletedC:\PROGRA~3\Package Cache deletedC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deletedC:\Users\tikk\Downloads\ecalhounsavingsstmnt.jpeg deletedC:\Users\tikk\Downloads\SoftonicDownloader_for_putty (1).exe deletedC:\Users\tikk\Downloads\SoftonicDownloader_for_putty.exe deleted ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\tikk\AppData\Roaming\Mozilla\Firefox\Profiles\69npxn4n.defaultuser_pref("browser.search.defaultenginename", "Google"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]"web2pdfextension@web2pdf.adobedotcom"="C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn" [07/06/2014 03:13 PM] ==== Firefox Extensions ====================== ProfilePath: C:\Users\tikk\AppData\Roaming\Mozilla\Firefox\Profiles\69npxn4n.default- Undetermined - {a7c6cf7f-112c-4500-a7ea-39801a327e5f}- FireFTP - %ProfilePath%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} AppDir: C:\Program Files (x86)\Mozilla Firefox- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\tikk\AppData\Roaming\Mozilla\Firefox\Profiles\69npxn4n.default8303B3CEC05500F763B4FA75210598BB - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll - Shockwave Flash ==== Chromium Look ====================== HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensionsapdfllckaahabafndbhieahigkjlhalf - C:\Users\tikk\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx[03/16/2014 09:38 PM]lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[] Google Voice Search Hotword (Beta) - tikk\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfnOrbvious Interest - tikk\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkikpncfbjndhfkipijhdoddiadaipaaFacebook - tikk\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfmSpotify - Music for every moment - tikk\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgiehNYTimes - tikk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecmphppfkcfflgglcokcbdkofpfegoelChromebleed - tikk\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeoekjnjgppnaegdjbcafdggilajhpic8 Ball Pool Multiplayer - tikk\AppData\Local\Google\Chrome\User Data\Default\Extensions\enapaicicmcakmngdopeadgpddfocepbTweetDeck by Twitter - tikk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagblFlixster - tikk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgbpjlnkjhllfgfdmieompodgaefjcfhfeedly - tikk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmobMusic Player for Google Drive - tikk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnfeekfpnjbdmelcapngdgkjnhgijjkhGoogle Drive App Launcher - tikk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbehG+ Extended - tikk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafbdgpajdhkjnaeafkboodleapnpjbgfeedly Mini - tikk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndhinffkekpekljifjkkkkkhopnjodjaInstagram for Chrome - tikk\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb ==== Chromium Startpages ====================== C:\Users\tikk\AppData\Local\Google\Chrome\User Data\Default\Preferences"homepage": "http://google.com/", ==== Set IE to Default ====================== Old Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://google.com/""Search Page"="http://www.google.com""Default_Secondary_Page_URL"="http://www.google.com""Search Bar"="http://www.google.com""Use Search Asst"="yes"[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]"Default_Secondary_Page_URL"="http://www.google.com""Secondary Start Pages"="http://www.google.com"[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]"Default_Secondary_Page_URL"="http://www.google.com""Secondary Start Pages"="http://www.google.com"[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]"Default"="http://www.google.com"[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]"Default"="http://www.google.com"[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]"Default"="http://www.google.com"[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]"Default_Search_URL"="http://www.google.com""SearchAssistant"="http://www.google.com" New Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896""Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896""Default_Secondary_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157""Start Page"="http://google.com/""Use Search Asst"="no"[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]"Default_Secondary_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157""Secondary Start Pages"="http://go.microsoft.com/fwlink/?LinkId=69157"[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]"Default_Secondary_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157""Secondary Start Pages"="http://go.microsoft.com/fwlink/?LinkId=69157"[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]"(Default)"="http://search.msn.com/results.asp?q=%s"[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]"(Default)"="http://search.msn.com/results.asp?q=%s"[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]"(Default)"="http://search.msn.com/results.asp?q=%s"[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896""SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"{D4BF049E-961A-4ECF-907C-B8899CAD2039} Unknown Url="Not_Found"{FA7D9F89-06C2-4578-B1EE-21F55D2844BD} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3547218074-2381322829-1360127456-1002\Software\Microsoft\Internet Explorer\SearchScopes\{D4BF049E-961A-4ECF-907C-B8899CAD2039} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\tikk\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\Users\tikk\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfullyC:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\Users\tikk\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfullyC:\Users\tikk\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfullyC:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfullyC:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== C:\Users\tikk\AppData\Local\Mozilla\Firefox\Profiles\69npxn4n.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\tikk\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=30 folders=30 32560112 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfullyC:\Users\Default User\AppData\Local\Temp emptied successfullyC:\Users\tikk\AppData\Local\Temp will be emptied at rebootC:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfullyC:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfullyC:\Windows\Temp will be emptied at reboot

I normally run Chrome but was doing work in Firefox, and it was in Firefox that I got infected with a program that doesn't appear in listed programs. Infection manifested itself by popups suggesting latest version of flash not installed, etc. Then the problem appeared in Chrome, and I was able to locate it as an browser extension "UnisalEEs". I managed to neutralize the popups so that I'm able to now use both browsers, but I'm certain I didn't actually fix the problem because the browsers both feel different (e.g., mouse scroll sticks), and there are a few files and directories that appeared and now can't be removed. I ran the Malwarebytes program and that didn't fix, so I'm here, attaching my FRST and Additions files, hoping one of the experts can help, for which I'll happily donate. Thanks. Addition.txt FRST.txt