Jump to content

Duggernaut86

Honorary Members
 View Profile  See their activity

  • Posts

    61

  • Joined

  • Last visited

 Content Type 

Everything posted by Duggernaut86

  1. Duggernaut86
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 Ran by kyled_000 at 2015-05-27 09:14:17 Running from C:\Users\kyled_000\Downloads Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1615724195-3356573343-772561760-500 - Administrator - Disabled) Guest (S-1-5-21-1615724195-3356573343-772561760-501 - Limited - Disabled) kyled_000 (S-1-5-21-1615724195-3356573343-772561760-1001 - Administrator - Enabled) => C:\Users\kyled_000 ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ACE COMBAT™ ASSAULT HORIZON Enhanced Edition (HKLM-x32\...\Steam App 228400) (Version: - Namco) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) BIT.TRIP Presents... Runner2: Future Legend of Rhythm Alien (HKLM-x32\...\Steam App 218060) (Version: - Gaijin Games) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.) Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.2.3 - Canon Inc.) Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.5.0 - Canon Inc.) Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.) Canon MG6600 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6600_series) (Version: 1.00 - Canon Inc.) Canon MG6600 series On-screen Manual (HKLM-x32\...\Canon MG6600 series On-screen Manual) (Version: 7.7.0 - Canon Inc.) Canon MG6600 series User Registration (HKLM-x32\...\Canon MG6600 series User Registration) (Version: - ‭Canon Inc.) Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.0.0 - Canon Inc.) Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.0.0 - Canon Inc.) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.) Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.4.0 - Canon Inc.) Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform) Citrix Online Launcher (HKLM-x32\...\{6740FE60-43C1-4D15-8C4A-001624134B14}) (Version: 1.0.312 - Citrix) Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version: - FromSoftware) Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform) Dropbox (HKU\S-1-5-21-1615724195-3356573343-772561760-1001\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.) f.lux (HKU\S-1-5-21-1615724195-3356573343-772561760-1001\...\Flux) (Version: - ) Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment) FEZ (HKLM-x32\...\Steam App 224760) (Version: - Polytron Corporation) Fraps (HKLM-x32\...\Fraps) (Version: - ) FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version: - Subset Games) GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team) GlobalProtect (HKLM\...\{BB18DEA5-4F6E-4A05-B73B-C2DC86FC60EF}) (Version: 2.1.1 - Palo Alto Networks) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.) Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company) iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.) iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.) join.me (HKU\S-1-5-21-1615724195-3356573343-772561760-1001\...\JoinMe) (Version: 1.20.0.125 - LogMeIn, Inc.) Launchy 2.5 (HKLM-x32\...\Launchy_21344213_is1) (Version: - Code Jelly) Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.05.0.0 - Electronic Arts) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4719.1002 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1615724195-3356573343-772561760-1001\...\OneDriveSetup.exe) (Version: 17.3.5860.0512 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) MusicBee 2.4 (HKLM-x32\...\MusicBee) (Version: 2.4 - Steven Mayall) NVIDIA PhysX (HKLM-x32\...\{9530AE42-DAE1-4619-9594-B23487285D17}) (Version: 9.11.1107 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.) Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.9 - ) Popcorn Time (HKU\S-1-5-21-1615724195-3356573343-772561760-1001\...\Popcorn Time) (Version: - Popcorn Official) Portal (HKLM-x32\...\Steam App 400) (Version: - Valve) QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Raptr (HKLM-x32\...\Raptr) (Version: - ) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Salesforce for Outlook (HKLM\...\{F2CED60E-2E22-4880-8D21-3AAE1B0DE6CD}) (Version: 2.7.01.3490 - salesforce.com) salesforce.com Data Loader (HKLM-x32\...\Data Loader) (Version: - ) Skype™ 6.20 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.20.104 - Skype Technologies S.A.) Slingplayer Desktop (x32 Version: 5.0.0.83 - Sling Media) Hidden Slingplayer for Chrome Installer (x32 Version: 0.0.0.74 - Sling Media) Hidden SlingPlayer for Web (HKLM-x32\...\{576AB4FA-71CB-4530-9EA2-91308367C169}) (Version: 2.4.0130 - Sling Media) Slingplayer-Desktop (HKLM-x32\...\{176cb1f2-7151-4061-9811-46494cdc407d}) (Version: 5.0.0.83 - Sling Media) SlingplayerForChrome (HKLM-x32\...\{bb0c4701-6cb0-48ad-bca2-413e8f92b9cd}) (Version: 0.0.0.74 - Sling Media) Snagit 12 (HKLM-x32\...\{50f2d2b0-9e6e-466f-b418-b3526b61aa3f}) (Version: 12.3.2.2920 - TechSmith Corporation) Snagit 12 (x32 Version: 12.3.2 - TechSmith Corporation) Hidden Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform) SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 2.5.2 - Krzysztof Kowalczyk) Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve) The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version: - Edmund McMillen and Florian Himsl) Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft) VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN) WinDirStat 1.1.2 (HKU\S-1-5-21-1615724195-3356573343-772561760-1001\...\WinDirStat) (Version: - ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1615724195-3356573343-772561760-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1615724195-3356573343-772561760-1001_Classes\CLSID\{2FC26622-8613-373E-AF16-1037020B1210}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1615724195-3356573343-772561760-1001_Classes\CLSID\{65314D30-1EF1-362A-95EE-8A0E1EEDBB5B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1615724195-3356573343-772561760-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation) CustomCLSID: HKU\S-1-5-21-1615724195-3356573343-772561760-1001_Classes\CLSID\{8DAB7772-9410-49BA-9958-EB8392EE2F35}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1615724195-3356573343-772561760-1001_Classes\CLSID\{8DC0828E-7DE4-37A6-951F-80EBE34305D1}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1615724195-3356573343-772561760-1001_Classes\CLSID\{DEC08347-BAAF-3527-AE62-D8E3651DEF72}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1615724195-3356573343-772561760-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1615724195-3356573343-772561760-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\kyled_000\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncApi64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1615724195-3356573343-772561760-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1615724195-3356573343-772561760-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1615724195-3356573343-772561760-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1615724195-3356573343-772561760-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1615724195-3356573343-772561760-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1615724195-3356573343-772561760-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1615724195-3356573343-772561760-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1615724195-3356573343-772561760-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ==================== Restore Points ========================= 11-05-2015 09:29:31 Installed DirectX 15-05-2015 13:03:08 Removed iTunes 18-05-2015 12:05:16 Revo Uninstaller's restore point - Auto Clicker v1.9 21-05-2015 17:14:57 Slingplayer-Desktop 26-05-2015 16:02:34 zoek.exe restore point ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {104A2B34-5DDC-4E18-A7B9-DB857D0B6E1A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation) Task: {13C4A6B7-4AA8-4023-9C0C-7DE06AEA7F5C} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe Task: {19E5BBDD-061C-4684-B0DA-49B05EF60CFB} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe Task: {35DBD3D0-6C82-4911-A1A8-7D1B2E48F453} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-13] (Google Inc.) Task: {3B2C0BF0-EF99-4E22-A89A-DE0871B4AA68} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe Task: {50394F3A-E099-404F-B6D8-F4EA99A18A54} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-22] (Adobe Systems Incorporated) Task: {764D3134-E38E-46EF-800F-2EEE7E050D4E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation) Task: {8EFB7778-DA4F-44B6-ACC6-309AA8D3D6E0} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2014-07-31] (TechSmith Corporation) Task: {8FCE1F11-7F0B-45CD-B4B3-628078EB7A5D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-13] (Google Inc.) Task: {9557002D-05FA-46EF-A3BA-14EEA2720FAD} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1615724195-3356573343-772561760-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe Task: {C2DE22EE-69DC-45EA-85CE-E1D7FBD52353} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd) Task: {C88F4D76-6FD4-4D6A-8936-BD76B8EAC319} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-18] (Microsoft Corporation) Task: {EC544D53-0DFF-46D5-891F-8F2A4F7BB3C5} - System32\Tasks\Microsoft Office 15 Sync Maintenance for USSTR0N5TI2TI0N-kyled_000 USSTr0n5Ti2ti0n => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-03-10] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2014-09-13 23:02 - 2013-07-04 05:32 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe 2014-09-20 20:34 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2015-03-16 17:50 - 2015-01-27 10:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2014-09-14 02:15 - 2010-04-03 16:05 - 00380928 _____ () C:\Program Files (x86)\Launchy\Launchy.exe 2014-11-26 10:15 - 2014-11-26 10:15 - 00910128 _____ () C:\Program Files\Palo Alto Networks\GlobalProtect\PanGpHipMp.exe 2014-11-26 10:14 - 2014-11-26 10:14 - 00045360 _____ () C:\Program Files\Palo Alto Networks\GlobalProtect\PanGpHipLib.dll 2014-09-13 23:02 - 2015-05-27 08:15 - 00034304 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll 2014-09-13 23:02 - 2013-07-04 05:32 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll 2015-04-17 04:23 - 2015-04-17 04:23 - 02099200 _____ () C:\Program Files (x86)\TechSmith\Snagit 12\opencv_core249.dll 2015-04-17 04:23 - 2015-04-17 04:23 - 00050688 _____ () C:\Program Files (x86)\TechSmith\Snagit 12\ScrollingCapture.dll 2015-04-17 04:23 - 2015-04-17 04:23 - 01914368 _____ () C:\Program Files (x86)\TechSmith\Snagit 12\opencv_imgproc249.dll 2015-05-27 08:15 - 2015-05-27 08:15 - 00043008 _____ () c:\Users\kyled_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2lzrm0.dll 2015-03-04 16:45 - 2015-03-04 16:45 - 00750080 _____ () C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2015-03-04 16:45 - 2015-03-04 16:45 - 00047616 _____ () C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\libEGL.dll 2015-03-04 16:45 - 2015-03-04 16:45 - 00865280 _____ () C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll 2015-03-04 16:45 - 2015-03-04 16:45 - 00200704 _____ () C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll 2014-09-14 02:15 - 2009-12-17 01:13 - 08314880 _____ () C:\Program Files (x86)\Launchy\QtGui4.dll 2014-09-14 02:15 - 2009-12-17 00:56 - 00712704 _____ () C:\Program Files (x86)\Launchy\QtNetwork4.dll 2014-09-14 02:15 - 2009-12-17 00:54 - 02236416 _____ () C:\Program Files (x86)\Launchy\QtCore4.dll 2014-09-14 02:15 - 2009-12-17 03:18 - 00233472 _____ () C:\Program Files (x86)\Launchy\imageformats\qmng4.dll 2014-09-14 02:15 - 2010-04-03 16:06 - 00081920 _____ () C:\Program Files (x86)\Launchy\plugins\calcy.dll 2014-09-14 02:15 - 2010-04-03 16:05 - 00090112 _____ () C:\Program Files (x86)\Launchy\plugins\controly.dll 2014-09-14 02:15 - 2010-04-03 16:06 - 00024064 _____ () C:\Program Files (x86)\Launchy\plugins\gcalc.dll 2014-09-14 02:15 - 2010-04-03 16:06 - 00094208 _____ () C:\Program Files (x86)\Launchy\plugins\runner.dll 2014-09-14 02:15 - 2010-04-03 16:05 - 00057344 _____ () C:\Program Files (x86)\Launchy\plugins\verby.dll 2014-09-14 02:15 - 2010-04-03 16:05 - 00122880 _____ () C:\Program Files (x86)\Launchy\plugins\weby.dll 2014-09-20 20:35 - 2014-09-20 20:52 - 00122024 _____ () C:\Program Files\Microsoft Office 15\root\Office15\JitV.dll 2014-12-30 22:50 - 2014-12-30 22:50 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\Office15\AppVIsvStream32.dll 2014-09-14 03:29 - 2015-04-16 12:40 - 00776192 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2015-01-24 14:28 - 2015-04-22 21:16 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll 2014-09-14 03:29 - 2015-05-14 20:58 - 02396352 _____ () C:\Program Files (x86)\Steam\video.dll 2015-01-24 14:28 - 2015-04-22 21:16 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2015-01-24 14:28 - 2015-04-22 21:16 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2014-09-14 03:29 - 2014-12-01 16:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2014-09-14 03:29 - 2014-12-01 16:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2014-09-14 03:29 - 2014-12-01 16:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2014-09-14 03:29 - 2014-12-01 16:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2014-09-14 03:29 - 2014-12-01 16:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2014-09-14 03:29 - 2015-05-14 20:57 - 00703168 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2014-09-14 03:29 - 2015-05-11 14:01 - 36302728 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll 2015-05-14 09:29 - 2015-05-11 14:01 - 08958344 _____ () C:\Program Files (x86)\Steam\bin\pdf.dll 2014-12-30 22:50 - 2014-12-30 22:50 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll 2015-02-12 21:49 - 2015-02-12 21:49 - 00526344 ____R () C:\Users\kyled_000\AppData\Roaming\salesforce.com\Salesforce for Outlook\adxloader.dll 2015-05-18 20:57 - 2015-04-14 07:42 - 01032360 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll 2015-05-26 08:18 - 2015-05-22 15:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll 2015-05-26 08:18 - 2015-05-22 15:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll 2015-05-26 08:18 - 2015-05-22 15:22 - 14982472 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\kyled_000\OneDrive:ms-properties ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1615724195-3356573343-772561760-1001\Control Panel\Desktop\\Wallpaper -> DNS Servers: 10.2.200.21 - 10.2.200.22 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "Logitech Download Assistant" HKU\S-1-5-21-1615724195-3356573343-772561760-1001\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-1615724195-3356573343-772561760-1001\...\StartupApproved\Run: => "USSTR0N5TI2TI0N" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{78942242-CB71-4FAE-8D73-77DC4BE489C1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{75055CAB-6AC5-472A-98A1-C476444A16B8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{A08B1E57-4117-4053-A9AF-F01E54D07719}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{C537216C-0488-4494-A7C2-CA9407C8E2DC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{912739FB-28F8-44D9-88AD-CA7D4F6E2703}] => (Allow) X:\SteamLibrary\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe FirewallRules: [{2B5D4EC0-EFF6-4A10-ADF4-319D9B650089}] => (Allow) X:\SteamLibrary\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe FirewallRules: [{E5C05F19-6DCA-4193-BF16-4B6A0B956C0F}] => (Allow) X:\SteamLibrary\SteamApps\common\Ace Combat Assault Horizon\Ace Combat_AH.exe FirewallRules: [{9B1FF480-D65A-4F6D-90E7-8102F14A6D9A}] => (Allow) X:\SteamLibrary\SteamApps\common\Ace Combat Assault Horizon\Ace Combat_AH.exe FirewallRules: [{7E200720-F003-437C-BEFF-C09B48E72119}] => (Allow) X:\SteamLibrary\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe FirewallRules: [{58DE4761-F815-4A1C-B394-55D79596070B}] => (Allow) X:\SteamLibrary\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe FirewallRules: [{6EF0488E-9A3C-4E88-80C5-0CAF65DB1431}] => (Allow) X:\SteamLibrary\SteamApps\common\FEZ\FEZ.exe FirewallRules: [{99612B04-A5DB-440E-8E51-CFD4B59391F1}] => (Allow) X:\SteamLibrary\SteamApps\common\FEZ\FEZ.exe FirewallRules: [{852B54DC-79A5-457E-95CA-7F19DA7F8774}] => (Allow) X:\SteamLibrary\SteamApps\common\FEZ\FEZ_LaunchOptions.exe FirewallRules: [{D4D84DC6-B7D7-4B2A-A4D7-704FB3138250}] => (Allow) X:\SteamLibrary\SteamApps\common\FEZ\FEZ_LaunchOptions.exe FirewallRules: [{DEFB0A29-C5CB-4C07-B63B-0D2DBCAB9404}] => (Allow) X:\SteamLibrary\SteamApps\common\Portal\hl2.exe FirewallRules: [{9460F7C1-6E23-47D0-A9BA-B860C644B26D}] => (Allow) X:\SteamLibrary\SteamApps\common\Portal\hl2.exe FirewallRules: [{F581F0F9-D102-4D64-A175-3D1E3FBC366C}] => (Allow) X:\SteamLibrary\SteamApps\common\FTL Faster Than Light\FTLGame.exe FirewallRules: [{2F4A3CD4-DBA2-4D6D-AA2A-77FF769B0457}] => (Allow) X:\SteamLibrary\SteamApps\common\FTL Faster Than Light\FTLGame.exe FirewallRules: [{1CF6A74D-8033-4CB8-8CEE-B2C9671FDEF4}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{43C0AA75-2C2D-47BD-8598-2883160A52A9}] => (Allow) X:\SteamLibrary\SteamApps\common\Team Fortress 2\hl2.exe FirewallRules: [{07154223-1918-4FC6-9894-0ABE3A4AAFCE}] => (Allow) X:\SteamLibrary\SteamApps\common\Team Fortress 2\hl2.exe FirewallRules: [{CE96ED5D-B8DF-4ECA-88AE-51044001BC38}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{44875495-7F33-44EF-84EB-BE186561B87E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{5D7082DD-6617-4B86-954A-A09A88B518DA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{985140B6-B639-4093-9929-8A14AD03D650}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{1FC783C3-7354-4F02-8C5F-057495A1CFCB}] => (Allow) X:\SteamLibrary\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe FirewallRules: [{FF356184-076B-438E-91EF-8959E323DF76}] => (Allow) X:\SteamLibrary\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe FirewallRules: [{615D4FD1-3837-4585-9378-4AC864603A81}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe FirewallRules: [{6E86FF6F-ECB0-4B88-A21B-5B4743127361}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe FirewallRules: [{995FDF37-272B-456F-B573-27A5373048D5}] => (Allow) C:\Program Files (x86)\Origin Games\Mass Effect 3\Binaries\Win32\MassEffect3.exe FirewallRules: [{C0B5B38E-9CDB-4F1D-9C49-39427E0FD3DD}] => (Allow) C:\Program Files (x86)\Origin Games\Mass Effect 3\Binaries\Win32\MassEffect3.exe FirewallRules: [{41433CF5-4423-4032-A548-E9BC5BA2EA3D}] => (Allow) X:\SteamLibrary\SteamApps\common\The Binding Of Isaac\Isaac.exe FirewallRules: [{A4A34FFA-8246-4EF9-981C-111DC4A4D44A}] => (Allow) X:\SteamLibrary\SteamApps\common\The Binding Of Isaac\Isaac.exe FirewallRules: [{15924362-A99A-4061-8590-BD7125F9F659}] => (Allow) LPort=8298 FirewallRules: [{FED65F50-8833-4946-B354-87946DDA75A5}] => (Allow) C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{8FAAC323-5A77-4B0E-A336-074516249216}] => (Allow) C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{D1B090AD-E918-4CC9-AAFE-7BF2172B57D9}] => (Allow) C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{E4CA22B5-53B3-47B3-996A-DE431E74DA10}] => (Allow) C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [TCP Query User{981B2877-332C-4184-8CF0-0078083A1671}C:\users\kyled_000\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\kyled_000\appdata\local\popcorn time\node-webkit\popcorn time.exe FirewallRules: [uDP Query User{3AAAF304-FD53-4FE1-ADCB-5CF224589895}C:\users\kyled_000\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\kyled_000\appdata\local\popcorn time\node-webkit\popcorn time.exe FirewallRules: [{2DF15FCB-2B40-406C-84B8-49E3DE6DD434}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{E688E708-DEC5-4ABA-8B3F-D43CC8CCD047}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{DAAE84DF-500F-45D8-8A4B-6273DFD2E56C}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{3217FC02-0F97-4BD5-9AF4-C5C58F39B57E}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{8C93650A-8D46-4674-A589-99596E5AB403}] => (Allow) X:\SteamLibrary\SteamApps\common\bittriprunner2\runner2.exe FirewallRules: [{7230204D-5A26-42B3-AB2B-BA058E721BF0}] => (Allow) X:\SteamLibrary\SteamApps\common\bittriprunner2\runner2.exe FirewallRules: [TCP Query User{BC4FC918-28E5-46A8-826F-7DD40E0BB112}C:\program files (x86)\slingplayer desktop\slingplayer desktop.exe] => (Allow) C:\program files (x86)\slingplayer desktop\slingplayer desktop.exe FirewallRules: [uDP Query User{5AD5C138-17A1-45A7-A07F-CB4B7CC22BF2}C:\program files (x86)\slingplayer desktop\slingplayer desktop.exe] => (Allow) C:\program files (x86)\slingplayer desktop\slingplayer desktop.exe FirewallRules: [{5498BFBF-40B0-4ACE-BE13-9B10CEC7E5AE}] => (Block) C:\program files (x86)\slingplayer desktop\slingplayer desktop.exe FirewallRules: [{5FB0CB81-D7D4-438E-8219-9A5B72EF687C}] => (Block) C:\program files (x86)\slingplayer desktop\slingplayer desktop.exe FirewallRules: [{564B2556-6B47-4C74-946A-4265BAAE74C8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{400452FE-A17D-4A23-A040-955017CA241E}] => (Allow) C:\Program Files\iTunes\iTunes.exe ==================== Faulty Device Manager Devices ============= Name: SM Bus Controller Description: SM Bus Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Ethernet Controller Description: Ethernet Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: PCI Simple Communications Controller Description: PCI Simple Communications Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (05/26/2015 10:43:11 AM) (Source: SideBySide) (EventID: 9) (User: ) Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3. The manifest file root element must be assembly. Error: (05/26/2015 10:42:59 AM) (Source: SideBySide) (EventID: 9) (User: ) Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3. The manifest file root element must be assembly. Error: (05/26/2015 09:28:25 AM) (Source: SideBySide) (EventID: 9) (User: ) Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3. The manifest file root element must be assembly. Error: (05/26/2015 09:27:54 AM) (Source: SideBySide) (EventID: 9) (User: ) Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3. The manifest file root element must be assembly. Error: (05/26/2015 08:42:59 AM) (Source: SideBySide) (EventID: 9) (User: ) Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3. The manifest file root element must be assembly. Error: (05/26/2015 08:34:57 AM) (Source: SideBySide) (EventID: 9) (User: ) Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3. The manifest file root element must be assembly. Error: (05/21/2015 08:04:45 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program MSACCESS.EXE version 15.0.4717.1000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1c2c Start Time: 01d09375f3f980d3 Termination Time: 0 Application Path: C:\Program Files\Microsoft Office 15\root\office15\MSACCESS.EXE Report Id: ec6931ed-ffb9-11e4-82ab-c7d2a1c0aa42 Faulting package full name: Faulting package-relative application ID: Error: (05/20/2015 00:16:43 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -2143485933 Error: (05/20/2015 00:16:43 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: ) Description: Office Subscription licensing exception: Error Code: 0x5; CorrelationId: {8DBE96F3-E2F9-4623-8BB5-C869C9472A75} Error: (05/20/2015 00:05:11 PM) (Source: SideBySide) (EventID: 9) (User: ) Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3. The manifest file root element must be assembly. System errors: ============= Error: (05/27/2015 08:13:49 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (05/27/2015 08:13:49 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (05/27/2015 08:13:49 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (05/27/2015 08:13:48 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (05/27/2015 08:13:48 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (05/26/2015 06:46:02 PM) (Source: DCOM) (EventID: 10010) (User: USSTR0N5TI2TI0N) Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Error: (05/26/2015 06:46:02 PM) (Source: DCOM) (EventID: 10010) (User: USSTR0N5TI2TI0N) Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Error: (05/26/2015 06:38:42 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 6:02:08 PM on ‎5/‎26/‎2015 was unexpected. Error: (05/26/2015 06:38:36 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY) Description: 32212256845640700810234296 Error: (05/26/2015 08:02:08 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 8:45:07 PM on ‎5/‎21/‎2015 was unexpected. Microsoft Office: ========================= Error: (05/26/2015 10:43:11 AM) (Source: SideBySide) (EventID: 9) (User: ) Description: C:\Users\kyled_000\AppData\Roaming\salesforce.com\Salesforce for Outlook\adxloader.dll.ManifestC:\Users\kyled_000\AppData\Roaming\salesforce.com\Salesforce for Outlook\adxloader.dll.Manifest2 Error: (05/26/2015 10:42:59 AM) (Source: SideBySide) (EventID: 9) (User: ) Description: C:\Users\kyled_000\AppData\Roaming\salesforce.com\Salesforce for Outlook\adxloader.dll.ManifestC:\Users\kyled_000\AppData\Roaming\salesforce.com\Salesforce for Outlook\adxloader.dll.Manifest2 Error: (05/26/2015 09:28:25 AM) (Source: SideBySide) (EventID: 9) (User: ) Description: C:\Users\kyled_000\AppData\Roaming\salesforce.com\Salesforce for Outlook\adxloader.dll.ManifestC:\Users\kyled_000\AppData\Roaming\salesforce.com\Salesforce for Outlook\adxloader.dll.Manifest2 Error: (05/26/2015 09:27:54 AM) (Source: SideBySide) (EventID: 9) (User: ) Description: C:\Users\kyled_000\AppData\Roaming\salesforce.com\Salesforce for Outlook\adxloader.dll.ManifestC:\Users\kyled_000\AppData\Roaming\salesforce.com\Salesforce for Outlook\adxloader.dll.Manifest2 Error: (05/26/2015 08:42:59 AM) (Source: SideBySide) (EventID: 9) (User: ) Description: C:\Users\kyled_000\AppData\Roaming\salesforce.com\Salesforce for Outlook\adxloader.dll.ManifestC:\Users\kyled_000\AppData\Roaming\salesforce.com\Salesforce for Outlook\adxloader.dll.Manifest2 Error: (05/26/2015 08:34:57 AM) (Source: SideBySide) (EventID: 9) (User: ) Description: C:\Users\kyled_000\AppData\Roaming\salesforce.com\Salesforce for Outlook\adxloader.dll.ManifestC:\Users\kyled_000\AppData\Roaming\salesforce.com\Salesforce for Outlook\adxloader.dll.Manifest2 Error: (05/21/2015 08:04:45 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: MSACCESS.EXE15.0.4717.10001c2c01d09375f3f980d30C:\Program Files\Microsoft Office 15\root\office15\MSACCESS.EXEec6931ed-ffb9-11e4-82ab-c7d2a1c0aa42 Error: (05/20/2015 00:16:43 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -2143485933 Error: (05/20/2015 00:16:43 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: ) Description: Office Subscription licensing exception: Error Code: 0x5; CorrelationId: {8DBE96F3-E2F9-4623-8BB5-C869C9472A75} Error: (05/20/2015 00:05:11 PM) (Source: SideBySide) (EventID: 9) (User: ) Description: C:\Users\kyled_000\AppData\Roaming\salesforce.com\Salesforce for Outlook\adxloader.dll.ManifestC:\Users\kyled_000\AppData\Roaming\salesforce.com\Salesforce for Outlook\adxloader.dll.Manifest2 CodeIntegrity Errors: =================================== Date: 2015-05-19 10:27:31.797 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-05-19 10:27:31.756 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-05-19 10:27:27.442 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-05-19 10:27:27.400 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-05-19 10:27:27.285 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-05-19 10:27:27.243 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-05-19 10:27:27.128 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-05-19 10:27:27.086 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-10-02 19:04:43.792 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-10-02 19:04:43.668 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel® Core i7-4790 CPU @ 3.60GHz Percentage of memory in use: 37% Total physical RAM: 8133.54 MB Available physical RAM: 5042.93 MB Total Pagefile: 16325.54 MB Available Pagefile: 12733.53 MB Total Virtual: 131072 MB Available Virtual: 131071.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:111.79 GB) (Free:42.11 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive x: (Professor) (Fixed) (Total:931.51 GB) (Free:855.15 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: C8BA435F) Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C8BA4367) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== End of log ============================
  2. Duggernaut86
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 Ran by kyled_000 (administrator) on USSTR0N5TI2TI0N on 27-05-2015 09:13:57Running from C:\Users\kyled_000\DownloadsLoaded Profiles: kyled_000 (Available Profiles: kyled_000)Platform: Windows 8.1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(Intel Corporation) C:\Windows\System32\igfxCUIService.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Palo Alto Networks) C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe(TechSmith Corporation) C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(Palo Alto Networks) C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Flux Software LLC) C:\Users\kyled_000\AppData\Local\FluxSoftware\Flux\flux.exe(Microsoft Corporation) C:\Windows\System32\StikyNot.exe(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\SnagPriv.exe(Dropbox, Inc.) C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\Dropbox.exe(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\TscHelp.exe(Microsoft Corporation) C:\Windows\splwow64.exe(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE() C:\Program Files (x86)\Launchy\Launchy.exe(salesforce.com) C:\Users\kyled_000\AppData\Roaming\salesforce.com\Salesforce for Outlook\SfdcMsOl.exe(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\SnagitEditor.exe(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe() C:\Program Files\Palo Alto Networks\GlobalProtect\PanGpHipMp.exe(OPSWAT, Inc.) C:\Program Files\Palo Alto Networks\GlobalProtect\32bitProxy.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchHKLM\...\Run: [GlobalProtect] => C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe [1585456 2014-11-26] (Palo Alto Networks)HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1284680 2014-01-17] (CANON INC.)HKLM-x32\...\Run: [iJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [438888 2014-01-15] (CANON INC.)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)HKU\S-1-5-21-1615724195-3356573343-772561760-1001\...\Run: [f.lux] => C:\Users\kyled_000\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)HKU\S-1-5-21-1615724195-3356573343-772561760-1001\...\Run: [uSSTR0N5TI2TI0N] => C:\ProgramData\Unknown.exeHKU\S-1-5-21-1615724195-3356573343-772561760-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [457728 2014-03-18] (Microsoft Corporation)HKU\S-1-5-21-1615724195-3356573343-772561760-1001\...\MountPoints2: {85afdce2-6b93-11e4-8270-c9902d343257} - "F:\WD SmartWare.exe" autoplay=trueHKU\S-1-5-21-1615724195-3356573343-772561760-1001\...\MountPoints2: {b1d9c79a-3bbc-11e4-8250-806e6f6e6963} - "D:\install.EXE" id= ver=1.0.0.0Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 12.lnk [2015-04-23]ShortcutTarget: Snagit 12.lnk -> C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe (TechSmith Corporation)Startup: C:\Users\kyled_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-29]ShortcutTarget: Dropbox.lnk -> C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)Startup: C:\Users\kyled_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kyled_000.exe [2015-04-27] ()Startup: C:\Users\kyled_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk [2014-09-14]ShortcutTarget: Launchy.lnk -> C:\Program Files (x86)\Launchy\Launchy.exe ()Startup: C:\Users\kyled_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Salesforce for Outlook.lnk [2015-04-29]ShortcutTarget: Salesforce for Outlook.lnk -> C:\Users\kyled_000\AppData\Roaming\salesforce.com\Salesforce for Outlook\SfdcMsOl.exe (salesforce.com)ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1615724195-3356573343-772561760-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://yourtv.linkURLSearchHook: [s-1-5-21-1615724195-3356573343-772561760-1001] ATTENTION ==> Default URLSearchHook is missingSearchScopes: HKLM -> DefaultScope value is missingSearchScopes: HKU\S-1-5-21-1615724195-3356573343-772561760-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.google.com/cse?cx=partner-pub-8036109189802438%3A7790813904&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=yourtv.link%2FSearchScopes: HKU\S-1-5-21-1615724195-3356573343-772561760-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.google.com/cse?cx=partner-pub-8036109189802438%3A7790813904&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=yourtv.link%2FBHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 10.2.200.21 10.2.200.22 FireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-22] ()FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-22] ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-09-20] (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.) Chrome: =======CHR Profile: C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Slides) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-19]CHR Extension: (Bejeweled) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2015-05-27]CHR Extension: (From Dust) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\anelkojiepicmcldgnmkplocifmegpfj [2015-05-27]CHR Extension: (Google Docs) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-19]CHR Extension: (Google Drive) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-19]CHR Extension: (Session Manager) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2015-05-27]CHR Extension: (YouTube) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-19]CHR Extension: (Pushbullet) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2015-05-27]CHR Extension: (uBlock Origin) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2015-05-27]CHR Extension: (Google Search) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-19]CHR Extension: (Google Sheets) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-19]CHR Extension: (Bookmark Manager) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-20]CHR Extension: (Kindle Cloud Reader) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2015-05-27]CHR Extension: (Slingplayer for Google Chrome™ extension) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdceheklapbalfikfdppfpgdgabaglp [2015-05-19]CHR Extension: (90`s Games) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\illbbfoihflomkbpcaaakhijinbnejom [2015-05-27]CHR Extension: (Reddit Enhancement Suite) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2015-05-27]CHR Extension: (The Great Suspender) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2015-05-27]CHR Extension: (Chrome Hotword Shared Module) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-19]CHR Extension: (Google Mail Checker) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2015-05-27]CHR Extension: (Plants vs Zombies) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina [2015-05-27]CHR Extension: (Google Wallet) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-19]CHR Extension: (Gmail) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-19]CHR Extension: (Abstract-Blue) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnacehkknmafkjgkikclamogikoiaaa [2015-05-27]CHR Extension: (Canvas Rider) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk [2015-05-27]CHR HKLM-x32\...\Chrome\Extension: [ihdceheklapbalfikfdppfpgdgabaglp] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [324424 2014-08-14] (Intel Corporation)S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1930608 2015-04-08] (Electronic Arts)R2 PanGPS; C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe [2405680 2014-11-26] (Palo Alto Networks)R2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3408384 2015-01-26] (TechSmith Corporation) [File not signed]R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices)S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-19] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-26] (Intel Corporation)S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)R3 PanGpd; C:\Windows\system32\DRIVERS\pangpd.sys [36352 2014-11-26] (Palo Alto Networks)R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]S3 iwdbus; \SystemRoot\System32\drivers\iwdbus.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-27 09:13 - 2015-05-27 09:13 - 00000000 ____D () C:\Users\kyled_000\Downloads\FRST-OlderVersion2015-05-27 08:51 - 2015-05-27 08:15 - 00015885 _____ () C:\zoek-results2015-05-27-131521.log2015-05-27 08:37 - 2015-05-27 08:37 - 00000000 ____D () C:\Users\kyled_000\Documents\Add-in Express2015-05-27 08:15 - 2015-05-27 08:15 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\VirtualStore2015-05-27 08:09 - 2015-05-26 16:02 - 00000626 _____ () C:\zoek-results2015-05-26-210248.log2015-05-26 16:21 - 2015-05-26 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2015-05-26 16:21 - 2015-05-26 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud2015-05-26 16:21 - 2015-05-26 16:21 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A72015-05-26 16:21 - 2015-05-26 16:21 - 00000000 ____D () C:\Program Files\iTunes2015-05-26 16:21 - 2015-05-26 16:21 - 00000000 ____D () C:\Program Files\iPod2015-05-26 16:21 - 2015-05-26 16:21 - 00000000 ____D () C:\Program Files (x86)\iTunes2015-05-26 16:20 - 2015-05-26 16:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime2015-05-26 16:20 - 2015-05-26 16:20 - 00000000 ____D () C:\Program Files (x86)\QuickTime2015-05-26 16:02 - 2015-05-27 08:51 - 00001183 _____ () C:\zoek-results.log2015-05-26 16:02 - 2015-05-27 08:13 - 00000000 ____D () C:\zoek_backup2015-05-26 16:02 - 2015-05-26 16:02 - 01308672 _____ () C:\Users\kyled_000\Downloads\zoek.exe2015-05-21 19:42 - 2015-05-21 19:47 - 00043689 _____ () C:\Users\kyled_000\Downloads\Addition.txt2015-05-21 19:41 - 2015-05-27 09:14 - 00020291 _____ () C:\Users\kyled_000\Downloads\FRST.txt2015-05-21 19:41 - 2015-05-21 19:47 - 00041249 _____ () C:\Users\kyled_000\Downloads\FRST(20).txt2015-05-21 18:04 - 2015-05-21 18:04 - 00151245 _____ () C:\Users\kyled_000\Desktop\Copy of AUA 2015 Booth Scans - All Days - 5-19-15 df.xlsm2015-05-21 17:15 - 2015-05-21 18:04 - 00000075 _____ () C:\Users\kyled_000\Downloads\debug.log2015-05-21 17:15 - 2015-05-21 17:15 - 00002587 _____ () C:\Users\Public\Desktop\Slingplayer Desktop.lnk2015-05-21 17:14 - 2015-05-21 17:14 - 40258296 _____ (Sling Media) C:\Users\kyled_000\Downloads\SlingplayerDesktop-5.0.0.83.exe2015-05-21 10:46 - 2015-05-21 10:46 - 00000000 _____ () C:\Windows\setuperr.log2015-05-21 10:46 - 2015-05-21 10:46 - 00000000 _____ () C:\Windows\setupact.log2015-05-21 08:05 - 2015-05-27 08:15 - 00001204 _____ () C:\Windows\PFRO.log2015-05-20 22:27 - 2015-05-20 22:27 - 00000536 _____ () C:\Users\kyled_000\Downloads\Test Insert_05_21_2015-03_25_13_error.csv2015-05-20 17:02 - 2015-05-20 17:02 - 03163665 _____ () C:\Users\kyled_000\Downloads\Contact Export-05_20_2015-22_02_15.csv2015-05-19 12:26 - 2015-05-19 12:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome2015-05-19 11:49 - 2015-05-27 09:13 - 00000000 ____D () C:\FRST2015-05-19 11:49 - 2015-05-19 11:49 - 00000677 _____ () C:\Users\kyled_000\Downloads\Search.txt2015-05-19 11:48 - 2015-05-27 09:13 - 02108928 _____ (Farbar) C:\Users\kyled_000\Downloads\FRST64.exe2015-05-19 11:25 - 2015-05-19 11:25 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\Macromedia2015-05-19 09:54 - 2015-05-19 09:54 - 00000000 _____ () C:\autoexec.bat2015-05-19 09:52 - 2015-05-19 09:52 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\kyled_000\Downloads\SpyHunter-Installer.exe2015-05-19 09:10 - 2015-05-19 09:10 - 16502728 _____ (Malwarebytes Corp.) C:\Users\kyled_000\Downloads\mbar-1.09.1.1004.exe2015-05-19 08:20 - 2015-05-19 12:14 - 00000000 ____D () C:\Windows\Minidump2015-05-18 18:05 - 2015-05-18 18:05 - 05197824 _____ () C:\Users\kyled_000\Downloads\HPSupportSolutionsFramework-11.51.0049.msi2015-05-18 18:05 - 2015-05-18 18:05 - 00000000 ____D () C:\Program Files (x86)\Hp2015-05-18 18:05 - 2015-05-18 18:05 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard2015-05-18 12:29 - 2015-05-18 12:29 - 00880208 _____ (Google Inc.) C:\Users\kyled_000\Downloads\ChromeSetup.exe2015-05-18 12:21 - 2015-05-18 12:21 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\Mozilla2015-05-18 12:21 - 2015-05-18 12:21 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\Mozilla2015-05-18 12:21 - 2015-05-18 12:21 - 00000000 ____D () C:\ProgramData\Mozilla2015-05-18 09:44 - 2015-05-27 08:52 - 00000258 __RSH () C:\Users\kyled_000\ntuser.pol2015-05-18 09:43 - 2015-05-27 08:53 - 00000000 __SHD () C:\ProgramData\Google2015-05-18 08:00 - 2015-05-18 09:43 - 00000000 __SHD () C:\ProgramData\Unknown2015-05-15 13:12 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys2015-05-15 13:06 - 2015-05-15 13:06 - 152428336 _____ (Apple Inc.) C:\Users\kyled_000\Downloads\itunes6464setup (1).exe2015-05-15 12:58 - 2015-05-15 12:59 - 152428336 _____ (Apple Inc.) C:\Users\kyled_000\Downloads\itunes6464setup.exe2015-05-15 11:37 - 2015-05-15 11:37 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\Gaijin Games2015-05-13 08:26 - 2015-05-13 08:26 - 00822248 _____ (MurGee.com ) C:\Users\kyled_000\Downloads\setup.exe2015-05-11 13:04 - 2015-05-11 13:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved2015-05-11 13:03 - 2015-05-11 13:03 - 00192816 _____ () C:\Users\kyled_000\Downloads\raptr_installer.exe2015-05-11 13:01 - 2015-05-11 13:01 - 05127432 _____ (Piriform Ltd) C:\Users\kyled_000\Downloads\spsetup128.exe2015-05-11 13:01 - 2015-05-11 13:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy2015-05-11 13:01 - 2015-05-11 13:01 - 00000000 ____D () C:\Program Files\Speccy2015-05-11 11:18 - 2015-05-11 11:18 - 00000000 ____D () C:\Users\kyled_000\.swt2015-05-11 10:48 - 2015-05-11 10:48 - 00002623 _____ () C:\Users\kyled_000\Desktop\Data Loader.lnk2015-05-11 10:48 - 2015-05-11 10:48 - 00000000 ____D () C:\Program Files (x86)\salesforce.com2015-05-11 10:47 - 2015-05-11 10:48 - 41445890 _____ () C:\Users\kyled_000\Downloads\ApexDataLoader.exe2015-05-11 10:19 - 2015-05-20 21:14 - 19718144 _____ () C:\Users\kyled_000\Documents\4K test matching for inserting.accdb2015-05-11 09:30 - 2015-05-11 09:30 - 00000000 ____D () C:\Users\kyled_000\Documents\NBGI2015-05-11 09:30 - 2015-05-11 09:30 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\NBGI2015-05-08 07:53 - 2015-05-27 08:14 - 00000008 __RSH () C:\ProgramData\ntuser.pol2015-05-07 08:23 - 2015-05-07 08:23 - 00000048 _____ () C:\Users\kyled_000\Downloads\dbm06.m3u2015-05-06 20:08 - 2015-05-06 20:51 - 00000000 ___HD () C:\ProgramData\CanonIJMIG2015-05-06 19:59 - 2015-05-06 20:00 - 00000000 ___HD () C:\ProgramData\CanonIJScan2015-05-05 22:01 - 2015-05-05 22:01 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\AMD2015-05-05 16:37 - 2015-05-05 16:37 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat2015-05-05 16:37 - 2015-05-05 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat2015-05-05 16:37 - 2015-05-05 16:37 - 00000000 ____D () C:\Program Files (x86)\WinDirStat2015-05-05 16:36 - 2015-05-05 16:36 - 00645729 _____ (WDS Team) C:\Users\kyled_000\Downloads\windirstat1_1_2_setup.exe2015-05-05 16:35 - 2015-05-05 16:36 - 00000000 ____D () C:\Program Files\Defraggler2015-05-05 16:35 - 2015-05-05 16:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler2015-05-05 16:34 - 2015-05-05 16:35 - 04532776 _____ (Piriform Ltd) C:\Users\kyled_000\Downloads\dfsetup219.exe2015-05-05 13:21 - 2015-05-27 08:37 - 00000000 ____D () C:\Users\kyled_000\Documents\Outlook Files2015-05-05 13:18 - 2015-05-05 13:18 - 00000015 _____ () C:\Users\kyled_000\Desktop\SFAdminSupport.txt2015-05-05 13:03 - 2015-05-05 13:03 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\Citrix2015-05-05 13:03 - 2015-05-05 13:03 - 00000000 ____D () C:\Program Files (x86)\Citrix2015-05-04 10:55 - 2015-05-04 10:55 - 00000000 ____D () C:\ProgramData\ATI2015-05-04 10:47 - 2015-05-15 08:28 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\Raptr2015-05-04 10:47 - 2015-05-11 13:04 - 00000000 ____D () C:\Program Files (x86)\Raptr2015-05-04 10:47 - 2015-05-04 10:47 - 00053564 _____ () C:\Windows\SysWOW64\CCCInstall_201505041047160405.log2015-05-04 10:47 - 2015-05-04 10:47 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\library_dir2015-05-04 10:47 - 2015-05-04 10:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center2015-05-04 10:47 - 2015-05-04 10:47 - 00000000 ____D () C:\ProgramData\AMD2015-05-04 10:47 - 2015-05-04 10:47 - 00000000 ____D () C:\Program Files (x86)\AMD AVT2015-05-04 10:46 - 2015-05-04 10:46 - 00000000 ____D () C:\Windows\LastGood.Tmp2015-05-04 10:46 - 2015-05-04 10:46 - 00000000 ____D () C:\Program Files (x86)\AMD2015-05-04 10:45 - 2015-05-04 10:45 - 00059756 _____ () C:\Windows\SysWOW64\CCCInstall_201505041045552144.log2015-05-04 10:39 - 2015-05-08 14:23 - 00022325 _____ () C:\Users\kyled_000\Documents\TombRaider.log2015-05-02 18:58 - 2015-05-26 18:44 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\Popcorn-Time2015-05-02 18:58 - 2015-05-02 18:58 - 00002240 _____ () C:\Users\kyled_000\Desktop\Popcorn Time.lnk2015-05-02 18:58 - 2015-05-02 18:58 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time2015-05-02 18:58 - 2015-05-02 18:58 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\Popcorn Time2015-04-30 20:07 - 2015-04-30 20:07 - 00000000 ____D () C:\Program Files (x86)\Sling Media2015-04-30 20:02 - 2015-04-30 20:02 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\SlingMedia2015-04-30 20:02 - 2015-04-30 20:02 - 00000000 ____D () C:\Program Files (x86)\SlingplayerForChrome2015-04-29 21:33 - 2015-05-12 08:01 - 00001041 _____ () C:\Users\kyled_000\Desktop\Dropbox.lnk2015-04-29 21:32 - 2015-05-12 08:01 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2015-04-29 09:07 - 2015-05-27 08:37 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\Deployment2015-04-29 09:07 - 2015-04-29 09:07 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\Apps\2.02015-04-29 09:04 - 2015-05-11 10:48 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\salesforce.com2015-04-29 09:04 - 2015-05-11 10:48 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\salesforce.com2015-04-28 15:00 - 2015-04-28 15:00 - 01536639 _____ () C:\Users\kyled_000\Downloads\Urologist List (3).csv2015-04-28 14:30 - 2015-04-28 14:30 - 02176314 _____ () C:\Users\kyled_000\Downloads\Urologist List (2).csv2015-04-27 15:32 - 2015-04-27 16:21 - 00002236 ____H () C:\Users\kyled_000\Documents\Default.rdp ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-27 09:13 - 2014-09-22 20:30 - 00005018 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for USSTR0N5TI2TI0N-kyled_000 USSTr0n5Ti2ti0n2015-05-27 09:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru2015-05-27 08:52 - 2014-09-13 22:59 - 00000000 ____D () C:\Users\kyled_0002015-05-27 08:44 - 2015-04-22 10:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2015-05-27 08:37 - 2015-04-23 10:47 - 00012784 _____ () C:\Users\kyled_000\PanPortalCfg_df4e06ca886479cce62ff6072284d2.dat2015-05-27 08:37 - 2015-04-23 10:47 - 00000016 _____ () C:\Users\kyled_000\PanPUAC_df4e06ca886479cce62ff6072284d2.dat2015-05-27 08:37 - 2015-04-23 10:36 - 03910735 _____ () C:\Users\kyled_000\PanGPA.log2015-05-27 08:37 - 2014-09-14 02:15 - 00000000 ____D () C:\Program Files (x86)\Steam2015-05-27 08:36 - 2014-09-13 22:59 - 01432860 _____ () C:\Windows\WindowsUpdate.log2015-05-27 08:21 - 2014-03-18 05:03 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI2015-05-27 08:17 - 2014-09-13 23:01 - 00000938 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-05-27 08:15 - 2014-09-14 02:18 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\Dropbox2015-05-27 08:15 - 2014-09-13 23:01 - 00000934 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-05-27 08:15 - 2014-09-13 23:00 - 00000000 ___DO () C:\Users\kyled_000\OneDrive2015-05-27 08:15 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2015-05-27 08:14 - 2013-08-22 10:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy2015-05-27 08:14 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy2015-05-27 08:14 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\BBI2015-05-26 18:29 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness2015-05-26 17:50 - 2014-09-13 23:04 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1615724195-3356573343-772561760-10012015-05-26 16:21 - 2014-11-13 22:21 - 00000000 ____D () C:\Program Files\Common Files\Apple2015-05-26 08:10 - 2014-09-22 20:30 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1615724195-3356573343-772561760-10012015-05-21 17:15 - 2014-09-15 22:00 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\Sling Media2015-05-19 12:25 - 2014-09-13 23:01 - 00000000 ____D () C:\Program Files (x86)\Google2015-05-19 12:14 - 2014-09-13 23:10 - 00000000 ____D () C:\Windows\Panther2015-05-19 11:41 - 2015-04-26 11:57 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-05-19 08:20 - 2013-08-22 09:44 - 00487560 _____ () C:\Windows\system32\FNTCACHE.DAT2015-05-18 21:27 - 2014-09-20 20:34 - 00000000 ____D () C:\Program Files\Microsoft Office 152015-05-18 20:46 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\LiveKernelReports2015-05-18 12:30 - 2014-09-13 23:01 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\Google2015-05-15 14:12 - 2014-09-13 23:01 - 00003910 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2015-05-15 14:12 - 2014-09-13 23:01 - 00003674 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2015-05-15 13:27 - 2014-11-13 22:22 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\Apple Computer2015-05-09 23:24 - 2014-09-28 14:44 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\vlc2015-05-09 21:57 - 2014-09-28 14:45 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\dvdcss2015-05-08 13:11 - 2014-09-14 02:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive2015-05-06 20:08 - 2015-04-25 21:23 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\canon2015-05-05 16:32 - 2014-09-14 02:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-05-05 16:32 - 2014-09-14 02:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2015-05-04 10:45 - 2014-09-14 01:26 - 00000000 ____D () C:\Program Files\AMD2015-05-04 10:42 - 2014-09-14 01:26 - 00000000 ____D () C:\AMD Files to move or delete:====================C:\Users\kyled_000\PanPortalCfg_df4e06ca886479cce62ff6072284d2.datC:\Users\kyled_000\PanPUAC_df4e06ca886479cce62ff6072284d2.dat Some files in TEMP:====================C:\Users\kyled_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2lzrm0.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-26 08:34 ==================== End of log ============================
  3. Duggernaut86
    No. It exists with Firefox and IE, as well.
  4. Duggernaut86
    Nothing has changed.
  5. Duggernaut86
    Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by kyled_000 on Wed 05/27/2015 at 8:50:58.03. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\kyled_000\Downloads\zoek.exe [scan all users] [script inserted] ==== Older Logs ====================== C:\zoek-results2015-05-26-210248.log 626 bytes C:\zoek-results2015-05-27-131521.log 15885 bytes ==== System Restore Info ====================== 5/27/2015 8:51:15 AM Zoek.exe System Restore Point Created Successfully. ==== Reset Google Chrome ====================== C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=30 folders=27 184836991 bytes) ==== EOF on Wed 05/27/2015 at 8:51:23.63 ======================
  6. Duggernaut86
    Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by kyled_000 on Wed 05/27/2015 at 8:08:35.32. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\kyled_000\Downloads\zoek.exe [scan all users] [script inserted] ==== Older Logs ====================== C:\zoek-results2015-05-26-210248.log 626 bytes ==== System Restore Info ====================== 5/27/2015 8:09:07 AM Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\COMMON~1\Intel deleted successfully C:\PROGRA~3\Canon IJ Network Tool deleted successfully C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully C:\PROGRA~3\USSTR0N5TI2TI0N deleted successfully C:\Users\kyled_000\AppData\Roaming\uTorrent deleted successfully C:\Users\kyled_000\AppData\Local\Adobe deleted successfully C:\Users\kyled_000\AppData\Local\CrashDumps deleted successfully C:\Users\kyled_000\AppData\Local\MigWiz deleted successfully C:\Users\kyled_000\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Batch Command(s) Run By Tool====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found C:\PROGRA~3\APN deleted C:\PROGRA~3\Package Cache deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\windows\SysNative\GroupPolicy\machine deleted C:\windows\SysNative\GroupPolicy\User deleted C:\windows\SysNative\GroupPolicy\gpt.ini deleted C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted C:\PROGRA~3\Unknown.exe deleted "C:\Users\kyled_000\Documents\Add-in Express\adxloader.log" not deleted "C:\Users\kyled_000\Documents\Add-in Express" not deleted ==== Chromium Look ====================== Google Chrome Version: 43.0.2357.81 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions ihdceheklapbalfikfdppfpgdgabaglp - No path found[] Bejeweled - kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm Session Manager - kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi Pushbullet - kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd uBlock₀ - kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm Bookmark Manager - kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik Kindle Cloud Reader - kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd Slingplayer for Google Chrome™ extension - kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdceheklapbalfikfdppfpgdgabaglp 90`s Games - kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\illbbfoihflomkbpcaaakhijinbnejom Reddit Enhancement Suite - kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb The Great Suspender - kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg Chrome Hotword Shared Module - kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg Plants vs Zombies - kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina Abstract-Blue - kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnacehkknmafkjgkikclamogikoiaaa Canvas Rider - kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk ==== Chromium Startpages ====================== C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Preferences pko.com:443,https://mail.opko.com:443":{"ssl-cert-decisions":{"cert_exceptions_map":{"4294967094K4Ayqb8EJGitqUH9EHWmIW67MGpi90SP9z51bhoGFP4=":1},"guid":"27F1FB73-F60B-4A1C-9B62-8F03A09ED232","version":1}},"https://www.ups.com:443,https://www.ups.com:443":{"geolocation":1,"last_used":{"geolocation":1431120144.511697}},"https://www.youtube.com:443,https://www.youtube.com:443":{"fullscreen":1}},"pref_version":1},"default_content_setting_values":{"plugins":1},"default_content_settings":{},"exit_type":"Crashed","exited_cleanly":true,"gaia_info_picture_url":"https://lh4.googleusercontent.com/-dFJjrQojlvA/AAAAAAAAAAI/AAAAAAAAAE0/11avQ4L5ZGo/s256-c/photo.jpg","gaia_info_update_time":"13077205346128617","icon_version":3,"managed_user_id":"","managed_users":{},"migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"DefaultProfile","per_host_zoom_levels":{}},"protection":{"macs":{}},"reverse_autologin":{"enabled":false},"selectfile":{"last_directory":"C:\\Users\\kyled_000\\Downloads"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13076529960972621"},"signin":{"signedin_time":"13076531025383011"},"sync":{"encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAATtzlc45W0Ea8wLv/wSj26wAAAAACAAAAAAAQZgAAAAEAACAAAADq2Ialk+fFLGSQQhKrf0XwNKC3XPbz9cx1ppxEMGLX1AAAAAAOgAAAAAIAACAAAACrbZI8ZcpS5J0lvPmPUnqa76Pm7CubnEslFsaYObMvLEAAAAC9XIMBdmZXlKfFQgLTnWnVJTDXkd2YU3C6PqawubwpJQYx8ZAWa3zOWvqqZ3+nvc2ZO366Xzwzq968cCWyU38eQAAAACYBiBwHSpzKeqq85N5vwnfU35lwpGY7bW+UPRF+/h0LovLnlBpUbMwTPxWTZwWlMWe1Q9qRhrUCtzDCPZoDMhM=","first_sync_time":"13076531025404001","has_setup_completed":true,"keystore_encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAATtzlc45W0Ea8wLv/wSj26wAAAAACAAAAAAAQZgAAAAEAACAAAABXYFPOTK4tOzPbT/6dYeFmsccgFJnwv8jPl/oIRgXJjQAAAAAOgAAAAAIAACAAAADmJFRoKrlc/l0wUJP17Xniazw4EI465ipxqNrC3Q8qo1AAAAAZrIpnz28R2eAXHBDpYGi8S7Sc7YY4fH4Lb8zsvERRS+wmektChAecex7ebLucD3dIlQeF2f1BkBUODsEWWMvxmCpI0KfBvvLEwZZeD+he9EAAAABvMkfDfpHQlUGStD4j4xbA1s1NRIOuhpgXeCZDCELV2RY9ZGnFYCTK8ys6QSpnEULrHO+5M8cbaF33g3pttEqi","last_synced_time":"13077206001634258","session_sync_guid":"session_sync3yPwjBLjehfySrm+yt2VHA==","suppress_start":false},"sync_promo":{"startup_count":1},"translate_accepted_count":{"ar":1,"da":1,"de":5,"en":0,"es":5,"fr":2,"hr":1,"is":1,"it":1,"ja":0,"ms":2,"mt":0,"nl":1,"no":1,"pl":1,"pt":0,"ro":0,"ru":4,"sv":1,"tr":0},"translate_blocked_languages":[],"translate_denied_count":{"ar":0,"da":0,"de":0,"en":1,"es":0,"fr":0,"hr":0,"is":0,"it":0,"ja":1,"ms":0,"mt":1,"nl":0,"no":0,"pl":0,"pt":1,"ro":1,"ru":0,"sv":0,"tr":1},"translate_language_blacklist":[],"translate_site_blacklist":[],"translate_whitelists":{"de":"en","es":"en","ru":"en"}} age":true,"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"443105A5D7E3041242C828DE7142C8503A6D66C05A48371317A5FB3B2FB1442B"},"default_search_provider":{"keyword":"62EE1E4B12E798BE35332924D3C0BEA0E8BCE2FBB368349CD2A31FE36004E87C","name":"2731A9A574BCEB7D433A7A544525CF9D77A2BE5E489F71670CDFD3B40E317EDE","search_url":"33419E611CC36B9C2D97B46797FDF199D4C83F1E5FB1C2BB86754C775AF4501A"},"default_search_provider_data":{"template_url_data":"2DFD8664C54836CFBC18A420A51DFEEE08A2764FE386DD3121BD8E8161438E10"},"extensions":{"settings":{"aapocclcgogkmnckokdopfmhonfmgoek":"198C1FDA0F2777658EDD2AABC3B9AF5AF50790F480C8F12595772F725153E1E7","adpkifcfcacgmnggcbpbjbkdijciiigm":"3F51B318BE1B4C237575FCA51DD7F5F868E18A1FC35A4B124FF4B9D7AD3493F8","ahfgeienlihckogmohjhadlkjgocpleb":"2C5E924DF6D06446D2C259591E1498BBEE2EE0517CF4DF0FC0288DC301309964","anelkojiepicmcldgnmkplocifmegpfj":"654ECDF2FC57E57299684767AFA23DB37077F2141E281008A2214499C57E5B50","aohghmighlieiainnegkcijnfilokake":"5BDDD858EE1F41A77B39DB4E0E6B1C0ACCC76CACB8634FB8D7B232E88E0BCCF0","apdfllckaahabafndbhieahigkjlhalf":"92D7ACC75BEAEFBD5F8776A8E4CCD63623A3D7E64A2F20D43C76B12A84968946","bbcnbpafconjjigibnhbfmmgdbbkcjfi":"6144AC5F68098F63BA35DA7C41463D8CA40C1A69DBAEDB46DE20BEDD77A25EBB","bepbmhgboaologfdajaanbcjmnhjmhfn":"4D0D87545B6A49363D4E183D401F1B6DA183AB989E1B1B115D67C916D3A6729D","blpcfgokakmgnkcojhhkbfbldkacnbeo":"13901B027D66488CB70B7A70912E8FF669BE4FB780BBE09563F4F3EC0703419C","chlffgpmiacpedhhbkiomidkjlcfhogd":"E30C2A500BFFB42E48DD0597954124867C7108C7C2A6E8CA8B4F8141CC490029","cjpalhdlnbpafiamejdnhcphjbkeiagm":"A2B8A2DA677B791E9BF257988EAC0F75BA988745A643AEA7D5A40EC8ADBEF273","coobgpohoikkiipiblmjeljniedjpjpf":"A207A5DBCD1B09E1B56C13B9D45C82631BB68380E8F5E40A118C266CF38370FE","eemcgdkfndhakfknompkggombfjjjeno":"F79A7C60B1C54540A4B4154DFEDF20997018128D7C5EBE6652E2412AAE154178","ennkphjdgehloodpbhlhldgbnhmacadg":"F2EEF65F412F954D02C8212623AA71B15ED7E87F0BD20EF84D6EC42AB86252B7","felcaaldnbdncclmgdcncolpebgiejap":"B616D7296A3874746BDDB0D74D7C92322FCC70BC953F1F4D1F8944F4F51D457D","gfdkimpbcpahaombhbimeihdjnejgicl":"A105C4D5259FC18E102C5B60E2EA5BDC52324BAA7E264472679319C72E54239F","gmlllbghnfkpflemihljekbapjopfjik":"6CDC8854638EC7808EC4A6145B952C79BECBE5D6DFACE915CBA88D56339557A3","icdipabjmbhpdkjaihfjoikhjjeneebd":"0B4A52B1FE535ED075861AFF51653CAF3600E0DDD400B06E6375AA63146BF251","ihdceheklapbalfikfdppfpgdgabaglp":"CDCC5D948E8464399F27D01FAB3D91CA9F4BA6E69A6CA617FB598FD8D1877AC5","illbbfoihflomkbpcaaakhijinbnejom":"28378E197A0CB46FAB0A422C21350D271FDB4192ECEE2D10A1A2E1C7295F6370","kbmfpngjjgdllneeigpgjifpgocmfgmb":"78CCE0E79EC87A711B7236A6C37CC5D2087B699CC61AD72E392C77C3C5670E51","klbibkeccnjlkjkiokjodocebajanakg":"67659C6CE28B3A7DFC7FBEACB67F4164F8E06D3ACFE21898C5A84C8ADAED3E8D","kmendfapggjehodndflmmgagdbamhnfd":"9E56CD77FE94BF2FF0CBFD1043E92FA1135BA62F4D19C7D8FF4BA969EBA776F0","lccekmodgklaepjeofjdjpbminllajkg":"FD8A8267C720500B34ED6E0568992A1CE60828579974E01324D373E0295AEEBC","mfehgcgbbipciphmccgaenjidiccnmng":"B10C7EBF8693B725C5152BF1DECCA4A5D370F3D1B4B347436ED4E3F8766AB252","mfffpogegjflfpflabcdkioaeobkgjik":"0F3AA9AEE73E774BE62F0D4EF151845BC6CBB79A6FE3B5A6BA19C836A5DF0452","mgndgikekgjfcpckkfioiadnlibdjbkf":"69521998DBE4720D385775C971EC03F03704EDCC2EAFAB44DD7A5C64C6DAD18A","mhjfbmdgcfjbbpaeojofohoefgiehjai":"9284BF6BF27B6162B117FAA2D9515EDBBFF038B96FE0A2D860B391E610B463D6","mihcahmgecmbnbcchbopgniflfhgnkff":"374F276B276D88EFFDE4919E0CC4E318CA87EDFFA9FD292C6ECB3F76D0C96423","mmcegpfdgcoclcdfkjahiimlikdpnina":"D92F1EBDD4C6F8B3FC43FEF569DAB3AF8E99DB210D1E4064DB7DDC89E42F00B4","nbpagnldghgfoolbancepceaanlmhfmd":"AA502E650C6ABC1BB2D8E811BA20A15282E0FFE3031F598FFBE8CB008801901F","neajdppkdcdipfabeoofebfddakdcjhd":"AEE4CDFEC9C54BFB7727AB9EC1FB7013AE724209324D270985CFB211C780D4F9","nkeimhogjdpnpccoofpliimaahmaaome":"E25F29913106DE5CC2E39FF10F03295C817571A96C78CB0A24C7699F972937DD","nmmhkkegccagdldgiimedpiccmgmieda":"DC766796D39D568DE1A111E966DF1E8D47BDDF7B859C879B17301162F892F756","oohphhdkahjlioohbalmicpokoefkgid":"1E24F30AD7818BF7E5B8AAF99D85D23D96B83175F60290C5480FFD61A59229A4","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"5BB098AD3387EDCAD065818FF55A11E8FB5612A6F1FBDDBE02C9D6E4272F10CC","pjkljhegncpnkpknbcohdijeoejaedia":"23410F7FB1840EC5A952BB75FB03605D7117C283CA6A723611F574A2CD7EA3E3","plnacehkknmafkjgkikclamogikoiaaa":"80DACF3398F315F98607C53916E9A024661044114670E7595313413F1ECCB0D5","poknhlcknimnnbfcombaooklofipaibk":"A147E0045628DEF72B08502C9B9AEDC101C265FBB9EC19227C39B55494AE1598"}},"google":{"services":{"last_username":"E41645188AEDA5B58C72D97E2DC763D43C4CA3FFC320A65E41F488F633D1AB99","username":"E4F75288D0D5D146033FD70705AAEA8D7EE5EC620136B09FCFEDC5794C318FC9"}},"homepage":"3BCBDAE077E86AD8276080A2F91174571F87B9B5C5DD57E7E80B863C6ECA4E32","homepage_is_newtabpage":"30DBA8FF003B23679BBFF3F51416157D38A8FD12E80CB8E33394751C4BDA9E5A","pinned_tabs":"960B58A197CFC26C566354AC20B81CE62EE36B8454DBE3052B347DC74A068931","prefs":{"preference_reset_time":"383D5C75D907C16C91BD1C7463C4A6FC975D74626EF60CF45ACEB5868B4F82C4"},"profile":{"reset_prompt_memento":"6A423FC5A1B6CBC6212365C96F5EBACC628DC7F72DA9ADFFE18919B3F3E0E74B"},"safebrowsing":{"incidents_sent":"39A79A8E1D11AF0AAB1A4B07F16A652F6AAD431CA2BDFC99BD4648D32365FA72"},"search_provider_overrides":"97BCD90309A957FC6138950653E0DFC2B3B50083C2DF693A58FEC5207D142F1F","session":{"restore_on_startup":"4CC6A486CC08E9A8D033431CA68C5EBA0DA31F6939D2FEFD73D1841BA4758F8D","startup_urls":"BE1BDD13965F4FDA83BB229622510BBD73F8133748C94F8CD7443C7954DC58B4"},"software_reporter":{"prompt_reason":"3B286B6D674191DC084E69D3A2DCAC903DCE7BD92028F49799373D90BA69F739","prompt_seed":"0880FD97194D235026481FDE2A4491F7A8B1AD66369AA4C6C3A87A1841D3CDFC","prompt_version":"496FA3CD012B5924E56806C15E2993CD1CD479980D66F24976167B7644EEC799"},"sync":{"remaining_rollback_tries":"75C01A8E112D967534E490594CADF8ABCBB564267A91DC11744632FCE8C92EE9"}},"super_mac":"2A851A43268E12371E9708E2BFA933A408368743552E78510386F52B5389FBFD"},"session":{"restore_on_startup":5,"startup_urls":["http://www.google.com/reader/view/#overview-page]},"sync":{"remaining_rollback_tries":0}} ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://yourtv.link" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://yourtv.link" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Google Url="http://www.google.com/cse?cx=partner-pub-8036109189802438%3A7790813904&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=yourtv.link%2F" ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\kyled_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\kyled_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\kyled_000\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\kyled_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=30 folders=27 184836991 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\kyled_000\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\KYLED_~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\kyled_000\Documents\Add-in Express\adxloader.log" not found "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found "C:\Users\kyled_000\Documents\Add-in Express" not found ==== EOF on Wed 05/27/2015 at 8:15:21.72 ======================
  7. Duggernaut86
    Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by kyled_000 on Tue 05/26/2015 at 16:02:22.64. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\kyled_000\Downloads\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 5/26/2015 4:02:40 PM Zoek.exe System Restore Point Created Successfully. ==== Batch Command(s) Run By Tool====================== ==== C:\zoek_backup content ====================== C:\zoek_backup (files=0 folders=0 0 bytes) ==== EOF on Tue 05/26/2015 at 16:02:48.25 ======================
  8. Duggernaut86
    FRST.txtFRST.txt and Addition.txtAddition.txt
  9. Duggernaut86
    Apologies, here is the FRST scan file: ******************************************************************************************************************************************************************************************************* Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-05-2015 Ran by kyled_000 (administrator) on USSTR0N5TI2TI0N on 21-05-2015 19:47:19 Running from C:\Users\kyled_000\Downloads Loaded Profiles: kyled_000 (Available profiles: kyled_000) Platform: Windows 8.1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Palo Alto Networks) C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe (TechSmith Corporation) C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Palo Alto Networks) C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Flux Software LLC) C:\Users\kyled_000\AppData\Local\FluxSoftware\Flux\flux.exe (TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\SnagPriv.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\TscHelp.exe (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (Microsoft Corporation) C:\Windows\splwow64.exe (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE (Dropbox, Inc.) C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\Dropbox.exe () C:\Program Files (x86)\Launchy\Launchy.exe (salesforce.com) C:\Users\kyled_000\AppData\Roaming\salesforce.com\Salesforce for Outlook\SfdcMsOl.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\SnagitEditor.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Microsoft Corporation) C:\Windows\System32\UserAccountControlSettings.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Farbar) C:\Users\kyled_000\Downloads\FRST64 (1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM-x32\...\Run: [GlobalProtect] => C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe [1585456 2014-11-26] (Palo Alto Networks) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.) HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1284680 2014-01-17] (CANON INC.) HKLM-x32\...\Run: [iJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [438888 2014-01-15] (CANON INC.) HKU\S-1-5-21-1615724195-3356573343-772561760-1001\...\Run: [f.lux] => C:\Users\kyled_000\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC) HKU\S-1-5-21-1615724195-3356573343-772561760-1001\...\Run: [uSSTR0N5TI2TI0N] => C:\ProgramData\Unknown.exe [7965128 2015-04-27] () HKU\S-1-5-21-1615724195-3356573343-772561760-1001\...\MountPoints2: {85afdce2-6b93-11e4-8270-c9902d343257} - "F:\WD SmartWare.exe" autoplay=true HKU\S-1-5-21-1615724195-3356573343-772561760-1001\...\MountPoints2: {b1d9c79a-3bbc-11e4-8250-806e6f6e6963} - "D:\install.EXE" id= ver=1.0.0.0 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 12.lnk [2015-04-23] ShortcutTarget: Snagit 12.lnk -> C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe (TechSmith Corporation) Startup: C:\Users\kyled_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-29] ShortcutTarget: Dropbox.lnk -> C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\kyled_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kyled_000.exe [2015-04-27] () Startup: C:\Users\kyled_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk [2014-09-14] ShortcutTarget: Launchy.lnk -> C:\Program Files (x86)\Launchy\Launchy.exe () Startup: C:\Users\kyled_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Salesforce for Outlook.lnk [2015-04-29] ShortcutTarget: Salesforce for Outlook.lnk -> C:\Users\kyled_000\AppData\Roaming\salesforce.com\Salesforce for Outlook\SfdcMsOl.exe (salesforce.com) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1615724195-3356573343-772561760-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://yourtv.link URLSearchHook: [s-1-5-21-1615724195-3356573343-772561760-1001] ATTENTION ==> Default URLSearchHook is missing SearchScopes: HKLM -> DefaultScope value is missing SearchScopes: HKU\S-1-5-21-1615724195-3356573343-772561760-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.google.com/cse?cx=partner-pub-8036109189802438%3A7790813904&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=yourtv.link%2F SearchScopes: HKU\S-1-5-21-1615724195-3356573343-772561760-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.google.com/cse?cx=partner-pub-8036109189802438%3A7790813904&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=yourtv.link%2F BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation) BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation) BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation) FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-22] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-22] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-09-20] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.) Chrome: ======= CHR Profile: C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-19] CHR Extension: (Bejeweled) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2015-05-19] CHR Extension: (From Dust) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\anelkojiepicmcldgnmkplocifmegpfj [2015-05-19] CHR Extension: (Google Docs) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-19] CHR Extension: (Google Drive) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-19] CHR Extension: (Session Manager) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2015-05-19] CHR Extension: (YouTube) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-19] CHR Extension: (Pushbullet) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2015-05-19] CHR Extension: (uBlock Origin) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2015-05-19] CHR Extension: (Google Search) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-19] CHR Extension: (Google Sheets) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-19] CHR Extension: (Bookmark Manager) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-20] CHR Extension: (Kindle Cloud Reader) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2015-05-19] CHR Extension: (Slingplayer for Google Chrome™ extension) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdceheklapbalfikfdppfpgdgabaglp [2015-05-19] CHR Extension: (90`s Games) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\illbbfoihflomkbpcaaakhijinbnejom [2015-05-19] CHR Extension: (Reddit Enhancement Suite) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2015-05-19] CHR Extension: (The Great Suspender) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2015-05-19] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-19] CHR Extension: (Google Mail Checker) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2015-05-19] CHR Extension: (Plants vs Zombies) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina [2015-05-19] CHR Extension: (Google Wallet) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-19] CHR Extension: (Gmail) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-19] CHR Extension: (Abstract-Blue) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnacehkknmafkjgkikclamogikoiaaa [2015-05-19] CHR Extension: (Canvas Rider) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk [2015-05-19] CHR HKLM-x32\...\Chrome\Extension: [ihdceheklapbalfikfdppfpgdgabaglp] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] () R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [324424 2014-08-14] (Intel Corporation) S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1930608 2015-04-08] (Electronic Arts) R2 PanGPS; C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe [2405680 2014-11-26] (Palo Alto Networks) R2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3408384 2015-01-26] (TechSmith Corporation) [File not signed] R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] () R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices) U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-10-03] (GEAR Software Inc.) S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-19] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation) R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-26] (Intel Corporation) S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation) R3 PanGpd; C:\Windows\system32\DRIVERS\pangpd.sys [36352 2014-11-26] (Palo Alto Networks) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation) S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X] S3 iwdbus; \SystemRoot\System32\drivers\iwdbus.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-21 19:42 - 2015-05-21 19:45 - 00043539 _____ () C:\Users\kyled_000\Downloads\Addition.txt 2015-05-21 19:41 - 2015-05-21 19:47 - 00019516 _____ () C:\Users\kyled_000\Downloads\FRST.txt 2015-05-21 19:41 - 2015-05-21 19:41 - 02108416 _____ (Farbar) C:\Users\kyled_000\Downloads\FRST64 (1).exe 2015-05-21 18:04 - 2015-05-21 18:04 - 00151245 _____ () C:\Users\kyled_000\Desktop\Copy of AUA 2015 Booth Scans - All Days - 5-19-15 df.xlsm 2015-05-21 17:15 - 2015-05-21 18:04 - 00000075 _____ () C:\Users\kyled_000\Downloads\debug.log 2015-05-21 17:15 - 2015-05-21 17:15 - 00002587 _____ () C:\Users\Public\Desktop\Slingplayer Desktop.lnk 2015-05-21 17:14 - 2015-05-21 17:14 - 40258296 _____ (Sling Media) C:\Users\kyled_000\Downloads\SlingplayerDesktop-5.0.0.83.exe 2015-05-21 10:46 - 2015-05-21 10:46 - 00000000 _____ () C:\Windows\setuperr.log 2015-05-21 10:46 - 2015-05-21 10:46 - 00000000 _____ () C:\Windows\setupact.log 2015-05-21 08:05 - 2015-05-21 08:05 - 00000308 _____ () C:\Windows\PFRO.log 2015-05-20 22:27 - 2015-05-20 22:27 - 00000536 _____ () C:\Users\kyled_000\Downloads\Test Insert_05_21_2015-03_25_13_error.csv 2015-05-20 17:02 - 2015-05-20 17:02 - 03163665 _____ () C:\Users\kyled_000\Downloads\Contact Export-05_20_2015-22_02_15.csv 2015-05-19 12:26 - 2015-05-19 12:26 - 00002235 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-05-19 12:26 - 2015-05-19 12:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-05-19 11:49 - 2015-05-21 19:47 - 00000000 ____D () C:\FRST 2015-05-19 11:49 - 2015-05-19 11:49 - 00000677 _____ () C:\Users\kyled_000\Downloads\Search.txt 2015-05-19 11:48 - 2015-05-19 11:48 - 02107392 _____ (Farbar) C:\Users\kyled_000\Downloads\FRST64.exe 2015-05-19 11:25 - 2015-05-19 11:25 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\Macromedia 2015-05-19 09:54 - 2015-05-19 09:54 - 00000000 _____ () C:\autoexec.bat 2015-05-19 09:52 - 2015-05-19 09:52 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\kyled_000\Downloads\SpyHunter-Installer.exe 2015-05-19 09:12 - 2015-05-19 09:20 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-05-19 09:10 - 2015-05-19 09:10 - 16502728 _____ (Malwarebytes Corp.) C:\Users\kyled_000\Downloads\mbar-1.09.1.1004.exe 2015-05-19 08:20 - 2015-05-19 12:14 - 00000000 ____D () C:\Windows\Minidump 2015-05-18 18:05 - 2015-05-18 18:05 - 05197824 _____ () C:\Users\kyled_000\Downloads\HPSupportSolutionsFramework-11.51.0049.msi 2015-05-18 18:05 - 2015-05-18 18:05 - 00000000 ____D () C:\Program Files (x86)\Hp 2015-05-18 18:05 - 2015-05-18 18:05 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard 2015-05-18 12:29 - 2015-05-18 12:29 - 00880208 _____ (Google Inc.) C:\Users\kyled_000\Downloads\ChromeSetup.exe 2015-05-18 12:21 - 2015-05-18 12:21 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\Mozilla 2015-05-18 12:21 - 2015-05-18 12:21 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\Mozilla 2015-05-18 12:21 - 2015-05-18 12:21 - 00000000 ____D () C:\ProgramData\Mozilla 2015-05-18 09:44 - 2015-05-19 12:02 - 00000258 __RSH () C:\Users\kyled_000\ntuser.pol 2015-05-18 09:43 - 2015-05-21 19:38 - 00000000 __SHD () C:\ProgramData\Google 2015-05-18 08:00 - 2015-05-18 09:43 - 00000000 __SHD () C:\ProgramData\Unknown 2015-05-15 13:12 - 2015-05-15 13:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-05-15 13:12 - 2015-05-15 13:12 - 00000000 ____D () C:\Program Files\iTunes 2015-05-15 13:12 - 2015-05-15 13:12 - 00000000 ____D () C:\Program Files\iPod 2015-05-15 13:12 - 2015-05-15 13:12 - 00000000 ____D () C:\Program Files (x86)\iTunes 2015-05-15 13:12 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys 2015-05-15 13:06 - 2015-05-15 13:06 - 152428336 _____ (Apple Inc.) C:\Users\kyled_000\Downloads\itunes6464setup (1).exe 2015-05-15 12:58 - 2015-05-15 12:59 - 152428336 _____ (Apple Inc.) C:\Users\kyled_000\Downloads\itunes6464setup.exe 2015-05-15 11:37 - 2015-05-15 11:37 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\Gaijin Games 2015-05-13 08:26 - 2015-05-13 08:26 - 00822248 _____ (MurGee.com ) C:\Users\kyled_000\Downloads\setup.exe 2015-05-11 13:04 - 2015-05-11 13:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved 2015-05-11 13:03 - 2015-05-11 13:03 - 00192816 _____ () C:\Users\kyled_000\Downloads\raptr_installer.exe 2015-05-11 13:01 - 2015-05-11 13:01 - 05127432 _____ (Piriform Ltd) C:\Users\kyled_000\Downloads\spsetup128.exe 2015-05-11 13:01 - 2015-05-11 13:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy 2015-05-11 13:01 - 2015-05-11 13:01 - 00000000 ____D () C:\Program Files\Speccy 2015-05-11 11:18 - 2015-05-11 11:18 - 00000000 ____D () C:\Users\kyled_000\.swt 2015-05-11 10:48 - 2015-05-11 10:48 - 00002623 _____ () C:\Users\kyled_000\Desktop\Data Loader.lnk 2015-05-11 10:48 - 2015-05-11 10:48 - 00000000 ____D () C:\Program Files (x86)\salesforce.com 2015-05-11 10:47 - 2015-05-11 10:48 - 41445890 _____ () C:\Users\kyled_000\Downloads\ApexDataLoader.exe 2015-05-11 10:19 - 2015-05-20 21:14 - 19718144 _____ () C:\Users\kyled_000\Documents\4K test matching for inserting.accdb 2015-05-11 09:30 - 2015-05-11 09:30 - 00000000 ____D () C:\Users\kyled_000\Documents\NBGI 2015-05-11 09:30 - 2015-05-11 09:30 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\NBGI 2015-05-08 07:53 - 2015-05-19 12:02 - 00000258 __RSH () C:\ProgramData\ntuser.pol 2015-05-07 08:23 - 2015-05-07 08:23 - 00000048 _____ () C:\Users\kyled_000\Downloads\dbm06.m3u 2015-05-06 20:08 - 2015-05-06 20:51 - 00000000 ___HD () C:\ProgramData\CanonIJMIG 2015-05-06 19:59 - 2015-05-06 20:00 - 00000000 ___HD () C:\ProgramData\CanonIJScan 2015-05-05 22:01 - 2015-05-05 22:01 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\AMD 2015-05-05 16:37 - 2015-05-05 16:37 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat 2015-05-05 16:37 - 2015-05-05 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat 2015-05-05 16:37 - 2015-05-05 16:37 - 00000000 ____D () C:\Program Files (x86)\WinDirStat 2015-05-05 16:36 - 2015-05-05 16:36 - 00645729 _____ (WDS Team) C:\Users\kyled_000\Downloads\windirstat1_1_2_setup.exe 2015-05-05 16:35 - 2015-05-05 16:36 - 00000000 ____D () C:\Program Files\Defraggler 2015-05-05 16:35 - 2015-05-05 16:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler 2015-05-05 16:34 - 2015-05-05 16:35 - 04532776 _____ (Piriform Ltd) C:\Users\kyled_000\Downloads\dfsetup219.exe 2015-05-05 13:21 - 2015-05-21 18:04 - 00000000 ____D () C:\Users\kyled_000\Documents\Outlook Files 2015-05-05 13:18 - 2015-05-05 13:18 - 00000015 _____ () C:\Users\kyled_000\Desktop\SFAdminSupport.txt 2015-05-05 13:03 - 2015-05-05 13:03 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\Citrix 2015-05-05 13:03 - 2015-05-05 13:03 - 00000000 ____D () C:\Program Files (x86)\Citrix 2015-05-04 10:55 - 2015-05-04 10:55 - 00000000 ____D () C:\ProgramData\ATI 2015-05-04 10:47 - 2015-05-15 08:28 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\Raptr 2015-05-04 10:47 - 2015-05-11 13:04 - 00000000 ____D () C:\Program Files (x86)\Raptr 2015-05-04 10:47 - 2015-05-04 10:47 - 00053564 _____ () C:\Windows\SysWOW64\CCCInstall_201505041047160405.log 2015-05-04 10:47 - 2015-05-04 10:47 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\library_dir 2015-05-04 10:47 - 2015-05-04 10:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center 2015-05-04 10:47 - 2015-05-04 10:47 - 00000000 ____D () C:\ProgramData\AMD 2015-05-04 10:47 - 2015-05-04 10:47 - 00000000 ____D () C:\Program Files (x86)\AMD AVT 2015-05-04 10:46 - 2015-05-04 10:46 - 00000000 ____D () C:\Windows\LastGood.Tmp 2015-05-04 10:46 - 2015-05-04 10:46 - 00000000 ____D () C:\Program Files (x86)\AMD 2015-05-04 10:45 - 2015-05-04 10:45 - 00059756 _____ () C:\Windows\SysWOW64\CCCInstall_201505041045552144.log 2015-05-04 10:39 - 2015-05-08 14:23 - 00022325 _____ () C:\Users\kyled_000\Documents\TombRaider.log 2015-05-02 18:58 - 2015-05-19 08:28 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\Popcorn-Time 2015-05-02 18:58 - 2015-05-02 18:58 - 00002240 _____ () C:\Users\kyled_000\Desktop\Popcorn Time.lnk 2015-05-02 18:58 - 2015-05-02 18:58 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time 2015-05-02 18:58 - 2015-05-02 18:58 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\Popcorn Time 2015-04-30 20:07 - 2015-04-30 20:07 - 00000000 ____D () C:\Program Files (x86)\Sling Media 2015-04-30 20:02 - 2015-04-30 20:02 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\SlingMedia 2015-04-30 20:02 - 2015-04-30 20:02 - 00000000 ____D () C:\Program Files (x86)\SlingplayerForChrome 2015-04-29 21:33 - 2015-05-12 08:01 - 00001041 _____ () C:\Users\kyled_000\Desktop\Dropbox.lnk 2015-04-29 21:32 - 2015-05-12 08:01 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-04-29 09:07 - 2015-05-21 08:07 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\Deployment 2015-04-29 09:07 - 2015-04-29 09:07 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\Apps\2.0 2015-04-29 09:04 - 2015-05-11 10:48 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\salesforce.com 2015-04-29 09:04 - 2015-05-11 10:48 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\salesforce.com 2015-04-29 09:04 - 2015-04-29 09:07 - 00000000 ____D () C:\Users\kyled_000\Documents\Add-in Express 2015-04-28 15:00 - 2015-04-28 15:00 - 01536639 _____ () C:\Users\kyled_000\Downloads\Urologist List (3).csv 2015-04-28 14:30 - 2015-04-28 14:30 - 02176314 _____ () C:\Users\kyled_000\Downloads\Urologist List (2).csv 2015-04-27 20:08 - 2015-05-07 07:58 - 00000000 __SHD () C:\ProgramData\USSTR0N5TI2TI0N 2015-04-27 20:08 - 2015-04-27 20:06 - 07965128 ___SH () C:\ProgramData\Unknown.exe 2015-04-27 15:32 - 2015-04-27 16:21 - 00002236 ____H () C:\Users\kyled_000\Documents\Default.rdp 2015-04-26 11:57 - 2015-05-19 11:41 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-04-25 21:23 - 2015-05-06 20:08 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\canon 2015-04-25 21:23 - 2014-03-18 05:00 - 00408576 _____ (CANON INC.) C:\Windows\system32\CNMXLMC9.DLL 2015-04-25 21:22 - 2015-04-25 21:22 - 00000000 ____D () C:\Windows\system32\STRING 2015-04-25 21:22 - 2015-04-25 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG6600 series User Registration 2015-04-25 21:22 - 2015-04-25 21:22 - 00000000 ____D () C:\ProgramData\Canon IJ Network Tool 2015-04-25 21:22 - 2014-03-17 14:15 - 00380928 _____ (CANON INC.) C:\Windows\SysWOW64\CNMNPPM.DLL 2015-04-25 21:22 - 2014-03-17 14:15 - 00375296 _____ (CANON INC.) C:\Windows\system32\CNMN6PPM.DLL 2015-04-25 21:22 - 2014-03-17 14:15 - 00039424 _____ (CANON INC.) C:\Windows\system32\CNMN6UI.DLL 2015-04-25 21:22 - 2014-01-21 13:15 - 00336896 _____ (CANON INC.) C:\Windows\SysWOW64\CNC_C9L.dll 2015-04-25 21:22 - 2013-12-02 12:58 - 00096000 _____ () C:\Windows\SysWOW64\CNC177ED.TBL 2015-04-25 21:22 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll 2015-04-25 21:21 - 2015-04-25 21:21 - 00000000 ____D () C:\ProgramData\CanonIJWSpt 2015-04-25 21:17 - 2015-04-25 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities 2015-04-25 21:17 - 2015-04-25 21:22 - 00000000 ____D () C:\Program Files\Canon 2015-04-25 21:17 - 2015-04-25 21:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG6600 series Manual 2015-04-25 21:16 - 2015-04-25 21:17 - 00000000 ___HD () C:\Program Files\CanonBJ 2015-04-25 21:13 - 2014-03-18 05:00 - 00406016 _____ (CANON INC.) C:\Windows\system32\CNMLMC9.DLL 2015-04-25 21:00 - 2015-04-25 21:00 - 00000000 ___HD () C:\ProgramData\CanonIJETV 2015-04-25 20:57 - 2015-04-25 21:28 - 00000000 ____D () C:\Program Files (x86)\Canon 2015-04-24 16:38 - 2015-04-24 16:38 - 00854285 _____ () C:\Users\kyled_000\Downloads\Non-Inactive Urologists (1).xls 2015-04-24 16:22 - 2015-04-24 16:22 - 00854285 _____ () C:\Users\kyled_000\Downloads\Non-Inactive Urologists.xls 2015-04-24 16:18 - 2015-04-24 16:18 - 00088574 _____ () C:\Users\kyled_000\Downloads\Verified Urologists.csv 2015-04-23 17:26 - 2015-04-23 17:26 - 00001090 _____ () C:\Users\kyled_000\Desktop\join.me.lnk 2015-04-23 17:26 - 2015-04-23 17:26 - 00001090 _____ () C:\Users\kyled_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk 2015-04-23 17:26 - 2015-04-23 17:26 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\LogMeIn 2015-04-23 17:26 - 2015-04-23 17:26 - 00000000 ____D () C:\ProgramData\LogMeIn 2015-04-23 15:20 - 2015-04-23 17:26 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\join.me 2015-04-23 12:04 - 2015-04-23 12:05 - 00000000 ____D () C:\Users\kyled_000\Documents\Snagit 2015-04-23 12:03 - 2015-05-19 12:14 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\CrashDumps 2015-04-23 12:03 - 2015-04-23 12:03 - 00003826 _____ () C:\Windows\System32\Tasks\TechSmith Updater 2015-04-23 12:03 - 2015-04-23 12:03 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\TechSmith 2015-04-23 12:03 - 2015-04-23 12:03 - 00000000 ____D () C:\ProgramData\TechSmith 2015-04-23 12:03 - 2015-04-23 12:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith 2015-04-23 12:03 - 2015-04-23 12:03 - 00000000 ____D () C:\Program Files (x86)\TechSmith 2015-04-23 10:50 - 2015-04-23 10:51 - 78392312 _____ (TechSmith Corporation) C:\Users\kyled_000\Downloads\snagit.exe 2015-04-23 10:47 - 2015-05-21 08:07 - 00012784 _____ () C:\Users\kyled_000\PanPortalCfg_df4e06ca886479cce62ff6072284d2.dat 2015-04-23 10:47 - 2015-05-21 08:07 - 00000016 _____ () C:\Users\kyled_000\PanPUAC_df4e06ca886479cce62ff6072284d2.dat 2015-04-23 10:36 - 2015-05-21 19:38 - 03726460 _____ () C:\Users\kyled_000\PanGPA.log 2015-04-23 10:35 - 2015-04-23 10:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Palo Alto Networks 2015-04-23 10:35 - 2015-04-23 10:35 - 00000000 ____D () C:\Program Files\Palo Alto Networks 2015-04-23 10:34 - 2015-04-23 10:35 - 14396416 _____ () C:\Users\kyled_000\Downloads\GlobalProtect64.msi 2015-04-23 10:34 - 2015-04-23 10:34 - 00673699 _____ () C:\Users\kyled_000\Downloads\Urologist List.csv 2015-04-23 09:50 - 2015-04-23 09:50 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\openvr 2015-04-22 10:16 - 2015-05-21 19:44 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-04-22 10:16 - 2015-04-22 10:16 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-04-22 10:15 - 2015-05-04 10:50 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\Adobe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-21 19:17 - 2014-09-13 23:01 - 00000938 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-05-21 19:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru 2015-05-21 18:27 - 2014-09-22 20:30 - 00005018 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for USSTR0N5TI2TI0N-kyled_000 USSTr0n5Ti2ti0n 2015-05-21 17:25 - 2014-09-13 22:59 - 01102183 _____ () C:\Windows\WindowsUpdate.log 2015-05-21 17:15 - 2014-09-15 22:00 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\Sling Media 2015-05-21 17:15 - 2014-09-14 01:26 - 00000000 ____D () C:\ProgramData\Package Cache 2015-05-21 16:35 - 2014-09-14 02:15 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-05-21 14:17 - 2014-09-13 23:01 - 00000934 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-05-21 08:09 - 2014-03-18 05:03 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-05-21 08:07 - 2014-09-14 02:18 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\Dropbox 2015-05-21 08:06 - 2014-09-13 23:00 - 00000000 ___DO () C:\Users\kyled_000\OneDrive 2015-05-21 08:05 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-05-21 08:04 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2015-05-19 17:21 - 2014-09-13 23:04 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1615724195-3356573343-772561760-1001 2015-05-19 12:25 - 2014-09-13 23:01 - 00000000 ____D () C:\Program Files (x86)\Google 2015-05-19 12:14 - 2015-01-29 19:14 - 00000000 ___DC () C:\Users\kyled_000\AppData\Local\MigWiz 2015-05-19 12:14 - 2014-09-13 23:10 - 00000000 ____D () C:\Windows\Panther 2015-05-19 12:02 - 2014-09-13 22:59 - 00000000 ____D () C:\Users\kyled_000 2015-05-19 08:20 - 2013-08-22 09:44 - 00487560 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-05-18 21:27 - 2014-09-20 20:34 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2015-05-18 20:46 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\LiveKernelReports 2015-05-18 12:30 - 2014-09-13 23:01 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\Google 2015-05-18 09:44 - 2013-08-22 10:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2015-05-18 09:44 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2015-05-15 14:12 - 2014-09-13 23:01 - 00003910 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-05-15 14:12 - 2014-09-13 23:01 - 00003674 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-05-15 13:27 - 2014-11-13 22:22 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\Apple Computer 2015-05-15 13:12 - 2014-11-13 22:21 - 00000000 ____D () C:\Program Files\Common Files\Apple 2015-05-14 08:01 - 2014-09-22 20:30 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1615724195-3356573343-772561760-1001 2015-05-09 23:24 - 2014-09-28 14:44 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\vlc 2015-05-09 21:57 - 2014-09-28 14:45 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\dvdcss 2015-05-08 13:11 - 2014-09-14 02:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2015-05-05 16:32 - 2014-09-14 02:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-05-05 16:32 - 2014-09-14 02:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-05-04 10:45 - 2014-09-14 01:26 - 00000000 ____D () C:\Program Files\AMD 2015-05-04 10:42 - 2014-09-14 01:26 - 00000000 ____D () C:\AMD 2015-04-26 12:22 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness 2015-04-26 12:17 - 2014-09-13 22:59 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\Packages 2015-04-25 21:22 - 2013-08-22 10:36 - 00000000 __RSD () C:\Windows\Media 2015-04-22 09:19 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\NDF ==================== Files in the root of some directories ======= 2015-04-27 20:08 - 2015-04-27 20:06 - 7965128 ___SH () C:\ProgramData\Unknown.exe Files to move or delete: ==================== C:\ProgramData\Unknown.exe C:\Users\kyled_000\PanPortalCfg_df4e06ca886479cce62ff6072284d2.dat C:\Users\kyled_000\PanPUAC_df4e06ca886479cce62ff6072284d2.dat Some files in TEMP: ==================== C:\Users\kyled_000\AppData\Local\Temp\amd-catalyst-omega-14.12-without-dotnet45-win8.1-64bit.exe C:\Users\kyled_000\AppData\Local\Temp\AutoDetectUtilApp.exe C:\Users\kyled_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzxsrsu.dll C:\Users\kyled_000\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe C:\Users\kyled_000\AppData\Local\Temp\MSETUP4.EXE C:\Users\kyled_000\AppData\Local\Temp\msvcp110.dll C:\Users\kyled_000\AppData\Local\Temp\msvcr110.dll C:\Users\kyled_000\AppData\Local\Temp\pc-decrapifier.exe C:\Users\kyled_000\AppData\Local\Temp\raptrpatch.exe C:\Users\kyled_000\AppData\Local\Temp\raptr_stub.exe C:\Users\kyled_000\AppData\Local\Temp\sfamcc00001.dll C:\Users\kyled_000\AppData\Local\Temp\sfextra.dll C:\Users\kyled_000\AppData\Local\Temp\sqlite3.dll C:\Users\kyled_000\AppData\Local\Temp\uninstall.exe C:\Users\kyled_000\AppData\Local\Temp\utt13E.tmp.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-15 09:46 ==================== End of log ============================
  10. Duggernaut86
    Hello all, My browsers have all been hijacked, in that any omnibox search query goes through the custom search utility of a site called yourtv.link. Search engine manager says locked by administrator and there are no other accounts on my computer save my own. I have been able to update and run malwarebyte anti-malware and rootkit which have found nothing, Windows defender finds nothing. Search results find nothing. Registry edits have come to no avail. Revo full-uninstalls of all browser programs aren't helping. Please help. Attached are images of the search engine manager and a test search demonstrating the hijacked omnibar in action. Addition.txt FRST.txt
  11. Duggernaut86
    Hello all, My browsers have been hijacked in that any omnibox search query goes through the customsearch utility of a site called yourtv.link. Search engine manager says locked by administrator and there are no other accounts on my computer save my own. I have been able to update and run malwarebyte anti-malware and rootkit which have found nothing, Windows defender finds nothing. Search results find nothing. Registry edits have come to no avail. Revo full-uninstalls of all browser programs aren't helping. Please help. Attached are images of the search engine manager and a test search demonstrating the hijacked omnibar in action.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.