Darth_Kittens
Honorary Members-
Posts
24 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by Darth_Kittens
-
DNSAPI.dll is missing
Darth_Kittens replied to Darth_Kittens's topic in Resolved Malware Removal Logs
Internet access seems to back to normal now -- Malwarebytes will launch and update and Chrome and IE can pull up web pages once more. -
DNSAPI.dll is missing
Darth_Kittens replied to Darth_Kittens's topic in Resolved Malware Removal Logs
Here is the fixlog.txt Fixlog.txt -
DNSAPI.dll is missing
Darth_Kittens replied to Darth_Kittens's topic in Resolved Malware Removal Logs
Here are the two log files: FRST.txt Addition.txt -
I am unable to launch Malwarebytes. Instead I get an error message that DNSAPI.dll is missing. Microsoft Security Essentials recently cleaned a virus and from what I have seen in Google it appears that the two may be connected. What should I do?
-
The second problem was on a different computer, but I have found the solution so no help is necessary there after all. For the record the second problem was a Windows 8.1 box where Metro apps could access the Internet but desktop apps could not. It had had some malware on it that got cleaned, so I don't know if malware was the source of the problem or not. The solution was to reset Winsock with "netsh winsock reset" from an Administrator prompt followed by a reboot.
-
It looks like it may be fixed. The Google SRT did not find anything but ever since I reset Chrome and IE and rebooted, neither one has had any bogus tabs or popups. If this one is fixed, do you have time to help me with a different problem? I opened a separate thread on that a couple of days ago but an admin closed it and said I should bring it up here after the first problem was fixed. If you don't, we can close this and I will start a new thread.
-
I have attached the fixlog.txt file. The problem of the random new tabs opening up is still.there so I will go on and do the Chrome scan/reset and then the IE reset and let you know how that goes. Fixlog.txt
-
Am I infected with something?
Darth_Kittens replied to Darth_Kittens's topic in Resolved Malware Removal Logs
Here are the updated log files: Addition.txt FRST.txt -
I have attached the log from the Eset scan eset_log.txt
-
Am I infected with something?
Darth_Kittens replied to Darth_Kittens's topic in Resolved Malware Removal Logs
Here are the log files. This started the same day I upgraded to the most recent version of Malwarebytes. I don't know if there's a connection there or not. Addition.txt FRST.txt -
I noticed this morning that Malwarebytes hasn't updated for two days and neither Chrome nor desktop IE can access the Internet. Strangely the Metro version of IE *can* access the Internet and that's where I'm writing this. The 8/15 Malwarebytes update file has not found anything out of the ordinary. Is this a malware thing or is there some configuration problem? I looked through the Internet Options and didn't see anything that looked wrong. No proxy was set.
-
The Malwarebytes scan came back clean but I'm still having the issues in both Chrome and IE. I also forgot to mention that I am also getting popups with debugging type messages that seem to have to do with Flash. Example: SecurityError: Error #2060: Security sandbox violation: ExternalInterface caller https://forums.malwarebytes.org/public/js/3rd_party/swfupload/swfupload.swf?preventswfcaching=1439768892957 cannot access <unknown>. at flash.external::ExternalInterface$/_evalJS() at flash.external::ExternalInterface$/call() at ExternalCall$/Bool() at SWFUpload/CheckExternalInterface() at MethodInfo-10() at flash.utils::Timer/_timerDispatch() at flash.utils::Timer/tick()
-
I don't think it's a Chrome problem -- even with all the extensions disabled it still happens in Chrome and it happens in IE now too -- 'best coupons' sidebar and random bogus tabs opening when I click on links. I guess I did not try IE long enough before when I said it seemed to be fixed. I am running another Malwarebytes scan. I will let you know how that turns out.
-
Additional scan result of Farbar Recovery Scan Tool (x64) Version:16-08-2015 Ran by Web (2015-08-16 17:32:59) Running from C:\Users\Web\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2744511804-60897879-1795108344-500 - Administrator - Disabled) aklyk_000 (S-1-5-21-2744511804-60897879-1795108344-1007 - Limited - Enabled) => C:\Users\aklyk_000 Guest (S-1-5-21-2744511804-60897879-1795108344-501 - Limited - Disabled) halca_000 (S-1-5-21-2744511804-60897879-1795108344-1006 - Limited - Enabled) => C:\Users\halca_000 HomeGroupUser$ (S-1-5-21-2744511804-60897879-1795108344-1003 - Limited - Enabled) mooke_000 (S-1-5-21-2744511804-60897879-1795108344-1005 - Limited - Enabled) => C:\Users\mooke_000 pauli_000 (S-1-5-21-2744511804-60897879-1795108344-1004 - Administrator - Enabled) => C:\Users\pauli_000 Web (S-1-5-21-2744511804-60897879-1795108344-1001 - Administrator - Enabled) => C:\Users\Web ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Action Replay PowerSaves 3DS version 1.29 (HKLM-x32\...\{CD24B06F-0A4D-410A-AEF2-DFE6A28AB4C0}_is1) (Version: 1.29 - Datel Design & Development) Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated) Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden Alcor Micro USB Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.) Alcor Micro USB Card Reader Driver (x32 Version: 20.21.3317.03861 - Alcor Micro Corp.) Hidden Amazing World (HKLM-x32\...\Steam App 293500) (Version: - Ganz) AMD Catalyst Install Manager (HKLM\...\{7288D4D9-90E0-2B03-43D0-0BB6D4496577}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) Amnesia: The Dark Descent (HKLM-x32\...\Steam App 57300) (Version: - Frictional Games) Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden Brick-Force (EU) (HKLM-x32\...\Steam App 335330) (Version: - Exe Games Inc.) Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden Castle Crashers (HKLM-x32\...\Steam App 204360) (Version: - The Behemoth) Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version: - Cheat Engine) Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine) Clicker Heroes (HKLM-x32\...\Steam App 363970) (Version: - ) Collaboration Data Objects 1.2.1 (HKLM-x32\...\{86EF9EB6-DE10-4ABB-B221-D61972BB3C09}) (Version: 6.5.7940.0 - Microsoft) Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden Cry of Fear (HKLM-x32\...\Steam App 223710) (Version: - Team Psykskallar) Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.) CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6805 - CyberLink Corp.) CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3103 - CyberLink Corp.) Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4323 - CyberLink Corp.) CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3215 - CyberLink Corp.) CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3215 - CyberLink Corp.) CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3212 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden Fistful of Frags (HKLM-x32\...\Steam App 265630) (Version: - Fistful of Frags Team) Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - ) Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.155 - Google Inc.) Google Drive (HKLM-x32\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.15) (Version: 9.15 - Artifex Software Inc.) Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd) HP Documentation (HKLM-x32\...\{06600E94-1C34-40E2-AB09-D30AECF78172}) (Version: 1.1.0.0 - Hewlett-Packard) HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard) HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.51 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard) Inst5675 (Version: 8.00.51 - Softex Inc.) Hidden Inst5676 (Version: 8.00.51 - Softex Inc.) Hidden iRepo 5.3.0.0 (HKLM-x32\...\iRepo_is1) (Version: 5.3.0.0 - Purple Ghost Software, Inc.) Ironclad Tactics (HKLM-x32\...\Steam App 226960) (Version: - Zachtronics) iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.) Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation) Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden Mahjongg Dimensions Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) Mitos.is: The Game (HKLM-x32\...\Steam App 389570) (Version: - Freakinware Studios) Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Music Rescue (HKLM-x32\...\{5F503B34-022D-4C56-9D40-53D2916CE3C9}) (Version: 4.5.1 - KennettNet Software Ltd) Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden NBA 2K15 (HKLM-x32\...\Steam App 282350) (Version: - Visual Concepts) Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.) PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.) Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden Pinger (HKLM-x32\...\Pinger 1.1.1.2) (Version: 1.1.1.2 - Pinger Inc.) Pinger (x32 Version: 1.1.1.2 - Pinger Inc.) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden Pokémon Trading Card Game Online (HKLM-x32\...\{D81F39D4-FDA9-4356-92B1-16081D8BF71A}) (Version: 1.0.0 - The Pokémon Company International) Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve) PVZ Garden Warfare (HKLM-x32\...\{A5AC7D7B-C1D5-4AF9-8829-993DA335BE1B}) (Version: 1.0.3.0 - Electronic Arts) Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros) QuickBooks (x32 Version: 24.0.4008.2403 - Intuit Inc.) Hidden QuickBooks Pro 2014 (HKLM-x32\...\{4A21D17E-2FE8-42CD-88B7-ACF8E8860834}) (Version: 24.0.4003.2403 - Intuit Inc.) QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7090 - Realtek Semiconductor Corp.) Recovery Manager (x32 Version: 5.5.0.7001 - CyberLink Corp.) Hidden Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Sharepod 4.0.1.1 (HKLM-x32\...\{085BCFB8-F6FB-4600-AFAB-1F6DBC7F5F99}_is1) (Version: - Macroplant LLC) Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.) Spooky's House of Jump Scares (HKLM-x32\...\Steam App 356670) (Version: - Lag Studios) Spotify (HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve) Team Fortress Classic (HKLM-x32\...\Steam App 20) (Version: - Valve) Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic) The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version: - Edmund McMillen and Florian Himsl) The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version: - Nicalis, Inc.) Time Clickers (HKLM-x32\...\Steam App 385770) (Version: - Proton Studio Inc) TouchCopy 12 (HKLM-x32\...\{363B852D-FBAD-4BAB-B1E9-28937DCDA620}) (Version: 12.46 - Wide Angle Software) Trove (HKLM-x32\...\Steam App 304050) (Version: - Trion Worlds) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.3.0.0 - Azureus Software, Inc.) WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation) X Rebirth (HKLM-x32\...\Steam App 2870) (Version: - Egosoft) Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 29-07-2015 04:09:48 Windows Update 11-08-2015 11:39:06 Scheduled Checkpoint 16-08-2015 12:39:33 Removed Java 7 Update 60 (64-bit) 16-08-2015 16:12:37 Restore Point Created by FRST ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {089607A1-22D1-4172-A106-4DEEEDF53A49} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {283EFFA8-8543-4156-9297-F4967767E0AC} - System32\Tasks\updateTask => c:\task.vbs Task: {2F8869EE-DDF4-4189-B218-0FA932BA833B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-05] (Google Inc.) Task: {33C6C936-27C9-4864-BC10-AD0EE8157838} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink) Task: {34CE367C-12F8-40EF-A247-F2A77A5692E5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {364C2067-47B8-4DA0-9B7F-DEF696AC3D31} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {4D0A3E5D-EA2D-4BC2-A3B0-35166C769E0C} - System32\Tasks\runTask => %TEMP%/Updater.exe Task: {6D630EE5-9363-4E34-80CB-05227AE6CFBA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-08-13] (Microsoft Corporation) Task: {78433DFD-CEDB-4793-AB00-0EAAE5EA786D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated) Task: {912CDA96-E250-45E0-A69F-CBE9F94642F8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-31] (Hewlett-Packard) Task: {A8A586F8-3AB2-43BE-B7E5-91B816889678} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {C6F354D6-01F3-42C3-BCB8-DD6F19DF9582} - System32\Tasks\HPCeeScheduleForWeb => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {D5016636-D008-4FA8-A9CA-F95655C46526} - System32\Tasks\HPCeeScheduleForpauli_000 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {D576BEE5-6B9B-4783-98AB-0F5C1E1AF9F9} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.) Task: {D5E45616-3703-4421-BCF8-C2617A3EB32A} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser Task: {DF80B38C-CA93-4FAD-887C-AD8EDE5A02EB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-31] (Hewlett-Packard) Task: {E0656664-4567-4309-817B-5F2691F42BE0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-05] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\HPCeeScheduleForpauli_000.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\windows\Tasks\HPCeeScheduleForWeb.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\windows\Tasks\User_Feed_Synchronization-{04B9E90F-251F-4172-81A6-1ACCE334504E}.job => C:\windows\system32\msfeedssync.exe Task: C:\windows\Tasks\User_Feed_Synchronization-{C5F881FB-A495-42CB-A304-59516024C554}.job => C:\windows\system32\msfeedssync.exe ==================== Loaded Modules (Whitelisted) ============== 2013-09-05 05:22 - 2013-09-05 05:22 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe 2013-09-05 05:24 - 2013-09-05 05:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll 2013-09-05 05:24 - 2013-09-05 05:24 - 02540544 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll 2013-09-05 05:21 - 2013-09-05 05:21 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll 2013-09-05 05:21 - 2013-09-05 05:21 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll 2013-09-05 05:21 - 2013-09-05 05:21 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll 2013-09-05 05:36 - 2013-09-05 05:36 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll 2013-09-05 05:36 - 2013-09-05 05:36 - 01298832 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll 2014-11-15 16:50 - 2013-10-23 16:24 - 00087600 _____ () C:\windows\System32\cpwmon64.dll 2013-09-05 05:31 - 2013-09-05 05:31 - 00064000 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe 2013-06-05 15:51 - 2013-06-05 15:51 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll 2015-07-03 02:01 - 2015-07-03 02:01 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\ErrorReporting.dll 2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2015-08-11 15:15 - 2015-08-07 19:13 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\libglesv2.dll 2015-08-11 15:15 - 2015-08-07 19:13 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\libegl.dll 2015-08-16 16:59 - 2015-08-16 16:59 - 00098816 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\win32api.pyd 2015-08-16 16:59 - 2015-08-16 16:59 - 00110080 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\pywintypes27.dll 2015-08-16 16:59 - 2015-08-16 16:59 - 00364544 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\pythoncom27.dll 2015-08-16 16:59 - 2015-08-16 16:59 - 00045568 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\_socket.pyd 2015-08-16 16:59 - 2015-08-16 16:59 - 01161216 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\_ssl.pyd 2015-08-16 16:59 - 2015-08-16 16:59 - 00320512 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\win32com.shell.shell.pyd 2015-08-16 16:59 - 2015-08-16 16:59 - 00713216 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\_hashlib.pyd 2015-08-16 16:59 - 2015-08-16 16:59 - 01176576 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\wx._core_.pyd 2015-08-16 16:59 - 2015-08-16 16:59 - 00806400 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\wx._gdi_.pyd 2015-08-16 16:59 - 2015-08-16 16:59 - 00816128 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\wx._windows_.pyd 2015-08-16 16:59 - 2015-08-16 16:59 - 01067008 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\wx._controls_.pyd 2015-08-16 16:59 - 2015-08-16 16:59 - 00733184 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\wx._misc_.pyd 2015-08-16 16:59 - 2015-08-16 16:59 - 00682496 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\pysqlite2._sqlite.pyd 2015-08-16 16:59 - 2015-08-16 16:59 - 00087552 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\_ctypes.pyd 2015-08-16 16:59 - 2015-08-16 16:59 - 00119808 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\win32file.pyd 2015-08-16 16:59 - 2015-08-16 16:59 - 00108544 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\win32security.pyd 2015-08-16 16:59 - 2015-08-16 16:59 - 00007168 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\hashobjs_ext.pyd 2015-08-16 16:59 - 2015-08-16 16:59 - 00068096 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\usb_ext.pyd 2015-08-16 16:59 - 2015-08-16 16:59 - 00167936 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\win32gui.pyd 2015-08-16 16:59 - 2015-08-16 16:59 - 00018432 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\win32event.pyd 2015-08-16 16:59 - 2015-08-16 16:59 - 00128512 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\_elementtree.pyd 2015-08-16 16:59 - 2015-08-16 16:59 - 00127488 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\pyexpat.pyd 2015-08-16 16:59 - 2015-08-16 16:59 - 00013824 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\common.time34.pyd 2015-08-16 16:59 - 2015-08-16 16:59 - 00036864 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\_psutil_windows.pyd 2015-08-16 16:59 - 2015-08-16 16:59 - 00038912 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\win32inet.pyd 2015-08-16 16:59 - 2015-08-16 16:59 - 00011264 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\win32crypt.pyd 2015-08-16 16:59 - 2015-08-16 16:59 - 00077312 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\wx._html2.pyd 2015-08-16 16:59 - 2015-08-16 16:59 - 00027136 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\_multiprocessing.pyd 2015-08-16 16:59 - 2015-08-16 16:59 - 00020480 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\_yappi.pyd 2015-08-16 16:59 - 2015-08-16 16:59 - 00035840 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\win32process.pyd 2015-08-16 16:59 - 2015-08-16 16:59 - 00686080 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\unicodedata.pyd 2015-08-16 16:59 - 2015-08-16 16:59 - 00123392 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\wx._wizard.pyd 2015-08-16 16:59 - 2015-08-16 16:59 - 00024064 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\win32pipe.pyd 2015-08-16 16:59 - 2015-08-16 16:59 - 00010240 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\select.pyd 2015-08-16 16:59 - 2015-08-16 16:59 - 00025600 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\win32pdh.pyd 2015-08-16 16:59 - 2015-08-16 16:59 - 00525640 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\windows._lib_cacheinvalidation.pyd 2015-08-16 16:59 - 2015-08-16 16:59 - 00017408 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\win32profile.pyd 2015-08-16 16:59 - 2015-08-16 16:59 - 00022528 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\win32ts.pyd 2015-08-16 16:59 - 2015-08-16 16:59 - 00078848 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\wx._animate.pyd 2014-05-29 20:05 - 2013-08-05 02:49 - 00627672 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2013-08-05 17:48 - 2013-08-05 17:48 - 00016856 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\aklyk_000\OneDrive:ms-properties AlternateDataStreams: C:\Users\mooke_000\SkyDrive:ms-properties AlternateDataStreams: C:\Users\pauli_000\SkyDrive:ms-properties AlternateDataStreams: C:\Users\Web\SkyDrive:ms-properties ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Uiviuuj => ""="service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2744511804-60897879-1795108344-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Web\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\20130104_180917.jpg DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\StartupFolder: => "QuickBooks_Standard_21.lnk" HKLM\...\StartupApproved\Run32: => "Intuit SyncManager" HKLM\...\StartupApproved\Run32: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "QHSafeTray" HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_E2EFA8B57D860A85EE2AA41549A6F263" HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_E79404C9801F5F746CB0082314E75BDB" HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\StartupApproved\Run: => "Spotify" HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\StartupApproved\Run: => "Spotify Web Helper" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{BE1E032E-59FB-4FD6-A4A7-7483640A14E2}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe FirewallRules: [{6C1223DF-C175-4620-A10F-C10F3B53ADAD}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe FirewallRules: [{10B96B04-F60E-4B27-B2AD-4DE58C0EA43D}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe FirewallRules: [{9F21A3C9-C90F-412A-9567-272759693CAD}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe FirewallRules: [{3B76E4E5-879F-4B5D-AECA-CF7E92170C41}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe FirewallRules: [{C57BDA63-9FB1-4F0C-AE36-8EE96FEC22E3}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe FirewallRules: [{3924102E-FF6B-4B83-8814-FF88FE11AB7A}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE FirewallRules: [{EE574B00-7BF6-4DFD-B2F8-1EA49608A5E0}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe FirewallRules: [{21E7021B-C5C7-45D1-9975-5787D14A44AA}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe FirewallRules: [{F3F991D2-D911-444E-9CC4-F7D3C824850D}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe FirewallRules: [{FA8134FB-7A4D-47F5-A745-EE21B2EC71DC}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe FirewallRules: [{8FB586B4-6047-4608-92D9-9E3CCFE444C4}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe FirewallRules: [{444EDE6B-1312-4115-9DAD-A4FBBD5FEC71}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe FirewallRules: [{92EC95E1-E446-4F0A-B9BD-FE619836FF0C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{31C6EA78-FDCA-4EAA-9EF3-329774323E6E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{B9C2440C-FDD9-4CA8-8CBE-1CB5A7317482}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{B70D192F-164B-4D05-BFA2-0DBC6CFA4CFD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{6A9CCDF5-CA09-4A3C-91FD-4C1821F5C087}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{AAFEF149-C6A9-42A0-9506-71ECA24DCE2B}] => (Allow) LPort=2869 FirewallRules: [{74072E8C-EBBF-4990-BF8D-DF3F0A70705B}] => (Allow) LPort=1900 FirewallRules: [{1EDB488B-DE61-4A08-82F1-AF2EAC89C7F0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{89535837-6E40-4ADA-8F67-1E2DD36A4CB1}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{5A739BBF-C1B7-48D1-9985-0BB27D4010A7}] => (Allow) C:\Program Files\Vuze\Azureus.exe FirewallRules: [{525541B4-294B-4B11-B9BC-BBBC03578BD0}] => (Allow) C:\Program Files\Vuze\Azureus.exe FirewallRules: [TCP Query User{1EA3B08A-E61D-4829-BC45-B4DC73A5FDD6}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [uDP Query User{F48061BA-97D0-489B-AC9A-CCB9334B4354}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [{F5176B49-2ACD-4BB1-8592-4DD49D3ACB5B}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe FirewallRules: [{D4094727-9CBC-47C6-B0B1-5D092972F3B8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{2C5E364E-0036-43E7-918F-86DECA98A4BE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [TCP Query User{B981B08B-F1AB-4565-A371-17A30D1194A0}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [uDP Query User{D4AD9723-A924-495C-BE4A-EA66A99F63C4}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [{EE817AAF-9D62-4E65-B3FC-CD8076B76F33}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe FirewallRules: [{E58FC6A6-9307-4280-AE24-E6FBE2557067}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe FirewallRules: [{5D82F2EC-1AC8-4525-B30D-815A5BC40ABA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe FirewallRules: [{82397B22-92B9-40D2-968A-1346D1068248}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe FirewallRules: [TCP Query User{348FADAE-611E-4D3B-972C-4009B959179B}C:\users\web\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\web\appdata\roaming\spotify\spotify.exe FirewallRules: [uDP Query User{691D1B52-7F3E-429D-B119-5045A9A1B313}C:\users\web\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\web\appdata\roaming\spotify\spotify.exe FirewallRules: [{C3783617-F9FA-4489-8F55-5FAF1087501F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{89F398C4-5795-4A80-99E8-DAD027657813}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{1012B0E9-788E-4339-9C2A-BE8C02A486C7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fistful of Frags\sdk\hl2.exe FirewallRules: [{E02EFE82-455B-403A-B91A-9D6A2DA8808D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fistful of Frags\sdk\hl2.exe FirewallRules: [{43A590CA-716F-4AA6-AB24-87220381B8C6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amazing World\AmazingWorld.exe FirewallRules: [{5D29A9F9-8BA5-4C4A-92C5-84B0A50465F7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amazing World\AmazingWorld.exe FirewallRules: [{221B49BD-A410-48E8-B140-424CCC2440D2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Ironclad Tactics\Game.exe FirewallRules: [{3A2DD2E1-9E24-471A-B203-73912278E14C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Ironclad Tactics\Game.exe FirewallRules: [{F89D39A6-DC4C-43B0-9EC0-7BD15F51AC36}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe FirewallRules: [{8A1B8B18-0018-49E5-9CCF-EB74958EFB24}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe FirewallRules: [{2FE4DCD9-2BFF-486F-8DC1-C6883E0E5429}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe FirewallRules: [{2A644A87-A2F6-4E2A-8035-79120CF19975}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe FirewallRules: [{D8D74176-1369-4708-871A-96F934B4721D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cry of Fear\CoFLaunchApp.exe FirewallRules: [{678696E1-881B-41B6-98C6-0F2273D2FB45}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cry of Fear\CoFLaunchApp.exe FirewallRules: [TCP Query User{A424A491-10EC-4397-9036-A4AF203ACDCD}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Block) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe FirewallRules: [uDP Query User{1702F69E-EC27-4497-9A9F-1F340057E704}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Block) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe FirewallRules: [{09460DCB-E59D-4E82-A97E-CEC470617064}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CastleCrashers\castle.exe FirewallRules: [{40BAAC17-672F-464B-9974-D798C2E01F94}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CastleCrashers\castle.exe FirewallRules: [TCP Query User{D95210E3-F88C-42E9-9E62-9845D4AD4E1A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [uDP Query User{97466C1C-29D4-46C9-AC35-79130A4F6726}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{8F359B21-2B49-4AEE-B13C-37F3737B64D6}C:\users\halca_000\appdata\local\torch\plugins\hola\hola_plugin_x64.exe] => (Block) C:\users\halca_000\appdata\local\torch\plugins\hola\hola_plugin_x64.exe FirewallRules: [uDP Query User{55A79EF8-E449-4FD7-BA63-8A3793F40977}C:\users\halca_000\appdata\local\torch\plugins\hola\hola_plugin_x64.exe] => (Block) C:\users\halca_000\appdata\local\torch\plugins\hola\hola_plugin_x64.exe FirewallRules: [TCP Query User{98090451-32DD-4F8A-B7CF-FAA2BE92F7C4}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [uDP Query User{9DEDF3CC-69A8-4A87-889C-E051C9491E83}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{A154DEA0-1C43-48CB-B038-A2BA083EB563}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe FirewallRules: [{BFE7530C-ED5C-43BB-A6F6-3ADF9E0321C6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe FirewallRules: [{15DA8999-AE5B-4135-AD60-611722DED198}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Binding Of Isaac\Isaac.exe FirewallRules: [{20AAF40E-6C7C-41F6-9272-94D36DCA31CF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Binding Of Isaac\Isaac.exe FirewallRules: [{2E67CEE6-3D5A-41C8-B6B9-CB1225C49A1B}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exe FirewallRules: [{3768047C-8401-44D7-A71D-4CEA5EC5CB33}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exe FirewallRules: [{2D18C3D6-C6EC-4FA0-8B77-14B407A3AD10}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Brick-Force ROW\InfernumLogin.exe FirewallRules: [{255D589D-92C3-4FB9-82BF-3795907FB15C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Brick-Force ROW\InfernumLogin.exe FirewallRules: [{E35E1444-0683-4C26-8FD0-B8CE7F61ADC7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe FirewallRules: [{415E1660-48A4-407E-8E1C-B5BB0AACF8D5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe FirewallRules: [{7AB15407-B9B8-4472-A690-EA49B72CC04C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\X Rebirth\XRebirth.exe FirewallRules: [{B139A4E7-FB00-4F8E-ADCA-0EB4ABE350BE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\X Rebirth\XRebirth.exe FirewallRules: [TCP Query User{526B8273-C4F4-44B1-906F-4D5A3097A7B9}C:\program files (x86)\360\total security\safemon\qhsafetray.exe] => (Block) C:\program files (x86)\360\total security\safemon\qhsafetray.exe FirewallRules: [uDP Query User{2B8FC484-6980-4DBF-91EE-B16E52BDB45B}C:\program files (x86)\360\total security\safemon\qhsafetray.exe] => (Block) C:\program files (x86)\360\total security\safemon\qhsafetray.exe FirewallRules: [{4FB6E1EB-8AEC-44ED-BB51-6FCB840577D4}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe FirewallRules: [{0920CB87-0C21-4262-A320-338716A9F521}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe FirewallRules: [{A86BE10F-5A0C-48C6-82F1-D1DB59AFD214}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Amnesia.exe FirewallRules: [{23BA47CE-BC10-434E-85FE-1639C088E876}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Amnesia.exe FirewallRules: [{1469C652-B59B-4C0D-A1F3-E9F74F72DACB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Launcher.exe FirewallRules: [{630A237A-BC7D-44C2-B623-0B667376B8D7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Launcher.exe FirewallRules: [TCP Query User{F6A1232D-BCC5-417E-A635-56AB4D7FFE68}C:\windows\system32\javaw.exe] => (Block) C:\windows\system32\javaw.exe FirewallRules: [uDP Query User{A7893E4C-D812-4632-A5FA-9F92A65E3535}C:\windows\system32\javaw.exe] => (Block) C:\windows\system32\javaw.exe FirewallRules: [{C69D7EA4-445A-4D4D-BC47-82162F1B94FC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Clicker Heroes\Clicker Heroes.exe FirewallRules: [{3209999A-DD0C-499D-9634-0CD7A2904764}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Clicker Heroes\Clicker Heroes.exe FirewallRules: [TCP Query User{FACE13ED-1822-4F9C-9ADA-27348FED87B1}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [uDP Query User{12DC88B8-9874-46E5-B91E-BF80226DB761}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [{FCB323AE-08ED-48EE-8606-CBC0060C1211}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{2FB3D3BC-DD3F-43BD-9B1E-653D587AC663}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TimeClickers\TimeClickers.exe FirewallRules: [{CBC476DF-EAE8-49C4-B2C6-ED74ECCE47FA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TimeClickers\TimeClickers.exe FirewallRules: [{E28ADC6C-A414-409C-B2AA-34FA8A47D480}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Spooky's House of Jump Scares\SPOOKY.exe FirewallRules: [{C8A2EC8C-C62B-4636-BF0A-358D5494EE40}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Spooky's House of Jump Scares\SPOOKY.exe FirewallRules: [{0C63C7CA-46EB-41AD-9F27-F70A9D069687}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mitos.is The Game\Mitosis.exe FirewallRules: [{01F669C7-E877-489E-BBA1-C0846B280700}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mitos.is The Game\Mitosis.exe FirewallRules: [{17F9E0E3-F7E5-4021-B34F-0DEB8C88AFD6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Trove\GlyphClient.exe FirewallRules: [{4A741EC4-930E-4D7C-9BEB-49E47C87ED11}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Trove\GlyphClient.exe FirewallRules: [{807E8FA7-2211-4C20-AFA5-5DB11331B6BA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe FirewallRules: [{77AE47F7-DABB-48F6-8AB3-C5F5B474B0A3}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe FirewallRules: [{7519E145-7F27-4FA3-B832-1ADB1F50A55E}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe ==================== Faulty Device Manager Devices ============= Name: Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter Description: Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Qualcomm Atheros Communications Inc. Service: athr Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (08/16/2015 05:32:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JEFFERSON) Description: Activation of app Facebook.Facebook_8xx8rvfyw5nnt!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (08/16/2015 05:32:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JEFFERSON) Description: Activation of app Facebook.Facebook_8xx8rvfyw5nnt!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (08/16/2015 05:31:20 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: .NETFrameworkC:\windows\system32\mscoree.dll8 Error: (08/16/2015 05:02:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JEFFERSON) Description: Activation of app Facebook.Facebook_8xx8rvfyw5nnt!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (08/16/2015 04:28:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JEFFERSON) Description: Activation of app Facebook.Facebook_8xx8rvfyw5nnt!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (08/16/2015 04:12:36 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {97b2ec63-0b20-4176-bc7a-f5b0dce6f310} Error: (08/16/2015 04:10:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JEFFERSON) Description: Activation of app Facebook.Facebook_8xx8rvfyw5nnt!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (08/16/2015 03:28:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JEFFERSON) Description: Activation of app Facebook.Facebook_8xx8rvfyw5nnt!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (08/16/2015 03:17:09 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: 030260~1.EXE, version: 7.8.712.2, time stamp: 0x5321d133 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x676f7250 Faulting process id: 0x610 Faulting application start time: 0x030260~1.EXE0 Faulting application path: 030260~1.EXE1 Faulting module path: 030260~1.EXE2 Report Id: 030260~1.EXE3 Faulting package full name: 030260~1.EXE4 Faulting package-relative application ID: 030260~1.EXE5 Error: (08/16/2015 03:16:02 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: ) Description: Failed to schedule Software Protection service for re-start at 2115-07-23T20:16:02Z. Error Code: 0x80040154. System errors: ============= Error: (08/16/2015 04:48:24 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (08/16/2015 04:48:24 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (08/16/2015 04:48:23 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (08/16/2015 04:48:23 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (08/16/2015 04:48:23 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (08/16/2015 04:48:22 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (08/16/2015 04:48:22 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (08/16/2015 04:48:21 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (08/16/2015 04:48:21 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (08/16/2015 04:48:21 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Microsoft Office: ========================= CodeIntegrity: =================================== Date: 2015-08-16 12:57:28.085 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-16 12:57:27.074 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-16 12:57:25.998 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-16 12:57:24.762 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-16 12:57:24.025 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-16 12:57:23.075 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-16 12:57:22.325 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-16 12:57:21.207 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-16 12:57:20.400 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-16 12:57:19.016 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: AMD A6-5200 APU with Radeon HD Graphics Percentage of memory in use: 37% Total physical RAM: 5580.01 MB Available physical RAM: 3511.33 MB Total Virtual: 11212.01 MB Available Virtual: 8479.51 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:914.57 GB) (Free:632.55 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (Recovery Image) (Fixed) (Total:15.46 GB) (Free:1.92 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: CE011A0D) Partition: GPT. ==================== End of log ============================
-
Malwarebytes scan came back clean but as soon as I opened Chrome the advertising sidebar was still there. Although once I closed it it has not come back (yet). I did not reboot after the Malwarebytes scan. Should I have? FRST.txt below and addition.txt in next comment. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-08-2015Ran by Web (administrator) on JEFFERSON (16-08-2015 17:31:21)Running from C:\Users\Web\DesktopLoaded Profiles: Web (Available Profiles: Web & pauli_000 & mooke_000 & halca_000 & aklyk_000)Platform: Windows 8.1 (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: IE)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe(AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe(Microsoft Corporation) C:\Windows\System32\backgroundTaskHost.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [simplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2793016 2013-09-05] (Hewlett-Packard)HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [154680 2013-09-05] (Hewlett-Packard)HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [154680 2013-09-05] (Hewlett-Packard)HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7205592 2014-06-10] (Realtek Semiconductor)HKLM-x32\...\Run: [intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-02-27] (Intuit Inc. All rights reserved.)HKLM-x32\...\Run: [startCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-11] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\Run: [GoogleChromeAutoLaunch_E2EFA8B57D860A85EE2AA41549A6F263] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-08-07] (Google Inc.)HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22344224 2015-07-29] (Google)HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\Run: [GoogleChromeAutoLaunch_E79404C9801F5F746CB0082314E75BDB] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-08-07] (Google Inc.)HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\Run: [spotify] => C:\Users\Web\AppData\Roaming\Spotify\Spotify.exe [6621752 2014-08-29] (Spotify Ltd)HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\Run: [spotify Web Helper] => C:\Users\Web\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-29] (Spotify Ltd)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2014-06-08]ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2014-06-08]ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2014-06-08]ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.)ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1HKU\S-1-5-21-2744511804-60897879-1795108344-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1HKU\S-1-5-21-2744511804-60897879-1795108344-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}SearchScopes: HKU\S-1-5-21-2744511804-60897879-1795108344-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}SearchScopes: HKU\S-1-5-21-2744511804-60897879-1795108344-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-08-16] (Oracle Corporation)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-16] (Oracle Corporation)BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cabHandler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll [2014-12-10] (Intuit, Inc.)Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\windows\SysWOW64\mscoree.dll [2013-08-21] (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 192.168.1.254Tcpip\..\Interfaces\{A3F2874C-718F-4260-98B6-DBD6F96607DF}: [DhcpNameServer] 192.168.1.254Tcpip\..\Interfaces\{AE402C42-EB0A-4278-A550-50AC5749342A}: [DhcpNameServer] 192.168.1.254 FireFox:========FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-16] (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-16] (Oracle Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) Chrome: =======CHR Profile: C:\Users\Web\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Docs) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-07]CHR Extension: (Google Drive) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-07]CHR Extension: (YouTube) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-07]CHR Extension: (Google Cast) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-01-01]CHR Extension: (Google Search) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-07]CHR Extension: (User-Agent Switcher for Chrome) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2014-06-07]CHR Extension: (Google News) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2014-06-07]CHR Extension: (Google+) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2014-06-07]CHR Extension: (Google Play Music) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2014-08-02]CHR Extension: (Google +1 Button) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp [2014-06-07]CHR Extension: (Google Voice (by Google)) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2014-06-07]CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]CHR Extension: (Boomerang for Gmail) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2014-06-07]CHR Extension: (Chrome Web Store Payments) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-07]CHR Extension: (Gmail) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-07] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-09-05] () [File not signed]R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-05] (Softex Inc.) [File not signed]S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2007048 2015-07-28] (Electronic Arts)R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-12-10] (Intuit) [File not signed]S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2013-10-10] (Intuit Inc.) [File not signed]R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-10-10] (Intuit Inc.) [File not signed]R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2014-06-10] (Realtek Semiconductor)S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-24] (Microsoft Corporation)S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.)S3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-06-10] (Advanced Micro Devices)R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-16] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-16 16:52 - 2015-08-16 16:24 - 00024064 _____ C:\windows\zoek-delete.exe2015-08-16 16:35 - 2015-08-16 16:35 - 00000000 ____D C:\Users\Web\AppData\Local\VirtualStore2015-08-16 16:27 - 2015-08-16 16:06 - 00047805 _____ C:\zoek-results2015-08-16-210618.log2015-08-16 16:19 - 2015-08-16 16:19 - 00002830 _____ C:\AdwCleaner[C2].txt2015-08-16 16:15 - 2015-08-16 16:17 - 00002580 _____ C:\AdwCleaner[s2].txt2015-08-16 16:11 - 2015-08-16 16:11 - 00007930 _____ C:\Users\Web\Downloads\fixlist (1).txt2015-08-16 15:34 - 2015-08-16 16:59 - 00033304 _____ C:\zoek-results.log2015-08-16 15:29 - 2015-08-16 15:57 - 00000000 ____D C:\zoek_backup2015-08-16 15:29 - 2015-08-16 15:29 - 01308672 _____ C:\Users\Web\Desktop\zoek.exe2015-08-16 15:27 - 2015-08-16 16:52 - 00000344 _____ C:\windows\Tasks\HPCeeScheduleForWeb.job2015-08-16 15:27 - 2015-08-16 16:29 - 00003154 _____ C:\windows\System32\Tasks\HPCeeScheduleForWeb2015-08-16 15:09 - 2015-08-16 15:11 - 00018555 _____ C:\AdwCleaner[C1].txt2015-08-16 15:05 - 2015-08-16 15:09 - 00000000 ____D C:\AdwCleaner2015-08-16 15:05 - 2015-08-16 15:07 - 00017836 _____ C:\AdwCleaner[s1].txt2015-08-16 15:03 - 2015-08-16 15:03 - 01563648 _____ C:\Users\Web\Downloads\AdwCleaner.exe2015-08-16 13:08 - 2015-08-16 13:09 - 00057112 _____ C:\Users\Web\Desktop\Addition.txt2015-08-16 13:06 - 2015-08-16 17:32 - 00018550 _____ C:\Users\Web\Desktop\FRST.txt2015-08-16 13:05 - 2015-08-16 13:05 - 02173440 _____ (Farbar) C:\Users\Web\Desktop\FRST64.exe2015-08-16 12:52 - 2015-08-16 17:31 - 00000000 ____D C:\FRST2015-08-16 12:44 - 2015-08-16 12:44 - 00000000 ____D C:\ProgramData\Sun2015-08-16 12:44 - 2015-08-16 12:43 - 00110688 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll2015-08-16 12:43 - 2015-08-16 12:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2015-08-16 12:42 - 2015-08-16 12:42 - 00000000 ____D C:\ProgramData\Oracle2015-08-16 12:42 - 2015-08-16 12:42 - 00000000 ____D C:\Program Files\Java2015-08-16 12:35 - 2015-08-16 12:35 - 00000272 ____H C:\windows\Tasks\User_Feed_Synchronization-{C5F881FB-A495-42CB-A304-59516024C554}.job2015-08-16 12:33 - 2015-08-16 12:33 - 00000272 ____H C:\windows\Tasks\User_Feed_Synchronization-{04B9E90F-251F-4172-81A6-1ACCE334504E}.job2015-08-15 10:19 - 2015-08-15 10:19 - 694094341 _____ C:\windows\MEMORY.DMP2015-08-15 10:19 - 2015-08-15 10:19 - 00281296 _____ C:\windows\Minidump\081515-39234-01.dmp2015-08-15 10:19 - 2015-08-15 10:19 - 00000000 ____D C:\windows\Minidump2015-08-15 10:10 - 2015-08-15 10:10 - 00000000 _____ C:\windows\SysWOW64\Number of results2015-08-15 08:40 - 2015-08-15 10:21 - 00000010 _____ C:\Users\Public\Documents\test.txt2015-08-15 05:32 - 2015-08-15 05:32 - 00942955 _____ C:\Users\pauli_000\Downloads\Setup (3).zip2015-08-15 03:47 - 2015-08-15 03:47 - 00555288 _____ C:\Users\pauli_000\Downloads\Unconfirmed 588830.crdownload2015-08-15 03:11 - 2015-08-15 03:11 - 00943043 _____ C:\Users\pauli_000\Downloads\Setup (2).zip2015-08-15 03:11 - 2015-08-15 03:11 - 00446708 _____ C:\Users\pauli_000\Downloads\Setup (1).zip2015-08-15 02:02 - 2015-08-15 02:02 - 00555288 _____ C:\Users\pauli_000\Downloads\Unconfirmed 126890.crdownload2015-08-14 23:16 - 2015-08-14 23:17 - 00513920 _____ C:\Users\pauli_000\Downloads\Unconfirmed 693194.crdownload2015-08-14 22:15 - 2015-08-14 22:15 - 00340180 _____ C:\Users\pauli_000\Downloads\setup.zip2015-08-14 09:35 - 2015-08-14 09:35 - 00001055 _____ C:\Users\Web\Desktop\malwarebytes_20150814.txt2015-08-14 08:12 - 2015-08-16 16:04 - 00000008 __RSH C:\ProgramData\ntuser.pol2015-08-14 08:12 - 2015-08-14 08:12 - 00000033 _____ C:\CLMediaServer.ini2015-08-14 06:45 - 2015-08-14 06:45 - 00003258 _____ C:\windows\System32\Tasks\runTask2015-08-14 06:45 - 2015-08-14 06:45 - 00003162 _____ C:\windows\System32\Tasks\updateTask2015-08-14 06:44 - 2015-08-14 06:44 - 00000000 ____D C:\Users\pauli_000\AppData\Roaming\Mozilla2015-08-14 06:44 - 2015-08-14 06:44 - 00000000 ____D C:\Program Files (x86)\TechVedic2015-08-14 06:43 - 2015-08-14 06:43 - 00000000 ____D C:\windows\system32\upo2015-08-14 06:41 - 2015-08-14 07:41 - 00000004 _____ C:\windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E72015-08-13 20:32 - 2013-08-22 08:25 - 00000824 _____ C:\windows\system32\Drivers\etc\hp.bak2015-08-13 20:30 - 2015-08-13 20:30 - 00001335 _____ C:\Users\mooke_000\AppData\Local\Chrome .lnk2015-08-13 20:30 - 2015-08-13 20:30 - 00000298 _____ C:\Users\mooke_000\AppData\Local\Firefox .lnk2015-08-13 20:29 - 2015-08-16 15:10 - 00001205 _____ C:\Users\mooke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome .lnk2015-08-13 20:29 - 2015-08-16 15:10 - 00000854 _____ C:\Users\mooke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Iexplore .lnk2015-08-13 20:29 - 2015-08-16 15:10 - 00000144 _____ C:\Users\mooke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefox .lnk2015-08-13 20:29 - 2015-08-13 20:29 - 00000984 _____ C:\Users\mooke_000\AppData\Local\Iexplore .lnk2015-08-13 20:28 - 2015-08-13 20:28 - 00000000 _____ C:\windows\SysWOW64\minibrowser.log2015-08-13 20:21 - 2015-08-13 20:21 - 00001249 _____ C:\Users\pauli_000\Desktop\Continue installation .lnk2015-08-13 19:05 - 2015-08-13 19:05 - 00000000 ____D C:\Users\mooke_000\Downloads\Trove Hack Tool Downloader__3687_i1580706326.exe2015-08-13 19:01 - 2015-08-13 19:01 - 00540750 _____ C:\Users\mooke_000\Downloads\Trove Hack Tool Downloader__3687_i1580706326.exe.rar2015-08-13 03:44 - 2015-07-30 09:04 - 00124624 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll2015-08-13 03:44 - 2015-07-30 08:48 - 00103120 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll2015-08-12 20:35 - 2015-08-12 20:36 - 00000000 ____D C:\Users\mooke_000\AppData\Roaming\Trove2015-08-12 19:58 - 2015-08-12 19:58 - 00000222 _____ C:\Users\mooke_000\Desktop\Trove.url2015-08-12 19:14 - 2015-08-12 19:14 - 00000000 ____D C:\Users\mooke_000\AppData\Roaming\com.freakinware.mitosis2015-08-12 19:05 - 2015-08-12 19:05 - 00000222 _____ C:\Users\mooke_000\Desktop\Mitos.is The Game.url2015-08-12 18:42 - 2015-08-12 18:42 - 00000222 _____ C:\Users\mooke_000\Desktop\Spooky's House of Jump Scares.url2015-08-12 16:05 - 2015-08-12 16:05 - 00000222 _____ C:\Users\mooke_000\Desktop\Time Clickers.url2015-08-12 04:06 - 2015-07-28 18:24 - 00025776 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe2015-08-12 04:06 - 2015-07-28 09:24 - 01148416 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll2015-08-12 04:06 - 2015-07-28 09:24 - 01116160 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll2015-08-12 04:06 - 2015-07-28 09:24 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll2015-08-12 04:06 - 2015-07-28 09:24 - 00743424 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll2015-08-12 04:06 - 2015-07-28 09:24 - 00437248 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll2015-08-12 04:06 - 2015-07-28 09:24 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll2015-08-12 04:06 - 2015-07-18 20:58 - 00136904 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe2015-08-12 04:06 - 2015-07-18 13:51 - 03704320 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll2015-08-12 04:06 - 2015-07-18 13:31 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll2015-08-12 04:06 - 2015-07-18 13:31 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll2015-08-12 04:06 - 2015-07-18 13:31 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe2015-08-12 04:06 - 2015-07-18 13:29 - 00409088 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll2015-08-12 04:06 - 2015-07-18 13:29 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll2015-08-12 04:06 - 2015-07-18 13:28 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll2015-08-12 04:06 - 2015-07-18 13:12 - 02228736 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll2015-08-12 04:06 - 2015-07-18 13:10 - 00891904 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll2015-08-12 04:06 - 2015-07-18 13:09 - 00721920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll2015-08-12 04:06 - 2015-07-15 19:29 - 07458648 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe2015-08-12 04:06 - 2015-07-15 19:29 - 01735000 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll2015-08-12 04:06 - 2015-07-15 19:29 - 00101720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys2015-08-12 04:06 - 2015-07-15 19:28 - 01499920 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll2015-08-12 04:06 - 2015-07-10 12:54 - 01217024 _____ (Microsoft Corporation) C:\windows\system32\sysmain.dll2015-08-12 04:06 - 2015-07-01 17:19 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll2015-08-12 04:06 - 2015-07-01 17:16 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll2015-08-12 04:06 - 2015-07-01 16:37 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll2015-08-12 04:06 - 2015-07-01 16:35 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll2015-08-12 04:05 - 2015-07-18 13:29 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe2015-08-12 04:05 - 2015-06-09 13:27 - 00411133 _____ C:\windows\system32\ApnDatabase.xml2015-08-12 04:04 - 2015-07-16 16:14 - 25192448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll2015-08-12 04:04 - 2015-07-16 15:36 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll2015-08-12 04:04 - 2015-07-16 15:36 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec2015-08-12 04:04 - 2015-07-16 15:35 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll2015-08-12 04:04 - 2015-07-16 15:26 - 05923328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll2015-08-12 04:04 - 2015-07-16 15:23 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll2015-08-12 04:04 - 2015-07-16 15:21 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll2015-08-12 04:04 - 2015-07-16 15:20 - 19870208 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll2015-08-12 04:04 - 2015-07-16 14:53 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll2015-08-12 04:04 - 2015-07-16 14:51 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll2015-08-12 04:04 - 2015-07-16 14:50 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec2015-08-12 04:04 - 2015-07-16 14:45 - 02279424 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll2015-08-12 04:04 - 2015-07-16 14:45 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll2015-08-12 04:04 - 2015-07-16 14:41 - 00479232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll2015-08-12 04:04 - 2015-07-16 14:39 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll2015-08-12 04:04 - 2015-07-16 14:38 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll2015-08-12 04:04 - 2015-07-16 14:36 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll2015-08-12 04:04 - 2015-07-16 14:34 - 14451200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll2015-08-12 04:04 - 2015-07-16 14:32 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl2015-08-12 04:04 - 2015-07-16 14:14 - 02880000 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll2015-08-12 04:04 - 2015-07-16 14:13 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll2015-08-12 04:04 - 2015-07-16 14:12 - 04520448 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll2015-08-12 04:04 - 2015-07-16 14:12 - 02427904 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll2015-08-12 04:04 - 2015-07-16 14:10 - 12856832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll2015-08-12 04:04 - 2015-07-16 14:06 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll2015-08-12 04:04 - 2015-07-16 14:01 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll2015-08-12 04:04 - 2015-07-16 13:52 - 01048576 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll2015-08-12 04:04 - 2015-07-16 13:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll2015-08-12 04:04 - 2015-07-16 13:42 - 01951232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll2015-08-12 04:04 - 2015-07-16 13:38 - 01310720 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll2015-08-12 04:04 - 2015-07-16 13:37 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll2015-08-12 04:03 - 2015-07-07 04:40 - 00270168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys2015-08-12 04:03 - 2015-07-07 04:40 - 00114520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdNisDrv.sys2015-08-12 04:03 - 2015-07-07 04:40 - 00044560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys2015-08-12 04:03 - 2015-06-12 12:03 - 18823680 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll2015-08-12 04:03 - 2015-06-12 11:36 - 15159296 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll2015-08-12 04:01 - 2015-07-29 09:37 - 01994752 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll2015-08-12 04:01 - 2015-07-29 09:30 - 01381888 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll2015-08-12 04:01 - 2015-07-29 09:23 - 01559552 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll2015-08-12 04:01 - 2015-07-24 13:57 - 04177408 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys2015-08-12 04:01 - 2015-07-24 13:57 - 00358912 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll2015-08-12 04:01 - 2015-07-24 13:52 - 00044032 _____ (Adobe Systems) C:\windows\system32\atmlib.dll2015-08-12 04:01 - 2015-07-24 12:27 - 00301568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll2015-08-12 04:01 - 2015-07-24 12:23 - 00035840 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll2015-08-12 04:01 - 2015-07-14 16:59 - 01113944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys2015-08-12 04:01 - 2015-07-14 16:59 - 00487256 _____ (Microsoft Corporation) C:\windows\system32\netcfgx.dll2015-08-12 04:01 - 2015-07-14 16:59 - 00393560 _____ (Microsoft Corporation) C:\windows\SysWOW64\netcfgx.dll2015-08-12 04:01 - 2015-07-13 22:22 - 02529880 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll2015-08-12 04:01 - 2015-07-13 22:21 - 01901776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll2015-08-12 04:01 - 2015-07-13 14:46 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll2015-08-12 04:01 - 2015-07-13 14:45 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\basesrv.dll2015-08-12 04:01 - 2015-07-10 13:19 - 01101824 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll2015-08-12 04:01 - 2015-07-10 12:42 - 02345472 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll2015-08-12 04:01 - 2015-07-10 12:14 - 00856064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll2015-08-12 04:01 - 2015-07-10 12:13 - 07032320 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll2015-08-12 04:01 - 2015-07-10 11:47 - 01556992 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll2015-08-12 04:01 - 2015-07-10 11:31 - 06213120 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll2015-08-12 04:01 - 2015-07-09 12:13 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\notepad.exe2015-08-12 04:01 - 2015-07-09 12:13 - 00221184 _____ (Microsoft Corporation) C:\windows\notepad.exe2015-08-12 04:01 - 2015-07-09 11:30 - 00212992 _____ (Microsoft Corporation) C:\windows\SysWOW64\notepad.exe2015-08-12 04:01 - 2015-06-11 15:12 - 02476376 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys2015-08-12 04:01 - 2015-06-11 15:12 - 00428888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS2015-08-12 04:01 - 2015-05-11 19:24 - 00536920 _____ (Microsoft Corporation) C:\windows\system32\mcupdate_GenuineIntel.dll2015-08-09 14:43 - 2015-08-09 14:43 - 00000742 _____ C:\Users\mooke_000\Documents\Desktop - Shortcut.lnk2015-08-09 13:45 - 2015-08-07 07:59 - 03930112 _____ (ProjectPokémon) C:\Users\mooke_000\Desktop\PKHeX.exe2015-08-09 13:42 - 2015-08-09 13:43 - 01982114 _____ C:\Users\mooke_000\Downloads\PKHeX (08-08-15).zip2015-07-29 11:07 - 2015-07-29 11:07 - 00000000 ____D C:\Users\mooke_000\Downloads\powersaves3ds-software-1292015-07-29 11:07 - 2015-07-27 12:30 - 04065363 _____ (Datel Design & Development ) C:\Users\mooke_000\Desktop\powersaves_setup_v1.29.exe2015-07-29 11:04 - 2015-07-29 11:04 - 04034094 _____ C:\Users\mooke_000\Downloads\powersaves3ds-software-129.zip2015-07-26 20:29 - 2015-07-26 20:29 - 00986311 _____ C:\Users\mooke_000\Downloads\RebirthCCLauncher.zip2015-07-24 16:52 - 2015-07-24 16:52 - 00969584 _____ (ROBLOX Corporation) C:\Users\mooke_000\Downloads\RobloxPlayerLauncher (1).exe2015-07-22 18:46 - 2015-07-22 18:46 - 00000000 ____D C:\Users\mooke_000\AppData\Local\CEF2015-07-20 16:58 - 2015-07-20 17:00 - 115236013 _____ C:\Users\mooke_000\Downloads\JSTR_Universal_1.7.x.zip ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-16 17:31 - 2014-06-04 17:07 - 01053852 _____ C:\windows\WindowsUpdate.log2015-08-16 17:30 - 2014-06-04 17:16 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2744511804-60897879-1795108344-10012015-08-16 17:15 - 2013-08-22 10:36 - 00000000 ____D C:\windows\AppReadiness2015-08-16 17:14 - 2014-06-05 17:36 - 00000926 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job2015-08-16 17:02 - 2013-08-22 10:36 - 00000000 ____D C:\windows\system32\sru2015-08-16 16:59 - 2014-10-10 14:19 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2015-08-16 16:59 - 2014-06-05 17:36 - 00000922 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job2015-08-16 16:59 - 2014-06-04 17:14 - 00000000 __RDO C:\Users\Web\SkyDrive2015-08-16 16:59 - 2013-08-24 16:38 - 00891920 _____ C:\windows\system32\PerfStringBackup.INI2015-08-16 16:52 - 2013-08-24 16:32 - 00297358 _____ C:\windows\PFRO.log2015-08-16 16:52 - 2013-08-22 09:46 - 00026904 _____ C:\windows\setupact.log2015-08-16 16:52 - 2013-08-22 09:45 - 00000006 ____H C:\windows\Tasks\SA.DAT2015-08-16 16:52 - 2013-08-22 08:25 - 01048576 ___SH C:\windows\system32\config\BBI2015-08-16 15:55 - 2013-08-22 10:36 - 00000000 ___HD C:\windows\system32\GroupPolicy2015-08-16 15:55 - 2013-08-22 10:36 - 00000000 ____D C:\windows\SysWOW64\GroupPolicy2015-08-16 15:26 - 2014-06-08 07:04 - 00003922 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{97BF5AF6-D346-4412-B19A-879C9F6FBBA8}2015-08-16 15:10 - 2014-06-05 17:57 - 00001313 _____ C:\Users\Public\Desktop\Google Chrome.lnk2015-08-16 15:10 - 2014-06-05 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome2015-08-16 15:10 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Common Files\System2015-08-16 12:35 - 2014-06-29 07:08 - 00000000 ____D C:\EDS2015-08-16 12:18 - 2014-06-27 15:25 - 00000000 ____D C:\Program Files (x86)\Steam2015-08-16 12:02 - 2014-12-29 17:02 - 00000000 ____D C:\Users\mooke_000\AppData\Roaming\Skype2015-08-16 10:00 - 2014-06-05 17:19 - 00000000 __RDO C:\Users\mooke_000\SkyDrive2015-08-16 09:07 - 2015-03-05 16:27 - 00000000 ____D C:\ProgramData\Origin2015-08-16 07:04 - 2014-06-05 17:30 - 00000000 ____D C:\Users\mooke_000\AppData\Roaming\.minecraft2015-08-15 21:39 - 2014-09-01 08:44 - 00000000 ___RD C:\Users\pauli_000\Google Drive2015-08-15 21:38 - 2014-06-04 21:41 - 00000000 __RDO C:\Users\pauli_000\SkyDrive2015-08-15 15:05 - 2014-05-29 19:42 - 00065536 _____ C:\windows\system32\spu_storage.bin2015-08-15 11:29 - 2013-08-22 08:25 - 00000301 _____ C:\windows\win.ini2015-08-15 11:27 - 2015-04-10 19:27 - 00000000 ____D C:\Program Files (x86)\3602015-08-15 10:27 - 2014-06-05 17:04 - 00000000 ____D C:\Users\mooke_0002015-08-15 10:22 - 2014-06-04 18:06 - 00000000 ____D C:\Users\pauli_0002015-08-14 09:30 - 2015-01-31 12:08 - 00035328 ___SH C:\Users\mooke_000\Desktop\Thumbs.db2015-08-14 08:11 - 2013-08-22 09:45 - 00000000 ____D C:\windows\Setup2015-08-14 08:08 - 2014-06-04 21:45 - 00003594 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2744511804-60897879-1795108344-10042015-08-14 07:00 - 2014-10-10 14:19 - 00001121 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-08-14 07:00 - 2014-10-10 14:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-08-14 07:00 - 2014-10-10 14:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware2015-08-14 06:50 - 2015-03-05 19:35 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk2015-08-14 06:43 - 2015-03-11 12:13 - 00657920 _____ (Microsoft Corporation) C:\windows\system32\dnsapi.dll2015-08-14 06:43 - 2015-03-11 12:12 - 00498688 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnsapi.dll2015-08-14 06:42 - 2014-06-04 18:06 - 00003946 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{CCDD9EF7-4E0A-476E-96E0-B7B28717D32C}2015-08-14 06:37 - 2015-06-28 18:12 - 00000998 _____ C:\Users\Public\Desktop\Minecraft.lnk2015-08-14 06:37 - 2015-04-12 19:54 - 00000605 _____ C:\Users\Public\Desktop\Fraps.lnk2015-08-14 06:37 - 2015-04-10 19:06 - 00001122 _____ C:\Users\pauli_000\Desktop\Cheat Engine.lnk2015-08-14 06:37 - 2015-03-08 16:36 - 00000955 _____ C:\Users\mooke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mine-imator.lnk2015-08-14 06:37 - 2015-03-05 21:17 - 00001368 _____ C:\Users\Public\Desktop\PVZ Garden Warfare.lnk2015-08-14 06:37 - 2015-03-05 19:35 - 00002064 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk2015-08-14 06:37 - 2015-03-05 16:27 - 00001016 _____ C:\Users\Public\Desktop\Origin.lnk2015-08-14 06:37 - 2015-01-31 12:08 - 00001255 _____ C:\Users\mooke_000\Desktop\TechnicLauncher - Shortcut.lnk2015-08-14 06:37 - 2015-01-19 08:48 - 00001521 _____ C:\Users\pauli_000\Desktop\ROBLOX Player.lnk2015-08-14 06:37 - 2015-01-19 08:48 - 00001336 _____ C:\Users\pauli_000\Desktop\ROBLOX Studio.lnk2015-08-14 06:37 - 2014-12-24 15:50 - 00001521 _____ C:\Users\mooke_000\Desktop\ROBLOX Player.lnk2015-08-14 06:37 - 2014-12-24 15:49 - 00001336 _____ C:\Users\mooke_000\Desktop\ROBLOX Studio.lnk2015-08-14 06:37 - 2014-12-22 11:32 - 00002731 _____ C:\Users\Public\Desktop\Skype.lnk2015-08-14 06:37 - 2014-09-01 08:44 - 00001848 _____ C:\Users\pauli_000\Desktop\Google Drive.lnk2015-08-14 06:37 - 2014-08-29 21:16 - 00001962 _____ C:\Users\Web\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk2015-08-14 06:37 - 2014-08-29 21:16 - 00001956 _____ C:\Users\Web\Desktop\Spotify.lnk2015-08-14 06:37 - 2014-08-02 10:19 - 00001163 _____ C:\Users\Public\Desktop\iRepo.lnk2015-08-14 06:37 - 2014-08-02 10:03 - 00003145 _____ C:\Users\Public\Desktop\Music Rescue.lnk2015-08-14 06:37 - 2014-08-02 09:53 - 00003069 _____ C:\Users\Web\Desktop\TouchCopy 12.lnk2015-08-14 06:37 - 2014-08-02 09:48 - 00001044 _____ C:\Users\Public\Desktop\Sharepod.lnk2015-08-14 06:37 - 2014-06-27 15:25 - 00001000 _____ C:\Users\Public\Desktop\Steam.lnk2015-08-14 06:37 - 2014-06-18 09:09 - 00001820 _____ C:\Users\Public\Desktop\iTunes.lnk2015-08-14 06:37 - 2014-06-13 18:14 - 00002258 _____ C:\Users\pauli_000\Desktop\HP Support Assistant.lnk2015-08-14 06:37 - 2014-06-11 19:44 - 00002655 _____ C:\Users\Web\Desktop\Microsoft Office Word 2007.lnk2015-08-14 06:37 - 2014-06-11 19:44 - 00002655 _____ C:\Users\Web\Desktop\Microsoft Office Excel 2007.lnk2015-08-14 06:37 - 2014-06-11 16:14 - 00002655 _____ C:\Users\pauli_000\Desktop\Microsoft Office Word 2007.lnk2015-08-14 06:37 - 2014-06-11 16:14 - 00002655 _____ C:\Users\pauli_000\Desktop\Microsoft Office Excel 2007.lnk2015-08-14 06:37 - 2014-06-08 15:49 - 00002152 _____ C:\Users\Public\Desktop\QuickBooks Pro 2014.lnk2015-08-14 06:37 - 2014-06-07 18:55 - 00001842 _____ C:\Users\Web\Desktop\Google Drive.lnk2015-08-14 06:37 - 2014-06-07 14:44 - 00002083 _____ C:\Users\Public\Desktop\Google Slides.lnk2015-08-14 06:37 - 2014-06-07 14:44 - 00002081 _____ C:\Users\Public\Desktop\Google Sheets.lnk2015-08-14 06:37 - 2014-06-07 14:44 - 00002071 _____ C:\Users\Public\Desktop\Google Docs.lnk2015-08-14 06:37 - 2014-06-05 17:29 - 00001077 _____ C:\Users\mooke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft.lnk2015-08-14 06:37 - 2014-06-04 21:53 - 00001819 _____ C:\Users\Public\Desktop\Vuze.lnk2015-08-14 06:37 - 2014-06-04 18:06 - 00001443 _____ C:\Users\pauli_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2015-08-14 06:37 - 2014-06-04 17:10 - 00001443 _____ C:\Users\Web\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2015-08-14 06:37 - 2014-05-29 20:41 - 00001332 _____ C:\Users\Public\Desktop\HP Smart Friend.lnk2015-08-14 06:36 - 2015-01-18 14:11 - 00001336 _____ C:\Users\halca_000\Desktop\ROBLOX Studio.lnk2015-08-14 06:36 - 2015-01-16 16:09 - 00001348 _____ C:\Users\halca_000\Desktop\Continue Five Nights at Freddy's Installation.lnk2015-08-14 06:36 - 2014-12-31 17:27 - 00001298 _____ C:\Users\halca_000\Desktop\Continue File Opener Installation.lnk2015-08-14 06:36 - 2014-10-12 15:04 - 00001521 _____ C:\Users\halca_000\Desktop\ROBLOX Player.lnk2015-08-14 06:36 - 2014-08-25 16:55 - 00001318 _____ C:\Users\halca_000\Desktop\Continue Free Download Installation.lnk2015-08-14 06:36 - 2014-08-24 10:40 - 00002448 _____ C:\Users\halca_000\Desktop\Free Music.lnk2015-08-14 06:36 - 2014-06-29 07:08 - 00001443 _____ C:\Users\aklyk_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2015-08-14 06:36 - 2014-06-29 07:08 - 00000551 _____ C:\Users\aklyk_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk2015-08-14 06:36 - 2014-06-29 07:08 - 00000549 _____ C:\Users\aklyk_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk2015-08-14 06:36 - 2014-06-16 16:25 - 00001735 _____ C:\Users\halca_000\Desktop\Pokémon Trading Card Game Online.lnk2015-08-14 06:36 - 2014-06-08 02:03 - 00000551 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk2015-08-14 06:36 - 2014-06-08 02:03 - 00000551 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk2015-08-14 06:36 - 2014-06-08 02:03 - 00000549 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk2015-08-14 06:36 - 2014-06-08 02:03 - 00000549 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk2015-08-14 06:36 - 2014-06-05 18:34 - 00001443 _____ C:\Users\halca_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2015-08-13 20:40 - 2015-06-25 14:21 - 00000368 _____ C:\windows\Tasks\HPCeeScheduleForpauli_000.job2015-08-13 20:40 - 2013-08-22 09:44 - 00441296 _____ C:\windows\system32\FNTCACHE.DAT2015-08-13 20:38 - 2014-08-03 12:38 - 00000000 ____D C:\Program Files\Microsoft Silverlight2015-08-13 20:38 - 2014-08-03 12:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight2015-08-13 20:35 - 2014-12-12 08:32 - 00000000 ____D C:\windows\system32\appraiser2015-08-13 20:35 - 2014-07-16 17:12 - 00000000 ___SD C:\windows\system32\CompatTel2015-08-13 20:35 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2015-08-13 20:35 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2015-08-13 20:35 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2015-08-13 20:35 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2015-08-13 20:35 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Windows Defender2015-08-13 20:35 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender2015-08-13 20:33 - 2014-06-05 17:21 - 00003594 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2744511804-60897879-1795108344-10052015-08-13 20:16 - 2014-06-07 14:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive2015-08-13 17:27 - 2014-06-05 17:05 - 00003946 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{E1291903-9E5D-49F7-9CC8-108CE3F4EC8A}2015-08-13 14:45 - 2014-06-05 14:46 - 00000052 _____ C:\windows\SysWOW64\DOErrors.log2015-08-13 14:41 - 2014-12-24 15:49 - 00000000 ____D C:\Users\mooke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox2015-08-13 03:45 - 2014-06-11 08:45 - 00000000 ____D C:\ProgramData\Microsoft Help2015-08-13 03:45 - 2013-08-22 10:20 - 00000000 ____D C:\windows\CbsTemp2015-08-13 03:43 - 2014-08-03 12:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight2015-08-13 03:40 - 2014-06-07 05:31 - 00000000 ____D C:\windows\system32\MRT2015-08-13 03:21 - 2014-06-07 05:31 - 132483416 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe2015-08-12 19:28 - 2015-06-22 17:57 - 00000000 ____D C:\Users\mooke_000\Powersaves3DS2015-08-11 14:01 - 2015-06-25 14:21 - 00003190 _____ C:\windows\System32\Tasks\HPCeeScheduleForpauli_0002015-08-09 17:14 - 2014-06-05 17:05 - 00000000 ____D C:\Users\mooke_000\AppData\Local\Packages2015-08-08 08:55 - 2015-03-14 08:21 - 00794088 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe2015-08-08 08:55 - 2015-03-14 08:21 - 00179688 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl2015-08-01 15:49 - 2015-06-28 18:12 - 00000000 ____D C:\Program Files (x86)\Minecraft2015-08-01 14:11 - 2015-06-22 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Action Replay PowerSaves 3DS2015-08-01 14:11 - 2015-06-22 17:57 - 00000000 ____D C:\Program Files (x86)\Action Replay PowerSaves 3DS2015-08-01 14:06 - 2014-06-04 17:09 - 00000000 ____D C:\Users\Web2015-07-30 10:55 - 2013-08-22 10:36 - 00000000 ____D C:\windows\system32\NDF2015-07-30 09:45 - 2014-06-29 07:08 - 00000000 ____D C:\Users\aklyk_0002015-07-30 09:45 - 2014-06-05 18:34 - 00000000 ____D C:\Users\halca_0002015-07-28 18:20 - 2015-03-05 16:30 - 00000000 ____D C:\Users\mooke_000\AppData\Roaming\Origin2015-07-28 18:14 - 2015-03-05 16:27 - 00000000 ____D C:\Program Files (x86)\Origin2015-07-25 05:11 - 2015-04-04 09:03 - 00000000 ___SD C:\windows\system32\GWX2015-07-22 21:11 - 2013-08-22 10:36 - 00000000 ____D C:\windows\rescache2015-07-22 07:28 - 2015-01-31 11:51 - 04731400 _____ () C:\Users\mooke_000\Desktop\TechnicLauncher.exe2015-07-22 07:27 - 2015-01-31 12:04 - 00000000 ____D C:\Users\mooke_000\AppData\Roaming\.technic2015-07-19 10:39 - 2015-04-04 09:03 - 00000000 ___SD C:\windows\SysWOW64\GWX2015-07-19 10:39 - 2013-08-22 10:36 - 00000000 ___RD C:\windows\ToastData2015-07-19 10:39 - 2013-08-22 10:36 - 00000000 ____D C:\windows\WinStore2015-07-19 07:50 - 2014-06-05 18:34 - 00003946 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{29EB089F-8B13-46EE-B4F2-40CFC60D11E2} ==================== Files in the root of some directories ======= 2015-05-12 18:22 - 2015-05-12 18:22 - 0099678 _____ () C:\Program Files (x86)\tunepro138x138.ico2014-08-02 10:04 - 2014-08-02 10:05 - 0000360 _____ () C:\Users\Web\AppData\Roaming\com.kennettnet.MusicRescue4.plist ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\windows\system32\winlogon.exe => File is digitally signedC:\windows\system32\wininit.exe => File is digitally signedC:\windows\explorer.exe => File is digitally signedC:\windows\SysWOW64\explorer.exe => File is digitally signedC:\windows\system32\svchost.exe => File is digitally signedC:\windows\SysWOW64\svchost.exe => File is digitally signedC:\windows\system32\services.exe => File is digitally signedC:\windows\system32\User32.dll => File is digitally signedC:\windows\SysWOW64\User32.dll => File is digitally signedC:\windows\system32\userinit.exe => File is digitally signedC:\windows\SysWOW64\userinit.exe => File is digitally signedC:\windows\system32\rpcss.dll => File is digitally signedC:\windows\system32\dnsapi.dll[2015-03-11 12:13] - [2015-08-14 06:43] - 0657920 ____A (Microsoft Corporation) 089D030FF1B7D49ACD074B289D306F4D C:\windows\SysWOW64\dnsapi.dll => MD5 is legitC:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-08-10 04:49 ==================== End of log ============================
-
I just finished the re-scan with zoek -- log is below. I am in Chrome and still getting some 'best coupons' sidebar popping up. IE was doing the same thing before but it seems to be cured now. I have not yet done the scan with Malwarebytes. After I do that I will run FRST again and post the results. Zoek.exe v5.0.0.0 Updated 04-May-2015Tool run by Web on Sun 08/16/2015 at 16:24:55.69.Microsoft Windows 8.1 6.3.9600 x64Running in: Normal Mode Internet Access DetectedLaunched: C:\Users\Web\Desktop\zoek.exe [scan all users] [script inserted] ==== Older Logs ====================== C:\zoek-results2015-08-16-210618.log 47805 bytes ==== Empty Folders Check ====================== C:\Users\Web\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\0302601401919830mcinstcleanup deleted successfully ==== Chromium Look ====================== Google Chrome Version: 44.0.2403.155 Chrome Hotword Shared Module - aklyk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkgGoogle Cast - mooke_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafdTampermonkey - mooke_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfoChrome Hotword Shared Module - mooke_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkgChrome Hotword Shared Module - pauli_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkgGoogle Drive App Launcher - pauli_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbehGoogle Cast - Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafdUser-Agent Switcher for Chrome - Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmgGoogle News - Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililcGoogle Voice (by Google) - Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaoooChrome Hotword Shared Module - Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkgBoomerang for Gmail - Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll ==== Chromium Startpages ====================== C:\Users\aklyk_000\AppData\Local\Google\Chrome\User Data\Default\Preferencesdisplay_name\":\"A5\",\"height_microns\":210000,\"name\":\"ISO_A5\",\"vendor_id\":\"11\",\"width_microns\":148000},{\"custom_display_name\":\"B5 (JIS)\",\"height_microns\":257000,\"name\":\"JIS_B5\",\"vendor_id\":\"13\",\"width_microns\":182000},{\"custom_display_name\":\"Envelope #10\",\"height_microns\":241300,\"name\":\"NA_NUMBER_10\",\"vendor_id\":\"20\",\"width_microns\":104700},{\"custom_display_name\":\"Envelope DL\",\"height_microns\":220000,\"name\":\"ISO_DL\",\"vendor_id\":\"27\",\"width_microns\":110000},{\"custom_display_name\":\"Envelope C6\",\"height_microns\":162000,\"name\":\"ISO_C6\",\"vendor_id\":\"31\",\"width_microns\":114000},{\"custom_display_name\":\"Envelope Monarch\",\"height_microns\":190500,\"name\":\"NA_MONARCH\",\"vendor_id\":\"37\",\"width_microns\":98400},{\"custom_display_name\":\"A6\",\"height_microns\":148000,\"name\":\"ISO_A6\",\"vendor_id\":\"70\",\"width_microns\":105000},{\"custom_display_name\":\"JIS Chou #3\",\"height_microns\":234900,\"name\":\"JPN_CHOU3\",\"vendor_id\":\"119\",\"width_microns\":119900},{\"custom_display_name\":\"JIS Chou #4\",\"height_microns\":204900,\"name\":\"JPN_CHOU4\",\"vendor_id\":\"120\",\"width_microns\":89900},{\"custom_display_name\":\"B5 (ISO)\",\"height_microns\":249900,\"name\":\"ISO_B5\",\"vendor_id\":\"121\",\"width_microns\":176000},{\"custom_display_name\":\"B7 (ISO)\",\"height_microns\":124900,\"name\":\"ISO_B7\",\"vendor_id\":\"122\",\"width_microns\":87800},{\"custom_display_name\":\"B7 (JIS)\",\"height_microns\":128000,\"name\":\"JIS_B7\",\"vendor_id\":\"123\",\"width_microns\":90900},{\"custom_display_name\":\"HV\",\"height_microns\":180000,\"vendor_id\":\"124\",\"width_microns\":101000},{\"custom_display_name\":\"10x15cm\",\"height_microns\":152400,\"name\":\"NA_INDEX_4X6\",\"vendor_id\":\"125\",\"width_microns\":101600},{\"custom_display_name\":\"L 89x127mm\",\"height_microns\":127000,\"vendor_id\":\"129\",\"width_microns\":88900},{\"custom_display_name\":\"2L 127x178mm\",\"height_microns\":178000,\"name\":\"NA_5X7\",\"vendor_id\":\"130\",\"width_microns\":127000},{\"custom_display_name\":\"13x18cm\",\"height_microns\":177800,\"name\":\"NA_5X7\",\"vendor_id\":\"131\",\"width_microns\":127000},{\"custom_display_name\":\"8x10in.\",\"height_microns\":254000,\"name\":\"NA_GOVT_LETTER\",\"vendor_id\":\"133\",\"width_microns\":203200},{\"custom_display_name\":\"Photo card 10x20cm (tab)\",\"height_microns\":203200,\"vendor_id\":\"135\",\"width_microns\":101600},{\"custom_display_name\":\"10x30cm\",\"height_microns\":304800,\"vendor_id\":\"137\",\"width_microns\":101600},{\"custom_display_name\":\"Borderless A4, 210x297mm\",\"height_microns\":296900,\"name\":\"ISO_A4\",\"vendor_id\":\"156\",\"width_microns\":210000},{\"custom_display_name\":\"Borderless cabinet 120x165mm\",\"height_microns\":165100,\"vendor_id\":\"157\",\"width_microns\":119800},{\"custom_display_name\":\"Borderless A6\",\"height_microns\":148000,\"name\":\"ISO_A6\",\"vendor_id\":\"159\",\"width_microns\":104900},{\"custom_display_name\":\"Borderless B5, 182x257mm\",\"height_microns\":257000,\"name\":\"JIS_B5\",\"vendor_id\":\"162\",\"width_microns\":182100},{\"custom_display_name\":\"Card envelope 4.4x6in.\",\"height_microns\":152400,\"vendor_id\":\"165\",\"width_microns\":111100},{\"custom_display_name\":\"Envelope A2\",\"height_microns\":146000,\"name\":\"JPN_CHOU2\",\"vendor_id\":\"166\",\"width_microns\":110900},{\"custom_display_name\":\"Hagaki 100x148mm\",\"height_microns\":148000,\"name\":\"JPN_HAGAKI\",\"vendor_id\":\"167\",\"width_microns\":100000},{\"custom_display_name\":\"Borderless hagaki 100x148mm\",\"height_microns\":148100,\"name\":\"JPN_HAGAKI\",\"vendor_id\":\"168\",\"width_microns\":100100},{\"custom_display_name\":\"Index card 3x5in.\",\"height_microns\":127000,\"name\":\"NA_INDEX_3X5\",\"vendor_id\":\"169\",\"width_microns\":76200},{\"custom_display_name\":\"No. 6 3/4 Envelope\",\"height_microns\":165100,\"name\":\"NA_PERSONAL\",\"vendor_id\":\"171\",\"width_microns\":92200},{\"custom_display_name\":\"Index card 5x8in.\",\"height_microns\":203200,\"name\":\"NA_INDEX_5X8\",\"vendor_id\":\"172\",\"width_microns\":127000},{\"custom_display_name\":\"Ofuku Hagaki\",\"height_microns\":199800,\"name\":\"JPN_OUFUKU\",\"vendor_id\":\"173\",\"width_microns\":148000}]},\"page_orientation\":{\"option\":[{\"is_default\":true,\"type\":\"PORTRAIT\"},{\"type\":\"LANDSCAPE\"},{\"type\":\"AUTO\"}]},\"supported_content_type\":[{\"content_type\":\"application/pdf\"}]},\"version\":\"1.0\"},\"selectedDestinationName\":\"HP6676F7 (HP Officejet J4680 series)\",\"mediaSize\":{\"custom_display_name\":\"Letter\",\"height_microns\":279400,\"is_default\":true,\"name\":\"NA_LETTER\",\"vendor_id\":\"1\",\"width_microns\":215900}}"}},"profile":{"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{"https://www.youtube.com:443,https://www.youtube.com:443":{"setting":1}},"geolocation":{},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{},"popups":{},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"https://www.youtube.com:443,https://www.youtube.com:443":{"fullscreen":1}},"pref_version":1},"created_by_version":"35.0.1916.153","exit_type":"Normal","exited_cleanly":true,"icon_version":3,"managed_user_id":"","migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Firstuser","per_host_zoom_levels":{}},"protection":{"macs":{}},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13048517670653135"},"settings":{"privacy":{"drm_salt":"7DAF463AE6F2DA27AE51B7C0A93BB0D02897979278374173A2A0C0DD49A97FCE"}},"sync_promo":{"startup_count":10},"translate_blocked_languages":["en"],"translate_whitelists":{}} let.google.com/","https://wallet-web.sandbox.google.com/","https://www.google.com/","https://www.googleapis.com/*"],"update_url":"https://clients2.google.com/service/update2/crx","version":"0.1.1.0"},"path":"nmmhkkegccagdldgiimedpiccmgmieda\\0.1.1.0_0","preferences":{},"regular_only_preferences":{},"running":false,"state":1,"was_installed_by_default":true,"was_installed_by_oem":false},"pafkbggdmjlpgkdkcbjmhmfcdpncadgh":{"active_permissions":{"api":["alarms","gcm","identity","metricsPrivate","notifications","storage","tabs","webstorePrivate"],"explicit_host":["*://*.google.com/*","*://*.gstatic.com/*","https://*.googleapis.com/*","https://*.googleusercontent.com/*"],"manifest_permissions":[]},"content_settings":[],"creation_flags":1,"events":["alarms.onAlarm","gcm.onMessage","identity.onSignInChanged","notifications.onButtonClicked","notifications.onClicked","notifications.onClosed","notifications.onPermissionLevelChanged","notifications.onShowSettings","pushMessaging.onMessage","runtime.onInstalled","runtime.onStartup","runtime.onSuspend","storage.onChanged"],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13048525384657718","location":5,"manifest":{"background":{"persistent":false,"scripts":["utility.js","cards.js","background.js"]},"description":"IntegratesGoogle Now into Chrome.","icons":{"128":"images/icon128.png","16":"images/icon16.png","48":"images/icon48.png"},"key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhqJr32OFD/bMXW4Md7jMfd7LbwHXVc6x5bBQG5U+dloofoxrICDR20yur/40mQ8O//0sS1b8srvbab1CRlSrxoNCr9T80NAkfzx0gHyVS+p1Zow+1FzLMu9PiGwwFyN80HIB7GI/dIa0wC9K/2OrrzcHEhVH96DacTtWQqjfDVtZPjT7Xwv23dgoWcpbkRC86jMJot3dmX9xnn0KzoVc9gDOHSIkBLbkkr6Sp3LGXCCM4L0DJgxdFwaLr5WBzgC3y5x0/wwPIwN4PtIaK3BhH6njlksfnKwwIJ9iRT41V4BqbWu4mszO/7VJ3HJyw2DBpIc2grU9ZRRxrV3fRQG4wIDAQAB","manifest_version":2,"name":"Google Now","oauth2":{"auto_approve":true,"scopes":["https://www.googleapis.com/auth/googlenow"]},"optional_permissions":["background"],"permissions":["alarms","identity","metricsPrivate","notifications","pushMessaging","storage","tabs","webstorePrivate","\u003Call_urls>"],"version":"1.2.0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\35.0.1916.153\\resources\\google_now","preferences":{},"regular_only_preferences":{},"was_installed_by_default":false,"was_installed_by_oem":false},"pjkljhegncpnkpknbcohdijeoejaedia":{"ack_external":true,"active_permissions":{"api":["notifications"],"manifest_permissions":[]},"app_launcher_ordinal":"x","commands":{},"content_settings":[],"creation_flags":137,"events":[],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["notifications"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13080682435387499","lastpingday":"13080726011904612","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"https://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"en_US","default_locale":"en","description":"Fast, searchable email with less spam.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","manifest_version":2,"name":"Gmail","options_page":"https://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"http://clients2.google.com/service/update2/crx","version":"8.1"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"1001F5640A953A5D086A090017622E2187961DD3D2087D7595BD5C8EE029AA3B"},"default_search_provider":{"keyword":"4627E3D4A8B5F1B916551AF358D153398B3B3A3944A743AE76A2459DD3F49B1B","name":"21F1619AEA5A935701D6B08F47C969BA29938020172026DF5E79C2C36C11F745","search_url":"3E12220E278B45787D436180D87C2769A25386E8969D6F45B22BC69FDCB3B881"},"default_search_provider_data":{"template_url_data":"0A93A7184365FAAC2AAFB2D4962CD46BBA4BF690B0CB87D537BFF4295D593BF8"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"08EDF4EEDDCD784AFA3796114941228143712047915F5D584A0259626CF9CE91","aohghmighlieiainnegkcijnfilokake":"A613A5A4E8DB7A433854F426F6BB1E4D2D848F48EA8AF1342F51E107449A871D","apdfllckaahabafndbhieahigkjlhalf":"D3FF13EA5A3BC5ACA47A44A3B49DC64BEA4A9112BCA977FDC319DDFC5F0433A3","bepbmhgboaologfdajaanbcjmnhjmhfn":"47674854842EB6BA4243051A4992DEA32E80B124DD9B3E1880FCD604D7D91529","blpcfgokakmgnkcojhhkbfbldkacnbeo":"6A3D696F206A71021D4295F3AE7C676663F545268F8AE869ED03E7F923ECBA16","coobgpohoikkiipiblmjeljniedjpjpf":"82413CB0DC4C90B518948FC0E56FBAC7D4B96A1AE9460016D84CC6EDAB97BC4E","dnhpdliibojhegemfjheidglijccjfmc":"D49F04C480B2574202F250BFB765FCD9389D63F879E7B9B43B142637FFA9CE66","eemcgdkfndhakfknompkggombfjjjeno":"C704B0B7604A6DA20DD21CE7B523FF0C54D5D800D3E1E745E396EA922FAADD84","ennkphjdgehloodpbhlhldgbnhmacadg":"222644A55E9E33779DDFB9C6F25EC33FEA75B1793E0EBB604CC64173A02B01A9","gfdkimpbcpahaombhbimeihdjnejgicl":"A4B451D8EA05D865E6F86D1E48F0A7A8527807265CC3418611877E6E17A7D72E","kmendfapggjehodndflmmgagdbamhnfd":"107585A49AF7BC319903CDC22F95A020B0583C1CE76A2DA184C4823E5929AC83","lccekmodgklaepjeofjdjpbminllajkg":"5E6342C9E6F3E475ECD73A9D594A40D10EC633D628D39EE5C7BDD57CE6EB74A5","mfehgcgbbipciphmccgaenjidiccnmng":"12B74E6621E4A9AD656BF66490F256DABA43DA929CC201A268935D308C6BDD7A","mfffpogegjflfpflabcdkioaeobkgjik":"CED74CD6D3C859555676D1037B60A0F1A3D14D19451F1E0C92383743F0AC3485","mgndgikekgjfcpckkfioiadnlibdjbkf":"DB67B8E5BEBAE1561EC2A0CC669CFF360EA19EA7DE3B496065C8760763CB8519","mhjfbmdgcfjbbpaeojofohoefgiehjai":"F364BCC0C38E476BD6D97F6E9BCFD17DA7B5312B421F419B152AF9A4FFEE7E99","nbpagnldghgfoolbancepceaanlmhfmd":"C4BE008B3443DA015CA1739169E697E5DEA6A96B35280ED5FA838F482A006227","neajdppkdcdipfabeoofebfddakdcjhd":"434EC733F5F43C8501FFDF29968769C897222C7123F302E77177F63956D74083","nkeimhogjdpnpccoofpliimaahmaaome":"F723ABE9852C076B249D8ECD2245C52DFDF2F34A15E69B1BCCCAC9DE19F09F75","nmmhkkegccagdldgiimedpiccmgmieda":"0256CA505452E1C72F897D3ADD02713F06CB04D165908ABBC8B50BDDE60BE10D","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"894F68BBB1BDAC02C28EB26FD5E724FDC5B2CD5B111862BC9869D2F7B1D8BD47","pjkljhegncpnkpknbcohdijeoejaedia":"64C42445D79289125F0F76A334EC22B7F6653F02C600750BC5264B45C4EFC142"}},"google":{"services":{"last_username":"2443B4B1E8483969A8793E688AD8D545724C2C29723E13998F74A3F5ACB43914","username":"ABF21DCE9B65566E6B4342B8B756DA0E9C18DF5B7203FF741CCE37704ADC3C6A"}},"homepage":"E70CD67B7C157C85AC13DBE0EBBCB19E0F4C1964CA80ADF583A3E950BDDE8ED7","homepage_is_newtabpage":"8DD91D45398D11FBEAA522EE798BD803AF6D4EFF02613B32D888EF84EAD90892","pinned_tabs":"ABBCAF7B14102307DFFDC120895205AB1EA5C050A53AC4989D68320721430E4C","prefs":{"preference_reset_time":"F2848AA681BB3B4987E713B9F4E8AEDEAB8CF1E794854EDFD5CDE7DC10C98EA0"},"profile":{"reset_prompt_memento":"707EA13DABA2EF2655E64AFBB0DB97CD7911954F3916B83AB7A6EA43EF9228EE"},"safebrowsing":{"incidents_sent":"A88C3330D98437CA294C42E1EEA144AC4882119C813682013C3459D79C77795B"},"search_provider_overrides":"5543D300B1131CA2D86EFE422BCC47A9801316556296311E57E8997568E822C9","session":{"restore_on_startup":"F51A7D73A61877826492F110250FE685DBF0C7009CF33B6DF8CD9F85296D343E","startup_urls":"B4ED088D82487A5D863DE4521E42C6FDB752421878723E444A6DD7ED3E9FF896"},"software_reporter":{"prompt_reason":"342BD00BDDD34D8231088CAD4045FC357E53238D59B9A185A80CC4C2A2639587","prompt_seed":"DCE4B85418CC56F13C00FF0A58B59DA52755954B89B0F0762F94512CD3F2FC25","prompt_version":"3D13246559DB5C92FCDAE70E2815AA1ECEB41175BA38A03598DDA6DC20DA0A9F"},"sync":{"remaining_rollback_tries":"00A44AC67AD32877AC3D3B6A677AF4E5BD371C752128B5832688435DBF9A6CBA"}},"super_mac":"4FAAC01FB18E91FBEED358AFE728A9B37618599FD9A984CB92D654204488717C"},"sync":{"remaining_rollback_tries":0}} C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Preferences0,\"vendor_id\":\"165\",\"width_microns\":111100},{\"custom_display_name\":\"Envelope A2\",\"height_microns\":146000,\"name\":\"JPN_CHOU2\",\"vendor_id\":\"166\",\"width_microns\":110900},{\"custom_display_name\":\"Hagaki 100x148mm\",\"height_microns\":148000,\"name\":\"JPN_HAGAKI\",\"vendor_id\":\"167\",\"width_microns\":100000},{\"custom_display_name\":\"Borderless hagaki 100x148mm\",\"height_microns\":148100,\"name\":\"JPN_HAGAKI\",\"vendor_id\":\"168\",\"width_microns\":100100},{\"custom_display_name\":\"Index card 3x5in.\",\"height_microns\":127000,\"name\":\"NA_INDEX_3X5\",\"vendor_id\":\"169\",\"width_microns\":76200},{\"custom_display_name\":\"No. 6 3/4 Envelope\",\"height_microns\":165100,\"name\":\"NA_PERSONAL\",\"vendor_id\":\"171\",\"width_microns\":92200},{\"custom_display_name\":\"Index card 5x8in.\",\"height_microns\":203200,\"name\":\"NA_INDEX_5X8\",\"vendor_id\":\"172\",\"width_microns\":127000},{\"custom_display_name\":\"Ofuku Hagaki\",\"height_microns\":199800,\"name\":\"JPN_OUFUKU\",\"vendor_id\":\"173\",\"width_microns\":148000}]},\"page_orientation\":{\"option\":[{\"is_default\":true,\"type\":\"PORTRAIT\"},{\"type\":\"LANDSCAPE\"},{\"type\":\"AUTO\"}]},\"supported_content_type\":[{\"content_type\":\"application/pdf\"}]},\"version\":\"1.0\"},\"selectedDestinationName\":\"HP6676F7 (HP Officejet J4680 series)\",\"isDuplexEnabled\":false,\"mediaSize\":{\"custom_display_name\":\"Letter\",\"height_microns\":279400,\"is_default\":true,\"name\":\"NA_LETTER\",\"vendor_id\":\"1\",\"width_microns\":215900},\"dpi\":{\"horizontal_dpi\":600,\"is_default\":true,\"vertical_dpi\":600},\"selectedDestinationExtensionId\":\"\"}"}},"profile":{"avatar_bubble_tutorial_shown":1,"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{"https://[*.]www.khanacademy.org:443,*":{"setting":1},"https://[*.]www.youtube.com:443,*":{"setting":1},"https://vimeo.com:443,https://vimeo.com:443":{"setting":1}},"geolocation":{"http://bindingofisaacrebirth.gamepedia.com:80,http://bindingofisaacrebirth.gamepedia.com:80":{"setting":1},"https://www.peiwei.com:443,https://www.peiwei.com:443":{"setting":1}},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{"https://www.google.com:443,*":{"setting":1}},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{"[*.]web.roblox.com,*":{"setting":1},"[*.]www.roblox.com,*":{"setting":1}},"popups":{"https://[*.]my.hrw.com:443,*":{"setting":1}},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"[*.]web.roblox.com,*":{"plugins":1},"[*.]www.roblox.com,*":{"plugins":1},"http://bindingofisaacrebirth.gamepedia.com:80,http://bindingofisaacrebirth.gamepedia.com:80":{"geolocation":1,"last_used":{"geolocation":1429972520.755725}},"https://[*.]my.hrw.com:443,*":{"popups":1},"https://[*.]www.khanacademy.org:443,*":{"fullscreen":1},"https://[*.]www.youtube.com:443,*":{"fullscreen":1},"https://vimeo.com:443,https://vimeo.com:443":{"fullscreen":1},"https://www.google.com:443,*":{"last_used":{"media-stream-mic":1429470270.991902},"media-stream-mic":1},"https://www.peiwei.com:443,https://www.peiwei.com:443":{"geolocation":1,"last_used":{"geolocation":1425162054.95262}}},"plugin_whitelist":{"npsitesafety":{"dll":true}},"pref_version":1},"created_by_version":"35.0.1916.114","exit_type":"SessionEnded","exited_cleanly":true,"gaia_info_picture_url":"https://lh5.googleusercontent.com/-haBLRz9eYLg/AAAAAAAAAAI/AAAAAAAAAV8/RTukSYhljaQ/s256-c/photo.jpg","gaia_info_update_time":"13084136882185926","icon_version":3,"managed_user_id":"","managed_users":{},"migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Firstuser","password_manager_groups_for_domains":[0,null,null,null,null,null,4],"per_host_zoom_levels":{}},"protection":{"macs":{}},"reverse_autologin":{"enabled":false},"safebrowsing":{"extended_reporting_enabled":false},"savefile":{"default_directory":"C:\\Users\\mooke_000\\Pictures","type":1},"selectfile":{"last_directory":"C:\\Users\\mooke_000\\Pictures"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13046482681127931"},"sync":{"app_list":true,"app_settings":true,"apps":true,"autofill":true,"autofill_profile":true,"autofill_wallet":true,"bookmarks":true,"dictionary":false,"encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA3c20YGNsc0OIiLhFdncglAAAAAACAAAAAAAQZgAAAAEAACAAAACXWDDZBcM+eA+9P7B1N7al7F/V1Z9Jg3oO2m/usZpr4QAAAAAOgAAAAAIAACAAAABtuVcmP1Y9WtoUIc1l1WRhI6lMc/EFEil2hw77LJTlbEAAAADAb3umj9ZM7Ux+OBqDYDOtcf8xR7sq/0rMxL1x4KFUBbbT8uMJhnb/GTOdmTML986xXtvOmQMCXlGZv1rwVri7QAAAAENcSY2Cg9AkE8Sx/UNVdHgBDLUw2gKJgeATZSabWRD6mNuNoniwlQdEp/hN/FTcEgalCRnsz/EAAQWfSveYP/I=","extension_settings":true,"extensions":true,"favicon_images":true,"favicon_tracking":true,"first_sync_time":"13055118736362832","has_setup_completed":true,"history_delete_directives":true,"keep_everything_synced":false,"keystore_encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA3c20YGNsc0OIiLhFdncglAAAAAACAAAAAAAQZgAAAAEAACAAAABNihHORacbJ504tbQtQopqD+WLIXt9lc5vwdFr7w8BLgAAAAAOgAAAAAIAACAAAAA9lPQWe0t5g7t2JhbyRoOFmfylRC30usGuzi66W7duWlAAAACj/yFZFmAHazLdalM2L8ZNwkmIVrRngESxtVm9oieUQ0dftoDB2aUROzZNA1gZnpVzDcqLQ0Xs27DojW3jZI+e5c9/ho+MtM7YtMFHaMrQ2UAAAABrDffZGWplmjjd2zfnOzh3MA6htoMFwy3v2AePFzXXx8H6agIOZfgQIvxbk7jahTxIbIENIvSqIbR7u6v/gCIy","last_synced_time":"13084219126304698","managed_user_settings":true,"managed_user_shared_settings":true,"managed_user_whitelists":true,"managed_users":true,"memory_warning_count":0,"passwords":true,"preferences":false,"priority_preferences":false,"search_engines":false,"session_sync_guid":"session_syncJLfaPHsGBIo9FLR1s53yZw==","sessions":true,"shutdown_cleanly":false,"suppress_start":false,"synced_notifications":true,"tabs":true,"themes":true,"typed_urls":true},"sync_promo":{"startup_count":1},"synced_notification":{"first_run":false},"translate_accepted_count":{"de":0,"en":0,"pt":0},"translate_blocked_languages":["en"],"translate_denied_count":{"en":1,"pt":1},"translate_denied_count_for_language":{"de":2,"en":1},"translate_last_denied_time":1425932860295.626,"translate_last_denied_time_for_language":{"de":1439684030402.555,"en":1438018787678.093},"translate_too_often_denied":true,"translate_whitelists":{},"zerosuggest":{"cachedresults":""}} C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Preferencesa.com,*":{"plugins":1},"[*.]solutions1.learn.hp.com,*":{"plugins":1},"[*.]trinityrivercorridor.com,*":{"plugins":1},"[*.]upload.wikimedia.org,*":{"plugins":1},"[*.]www.cvsphoto.com,*":{"plugins":1},"[*.]www.ers-srl.com,*":{"plugins":1},"[*.]www.impactwrestling.com,*":{"fullscreen":1},"[*.]www.java.com,*":{"plugins":1},"[*.]www.myfoxdfw.com,*":{"plugins":1},"[*.]www.scholastic.com,*":{"plugins":1},"[*.]www.youtube.com,*":{"fullscreen":1},"http://192.168.1.85:8080,*":{"plugins":1},"http://maps.google.com:80,http://maps.google.com:80":{"geolocation":1},"http://touch.facebook.com:80,http://touch.facebook.com:80":{"geolocation":1},"http://www.greatclips.com:80,http://www.greatclips.com:80":{"geolocation":1},"http://www.wunderground.com:80,http://www.wunderground.com:80":{"geolocation":1},"http://www.zoomzoomzen.com:80,http://www.zoomzoomzen.com:80":{"geolocation":1},"https://[*.]download.citrixonline.com:443,*":{"plugins":1},"https://[*.]eft1.feps.cms.gov:443,*":{"plugins":1},"https://[*.]mail.google.com:443,*":{"popups":1},"https://[*.]plus.google.com:443,*":{"fullscreen":1},"https://[*.]qbo.intuit.com:443,*":{"popups":1},"https://[*.]us-mg205.mail.yahoo.com:443,*":{"multiple-automatic-downloads":1},"https://[*.]www.facebook.com:443,*":{"fullscreen":1},"https://app.mysms.com:443,*":{"notifications":1},"https://foursquare.com:443,https://foursquare.com:443":{"geolocation":1},"https://maps.google.com:443,https://maps.google.com:443":{"geolocation":1},"https://plus.google.com:443,https://plus.google.com:443":{"geolocation":1},"https://www.google.com:443,*":{"media-stream-mic":1}},"plugin_whitelist":{"npsitesafety":{"dll":true}},"pref_version":1},"created_by_version":"35.0.1916.114","default_content_setting_values":{"plugins":3},"default_content_settings":{"plugins":3},"exit_type":"Crashed","exited_cleanly":true,"gaia_info_update_time":"13084233681968367","icon_version":3,"is_managed":false,"managed_user_id":"","managed_users":{},"migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Firstuser","password_manager_groups_for_domains":[1],"per_host_zoom_levels":{}},"protection":{"macs":{}},"reverse_autologin":{"enabled":false},"savefile":{"default_directory":"C:\\Users\\Web\\Desktop"},"selectfile":{"last_directory":"C:\\Users\\Web\\Google Drive\\TQF\\Quickbooks\\Invoices"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13046643098031463"},"settings":{"privacy":{"drm_salt":"59D990A4BCF6D7DA80F0CE8659C908FC2FA5F4DE5A020533B694B6C1AAE84E44"}},"signin":{"signedin_time":"13064261698391182"},"sync":{"app_list":true,"app_settings":true,"apps":true,"autofill":true,"autofill_profile":true,"bookmarks":true,"dictionary":true,"encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAABysDQll0iEqH4Npf5cRrEwAAAAACAAAAAAAQZgAAAAEAACAAAAC7P9C05ipXTOzF0l4BjbyY/Ou+t3xd+MW8UJa3TaLU9gAAAAAOgAAAAAIAACAAAACBXditQkETqm6P+Nr7VpGS/WDlqtLRirKMehnoAMeBUkAAAABkKc1TGWikSPgQaBuy0LhefntKyg7j88fyOXLTugXGdbTeAp4cXzoKNi0BORaRe8kgKORe7mUa19RLcdepVn5vQAAAAFLuwP++8xk2K21Iq9GGF9W0HMVmSsAQfIEC5xeCpG1adaIH2GEK4YXVnyKN7xf/DRTHDQvytIhh7jG5snxzSaM=","extension_settings":true,"extensions":true,"favicon_images":true,"favicon_tracking":true,"first_sync_time":"13054232150315396","has_auth_error":true,"has_setup_completed":true,"history_delete_directives":true,"keystore_encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAABysDQll0iEqH4Npf5cRrEwAAAAACAAAAAAAQZgAAAAEAACAAAADabq7neynTCsZSn2NcWnNZ2SiNs1cdZ5fH16xV5JuVdQAAAAAOgAAAAAIAACAAAACK/KfwkrmTwJaHOt81rnX5WIz+9eX0cTcvAXKKGiWQtlAAAAALJILtIyo3gY/C9xlIauvuEtBrhjngB4+DJoBKNfWG3NLjbXEWYfm9YFADQnraWxrgpl52a6mWaoesox1FyrLiZB9guUGzeKIPPH8nBoY6uUAAAAC80pZOS4wt7GHJTqpvmMl84Bxp6QHQjHJ0oHgPPYAzm0TA59TUhfsiOHEdTwNzUZKEDL06TvfwuvzbVjNhk35c","last_synced_time":"13084234442806872","managed_user_settings":true,"managed_user_shared_settings":true,"managed_user_whitelists":true,"managed_users":true,"memory_warning_count":0,"passwords":true,"preferences":true,"priority_preferences":true,"search_engines":true,"session_sync_guid":"session_sync3Hda8RkRlmSyGv3B4D4+Uw==","sessions":true,"shutdown_cleanly":false,"suppress_start":false,"synced_notifications":true,"tabs":true,"themes":true,"typed_urls":true},"sync_promo":{"startup_count":1},"synced_notification":{"first_run":false},"translate_accepted_count":{"ar":0,"de":0,"es":0,"fr":0,"ga":0,"it":0,"ja":0,"zh-CN":1},"translate_blocked_languages":["en"],"translate_denied_count":{"ar":1,"de":6,"es":1,"fr":1,"ga":1,"it":1,"ja":1,"zh-CN":0},"translate_whitelists":{}} ==== Set IE to Default ====================== Old Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://www.msn.com/?pc=MSE1" New Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://www.msn.com/?pc=MSE1" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS"{D944BB61-2E34-4DBF-A683-47E505C587DC} eBay Url="http://rover.ebay.com/rover/1/711-154371-11896-2/4" ==== Empty IE Cache ====================== C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\aklyk_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\Users\aklyk_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfullyC:\Users\halca_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\Users\halca_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfullyC:\Users\mooke_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\Users\mooke_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfullyC:\Users\pauli_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\Users\pauli_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfullyC:\Users\Web\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\Users\Web\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfullyC:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\Users\aklyk_000\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfullyC:\Users\aklyk_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfullyC:\Users\halca_000\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfullyC:\Users\halca_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfullyC:\Users\mooke_000\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfullyC:\Users\mooke_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfullyC:\Users\pauli_000\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfullyC:\Users\pauli_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfullyC:\Users\Web\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfullyC:\Users\Web\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfullyC:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfullyC:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\aklyk_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfullyC:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfullyC:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfullyC:\Users\pauli_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfullyC:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=49 folders=36 20196232 bytes) ==== Empty Temp Folders ====================== C:\Users\aklyk_000\AppData\Local\Temp emptied successfullyC:\Users\Default\AppData\Local\Temp emptied successfullyC:\Users\Default User\AppData\Local\Temp emptied successfullyC:\Users\halca_000\AppData\Local\Temp emptied successfullyC:\Users\mooke_000\AppData\Local\Temp emptied successfullyC:\Users\pauli_000\AppData\Local\Temp emptied successfullyC:\Users\Web\AppData\Local\Temp will be emptied at rebootC:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfullyC:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfullyC:\windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\windows\Temp successfully emptiedC:\Users\Web\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on Sun 08/16/2015 at 16:59:09.69 ======================
-
Here is the log from the re-run of AdwCleaner, it's much shorter this time. Below that is the log from the first run of zoek, the one before I realized I had missed a step. I will re-run zoek and post that log in a separate comment. # AdwCleaner v5.000 - Logfile created 16/08/2015 at 16:19:02# Updated 14/08/2015 by Xplode# Database : 2015-08-16.2 [server]# Operating system : Windows 8.1 (x64)# Username : Web - JEFFERSON# Running from : C:\Users\Web\Downloads\AdwCleaner.exe# Option : Cleaning ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder Deleted : C:\Users\pauli_000\Documents\DailyPCClean ***** [ Files ] ***** [-] File Deleted : C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\peglehonblabfemopkgmfcpofbchegcl[-] File Deleted : C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage[-] File Deleted : C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal[-] File Deleted : C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage[-] File Deleted : C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal[-] File Deleted : C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage[-] File Deleted : C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal[-] File Deleted : C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage[-] File Deleted : C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** [-] Task Deleted : DailyPCClean Schedule ***** [ Registry ] ***** [-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF} ***** [ Web browsers ] ***** ************************* :: Proxy settings cleared:: Winsock settings cleared ************************* C:\AdwCleaner[C1].txt - [18555 octets] - [16/08/2015 15:09:09]C:\AdwCleaner[C2].txt - [2571 octets] - [16/08/2015 16:19:02]C:\AdwCleaner[s1].txt - [17836 octets] - [16/08/2015 15:05:17]C:\AdwCleaner[s2].txt - [2580 octets] - [16/08/2015 16:15:48] ########## EOF - C:\AdwCleaner[C2].txt - [2761 octets] ########## Zoek.exe v5.0.0.0 Updated 04-May-2015Tool run by Web on Sun 08/16/2015 at 15:30:15.53.Microsoft Windows 8.1 6.3.9600 x64Running in: Normal Mode Internet Access DetectedLaunched: C:\Users\Web\Desktop\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 8/16/2015 3:34:20 PM Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\0fbddb10-1b8a-43a6-825a-a4822c5d4b34 deleted successfullyC:\PROGRA~2\6cfea78c-9c9c-4604-995a-762bb7100ee6 deleted successfullyC:\PROGRA~2\A6C6C989-1439515876-BC3E-14FC-D623B3EBFD98 deleted successfullyC:\PROGRA~2\adlevel deleted successfullyC:\PROGRA~2\DailyPCClean deleted successfullyC:\PROGRA~2\DailyPcClean Support deleted successfullyC:\PROGRA~2\DnsIo deleted successfullyC:\PROGRA~2\ServiceUpdater deleted successfullyC:\PROGRA~3\Service1291 deleted successfullyC:\Users\mooke_000\AppData\Roaming\.crazycraft deleted successfullyC:\Users\mooke_000\AppData\Roaming\.electriciansjourney deleted successfullyC:\Users\mooke_000\AppData\Roaming\.heliwars deleted successfullyC:\Users\mooke_000\AppData\Roaming\.mariokart deleted successfullyC:\Users\mooke_000\AppData\Roaming\.morphhidenseek deleted successfullyC:\Users\mooke_000\AppData\Roaming\.mountolympussiege deleted successfullyC:\Users\mooke_000\AppData\Roaming\.vanilla1.5.2 deleted successfullyC:\Users\mooke_000\AppData\Roaming\.vanilla1.6.4 deleted successfullyC:\Users\mooke_000\AppData\Roaming\.vanilla1.7.10 deleted successfullyC:\Users\mooke_000\AppData\Roaming\.vanilla1.7.2 deleted successfullyC:\Users\mooke_000\AppData\Roaming\.vanilla162 deleted successfullyC:\Users\mooke_000\AppData\Roaming\Apple Computer deleted successfullyC:\Users\mooke_000\AppData\Roaming\hpqlog deleted successfullyC:\Users\aklyk_000\AppData\Local\EmieSiteList deleted successfullyC:\Users\aklyk_000\AppData\Local\EmieUserList deleted successfullyC:\Users\aklyk_000\AppData\Local\VirtualStore deleted successfullyC:\Users\halca_000\AppData\Local\EmieBrowserModeList deleted successfullyC:\Users\halca_000\AppData\Local\EmieSiteList deleted successfullyC:\Users\halca_000\AppData\Local\EmieUserList deleted successfullyC:\Users\halca_000\AppData\Local\PackageStaging deleted successfullyC:\Users\mooke_000\AppData\Local\EmieBrowserModeList deleted successfullyC:\Users\mooke_000\AppData\Local\EmieSiteList deleted successfullyC:\Users\mooke_000\AppData\Local\EmieUserList deleted successfullyC:\Users\mooke_000\AppData\Local\PackageStaging deleted successfullyC:\Users\pauli_000\AppData\Local\A2D4B635-D1D1-4A62-A97D-A44A47B8980 deleted successfullyC:\Users\pauli_000\AppData\Local\CutePDF Writer deleted successfullyC:\Users\pauli_000\AppData\Local\EmieBrowserModeList deleted successfullyC:\Users\pauli_000\AppData\Local\EmieSiteList deleted successfullyC:\Users\pauli_000\AppData\Local\EmieUserList deleted successfullyC:\Users\pauli_000\AppData\Local\PackageStaging deleted successfullyC:\Users\pauli_000\AppData\Local\VirtualStore deleted successfullyC:\Users\Web\AppData\Local\CutePDF Writer deleted successfullyC:\Users\Web\AppData\Local\EmieBrowserModeList deleted successfullyC:\Users\Web\AppData\Local\EmieSiteList deleted successfullyC:\Users\Web\AppData\Local\EmieUserList deleted successfullyC:\Users\Web\AppData\Local\PackageStaging deleted successfullyC:\Users\Web\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2744511804-60897879-1795108344-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFD9007D-B1D0-490C-975A-78475FE8F8DE} deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFD9007D-B1D0-490C-975A-78475FE8F8DE} deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFD9007D-B1D0-490C-975A-78475FE8F8DE} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\0fbddb10-1b8a-43a6-825a-a4822c5d4b34 not foundC:\PROGRA~2\6cfea78c-9c9c-4604-995a-762bb7100ee6 not foundC:\PROGRA~2\A6C6C989-1439515876-BC3E-14FC-D623B3EBFD98 not foundC:\PROGRA~2\adlevel not foundC:\PROGRA~2\DailyPCClean not foundC:\PROGRA~2\DailyPcClean Support not foundC:\PROGRA~2\DnsIo not foundC:\PROGRA~2\ServiceUpdater not foundC:\windows\SysNative\Tasks\OKJQVJWHKAAQRNFR deletedC:\PROGRA~3\28341ff220e0446c9fff27c4493d622e deletedC:\Users\pauli_000\AppData\Local\12586 deletedC:\task.vbs deletedC:\user.js deletedC:\Users\halca_000\AppData\Roaming\WB.CFG deletedC:\Users\pauli_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk deletedC:\Users\pauli_000\AppData\Roaming\Compete deletedC:\Users\Web\AppData\Roaming\QBFileDrTool.log deletedC:\PROGRA~3\Package Cache deletedC:\Users\pauli_000\AppData\Local\Installer deletedC:\Users\pauli_000\AppData\Local\CrashRpt deletedC:\windows\SysNative\config\systemprofile\AppData\Local\WebBar deletedC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services deletedC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deletedC:\Users\pauli_000\AppData\LocalLow\Company deletedC:\windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deletedC:\windows\SysNative\config\systemprofile\Searches deletedC:\windows\SysNative\GroupPolicy\machine deletedC:\windows\SysNative\GroupPolicy\User deletedC:\windows\SysNative\GroupPolicy\gpt.ini deletedC:\windows\Syswow64\GroupPolicy\gpt.ini deleted"C:\windows\Installer\c76e154.msi" deleted ==== Chromium Look ====================== Google Chrome Version: 44.0.2403.155 HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensionslmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[] Chrome Hotword Shared Module - aklyk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkgGoogle Cast - mooke_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafdTampermonkey - mooke_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfoChrome Hotword Shared Module - mooke_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkgChrome Hotword Shared Module - pauli_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkgGoogle Drive App Launcher - pauli_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbehGoogle Cast - Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafdUser-Agent Switcher for Chrome - Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmgGoogle News - Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililcGoogle Voice (by Google) - Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaoooChrome Hotword Shared Module - Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkgGoogle Drive App Launcher - Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbehBoomerang for Gmail - Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll ==== Chromium Startpages ====================== C:\Users\aklyk_000\AppData\Local\Google\Chrome\User Data\Default\Preferencesdisplay_name\":\"A5\",\"height_microns\":210000,\"name\":\"ISO_A5\",\"vendor_id\":\"11\",\"width_microns\":148000},{\"custom_display_name\":\"B5 (JIS)\",\"height_microns\":257000,\"name\":\"JIS_B5\",\"vendor_id\":\"13\",\"width_microns\":182000},{\"custom_display_name\":\"Envelope #10\",\"height_microns\":241300,\"name\":\"NA_NUMBER_10\",\"vendor_id\":\"20\",\"width_microns\":104700},{\"custom_display_name\":\"Envelope DL\",\"height_microns\":220000,\"name\":\"ISO_DL\",\"vendor_id\":\"27\",\"width_microns\":110000},{\"custom_display_name\":\"Envelope C6\",\"height_microns\":162000,\"name\":\"ISO_C6\",\"vendor_id\":\"31\",\"width_microns\":114000},{\"custom_display_name\":\"Envelope Monarch\",\"height_microns\":190500,\"name\":\"NA_MONARCH\",\"vendor_id\":\"37\",\"width_microns\":98400},{\"custom_display_name\":\"A6\",\"height_microns\":148000,\"name\":\"ISO_A6\",\"vendor_id\":\"70\",\"width_microns\":105000},{\"custom_display_name\":\"JIS Chou #3\",\"height_microns\":234900,\"name\":\"JPN_CHOU3\",\"vendor_id\":\"119\",\"width_microns\":119900},{\"custom_display_name\":\"JIS Chou #4\",\"height_microns\":204900,\"name\":\"JPN_CHOU4\",\"vendor_id\":\"120\",\"width_microns\":89900},{\"custom_display_name\":\"B5 (ISO)\",\"height_microns\":249900,\"name\":\"ISO_B5\",\"vendor_id\":\"121\",\"width_microns\":176000},{\"custom_display_name\":\"B7 (ISO)\",\"height_microns\":124900,\"name\":\"ISO_B7\",\"vendor_id\":\"122\",\"width_microns\":87800},{\"custom_display_name\":\"B7 (JIS)\",\"height_microns\":128000,\"name\":\"JIS_B7\",\"vendor_id\":\"123\",\"width_microns\":90900},{\"custom_display_name\":\"HV\",\"height_microns\":180000,\"vendor_id\":\"124\",\"width_microns\":101000},{\"custom_display_name\":\"10x15cm\",\"height_microns\":152400,\"name\":\"NA_INDEX_4X6\",\"vendor_id\":\"125\",\"width_microns\":101600},{\"custom_display_name\":\"L 89x127mm\",\"height_microns\":127000,\"vendor_id\":\"129\",\"width_microns\":88900},{\"custom_display_name\":\"2L 127x178mm\",\"height_microns\":178000,\"name\":\"NA_5X7\",\"vendor_id\":\"130\",\"width_microns\":127000},{\"custom_display_name\":\"13x18cm\",\"height_microns\":177800,\"name\":\"NA_5X7\",\"vendor_id\":\"131\",\"width_microns\":127000},{\"custom_display_name\":\"8x10in.\",\"height_microns\":254000,\"name\":\"NA_GOVT_LETTER\",\"vendor_id\":\"133\",\"width_microns\":203200},{\"custom_display_name\":\"Photo card 10x20cm (tab)\",\"height_microns\":203200,\"vendor_id\":\"135\",\"width_microns\":101600},{\"custom_display_name\":\"10x30cm\",\"height_microns\":304800,\"vendor_id\":\"137\",\"width_microns\":101600},{\"custom_display_name\":\"Borderless A4, 210x297mm\",\"height_microns\":296900,\"name\":\"ISO_A4\",\"vendor_id\":\"156\",\"width_microns\":210000},{\"custom_display_name\":\"Borderless cabinet 120x165mm\",\"height_microns\":165100,\"vendor_id\":\"157\",\"width_microns\":119800},{\"custom_display_name\":\"Borderless A6\",\"height_microns\":148000,\"name\":\"ISO_A6\",\"vendor_id\":\"159\",\"width_microns\":104900},{\"custom_display_name\":\"Borderless B5, 182x257mm\",\"height_microns\":257000,\"name\":\"JIS_B5\",\"vendor_id\":\"162\",\"width_microns\":182100},{\"custom_display_name\":\"Card envelope 4.4x6in.\",\"height_microns\":152400,\"vendor_id\":\"165\",\"width_microns\":111100},{\"custom_display_name\":\"Envelope A2\",\"height_microns\":146000,\"name\":\"JPN_CHOU2\",\"vendor_id\":\"166\",\"width_microns\":110900},{\"custom_display_name\":\"Hagaki 100x148mm\",\"height_microns\":148000,\"name\":\"JPN_HAGAKI\",\"vendor_id\":\"167\",\"width_microns\":100000},{\"custom_display_name\":\"Borderless hagaki 100x148mm\",\"height_microns\":148100,\"name\":\"JPN_HAGAKI\",\"vendor_id\":\"168\",\"width_microns\":100100},{\"custom_display_name\":\"Index card 3x5in.\",\"height_microns\":127000,\"name\":\"NA_INDEX_3X5\",\"vendor_id\":\"169\",\"width_microns\":76200},{\"custom_display_name\":\"No. 6 3/4 Envelope\",\"height_microns\":165100,\"name\":\"NA_PERSONAL\",\"vendor_id\":\"171\",\"width_microns\":92200},{\"custom_display_name\":\"Index card 5x8in.\",\"height_microns\":203200,\"name\":\"NA_INDEX_5X8\",\"vendor_id\":\"172\",\"width_microns\":127000},{\"custom_display_name\":\"Ofuku Hagaki\",\"height_microns\":199800,\"name\":\"JPN_OUFUKU\",\"vendor_id\":\"173\",\"width_microns\":148000}]},\"page_orientation\":{\"option\":[{\"is_default\":true,\"type\":\"PORTRAIT\"},{\"type\":\"LANDSCAPE\"},{\"type\":\"AUTO\"}]},\"supported_content_type\":[{\"content_type\":\"application/pdf\"}]},\"version\":\"1.0\"},\"selectedDestinationName\":\"HP6676F7 (HP Officejet J4680 series)\",\"mediaSize\":{\"custom_display_name\":\"Letter\",\"height_microns\":279400,\"is_default\":true,\"name\":\"NA_LETTER\",\"vendor_id\":\"1\",\"width_microns\":215900}}"}},"profile":{"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{"https://www.youtube.com:443,https://www.youtube.com:443":{"setting":1}},"geolocation":{},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{},"popups":{},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"https://www.youtube.com:443,https://www.youtube.com:443":{"fullscreen":1}},"pref_version":1},"created_by_version":"35.0.1916.153","exit_type":"Normal","exited_cleanly":true,"icon_version":3,"managed_user_id":"","migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Firstuser","per_host_zoom_levels":{}},"protection":{"macs":{}},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13048517670653135"},"settings":{"privacy":{"drm_salt":"7DAF463AE6F2DA27AE51B7C0A93BB0D02897979278374173A2A0C0DD49A97FCE"}},"sync_promo":{"startup_count":10},"translate_blocked_languages":["en"],"translate_whitelists":{}} let.google.com/","https://wallet-web.sandbox.google.com/","https://www.google.com/","https://www.googleapis.com/*"],"update_url":"https://clients2.google.com/service/update2/crx","version":"0.1.1.0"},"path":"nmmhkkegccagdldgiimedpiccmgmieda\\0.1.1.0_0","preferences":{},"regular_only_preferences":{},"running":false,"state":1,"was_installed_by_default":true,"was_installed_by_oem":false},"pafkbggdmjlpgkdkcbjmhmfcdpncadgh":{"active_permissions":{"api":["alarms","gcm","identity","metricsPrivate","notifications","storage","tabs","webstorePrivate"],"explicit_host":["*://*.google.com/*","*://*.gstatic.com/*","https://*.googleapis.com/*","https://*.googleusercontent.com/*"],"manifest_permissions":[]},"content_settings":[],"creation_flags":1,"events":["alarms.onAlarm","gcm.onMessage","identity.onSignInChanged","notifications.onButtonClicked","notifications.onClicked","notifications.onClosed","notifications.onPermissionLevelChanged","notifications.onShowSettings","pushMessaging.onMessage","runtime.onInstalled","runtime.onStartup","runtime.onSuspend","storage.onChanged"],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13048525384657718","location":5,"manifest":{"background":{"persistent":false,"scripts":["utility.js","cards.js","background.js"]},"description":"IntegratesGoogle Now into Chrome.","icons":{"128":"images/icon128.png","16":"images/icon16.png","48":"images/icon48.png"},"key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhqJr32OFD/bMXW4Md7jMfd7LbwHXVc6x5bBQG5U+dloofoxrICDR20yur/40mQ8O//0sS1b8srvbab1CRlSrxoNCr9T80NAkfzx0gHyVS+p1Zow+1FzLMu9PiGwwFyN80HIB7GI/dIa0wC9K/2OrrzcHEhVH96DacTtWQqjfDVtZPjT7Xwv23dgoWcpbkRC86jMJot3dmX9xnn0KzoVc9gDOHSIkBLbkkr6Sp3LGXCCM4L0DJgxdFwaLr5WBzgC3y5x0/wwPIwN4PtIaK3BhH6njlksfnKwwIJ9iRT41V4BqbWu4mszO/7VJ3HJyw2DBpIc2grU9ZRRxrV3fRQG4wIDAQAB","manifest_version":2,"name":"Google Now","oauth2":{"auto_approve":true,"scopes":["https://www.googleapis.com/auth/googlenow"]},"optional_permissions":["background"],"permissions":["alarms","identity","metricsPrivate","notifications","pushMessaging","storage","tabs","webstorePrivate","\u003Call_urls>"],"version":"1.2.0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\35.0.1916.153\\resources\\google_now","preferences":{},"regular_only_preferences":{},"was_installed_by_default":false,"was_installed_by_oem":false},"pjkljhegncpnkpknbcohdijeoejaedia":{"ack_external":true,"active_permissions":{"api":["notifications"],"manifest_permissions":[]},"app_launcher_ordinal":"x","commands":{},"content_settings":[],"creation_flags":137,"events":[],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["notifications"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13080682435387499","lastpingday":"13080726011904612","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"https://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"en_US","default_locale":"en","description":"Fast, searchable email with less spam.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","manifest_version":2,"name":"Gmail","options_page":"https://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"http://clients2.google.com/service/update2/crx","version":"8.1"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"1001F5640A953A5D086A090017622E2187961DD3D2087D7595BD5C8EE029AA3B"},"default_search_provider":{"keyword":"4627E3D4A8B5F1B916551AF358D153398B3B3A3944A743AE76A2459DD3F49B1B","name":"21F1619AEA5A935701D6B08F47C969BA29938020172026DF5E79C2C36C11F745","search_url":"3E12220E278B45787D436180D87C2769A25386E8969D6F45B22BC69FDCB3B881"},"default_search_provider_data":{"template_url_data":"0A93A7184365FAAC2AAFB2D4962CD46BBA4BF690B0CB87D537BFF4295D593BF8"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"08EDF4EEDDCD784AFA3796114941228143712047915F5D584A0259626CF9CE91","aohghmighlieiainnegkcijnfilokake":"A613A5A4E8DB7A433854F426F6BB1E4D2D848F48EA8AF1342F51E107449A871D","apdfllckaahabafndbhieahigkjlhalf":"D3FF13EA5A3BC5ACA47A44A3B49DC64BEA4A9112BCA977FDC319DDFC5F0433A3","bepbmhgboaologfdajaanbcjmnhjmhfn":"47674854842EB6BA4243051A4992DEA32E80B124DD9B3E1880FCD604D7D91529","blpcfgokakmgnkcojhhkbfbldkacnbeo":"6A3D696F206A71021D4295F3AE7C676663F545268F8AE869ED03E7F923ECBA16","coobgpohoikkiipiblmjeljniedjpjpf":"82413CB0DC4C90B518948FC0E56FBAC7D4B96A1AE9460016D84CC6EDAB97BC4E","dnhpdliibojhegemfjheidglijccjfmc":"D49F04C480B2574202F250BFB765FCD9389D63F879E7B9B43B142637FFA9CE66","eemcgdkfndhakfknompkggombfjjjeno":"C704B0B7604A6DA20DD21CE7B523FF0C54D5D800D3E1E745E396EA922FAADD84","ennkphjdgehloodpbhlhldgbnhmacadg":"222644A55E9E33779DDFB9C6F25EC33FEA75B1793E0EBB604CC64173A02B01A9","gfdkimpbcpahaombhbimeihdjnejgicl":"A4B451D8EA05D865E6F86D1E48F0A7A8527807265CC3418611877E6E17A7D72E","kmendfapggjehodndflmmgagdbamhnfd":"107585A49AF7BC319903CDC22F95A020B0583C1CE76A2DA184C4823E5929AC83","lccekmodgklaepjeofjdjpbminllajkg":"5E6342C9E6F3E475ECD73A9D594A40D10EC633D628D39EE5C7BDD57CE6EB74A5","mfehgcgbbipciphmccgaenjidiccnmng":"12B74E6621E4A9AD656BF66490F256DABA43DA929CC201A268935D308C6BDD7A","mfffpogegjflfpflabcdkioaeobkgjik":"CED74CD6D3C859555676D1037B60A0F1A3D14D19451F1E0C92383743F0AC3485","mgndgikekgjfcpckkfioiadnlibdjbkf":"DB67B8E5BEBAE1561EC2A0CC669CFF360EA19EA7DE3B496065C8760763CB8519","mhjfbmdgcfjbbpaeojofohoefgiehjai":"F364BCC0C38E476BD6D97F6E9BCFD17DA7B5312B421F419B152AF9A4FFEE7E99","nbpagnldghgfoolbancepceaanlmhfmd":"C4BE008B3443DA015CA1739169E697E5DEA6A96B35280ED5FA838F482A006227","neajdppkdcdipfabeoofebfddakdcjhd":"434EC733F5F43C8501FFDF29968769C897222C7123F302E77177F63956D74083","nkeimhogjdpnpccoofpliimaahmaaome":"F723ABE9852C076B249D8ECD2245C52DFDF2F34A15E69B1BCCCAC9DE19F09F75","nmmhkkegccagdldgiimedpiccmgmieda":"0256CA505452E1C72F897D3ADD02713F06CB04D165908ABBC8B50BDDE60BE10D","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"894F68BBB1BDAC02C28EB26FD5E724FDC5B2CD5B111862BC9869D2F7B1D8BD47","pjkljhegncpnkpknbcohdijeoejaedia":"64C42445D79289125F0F76A334EC22B7F6653F02C600750BC5264B45C4EFC142"}},"google":{"services":{"last_username":"2443B4B1E8483969A8793E688AD8D545724C2C29723E13998F74A3F5ACB43914","username":"ABF21DCE9B65566E6B4342B8B756DA0E9C18DF5B7203FF741CCE37704ADC3C6A"}},"homepage":"E70CD67B7C157C85AC13DBE0EBBCB19E0F4C1964CA80ADF583A3E950BDDE8ED7","homepage_is_newtabpage":"8DD91D45398D11FBEAA522EE798BD803AF6D4EFF02613B32D888EF84EAD90892","pinned_tabs":"ABBCAF7B14102307DFFDC120895205AB1EA5C050A53AC4989D68320721430E4C","prefs":{"preference_reset_time":"F2848AA681BB3B4987E713B9F4E8AEDEAB8CF1E794854EDFD5CDE7DC10C98EA0"},"profile":{"reset_prompt_memento":"707EA13DABA2EF2655E64AFBB0DB97CD7911954F3916B83AB7A6EA43EF9228EE"},"safebrowsing":{"incidents_sent":"A88C3330D98437CA294C42E1EEA144AC4882119C813682013C3459D79C77795B"},"search_provider_overrides":"5543D300B1131CA2D86EFE422BCC47A9801316556296311E57E8997568E822C9","session":{"restore_on_startup":"F51A7D73A61877826492F110250FE685DBF0C7009CF33B6DF8CD9F85296D343E","startup_urls":"B4ED088D82487A5D863DE4521E42C6FDB752421878723E444A6DD7ED3E9FF896"},"software_reporter":{"prompt_reason":"342BD00BDDD34D8231088CAD4045FC357E53238D59B9A185A80CC4C2A2639587","prompt_seed":"DCE4B85418CC56F13C00FF0A58B59DA52755954B89B0F0762F94512CD3F2FC25","prompt_version":"3D13246559DB5C92FCDAE70E2815AA1ECEB41175BA38A03598DDA6DC20DA0A9F"},"sync":{"remaining_rollback_tries":"00A44AC67AD32877AC3D3B6A677AF4E5BD371C752128B5832688435DBF9A6CBA"}},"super_mac":"4FAAC01FB18E91FBEED358AFE728A9B37618599FD9A984CB92D654204488717C"},"sync":{"remaining_rollback_tries":0}} C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Preferences0,\"vendor_id\":\"165\",\"width_microns\":111100},{\"custom_display_name\":\"Envelope A2\",\"height_microns\":146000,\"name\":\"JPN_CHOU2\",\"vendor_id\":\"166\",\"width_microns\":110900},{\"custom_display_name\":\"Hagaki 100x148mm\",\"height_microns\":148000,\"name\":\"JPN_HAGAKI\",\"vendor_id\":\"167\",\"width_microns\":100000},{\"custom_display_name\":\"Borderless hagaki 100x148mm\",\"height_microns\":148100,\"name\":\"JPN_HAGAKI\",\"vendor_id\":\"168\",\"width_microns\":100100},{\"custom_display_name\":\"Index card 3x5in.\",\"height_microns\":127000,\"name\":\"NA_INDEX_3X5\",\"vendor_id\":\"169\",\"width_microns\":76200},{\"custom_display_name\":\"No. 6 3/4 Envelope\",\"height_microns\":165100,\"name\":\"NA_PERSONAL\",\"vendor_id\":\"171\",\"width_microns\":92200},{\"custom_display_name\":\"Index card 5x8in.\",\"height_microns\":203200,\"name\":\"NA_INDEX_5X8\",\"vendor_id\":\"172\",\"width_microns\":127000},{\"custom_display_name\":\"Ofuku Hagaki\",\"height_microns\":199800,\"name\":\"JPN_OUFUKU\",\"vendor_id\":\"173\",\"width_microns\":148000}]},\"page_orientation\":{\"option\":[{\"is_default\":true,\"type\":\"PORTRAIT\"},{\"type\":\"LANDSCAPE\"},{\"type\":\"AUTO\"}]},\"supported_content_type\":[{\"content_type\":\"application/pdf\"}]},\"version\":\"1.0\"},\"selectedDestinationName\":\"HP6676F7 (HP Officejet J4680 series)\",\"isDuplexEnabled\":false,\"mediaSize\":{\"custom_display_name\":\"Letter\",\"height_microns\":279400,\"is_default\":true,\"name\":\"NA_LETTER\",\"vendor_id\":\"1\",\"width_microns\":215900},\"dpi\":{\"horizontal_dpi\":600,\"is_default\":true,\"vertical_dpi\":600},\"selectedDestinationExtensionId\":\"\"}"}},"profile":{"avatar_bubble_tutorial_shown":1,"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{"https://[*.]www.khanacademy.org:443,*":{"setting":1},"https://[*.]www.youtube.com:443,*":{"setting":1},"https://vimeo.com:443,https://vimeo.com:443":{"setting":1}},"geolocation":{"http://bindingofisaacrebirth.gamepedia.com:80,http://bindingofisaacrebirth.gamepedia.com:80":{"setting":1},"https://www.peiwei.com:443,https://www.peiwei.com:443":{"setting":1}},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{"https://www.google.com:443,*":{"setting":1}},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{"[*.]web.roblox.com,*":{"setting":1},"[*.]www.roblox.com,*":{"setting":1}},"popups":{"https://[*.]my.hrw.com:443,*":{"setting":1}},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"[*.]web.roblox.com,*":{"plugins":1},"[*.]www.roblox.com,*":{"plugins":1},"http://bindingofisaacrebirth.gamepedia.com:80,http://bindingofisaacrebirth.gamepedia.com:80":{"geolocation":1,"last_used":{"geolocation":1429972520.755725}},"https://[*.]my.hrw.com:443,*":{"popups":1},"https://[*.]www.khanacademy.org:443,*":{"fullscreen":1},"https://[*.]www.youtube.com:443,*":{"fullscreen":1},"https://vimeo.com:443,https://vimeo.com:443":{"fullscreen":1},"https://www.google.com:443,*":{"last_used":{"media-stream-mic":1429470270.991902},"media-stream-mic":1},"https://www.peiwei.com:443,https://www.peiwei.com:443":{"geolocation":1,"last_used":{"geolocation":1425162054.95262}}},"plugin_whitelist":{"npsitesafety":{"dll":true}},"pref_version":1},"created_by_version":"35.0.1916.114","exit_type":"SessionEnded","exited_cleanly":true,"gaia_info_picture_url":"https://lh5.googleusercontent.com/-haBLRz9eYLg/AAAAAAAAAAI/AAAAAAAAAV8/RTukSYhljaQ/s256-c/photo.jpg","gaia_info_update_time":"13084136882185926","icon_version":3,"managed_user_id":"","managed_users":{},"migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Firstuser","password_manager_groups_for_domains":[0,null,null,null,null,null,4],"per_host_zoom_levels":{}},"protection":{"macs":{}},"reverse_autologin":{"enabled":false},"safebrowsing":{"extended_reporting_enabled":false},"savefile":{"default_directory":"C:\\Users\\mooke_000\\Pictures","type":1},"selectfile":{"last_directory":"C:\\Users\\mooke_000\\Pictures"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13046482681127931"},"sync":{"app_list":true,"app_settings":true,"apps":true,"autofill":true,"autofill_profile":true,"autofill_wallet":true,"bookmarks":true,"dictionary":false,"encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA3c20YGNsc0OIiLhFdncglAAAAAACAAAAAAAQZgAAAAEAACAAAACXWDDZBcM+eA+9P7B1N7al7F/V1Z9Jg3oO2m/usZpr4QAAAAAOgAAAAAIAACAAAABtuVcmP1Y9WtoUIc1l1WRhI6lMc/EFEil2hw77LJTlbEAAAADAb3umj9ZM7Ux+OBqDYDOtcf8xR7sq/0rMxL1x4KFUBbbT8uMJhnb/GTOdmTML986xXtvOmQMCXlGZv1rwVri7QAAAAENcSY2Cg9AkE8Sx/UNVdHgBDLUw2gKJgeATZSabWRD6mNuNoniwlQdEp/hN/FTcEgalCRnsz/EAAQWfSveYP/I=","extension_settings":true,"extensions":true,"favicon_images":true,"favicon_tracking":true,"first_sync_time":"13055118736362832","has_setup_completed":true,"history_delete_directives":true,"keep_everything_synced":false,"keystore_encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA3c20YGNsc0OIiLhFdncglAAAAAACAAAAAAAQZgAAAAEAACAAAABNihHORacbJ504tbQtQopqD+WLIXt9lc5vwdFr7w8BLgAAAAAOgAAAAAIAACAAAAA9lPQWe0t5g7t2JhbyRoOFmfylRC30usGuzi66W7duWlAAAACj/yFZFmAHazLdalM2L8ZNwkmIVrRngESxtVm9oieUQ0dftoDB2aUROzZNA1gZnpVzDcqLQ0Xs27DojW3jZI+e5c9/ho+MtM7YtMFHaMrQ2UAAAABrDffZGWplmjjd2zfnOzh3MA6htoMFwy3v2AePFzXXx8H6agIOZfgQIvxbk7jahTxIbIENIvSqIbR7u6v/gCIy","last_synced_time":"13084219126304698","managed_user_settings":true,"managed_user_shared_settings":true,"managed_user_whitelists":true,"managed_users":true,"memory_warning_count":0,"passwords":true,"preferences":false,"priority_preferences":false,"search_engines":false,"session_sync_guid":"session_syncJLfaPHsGBIo9FLR1s53yZw==","sessions":true,"shutdown_cleanly":false,"suppress_start":false,"synced_notifications":true,"tabs":true,"themes":true,"typed_urls":true},"sync_promo":{"startup_count":1},"synced_notification":{"first_run":false},"translate_accepted_count":{"de":0,"en":0,"pt":0},"translate_blocked_languages":["en"],"translate_denied_count":{"en":1,"pt":1},"translate_denied_count_for_language":{"de":2,"en":1},"translate_last_denied_time":1425932860295.626,"translate_last_denied_time_for_language":{"de":1439684030402.555,"en":1438018787678.093},"translate_too_often_denied":true,"translate_whitelists":{},"zerosuggest":{"cachedresults":""}} C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Preferences.]upload.wikimedia.org,*":{"plugins":1},"[*.]www.cvsphoto.com,*":{"plugins":1},"[*.]www.ers-srl.com,*":{"plugins":1},"[*.]www.impactwrestling.com,*":{"fullscreen":1},"[*.]www.java.com,*":{"plugins":1},"[*.]www.myfoxdfw.com,*":{"plugins":1},"[*.]www.scholastic.com,*":{"plugins":1},"[*.]www.youtube.com,*":{"fullscreen":1},"http://192.168.1.85:8080,*":{"plugins":1},"http://maps.google.com:80,http://maps.google.com:80":{"geolocation":1},"http://touch.facebook.com:80,http://touch.facebook.com:80":{"geolocation":1},"http://www.greatclips.com:80,http://www.greatclips.com:80":{"geolocation":1},"http://www.wunderground.com:80,http://www.wunderground.com:80":{"geolocation":1},"http://www.zoomzoomzen.com:80,http://www.zoomzoomzen.com:80":{"geolocation":1},"https://[*.]download.citrixonline.com:443,*":{"plugins":1},"https://[*.]eft1.feps.cms.gov:443,*":{"plugins":1},"https://[*.]mail.google.com:443,*":{"popups":1},"https://[*.]plus.google.com:443,*":{"fullscreen":1},"https://[*.]qbo.intuit.com:443,*":{"popups":1},"https://[*.]us-mg205.mail.yahoo.com:443,*":{"multiple-automatic-downloads":1},"https://[*.]www.facebook.com:443,*":{"fullscreen":1},"https://app.mysms.com:443,*":{"notifications":1},"https://foursquare.com:443,https://foursquare.com:443":{"geolocation":1},"https://maps.google.com:443,https://maps.google.com:443":{"geolocation":1},"https://plus.google.com:443,https://plus.google.com:443":{"geolocation":1},"https://www.google.com:443,*":{"media-stream-mic":1}},"plugin_whitelist":{"npsitesafety":{"dll":true}},"pref_version":1},"created_by_version":"35.0.1916.114","default_content_setting_values":{"plugins":3},"default_content_settings":{"plugins":3},"exit_type":"Crashed","exited_cleanly":true,"gaia_info_update_time":"13084230345153625","icon_version":3,"is_managed":false,"managed_user_id":"","managed_users":{},"migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Firstuser","password_manager_groups_for_domains":[1],"per_host_zoom_levels":{}},"protection":{"macs":{}},"reverse_autologin":{"enabled":false},"savefile":{"default_directory":"C:\\Users\\Web\\Desktop"},"selectfile":{"last_directory":"C:\\Users\\Web\\Google Drive\\TQF\\Quickbooks\\Invoices"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13046643098031463"},"settings":{"privacy":{"drm_salt":"59D990A4BCF6D7DA80F0CE8659C908FC2FA5F4DE5A020533B694B6C1AAE84E44"}},"signin":{"signedin_time":"13064261698391182"},"sync":{"app_list":true,"app_settings":true,"apps":true,"autofill":true,"autofill_profile":true,"bookmarks":true,"dictionary":true,"encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAABysDQll0iEqH4Npf5cRrEwAAAAACAAAAAAAQZgAAAAEAACAAAAC7P9C05ipXTOzF0l4BjbyY/Ou+t3xd+MW8UJa3TaLU9gAAAAAOgAAAAAIAACAAAACBXditQkETqm6P+Nr7VpGS/WDlqtLRirKMehnoAMeBUkAAAABkKc1TGWikSPgQaBuy0LhefntKyg7j88fyOXLTugXGdbTeAp4cXzoKNi0BORaRe8kgKORe7mUa19RLcdepVn5vQAAAAFLuwP++8xk2K21Iq9GGF9W0HMVmSsAQfIEC5xeCpG1adaIH2GEK4YXVnyKN7xf/DRTHDQvytIhh7jG5snxzSaM=","extension_settings":true,"extensions":true,"favicon_images":true,"favicon_tracking":true,"first_sync_time":"13054232150315396","has_auth_error":true,"has_setup_completed":true,"history_delete_directives":true,"keystore_encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAABysDQll0iEqH4Npf5cRrEwAAAAACAAAAAAAQZgAAAAEAACAAAADabq7neynTCsZSn2NcWnNZ2SiNs1cdZ5fH16xV5JuVdQAAAAAOgAAAAAIAACAAAACK/KfwkrmTwJaHOt81rnX5WIz+9eX0cTcvAXKKGiWQtlAAAAALJILtIyo3gY/C9xlIauvuEtBrhjngB4+DJoBKNfWG3NLjbXEWYfm9YFADQnraWxrgpl52a6mWaoesox1FyrLiZB9guUGzeKIPPH8nBoY6uUAAAAC80pZOS4wt7GHJTqpvmMl84Bxp6QHQjHJ0oHgPPYAzm0TA59TUhfsiOHEdTwNzUZKEDL06TvfwuvzbVjNhk35c","last_synced_time":"13084231929936078","managed_user_settings":true,"managed_user_shared_settings":true,"managed_user_whitelists":true,"managed_users":true,"memory_warning_count":0,"passwords":true,"preferences":true,"priority_preferences":true,"search_engines":true,"session_sync_guid":"session_sync3Hda8RkRlmSyGv3B4D4+Uw==","sessions":true,"shutdown_cleanly":false,"suppress_start":false,"synced_notifications":true,"tabs":true,"themes":true,"typed_urls":true},"sync_promo":{"startup_count":1},"synced_notification":{"first_run":false},"translate_accepted_count":{"ar":0,"de":0,"es":0,"fr":0,"ga":0,"it":0,"ja":0,"zh-CN":1},"translate_blocked_languages":["en"],"translate_denied_count":{"ar":1,"de":6,"es":1,"fr":1,"ga":1,"it":1,"ja":1,"zh-CN":0},"translate_whitelists":{}} rdinal":"yz","commands":{},"content_settings":[],"creation_flags":137,"events":[],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["notifications"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13072631273697629","lastpingday":"13084182008088314","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"https://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"en_US","default_locale":"en","description":"Fast,searchable email with less spam.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","manifest_version":2,"name":"Gmail","options_page":"https://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"http://clients2.google.com/service/update2/crx","version":"8.1"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"google":{"services":{"account_id":"webmayfield@gmail.com","last_username":"web.mayfield@gmail.com"}},"homepage":"http://www.google.com/","homepage_is_newtabpage":true,"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"65BADC5D1501ECD4D65663C5467DD7BF9B6F0446D827D2F025DD707623BA857F"},"default_search_provider":{"keyword":"4627E3D4A8B5F1B916551AF358D153398B3B3A3944A743AE76A2459DD3F49B1B","name":"21F1619AEA5A935701D6B08F47C969BA29938020172026DF5E79C2C36C11F745","search_url":"3E12220E278B45787D436180D87C2769A25386E8969D6F45B22BC69FDCB3B881"},"default_search_provider_data":{"template_url_data":"0A93A7184365FAAC2AAFB2D4962CD46BBA4BF690B0CB87D537BFF4295D593BF8"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"B6107F2D9A072209447B33FA798172D801E0412049B11B512A6CDE824B8A7529","aohghmighlieiainnegkcijnfilokake":"0F042CD37D8FB8F306707D2397DDECD0C4947041B9E86C06BB07517E7AFA3E51","apdfllckaahabafndbhieahigkjlhalf":"8BB61460FCE6C2828FCC2A697A43C21D0349A26096138EE65E1CA02D28163A2A","bepbmhgboaologfdajaanbcjmnhjmhfn":"47674854842EB6BA4243051A4992DEA32E80B124DD9B3E1880FCD604D7D91529","bjnkloegafmkhgpjglcbldhaokjpandj":"24B7938329DE9AB10D8EB57F4432D4CA85ED931F065EBFECDFDB5495D92AD039","blpcfgokakmgnkcojhhkbfbldkacnbeo":"22139B7B65EDE4847312DF97FC3722B6F90659D55CF8EF5E8E62DF3B2339077E","boadgeojelhgndaghljhdicfkmllpafd":"73D5B8D187F59352EA46565961F0BED380A113A29001BC18A08E0B6619080351","coobgpohoikkiipiblmjeljniedjpjpf":"C34BAE37B055302D69149EC8E3D699B04BA5552FDD2B6837C35B2FFAE0A71994","djflhoibgkdhkhhcedjiklpkjnoahfmg":"D6482010194852602F7A636C298AA3D67140CF17E1B3B11507BD131001DF75EC","dllkocilcinkggkchnjgegijklcililc":"546C26621826802FEE766EF2A43B27E57E7E8BAB7DFE9820FD0BF83130452C7C","dlppkpafhbajpcmmoheippocdidnckmm":"BDD9595E4C53216BA27836B5602894113C6AB15950A9DCCD8343F457ECA86430","dnhpdliibojhegemfjheidglijccjfmc":"685E39C2C9269C636E59996E7A838DC9B29A2398995329C03D65872663118565","eemcgdkfndhakfknompkggombfjjjeno":"530B32C8EBBF29AEA3C0F50A7A1734E414ADD6445530B108C880B6FF4EF542E2","ennkphjdgehloodpbhlhldgbnhmacadg":"3F8610C6B800C2EFDB30766339C4A9DA9877C668E14BD6CAFA60A2BF9B526046","fahmaaghhglfmonjliepjlchgpgfmobi":"3F045871383505DAF83D7D8D04AE341E03F2600B11771995AA1CA21E19B5E924","gfdkimpbcpahaombhbimeihdjnejgicl":"CA550D1D921B95D364C464B73221603E801C2B91D018909C439DBD59268D2E44","hfdkmfjikkdbfkeikhenooopdpgpighd":"2223254B195EC962CAA30CF6D6966163F31F87BA6E987C55B8601DB7913DE2C2","jgoepmocgafhnchmokaimcmlojpnlkhp":"F2E03714FC04A45720D46BE1AD370D3A82B0F936595BF9EB4BA3597F5CCC0A99","kcnhkahnjcbndmmehfkdnkjomaanaooo":"3BDD816FF4B8BCD00A40E8916791450962FA112132F9E727CDBFD9F440DD6AD8","kmendfapggjehodndflmmgagdbamhnfd":"7DA3D4A52199148665E96723FB35BA12F2A2D84D55EB1C49FC8391ACDC334410","lccekmodgklaepjeofjdjpbminllajkg":"775537ACA5C4C1C18D476F16E8D1030E240A8868EC18AB816241F5E4C0D39401","lmjegmlicamnimmfhcmpkclmigmmcbeh":"715EC4B6BECA7332668A3304652F45CECD10A3C2A25B8A9C59C22BF65630101C","mdanidgdpmkimeiiojknlnekblgmpdll":"842C8DCAA3001FC325D87A7FDDFA437A62D780D8B69A2957938A39CF8E8E96E2","mfehgcgbbipciphmccgaenjidiccnmng":"5C80B580DBB982C14B45674368361E583ACF0A574D126100A12399FD3D829D20","mfffpogegjflfpflabcdkioaeobkgjik":"759EE9E3372C947413F64FB15B6308E3A69AB1FD3CF712407371CD9814576107","mgndgikekgjfcpckkfioiadnlibdjbkf":"7A3EC114C0D2F79E3349AF0C54F634BB98BA2E0CE4A1FFBAA552D8E32846EE27","mhjfbmdgcfjbbpaeojofohoefgiehjai":"E95ABB8B93739A6015EE2DF7EFF757F91E1695086C9041BC4A558AB035D5EA3F","nbpagnldghgfoolbancepceaanlmhfmd":"B94B07C11F64F233DB195F0011F69622336631975198319386B380F9429EA7B8","neajdppkdcdipfabeoofebfddakdcjhd":"B89658BF64A54A38918B07ACF7502E90AFDCDF5A8AFA8C049CF592756DF3FF86","nkeimhogjdpnpccoofpliimaahmaaome":"307952EE0534A61DF57AB555019973E56E760DB074BF08D0926F42E7545C5902","nmmhkkegccagdldgiimedpiccmgmieda":"6CA943D13464F83F998229545559436F6DA7C0E97E3FADD5168075963B95DA8B","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"AD7B7D2A8C248F0231757133EA951BF13B9B16EAFC98194B938B06B948A243E4","pjkljhegncpnkpknbcohdijeoejaedia":"47300CC856F3DC3D64632DD401F97CCA91C0345297FA52F676BAE67E11F8B0B4"}},"google":{"services":{"account_id":"2DEA2A1D1F6A46EFF112275EC09EB4AFDC139464F18221DFACC68AF2DFA27EEC","last_username":"F07B1FA68E7CEBE93EFA36CAF7FDD0E17256AF79EB14BF483C9B6D9DCB379DEC","username":"ABF21DCE9B65566E6B4342B8B756DA0E9C18DF5B7203FF741CCE37704ADC3C6A"}},"homepage":"85AED5E2968F2119291464B4E3080A1799E7EE6F4683DCF517D9013A316B9C62","homepage_is_newtabpage":"DEB34DF8DD4A0E6BB9F014EF459F2268BB76FD2545795EB33C7BE39B003E5F5F","pinned_tabs":"ABBCAF7B14102307DFFDC120895205AB1EA5C050A53AC4989D68320721430E4C","prefs":{"preference_reset_time":"F2848AA681BB3B4987E713B9F4E8AEDEAB8CF1E794854EDFD5CDE7DC10C98EA0"},"profile":{"reset_prompt_memento":"707EA13DABA2EF2655E64AFBB0DB97CD7911954F3916B83AB7A6EA43EF9228EE"},"safebrowsing":{"incidents_sent":"A88C3330D98437CA294C42E1EEA144AC4882119C813682013C3459D79C77795B"},"search_provider_overrides":"5543D300B1131CA2D86EFE422BCC47A9801316556296311E57E8997568E822C9","session":{"restore_on_startup":"E9CF315FBDA1E78D0BD435F88C87E882AD7C63CF982A7DC35E325D886ACFE320","startup_urls":"B4ED088D82487A5D863DE4521E42C6FDB752421878723E444A6DD7ED3E9FF896"},"software_reporter":{"prompt_reason":"342BD00BDDD34D8231088CAD4045FC357E53238D59B9A185A80CC4C2A2639587","prompt_seed":"DCE4B85418CC56F13C00FF0A58B59DA52755954B89B0F0762F94512CD3F2FC25","prompt_version":"3D13246559DB5C92FCDAE70E2815AA1ECEB41175BA38A03598DDA6DC20DA0A9F"},"sync":{"remaining_rollback_tries":"00A44AC67AD32877AC3D3B6A677AF4E5BD371C752128B5832688435DBF9A6CBA"}},"super_mac":"5C4D1519F0F7EA02D310DAB341A99F2C761E6BF724A90906304D98CE30C27522"},"session":{"restore_on_startup":1},"sync":{"remaining_rollback_tries":0}} ==== Chromium Fix ====================== C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricsbay.com_0.localstorage deleted successfullyC:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricsbay.com_0.localstorage-journal deleted successfullyC:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage deleted successfullyC:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage-journal deleted successfullyC:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfullyC:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfullyC:\Users\pauli_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.aadvantageeshopping.com_0.localstorage deleted successfullyC:\Users\pauli_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.aadvantageeshopping.com_0.localstorage-journal deleted successfullyC:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfullyC:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfullyC:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mediaservices-d.openxenterprise.com_0.localstorage deleted successfullyC:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mediaservices-d.openxenterprise.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://www.msn.com/?pc=MSE1" New Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://www.msn.com/?pc=MSE1" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS"{D944BB61-2E34-4DBF-A683-47E505C587DC} eBay Url="http://rover.ebay.com/rover/1/711-154371-11896-2/4" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4 deleted successfullyHKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfullyHKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D} deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4 deleted successfully ==== Empty IE Cache ====================== C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\aklyk_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\Users\aklyk_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfullyC:\Users\halca_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\Users\halca_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfullyC:\Users\mooke_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\Users\mooke_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfullyC:\Users\pauli_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\Users\pauli_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfullyC:\Users\Web\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\Users\Web\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfullyC:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\Users\aklyk_000\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfullyC:\Users\aklyk_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfullyC:\Users\halca_000\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfullyC:\Users\halca_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfullyC:\Users\mooke_000\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfullyC:\Users\mooke_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfullyC:\Users\pauli_000\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfullyC:\Users\pauli_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfullyC:\Users\Web\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfullyC:\Users\Web\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfullyC:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfullyC:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\aklyk_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfullyC:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfullyC:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfullyC:\Users\pauli_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfullyC:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=49 folders=36 20196232 bytes) ==== Empty Temp Folders ====================== C:\Users\aklyk_000\AppData\Local\Temp emptied successfullyC:\Users\Default\AppData\Local\Temp emptied successfullyC:\Users\Default User\AppData\Local\Temp emptied successfullyC:\Users\halca_000\AppData\Local\Temp emptied successfullyC:\Users\mooke_000\AppData\Local\Temp emptied successfullyC:\Users\pauli_000\AppData\Local\Temp emptied successfullyC:\Users\Web\AppData\Local\Temp will be emptied at rebootC:\windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at rebootC:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfullyC:\windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\windows\Temp successfully emptiedC:\Users\Web\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found ==== EOF on Sun 08/16/2015 at 16:06:18.43 ======================
-
Here is the fixlog.txt from FRST. Fix result of Farbar Recovery Scan Tool (x64) Version:16-08-2015Ran by Web (2015-08-16 16:12:30) Run:1Running from C:\Users\Web\DesktopLoaded Profiles: Web (Available Profiles: Web & pauli_000 & mooke_000 & halca_000 & aklyk_000)Boot Mode: Normal============================================== fixlist content:*****************CreateRestorePoint:HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /bootAppInit_DLLs: C:\ProgramData\FlashBeat\FlashBeat64.dll => C:\ProgramData\FlashBeat\FlashBeat64.dll File not foundAppInit_DLLs-x32: C:\ProgramData\FlashBeat\FlashBeat32.dll => "C:\ProgramData\FlashBeat\FlashBeat32.dll" File not foundGroupPolicy: Group Policy on Chrome detected <======= ATTENTIONCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONC:\ProgramData\FlashBeatHKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONWinsock: Catalog9-x64 01 C:\windows\system32\WeWatcherLSP64.dll File Not ' & $found1 & 'Winsock: Catalog9-x64 02 C:\windows\system32\WeWatcherLSP64.dll File Not ' & $found1 & 'Winsock: Catalog9-x64 03 C:\windows\system32\WeWatcherLSP64.dll File Not ' & $found1 & 'Winsock: Catalog9-x64 04 C:\windows\system32\WeWatcherLSP64.dll File Not ' & $found1 & 'Winsock: Catalog9-x64 05 C:\windows\system32\Uiviuuj64.dll File Not ' & $found1 & 'Winsock: Catalog9-x64 06 C:\windows\system32\Uiviuuj64.dll File Not ' & $found1 & 'Winsock: Catalog9-x64 07 C:\windows\system32\Uiviuuj64.dll File Not ' & $found1 & 'Winsock: Catalog9-x64 08 C:\windows\system32\Uiviuuj64.dll File Not ' & $found1 & 'Winsock: Catalog9-x64 19 C:\windows\system32\Uiviuuj64.dll File Not ' & $found1 & 'Winsock: Catalog9-x64 20 C:\windows\system32\WeWatcherLSP64.dll File Not ' & $found1 & 'cmd: netsh winsock resetCHR HKU\S-1-5-21-2744511804-60897879-1795108344-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.goo...ice/update2/crxS3 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]S4 McMPFSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]S1 gaeymoun; \??\C:\windows\system32\drivers\gaeymoun.sys [X]S1 gilobxrb; \??\C:\windows\system32\drivers\gilobxrb.sys [X]S1 ktoqvcqe; \??\C:\windows\system32\drivers\ktoqvcqe.sys [X]S1 rixyksrm; \??\C:\windows\system32\drivers\rixyksrm.sys [X]2015-08-15 10:12 - 2015-08-15 10:12 - 00001968 _____ C:\Users\pauli_000\Desktop\YTDownloader.lnk2015-08-15 10:12 - 2015-08-15 10:12 - 00000000 ____D C:\Users\pauli_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloaderC:\Users\mooke_000\AppData\Local\Temp\SkypeSetup.exeC:\Users\pauli_000\AppData\Local\Temp\UNINSTALL.EXEC:\Users\Web\AppData\Local\Temp\Abspdf.exeC:\Users\Web\AppData\Local\Temp\acfpdfu.dllC:\Users\Web\AppData\Local\Temp\acfpdfuamd64.dllC:\Users\Web\AppData\Local\Temp\acfpdfui.dllC:\Users\Web\AppData\Local\Temp\acfpdfuia64.dllC:\Users\Web\AppData\Local\Temp\acfpdfuiamd64.dllC:\Users\Web\AppData\Local\Temp\acfpdfuiia64.dllC:\Users\Web\AppData\Local\Temp\cdintf.dllC:\Users\Web\AppData\Local\Temp\converter.exeC:\Users\Web\AppData\Local\Temp\DseShExt-x64.dllC:\Users\Web\AppData\Local\Temp\DseShExt-x86.dllC:\Users\Web\AppData\Local\Temp\PDFPRT400.exeC:\Users\Web\AppData\Local\Temp\qqlghddd.dllC:\Users\Web\AppData\Local\Temp\SDShelEx-win32.dllC:\Users\Web\AppData\Local\Temp\SDShelEx-x64.dllC:\Users\Web\AppData\Local\Temp\tu17p84.exeC:\Users\Web\AppData\Local\Temp\xmllite.dllC:\Program Files (x86)\YTDownloaderC:\windows\Tasks\OKJQVJWHKAAQRNFR.job C:\ProgramData\Service1291\Service1291.exe C:\windows\Tasks\zcS3EdYjY9p5nRKgHUxt47hB.job C:\Users\pauli_000\AppData\Roaming\zcS3EdYjY9p5nRKgHUxt47hB.exe AlternateDataStreams: C:\Users\aklyk_000\OneDrive:ms-propertiesAlternateDataStreams: C:\Users\halca_000\SkyDrive:ms-propertiesAlternateDataStreams: C:\Users\mooke_000\SkyDrive:ms-propertiesAlternateDataStreams: C:\Users\pauli_000\SkyDrive:ms-propertiesAlternateDataStreams: C:\Users\Web\SkyDrive:ms-propertiesTask: C:\windows\Tasks\zcS3EdYjY9p5nRKgHUxt47hB.job => C:\Users\pauli_000\AppData\Roaming\zcS3EdYjY9p5nRKgHUxt47hB.exe <==== ATTENTIONTask: C:\windows\Tasks\Launch 5906.job => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATTENTIONTask: C:\windows\Tasks\OKJQVJWHKAAQRNFR.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTIONTask: {E5B134F3-B2F2-4DEC-BCD4-7D1F119E2737} - \WordSurfer Auto Updater 1.10.0.19 Pending Update -> No File <==== ATTENTIONTask: {E81456EC-E233-4971-8A38-08A91BF7C079} - \1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-5_user -> No File <==== ATTENTIONTask: {F1039C79-C9E6-4CBA-B9BE-6B0F0A3A5069} - \ConsumerInputUpdateTaskMachineUA -> No File <==== ATTENTIONTask: {F23B1A5B-0146-4E50-B83A-0E65D55F8CF3} - \AmiUpdXp -> No File <==== ATTENTIONTask: {F9FFB3B5-4844-4BA3-80F5-1FEB7C26B9ED} - \Inst_Rep -> No File <==== ATTENTIONTask: {FA5BAB30-E303-4575-AF1E-3F62E7ACF9F2} - \1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-7 -> No File <==== ATTENTIONTask: {D8C5C3DA-B014-4EA6-8AD6-C2489B10B7CE} - \UFGIMDA1 -> No File <==== ATTENTIONTask: {D964784B-64D9-4CDA-8E88-82E6376C60A8} - \ConsumerInputUpdateTaskMachineCore -> No File <==== ATTENTIONTask: {B1D11D2D-DEEB-4BFB-A956-2B8FB64C2A3C} - \TunePro360 Updater -> No File <==== ATTENTIONTask: {B706A7B2-9D42-4E31-B0ED-1D4E6DA59441} - \globalUpdateUpdateTaskMachineUA -> No File <==== ATTENTIONTask: {BD7DAA70-092B-4027-B7B0-E3BC5A7F2478} - \Selection Tools Update -> No File <==== ATTENTIONTask: {BE8F0C47-4BA8-459E-B418-526C6F55258F} - \CIMT_daily_S-1-5-21-2744511804-60897879-1795108344-1004 -> No File <==== ATTENTIONTask: {CA2C0F1A-EF1F-4D99-AA62-3274BBB1B9F3} - System32\Tasks\Smp => C:\Program Files\Common Files\Goobzo\GBUpdate\smp.exe <==== ATTENTIONC:\Program Files\Common Files\GoobzoTask: {7CA7A837-18A0-4220-A9A1-58392070FF63} - \1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-1-6 -> No File <==== ATTENTIONTask: {7626125F-A9AE-4DE0-81D2-4CD57E6801AB} - \CIMT_S-1-5-21-2744511804-60897879-1795108344-1004 -> No File <==== ATTENTIONTask: {77200938-3CE4-4EBB-84E5-2C1A6B3FF06A} - \SMW_UpdateTask_Time_333332393435373737322d2350785732325b6c342a2d45 -> No File <==== ATTENTIONTask: {77CF4BB0-2AE6-4B31-B93A-DB11A592EF9C} - System32\Tasks\OKJQVJWHKAAQRNFR => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTIONTask: {4D52730F-2073-4DBC-BB6C-3742301CBB9E} - \Superclean -> No File <==== ATTENTIONTask: {53E82944-B0B9-4C85-91AC-92071F7E1FB8} - \SMWUpd -> No File <==== ATTENTIONTask: {5D7FD6F8-DA6C-40D7-A7A7-0FB09A0CE9EC} - \1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-10_user -> No File <==== ATTENTIONTask: {406634BE-2592-40E5-8185-7E60C2FC4AF0} - System32\Tasks\zcS3EdYjY9p5nRKgHUxt47hB => C:\Users\pauli_000\AppData\Roaming\zcS3EdYjY9p5nRKgHUxt47hB.exe <==== ATTENTIONTask: {4523B8B0-4096-4875-8416-87E38CFCBB5D} - \Jarmeee -> No File <==== ATTENTIONC:\Users\pauli_000\AppData\Roaming\zcS3EdYjY9p5nRKgHUxt47hB.exe C:\ProgramData\Service1291Task: {3513DBDC-1C2F-4246-B1AE-EAEA37C895CE} - \WordSurfer Auto Updater 1.10.0.19 Core -> No File <==== ATTENTIONTask: {34250E27-3085-4A85-B311-A33E778664C3} - \1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-3 -> No File <==== ATTENTIONTask: {324F8CF7-2C46-406D-B8A3-3B74DD06E559} - \1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-5 -> No File <==== ATTENTIONTask: {0AE646E2-9F96-4A2F-98ED-782987460702} - \globalUpdateUpdateTaskMachineCore -> No File <==== ATTENTIONTask: {0BC35AC8-DBCA-4F36-A5DA-E53D1F232188} - \1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-1-7 -> No File <==== ATTENTIONTask: {19E2196E-E0F1-4518-84FF-7FD40FFFDF57} - \1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-6 -> No File <==== ATTENTIONTask: {1F795715-7993-4702-A09E-246EC9877C1E} - \WindApp Update -> No File <==== ATTENTIONTask: {20685D58-BC19-48BB-96E5-0EF4CB79BAEF} - \SushiLeads -> No File <==== ATTENTIONTask: {04BC670B-95B0-4AF2-84FB-463F165F917A} - System32\Tasks\A2D4B635-D1D1-4A62-A97D-A44A47B8980 => C:\Users\pauli_000\AppData\Local\A2D4B635-D1D1-4A62-A97D-A44A47B8980\A2D4B635-D1D1-4A62-A97D-A44A47B8980.exe <==== ATTENTION ***************** Restore point was successfully created.HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\YTDownloader => value not found."C:\ProgramData\FlashBeat\FlashBeat64.dll" => Value data removed successfully."C:\ProgramData\FlashBeat\FlashBeat32.dll" => Value data removed successfully."C:\windows\system32\GroupPolicy\Machine" => File/Folder not found.HKLM\SOFTWARE\Policies\Google => key not found. "C:\ProgramData\FlashBeat" => File/Folder not found."HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001" => key removed successfully"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002" => key removed successfully"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003" => key removed successfully"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004" => key removed successfully"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005" => key removed successfully"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006" => key removed successfully"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007" => key removed successfully"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008" => key removed successfullyHKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000019 => key not found. HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000020 => key not found. ========= netsh winsock reset ========= Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107 Sucessfully reset the Winsock Catalog.You must restart the computer in order to complete the reset. ========= End of CMD: ========= "HKU\S-1-5-21-2744511804-60897879-1795108344-1001\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => key removed successfullyMcAPExe => service removed successfullyMcMPFSvc => service removed successfullyBAPIDRV => service removed successfullygaeymoun => service removed successfullygilobxrb => service removed successfullyktoqvcqe => service removed successfullyrixyksrm => service removed successfully"C:\Users\pauli_000\Desktop\YTDownloader.lnk" => File/Folder not found."C:\Users\pauli_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader" => File/Folder not found."C:\Users\mooke_000\AppData\Local\Temp\SkypeSetup.exe" => File/Folder not found."C:\Users\pauli_000\AppData\Local\Temp\UNINSTALL.EXE" => File/Folder not found."C:\Users\Web\AppData\Local\Temp\Abspdf.exe" => File/Folder not found."C:\Users\Web\AppData\Local\Temp\acfpdfu.dll" => File/Folder not found."C:\Users\Web\AppData\Local\Temp\acfpdfuamd64.dll" => File/Folder not found."C:\Users\Web\AppData\Local\Temp\acfpdfui.dll" => File/Folder not found."C:\Users\Web\AppData\Local\Temp\acfpdfuia64.dll" => File/Folder not found."C:\Users\Web\AppData\Local\Temp\acfpdfuiamd64.dll" => File/Folder not found."C:\Users\Web\AppData\Local\Temp\acfpdfuiia64.dll" => File/Folder not found."C:\Users\Web\AppData\Local\Temp\cdintf.dll" => File/Folder not found."C:\Users\Web\AppData\Local\Temp\converter.exe" => File/Folder not found."C:\Users\Web\AppData\Local\Temp\DseShExt-x64.dll" => File/Folder not found."C:\Users\Web\AppData\Local\Temp\DseShExt-x86.dll" => File/Folder not found."C:\Users\Web\AppData\Local\Temp\PDFPRT400.exe" => File/Folder not found."C:\Users\Web\AppData\Local\Temp\qqlghddd.dll" => File/Folder not found."C:\Users\Web\AppData\Local\Temp\SDShelEx-win32.dll" => File/Folder not found."C:\Users\Web\AppData\Local\Temp\SDShelEx-x64.dll" => File/Folder not found."C:\Users\Web\AppData\Local\Temp\tu17p84.exe" => File/Folder not found."C:\Users\Web\AppData\Local\Temp\xmllite.dll" => File/Folder not found."C:\Program Files (x86)\YTDownloader" => File/Folder not found.C:\windows\Tasks\OKJQVJWHKAAQRNFR.job => moved successfully."C:\ProgramData\Service1291\Service1291.exe" => File/Folder not found.C:\windows\Tasks\zcS3EdYjY9p5nRKgHUxt47hB.job => moved successfully."C:\Users\pauli_000\AppData\Roaming\zcS3EdYjY9p5nRKgHUxt47hB.exe" => File/Folder not found."C:\Users\aklyk_000\OneDrive" => ":ms-properties" ADS not found.C:\Users\halca_000\SkyDrive => ":ms-properties" ADS removed successfully."C:\Users\mooke_000\SkyDrive" => ":ms-properties" ADS not found."C:\Users\pauli_000\SkyDrive" => ":ms-properties" ADS not found."C:\Users\Web\SkyDrive" => ":ms-properties" ADS not found.C:\windows\Tasks\zcS3EdYjY9p5nRKgHUxt47hB.job not found.C:\windows\Tasks\Launch 5906.job => moved successfully.C:\windows\Tasks\OKJQVJWHKAAQRNFR.job not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E5B134F3-B2F2-4DEC-BCD4-7D1F119E2737}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5B134F3-B2F2-4DEC-BCD4-7D1F119E2737}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WordSurfer Auto Updater 1.10.0.19 Pending Update => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E81456EC-E233-4971-8A38-08A91BF7C079}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E81456EC-E233-4971-8A38-08A91BF7C079}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-5_user => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F1039C79-C9E6-4CBA-B9BE-6B0F0A3A5069}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1039C79-C9E6-4CBA-B9BE-6B0F0A3A5069}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConsumerInputUpdateTaskMachineUA => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F23B1A5B-0146-4E50-B83A-0E65D55F8CF3}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F23B1A5B-0146-4E50-B83A-0E65D55F8CF3}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F9FFB3B5-4844-4BA3-80F5-1FEB7C26B9ED}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F9FFB3B5-4844-4BA3-80F5-1FEB7C26B9ED}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Inst_Rep => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FA5BAB30-E303-4575-AF1E-3F62E7ACF9F2}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA5BAB30-E303-4575-AF1E-3F62E7ACF9F2}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-7 => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D8C5C3DA-B014-4EA6-8AD6-C2489B10B7CE}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8C5C3DA-B014-4EA6-8AD6-C2489B10B7CE}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UFGIMDA1 => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D964784B-64D9-4CDA-8E88-82E6376C60A8}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D964784B-64D9-4CDA-8E88-82E6376C60A8}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConsumerInputUpdateTaskMachineCore => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B1D11D2D-DEEB-4BFB-A956-2B8FB64C2A3C}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1D11D2D-DEEB-4BFB-A956-2B8FB64C2A3C}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TunePro360 Updater => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B706A7B2-9D42-4E31-B0ED-1D4E6DA59441}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B706A7B2-9D42-4E31-B0ED-1D4E6DA59441}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BD7DAA70-092B-4027-B7B0-E3BC5A7F2478}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD7DAA70-092B-4027-B7B0-E3BC5A7F2478}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Selection Tools Update => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE8F0C47-4BA8-459E-B418-526C6F55258F}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE8F0C47-4BA8-459E-B418-526C6F55258F}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIMT_daily_S-1-5-21-2744511804-60897879-1795108344-1004 => key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA2C0F1A-EF1F-4D99-AA62-3274BBB1B9F3} => key not found. C:\windows\System32\Tasks\Smp not found.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Smp => key not found. "C:\Program Files\Common Files\Goobzo" => File/Folder not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7CA7A837-18A0-4220-A9A1-58392070FF63}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CA7A837-18A0-4220-A9A1-58392070FF63}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-1-6 => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7626125F-A9AE-4DE0-81D2-4CD57E6801AB}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7626125F-A9AE-4DE0-81D2-4CD57E6801AB}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIMT_S-1-5-21-2744511804-60897879-1795108344-1004 => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{77200938-3CE4-4EBB-84E5-2C1A6B3FF06A}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77200938-3CE4-4EBB-84E5-2C1A6B3FF06A}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_UpdateTask_Time_333332393435373737322d2350785732325b6c342a2d45 => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{77CF4BB0-2AE6-4B31-B93A-DB11A592EF9C}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77CF4BB0-2AE6-4B31-B93A-DB11A592EF9C}" => key removed successfullyC:\windows\System32\Tasks\OKJQVJWHKAAQRNFR not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OKJQVJWHKAAQRNFR" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D52730F-2073-4DBC-BB6C-3742301CBB9E}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D52730F-2073-4DBC-BB6C-3742301CBB9E}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Superclean => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{53E82944-B0B9-4C85-91AC-92071F7E1FB8}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53E82944-B0B9-4C85-91AC-92071F7E1FB8}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMWUpd => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5D7FD6F8-DA6C-40D7-A7A7-0FB09A0CE9EC}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D7FD6F8-DA6C-40D7-A7A7-0FB09A0CE9EC}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-10_user => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{406634BE-2592-40E5-8185-7E60C2FC4AF0}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{406634BE-2592-40E5-8185-7E60C2FC4AF0}" => key removed successfullyC:\windows\System32\Tasks\zcS3EdYjY9p5nRKgHUxt47hB => moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\zcS3EdYjY9p5nRKgHUxt47hB" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4523B8B0-4096-4875-8416-87E38CFCBB5D}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4523B8B0-4096-4875-8416-87E38CFCBB5D}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Jarmeee => key not found. "C:\Users\pauli_000\AppData\Roaming\zcS3EdYjY9p5nRKgHUxt47hB.exe" => File/Folder not found."C:\ProgramData\Service1291" => File/Folder not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3513DBDC-1C2F-4246-B1AE-EAEA37C895CE}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3513DBDC-1C2F-4246-B1AE-EAEA37C895CE}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WordSurfer Auto Updater 1.10.0.19 Core => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{34250E27-3085-4A85-B311-A33E778664C3}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34250E27-3085-4A85-B311-A33E778664C3}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-3 => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{324F8CF7-2C46-406D-B8A3-3B74DD06E559}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{324F8CF7-2C46-406D-B8A3-3B74DD06E559}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-5 => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0AE646E2-9F96-4A2F-98ED-782987460702}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AE646E2-9F96-4A2F-98ED-782987460702}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0BC35AC8-DBCA-4F36-A5DA-E53D1F232188}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0BC35AC8-DBCA-4F36-A5DA-E53D1F232188}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-1-7 => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{19E2196E-E0F1-4518-84FF-7FD40FFFDF57}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19E2196E-E0F1-4518-84FF-7FD40FFFDF57}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-6 => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F795715-7993-4702-A09E-246EC9877C1E}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F795715-7993-4702-A09E-246EC9877C1E}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WindApp Update => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{20685D58-BC19-48BB-96E5-0EF4CB79BAEF}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20685D58-BC19-48BB-96E5-0EF4CB79BAEF}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SushiLeads => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{04BC670B-95B0-4AF2-84FB-463F165F917A}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04BC670B-95B0-4AF2-84FB-463F165F917A}" => key removed successfullyC:\windows\System32\Tasks\A2D4B635-D1D1-4A62-A97D-A44A47B8980 => moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\A2D4B635-D1D1-4A62-A97D-A44A47B8980" => key removed successfully ==== End of Fixlog 16:13:21 ====
-
I overlooked the step about running FRST the second time. I will go back and run that Should I re-run AdwClean and zoek after running FRST with the fix option?
-
zoek.exe log: Zoek.exe v5.0.0.0 Updated 04-May-2015Tool run by Web on Sun 08/16/2015 at 15:30:15.53.Microsoft Windows 8.1 6.3.9600 x64Running in: Normal Mode Internet Access DetectedLaunched: C:\Users\Web\Desktop\zoek.exe [scan all users] [script inserted] ===== Runcheck 15:33:53.02 ===== --- Create Environment Variables 15:33:55.35 --- Create System Restore Point 15:34:17.82 --- Checking Input 15:34:21.71 --- AU AppData Check 15:34:33.55 --- Remove From Windows Installer 15:34:38.21 --- Empty Folders Check 15:36:32.10 --- Registry HKLM Software Check 15:36:32.18 --- Quick Launch Shortcut Check 15:36:55.55 --- IE Startpage Check 15:37:00.19
-
I ran AdwCleaner.exe. Still getting popup ads and mystery redirects on links. AdwCleaner[C1].txt posted below. Moving on to the zoek.exe step. # AdwCleaner v5.000 - Logfile created 16/08/2015 at 15:09:09# Updated 14/08/2015 by Xplode# Database : 2015-08-14.3 [Local]# Operating system : Windows 8.1 (x64)# Username : Web - JEFFERSON# Running from : C:\Users\Web\Downloads\AdwCleaner.exe# Option : Cleaning ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder Deleted : C:\ftb[-] Folder Deleted : C:\Program Files (x86)\globalUpdate[-] Folder Deleted : C:\Program Files (x86)\Iminent[-] Folder Deleted : C:\Program Files (x86)\Games Bot[-] Folder Deleted : C:\Program Files (x86)\app_setup[-] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search[-] Folder Deleted : C:\Program Files (x86)\Common Files\Umbrella[-] Folder Deleted : C:\ProgramData\SearchModule[-] Folder Deleted : C:\ProgramData\torchcrashhandler[-] Folder Deleted : C:\ProgramData\{8a7ebbef-ee3a-aeaf-8a7e-ebbefee3efbf}[-] Folder Deleted : C:\Users\aklyk_000\AppData\LocalLow\AVG SafeGuard toolbar[-] Folder Deleted : C:\Users\halca_000\AppData\Local\torch[-] Folder Deleted : C:\Users\halca_000\AppData\LocalLow\AVG SafeGuard toolbar[-] Folder Deleted : C:\Users\halca_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch[-] Folder Deleted : C:\Users\mooke_000\AppData\Local\BrowserHelper[-] Folder Deleted : C:\Users\mooke_000\AppData\Local\Games Bot[-] Folder Deleted : C:\Users\mooke_000\AppData\LocalLow\AVG SafeGuard toolbar[-] Folder Deleted : C:\Users\pauli_000\AppData\Local\globalUpdate[-] Folder Deleted : C:\Users\pauli_000\AppData\Local\torch[-] Folder Deleted : C:\Users\pauli_000\AppData\Local\SmartWeb[-] Folder Deleted : C:\Users\pauli_000\AppData\Local\Games Bot[-] Folder Deleted : C:\Users\pauli_000\AppData\Local\A6C6C989-1439497946-BC3E-14FC-D623B3EBFD98[-] Folder Deleted : C:\Users\pauli_000\AppData\LocalLow\SmartWeb[-] Folder Deleted : C:\Users\pauli_000\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}[-] Folder Deleted : C:\Users\pauli_000\AppData\Roaming\Store[-] Folder Deleted : C:\Users\pauli_000\AppData\Roaming\WTools[-] Folder Deleted : C:\Users\pauli_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bubble Dock[-] Folder Deleted : C:\Users\pauli_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader[-] Folder Deleted : C:\Users\pauli_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games Bot[-] Folder Deleted : C:\Users\Web\AppData\Local\BrowserHelper[-] Folder Deleted : C:\Users\Web\AppData\Local\Games Bot[-] Folder Deleted : C:\Users\Web\AppData\LocalLow\AVG SafeGuard toolbar ***** [ Files ] ***** [-] File Deleted : C:\END[-] File Deleted : C:\Program Files (x86)\uninstaller.exe[-] File Deleted : C:\Program Files\Common Files\System\SysMenu.dll[-] File Deleted : C:\Program Files\Common Files\System\SysMenu64.dll[-] File Deleted : C:\Users\aklyk_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nociobghckdhokecfeajdpimjeapnopn_0.localstorage[-] File Deleted : C:\Users\aklyk_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_adpeheiliennogfclcgmchdfdmafjegc_0.localstorage[-] File Deleted : C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nociobghckdhokecfeajdpimjeapnopn_0.localstorage[-] File Deleted : C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_peglehonblabfemopkgmfcpofbchegcl_0.localstorage[-] File Deleted : C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_peglehonblabfemopkgmfcpofbchegcl_0.localstorage-journal[-] File Deleted : C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\peglehonblabfemopkgmfcpofbchegcl[-] File Deleted : C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_adpeheiliennogfclcgmchdfdmafjegc_0.localstorage[-] File Deleted : C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_home.tb.ask.com_0.localstorage[-] File Deleted : C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_home.tb.ask.com_0.localstorage-journal[-] File Deleted : C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.tb.ask.com_0.localstorage[-] File Deleted : C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.tb.ask.com_0.localstorage-journal[-] File Deleted : C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage[-] File Deleted : C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal[-] File Deleted : C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.search.ask.com_0.localstorage[-] File Deleted : C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.search.ask.com_0.localstorage-journal[-] File Deleted : C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.search.ask.com_0.localstorage[-] File Deleted : C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.search.ask.com_0.localstorage-journal[-] File Deleted : C:\Users\halca_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk[-] File Deleted : C:\Users\halca_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Torch.lnk[-] File Deleted : C:\Users\halca_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk[-] File Deleted : C:\Users\halca_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk[-] File Deleted : C:\Users\halca_000\Desktop\Facebook.lnk[-] File Deleted : C:\Users\halca_000\Desktop\Free Games.lnk[-] File Deleted : C:\Users\halca_000\Desktop\Torch.lnk[-] File Deleted : C:\Users\halca_000\Desktop\Youtube.lnk[-] File Deleted : C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nociobghckdhokecfeajdpimjeapnopn_0.localstorage[-] File Deleted : C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_adpeheiliennogfclcgmchdfdmafjegc_0.localstorage[-] File Deleted : C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.search.ask.com_0.localstorage[-] File Deleted : C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.search.ask.com_0.localstorage-journal[-] File Deleted : C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fraps.en.softonic.com_0.localstorage[-] File Deleted : C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fraps.en.softonic.com_0.localstorage-journal[-] File Deleted : C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage[-] File Deleted : C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal[-] File Deleted : C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.search.ask.com_0.localstorage[-] File Deleted : C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.search.ask.com_0.localstorage-journal[-] File Deleted : C:\Users\pauli_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nociobghckdhokecfeajdpimjeapnopn_0.localstorage[-] File Deleted : C:\Users\pauli_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_adpeheiliennogfclcgmchdfdmafjegc_0.localstorage[-] File Deleted : C:\Users\pauli_000\Desktop\Continue Live Installation.lnk[-] File Deleted : C:\Users\pauli_000\Desktop\YTDownloader.lnk[-] File Deleted : C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nociobghckdhokecfeajdpimjeapnopn_0.localstorage[-] File Deleted : C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_adpeheiliennogfclcgmchdfdmafjegc_0.localstorage ***** [ Shortcuts ] ***** [-] Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk[-] Shortcut Disinfected : C:\Users\mooke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome .lnk[-] Shortcut Disinfected : C:\Users\mooke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefox .lnk[-] Shortcut Disinfected : C:\Users\mooke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Iexplore .lnk ***** [ Scheduled tasks ] ***** [-] Task Deleted : Smp ***** [ Registry ] ***** [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader][-] Key Deleted : HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\SysMenuExt[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\SysMenu.DLL[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\smu.exe[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WeWatcherProxy[-] Key Deleted : HKLM\SOFTWARE\f6a6a069-13a3-4cef-bb58-829aca7aa7f2[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D813D5BB-EBC7-45F9-B8A4-36A305168069}[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{58124A0B-DC32-4180-9BFF-E0E21AE34026}][-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}][-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}][-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{020B1D4B-5738-4C77-9E19-4F173DD9B486}[-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}[-] Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Compete[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\_CrossriderRegNamePlaceHolder_[-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate[-] Key Deleted : HKLM\SOFTWARE\NpApp[-] Key Deleted : HKLM\SOFTWARE\SearchModule[-] Key Deleted : HKLM\SOFTWARE\Br MediaPlayer[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00B2-0409-0000-0000000FF1CE}[-] Key Deleted : [x64] HKLM\SOFTWARE\YTDownloader[-] Key Deleted : [x64] HKLM\SOFTWARE\SearchModule[-] Key Deleted : [x64] HKLM\SOFTWARE\WebBar[-] Data Restored : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] ***** [ Web browsers ] ***** [-] [C:\Users\aklyk_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : aol.com[-] [C:\Users\aklyk_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : ask.com[-] [C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : aol.com[-] [C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : ask.com[-] [C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : zelda-adventure-for-minecraft.en.softonic.com[-] [C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : vosteran.com[-] [C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_15_01_other&cd=2XzuyEtN2Y1L1Qzu0AtD0DtA0CtCtC0C0C0E0E0C0FzzyDzztN0D0Tzu0StCtDzyyDtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyDyCzytA0FtDtDtGyD0FtByDtGyBzytCtDtGtDyE0B0AtGtAyEtCtB0C0D0B0EtAzz0Dzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0D0AyD0AyD0ByCtGtB0CyE0CtGyEyCyDyBtGzytAyDzztGzyzyzyzz0D0ByB0CzytDtByE2Q&cr=1090904794&ir=[-] [C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [startup_URLs] Deleted : hxxp://Vosteran.com/?f=7&a=vst_ggfc_15_01_other&cd=2XzuyEtN2Y1L1Qzu0AtD0DtA0CtCtC0C0C0E0E0C0FzzyDzztN0D0Tzu0StCtDzyyDtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyDyCzytA0FtDtDtGyD0FtByDtGyBzytCtDtGtDyE0B0AtGtAyEtCtB0C0D0B0EtAzz0Dzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0D0AyD0AyD0ByCtGtB0CyE0CtGyEyCyDyBtGzytAyDzztGzyzyzyzz0D0ByB0CzytDtByE2Q&cr=1090904794&ir=[-] [C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : aol.com[-] [C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : ask.com[-] [C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : search.ask.com[-] [C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : fraps.en.softonic.com[-] [C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : start.iminent.com[-] [C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Deleted : hxxp://www.iminent.com/Content/Images/favicon.ico?2fdde4[-] [C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxp://start.iminent.com/?appId=92282980-be3c-46df-892d-3602649bd79a&ref=toolbox&q={searchTerms}[-] [C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://start.iminent.com/?appId=92282980-be3c-46df-892d-3602649bd79a[-] [C:\Users\pauli_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : aol.com[-] [C:\Users\pauli_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : netflix.com[-] [C:\Users\pauli_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : search.ask.com[-] [C:\Users\pauli_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : ask.com[-] [C:\Users\pauli_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxp://www-searching.com/search.aspx?site=shyos&prd=set&q={searchTerms}&s=F8Ezamobl03687,036dcff6-27d7-4930-8c92-47349eb37067[-] [C:\Users\pauli_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www-searching.com/?pid=s&s=F8Ezamobl03687,036dcff6-27d7-4930-8c92-47349eb37067&vp=ch&prd=set[-] [C:\Users\pauli_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [startup_URLs] Deleted : hxxp://www-searching.com/?pid=s&s=F8Ezamobl03687,036dcff6-27d7-4930-8c92-47349eb37067&vp=ch&prd=set ************************* :: Proxy settings cleared:: Winsock settings cleared ************************* C:\AdwCleaner[C1].txt - [18321 octets] - [16/08/2015 15:09:09]C:\AdwCleaner[s1].txt - [17836 octets] - [16/08/2015 15:05:17] ########## EOF - C:\AdwCleaner[C1].txt - [18449 octets] ##########
-
Addition.txt: Additional scan result of Farbar Recovery Scan Tool (x64) Version:16-08-2015Ran by Web (2015-08-16 13:08:33)Running from C:\Users\Web\DesktopBoot Mode: Normal========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2744511804-60897879-1795108344-500 - Administrator - Disabled)aklyk_000 (S-1-5-21-2744511804-60897879-1795108344-1007 - Limited - Enabled) => C:\Users\aklyk_000Guest (S-1-5-21-2744511804-60897879-1795108344-501 - Limited - Disabled)halca_000 (S-1-5-21-2744511804-60897879-1795108344-1006 - Limited - Enabled) => C:\Users\halca_000HomeGroupUser$ (S-1-5-21-2744511804-60897879-1795108344-1003 - Limited - Enabled)mooke_000 (S-1-5-21-2744511804-60897879-1795108344-1005 - Limited - Enabled) => C:\Users\mooke_000pauli_000 (S-1-5-21-2744511804-60897879-1795108344-1004 - Administrator - Enabled) => C:\Users\pauli_000Web (S-1-5-21-2744511804-60897879-1795108344-1001 - Administrator - Enabled) => C:\Users\Web ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)Action Replay PowerSaves 3DS version 1.29 (HKLM-x32\...\{CD24B06F-0A4D-410A-AEF2-DFE6A28AB4C0}_is1) (Version: 1.29 - Datel Design & Development)Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)Airport Mania (x32 Version: 2.2.0.95 - WildTangent) HiddenAlcor Micro USB Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.)Alcor Micro USB Card Reader Driver (x32 Version: 20.21.3317.03861 - Alcor Micro Corp.) HiddenAmazing World (HKLM-x32\...\Steam App 293500) (Version: - Ganz)AMD Catalyst Install Manager (HKLM\...\{7288D4D9-90E0-2B03-43D0-0BB6D4496577}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)Amnesia: The Dark Descent (HKLM-x32\...\Steam App 57300) (Version: - Frictional Games)Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) HiddenBejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) HiddenBonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) HiddenBrick-Force (EU) (HKLM-x32\...\Steam App 335330) (Version: - Exe Games Inc.)Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) HiddenCastle Crashers (HKLM-x32\...\Steam App 204360) (Version: - The Behemoth)Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version: - Cheat Engine)Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)Clicker Heroes (HKLM-x32\...\Steam App 363970) (Version: - )Collaboration Data Objects 1.2.1 (HKLM-x32\...\{86EF9EB6-DE10-4ABB-B221-D61972BB3C09}) (Version: 6.5.7940.0 - Microsoft)Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) HiddenCradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) HiddenCry of Fear (HKLM-x32\...\Steam App 223710) (Version: - Team Psykskallar)Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) HiddenCutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.)CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6805 - CyberLink Corp.)CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3103 - CyberLink Corp.)Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4323 - CyberLink Corp.)CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3215 - CyberLink Corp.)CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3215 - CyberLink Corp.)CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3212 - CyberLink Corp.)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDelicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) HiddenDisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) HiddenFarm Frenzy (x32 Version: 2.2.0.98 - WildTangent) HiddenFishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) HiddenFistful of Frags (HKLM-x32\...\Steam App 265630) (Version: - Fistful of Frags Team)Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.155 - Google Inc.)Google Drive (HKLM-x32\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.28.1 - Google Inc.) HiddenGovernor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) HiddenGPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.15) (Version: 9.15 - Artifex Software Inc.)Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) HiddenHouse of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) HiddenHP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)HP Documentation (HKLM-x32\...\{06600E94-1C34-40E2-AB09-D30AECF78172}) (Version: 1.1.0.0 - Hewlett-Packard)HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard)HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.51 - Hewlett-Packard)HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)Inst5675 (Version: 8.00.51 - Softex Inc.) HiddenInst5676 (Version: 8.00.51 - Softex Inc.) HiddeniRepo 5.3.0.0 (HKLM-x32\...\iRepo_is1) (Version: 5.3.0.0 - Purple Ghost Software, Inc.)Ironclad Tactics (HKLM-x32\...\Steam App 226960) (Version: - Zachtronics)Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) HiddeniTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) HiddenJohn Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) HiddenKing Oddball (x32 Version: 3.0.2.48 - WildTangent) HiddenLuxor Evolved (x32 Version: 2.2.0.98 - WildTangent) HiddenMahjongg Dimensions Deluxe (x32 Version: 2.2.0.95 - WildTangent) HiddenMalwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)Mitos.is: The Game (HKLM-x32\...\Steam App 389570) (Version: - Freakinware Studios)Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) HiddenMusic Rescue (HKLM-x32\...\{5F503B34-022D-4C56-9D40-53D2916CE3C9}) (Version: 4.5.1 - KennettNet Software Ltd)Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) HiddenNBA 2K15 (HKLM-x32\...\Steam App 282350) (Version: - Visual Concepts)Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) HiddenPenguins! (x32 Version: 2.2.0.98 - WildTangent) HiddenPinger (HKLM-x32\...\Pinger 1.1.1.2) (Version: 1.1.1.2 - Pinger Inc.)Pinger (x32 Version: 1.1.1.2 - Pinger Inc.) HiddenPlants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) HiddenPokémon Trading Card Game Online (HKLM-x32\...\{D81F39D4-FDA9-4356-92B1-16081D8BF71A}) (Version: 1.0.0 - The Pokémon Company International)Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) HiddenPortal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)PVZ Garden Warfare (HKLM-x32\...\{A5AC7D7B-C1D5-4AF9-8829-993DA335BE1B}) (Version: 1.0.3.0 - Electronic Arts)Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)QuickBooks (x32 Version: 24.0.4008.2403 - Intuit Inc.) HiddenQuickBooks Pro 2014 (HKLM-x32\...\{4A21D17E-2FE8-42CD-88B7-ACF8E8860834}) (Version: 24.0.4003.2403 - Intuit Inc.)QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7090 - Realtek Semiconductor Corp.)Recovery Manager (x32 Version: 5.5.0.7001 - CyberLink Corp.) HiddenRoads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) HiddenSetup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - )Sharepod 4.0.1.1 (HKLM-x32\...\{085BCFB8-F6FB-4600-AFAB-1F6DBC7F5F99}_is1) (Version: - Macroplant LLC)Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)Spooky's House of Jump Scares (HKLM-x32\...\Steam App 356670) (Version: - Lag Studios)Spotify (HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB)Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) HiddenTeam Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)Team Fortress Classic (HKLM-x32\...\Steam App 20) (Version: - Valve)Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version: - Edmund McMillen and Florian Himsl)The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version: - Nicalis, Inc.)Time Clickers (HKLM-x32\...\Steam App 385770) (Version: - Proton Studio Inc)TouchCopy 12 (HKLM-x32\...\{363B852D-FBAD-4BAB-B1E9-28937DCDA620}) (Version: 12.46 - Wide Angle Software)Trove (HKLM-x32\...\Steam App 304050) (Version: - Trion Worlds)Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)Update Installer for WildTangent Games App (x32 Version: - WildTangent) HiddenVacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) HiddenVuze (HKLM\...\8461-7759-5462-8226) (Version: 5.3.0.0 - Azureus Software, Inc.)WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)X Rebirth (HKLM-x32\...\Steam App 2870) (Version: - Egosoft)Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) HiddenZuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 29-07-2015 04:09:48 Windows Update11-08-2015 11:39:06 Scheduled Checkpoint16-08-2015 12:39:33 Removed Java 7 Update 60 (64-bit) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {04BC670B-95B0-4AF2-84FB-463F165F917A} - System32\Tasks\A2D4B635-D1D1-4A62-A97D-A44A47B8980 => C:\Users\pauli_000\AppData\Local\A2D4B635-D1D1-4A62-A97D-A44A47B8980\A2D4B635-D1D1-4A62-A97D-A44A47B8980.exe <==== ATTENTIONTask: {089607A1-22D1-4172-A106-4DEEEDF53A49} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)Task: {0AE646E2-9F96-4A2F-98ED-782987460702} - \globalUpdateUpdateTaskMachineCore -> No File <==== ATTENTIONTask: {0BC35AC8-DBCA-4F36-A5DA-E53D1F232188} - \1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-1-7 -> No File <==== ATTENTIONTask: {19E2196E-E0F1-4518-84FF-7FD40FFFDF57} - \1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-6 -> No File <==== ATTENTIONTask: {1F795715-7993-4702-A09E-246EC9877C1E} - \WindApp Update -> No File <==== ATTENTIONTask: {20685D58-BC19-48BB-96E5-0EF4CB79BAEF} - \SushiLeads -> No File <==== ATTENTIONTask: {283EFFA8-8543-4156-9297-F4967767E0AC} - System32\Tasks\updateTask => c:\task.vbs [2015-08-14] ()Task: {2F8869EE-DDF4-4189-B218-0FA932BA833B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-05] (Google Inc.)Task: {324F8CF7-2C46-406D-B8A3-3B74DD06E559} - \1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-5 -> No File <==== ATTENTIONTask: {3278AEA8-72C5-4AFA-9261-70BA95437111} - System32\Tasks\DailyPCClean Schedule => C:\Program Files (x86)\DailyPCClean\DPCCSchedule.exeTask: {33C6C936-27C9-4864-BC10-AD0EE8157838} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)Task: {34250E27-3085-4A85-B311-A33E778664C3} - \1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-3 -> No File <==== ATTENTIONTask: {34CE367C-12F8-40EF-A247-F2A77A5692E5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)Task: {3513DBDC-1C2F-4246-B1AE-EAEA37C895CE} - \WordSurfer Auto Updater 1.10.0.19 Core -> No File <==== ATTENTIONTask: {364C2067-47B8-4DA0-9B7F-DEF696AC3D31} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)Task: {406634BE-2592-40E5-8185-7E60C2FC4AF0} - System32\Tasks\zcS3EdYjY9p5nRKgHUxt47hB => C:\Users\pauli_000\AppData\Roaming\zcS3EdYjY9p5nRKgHUxt47hB.exe <==== ATTENTIONTask: {4523B8B0-4096-4875-8416-87E38CFCBB5D} - \Jarmeee -> No File <==== ATTENTIONTask: {4D0A3E5D-EA2D-4BC2-A3B0-35166C769E0C} - System32\Tasks\runTask => %TEMP%/Updater.exeTask: {4D52730F-2073-4DBC-BB6C-3742301CBB9E} - \Superclean -> No File <==== ATTENTIONTask: {53E82944-B0B9-4C85-91AC-92071F7E1FB8} - \SMWUpd -> No File <==== ATTENTIONTask: {5D7FD6F8-DA6C-40D7-A7A7-0FB09A0CE9EC} - \1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-10_user -> No File <==== ATTENTIONTask: {6D630EE5-9363-4E34-80CB-05227AE6CFBA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-08-13] (Microsoft Corporation)Task: {7626125F-A9AE-4DE0-81D2-4CD57E6801AB} - \CIMT_S-1-5-21-2744511804-60897879-1795108344-1004 -> No File <==== ATTENTIONTask: {77200938-3CE4-4EBB-84E5-2C1A6B3FF06A} - \SMW_UpdateTask_Time_333332393435373737322d2350785732325b6c342a2d45 -> No File <==== ATTENTIONTask: {77CF4BB0-2AE6-4B31-B93A-DB11A592EF9C} - System32\Tasks\OKJQVJWHKAAQRNFR => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTIONTask: {78433DFD-CEDB-4793-AB00-0EAAE5EA786D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)Task: {7CA7A837-18A0-4220-A9A1-58392070FF63} - \1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-1-6 -> No File <==== ATTENTIONTask: {912CDA96-E250-45E0-A69F-CBE9F94642F8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-31] (Hewlett-Packard)Task: {A8A586F8-3AB2-43BE-B7E5-91B816889678} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {B1D11D2D-DEEB-4BFB-A956-2B8FB64C2A3C} - \TunePro360 Updater -> No File <==== ATTENTIONTask: {B706A7B2-9D42-4E31-B0ED-1D4E6DA59441} - \globalUpdateUpdateTaskMachineUA -> No File <==== ATTENTIONTask: {BD7DAA70-092B-4027-B7B0-E3BC5A7F2478} - \Selection Tools Update -> No File <==== ATTENTIONTask: {BE8F0C47-4BA8-459E-B418-526C6F55258F} - \CIMT_daily_S-1-5-21-2744511804-60897879-1795108344-1004 -> No File <==== ATTENTIONTask: {CA2C0F1A-EF1F-4D99-AA62-3274BBB1B9F3} - System32\Tasks\Smp => C:\Program Files\Common Files\Goobzo\GBUpdate\smp.exe <==== ATTENTIONTask: {D5016636-D008-4FA8-A9CA-F95655C46526} - System32\Tasks\HPCeeScheduleForpauli_000 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)Task: {D576BEE5-6B9B-4783-98AB-0F5C1E1AF9F9} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)Task: {D5E45616-3703-4421-BCF8-C2617A3EB32A} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiserTask: {D8C5C3DA-B014-4EA6-8AD6-C2489B10B7CE} - \UFGIMDA1 -> No File <==== ATTENTIONTask: {D964784B-64D9-4CDA-8E88-82E6376C60A8} - \ConsumerInputUpdateTaskMachineCore -> No File <==== ATTENTIONTask: {DF80B38C-CA93-4FAD-887C-AD8EDE5A02EB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-31] (Hewlett-Packard)Task: {E0656664-4567-4309-817B-5F2691F42BE0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-05] (Google Inc.)Task: {E5B134F3-B2F2-4DEC-BCD4-7D1F119E2737} - \WordSurfer Auto Updater 1.10.0.19 Pending Update -> No File <==== ATTENTIONTask: {E81456EC-E233-4971-8A38-08A91BF7C079} - \1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-5_user -> No File <==== ATTENTIONTask: {F1039C79-C9E6-4CBA-B9BE-6B0F0A3A5069} - \ConsumerInputUpdateTaskMachineUA -> No File <==== ATTENTIONTask: {F23B1A5B-0146-4E50-B83A-0E65D55F8CF3} - \AmiUpdXp -> No File <==== ATTENTIONTask: {F9FFB3B5-4844-4BA3-80F5-1FEB7C26B9ED} - \Inst_Rep -> No File <==== ATTENTIONTask: {FA5BAB30-E303-4575-AF1E-3F62E7ACF9F2} - \1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-7 -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\HPCeeScheduleForpauli_000.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exeTask: C:\windows\Tasks\Launch 5906.job => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATTENTIONTask: C:\windows\Tasks\OKJQVJWHKAAQRNFR.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTIONTask: C:\windows\Tasks\User_Feed_Synchronization-{04B9E90F-251F-4172-81A6-1ACCE334504E}.job => C:\windows\system32\msfeedssync.exeTask: C:\windows\Tasks\User_Feed_Synchronization-{97BF5AF6-D346-4412-B19A-879C9F6FBBA8}.job => C:\windows\system32\msfeedssync.exeTask: C:\windows\Tasks\User_Feed_Synchronization-{C5F881FB-A495-42CB-A304-59516024C554}.job => C:\windows\system32\msfeedssync.exeTask: C:\windows\Tasks\zcS3EdYjY9p5nRKgHUxt47hB.job => C:\Users\pauli_000\AppData\Roaming\zcS3EdYjY9p5nRKgHUxt47hB.exe <==== ATTENTION ==================== Loaded Modules (Whitelisted) ============== 2013-09-05 05:22 - 2013-09-05 05:22 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe2013-09-05 05:24 - 2013-09-05 05:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll2013-09-05 05:24 - 2013-09-05 05:24 - 02540544 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll2013-09-05 05:21 - 2013-09-05 05:21 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll2013-09-05 05:21 - 2013-09-05 05:21 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll2013-09-05 05:21 - 2013-09-05 05:21 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll2013-09-05 05:36 - 2013-09-05 05:36 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll2013-09-05 05:36 - 2013-09-05 05:36 - 01298832 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll2013-09-05 05:31 - 2013-09-05 05:31 - 00064000 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe2013-06-05 15:51 - 2013-06-05 15:51 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2015-08-16 13:03 - 2015-08-16 13:03 - 00098816 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\win32api.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00110080 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\pywintypes27.dll2015-08-16 13:03 - 2015-08-16 13:03 - 00364544 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\pythoncom27.dll2015-08-16 13:03 - 2015-08-16 13:03 - 00045568 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\_socket.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 01161216 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\_ssl.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00320512 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\win32com.shell.shell.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00713216 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\_hashlib.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 01176576 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\wx._core_.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00806400 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\wx._gdi_.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00816128 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\wx._windows_.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 01067008 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\wx._controls_.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00733184 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\wx._misc_.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00682496 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\pysqlite2._sqlite.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00087552 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\_ctypes.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00119808 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\win32file.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00108544 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\win32security.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00007168 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\hashobjs_ext.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00068096 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\usb_ext.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00167936 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\win32gui.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00018432 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\win32event.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00128512 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\_elementtree.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00127488 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\pyexpat.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00013824 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\common.time34.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00036864 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\_psutil_windows.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00038912 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\win32inet.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00011264 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\win32crypt.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00077312 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\wx._html2.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00027136 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\_multiprocessing.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00020480 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\_yappi.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00035840 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\win32process.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00686080 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\unicodedata.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00123392 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\wx._wizard.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00024064 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\win32pipe.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00010240 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\select.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00025600 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\win32pdh.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00525640 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\windows._lib_cacheinvalidation.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00017408 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\win32profile.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00022528 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\win32ts.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00078848 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\wx._animate.pyd2015-08-11 15:15 - 2015-08-07 19:13 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\libglesv2.dll2015-08-11 15:15 - 2015-08-07 19:13 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\aklyk_000\OneDrive:ms-propertiesAlternateDataStreams: C:\Users\halca_000\SkyDrive:ms-propertiesAlternateDataStreams: C:\Users\mooke_000\SkyDrive:ms-propertiesAlternateDataStreams: C:\Users\pauli_000\SkyDrive:ms-propertiesAlternateDataStreams: C:\Users\Web\SkyDrive:ms-properties ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Uiviuuj => ""="service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WeWatcherProxy => ""="service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2744511804-60897879-1795108344-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Web\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\20130104_180917.jpgDNS Servers: 192.168.1.254HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\StartupFolder: => "QuickBooks_Standard_21.lnk"HKLM\...\StartupApproved\Run32: => "Intuit SyncManager"HKLM\...\StartupApproved\Run32: => "iTunesHelper"HKLM\...\StartupApproved\Run32: => "QHSafeTray"HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_E2EFA8B57D860A85EE2AA41549A6F263"HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_E79404C9801F5F746CB0082314E75BDB"HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\StartupApproved\Run: => "Spotify"HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\StartupApproved\Run: => "Spotify Web Helper" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139FirewallRules: [{BE1E032E-59FB-4FD6-A4A7-7483640A14E2}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exeFirewallRules: [{6C1223DF-C175-4620-A10F-C10F3B53ADAD}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exeFirewallRules: [{10B96B04-F60E-4B27-B2AD-4DE58C0EA43D}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exeFirewallRules: [{9F21A3C9-C90F-412A-9567-272759693CAD}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exeFirewallRules: [{3B76E4E5-879F-4B5D-AECA-CF7E92170C41}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exeFirewallRules: [{C57BDA63-9FB1-4F0C-AE36-8EE96FEC22E3}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exeFirewallRules: [{3924102E-FF6B-4B83-8814-FF88FE11AB7A}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXEFirewallRules: [{EE574B00-7BF6-4DFD-B2F8-1EA49608A5E0}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exeFirewallRules: [{21E7021B-C5C7-45D1-9975-5787D14A44AA}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exeFirewallRules: [{F3F991D2-D911-444E-9CC4-F7D3C824850D}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exeFirewallRules: [{FA8134FB-7A4D-47F5-A745-EE21B2EC71DC}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exeFirewallRules: [{8FB586B4-6047-4608-92D9-9E3CCFE444C4}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exeFirewallRules: [{444EDE6B-1312-4115-9DAD-A4FBBD5FEC71}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exeFirewallRules: [{92EC95E1-E446-4F0A-B9BD-FE619836FF0C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{31C6EA78-FDCA-4EAA-9EF3-329774323E6E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{B9C2440C-FDD9-4CA8-8CBE-1CB5A7317482}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{B70D192F-164B-4D05-BFA2-0DBC6CFA4CFD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{6A9CCDF5-CA09-4A3C-91FD-4C1821F5C087}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exeFirewallRules: [{AAFEF149-C6A9-42A0-9506-71ECA24DCE2B}] => (Allow) LPort=2869FirewallRules: [{74072E8C-EBBF-4990-BF8D-DF3F0A70705B}] => (Allow) LPort=1900FirewallRules: [{1EDB488B-DE61-4A08-82F1-AF2EAC89C7F0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exeFirewallRules: [{89535837-6E40-4ADA-8F67-1E2DD36A4CB1}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exeFirewallRules: [{5A739BBF-C1B7-48D1-9985-0BB27D4010A7}] => (Allow) C:\Program Files\Vuze\Azureus.exeFirewallRules: [{525541B4-294B-4B11-B9BC-BBBC03578BD0}] => (Allow) C:\Program Files\Vuze\Azureus.exeFirewallRules: [TCP Query User{1EA3B08A-E61D-4829-BC45-B4DC73A5FDD6}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exeFirewallRules: [uDP Query User{F48061BA-97D0-489B-AC9A-CCB9334B4354}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exeFirewallRules: [{F5176B49-2ACD-4BB1-8592-4DD49D3ACB5B}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exeFirewallRules: [{D4094727-9CBC-47C6-B0B1-5D092972F3B8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exeFirewallRules: [{2C5E364E-0036-43E7-918F-86DECA98A4BE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exeFirewallRules: [TCP Query User{B981B08B-F1AB-4565-A371-17A30D1194A0}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exeFirewallRules: [uDP Query User{D4AD9723-A924-495C-BE4A-EA66A99F63C4}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exeFirewallRules: [{EE817AAF-9D62-4E65-B3FC-CD8076B76F33}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exeFirewallRules: [{E58FC6A6-9307-4280-AE24-E6FBE2557067}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exeFirewallRules: [{5D82F2EC-1AC8-4525-B30D-815A5BC40ABA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exeFirewallRules: [{82397B22-92B9-40D2-968A-1346D1068248}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exeFirewallRules: [TCP Query User{348FADAE-611E-4D3B-972C-4009B959179B}C:\users\web\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\web\appdata\roaming\spotify\spotify.exeFirewallRules: [uDP Query User{691D1B52-7F3E-429D-B119-5045A9A1B313}C:\users\web\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\web\appdata\roaming\spotify\spotify.exeFirewallRules: [{C3783617-F9FA-4489-8F55-5FAF1087501F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exeFirewallRules: [{89F398C4-5795-4A80-99E8-DAD027657813}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exeFirewallRules: [{1012B0E9-788E-4339-9C2A-BE8C02A486C7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fistful of Frags\sdk\hl2.exeFirewallRules: [{E02EFE82-455B-403A-B91A-9D6A2DA8808D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fistful of Frags\sdk\hl2.exeFirewallRules: [{43A590CA-716F-4AA6-AB24-87220381B8C6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amazing World\AmazingWorld.exeFirewallRules: [{5D29A9F9-8BA5-4C4A-92C5-84B0A50465F7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amazing World\AmazingWorld.exeFirewallRules: [{221B49BD-A410-48E8-B140-424CCC2440D2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Ironclad Tactics\Game.exeFirewallRules: [{3A2DD2E1-9E24-471A-B203-73912278E14C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Ironclad Tactics\Game.exeFirewallRules: [{F89D39A6-DC4C-43B0-9EC0-7BD15F51AC36}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exeFirewallRules: [{8A1B8B18-0018-49E5-9CCF-EB74958EFB24}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exeFirewallRules: [{2FE4DCD9-2BFF-486F-8DC1-C6883E0E5429}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exeFirewallRules: [{2A644A87-A2F6-4E2A-8035-79120CF19975}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exeFirewallRules: [{D8D74176-1369-4708-871A-96F934B4721D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cry of Fear\CoFLaunchApp.exeFirewallRules: [{678696E1-881B-41B6-98C6-0F2273D2FB45}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cry of Fear\CoFLaunchApp.exeFirewallRules: [TCP Query User{A424A491-10EC-4397-9036-A4AF203ACDCD}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Block) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exeFirewallRules: [uDP Query User{1702F69E-EC27-4497-9A9F-1F340057E704}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Block) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exeFirewallRules: [{09460DCB-E59D-4E82-A97E-CEC470617064}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CastleCrashers\castle.exeFirewallRules: [{40BAAC17-672F-464B-9974-D798C2E01F94}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CastleCrashers\castle.exeFirewallRules: [TCP Query User{D95210E3-F88C-42E9-9E62-9845D4AD4E1A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exeFirewallRules: [uDP Query User{97466C1C-29D4-46C9-AC35-79130A4F6726}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exeFirewallRules: [TCP Query User{8F359B21-2B49-4AEE-B13C-37F3737B64D6}C:\users\halca_000\appdata\local\torch\plugins\hola\hola_plugin_x64.exe] => (Block) C:\users\halca_000\appdata\local\torch\plugins\hola\hola_plugin_x64.exeFirewallRules: [uDP Query User{55A79EF8-E449-4FD7-BA63-8A3793F40977}C:\users\halca_000\appdata\local\torch\plugins\hola\hola_plugin_x64.exe] => (Block) C:\users\halca_000\appdata\local\torch\plugins\hola\hola_plugin_x64.exeFirewallRules: [TCP Query User{98090451-32DD-4F8A-B7CF-FAA2BE92F7C4}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exeFirewallRules: [uDP Query User{9DEDF3CC-69A8-4A87-889C-E051C9491E83}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exeFirewallRules: [{A154DEA0-1C43-48CB-B038-A2BA083EB563}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exeFirewallRules: [{BFE7530C-ED5C-43BB-A6F6-3ADF9E0321C6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exeFirewallRules: [{15DA8999-AE5B-4135-AD60-611722DED198}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Binding Of Isaac\Isaac.exeFirewallRules: [{20AAF40E-6C7C-41F6-9272-94D36DCA31CF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Binding Of Isaac\Isaac.exeFirewallRules: [{2E67CEE6-3D5A-41C8-B6B9-CB1225C49A1B}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exeFirewallRules: [{3768047C-8401-44D7-A71D-4CEA5EC5CB33}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exeFirewallRules: [{2D18C3D6-C6EC-4FA0-8B77-14B407A3AD10}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Brick-Force ROW\InfernumLogin.exeFirewallRules: [{255D589D-92C3-4FB9-82BF-3795907FB15C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Brick-Force ROW\InfernumLogin.exeFirewallRules: [{E35E1444-0683-4C26-8FD0-B8CE7F61ADC7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exeFirewallRules: [{415E1660-48A4-407E-8E1C-B5BB0AACF8D5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exeFirewallRules: [{7AB15407-B9B8-4472-A690-EA49B72CC04C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\X Rebirth\XRebirth.exeFirewallRules: [{B139A4E7-FB00-4F8E-ADCA-0EB4ABE350BE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\X Rebirth\XRebirth.exeFirewallRules: [TCP Query User{526B8273-C4F4-44B1-906F-4D5A3097A7B9}C:\program files (x86)\360\total security\safemon\qhsafetray.exe] => (Block) C:\program files (x86)\360\total security\safemon\qhsafetray.exeFirewallRules: [uDP Query User{2B8FC484-6980-4DBF-91EE-B16E52BDB45B}C:\program files (x86)\360\total security\safemon\qhsafetray.exe] => (Block) C:\program files (x86)\360\total security\safemon\qhsafetray.exeFirewallRules: [{4FB6E1EB-8AEC-44ED-BB51-6FCB840577D4}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exeFirewallRules: [{0920CB87-0C21-4262-A320-338716A9F521}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exeFirewallRules: [{A86BE10F-5A0C-48C6-82F1-D1DB59AFD214}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Amnesia.exeFirewallRules: [{23BA47CE-BC10-434E-85FE-1639C088E876}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Amnesia.exeFirewallRules: [{1469C652-B59B-4C0D-A1F3-E9F74F72DACB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Launcher.exeFirewallRules: [{630A237A-BC7D-44C2-B623-0B667376B8D7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Launcher.exeFirewallRules: [TCP Query User{F6A1232D-BCC5-417E-A635-56AB4D7FFE68}C:\windows\system32\javaw.exe] => (Block) C:\windows\system32\javaw.exeFirewallRules: [uDP Query User{A7893E4C-D812-4632-A5FA-9F92A65E3535}C:\windows\system32\javaw.exe] => (Block) C:\windows\system32\javaw.exeFirewallRules: [{C69D7EA4-445A-4D4D-BC47-82162F1B94FC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Clicker Heroes\Clicker Heroes.exeFirewallRules: [{3209999A-DD0C-499D-9634-0CD7A2904764}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Clicker Heroes\Clicker Heroes.exeFirewallRules: [TCP Query User{FACE13ED-1822-4F9C-9ADA-27348FED87B1}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exeFirewallRules: [uDP Query User{12DC88B8-9874-46E5-B91E-BF80226DB761}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exeFirewallRules: [{FCB323AE-08ED-48EE-8606-CBC0060C1211}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exeFirewallRules: [{2FB3D3BC-DD3F-43BD-9B1E-653D587AC663}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TimeClickers\TimeClickers.exeFirewallRules: [{CBC476DF-EAE8-49C4-B2C6-ED74ECCE47FA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TimeClickers\TimeClickers.exeFirewallRules: [{E28ADC6C-A414-409C-B2AA-34FA8A47D480}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Spooky's House of Jump Scares\SPOOKY.exeFirewallRules: [{C8A2EC8C-C62B-4636-BF0A-358D5494EE40}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Spooky's House of Jump Scares\SPOOKY.exeFirewallRules: [{0C63C7CA-46EB-41AD-9F27-F70A9D069687}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mitos.is The Game\Mitosis.exeFirewallRules: [{01F669C7-E877-489E-BBA1-C0846B280700}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mitos.is The Game\Mitosis.exeFirewallRules: [{17F9E0E3-F7E5-4021-B34F-0DEB8C88AFD6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Trove\GlyphClient.exeFirewallRules: [{4A741EC4-930E-4D7C-9BEB-49E47C87ED11}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Trove\GlyphClient.exeFirewallRules: [{807E8FA7-2211-4C20-AFA5-5DB11331B6BA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exeFirewallRules: [{77AE47F7-DABB-48F6-8AB3-C5F5B474B0A3}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exeFirewallRules: [{7519E145-7F27-4FA3-B832-1ADB1F50A55E}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe ==================== Faulty Device Manager Devices ============= Name: Qualcomm Atheros AR9485 802.11b/g/n WiFi AdapterDescription: Qualcomm Atheros AR9485 802.11b/g/n WiFi AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: Qualcomm Atheros Communications Inc.Service: athrProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors:==================Error: (08/16/2015 01:08:23 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )Description: Failed to schedule Software Protection service for re-start at 2115-07-23T18:08:22Z. Error Code: 0x80040154. Error: (08/16/2015 01:07:52 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )Description: Failed to schedule Software Protection service for re-start at 2115-07-23T18:07:52Z. Error Code: 0x80040154. Error: (08/16/2015 01:07:22 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )Description: Failed to schedule Software Protection service for re-start at 2115-07-23T18:07:22Z. Error Code: 0x80040154. Error: (08/16/2015 01:06:52 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )Description: Failed to schedule Software Protection service for re-start at 2115-07-23T18:06:52Z. Error Code: 0x80040154. Error: (08/16/2015 01:06:22 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )Description: Failed to schedule Software Protection service for re-start at 2115-07-23T18:06:22Z. Error Code: 0x80040154. Error: (08/16/2015 01:05:52 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )Description: Failed to schedule Software Protection service for re-start at 2115-07-23T18:05:52Z. Error Code: 0x80040154. Error: (08/16/2015 01:05:22 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )Description: Failed to schedule Software Protection service for re-start at 2115-07-23T18:05:22Z. Error Code: 0x80040154. Error: (08/16/2015 01:01:47 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: 030260~1.EXE, version: 7.8.712.2, time stamp: 0x5321d133Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005Fault offset: 0x676f7250Faulting process id: 0x608Faulting application start time: 0x030260~1.EXE0Faulting application path: 030260~1.EXE1Faulting module path: 030260~1.EXE2Report Id: 030260~1.EXE3Faulting package full name: 030260~1.EXE4Faulting package-relative application ID: 030260~1.EXE5 Error: (08/16/2015 01:00:24 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )Description: Failed to schedule Software Protection service for re-start at 2115-07-23T18:00:24Z. Error Code: 0x80040154. Error: (08/16/2015 12:59:54 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )Description: Failed to schedule Software Protection service for re-start at 2115-07-23T17:59:54Z. Error Code: 0x80040154. System errors:=============Error: (08/16/2015 01:08:47 PM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: The IPsec Policy Agent service terminated with the following error: %%10106 Error: (08/16/2015 01:06:16 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)Description: {4991D34B-80A1-4291-83B6-3328366B9097} Error: (08/16/2015 01:04:47 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)Description: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error: (08/16/2015 01:04:16 PM) (Source: Service Control Manager) (EventID: 7024) (User: )Description: The Background Intelligent Transfer Service service terminated with the following service-specific error: %%2147952506 Error: (08/16/2015 01:04:16 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT AUTHORITY)Description: The BITS service failed to start. Error 2147952506. Error: (08/16/2015 01:03:55 PM) (Source: WMPNetworkSvc) (EventID: 14348) (User: )Description: 0x80070057 Error: (08/16/2015 01:03:55 PM) (Source: WMPNetworkSvc) (EventID: 14323) (User: )Description: WMPNetworkSvc0xc00d4268 Error: (08/16/2015 01:03:55 PM) (Source: WMPNetworkSvc) (EventID: 14348) (User: )Description: 0x80070057 Error: (08/16/2015 01:03:55 PM) (Source: WMPNetworkSvc) (EventID: 14323) (User: )Description: WMPNetworkSvc0xc00d4268 Error: (08/16/2015 01:03:55 PM) (Source: WMPNetworkSvc) (EventID: 14348) (User: )Description: 0x80070057 Microsoft Office:========================= CodeIntegrity:=================================== Date: 2015-08-16 12:57:28.085 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-16 12:57:27.074 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-16 12:57:25.998 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-16 12:57:24.762 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-16 12:57:24.025 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-16 12:57:23.075 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-16 12:57:22.325 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-16 12:57:21.207 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-16 12:57:20.400 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-16 12:57:19.016 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: AMD A6-5200 APU with Radeon HD Graphics Percentage of memory in use: 36%Total physical RAM: 5580.01 MBAvailable physical RAM: 3534.62 MBTotal Virtual: 11212.01 MBAvailable Virtual: 8727.28 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:914.57 GB) (Free:626.43 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive d: (Recovery Image) (Fixed) (Total:15.46 GB) (Free:1.92 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 931.5 GB) (Disk ID: CE011A0D) Partition: GPT. ==================== End of log ============================
-
FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-08-2015Ran by Web (administrator) on JEFFERSON (16-08-2015 13:06:28)Running from C:\Users\Web\DesktopLoaded Profiles: Web (Available Profiles: Web & pauli_000 & mooke_000 & halca_000 & aklyk_000)Platform: Windows 8.1 (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: IE)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe(AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe(Microsoft Corporation) C:\Windows\System32\backgroundTaskHost.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [simplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2793016 2013-09-05] (Hewlett-Packard)HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [154680 2013-09-05] (Hewlett-Packard)HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [154680 2013-09-05] (Hewlett-Packard)HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7205592 2014-06-10] (Realtek Semiconductor)HKLM-x32\...\Run: [intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-02-27] (Intuit Inc. All rights reserved.)HKLM-x32\...\Run: [startCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-11] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /bootHKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\Run: [GoogleChromeAutoLaunch_E2EFA8B57D860A85EE2AA41549A6F263] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-08-07] (Google Inc.)HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22344224 2015-07-29] (Google)HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\Run: [GoogleChromeAutoLaunch_E79404C9801F5F746CB0082314E75BDB] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-08-07] (Google Inc.)HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\Run: [spotify] => C:\Users\Web\AppData\Roaming\Spotify\Spotify.exe [6621752 2014-08-29] (Spotify Ltd)HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\Run: [spotify Web Helper] => C:\Users\Web\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-29] (Spotify Ltd)AppInit_DLLs: C:\ProgramData\FlashBeat\FlashBeat64.dll => C:\ProgramData\FlashBeat\FlashBeat64.dll File not foundAppInit_DLLs-x32: C:\ProgramData\FlashBeat\FlashBeat32.dll => "C:\ProgramData\FlashBeat\FlashBeat32.dll" File not foundStartup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2014-06-08]ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2014-06-08]ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2014-06-08]ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.)ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)GroupPolicy: Group Policy on Chrome detected <======= ATTENTIONCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1HKU\S-1-5-21-2744511804-60897879-1795108344-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1HKU\S-1-5-21-2744511804-60897879-1795108344-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1SearchScopes: HKLM -> {AFD9007D-B1D0-490C-975A-78475FE8F8DE} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}SearchScopes: HKLM-x32 -> {AFD9007D-B1D0-490C-975A-78475FE8F8DE} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}SearchScopes: HKU\S-1-5-21-2744511804-60897879-1795108344-1001 -> {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = SearchScopes: HKU\S-1-5-21-2744511804-60897879-1795108344-1001 -> {AFD9007D-B1D0-490C-975A-78475FE8F8DE} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKU\S-1-5-21-2744511804-60897879-1795108344-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-08-16] (Oracle Corporation)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-16] (Oracle Corporation)BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cabHandler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll [2014-12-10] (Intuit, Inc.)Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\windows\SysWOW64\mscoree.dll [2013-08-21] (Microsoft Corporation)Winsock: Catalog9-x64 01 C:\windows\system32\WeWatcherLSP64.dll File Not ' & $found1 & 'Winsock: Catalog9-x64 02 C:\windows\system32\WeWatcherLSP64.dll File Not ' & $found1 & 'Winsock: Catalog9-x64 03 C:\windows\system32\WeWatcherLSP64.dll File Not ' & $found1 & 'Winsock: Catalog9-x64 04 C:\windows\system32\WeWatcherLSP64.dll File Not ' & $found1 & 'Winsock: Catalog9-x64 05 C:\windows\system32\Uiviuuj64.dll File Not ' & $found1 & 'Winsock: Catalog9-x64 06 C:\windows\system32\Uiviuuj64.dll File Not ' & $found1 & 'Winsock: Catalog9-x64 07 C:\windows\system32\Uiviuuj64.dll File Not ' & $found1 & 'Winsock: Catalog9-x64 08 C:\windows\system32\Uiviuuj64.dll File Not ' & $found1 & 'Winsock: Catalog9-x64 19 C:\windows\system32\Uiviuuj64.dll File Not ' & $found1 & 'Winsock: Catalog9-x64 20 C:\windows\system32\WeWatcherLSP64.dll File Not ' & $found1 & 'Tcpip\Parameters: [DhcpNameServer] 192.168.1.254Tcpip\..\Interfaces\{A3F2874C-718F-4260-98B6-DBD6F96607DF}: [DhcpNameServer] 192.168.1.254Tcpip\..\Interfaces\{AE402C42-EB0A-4278-A550-50AC5749342A}: [DhcpNameServer] 192.168.1.254 FireFox:========FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-16] (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-16] (Oracle Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) Chrome: =======CHR Profile: C:\Users\Web\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Docs) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-07]CHR Extension: (Google Drive) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-07]CHR Extension: (YouTube) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-07]CHR Extension: (Google Cast) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-01-01]CHR Extension: (Google Search) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-07]CHR Extension: (User-Agent Switcher for Chrome) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2014-06-07]CHR Extension: (Google News) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2014-06-07]CHR Extension: (Google+) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2014-06-07]CHR Extension: (Google Play Music) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2014-08-02]CHR Extension: (Google +1 Button) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp [2014-06-07]CHR Extension: (Google Voice (by Google)) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2014-06-07]CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-12]CHR Extension: (Boomerang for Gmail) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2014-06-07]CHR Extension: (Chrome Web Store Payments) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-07]CHR Extension: (Gmail) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-07]CHR HKU\S-1-5-21-2744511804-60897879-1795108344-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 0302601401919830mcinstcleanup; C:\windows\TEMP\030260~1.EXE [836168 2014-03-13] (McAfee, Inc.)S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-09-05] () [File not signed]R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-05] (Softex Inc.) [File not signed]S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2007048 2015-07-28] (Electronic Arts)R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-12-10] (Intuit) [File not signed]S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2013-10-10] (Intuit Inc.) [File not signed]R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-10-10] (Intuit Inc.) [File not signed]R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2014-06-10] (Realtek Semiconductor)S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-24] (Microsoft Corporation)R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)S3 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]S4 McMPFSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.)S3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-06-10] (Advanced Micro Devices)R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-16] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]S1 gaeymoun; \??\C:\windows\system32\drivers\gaeymoun.sys [X]S1 gilobxrb; \??\C:\windows\system32\drivers\gilobxrb.sys [X]S1 ktoqvcqe; \??\C:\windows\system32\drivers\ktoqvcqe.sys [X]S1 rixyksrm; \??\C:\windows\system32\drivers\rixyksrm.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-16 13:06 - 2015-08-16 13:06 - 00021298 _____ C:\Users\Web\Desktop\FRST.txt2015-08-16 13:05 - 2015-08-16 13:05 - 02173440 _____ (Farbar) C:\Users\Web\Desktop\FRST64.exe2015-08-16 12:52 - 2015-08-16 13:06 - 00000000 ____D C:\FRST2015-08-16 12:44 - 2015-08-16 12:44 - 00000000 ____D C:\ProgramData\Sun2015-08-16 12:44 - 2015-08-16 12:43 - 00110688 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll2015-08-16 12:43 - 2015-08-16 12:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2015-08-16 12:42 - 2015-08-16 12:42 - 00000000 ____D C:\ProgramData\Oracle2015-08-16 12:42 - 2015-08-16 12:42 - 00000000 ____D C:\Program Files\Java2015-08-16 12:35 - 2015-08-16 12:35 - 00000272 ____H C:\windows\Tasks\User_Feed_Synchronization-{C5F881FB-A495-42CB-A304-59516024C554}.job2015-08-16 12:33 - 2015-08-16 12:33 - 00000272 ____H C:\windows\Tasks\User_Feed_Synchronization-{04B9E90F-251F-4172-81A6-1ACCE334504E}.job2015-08-15 10:30 - 2015-08-15 11:28 - 00000000 ____D C:\Users\Web\AppData\Local\BrowserHelper2015-08-15 10:26 - 2015-08-15 10:26 - 00000272 ____H C:\windows\Tasks\User_Feed_Synchronization-{97BF5AF6-D346-4412-B19A-879C9F6FBBA8}.job2015-08-15 10:19 - 2015-08-15 10:19 - 694094341 _____ C:\windows\MEMORY.DMP2015-08-15 10:19 - 2015-08-15 10:19 - 00281296 _____ C:\windows\Minidump\081515-39234-01.dmp2015-08-15 10:19 - 2015-08-15 10:19 - 00000000 ____D C:\windows\Minidump2015-08-15 10:13 - 2015-08-15 11:28 - 00000000 ____D C:\Users\mooke_000\AppData\Local\BrowserHelper2015-08-15 10:13 - 2015-08-15 11:27 - 00000000 ____D C:\Program Files (x86)\0fbddb10-1b8a-43a6-825a-a4822c5d4b342015-08-15 10:13 - 2015-08-15 10:13 - 00000280 _____ C:\windows\Tasks\Launch 5906.job2015-08-15 10:12 - 2015-08-15 10:12 - 00001968 _____ C:\Users\pauli_000\Desktop\YTDownloader.lnk2015-08-15 10:12 - 2015-08-15 10:12 - 00000000 ____D C:\Users\pauli_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader2015-08-15 10:10 - 2015-08-15 10:10 - 00000000 ____D C:\Users\pauli_000\AppData\Local\CrashRpt2015-08-15 10:10 - 2015-08-15 10:10 - 00000000 _____ C:\windows\SysWOW64\Number of results2015-08-15 08:40 - 2015-08-15 10:21 - 00000010 _____ C:\Users\Public\Documents\test.txt2015-08-15 05:32 - 2015-08-15 05:32 - 00942955 _____ C:\Users\pauli_000\Downloads\Setup (3).zip2015-08-15 03:47 - 2015-08-15 03:47 - 00555288 _____ C:\Users\pauli_000\Downloads\Unconfirmed 588830.crdownload2015-08-15 03:11 - 2015-08-15 03:11 - 00943043 _____ C:\Users\pauli_000\Downloads\Setup (2).zip2015-08-15 03:11 - 2015-08-15 03:11 - 00446708 _____ C:\Users\pauli_000\Downloads\Setup (1).zip2015-08-15 02:02 - 2015-08-15 02:02 - 00555288 _____ C:\Users\pauli_000\Downloads\Unconfirmed 126890.crdownload2015-08-14 23:16 - 2015-08-14 23:17 - 00513920 _____ C:\Users\pauli_000\Downloads\Unconfirmed 693194.crdownload2015-08-14 22:15 - 2015-08-14 22:15 - 00340180 _____ C:\Users\pauli_000\Downloads\setup.zip2015-08-14 09:35 - 2015-08-14 09:35 - 00001055 _____ C:\Users\Web\Desktop\malwarebytes_20150814.txt2015-08-14 08:14 - 2015-08-14 08:14 - 00000000 ____D C:\Users\Web\AppData\Local\Games Bot2015-08-14 08:12 - 2015-08-14 08:12 - 00000258 __RSH C:\ProgramData\ntuser.pol2015-08-14 08:12 - 2015-08-14 08:12 - 00000033 _____ C:\CLMediaServer.ini2015-08-14 08:12 - 2015-08-14 08:12 - 00000000 ____D C:\Users\mooke_000\AppData\Local\Games Bot2015-08-14 07:42 - 2015-08-14 07:42 - 00000000 ____D C:\Users\pauli_000\AppData\Local\Torch2015-08-14 07:22 - 2015-08-14 07:22 - 00001152 _____ C:\Users\pauli_000\Desktop\Continue Live Installation.lnk2015-08-14 06:55 - 2015-08-14 07:50 - 00000000 ____D C:\Users\pauli_000\AppData\Local\125862015-08-14 06:46 - 2015-08-15 11:28 - 00000000 ____D C:\ProgramData\{8a7ebbef-ee3a-aeaf-8a7e-ebbefee3efbf}2015-08-14 06:45 - 2015-08-15 11:29 - 00000000 ____D C:\Users\pauli_000\Documents\DailyPCClean2015-08-14 06:45 - 2015-08-15 11:29 - 00000000 ____D C:\Program Files (x86)\ServiceUpdater2015-08-14 06:45 - 2015-08-14 08:11 - 00000000 ____D C:\Program Files (x86)\DailyPCClean2015-08-14 06:45 - 2015-08-14 07:59 - 00000000 _____ C:\end2015-08-14 06:45 - 2015-08-14 07:58 - 00000000 ____D C:\Program Files (x86)\DailyPcClean Support2015-08-14 06:45 - 2015-08-14 07:14 - 00003256 _____ C:\windows\System32\Tasks\DailyPCClean Schedule2015-08-14 06:45 - 2015-08-14 06:45 - 00003258 _____ C:\windows\System32\Tasks\runTask2015-08-14 06:45 - 2015-08-14 06:45 - 00003162 _____ C:\windows\System32\Tasks\updateTask2015-08-14 06:45 - 2015-08-14 06:45 - 00000217 _____ C:\task.vbs2015-08-14 06:44 - 2015-08-15 11:28 - 00000000 ____D C:\Program Files (x86)\adlevel2015-08-14 06:44 - 2015-08-14 06:44 - 00154826 _____ C:\Program Files (x86)\uninstaller.exe2015-08-14 06:44 - 2015-08-14 06:44 - 00000000 ____D C:\Users\pauli_000\AppData\Roaming\Mozilla2015-08-14 06:44 - 2015-08-14 06:44 - 00000000 ____D C:\Users\pauli_000\AppData\Roaming\Compete2015-08-14 06:44 - 2015-08-14 06:44 - 00000000 ____D C:\Program Files (x86)\TechVedic2015-08-14 06:43 - 2015-08-15 11:29 - 00000000 ____D C:\Program Files (x86)\Games Bot2015-08-14 06:43 - 2015-08-14 06:45 - 00000000 ____D C:\Users\pauli_000\AppData\Local\Games Bot2015-08-14 06:43 - 2015-08-14 06:43 - 00000000 ____D C:\windows\system32\upo2015-08-14 06:43 - 2015-08-14 06:43 - 00000000 ____D C:\Users\pauli_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games Bot2015-08-14 06:42 - 2015-08-15 11:28 - 00000000 ____D C:\Users\pauli_000\AppData\Local\SmartWeb2015-08-14 06:42 - 2015-08-15 11:28 - 00000000 ____D C:\Program Files (x86)\6cfea78c-9c9c-4604-995a-762bb7100ee62015-08-14 06:42 - 2015-08-14 08:12 - 00001056 _____ C:\windows\Tasks\zcS3EdYjY9p5nRKgHUxt47hB.job2015-08-14 06:42 - 2015-08-14 06:43 - 00004074 _____ C:\windows\System32\Tasks\zcS3EdYjY9p5nRKgHUxt47hB2015-08-14 06:42 - 2015-08-14 06:42 - 00000045 _____ C:\user.js2015-08-14 06:41 - 2015-08-15 21:37 - 00000000 ____D C:\Program Files (x86)\globalUpdate2015-08-14 06:41 - 2015-08-14 07:41 - 00000004 _____ C:\windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E72015-08-14 06:41 - 2015-08-14 06:41 - 00000000 ____D C:\Users\pauli_000\AppData\Local\globalUpdate2015-08-14 06:40 - 2015-08-15 11:29 - 00000000 ____D C:\ProgramData\Service12912015-08-14 06:40 - 2015-08-15 11:28 - 00000000 ____D C:\Users\pauli_000\AppData\Local\A2D4B635-D1D1-4A62-A97D-A44A47B89802015-08-14 06:40 - 2015-08-14 06:45 - 00000370 ____H C:\windows\Tasks\OKJQVJWHKAAQRNFR.job2015-08-14 06:40 - 2015-08-14 06:40 - 00004312 _____ C:\windows\System32\Tasks\A2D4B635-D1D1-4A62-A97D-A44A47B89802015-08-14 06:40 - 2015-08-14 06:40 - 00003386 _____ C:\windows\System32\Tasks\OKJQVJWHKAAQRNFR2015-08-14 06:40 - 2015-08-14 06:40 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e2015-08-13 20:32 - 2015-08-15 11:28 - 00000000 ____D C:\Users\pauli_000\AppData\Local\A6C6C989-1439497946-BC3E-14FC-D623B3EBFD982015-08-13 20:32 - 2013-08-22 08:25 - 00000824 _____ C:\windows\system32\Drivers\etc\hp.bak2015-08-13 20:31 - 2015-08-15 11:45 - 00000000 ____D C:\Program Files (x86)\A6C6C989-1439515876-BC3E-14FC-D623B3EBFD982015-08-13 20:30 - 2015-08-13 20:30 - 00001335 _____ C:\Users\mooke_000\AppData\Local\Chrome .lnk2015-08-13 20:30 - 2015-08-13 20:30 - 00000298 _____ C:\Users\mooke_000\AppData\Local\Firefox .lnk2015-08-13 20:29 - 2015-08-15 11:28 - 00000000 ____D C:\Program Files (x86)\Iminent2015-08-13 20:29 - 2015-08-14 09:31 - 00001365 _____ C:\Users\mooke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome .lnk2015-08-13 20:29 - 2015-08-13 20:29 - 00001008 _____ C:\Users\mooke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Iexplore .lnk2015-08-13 20:29 - 2015-08-13 20:29 - 00000984 _____ C:\Users\mooke_000\AppData\Local\Iexplore .lnk2015-08-13 20:29 - 2015-08-13 20:29 - 00000298 _____ C:\Users\mooke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefox .lnk2015-08-13 20:28 - 2015-08-15 11:28 - 00000000 ____D C:\ProgramData\SearchModule2015-08-13 20:28 - 2015-08-13 20:28 - 00003852 _____ C:\windows\System32\Tasks\Smp2015-08-13 20:28 - 2015-08-13 20:28 - 00000000 ____D C:\Program Files (x86)\app_setup2015-08-13 20:28 - 2015-08-13 20:28 - 00000000 _____ C:\windows\SysWOW64\minibrowser.log2015-08-13 20:27 - 2015-08-13 20:27 - 00000000 ____D C:\Users\pauli_000\AppData\Roaming\WTools2015-08-13 20:26 - 2015-08-15 21:37 - 00000000 ____D C:\Users\pauli_000\AppData\Roaming\Store2015-08-13 20:26 - 2015-08-15 11:28 - 00000000 ____D C:\Users\pauli_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bubble Dock2015-08-13 20:21 - 2015-08-14 07:58 - 00000000 ____D C:\Program Files (x86)\DnsIo2015-08-13 20:21 - 2015-08-13 20:21 - 00001249 _____ C:\Users\pauli_000\Desktop\Continue installation .lnk2015-08-13 19:05 - 2015-08-13 19:05 - 00000000 ____D C:\Users\mooke_000\Downloads\Trove Hack Tool Downloader__3687_i1580706326.exe2015-08-13 19:01 - 2015-08-13 19:01 - 00540750 _____ C:\Users\mooke_000\Downloads\Trove Hack Tool Downloader__3687_i1580706326.exe.rar2015-08-13 03:44 - 2015-07-30 09:04 - 00124624 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll2015-08-13 03:44 - 2015-07-30 08:48 - 00103120 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll2015-08-12 20:35 - 2015-08-12 20:36 - 00000000 ____D C:\Users\mooke_000\AppData\Roaming\Trove2015-08-12 19:58 - 2015-08-12 19:58 - 00000222 _____ C:\Users\mooke_000\Desktop\Trove.url2015-08-12 19:14 - 2015-08-12 19:14 - 00000000 ____D C:\Users\mooke_000\AppData\Roaming\com.freakinware.mitosis2015-08-12 19:05 - 2015-08-12 19:05 - 00000222 _____ C:\Users\mooke_000\Desktop\Mitos.is The Game.url2015-08-12 18:42 - 2015-08-12 18:42 - 00000222 _____ C:\Users\mooke_000\Desktop\Spooky's House of Jump Scares.url2015-08-12 16:05 - 2015-08-12 16:05 - 00000222 _____ C:\Users\mooke_000\Desktop\Time Clickers.url2015-08-12 04:06 - 2015-07-28 18:24 - 00025776 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe2015-08-12 04:06 - 2015-07-28 09:24 - 01148416 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll2015-08-12 04:06 - 2015-07-28 09:24 - 01116160 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll2015-08-12 04:06 - 2015-07-28 09:24 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll2015-08-12 04:06 - 2015-07-28 09:24 - 00743424 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll2015-08-12 04:06 - 2015-07-28 09:24 - 00437248 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll2015-08-12 04:06 - 2015-07-28 09:24 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll2015-08-12 04:06 - 2015-07-18 20:58 - 00136904 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe2015-08-12 04:06 - 2015-07-18 13:51 - 03704320 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll2015-08-12 04:06 - 2015-07-18 13:31 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll2015-08-12 04:06 - 2015-07-18 13:31 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll2015-08-12 04:06 - 2015-07-18 13:31 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe2015-08-12 04:06 - 2015-07-18 13:29 - 00409088 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll2015-08-12 04:06 - 2015-07-18 13:29 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll2015-08-12 04:06 - 2015-07-18 13:28 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll2015-08-12 04:06 - 2015-07-18 13:12 - 02228736 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll2015-08-12 04:06 - 2015-07-18 13:10 - 00891904 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll2015-08-12 04:06 - 2015-07-18 13:09 - 00721920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll2015-08-12 04:06 - 2015-07-15 19:29 - 07458648 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe2015-08-12 04:06 - 2015-07-15 19:29 - 01735000 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll2015-08-12 04:06 - 2015-07-15 19:29 - 00101720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys2015-08-12 04:06 - 2015-07-15 19:28 - 01499920 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll2015-08-12 04:06 - 2015-07-10 12:54 - 01217024 _____ (Microsoft Corporation) C:\windows\system32\sysmain.dll2015-08-12 04:06 - 2015-07-01 17:19 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll2015-08-12 04:06 - 2015-07-01 17:16 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll2015-08-12 04:06 - 2015-07-01 16:37 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll2015-08-12 04:06 - 2015-07-01 16:35 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll2015-08-12 04:05 - 2015-07-18 13:29 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe2015-08-12 04:05 - 2015-06-09 13:27 - 00411133 _____ C:\windows\system32\ApnDatabase.xml2015-08-12 04:04 - 2015-07-16 16:14 - 25192448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll2015-08-12 04:04 - 2015-07-16 15:36 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll2015-08-12 04:04 - 2015-07-16 15:36 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec2015-08-12 04:04 - 2015-07-16 15:35 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll2015-08-12 04:04 - 2015-07-16 15:26 - 05923328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll2015-08-12 04:04 - 2015-07-16 15:23 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll2015-08-12 04:04 - 2015-07-16 15:21 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll2015-08-12 04:04 - 2015-07-16 15:20 - 19870208 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll2015-08-12 04:04 - 2015-07-16 14:53 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll2015-08-12 04:04 - 2015-07-16 14:51 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll2015-08-12 04:04 - 2015-07-16 14:50 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec2015-08-12 04:04 - 2015-07-16 14:45 - 02279424 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll2015-08-12 04:04 - 2015-07-16 14:45 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll2015-08-12 04:04 - 2015-07-16 14:41 - 00479232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll2015-08-12 04:04 - 2015-07-16 14:39 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll2015-08-12 04:04 - 2015-07-16 14:38 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll2015-08-12 04:04 - 2015-07-16 14:36 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll2015-08-12 04:04 - 2015-07-16 14:34 - 14451200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll2015-08-12 04:04 - 2015-07-16 14:32 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl2015-08-12 04:04 - 2015-07-16 14:14 - 02880000 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll2015-08-12 04:04 - 2015-07-16 14:13 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll2015-08-12 04:04 - 2015-07-16 14:12 - 04520448 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll2015-08-12 04:04 - 2015-07-16 14:12 - 02427904 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll2015-08-12 04:04 - 2015-07-16 14:10 - 12856832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll2015-08-12 04:04 - 2015-07-16 14:06 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll2015-08-12 04:04 - 2015-07-16 14:01 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll2015-08-12 04:04 - 2015-07-16 13:52 - 01048576 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll2015-08-12 04:04 - 2015-07-16 13:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll2015-08-12 04:04 - 2015-07-16 13:42 - 01951232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll2015-08-12 04:04 - 2015-07-16 13:38 - 01310720 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll2015-08-12 04:04 - 2015-07-16 13:37 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll2015-08-12 04:03 - 2015-07-07 04:40 - 00270168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys2015-08-12 04:03 - 2015-07-07 04:40 - 00114520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdNisDrv.sys2015-08-12 04:03 - 2015-07-07 04:40 - 00044560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys2015-08-12 04:03 - 2015-06-12 12:03 - 18823680 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll2015-08-12 04:03 - 2015-06-12 11:36 - 15159296 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll2015-08-12 04:01 - 2015-07-29 09:37 - 01994752 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll2015-08-12 04:01 - 2015-07-29 09:30 - 01381888 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll2015-08-12 04:01 - 2015-07-29 09:23 - 01559552 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll2015-08-12 04:01 - 2015-07-24 13:57 - 04177408 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys2015-08-12 04:01 - 2015-07-24 13:57 - 00358912 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll2015-08-12 04:01 - 2015-07-24 13:52 - 00044032 _____ (Adobe Systems) C:\windows\system32\atmlib.dll2015-08-12 04:01 - 2015-07-24 12:27 - 00301568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll2015-08-12 04:01 - 2015-07-24 12:23 - 00035840 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll2015-08-12 04:01 - 2015-07-14 16:59 - 01113944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys2015-08-12 04:01 - 2015-07-14 16:59 - 00487256 _____ (Microsoft Corporation) C:\windows\system32\netcfgx.dll2015-08-12 04:01 - 2015-07-14 16:59 - 00393560 _____ (Microsoft Corporation) C:\windows\SysWOW64\netcfgx.dll2015-08-12 04:01 - 2015-07-13 22:22 - 02529880 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll2015-08-12 04:01 - 2015-07-13 22:21 - 01901776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll2015-08-12 04:01 - 2015-07-13 14:46 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll2015-08-12 04:01 - 2015-07-13 14:45 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\basesrv.dll2015-08-12 04:01 - 2015-07-10 13:19 - 01101824 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll2015-08-12 04:01 - 2015-07-10 12:42 - 02345472 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll2015-08-12 04:01 - 2015-07-10 12:14 - 00856064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll2015-08-12 04:01 - 2015-07-10 12:13 - 07032320 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll2015-08-12 04:01 - 2015-07-10 11:47 - 01556992 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll2015-08-12 04:01 - 2015-07-10 11:31 - 06213120 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll2015-08-12 04:01 - 2015-07-09 12:13 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\notepad.exe2015-08-12 04:01 - 2015-07-09 12:13 - 00221184 _____ (Microsoft Corporation) C:\windows\notepad.exe2015-08-12 04:01 - 2015-07-09 11:30 - 00212992 _____ (Microsoft Corporation) C:\windows\SysWOW64\notepad.exe2015-08-12 04:01 - 2015-06-11 15:12 - 02476376 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys2015-08-12 04:01 - 2015-06-11 15:12 - 00428888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS2015-08-12 04:01 - 2015-05-11 19:24 - 00536920 _____ (Microsoft Corporation) C:\windows\system32\mcupdate_GenuineIntel.dll2015-08-09 14:43 - 2015-08-09 14:43 - 00000742 _____ C:\Users\mooke_000\Documents\Desktop - Shortcut.lnk2015-08-09 13:45 - 2015-08-07 07:59 - 03930112 _____ (ProjectPokémon) C:\Users\mooke_000\Desktop\PKHeX.exe2015-08-09 13:42 - 2015-08-09 13:43 - 01982114 _____ C:\Users\mooke_000\Downloads\PKHeX (08-08-15).zip2015-07-29 11:07 - 2015-07-29 11:07 - 00000000 ____D C:\Users\mooke_000\Downloads\powersaves3ds-software-1292015-07-29 11:07 - 2015-07-27 12:30 - 04065363 _____ (Datel Design & Development ) C:\Users\mooke_000\Desktop\powersaves_setup_v1.29.exe2015-07-29 11:04 - 2015-07-29 11:04 - 04034094 _____ C:\Users\mooke_000\Downloads\powersaves3ds-software-129.zip2015-07-26 20:29 - 2015-07-26 20:29 - 00986311 _____ C:\Users\mooke_000\Downloads\RebirthCCLauncher.zip2015-07-24 16:52 - 2015-07-24 16:52 - 00969584 _____ (ROBLOX Corporation) C:\Users\mooke_000\Downloads\RobloxPlayerLauncher (1).exe2015-07-22 18:46 - 2015-07-22 18:46 - 00000000 ____D C:\Users\mooke_000\AppData\Local\CEF2015-07-20 16:58 - 2015-07-20 17:00 - 115236013 _____ C:\Users\mooke_000\Downloads\JSTR_Universal_1.7.x.zip ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-16 13:04 - 2014-06-04 17:07 - 01425902 _____ C:\windows\WindowsUpdate.log2015-08-16 13:03 - 2014-06-04 17:14 - 00000000 __RDO C:\Users\Web\SkyDrive2015-08-16 13:02 - 2014-10-10 14:19 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2015-08-16 13:02 - 2013-08-22 09:45 - 00000006 ____H C:\windows\Tasks\SA.DAT2015-08-16 13:01 - 2013-08-24 16:32 - 00296706 _____ C:\windows\PFRO.log2015-08-16 13:01 - 2013-08-22 09:46 - 00026440 _____ C:\windows\setupact.log2015-08-16 13:01 - 2013-08-22 08:25 - 01048576 ___SH C:\windows\system32\config\BBI2015-08-16 13:00 - 2013-08-22 10:36 - 00000000 ____D C:\windows\system32\sru2015-08-16 12:40 - 2013-08-22 10:36 - 00000000 ____D C:\windows\AppReadiness2015-08-16 12:35 - 2014-06-29 07:08 - 00000000 ____D C:\EDS2015-08-16 12:18 - 2014-06-27 15:25 - 00000000 ____D C:\Program Files (x86)\Steam2015-08-16 12:02 - 2014-12-29 17:02 - 00000000 ____D C:\Users\mooke_000\AppData\Roaming\Skype2015-08-16 10:00 - 2014-06-05 17:19 - 00000000 __RDO C:\Users\mooke_000\SkyDrive2015-08-16 09:07 - 2015-03-05 16:27 - 00000000 ____D C:\ProgramData\Origin2015-08-16 07:04 - 2014-06-05 17:30 - 00000000 ____D C:\Users\mooke_000\AppData\Roaming\.minecraft2015-08-15 21:39 - 2014-09-01 08:44 - 00000000 ___RD C:\Users\pauli_000\Google Drive2015-08-15 21:38 - 2014-06-04 21:41 - 00000000 __RDO C:\Users\pauli_000\SkyDrive2015-08-15 15:20 - 2013-08-24 16:38 - 00891920 _____ C:\windows\system32\PerfStringBackup.INI2015-08-15 15:05 - 2014-05-29 19:42 - 00065536 _____ C:\windows\system32\spu_storage.bin2015-08-15 11:29 - 2013-08-22 08:25 - 00000301 _____ C:\windows\win.ini2015-08-15 11:27 - 2015-04-10 19:27 - 00000000 ____D C:\Program Files (x86)\3602015-08-15 11:27 - 2013-08-22 10:36 - 00000000 ____D C:\windows\SysWOW64\GroupPolicy2015-08-15 10:27 - 2014-06-05 17:04 - 00000000 ____D C:\Users\mooke_0002015-08-15 10:25 - 2014-11-15 16:50 - 00000000 __SHD C:\Users\Web\AppData\Local\EmieBrowserModeList2015-08-15 10:25 - 2014-06-11 19:43 - 00000000 __SHD C:\Users\Web\AppData\Local\EmieUserList2015-08-15 10:25 - 2014-06-11 19:43 - 00000000 __SHD C:\Users\Web\AppData\Local\EmieSiteList2015-08-15 10:22 - 2014-06-04 18:06 - 00000000 ____D C:\Users\pauli_0002015-08-15 10:20 - 2014-06-05 17:57 - 00002348 _____ C:\Users\Public\Desktop\Google Chrome.lnk2015-08-15 10:12 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Common Files\System2015-08-14 09:30 - 2015-01-31 12:08 - 00035328 ___SH C:\Users\mooke_000\Desktop\Thumbs.db2015-08-14 08:11 - 2013-08-22 09:45 - 00000000 ____D C:\windows\Setup2015-08-14 08:08 - 2014-06-04 21:45 - 00003594 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2744511804-60897879-1795108344-10042015-08-14 07:14 - 2014-06-05 17:36 - 00000926 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job2015-08-14 07:00 - 2014-10-10 14:19 - 00001121 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-08-14 07:00 - 2014-10-10 14:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-08-14 07:00 - 2014-10-10 14:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware2015-08-14 06:50 - 2015-03-05 19:35 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk2015-08-14 06:43 - 2015-03-11 12:13 - 00657920 _____ (Microsoft Corporation) C:\windows\system32\dnsapi.dll2015-08-14 06:43 - 2015-03-11 12:12 - 00498688 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnsapi.dll2015-08-14 06:42 - 2014-06-04 18:06 - 00003946 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{CCDD9EF7-4E0A-476E-96E0-B7B28717D32C}2015-08-14 06:37 - 2015-06-28 18:12 - 00000998 _____ C:\Users\Public\Desktop\Minecraft.lnk2015-08-14 06:37 - 2015-04-12 19:54 - 00000605 _____ C:\Users\Public\Desktop\Fraps.lnk2015-08-14 06:37 - 2015-04-10 19:06 - 00001122 _____ C:\Users\pauli_000\Desktop\Cheat Engine.lnk2015-08-14 06:37 - 2015-03-08 16:36 - 00000955 _____ C:\Users\mooke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mine-imator.lnk2015-08-14 06:37 - 2015-03-05 21:17 - 00001368 _____ C:\Users\Public\Desktop\PVZ Garden Warfare.lnk2015-08-14 06:37 - 2015-03-05 19:35 - 00002064 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk2015-08-14 06:37 - 2015-03-05 16:27 - 00001016 _____ C:\Users\Public\Desktop\Origin.lnk2015-08-14 06:37 - 2015-01-31 12:08 - 00001255 _____ C:\Users\mooke_000\Desktop\TechnicLauncher - Shortcut.lnk2015-08-14 06:37 - 2015-01-19 08:48 - 00001521 _____ C:\Users\pauli_000\Desktop\ROBLOX Player.lnk2015-08-14 06:37 - 2015-01-19 08:48 - 00001336 _____ C:\Users\pauli_000\Desktop\ROBLOX Studio.lnk2015-08-14 06:37 - 2014-12-24 15:50 - 00001521 _____ C:\Users\mooke_000\Desktop\ROBLOX Player.lnk2015-08-14 06:37 - 2014-12-24 15:49 - 00001336 _____ C:\Users\mooke_000\Desktop\ROBLOX Studio.lnk2015-08-14 06:37 - 2014-12-22 11:32 - 00002731 _____ C:\Users\Public\Desktop\Skype.lnk2015-08-14 06:37 - 2014-09-01 08:44 - 00001848 _____ C:\Users\pauli_000\Desktop\Google Drive.lnk2015-08-14 06:37 - 2014-08-29 21:16 - 00001962 _____ C:\Users\Web\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk2015-08-14 06:37 - 2014-08-29 21:16 - 00001956 _____ C:\Users\Web\Desktop\Spotify.lnk2015-08-14 06:37 - 2014-08-22 14:58 - 00001355 _____ C:\Users\halca_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk2015-08-14 06:37 - 2014-08-02 10:19 - 00001163 _____ C:\Users\Public\Desktop\iRepo.lnk2015-08-14 06:37 - 2014-08-02 10:03 - 00003145 _____ C:\Users\Public\Desktop\Music Rescue.lnk2015-08-14 06:37 - 2014-08-02 09:53 - 00003069 _____ C:\Users\Web\Desktop\TouchCopy 12.lnk2015-08-14 06:37 - 2014-08-02 09:48 - 00001044 _____ C:\Users\Public\Desktop\Sharepod.lnk2015-08-14 06:37 - 2014-06-27 15:25 - 00001000 _____ C:\Users\Public\Desktop\Steam.lnk2015-08-14 06:37 - 2014-06-18 09:09 - 00001820 _____ C:\Users\Public\Desktop\iTunes.lnk2015-08-14 06:37 - 2014-06-13 18:14 - 00002258 _____ C:\Users\pauli_000\Desktop\HP Support Assistant.lnk2015-08-14 06:37 - 2014-06-11 19:44 - 00002655 _____ C:\Users\Web\Desktop\Microsoft Office Word 2007.lnk2015-08-14 06:37 - 2014-06-11 19:44 - 00002655 _____ C:\Users\Web\Desktop\Microsoft Office Excel 2007.lnk2015-08-14 06:37 - 2014-06-11 16:14 - 00002655 _____ C:\Users\pauli_000\Desktop\Microsoft Office Word 2007.lnk2015-08-14 06:37 - 2014-06-11 16:14 - 00002655 _____ C:\Users\pauli_000\Desktop\Microsoft Office Excel 2007.lnk2015-08-14 06:37 - 2014-06-08 15:49 - 00002152 _____ C:\Users\Public\Desktop\QuickBooks Pro 2014.lnk2015-08-14 06:37 - 2014-06-07 18:55 - 00001842 _____ C:\Users\Web\Desktop\Google Drive.lnk2015-08-14 06:37 - 2014-06-07 14:44 - 00002083 _____ C:\Users\Public\Desktop\Google Slides.lnk2015-08-14 06:37 - 2014-06-07 14:44 - 00002081 _____ C:\Users\Public\Desktop\Google Sheets.lnk2015-08-14 06:37 - 2014-06-07 14:44 - 00002071 _____ C:\Users\Public\Desktop\Google Docs.lnk2015-08-14 06:37 - 2014-06-05 17:36 - 00000922 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job2015-08-14 06:37 - 2014-06-05 17:29 - 00001077 _____ C:\Users\mooke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft.lnk2015-08-14 06:37 - 2014-06-04 21:53 - 00001819 _____ C:\Users\Public\Desktop\Vuze.lnk2015-08-14 06:37 - 2014-06-04 18:06 - 00001443 _____ C:\Users\pauli_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2015-08-14 06:37 - 2014-06-04 17:10 - 00001443 _____ C:\Users\Web\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2015-08-14 06:37 - 2014-05-29 20:41 - 00001332 _____ C:\Users\Public\Desktop\HP Smart Friend.lnk2015-08-14 06:36 - 2015-01-18 14:11 - 00001336 _____ C:\Users\halca_000\Desktop\ROBLOX Studio.lnk2015-08-14 06:36 - 2015-01-16 16:09 - 00001348 _____ C:\Users\halca_000\Desktop\Continue Five Nights at Freddy's Installation.lnk2015-08-14 06:36 - 2014-12-31 17:27 - 00001298 _____ C:\Users\halca_000\Desktop\Continue File Opener Installation.lnk2015-08-14 06:36 - 2014-10-12 15:04 - 00001521 _____ C:\Users\halca_000\Desktop\ROBLOX Player.lnk2015-08-14 06:36 - 2014-08-25 16:55 - 00001318 _____ C:\Users\halca_000\Desktop\Continue Free Download Installation.lnk2015-08-14 06:36 - 2014-08-24 10:40 - 00002472 _____ C:\Users\halca_000\Desktop\Facebook.lnk2015-08-14 06:36 - 2014-08-24 10:40 - 00002468 _____ C:\Users\halca_000\Desktop\Youtube.lnk2015-08-14 06:36 - 2014-08-24 10:40 - 00002448 _____ C:\Users\halca_000\Desktop\Free Music.lnk2015-08-14 06:36 - 2014-08-24 10:40 - 00002448 _____ C:\Users\halca_000\Desktop\Free Games.lnk2015-08-14 06:36 - 2014-08-22 14:58 - 00001547 _____ C:\Users\halca_000\Desktop\Torch.lnk2015-08-14 06:36 - 2014-08-22 14:56 - 00001211 _____ C:\Users\halca_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk2015-08-14 06:36 - 2014-06-29 07:08 - 00001443 _____ C:\Users\aklyk_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2015-08-14 06:36 - 2014-06-29 07:08 - 00000551 _____ C:\Users\aklyk_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk2015-08-14 06:36 - 2014-06-29 07:08 - 00000549 _____ C:\Users\aklyk_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk2015-08-14 06:36 - 2014-06-16 16:25 - 00001735 _____ C:\Users\halca_000\Desktop\Pokémon Trading Card Game Online.lnk2015-08-14 06:36 - 2014-06-08 02:03 - 00000551 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk2015-08-14 06:36 - 2014-06-08 02:03 - 00000551 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk2015-08-14 06:36 - 2014-06-08 02:03 - 00000549 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk2015-08-14 06:36 - 2014-06-08 02:03 - 00000549 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk2015-08-14 06:36 - 2014-06-05 18:34 - 00001443 _____ C:\Users\halca_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2015-08-13 21:41 - 2013-08-22 10:36 - 00000000 ___HD C:\windows\system32\GroupPolicy2015-08-13 20:40 - 2015-06-25 14:21 - 00000368 _____ C:\windows\Tasks\HPCeeScheduleForpauli_000.job2015-08-13 20:40 - 2013-08-22 09:44 - 00441296 _____ C:\windows\system32\FNTCACHE.DAT2015-08-13 20:38 - 2014-08-03 12:38 - 00000000 ____D C:\Program Files\Microsoft Silverlight2015-08-13 20:38 - 2014-08-03 12:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight2015-08-13 20:35 - 2014-12-12 08:32 - 00000000 ____D C:\windows\system32\appraiser2015-08-13 20:35 - 2014-07-16 17:12 - 00000000 ___SD C:\windows\system32\CompatTel2015-08-13 20:35 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2015-08-13 20:35 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2015-08-13 20:35 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2015-08-13 20:35 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2015-08-13 20:35 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Windows Defender2015-08-13 20:35 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender2015-08-13 20:33 - 2014-06-05 17:21 - 00003594 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2744511804-60897879-1795108344-10052015-08-13 20:16 - 2014-06-07 14:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive2015-08-13 17:27 - 2014-06-05 17:05 - 00003946 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{E1291903-9E5D-49F7-9CC8-108CE3F4EC8A}2015-08-13 14:45 - 2014-06-05 14:46 - 00000052 _____ C:\windows\SysWOW64\DOErrors.log2015-08-13 14:41 - 2014-12-24 15:49 - 00000000 ____D C:\Users\mooke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox2015-08-13 03:45 - 2014-06-11 08:45 - 00000000 ____D C:\ProgramData\Microsoft Help2015-08-13 03:45 - 2013-08-22 10:20 - 00000000 ____D C:\windows\CbsTemp2015-08-13 03:43 - 2014-08-03 12:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight2015-08-13 03:40 - 2014-06-07 05:31 - 00000000 ____D C:\windows\system32\MRT2015-08-13 03:21 - 2014-06-07 05:31 - 132483416 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe2015-08-12 19:28 - 2015-06-22 17:57 - 00000000 ____D C:\Users\mooke_000\Powersaves3DS2015-08-11 14:01 - 2015-06-25 14:21 - 00003190 _____ C:\windows\System32\Tasks\HPCeeScheduleForpauli_0002015-08-09 17:14 - 2014-06-05 17:05 - 00000000 ____D C:\Users\mooke_000\AppData\Local\Packages2015-08-08 08:55 - 2015-03-14 08:21 - 00794088 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe2015-08-08 08:55 - 2015-03-14 08:21 - 00179688 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl2015-08-01 15:49 - 2015-06-28 18:12 - 00000000 ____D C:\Program Files (x86)\Minecraft2015-08-01 14:11 - 2015-06-22 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Action Replay PowerSaves 3DS2015-08-01 14:11 - 2015-06-22 17:57 - 00000000 ____D C:\Program Files (x86)\Action Replay PowerSaves 3DS2015-08-01 14:06 - 2014-06-04 17:09 - 00000000 ____D C:\Users\Web2015-07-30 10:55 - 2013-08-22 10:36 - 00000000 ____D C:\windows\system32\NDF2015-07-30 09:45 - 2014-06-29 07:08 - 00000000 ____D C:\Users\aklyk_0002015-07-30 09:45 - 2014-06-05 18:34 - 00000000 ____D C:\Users\halca_0002015-07-30 09:09 - 2014-06-08 07:04 - 00003922 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{97BF5AF6-D346-4412-B19A-879C9F6FBBA8}2015-07-28 18:20 - 2015-03-05 16:30 - 00000000 ____D C:\Users\mooke_000\AppData\Roaming\Origin2015-07-28 18:14 - 2015-03-05 16:27 - 00000000 ____D C:\Program Files (x86)\Origin2015-07-25 05:11 - 2015-04-04 09:03 - 00000000 ___SD C:\windows\system32\GWX2015-07-22 21:11 - 2013-08-22 10:36 - 00000000 ____D C:\windows\rescache2015-07-22 07:28 - 2015-01-31 11:51 - 04731400 _____ () C:\Users\mooke_000\Desktop\TechnicLauncher.exe2015-07-22 07:27 - 2015-01-31 12:04 - 00000000 ____D C:\Users\mooke_000\AppData\Roaming\.technic2015-07-19 10:39 - 2015-04-04 09:03 - 00000000 ___SD C:\windows\SysWOW64\GWX2015-07-19 10:39 - 2013-08-22 10:36 - 00000000 ___RD C:\windows\ToastData2015-07-19 10:39 - 2013-08-22 10:36 - 00000000 ____D C:\windows\WinStore2015-07-19 07:50 - 2014-06-05 18:34 - 00003946 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{29EB089F-8B13-46EE-B4F2-40CFC60D11E2} ==================== Files in the root of some directories ======= 2015-05-12 18:22 - 2015-05-12 18:22 - 0099678 _____ () C:\Program Files (x86)\tunepro138x138.ico2015-08-14 06:44 - 2015-08-14 06:44 - 0154826 _____ () C:\Program Files (x86)\uninstaller.exe2014-08-02 10:04 - 2014-08-02 10:05 - 0000360 _____ () C:\Users\Web\AppData\Roaming\com.kennettnet.MusicRescue4.plist2014-11-14 13:52 - 2014-11-14 13:53 - 0002747 _____ () C:\Users\Web\AppData\Roaming\QBFileDrTool.log Some files in TEMP:====================C:\Users\mooke_000\AppData\Local\Temp\SkypeSetup.exeC:\Users\pauli_000\AppData\Local\Temp\UNINSTALL.EXEC:\Users\Web\AppData\Local\Temp\Abspdf.exeC:\Users\Web\AppData\Local\Temp\acfpdfu.dllC:\Users\Web\AppData\Local\Temp\acfpdfuamd64.dllC:\Users\Web\AppData\Local\Temp\acfpdfui.dllC:\Users\Web\AppData\Local\Temp\acfpdfuia64.dllC:\Users\Web\AppData\Local\Temp\acfpdfuiamd64.dllC:\Users\Web\AppData\Local\Temp\acfpdfuiia64.dllC:\Users\Web\AppData\Local\Temp\cdintf.dllC:\Users\Web\AppData\Local\Temp\converter.exeC:\Users\Web\AppData\Local\Temp\DseShExt-x64.dllC:\Users\Web\AppData\Local\Temp\DseShExt-x86.dllC:\Users\Web\AppData\Local\Temp\PDFPRT400.exeC:\Users\Web\AppData\Local\Temp\qqlghddd.dllC:\Users\Web\AppData\Local\Temp\SDShelEx-win32.dllC:\Users\Web\AppData\Local\Temp\SDShelEx-x64.dllC:\Users\Web\AppData\Local\Temp\tu17p84.exeC:\Users\Web\AppData\Local\Temp\xmllite.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\windows\system32\winlogon.exe => File is digitally signedC:\windows\system32\wininit.exe => File is digitally signedC:\windows\explorer.exe => File is digitally signedC:\windows\SysWOW64\explorer.exe => File is digitally signedC:\windows\system32\svchost.exe => File is digitally signedC:\windows\SysWOW64\svchost.exe => File is digitally signedC:\windows\system32\services.exe => File is digitally signedC:\windows\system32\User32.dll => File is digitally signedC:\windows\SysWOW64\User32.dll => File is digitally signedC:\windows\system32\userinit.exe => File is digitally signedC:\windows\SysWOW64\userinit.exe => File is digitally signedC:\windows\system32\rpcss.dll => File is digitally signedC:\windows\system32\dnsapi.dll[2015-03-11 12:13] - [2015-08-14 06:43] - 0657920 ____A (Microsoft Corporation) 089D030FF1B7D49ACD074B289D306F4D C:\windows\SysWOW64\dnsapi.dll => MD5 is legitC:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-08-10 04:49 ==================== End of log ============================
-
My Windows 8.1 computer started acting flaky so I ran Malwarebytes (free version) and found a bunch of malware (4400 items). I cleaned all that up but shortly thereafter problems began again. I paid for and activated the full version but I fear the enemy was already inside the gates. Every time I scan I get the same malware showing up (PUP.Winsock.Hijackboot or something like that). I delete it via Malwarebytes but it comes right back. Also I am unable to contact Microsoft services. Logins using Microsoft profiles sometimes don't work and go to a temporary profile and Windows SmartScreen, Family Safety, and System Defender updates don't work. FRST logs below.