Cannot remove PUP.Optional.Babylon.A

[mindstormer]

Every day Malwarebytes would warn me about "PUP.Optional.Babylon.A." I would quarantine it, but it would still detect it again. It is from the location C:\UsersName\AppData\Local\GoogleChrome\User Data\DefaultPreferences. I already removed all other traces of Babylon with Malwarebytes. I tried cleaning the registry with CCleaner and running adware removal tools as recommended when I did some googling. Only installing Chrome would remove this warning. Thanks.

[MrCharlie]

Welcome to the forum. (Do what you can)

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

2. If you have illegal/cracked software (MS Office, Adobe Products), cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

 

<====><====><====><====><====><====><====><====>

 

Please run a Quick Scan with Malwarebytes (if possible)

For Malwarebytes ver: 1.75

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

For Malwarebytes 2.0, please run a Threat Scan

Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine all that's found

Post the log

Then......

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button. (make sure the Addition box is checked)
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

New window that comes up.

Last................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Wait for the Prescan to finish

Click Scan to scan the system.

When the scan completes > Don't Fix anything! > Click on the Report Button > Copy and paste the Report back here.

Don't run any other options, they're not all bad!!!!!!!

RogueKiller logs will also be located here:

%programdata%/RogueKiller/Logs <-------W7

C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <-------XP

(please don't put logs in code or quotes and use the default font)

 

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

If I don't respond within 24 hours, please send me a PM

[mindstormer]

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 8/11/2014

Scan Time: 8:44:58 PM

Logfile: 1.txt

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.08.11.08

Rootkit Database: v2014.08.04.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 8

CPU: x64

File System: NTFS

User: Gary

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 310685

Time Elapsed: 11 min, 20 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Warn

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 1

PUP.Optional.Babylon.A, C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ ""http://us.yahoo.com/?fr=fpc-comodo", "http://start.mysearchdial.com/?f=1&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutDtD0F0F0B0EyD0E0FyBzztDtC0C0DyDtN0D0Tzu0SyCzyzztN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=943948980&ir=" ],), Replaced,[9fb5c6ff9fdce74f700da95307fdcf31]

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

[mindstormer]

.

Addition.txt

FRST.txt

[mindstormer]

.

RKreport_SCN_08112014_212341.log

[MrCharlie]

Please make sure you have created that new restore point before you continue:


Please download AdwCleaner from HERE or HERE to your desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• When it's done you'll see: Pending: Please uncheck elements you don't want removed.
• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
• Look over the log especially under Files/Folders for any program you want to save.
• If there's a program you may want to save, just uncheck it from AdwCleaner.
• If you're not sure, post the log for review. (all items found are either adware/spyware/foistware)
• If you're ready to clean it all up.....click the Clean button.
• After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
• To restore an item that has been deleted:
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Next..................

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

-----------------------------------------

Next:

The 2 links below will help you set your home page as well as your "CHR StartupUrls: "hxxp://search.babylon.com/?"
https://support.google.com/chrome/answer/95314?hl=en <<<----Home page
https://support.google.com/chrome/answer/95421?hl=en <<<---CHR StartupUrls:

Then:

Open up Chrome by clicking on the 3 bars in the upper right hand corner.
Then in Chrome go to Settings > Under Sign In, go to Google Dashboard > Click on Settings > Click on Stop and Clear left bottom of the page.

That should clear out the setting.

Now rescan with Malwarebytes:
But first you have to change this setting from Warn to Enabled

PUP: Warn <----------------
PUM: Enabled



Click on settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware
Same for PUM (Potentially Unwanted Modifications)
Quarantine all that's found

You may have to scan twice, MB may find it the first time you scan but the second scan should come up clean.

Let me know....MrC

[mindstormer]

# AdwCleaner v3.304 - Report created 12/08/2014 at 00:40:01
# Updated 08/08/2014 by Xplode
# Operating System : Windows 8 Pro  (64 bits)
# Username : Gary - GC-DESKTOP
# Running from : D:\Extracted\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17028


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\26nrexiz.default\prefs.js ]


-\\ Google Chrome v36.0.1985.125

[ File : C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [startup_urls] : hxxp://search.babylon.com/?affID=110195&tt=4712_3&babsrc=HP_ss&mntrId=729d21ca000000000000002522c42910
Deleted [startup_urls] : hxxp://start.mysearchdial.com/?f=1&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutDtD0F0F0B0EyD0E0FyBzztDtC0C0DyDtN0D0Tzu0SyCzyzztN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=943948980&ir=

*************************

AdwCleaner[R0].txt - [2689 octets] - [08/07/2014 00:41:01]
AdwCleaner[R1].txt - [1420 octets] - [26/07/2014 20:56:19]
AdwCleaner[R2].txt - [1482 octets] - [09/08/2014 21:32:22]
AdwCleaner[R3].txt - [1602 octets] - [09/08/2014 21:39:42]
AdwCleaner[R4].txt - [1656 octets] - [11/08/2014 23:58:16]
AdwCleaner[R5].txt - [1716 octets] - [12/08/2014 00:05:00]
AdwCleaner[R6].txt - [1776 octets] - [12/08/2014 00:37:47]
AdwCleaner[s0].txt - [2708 octets] - [08/07/2014 00:43:57]
AdwCleaner[s1].txt - [1485 octets] - [26/07/2014 20:58:25]
AdwCleaner[s2].txt - [1547 octets] - [09/08/2014 21:33:33]
AdwCleaner[s3].txt - [1701 octets] - [12/08/2014 00:40:01]

########## EOF - C:\AdwCleaner\AdwCleaner[s3].txt - [1761 octets] ##########
 

[mindstormer]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 Pro x64
Ran by Gary on Tue 08/12/2014 at  0:54:44.14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 08/12/2014 at  1:06:31.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

[mindstormer]

Scan came out as clean the second time after I quarantined it from the first scan. However, I restarted the computer and performed a hyper scan and it detected PUP.Optional.Babylon.A. Quarantined it and did another scan and it detected it again.

[MrCharlie]

Post the log from Malwarebytes

and re-scan with FRST and make sure the addition box is checked.

MrC

[mindstormer]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/12/2014
Scan Time: 11:03:59 AM
Logfile: 2.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.12.05
Rootkit Database: v2014.08.04.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: Gary

Scan Type: Hyper Scan
Result: Completed
Objects Scanned: 251380
Time Elapsed: 2 min, 0 sec

Memory: Enabled
Startup: Enabled
Filesystem: Disabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.Babylon.A, C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ ""http://us.yahoo.com/?fr=fpc-comodo", "http://start.mysearchdial.com/?f=1&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutDtD0F0F0B0EyD0E0FyBzztDtC0C0DyDtN0D0Tzu0SyCzyzztN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=943948980&ir=" ],), ,[c5f09f263b40b1851525897484809769]

Physical Sectors: 0
(No malicious items detected)


(end)

[mindstormer]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-08-2014 01
Ran by Gary (administrator) on GC-DESKTOP on 12-08-2014 11:07:00
Running from D:\Extracted
Platform: Windows 8 Pro (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\37.0.2062.28\remoting_host.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\37.0.2062.28\remoting_host.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(SeriousBit) C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(SoftPerfect Research) C:\Program Files\SoftPerfect RAM Disk\ramdiskws.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
() C:\Users\Gary\Contacts\Desktop\Everything (x64)\Everything.exe
() C:\Users\Gary\Contacts\Desktop\Everything (x64)\Everything.exe
(BitTorrent Inc.) C:\Users\Gary\AppData\Roaming\uTorrent\uTorrent.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Flux Software LLC) C:\Users\Gary\AppData\Local\FluxSoftware\Flux\flux.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.4906\Battle.net.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) D:\Extracted\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RAMDiskForWorkstations] => C:\Program Files\SoftPerfect RAM Disk\RAMDiskWS.exe [3447416 2013-03-10] (SoftPerfect Research)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10396440 2014-04-14] (Logitech Inc.)
HKLM\...\Run: [Everything] => C:\Users\Gary\Contacts\Desktop\Everything (x64)\Everything.exe [1441792 2014-08-06] ()
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-04] (AVAST Software)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-1988524507-2958354340-36891620-1001\...\Run: [uTorrent] => C:\Users\Gary\AppData\Roaming\uTorrent\uTorrent.exe [1329744 2014-07-11] (BitTorrent Inc.)
HKU\S-1-5-21-1988524507-2958354340-36891620-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [24477056 2014-06-27] (Google)
HKU\S-1-5-21-1988524507-2958354340-36891620-1001\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-1988524507-2958354340-36891620-1001\...\Run: [battle.net] => C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe [2869808 2014-08-06] (Blizzard Entertainment)
HKU\S-1-5-21-1988524507-2958354340-36891620-1001\...\Run: [f.lux] => C:\Users\Gary\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-1988524507-2958354340-36891620-1001\...\Policies\Explorer: [NoCDBurning] 1
HKU\S-1-5-21-1988524507-2958354340-36891620-1001\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-1988524507-2958354340-36891620-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LSI - LoL Summoner Information.lnk
ShortcutTarget: LSI - LoL Summoner Information.lnk -> C:\Program Files (x86)\LSI\LoLSummonerInfo.exe ()
Startup: C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google Chrome.lnk
ShortcutTarget: Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Startup: C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Firefox.lnk
ShortcutTarget: Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} =>  No File
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} =>  No File
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} =>  No File
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\26nrexiz.default
FF Homepage: https://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: Xmarks - C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\26nrexiz.default\Extensions\foxmarks@kei.com [2014-07-12]
FF Extension: LastPass - C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\26nrexiz.default\Extensions\support@lastpass.com [2014-08-05]
FF Extension: DownloadHelper - C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\26nrexiz.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-08-09]
FF Extension: Reddit Enhancement Suite - C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\26nrexiz.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2014-07-28]
FF Extension: virtru-browser-extension - C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\26nrexiz.default\Extensions\virtrufirefox@virtru.com.xpi [2014-07-20]
FF Extension: Download Status Bar - C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\26nrexiz.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2014-07-20]
FF Extension: Adblock Plus - C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\26nrexiz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-05]
FF Extension: Tab Mix Plus - C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\26nrexiz.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-07-27]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://search.babylon.com/?affID=110195&tt=4712_3&babsrc=HP_ss&mntrId=729d21ca000000000000002522c42910", "hxxp://us.yahoo.com/?fr=fpc-comodo", "hxxp://start.mysearchdial.com/?f=1&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutDtD0F0F0B0EyD0E0FyBzztDtC0C0DyDtN0D0Tzu0SyCzyzztN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=943948980&ir="
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Microsoft Office 2013) - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.650.20) - D:\PortableApps Application (Desktop)\PortableApps\NetBeans_JavaSE_7.4_Portable\App\jdk\jre\bin\dtplugin\npDeployJava1.dll No File
CHR Plugin: (Java Platform SE 7 U65) - D:\PortableApps Application (Desktop)\PortableApps\NetBeans_JavaSE_7.4_Portable\App\jdk\jre\bin\plugin2\npjp2.dll No File
CHR Extension: (Easy Bookmark) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelppinkjknianlncbfhokbkipdhofnp [2014-07-26]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-07-26]
CHR Extension: (Google Docs) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-26]
CHR Extension: (Google Drive) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-26]
CHR Extension: (YouTube) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-26]
CHR Extension: (Adblock Plus) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-07-26]
CHR Extension: (Spotify - Music for every moment) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2014-07-26]
CHR Extension: (Google Search) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-26]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-07-26]
CHR Extension: (HTTPS Everywhere) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2014-07-26]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-07-26]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2014-07-26]
CHR Extension: (Deathamns) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\immpkjjlgappgfkkfieppnmlhakdmaab [2014-07-26]
CHR Extension: (Pocket Website) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\jijgclgmgjipgefcnnnibgllfonlfdap [2014-07-26]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-07-27]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2014-07-26]
CHR Extension: (Pocket) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2014-07-26]
CHR Extension: (Save to Pocket) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2014-07-26]
CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2014-08-10]
CHR Extension: (Google Wallet) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-26]
CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2014-07-26]
CHR Extension: (Diigo Web Collector - Capture and Annotate) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\oojbgadfejifecebmdnhhkbhdjaphole [2014-07-26]
CHR Extension: (Gmail) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-26]
CHR Extension: (AVG PrivacyFix) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmejhjjecaldkllonlokhkglbdbkdcni [2014-08-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-04] (AVAST Software)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\37.0.2062.28\remoting_host.exe [51016 2014-07-17] (Google Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NetBalancerService; C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe [16384 2013-07-22] (SeriousBit) [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [123664 2012-12-16] (SANDBOXIE L.T.D)
S4 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-04] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [104184 2012-12-21] (Advanced Micro Devices)
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R1 nbdrv; C:\Windows\system32\DRIVERS\nbdrv.sys [41392 2013-06-02] (SeriousBit)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202632 2012-12-16] (SANDBOXIE L.T.D)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
R1 vvramd; C:\Program Files\SoftPerfect RAM Disk\vv.sys [253432 2013-03-10] ()
S1 CSN5PDTS82; System32\Drivers\CSN5PDTS82.sys [X]
S1 CSN5PDTS82x64; System32\Drivers\CSN5PDTS82x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-12 01:06 - 2014-08-12 01:06 - 00000623 _____ () C:\Users\Gary\Desktop\JRT.txt
2014-08-11 16:51 - 2014-08-12 00:36 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-08-11 16:51 - 2014-08-11 16:51 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-11 16:47 - 2014-08-12 11:07 - 00000000 ____D () C:\FRST
2014-08-09 22:03 - 2014-08-09 22:03 - 00000000 ____D () C:\Program Files\HitmanPro
2014-08-09 22:02 - 2014-08-09 22:03 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-07 00:23 - 2014-08-07 00:23 - 00000000 ____D () C:\Users\Gary\AppData\Local\Blizzard
2014-08-07 00:19 - 2014-08-07 00:23 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-08-07 00:19 - 2014-08-07 00:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2014-08-06 20:43 - 2014-07-15 18:51 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-08-06 20:42 - 2014-05-29 00:04 - 00094552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2014-08-06 20:42 - 2014-05-07 21:34 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-08-04 22:49 - 2014-08-04 22:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-04 22:49 - 2014-08-04 22:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-04 22:49 - 2014-08-04 22:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-04 22:49 - 2014-08-04 22:49 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-04 22:49 - 2014-08-04 22:49 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-30 22:04 - 2014-07-30 22:04 - 00000000 ____D () C:\Users\Gary\AppData\Local\Echobit
2014-07-30 22:04 - 2014-07-30 22:04 - 00000000 ____D () C:\ProgramData\Echobit
2014-07-30 22:02 - 2014-07-30 22:02 - 00000835 _____ () C:\Users\Gary\AppData\Local\recently-used.xbel
2014-07-27 17:13 - 2014-07-27 17:13 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-27 17:13 - 2014-07-27 17:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-27 00:01 - 2014-07-27 00:01 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2014-07-27 00:00 - 2014-07-27 00:01 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-07-26 20:59 - 2014-08-12 00:41 - 00006066 _____ () C:\Windows\PFRO.log
2014-07-26 14:17 - 2014-07-26 14:17 - 00000000 ____D () C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-26 12:52 - 2014-07-26 12:52 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-26 12:52 - 2014-07-26 12:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-19 17:21 - 2014-07-19 17:21 - 00004602 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-16 20:03 - 2014-07-16 20:03 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-14 02:27 - 2014-07-14 02:28 - 00001762 _____ () C:\Windows\setupact.log
2014-07-14 02:27 - 2014-07-14 02:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-13 13:42 - 2014-07-13 13:42 - 00354888 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-13 11:30 - 2014-07-13 12:13 - 00000000 ____D () C:\adt-bundle-windows-x86_64-20140702

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-12 11:07 - 2014-08-11 16:47 - 00000000 ____D () C:\FRST
2014-08-12 11:05 - 2014-01-22 00:17 - 00000000 ____D () C:\Users\Gary\AppData\Local\Battle.net
2014-08-12 11:05 - 2013-01-09 23:24 - 00000000 ____D () C:\Users\Gary\AppData\Roaming\uTorrent
2014-08-12 11:03 - 2014-06-14 01:07 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-12 11:02 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\sru
2014-08-12 10:59 - 2014-07-11 02:40 - 01235502 _____ () C:\Windows\WindowsUpdate.log
2014-08-12 10:55 - 2013-01-09 22:01 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1988524507-2958354340-36891620-1001
2014-08-12 10:42 - 2013-01-10 00:16 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-12 10:39 - 2013-01-09 23:24 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-12 02:34 - 2013-01-09 23:36 - 00000000 ____D () C:\Users\Gary\AppData\Roaming\vlc
2014-08-12 02:32 - 2013-01-09 23:24 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-12 02:29 - 2013-01-10 11:35 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-12 01:32 - 2012-07-26 03:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-12 01:06 - 2014-08-12 01:06 - 00000623 _____ () C:\Users\Gary\Desktop\JRT.txt
2014-08-12 00:41 - 2014-07-26 20:59 - 00006066 _____ () C:\Windows\PFRO.log
2014-08-12 00:40 - 2014-07-08 00:40 - 00000000 ____D () C:\AdwCleaner
2014-08-12 00:36 - 2014-08-11 16:51 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-08-11 16:51 - 2014-08-11 16:51 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-11 09:52 - 2013-09-18 02:07 - 00005204 _____ () C:\Windows\system32\TeamViewer8_Hooks.log
2014-08-11 09:51 - 2013-09-04 20:48 - 00001102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
2014-08-11 09:51 - 2013-09-04 20:48 - 00001090 _____ () C:\Users\Public\Desktop\TeamViewer 8.lnk
2014-08-11 01:52 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-08-11 00:28 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\Help
2014-08-10 14:33 - 2014-05-05 21:10 - 00000000 ____D () C:\Users\Gary\AppData\Roaming\Skype
2014-08-09 22:03 - 2014-08-09 22:03 - 00000000 ____D () C:\Program Files\HitmanPro
2014-08-09 22:03 - 2014-08-09 22:02 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-09 21:42 - 2014-07-08 00:40 - 00000000 ____D () C:\Windows\ERUNT
2014-08-09 02:23 - 2014-05-05 21:10 - 00000000 ____D () C:\ProgramData\Skype
2014-08-08 16:43 - 2014-05-07 22:16 - 00000000 ____D () C:\Windows\rescache
2014-08-07 00:23 - 2014-08-07 00:23 - 00000000 ____D () C:\Users\Gary\AppData\Local\Blizzard
2014-08-07 00:23 - 2014-08-07 00:19 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-08-07 00:19 - 2014-08-07 00:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2014-08-07 00:18 - 2014-01-22 00:13 - 00000000 ____D () C:\ProgramData\Battle.net
2014-08-06 20:52 - 2012-07-26 03:28 - 00848230 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-06 20:43 - 2012-07-26 03:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-08-06 19:41 - 2014-01-22 00:17 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-08-06 15:05 - 2013-08-20 00:22 - 00001066 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-08-05 14:41 - 2013-01-09 23:24 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-04 22:50 - 2014-04-17 02:17 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-04 22:49 - 2014-08-04 22:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-04 22:49 - 2014-08-04 22:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-04 22:49 - 2014-08-04 22:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-04 22:49 - 2014-08-04 22:49 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-04 22:49 - 2014-08-04 22:49 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-04 21:22 - 2014-06-29 20:41 - 00000000 ____D () C:\ProgramData\UMS
2014-08-04 21:22 - 2013-05-30 15:56 - 00000000 ____D () C:\ProgramData\PMS
2014-07-31 21:06 - 2013-01-09 21:53 - 00000000 ____D () C:\Users\Gary\AppData\Local\Packages
2014-07-30 22:04 - 2014-07-30 22:04 - 00000000 ____D () C:\Users\Gary\AppData\Local\Echobit
2014-07-30 22:04 - 2014-07-30 22:04 - 00000000 ____D () C:\ProgramData\Echobit
2014-07-30 22:03 - 2014-05-06 01:57 - 00000000 ____D () C:\Users\Gary\.gimp-2.8
2014-07-30 22:02 - 2014-07-30 22:02 - 00000835 _____ () C:\Users\Gary\AppData\Local\recently-used.xbel
2014-07-30 18:14 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-27 17:13 - 2014-07-27 17:13 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-27 17:13 - 2014-07-27 17:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-27 00:01 - 2014-07-27 00:01 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2014-07-27 00:01 - 2014-07-27 00:00 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-07-26 14:17 - 2014-07-26 14:17 - 00000000 ____D () C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-26 12:52 - 2014-07-26 12:52 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-26 12:52 - 2014-07-26 12:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-26 01:12 - 2013-01-09 23:24 - 00000000 ____D () C:\Users\Gary\AppData\Local\Google
2014-07-19 17:21 - 2014-07-19 17:21 - 00004602 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-16 20:03 - 2014-07-16 20:03 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-15 18:51 - 2014-08-06 20:43 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-07-14 02:28 - 2014-07-14 02:27 - 00001762 _____ () C:\Windows\setupact.log
2014-07-14 02:27 - 2014-07-14 02:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-13 13:42 - 2014-07-13 13:42 - 00354888 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-13 12:13 - 2014-07-13 11:30 - 00000000 ____D () C:\adt-bundle-windows-x86_64-20140702

Some content of TEMP:
====================
C:\Users\Gary\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Gary\AppData\Local\Temp\proxy_vole6711353946294370876.dll
C:\Users\Gary\AppData\Local\Temp\Quarantine.exe
C:\Users\Gary\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Gary\AppData\Local\Temp\vlc-2.1.5-win32.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-08 16:29

==================== End Of Log ============================

[mindstormer]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-08-2014 01
Ran by Gary at 2014-08-12 11:07:32
Running from D:\Extracted
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{5E03A267-415E-5383-FA8F-3CE4145663B9}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
AviSynth (HKLM-x32\...\AviSynth) (Version: 2.6.0 MT - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Chrome Remote Desktop Host (HKLM-x32\...\{7D2C319D-3907-472D-9B55-EC1F240962FC}) (Version: 37.0.2062.28 - Google Inc.)
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D1C35197-B856-45E2-BA67-5ABB6B0CA9C2}) (Version:  - Microsoft)
f.lux (HKCU\...\Flux) (Version:  - )
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version:  - )
FLAC 1.2.1b (remove only) (HKLM-x32\...\FLAC) (Version: 1.2.1b - Xiph.org)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Drive (HKLM-x32\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Java SE Development Kit 7 Update 51 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170510}) (Version: 1.7.0.510 - Oracle)
JDownloader 2 (HKLM\...\jdownloader2-1) (Version: 2.0 - AppWork GmbH)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.53 (HKLM\...\Logitech Gaming Software) (Version: 8.53.154 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Access MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Word MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
NetBalancer (HKLM\...\NetBalancer_is1) (Version:  - SeriousBit)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Plex Media Server (HKLM-x32\...\{876ab221-6562-4f34-9335-68fc92bb3f1b}) (Version: 0.9.818 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.818 - Plex, Inc.) Hidden
PS3 Media Server (HKLM-x32\...\PS3 Media Server) (Version: 1.90.0 - PS3 Media Server)
Revo Uninstaller Pro 3.0.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.2 - VS Revo Group, Ltd.)
Sandboxie 3.76 (64-bit) (HKLM\...\Sandboxie) (Version: 3.76 - SANDBOXIE L.T.D)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SoftPerfect RAM Disk 3.3.3 (HKLM\...\{33A14ED9-0340-4193-BEDB-B95BC8196182}_is1) (Version:  - SoftPerfect Research)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer)
Uninstall LSI (HKLM-x32\...\{62B332E9-239D-4692-BDE2-0CC1CF2833DA}_is1) (Version: 3.1c - Aequus Gaming Ltd.)
Universal Media Server (HKLM-x32\...\Universal Media Server) (Version: 3.6.4 - Universal Media Server)
Update for Microsoft Excel 2013 (KB2881085) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{58D92858-3C94-4C2F-A8E4-AEFF9304C3CF}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2881085) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUS_{58D92858-3C94-4C2F-A8E4-AEFF9304C3CF}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2881085) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUS_{58D92858-3C94-4C2F-A8E4-AEFF9304C3CF}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2881085) 64-Bit Edition (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{58D92858-3C94-4C2F-A8E4-AEFF9304C3CF}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2850074) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{F9F71CF8-8310-4EFC-869F-47BC0FEE269D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{EF77B4A6-DFEC-4010-A87D-9B6BF87FABEC}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{62857CDD-2985-4939-91BA-19ED0B0031A5}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{0814662C-FD28-4DE0-ACE5-EE50D1D6C8FB}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUS_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2826040) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C4AEA56A-0759-4D08-9FAB-31A92137D0B8}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837644) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D692E9FF-84BF-4F44-A0EA-D58ECE0D538E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{290D80DE-03AB-47EC-9402-108AF4CE4F66}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880457) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{EC2AF602-2730-4B05-9438-06CDE43153F2}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880464) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{88B29AA5-71EE-4692-91E2-E89407F0B783}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8116ED50-F1E7-49E1-9D8D-421497D34B0F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880987) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6F540E80-4BB2-413F-9648-52031AA237B7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880987) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6F540E80-4BB2-413F-9648-52031AA237B7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880987) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6F540E80-4BB2-413F-9648-52031AA237B7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0090-0409-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881074) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{9A479F9C-C1EC-4833-A115-A8B7A60480BD}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881084) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.PROPLUS_{3A12DFA2-3FF5-450E-BDB1-A742551A5D1A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881084) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.PROPLUS_{EA8072E8-E3CF-46DF-A5DE-9F5975344327}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881084) 64-Bit Edition (HKLM\...\{90150000-001F-0C0A-1000-0000000FF1CE}_Office15.PROPLUS_{1BABB09A-AB4C-427F-B23C-76A278737988}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881086) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{ED3A8E98-FDD4-493F-A0EC-141821573EC2}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881086) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{ED3A8E98-FDD4-493F-A0EC-141821573EC2}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{3C6F4768-FB23-4ECF-8328-5C47E0664B65}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 64-Bit Edition (HKLM\...\{90150000-00BA-0409-1000-0000000FF1CE}_Office15.PROPLUS_{3C6F4768-FB23-4ECF-8328-5C47E0664B65}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{3C6F4768-FB23-4ECF-8328-5C47E0664B65}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 64-Bit Edition (HKLM\...\{90150000-00C1-0409-1000-0000000FF1CE}_Office15.PROPLUS_{3C6F4768-FB23-4ECF-8328-5C47E0664B65}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-00A1-0409-1000-0000000FF1CE}_Office15.PROPLUS_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUS_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2881075) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C8955821-EDAC-4E65-BEF3-C9C0A049517A}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2881075) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUS_{C8955821-EDAC-4E65-BEF3-C9C0A049517A}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{90150000-0019-0409-1000-0000000FF1CE}_Office15.PROPLUS_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BC51FE30-3A56-4802-8D9E-E9BC05B56B49}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F96FE9BB-CD90-472B-852E-156342618C54}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUS_{F96FE9BB-CD90-472B-852E-156342618C54}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 64-Bit Edition (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{F96FE9BB-CD90-472B-852E-156342618C54}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{F96FE9BB-CD90-472B-852E-156342618C54}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

05-08-2014 01:34:58 Scheduled Checkpoint
10-08-2014 03:36:51 Checkpoint by HitmanPro

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {03B1636E-EFFE-4631-8929-C1953A3B47FA} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {05A25441-428B-49C8-B689-42231F1E0066} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {3FC55410-40C5-4A95-8157-47F5E6668503} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-07-09] (Microsoft Corporation)
Task: {43754ECE-717D-45CB-B42B-748483F57177} - System32\Tasks\Trigger KMS Activation => C:\Users\Gary\Desktop\New folder (3)\TriggerKMS.exe
Task: {6A5B26B1-D2B8-4D8B-80B7-B8F424094781} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {6D5FD69E-4B76-4E21-AC4C-7674CD21A311} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-04] (AVAST Software)
Task: {77DF7CDC-2E22-4321-9FA8-18A1FEEF389C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-09] (Google Inc.)
Task: {9CAABCE2-EFC8-4C1F-85F7-D48D4B9CED44} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-09] (Google Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {ADEC579B-D10E-41F6-933B-0733D5D674D1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {BB9B1E6E-228B-4D9F-BDBD-52399165D79D} - System32\Tasks\CCleanerSkipUAC => C:\Users\Gary\Desktop\Portable Applications\CCleaner\CCleaner.exe
Task: {BFE733A0-7F37-46CA-B88F-F98F9F6A2060} - System32\Tasks\Microsoft Office 15 Sync Maintenance for GC-DESKTOP-Gary GC-Desktop => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-04-08] (Microsoft Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {E9EC90EB-E61E-4588-BFAF-B42B96134620} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-10-02 17:46 - 2013-06-06 02:24 - 00020472 _____ () C:\Windows\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll
2013-08-31 23:06 - 2013-07-22 14:41 - 00010752 _____ () C:\Program Files\NetBalancer\SeriousBit.NetBalancer.DeskBand.Ipc.dll
2013-08-31 23:06 - 2013-07-22 14:40 - 00146944 _____ () C:\Program Files\NetBalancer\System.Collections.Immutable.dll
2013-08-31 23:06 - 2013-07-22 14:40 - 00046080 _____ () C:\Program Files\NetBalancer\Events.dll
2013-08-31 23:06 - 2013-06-02 10:19 - 00456192 _____ () C:\Program Files\NetBalancer\libzmq.DLL
2013-04-17 02:25 - 2013-03-10 11:25 - 00077824 _____ () C:\Program Files\SoftPerfect RAM Disk\vvlib.dll
2014-02-11 14:21 - 2014-02-11 14:21 - 00860160 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-02-11 14:22 - 2014-02-11 14:22 - 01043968 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-02-11 14:21 - 2014-02-11 14:21 - 00052736 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-02-11 14:22 - 2014-02-11 14:22 - 00236032 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-08-06 20:24 - 2014-08-06 10:34 - 01441792 _____ () C:\Users\Gary\Contacts\Desktop\Everything (x64)\Everything.exe
2014-07-04 16:02 - 2014-07-04 16:02 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-08-11 13:02 - 2014-08-11 13:02 - 02795520 _____ () C:\Program Files\AVAST Software\Avast\defs\14081101\algo.dll
2014-06-10 13:21 - 2014-06-10 13:21 - 08892072 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-07-04 16:02 - 2014-07-04 16:02 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-07-27 17:13 - 2014-07-17 01:42 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-07-26 12:52 - 2014-07-15 05:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-26 12:52 - 2014-07-15 05:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-08-06 15:21 - 2014-08-06 15:21 - 26065408 _____ () C:\Program Files (x86)\Battle.net\Battle.net.4906\libcef.dll
2014-08-06 15:21 - 2014-08-06 15:21 - 00739840 _____ () C:\Program Files (x86)\Battle.net\Battle.net.4906\libglesv2.dll
2014-08-06 15:21 - 2014-08-06 15:21 - 00130048 _____ () C:\Program Files (x86)\Battle.net\Battle.net.4906\libegl.dll
2014-07-26 12:52 - 2014-07-15 05:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-26 12:52 - 2014-07-15 05:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-26 12:52 - 2014-07-15 05:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-08-12 10:39 - 2014-08-12 10:39 - 00098816 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI2362\win32api.pyd
2014-08-12 10:39 - 2014-08-12 10:39 - 00110080 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI2362\pywintypes27.dll
2014-08-12 10:39 - 2014-08-12 10:39 - 00364544 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI2362\pythoncom27.dll
2014-08-12 10:39 - 2014-08-12 10:39 - 00045568 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI2362\_socket.pyd
2014-08-12 10:39 - 2014-08-12 10:39 - 01160704 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI2362\_ssl.pyd
2014-08-12 10:39 - 2014-08-12 10:39 - 00320512 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI2362\win32com.shell.shell.pyd
2014-08-12 10:39 - 2014-08-12 10:39 - 00713216 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI2362\_hashlib.pyd
2014-08-12 10:39 - 2014-08-12 10:39 - 01175040 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI2362\wx._core_.pyd
2014-08-12 10:39 - 2014-08-12 10:39 - 00805888 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI2362\wx._gdi_.pyd
2014-08-12 10:39 - 2014-08-12 10:39 - 00811008 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI2362\wx._windows_.pyd
2014-08-12 10:39 - 2014-08-12 10:39 - 01062400 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI2362\wx._controls_.pyd
2014-08-12 10:39 - 2014-08-12 10:39 - 00735232 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI2362\wx._misc_.pyd
2014-08-12 10:39 - 2014-08-12 10:39 - 00128512 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI2362\_elementtree.pyd
2014-08-12 10:39 - 2014-08-12 10:39 - 00127488 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI2362\pyexpat.pyd
2014-08-12 10:39 - 2014-08-12 10:39 - 00557056 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI2362\pysqlite2._sqlite.pyd
2014-08-12 10:39 - 2014-08-12 10:39 - 00007168 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI2362\hashobjs_ext.pyd
2014-08-12 10:39 - 2014-08-12 10:39 - 00087552 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI2362\_ctypes.pyd
2014-08-12 10:39 - 2014-08-12 10:39 - 00119808 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI2362\win32file.pyd
2014-08-12 10:39 - 2014-08-12 10:39 - 00108544 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI2362\win32security.pyd
2014-08-12 10:39 - 2014-08-12 10:39 - 00018432 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI2362\win32event.pyd
2014-08-12 10:39 - 2014-08-12 10:39 - 00038912 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI2362\win32inet.pyd
2014-08-12 10:39 - 2014-08-12 10:39 - 00070656 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI2362\wx._html2.pyd
2014-08-12 10:39 - 2014-08-12 10:39 - 00167936 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI2362\win32gui.pyd
2014-08-12 10:39 - 2014-08-12 10:39 - 00011264 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI2362\win32crypt.pyd
2014-08-12 10:39 - 2014-08-12 10:39 - 00027136 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI2362\_multiprocessing.pyd
2014-08-12 10:39 - 2014-08-12 10:39 - 00122368 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI2362\wx._wizard.pyd
2014-08-12 10:39 - 2014-08-12 10:39 - 00010240 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI2362\select.pyd
2014-08-12 10:39 - 2014-08-12 10:39 - 00024064 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI2362\win32pipe.pyd
2014-08-12 10:39 - 2014-08-12 10:39 - 00686080 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI2362\unicodedata.pyd
2014-08-12 10:39 - 2014-08-12 10:39 - 00025600 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI2362\win32pdh.pyd
2014-08-12 10:39 - 2014-08-12 10:39 - 00525640 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI2362\windows._lib_cacheinvalidation.pyd
2014-08-12 10:39 - 2014-08-12 10:39 - 00035840 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI2362\win32process.pyd
2014-08-12 10:39 - 2014-08-12 10:39 - 00017408 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI2362\win32profile.pyd
2014-08-12 10:39 - 2014-08-12 10:39 - 00022528 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI2362\win32ts.pyd
2014-08-12 10:39 - 2014-08-12 10:39 - 00078336 _____ () C:\Users\Gary\AppData\Local\Temp\_MEI2362\wx._animate.pyd
2014-07-26 12:52 - 2014-07-15 05:24 - 14664008 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:07BF512B

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/12/2014 11:04:30 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (08/12/2014 10:39:28 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=2

Error: (08/12/2014 10:39:16 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (08/12/2014 01:33:42 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (08/12/2014 01:33:39 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (08/12/2014 01:33:02 AM) (Source: NetBalancerService) (EventID: 0) (User: )
Description: This version of NetBalancer is outdated, please download a new one from our website.

Error: (08/12/2014 01:22:35 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GC-Desktop)
Description: Activation of app 29352GalleryImages.HotSexyCelebritiesDaily_8cearpz8v2nym!App failed with error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (08/12/2014 11:03:59 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (08/12/2014 10:38:50 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (08/12/2014 10:38:49 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (08/12/2014 10:38:48 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (08/12/2014 02:34:17 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (08/12/2014 02:34:07 AM) (Source: DCOM) (EventID: 10010) (User: GC-Desktop)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (08/12/2014 02:34:07 AM) (Source: DCOM) (EventID: 10010) (User: GC-Desktop)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (08/12/2014 01:34:51 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (08/12/2014 01:33:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network Connectivity Assistant service depends on the IP Helper service which failed to start because of the following error:
%%1058

Error: (08/12/2014 01:32:55 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.


Microsoft Office Sessions:
=========================
Error: (08/12/2014 11:04:30 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestD:\Extracted\esetsmartinstaller_enu.exe

Error: (08/12/2014 10:39:28 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0x8007232BRuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=2

Error: (08/12/2014 10:39:16 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0x8007232BRuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (08/12/2014 01:33:42 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0x8007232BRuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (08/12/2014 01:33:39 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0x8007232BRuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (08/12/2014 01:33:02 AM) (Source: NetBalancerService) (EventID: 0) (User: )
Description: This version of NetBalancer is outdated, please download a new one from our website.

Error: (08/12/2014 01:22:35 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GC-Desktop)
Description: 29352GalleryImages.HotSexyCelebritiesDaily_8cearpz8v2nym!App-2144927151


==================== Memory info ===========================

Percentage of memory in use: 62%
Total physical RAM: 8174.69 MB
Available physical RAM: 3024.86 MB
Total Pagefile: 13806.69 MB
Available Pagefile: 6368.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:84.66 GB) (Free:10.34 GB) NTFS
Drive d: () (Fixed) (Total:380.76 GB) (Free:21.18 GB) NTFS
Drive e: () (Fixed) (Total:1397.26 GB) (Free:115.18 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 45D0DF80)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=85 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=381 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 1397 GB) (Disk ID: 9E415FA7)
Partition 1: (Active) - (Size=1397 GB) - (Type=07 NTFS)

==================== End Of Log ============================

[MrCharlie]

Did you install this program:
C:\Program Files (x86)\Battle.net
and this Chrome extension:
Easy Bookmark aelppinkjknianlncbfhokbkipdhofnp

Download and run Avast Browser Cleanup, see if it detects any bad items. If so have the program delete them.
Click on each browser listed on the left hand side.
MrC

[mindstormer]

I have Battle.net application and Easy Bookmark extension.

 

Avast Browser Cleanup recommends I remove AVG PrivacyFix and Virtu extensions, both of which are pretty popular extensions by big companies. Should I delete them and rescan?

[MrCharlie]

Delete them for now, you can always re-install them.
 
======================================

Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.
Run FRST.exe/FRST64.exe and click Fix only once and wait
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

===================

Reset this Chrome: (don't reboot!)
CHR StartupUrls: "hxxp://search.babylon.com/?

https://support.google.com/chrome/answer/95421?hl=en <<<---CHR StartupUrls:

=====================

Open up Chrome by clicking on the 3 bars in the upper right hand corner.
Then in Chrome go to Settings > Under Sign In, go to Google Dashboard > Click on Settings > Click on Stop and Clear left bottom of the page.

=====================

Update and re-scan with Malwarebytes.

Let me know....MrC

[mindstormer]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-08-2014 01
Ran by Gary at 2014-08-12 12:20:40 Run:1
Running from D:\Extracted
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CHR Plugin: (Microsoft Office 2013) - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll No File
C:\Users\Gary\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Gary\AppData\Local\Temp\proxy_vole6711353946294370876.dll
C:\Users\Gary\AppData\Local\Temp\Quarantine.exe
C:\Users\Gary\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Gary\AppData\Local\Temp\vlc-2.1.5-win32.exe
AlternateDataStreams: C:\ProgramData\TEMP:07BF512B

*****************

C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll not found.
C:\Users\Gary\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\proxy_vole6711353946294370876.dll => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Gary\AppData\Local\Temp\vlc-2.1.5-win32.exe => Moved successfully.
C:\ProgramData\TEMP => ":07BF512B" ADS removed successfully.

==== End of Fixlog ====

[mindstormer]

I'm not sure what you mean by

 

"

Reset this Chrome: (don't reboot!)
CHR StartupUrls: "hxxp://search.babylon.com/?

https://support.goog...wer/95421?hl=en <<<---CHR StartupUrls:"

 

but everything else I did. I use the Chrome setting "Continue where you left off" so I never had to set a specific set of pages. Regardless, I went to "Set pages" and removed traces of MySearchDial that is associated with Babylon.

 

I rebooted the computer and did a quick scan and it came as clean. When I get the chance (probably at the end of the day), I will install the two extensions that were deleted and re-sync Chrome settings, and then do another quick scan.

 

3 questions out of curiosity:

 

1. What exactly fixed this problem--what did the attached fixlist do?

2. When would it be necessary to do a full Threat Scan over a Hyper Scan?

3. Would reformatting have fixed this issue?

[MrCharlie]

Reset this Chrome: (don't reboot!)

CHR StartupUrls: "hxxp://search.babylon.com/?

https://support.goog...wer/95421?hl=en <<<---CHR StartupUrls:"

but everything else I did. I use the Chrome setting "Continue where you left off" so I never had to set a specific set of pages. Regardless, I went to "Set pages" and removed traces of MySearchDial that is associated with Babylon.

You have to go through all those setings in Chrome regaurdless if you use them or not.

That's what the logs show:

 

CHR HomePage: hxxp://www.google.com/

CHR StartupUrls: "hxxp://search.babylon.com/?affID=110195&tt=4712_3&babsrc=HP_ss&mntrId=729d21ca000000000000002522c42910", "hxxp://us.yahoo.com/?fr=fpc-comodo", "hxxp://start.mysearchdial.com/?f=1&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutDtD0F0F0B0EyD0E0FyBzztDtC0C0DyDtN0D0Tzu0SyCzyzztN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=943948980&ir="

-----------------------

You can always reset Chrome completely and clear out the preference:

https://support.google.com/chrome/answer/3296214?hl=en

Stop and Clear Settings in Preferences:

Open up Chrome by clicking on the 3 bars in the upper right hand corner.

Then in Chrome go to Settings > Under Sign In, go to Google Dashboard > Click on Settings > Click on Stop and Clear left bottom of the page.

 

-------------

1. What exactly fixed this problem--what did the attached fixlist do?

Resetting any setting in Chrome that has babylon.com in it....

and Stop and clearing Settings

Open up Chrome by clicking on the 3 bars in the upper right hand corner.

Then in Chrome go to Settings > Under Sign In, go to Google Dashboard > Click on Settings > Click on Stop and Clear left bottom of the page.

 

------------------

 

The fixlist just cleared out some clutter

2. When would it be necessary to do a full Threat Scan over a Hyper Scan?

You have to always do a Threat Scan

3. Would reformatting have fixed this issue?

No and it's not necessary. This is fixable

 

MrC

[mindstormer]

Ok, thanks! Appreciate your efforts in getting this done quickily. This thread can be closed =).

[MrCharlie]

OK..MrC

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!