Jump to content

Recommended Posts

Hello all,


My browsers have all been hijacked, in that any omnibox search query goes through the custom search utility of a site called yourtv.link. Search engine manager says locked by administrator and there are no other accounts on my computer save my own. I have been able to update and run malwarebyte anti-malware and rootkit which have found nothing, Windows defender finds nothing. Search results find nothing. Registry edits have come to no avail. Revo full-uninstalls of all browser programs aren't helping. Please help.


 


Attached are images of the search engine manager and a test search demonstrating the hijacked omnibar in action.


post-187758-0-93185600-1432255712_thumb.

post-187758-0-81872100-1432255716_thumb.

Addition.txt

FRST.txt

Link to post
Share on other sites

  • Replies 115
  • Created
  • Last Reply

Top Posters In This Topic

Apologies, here is the FRST scan file:

*******************************************************************************************************************************************************************************************************

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-05-2015

Ran by kyled_000 (administrator) on USSTR0N5TI2TI0N on 21-05-2015 19:47:19

Running from C:\Users\kyled_000\Downloads

Loaded Profiles: kyled_000 (Available profiles: kyled_000)

Platform: Windows 8.1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Palo Alto Networks) C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe

(TechSmith Corporation) C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(Palo Alto Networks) C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Flux Software LLC) C:\Users\kyled_000\AppData\Local\FluxSoftware\Flux\flux.exe

(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe

(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE

(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\SnagPriv.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\TscHelp.exe

(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE

(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE

(Dropbox, Inc.) C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\Dropbox.exe

() C:\Program Files (x86)\Launchy\Launchy.exe

(salesforce.com) C:\Users\kyled_000\AppData\Roaming\salesforce.com\Salesforce for Outlook\SfdcMsOl.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\SnagitEditor.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

(Microsoft Corporation) C:\Windows\System32\UserAccountControlSettings.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Farbar) C:\Users\kyled_000\Downloads\FRST64 (1).exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

HKLM-x32\...\Run: [GlobalProtect] => C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe [1585456 2014-11-26] (Palo Alto Networks)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)

HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1284680 2014-01-17] (CANON INC.)

HKLM-x32\...\Run: [iJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [438888 2014-01-15] (CANON INC.)

HKU\S-1-5-21-1615724195-3356573343-772561760-1001\...\Run: [f.lux] => C:\Users\kyled_000\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)

HKU\S-1-5-21-1615724195-3356573343-772561760-1001\...\Run: [uSSTR0N5TI2TI0N] => C:\ProgramData\Unknown.exe [7965128 2015-04-27] ()

HKU\S-1-5-21-1615724195-3356573343-772561760-1001\...\MountPoints2: {85afdce2-6b93-11e4-8270-c9902d343257} - "F:\WD SmartWare.exe" autoplay=true

HKU\S-1-5-21-1615724195-3356573343-772561760-1001\...\MountPoints2: {b1d9c79a-3bbc-11e4-8250-806e6f6e6963} - "D:\install.EXE" id= ver=1.0.0.0

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 12.lnk [2015-04-23]

ShortcutTarget: Snagit 12.lnk -> C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe (TechSmith Corporation)

Startup: C:\Users\kyled_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-29]

ShortcutTarget: Dropbox.lnk -> C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\kyled_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kyled_000.exe [2015-04-27] ()

Startup: C:\Users\kyled_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk [2014-09-14]

ShortcutTarget: Launchy.lnk -> C:\Program Files (x86)\Launchy\Launchy.exe ()

Startup: C:\Users\kyled_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Salesforce for Outlook.lnk [2015-04-29]

ShortcutTarget: Salesforce for Outlook.lnk -> C:\Users\kyled_000\AppData\Roaming\salesforce.com\Salesforce for Outlook\SfdcMsOl.exe (salesforce.com)

ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKU\S-1-5-21-1615724195-3356573343-772561760-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://yourtv.link

URLSearchHook: [s-1-5-21-1615724195-3356573343-772561760-1001] ATTENTION ==> Default URLSearchHook is missing

SearchScopes: HKLM -> DefaultScope value is missing

SearchScopes: HKU\S-1-5-21-1615724195-3356573343-772561760-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.google.com/cse?cx=partner-pub-8036109189802438%3A7790813904&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=yourtv.link%2F

SearchScopes: HKU\S-1-5-21-1615724195-3356573343-772561760-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.google.com/cse?cx=partner-pub-8036109189802438%3A7790813904&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=yourtv.link%2F

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)

BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)

BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)

Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-22] ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-22] ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()

FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-09-20] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)

 

Chrome: 

=======

CHR Profile: C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-19]

CHR Extension: (Bejeweled) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2015-05-19]

CHR Extension: (From Dust) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\anelkojiepicmcldgnmkplocifmegpfj [2015-05-19]

CHR Extension: (Google Docs) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-19]

CHR Extension: (Google Drive) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-19]

CHR Extension: (Session Manager) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2015-05-19]

CHR Extension: (YouTube) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-19]

CHR Extension: (Pushbullet) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2015-05-19]

CHR Extension: (uBlock Origin) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2015-05-19]

CHR Extension: (Google Search) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-19]

CHR Extension: (Google Sheets) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-19]

CHR Extension: (Bookmark Manager) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-20]

CHR Extension: (Kindle Cloud Reader) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2015-05-19]

CHR Extension: (Slingplayer for Google Chrome™ extension) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdceheklapbalfikfdppfpgdgabaglp [2015-05-19]

CHR Extension: (90`s Games) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\illbbfoihflomkbpcaaakhijinbnejom [2015-05-19]

CHR Extension: (Reddit Enhancement Suite) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2015-05-19]

CHR Extension: (The Great Suspender) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2015-05-19]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-19]

CHR Extension: (Google Mail Checker) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2015-05-19]

CHR Extension: (Plants vs Zombies) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina [2015-05-19]

CHR Extension: (Google Wallet) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-19]

CHR Extension: (Gmail) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-19]

CHR Extension: (Abstract-Blue) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnacehkknmafkjgkikclamogikoiaaa [2015-05-19]

CHR Extension: (Canvas Rider) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk [2015-05-19]

CHR HKLM-x32\...\Chrome\Extension: [ihdceheklapbalfikfdppfpgdgabaglp] - https://clients2.google.com/service/update2/crx

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)

R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [324424 2014-08-14] (Intel Corporation)

S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)

S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1930608 2015-04-08] (Electronic Arts)

R2 PanGPS; C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe [2405680 2014-11-26] (Palo Alto Networks)

R2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3408384 2015-01-26] (TechSmith Corporation) [File not signed]

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices)

U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-10-03] (GEAR Software Inc.)

S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)

S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-19] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)

R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-26] (Intel Corporation)

S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)

R3 PanGpd; C:\Windows\system32\DRIVERS\pangpd.sys [36352 2014-11-26] (Palo Alto Networks)

R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)

S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]

S3 iwdbus; \SystemRoot\System32\drivers\iwdbus.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-05-21 19:42 - 2015-05-21 19:45 - 00043539 _____ () C:\Users\kyled_000\Downloads\Addition.txt

2015-05-21 19:41 - 2015-05-21 19:47 - 00019516 _____ () C:\Users\kyled_000\Downloads\FRST.txt

2015-05-21 19:41 - 2015-05-21 19:41 - 02108416 _____ (Farbar) C:\Users\kyled_000\Downloads\FRST64 (1).exe

2015-05-21 18:04 - 2015-05-21 18:04 - 00151245 _____ () C:\Users\kyled_000\Desktop\Copy of AUA 2015 Booth Scans - All Days - 5-19-15 df.xlsm

2015-05-21 17:15 - 2015-05-21 18:04 - 00000075 _____ () C:\Users\kyled_000\Downloads\debug.log

2015-05-21 17:15 - 2015-05-21 17:15 - 00002587 _____ () C:\Users\Public\Desktop\Slingplayer Desktop.lnk

2015-05-21 17:14 - 2015-05-21 17:14 - 40258296 _____ (Sling Media) C:\Users\kyled_000\Downloads\SlingplayerDesktop-5.0.0.83.exe

2015-05-21 10:46 - 2015-05-21 10:46 - 00000000 _____ () C:\Windows\setuperr.log

2015-05-21 10:46 - 2015-05-21 10:46 - 00000000 _____ () C:\Windows\setupact.log

2015-05-21 08:05 - 2015-05-21 08:05 - 00000308 _____ () C:\Windows\PFRO.log

2015-05-20 22:27 - 2015-05-20 22:27 - 00000536 _____ () C:\Users\kyled_000\Downloads\Test Insert_05_21_2015-03_25_13_error.csv

2015-05-20 17:02 - 2015-05-20 17:02 - 03163665 _____ () C:\Users\kyled_000\Downloads\Contact Export-05_20_2015-22_02_15.csv

2015-05-19 12:26 - 2015-05-19 12:26 - 00002235 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-05-19 12:26 - 2015-05-19 12:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-05-19 11:49 - 2015-05-21 19:47 - 00000000 ____D () C:\FRST

2015-05-19 11:49 - 2015-05-19 11:49 - 00000677 _____ () C:\Users\kyled_000\Downloads\Search.txt

2015-05-19 11:48 - 2015-05-19 11:48 - 02107392 _____ (Farbar) C:\Users\kyled_000\Downloads\FRST64.exe

2015-05-19 11:25 - 2015-05-19 11:25 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\Macromedia

2015-05-19 09:54 - 2015-05-19 09:54 - 00000000 _____ () C:\autoexec.bat

2015-05-19 09:52 - 2015-05-19 09:52 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\kyled_000\Downloads\SpyHunter-Installer.exe

2015-05-19 09:12 - 2015-05-19 09:20 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2015-05-19 09:10 - 2015-05-19 09:10 - 16502728 _____ (Malwarebytes Corp.) C:\Users\kyled_000\Downloads\mbar-1.09.1.1004.exe

2015-05-19 08:20 - 2015-05-19 12:14 - 00000000 ____D () C:\Windows\Minidump

2015-05-18 18:05 - 2015-05-18 18:05 - 05197824 _____ () C:\Users\kyled_000\Downloads\HPSupportSolutionsFramework-11.51.0049.msi

2015-05-18 18:05 - 2015-05-18 18:05 - 00000000 ____D () C:\Program Files (x86)\Hp

2015-05-18 18:05 - 2015-05-18 18:05 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard

2015-05-18 12:29 - 2015-05-18 12:29 - 00880208 _____ (Google Inc.) C:\Users\kyled_000\Downloads\ChromeSetup.exe

2015-05-18 12:21 - 2015-05-18 12:21 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\Mozilla

2015-05-18 12:21 - 2015-05-18 12:21 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\Mozilla

2015-05-18 12:21 - 2015-05-18 12:21 - 00000000 ____D () C:\ProgramData\Mozilla

2015-05-18 09:44 - 2015-05-19 12:02 - 00000258 __RSH () C:\Users\kyled_000\ntuser.pol

2015-05-18 09:43 - 2015-05-21 19:38 - 00000000 __SHD () C:\ProgramData\Google

2015-05-18 08:00 - 2015-05-18 09:43 - 00000000 __SHD () C:\ProgramData\Unknown

2015-05-15 13:12 - 2015-05-15 13:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2015-05-15 13:12 - 2015-05-15 13:12 - 00000000 ____D () C:\Program Files\iTunes

2015-05-15 13:12 - 2015-05-15 13:12 - 00000000 ____D () C:\Program Files\iPod

2015-05-15 13:12 - 2015-05-15 13:12 - 00000000 ____D () C:\Program Files (x86)\iTunes

2015-05-15 13:12 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys

2015-05-15 13:06 - 2015-05-15 13:06 - 152428336 _____ (Apple Inc.) C:\Users\kyled_000\Downloads\itunes6464setup (1).exe

2015-05-15 12:58 - 2015-05-15 12:59 - 152428336 _____ (Apple Inc.) C:\Users\kyled_000\Downloads\itunes6464setup.exe

2015-05-15 11:37 - 2015-05-15 11:37 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\Gaijin Games

2015-05-13 08:26 - 2015-05-13 08:26 - 00822248 _____ (MurGee.com ) C:\Users\kyled_000\Downloads\setup.exe

2015-05-11 13:04 - 2015-05-11 13:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved

2015-05-11 13:03 - 2015-05-11 13:03 - 00192816 _____ () C:\Users\kyled_000\Downloads\raptr_installer.exe

2015-05-11 13:01 - 2015-05-11 13:01 - 05127432 _____ (Piriform Ltd) C:\Users\kyled_000\Downloads\spsetup128.exe

2015-05-11 13:01 - 2015-05-11 13:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy

2015-05-11 13:01 - 2015-05-11 13:01 - 00000000 ____D () C:\Program Files\Speccy

2015-05-11 11:18 - 2015-05-11 11:18 - 00000000 ____D () C:\Users\kyled_000\.swt

2015-05-11 10:48 - 2015-05-11 10:48 - 00002623 _____ () C:\Users\kyled_000\Desktop\Data Loader.lnk

2015-05-11 10:48 - 2015-05-11 10:48 - 00000000 ____D () C:\Program Files (x86)\salesforce.com

2015-05-11 10:47 - 2015-05-11 10:48 - 41445890 _____ () C:\Users\kyled_000\Downloads\ApexDataLoader.exe

2015-05-11 10:19 - 2015-05-20 21:14 - 19718144 _____ () C:\Users\kyled_000\Documents\4K test matching for inserting.accdb

2015-05-11 09:30 - 2015-05-11 09:30 - 00000000 ____D () C:\Users\kyled_000\Documents\NBGI

2015-05-11 09:30 - 2015-05-11 09:30 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\NBGI

2015-05-08 07:53 - 2015-05-19 12:02 - 00000258 __RSH () C:\ProgramData\ntuser.pol

2015-05-07 08:23 - 2015-05-07 08:23 - 00000048 _____ () C:\Users\kyled_000\Downloads\dbm06.m3u

2015-05-06 20:08 - 2015-05-06 20:51 - 00000000 ___HD () C:\ProgramData\CanonIJMIG

2015-05-06 19:59 - 2015-05-06 20:00 - 00000000 ___HD () C:\ProgramData\CanonIJScan

2015-05-05 22:01 - 2015-05-05 22:01 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\AMD

2015-05-05 16:37 - 2015-05-05 16:37 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat

2015-05-05 16:37 - 2015-05-05 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat

2015-05-05 16:37 - 2015-05-05 16:37 - 00000000 ____D () C:\Program Files (x86)\WinDirStat

2015-05-05 16:36 - 2015-05-05 16:36 - 00645729 _____ (WDS Team) C:\Users\kyled_000\Downloads\windirstat1_1_2_setup.exe

2015-05-05 16:35 - 2015-05-05 16:36 - 00000000 ____D () C:\Program Files\Defraggler

2015-05-05 16:35 - 2015-05-05 16:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler

2015-05-05 16:34 - 2015-05-05 16:35 - 04532776 _____ (Piriform Ltd) C:\Users\kyled_000\Downloads\dfsetup219.exe

2015-05-05 13:21 - 2015-05-21 18:04 - 00000000 ____D () C:\Users\kyled_000\Documents\Outlook Files

2015-05-05 13:18 - 2015-05-05 13:18 - 00000015 _____ () C:\Users\kyled_000\Desktop\SFAdminSupport.txt

2015-05-05 13:03 - 2015-05-05 13:03 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\Citrix

2015-05-05 13:03 - 2015-05-05 13:03 - 00000000 ____D () C:\Program Files (x86)\Citrix

2015-05-04 10:55 - 2015-05-04 10:55 - 00000000 ____D () C:\ProgramData\ATI

2015-05-04 10:47 - 2015-05-15 08:28 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\Raptr

2015-05-04 10:47 - 2015-05-11 13:04 - 00000000 ____D () C:\Program Files (x86)\Raptr

2015-05-04 10:47 - 2015-05-04 10:47 - 00053564 _____ () C:\Windows\SysWOW64\CCCInstall_201505041047160405.log

2015-05-04 10:47 - 2015-05-04 10:47 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\library_dir

2015-05-04 10:47 - 2015-05-04 10:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center

2015-05-04 10:47 - 2015-05-04 10:47 - 00000000 ____D () C:\ProgramData\AMD

2015-05-04 10:47 - 2015-05-04 10:47 - 00000000 ____D () C:\Program Files (x86)\AMD AVT

2015-05-04 10:46 - 2015-05-04 10:46 - 00000000 ____D () C:\Windows\LastGood.Tmp

2015-05-04 10:46 - 2015-05-04 10:46 - 00000000 ____D () C:\Program Files (x86)\AMD

2015-05-04 10:45 - 2015-05-04 10:45 - 00059756 _____ () C:\Windows\SysWOW64\CCCInstall_201505041045552144.log

2015-05-04 10:39 - 2015-05-08 14:23 - 00022325 _____ () C:\Users\kyled_000\Documents\TombRaider.log

2015-05-02 18:58 - 2015-05-19 08:28 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\Popcorn-Time

2015-05-02 18:58 - 2015-05-02 18:58 - 00002240 _____ () C:\Users\kyled_000\Desktop\Popcorn Time.lnk

2015-05-02 18:58 - 2015-05-02 18:58 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time

2015-05-02 18:58 - 2015-05-02 18:58 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\Popcorn Time

2015-04-30 20:07 - 2015-04-30 20:07 - 00000000 ____D () C:\Program Files (x86)\Sling Media

2015-04-30 20:02 - 2015-04-30 20:02 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\SlingMedia

2015-04-30 20:02 - 2015-04-30 20:02 - 00000000 ____D () C:\Program Files (x86)\SlingplayerForChrome

2015-04-29 21:33 - 2015-05-12 08:01 - 00001041 _____ () C:\Users\kyled_000\Desktop\Dropbox.lnk

2015-04-29 21:32 - 2015-05-12 08:01 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2015-04-29 09:07 - 2015-05-21 08:07 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\Deployment

2015-04-29 09:07 - 2015-04-29 09:07 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\Apps\2.0

2015-04-29 09:04 - 2015-05-11 10:48 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\salesforce.com

2015-04-29 09:04 - 2015-05-11 10:48 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\salesforce.com

2015-04-29 09:04 - 2015-04-29 09:07 - 00000000 ____D () C:\Users\kyled_000\Documents\Add-in Express

2015-04-28 15:00 - 2015-04-28 15:00 - 01536639 _____ () C:\Users\kyled_000\Downloads\Urologist List (3).csv

2015-04-28 14:30 - 2015-04-28 14:30 - 02176314 _____ () C:\Users\kyled_000\Downloads\Urologist List (2).csv

2015-04-27 20:08 - 2015-05-07 07:58 - 00000000 __SHD () C:\ProgramData\USSTR0N5TI2TI0N

2015-04-27 20:08 - 2015-04-27 20:06 - 07965128 ___SH () C:\ProgramData\Unknown.exe

2015-04-27 15:32 - 2015-04-27 16:21 - 00002236 ____H () C:\Users\kyled_000\Documents\Default.rdp

2015-04-26 11:57 - 2015-05-19 11:41 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-04-25 21:23 - 2015-05-06 20:08 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\canon

2015-04-25 21:23 - 2014-03-18 05:00 - 00408576 _____ (CANON INC.) C:\Windows\system32\CNMXLMC9.DLL

2015-04-25 21:22 - 2015-04-25 21:22 - 00000000 ____D () C:\Windows\system32\STRING

2015-04-25 21:22 - 2015-04-25 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG6600 series User Registration

2015-04-25 21:22 - 2015-04-25 21:22 - 00000000 ____D () C:\ProgramData\Canon IJ Network Tool

2015-04-25 21:22 - 2014-03-17 14:15 - 00380928 _____ (CANON INC.) C:\Windows\SysWOW64\CNMNPPM.DLL

2015-04-25 21:22 - 2014-03-17 14:15 - 00375296 _____ (CANON INC.) C:\Windows\system32\CNMN6PPM.DLL

2015-04-25 21:22 - 2014-03-17 14:15 - 00039424 _____ (CANON INC.) C:\Windows\system32\CNMN6UI.DLL

2015-04-25 21:22 - 2014-01-21 13:15 - 00336896 _____ (CANON INC.) C:\Windows\SysWOW64\CNC_C9L.dll

2015-04-25 21:22 - 2013-12-02 12:58 - 00096000 _____ () C:\Windows\SysWOW64\CNC177ED.TBL

2015-04-25 21:22 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll

2015-04-25 21:21 - 2015-04-25 21:21 - 00000000 ____D () C:\ProgramData\CanonIJWSpt

2015-04-25 21:17 - 2015-04-25 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities

2015-04-25 21:17 - 2015-04-25 21:22 - 00000000 ____D () C:\Program Files\Canon

2015-04-25 21:17 - 2015-04-25 21:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG6600 series Manual

2015-04-25 21:16 - 2015-04-25 21:17 - 00000000 ___HD () C:\Program Files\CanonBJ

2015-04-25 21:13 - 2014-03-18 05:00 - 00406016 _____ (CANON INC.) C:\Windows\system32\CNMLMC9.DLL

2015-04-25 21:00 - 2015-04-25 21:00 - 00000000 ___HD () C:\ProgramData\CanonIJETV

2015-04-25 20:57 - 2015-04-25 21:28 - 00000000 ____D () C:\Program Files (x86)\Canon

2015-04-24 16:38 - 2015-04-24 16:38 - 00854285 _____ () C:\Users\kyled_000\Downloads\Non-Inactive Urologists (1).xls

2015-04-24 16:22 - 2015-04-24 16:22 - 00854285 _____ () C:\Users\kyled_000\Downloads\Non-Inactive Urologists.xls

2015-04-24 16:18 - 2015-04-24 16:18 - 00088574 _____ () C:\Users\kyled_000\Downloads\Verified Urologists.csv

2015-04-23 17:26 - 2015-04-23 17:26 - 00001090 _____ () C:\Users\kyled_000\Desktop\join.me.lnk

2015-04-23 17:26 - 2015-04-23 17:26 - 00001090 _____ () C:\Users\kyled_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk

2015-04-23 17:26 - 2015-04-23 17:26 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\LogMeIn

2015-04-23 17:26 - 2015-04-23 17:26 - 00000000 ____D () C:\ProgramData\LogMeIn

2015-04-23 15:20 - 2015-04-23 17:26 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\join.me

2015-04-23 12:04 - 2015-04-23 12:05 - 00000000 ____D () C:\Users\kyled_000\Documents\Snagit

2015-04-23 12:03 - 2015-05-19 12:14 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\CrashDumps

2015-04-23 12:03 - 2015-04-23 12:03 - 00003826 _____ () C:\Windows\System32\Tasks\TechSmith Updater

2015-04-23 12:03 - 2015-04-23 12:03 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\TechSmith

2015-04-23 12:03 - 2015-04-23 12:03 - 00000000 ____D () C:\ProgramData\TechSmith

2015-04-23 12:03 - 2015-04-23 12:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith

2015-04-23 12:03 - 2015-04-23 12:03 - 00000000 ____D () C:\Program Files (x86)\TechSmith

2015-04-23 10:50 - 2015-04-23 10:51 - 78392312 _____ (TechSmith Corporation) C:\Users\kyled_000\Downloads\snagit.exe

2015-04-23 10:47 - 2015-05-21 08:07 - 00012784 _____ () C:\Users\kyled_000\PanPortalCfg_df4e06ca886479cce62ff6072284d2.dat

2015-04-23 10:47 - 2015-05-21 08:07 - 00000016 _____ () C:\Users\kyled_000\PanPUAC_df4e06ca886479cce62ff6072284d2.dat

2015-04-23 10:36 - 2015-05-21 19:38 - 03726460 _____ () C:\Users\kyled_000\PanGPA.log

2015-04-23 10:35 - 2015-04-23 10:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Palo Alto Networks

2015-04-23 10:35 - 2015-04-23 10:35 - 00000000 ____D () C:\Program Files\Palo Alto Networks

2015-04-23 10:34 - 2015-04-23 10:35 - 14396416 _____ () C:\Users\kyled_000\Downloads\GlobalProtect64.msi

2015-04-23 10:34 - 2015-04-23 10:34 - 00673699 _____ () C:\Users\kyled_000\Downloads\Urologist List.csv

2015-04-23 09:50 - 2015-04-23 09:50 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\openvr

2015-04-22 10:16 - 2015-05-21 19:44 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-04-22 10:16 - 2015-04-22 10:16 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-04-22 10:15 - 2015-05-04 10:50 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\Adobe

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-05-21 19:17 - 2014-09-13 23:01 - 00000938 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-05-21 19:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru

2015-05-21 18:27 - 2014-09-22 20:30 - 00005018 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for USSTR0N5TI2TI0N-kyled_000 USSTr0n5Ti2ti0n

2015-05-21 17:25 - 2014-09-13 22:59 - 01102183 _____ () C:\Windows\WindowsUpdate.log

2015-05-21 17:15 - 2014-09-15 22:00 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\Sling Media

2015-05-21 17:15 - 2014-09-14 01:26 - 00000000 ____D () C:\ProgramData\Package Cache

2015-05-21 16:35 - 2014-09-14 02:15 - 00000000 ____D () C:\Program Files (x86)\Steam

2015-05-21 14:17 - 2014-09-13 23:01 - 00000934 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-05-21 08:09 - 2014-03-18 05:03 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-05-21 08:07 - 2014-09-14 02:18 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\Dropbox

2015-05-21 08:06 - 2014-09-13 23:00 - 00000000 ___DO () C:\Users\kyled_000\OneDrive

2015-05-21 08:05 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-05-21 08:04 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\BBI

2015-05-19 17:21 - 2014-09-13 23:04 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1615724195-3356573343-772561760-1001

2015-05-19 12:25 - 2014-09-13 23:01 - 00000000 ____D () C:\Program Files (x86)\Google

2015-05-19 12:14 - 2015-01-29 19:14 - 00000000 ___DC () C:\Users\kyled_000\AppData\Local\MigWiz

2015-05-19 12:14 - 2014-09-13 23:10 - 00000000 ____D () C:\Windows\Panther

2015-05-19 12:02 - 2014-09-13 22:59 - 00000000 ____D () C:\Users\kyled_000

2015-05-19 08:20 - 2013-08-22 09:44 - 00487560 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-05-18 21:27 - 2014-09-20 20:34 - 00000000 ____D () C:\Program Files\Microsoft Office 15

2015-05-18 20:46 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\LiveKernelReports

2015-05-18 12:30 - 2014-09-13 23:01 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\Google

2015-05-18 09:44 - 2013-08-22 10:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2015-05-18 09:44 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy

2015-05-15 14:12 - 2014-09-13 23:01 - 00003910 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-05-15 14:12 - 2014-09-13 23:01 - 00003674 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-05-15 13:27 - 2014-11-13 22:22 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\Apple Computer

2015-05-15 13:12 - 2014-11-13 22:21 - 00000000 ____D () C:\Program Files\Common Files\Apple

2015-05-14 08:01 - 2014-09-22 20:30 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1615724195-3356573343-772561760-1001

2015-05-09 23:24 - 2014-09-28 14:44 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\vlc

2015-05-09 21:57 - 2014-09-28 14:45 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\dvdcss

2015-05-08 13:11 - 2014-09-14 02:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

2015-05-05 16:32 - 2014-09-14 02:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-05-05 16:32 - 2014-09-14 02:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-05-04 10:45 - 2014-09-14 01:26 - 00000000 ____D () C:\Program Files\AMD

2015-05-04 10:42 - 2014-09-14 01:26 - 00000000 ____D () C:\AMD

2015-04-26 12:22 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness

2015-04-26 12:17 - 2014-09-13 22:59 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\Packages

2015-04-25 21:22 - 2013-08-22 10:36 - 00000000 __RSD () C:\Windows\Media

2015-04-22 09:19 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\NDF

 

==================== Files in the root of some directories =======

 

2015-04-27 20:08 - 2015-04-27 20:06 - 7965128 ___SH () C:\ProgramData\Unknown.exe

 

Files to move or delete:

====================

C:\ProgramData\Unknown.exe

C:\Users\kyled_000\PanPortalCfg_df4e06ca886479cce62ff6072284d2.dat

C:\Users\kyled_000\PanPUAC_df4e06ca886479cce62ff6072284d2.dat

 

 

Some files in TEMP:

====================

C:\Users\kyled_000\AppData\Local\Temp\amd-catalyst-omega-14.12-without-dotnet45-win8.1-64bit.exe

C:\Users\kyled_000\AppData\Local\Temp\AutoDetectUtilApp.exe

C:\Users\kyled_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzxsrsu.dll

C:\Users\kyled_000\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe

C:\Users\kyled_000\AppData\Local\Temp\MSETUP4.EXE

C:\Users\kyled_000\AppData\Local\Temp\msvcp110.dll

C:\Users\kyled_000\AppData\Local\Temp\msvcr110.dll

C:\Users\kyled_000\AppData\Local\Temp\pc-decrapifier.exe

C:\Users\kyled_000\AppData\Local\Temp\raptrpatch.exe

C:\Users\kyled_000\AppData\Local\Temp\raptr_stub.exe

C:\Users\kyled_000\AppData\Local\Temp\sfamcc00001.dll

C:\Users\kyled_000\AppData\Local\Temp\sfextra.dll

C:\Users\kyled_000\AppData\Local\Temp\sqlite3.dll

C:\Users\kyled_000\AppData\Local\Temp\uninstall.exe

C:\Users\kyled_000\AppData\Local\Temp\utt13E.tmp.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-05-15 09:46

 

==================== End of log ============================

Link to post
Share on other sites

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll try to help your with your issue.
 
     
    
Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 



FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please upload them into your next reply.

Link to post
Share on other sites

51a612a8b27e2-Zoek.png Scan with ZOEK
 
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;autoclean;emptyalltemp;ipconfig /flushdns;b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

Link to post
Share on other sites

 

Zoek.exe v5.0.0.0 Updated 04-May-2015

Tool run by kyled_000 on Tue 05/26/2015 at 16:02:22.64.

Microsoft Windows 8.1 6.3.9600  x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\kyled_000\Downloads\zoek.exe [scan all users] [script inserted] 

 

==== System Restore Info ======================

 

5/26/2015 4:02:40 PM Zoek.exe System Restore Point Created Successfully.

 

==== Batch Command(s) Run By Tool======================

 

 

==== C:\zoek_backup content ======================

 

C:\zoek_backup (files=0 folders=0 0 bytes)

 

==== EOF on Tue 05/26/2015 at 16:02:48.25 ======================
Link to post
Share on other sites

 

Zoek.exe v5.0.0.0 Updated 04-May-2015

Tool run by kyled_000 on Wed 05/27/2015 at  8:08:35.32.

Microsoft Windows 8.1 6.3.9600  x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\kyled_000\Downloads\zoek.exe [scan all users] [script inserted] 

 

==== Older Logs ======================

 

C:\zoek-results2015-05-26-210248.log 626 bytes

 

==== System Restore Info ======================

 

5/27/2015 8:09:07 AM Zoek.exe System Restore Point Created Successfully.

 

==== Empty Folders Check ======================

 

C:\PROGRA~2\COMMON~1\Intel deleted successfully

C:\PROGRA~3\Canon IJ Network Tool deleted successfully

C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully

C:\PROGRA~3\USSTR0N5TI2TI0N deleted successfully

C:\Users\kyled_000\AppData\Roaming\uTorrent deleted successfully

C:\Users\kyled_000\AppData\Local\Adobe deleted successfully

C:\Users\kyled_000\AppData\Local\CrashDumps deleted successfully

C:\Users\kyled_000\AppData\Local\MigWiz deleted successfully

C:\Users\kyled_000\AppData\Local\VirtualStore deleted successfully

 

==== Deleting CLSID Registry Keys ======================

 

 

==== Deleting CLSID Registry Values ======================

 

 

==== Deleting Services ======================

 

 

==== Batch Command(s) Run By Tool======================

 

 

==== Deleting Files \ Folders ======================

 

C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found

C:\PROGRA~3\APN deleted

C:\PROGRA~3\Package Cache deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted

C:\windows\SysNative\GroupPolicy\machine deleted

C:\windows\SysNative\GroupPolicy\User deleted

C:\windows\SysNative\GroupPolicy\gpt.ini deleted

C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted

C:\PROGRA~3\Unknown.exe deleted

"C:\Users\kyled_000\Documents\Add-in Express\adxloader.log" not deleted

"C:\Users\kyled_000\Documents\Add-in Express" not deleted

 

==== Chromium Look ======================

 

Google Chrome Version: 43.0.2357.81

 

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

ihdceheklapbalfikfdppfpgdgabaglp - No path found[]

 

Bejeweled - kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm

Session Manager - kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi

Pushbullet - kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd

uBlock₀ - kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm

Bookmark Manager - kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik

Kindle Cloud Reader - kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd

Slingplayer for Google Chrome™ extension - kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdceheklapbalfikfdppfpgdgabaglp

90`s Games - kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\illbbfoihflomkbpcaaakhijinbnejom

Reddit Enhancement Suite - kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb

The Great Suspender - kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg

Chrome Hotword Shared Module - kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg

Plants vs Zombies - kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina

Abstract-Blue - kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnacehkknmafkjgkikclamogikoiaaa

Canvas Rider - kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk

 

==== Chromium Startpages ======================

 

C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Preferences

pko.com:443,https://mail.opko.com:443":{"ssl-cert-decisions":{"cert_exceptions_map":{"4294967094K4Ayqb8EJGitqUH9EHWmIW67MGpi90SP9z51bhoGFP4=":1},"guid":"27F1FB73-F60B-4A1C-9B62-8F03A09ED232","version":1}},"https://www.ups.com:443,https://www.ups.com:443":{"geolocation":1,"last_used":{"geolocation":1431120144.511697}},"https://www.youtube.com:443,https://www.youtube.com:443":{"fullscreen":1}},"pref_version":1},"default_content_setting_values":{"plugins":1},"default_content_settings":{},"exit_type":"Crashed","exited_cleanly":true,"gaia_info_picture_url":"https://lh4.googleusercontent.com/-dFJjrQojlvA/AAAAAAAAAAI/AAAAAAAAAE0/11avQ4L5ZGo/s256-c/photo.jpg","gaia_info_update_time":"13077205346128617","icon_version":3,"managed_user_id":"","managed_users":{},"migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"DefaultProfile","per_host_zoom_levels":{}},"protection":{"macs":{}},"reverse_autologin":{"enabled":false},"selectfile":{"last_directory":"C:\\Users\\kyled_000\\Downloads"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13076529960972621"},"signin":{"signedin_time":"13076531025383011"},"sync":{"encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAATtzlc45W0Ea8wLv/wSj26wAAAAACAAAAAAAQZgAAAAEAACAAAADq2Ialk+fFLGSQQhKrf0XwNKC3XPbz9cx1ppxEMGLX1AAAAAAOgAAAAAIAACAAAACrbZI8ZcpS5J0lvPmPUnqa76Pm7CubnEslFsaYObMvLEAAAAC9XIMBdmZXlKfFQgLTnWnVJTDXkd2YU3C6PqawubwpJQYx8ZAWa3zOWvqqZ3+nvc2ZO366Xzwzq968cCWyU38eQAAAACYBiBwHSpzKeqq85N5vwnfU35lwpGY7bW+UPRF+/h0LovLnlBpUbMwTPxWTZwWlMWe1Q9qRhrUCtzDCPZoDMhM=","first_sync_time":"13076531025404001","has_setup_completed":true,"keystore_encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAATtzlc45W0Ea8wLv/wSj26wAAAAACAAAAAAAQZgAAAAEAACAAAABXYFPOTK4tOzPbT/6dYeFmsccgFJnwv8jPl/oIRgXJjQAAAAAOgAAAAAIAACAAAADmJFRoKrlc/l0wUJP17Xniazw4EI465ipxqNrC3Q8qo1AAAAAZrIpnz28R2eAXHBDpYGi8S7Sc7YY4fH4Lb8zsvERRS+wmektChAecex7ebLucD3dIlQeF2f1BkBUODsEWWMvxmCpI0KfBvvLEwZZeD+he9EAAAABvMkfDfpHQlUGStD4j4xbA1s1NRIOuhpgXeCZDCELV2RY9ZGnFYCTK8ys6QSpnEULrHO+5M8cbaF33g3pttEqi","last_synced_time":"13077206001634258","session_sync_guid":"session_sync3yPwjBLjehfySrm+yt2VHA==","suppress_start":false},"sync_promo":{"startup_count":1},"translate_accepted_count":{"ar":1,"da":1,"de":5,"en":0,"es":5,"fr":2,"hr":1,"is":1,"it":1,"ja":0,"ms":2,"mt":0,"nl":1,"no":1,"pl":1,"pt":0,"ro":0,"ru":4,"sv":1,"tr":0},"translate_blocked_languages":[],"translate_denied_count":{"ar":0,"da":0,"de":0,"en":1,"es":0,"fr":0,"hr":0,"is":0,"it":0,"ja":1,"ms":0,"mt":1,"nl":0,"no":0,"pl":0,"pt":1,"ro":1,"ru":0,"sv":0,"tr":1},"translate_language_blacklist":[],"translate_site_blacklist":[],"translate_whitelists":{"de":"en","es":"en","ru":"en"}}

age":true,"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"443105A5D7E3041242C828DE7142C8503A6D66C05A48371317A5FB3B2FB1442B"},"default_search_provider":{"keyword":"62EE1E4B12E798BE35332924D3C0BEA0E8BCE2FBB368349CD2A31FE36004E87C","name":"2731A9A574BCEB7D433A7A544525CF9D77A2BE5E489F71670CDFD3B40E317EDE","search_url":"33419E611CC36B9C2D97B46797FDF199D4C83F1E5FB1C2BB86754C775AF4501A"},"default_search_provider_data":{"template_url_data":"2DFD8664C54836CFBC18A420A51DFEEE08A2764FE386DD3121BD8E8161438E10"},"extensions":{"settings":{"aapocclcgogkmnckokdopfmhonfmgoek":"198C1FDA0F2777658EDD2AABC3B9AF5AF50790F480C8F12595772F725153E1E7","adpkifcfcacgmnggcbpbjbkdijciiigm":"3F51B318BE1B4C237575FCA51DD7F5F868E18A1FC35A4B124FF4B9D7AD3493F8","ahfgeienlihckogmohjhadlkjgocpleb":"2C5E924DF6D06446D2C259591E1498BBEE2EE0517CF4DF0FC0288DC301309964","anelkojiepicmcldgnmkplocifmegpfj":"654ECDF2FC57E57299684767AFA23DB37077F2141E281008A2214499C57E5B50","aohghmighlieiainnegkcijnfilokake":"5BDDD858EE1F41A77B39DB4E0E6B1C0ACCC76CACB8634FB8D7B232E88E0BCCF0","apdfllckaahabafndbhieahigkjlhalf":"92D7ACC75BEAEFBD5F8776A8E4CCD63623A3D7E64A2F20D43C76B12A84968946","bbcnbpafconjjigibnhbfmmgdbbkcjfi":"6144AC5F68098F63BA35DA7C41463D8CA40C1A69DBAEDB46DE20BEDD77A25EBB","bepbmhgboaologfdajaanbcjmnhjmhfn":"4D0D87545B6A49363D4E183D401F1B6DA183AB989E1B1B115D67C916D3A6729D","blpcfgokakmgnkcojhhkbfbldkacnbeo":"13901B027D66488CB70B7A70912E8FF669BE4FB780BBE09563F4F3EC0703419C","chlffgpmiacpedhhbkiomidkjlcfhogd":"E30C2A500BFFB42E48DD0597954124867C7108C7C2A6E8CA8B4F8141CC490029","cjpalhdlnbpafiamejdnhcphjbkeiagm":"A2B8A2DA677B791E9BF257988EAC0F75BA988745A643AEA7D5A40EC8ADBEF273","coobgpohoikkiipiblmjeljniedjpjpf":"A207A5DBCD1B09E1B56C13B9D45C82631BB68380E8F5E40A118C266CF38370FE","eemcgdkfndhakfknompkggombfjjjeno":"F79A7C60B1C54540A4B4154DFEDF20997018128D7C5EBE6652E2412AAE154178","ennkphjdgehloodpbhlhldgbnhmacadg":"F2EEF65F412F954D02C8212623AA71B15ED7E87F0BD20EF84D6EC42AB86252B7","felcaaldnbdncclmgdcncolpebgiejap":"B616D7296A3874746BDDB0D74D7C92322FCC70BC953F1F4D1F8944F4F51D457D","gfdkimpbcpahaombhbimeihdjnejgicl":"A105C4D5259FC18E102C5B60E2EA5BDC52324BAA7E264472679319C72E54239F","gmlllbghnfkpflemihljekbapjopfjik":"6CDC8854638EC7808EC4A6145B952C79BECBE5D6DFACE915CBA88D56339557A3","icdipabjmbhpdkjaihfjoikhjjeneebd":"0B4A52B1FE535ED075861AFF51653CAF3600E0DDD400B06E6375AA63146BF251","ihdceheklapbalfikfdppfpgdgabaglp":"CDCC5D948E8464399F27D01FAB3D91CA9F4BA6E69A6CA617FB598FD8D1877AC5","illbbfoihflomkbpcaaakhijinbnejom":"28378E197A0CB46FAB0A422C21350D271FDB4192ECEE2D10A1A2E1C7295F6370","kbmfpngjjgdllneeigpgjifpgocmfgmb":"78CCE0E79EC87A711B7236A6C37CC5D2087B699CC61AD72E392C77C3C5670E51","klbibkeccnjlkjkiokjodocebajanakg":"67659C6CE28B3A7DFC7FBEACB67F4164F8E06D3ACFE21898C5A84C8ADAED3E8D","kmendfapggjehodndflmmgagdbamhnfd":"9E56CD77FE94BF2FF0CBFD1043E92FA1135BA62F4D19C7D8FF4BA969EBA776F0","lccekmodgklaepjeofjdjpbminllajkg":"FD8A8267C720500B34ED6E0568992A1CE60828579974E01324D373E0295AEEBC","mfehgcgbbipciphmccgaenjidiccnmng":"B10C7EBF8693B725C5152BF1DECCA4A5D370F3D1B4B347436ED4E3F8766AB252","mfffpogegjflfpflabcdkioaeobkgjik":"0F3AA9AEE73E774BE62F0D4EF151845BC6CBB79A6FE3B5A6BA19C836A5DF0452","mgndgikekgjfcpckkfioiadnlibdjbkf":"69521998DBE4720D385775C971EC03F03704EDCC2EAFAB44DD7A5C64C6DAD18A","mhjfbmdgcfjbbpaeojofohoefgiehjai":"9284BF6BF27B6162B117FAA2D9515EDBBFF038B96FE0A2D860B391E610B463D6","mihcahmgecmbnbcchbopgniflfhgnkff":"374F276B276D88EFFDE4919E0CC4E318CA87EDFFA9FD292C6ECB3F76D0C96423","mmcegpfdgcoclcdfkjahiimlikdpnina":"D92F1EBDD4C6F8B3FC43FEF569DAB3AF8E99DB210D1E4064DB7DDC89E42F00B4","nbpagnldghgfoolbancepceaanlmhfmd":"AA502E650C6ABC1BB2D8E811BA20A15282E0FFE3031F598FFBE8CB008801901F","neajdppkdcdipfabeoofebfddakdcjhd":"AEE4CDFEC9C54BFB7727AB9EC1FB7013AE724209324D270985CFB211C780D4F9","nkeimhogjdpnpccoofpliimaahmaaome":"E25F29913106DE5CC2E39FF10F03295C817571A96C78CB0A24C7699F972937DD","nmmhkkegccagdldgiimedpiccmgmieda":"DC766796D39D568DE1A111E966DF1E8D47BDDF7B859C879B17301162F892F756","oohphhdkahjlioohbalmicpokoefkgid":"1E24F30AD7818BF7E5B8AAF99D85D23D96B83175F60290C5480FFD61A59229A4","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"5BB098AD3387EDCAD065818FF55A11E8FB5612A6F1FBDDBE02C9D6E4272F10CC","pjkljhegncpnkpknbcohdijeoejaedia":"23410F7FB1840EC5A952BB75FB03605D7117C283CA6A723611F574A2CD7EA3E3","plnacehkknmafkjgkikclamogikoiaaa":"80DACF3398F315F98607C53916E9A024661044114670E7595313413F1ECCB0D5","poknhlcknimnnbfcombaooklofipaibk":"A147E0045628DEF72B08502C9B9AEDC101C265FBB9EC19227C39B55494AE1598"}},"google":{"services":{"last_username":"E41645188AEDA5B58C72D97E2DC763D43C4CA3FFC320A65E41F488F633D1AB99","username":"E4F75288D0D5D146033FD70705AAEA8D7EE5EC620136B09FCFEDC5794C318FC9"}},"homepage":"3BCBDAE077E86AD8276080A2F91174571F87B9B5C5DD57E7E80B863C6ECA4E32","homepage_is_newtabpage":"30DBA8FF003B23679BBFF3F51416157D38A8FD12E80CB8E33394751C4BDA9E5A","pinned_tabs":"960B58A197CFC26C566354AC20B81CE62EE36B8454DBE3052B347DC74A068931","prefs":{"preference_reset_time":"383D5C75D907C16C91BD1C7463C4A6FC975D74626EF60CF45ACEB5868B4F82C4"},"profile":{"reset_prompt_memento":"6A423FC5A1B6CBC6212365C96F5EBACC628DC7F72DA9ADFFE18919B3F3E0E74B"},"safebrowsing":{"incidents_sent":"39A79A8E1D11AF0AAB1A4B07F16A652F6AAD431CA2BDFC99BD4648D32365FA72"},"search_provider_overrides":"97BCD90309A957FC6138950653E0DFC2B3B50083C2DF693A58FEC5207D142F1F","session":{"restore_on_startup":"4CC6A486CC08E9A8D033431CA68C5EBA0DA31F6939D2FEFD73D1841BA4758F8D","startup_urls":"BE1BDD13965F4FDA83BB229622510BBD73F8133748C94F8CD7443C7954DC58B4"},"software_reporter":{"prompt_reason":"3B286B6D674191DC084E69D3A2DCAC903DCE7BD92028F49799373D90BA69F739","prompt_seed":"0880FD97194D235026481FDE2A4491F7A8B1AD66369AA4C6C3A87A1841D3CDFC","prompt_version":"496FA3CD012B5924E56806C15E2993CD1CD479980D66F24976167B7644EEC799"},"sync":{"remaining_rollback_tries":"75C01A8E112D967534E490594CADF8ABCBB564267A91DC11744632FCE8C92EE9"}},"super_mac":"2A851A43268E12371E9708E2BFA933A408368743552E78510386F52B5389FBFD"},"session":{"restore_on_startup":5,"startup_urls":["http://www.google.com/reader/view/#overview-page]},"sync":{"remaining_rollback_tries":0}}

 

 

==== Set IE to Default ======================

 

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://yourtv.link"

 

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://yourtv.link"

 

==== All HKCU SearchScopes ======================

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"


 

==== Empty IE Cache ======================

 

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\kyled_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\Users\kyled_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\Users\kyled_000\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

C:\Users\kyled_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

 

==== Empty FireFox Cache ======================

 

No FireFox Profiles found

 

==== Empty Chrome Cache ======================

 

C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

 

==== Empty All Flash Cache ======================

 

Flash Cache Emptied Successfully

 

==== Empty All Java Cache ======================

 

No Java Cache Found

 

==== C:\zoek_backup content ======================

 

C:\zoek_backup (files=30 folders=27 184836991 bytes)

 

==== Empty Temp Folders ======================

 

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\kyled_000\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

 

==== After Reboot ======================

 

==== Empty Temp Folders ======================

 

C:\Windows\Temp successfully emptied

C:\Users\KYLED_~1\AppData\Local\Temp successfully emptied

 

==== Empty Recycle Bin ======================

 

C:\$RECYCLE.BIN successfully emptied

 

==== Deleting Files / Folders ======================

 

"C:\Users\kyled_000\Documents\Add-in Express\adxloader.log"  not found

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found

"C:\Users\kyled_000\Documents\Add-in Express"  not found

 

==== EOF on Wed 05/27/2015 at  8:15:21.72 ======================
Link to post
Share on other sites

51a612a8b27e2-Zoek.png Scan with ZOEK

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;chrdefaults;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

Link to post
Share on other sites

 

Zoek.exe v5.0.0.0 Updated 04-May-2015

Tool run by kyled_000 on Wed 05/27/2015 at  8:50:58.03.

Microsoft Windows 8.1 6.3.9600  x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\kyled_000\Downloads\zoek.exe [scan all users] [script inserted] 

 

==== Older Logs ======================

 

C:\zoek-results2015-05-26-210248.log 626 bytes

C:\zoek-results2015-05-27-131521.log 15885 bytes

 

==== System Restore Info ======================

 

5/27/2015 8:51:15 AM Zoek.exe System Restore Point Created Successfully.

 

==== Reset Google Chrome ======================

 

C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully

C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

 

==== C:\zoek_backup content ======================

 

C:\zoek_backup (files=30 folders=27 184836991 bytes)

 

==== EOF on Wed 05/27/2015 at  8:51:23.63 ======================
Link to post
Share on other sites

FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015

Ran by kyled_000 (administrator) on USSTR0N5TI2TI0N on 27-05-2015 09:13:57
Running from C:\Users\kyled_000\Downloads
Loaded Profiles: kyled_000 (Available Profiles: kyled_000)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Palo Alto Networks) C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe
(TechSmith Corporation) C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Palo Alto Networks) C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Flux Software LLC) C:\Users\kyled_000\AppData\Local\FluxSoftware\Flux\flux.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\SnagPriv.exe
(Dropbox, Inc.) C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\TscHelp.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
() C:\Program Files (x86)\Launchy\Launchy.exe
(salesforce.com) C:\Users\kyled_000\AppData\Roaming\salesforce.com\Salesforce for Outlook\SfdcMsOl.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\SnagitEditor.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Palo Alto Networks\GlobalProtect\PanGpHipMp.exe
(OPSWAT, Inc.) C:\Program Files\Palo Alto Networks\GlobalProtect\32bitProxy.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [GlobalProtect] => C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe [1585456 2014-11-26] (Palo Alto Networks)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1284680 2014-01-17] (CANON INC.)
HKLM-x32\...\Run: [iJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [438888 2014-01-15] (CANON INC.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-1615724195-3356573343-772561760-1001\...\Run: [f.lux] => C:\Users\kyled_000\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-1615724195-3356573343-772561760-1001\...\Run: [uSSTR0N5TI2TI0N] => C:\ProgramData\Unknown.exe
HKU\S-1-5-21-1615724195-3356573343-772561760-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [457728 2014-03-18] (Microsoft Corporation)
HKU\S-1-5-21-1615724195-3356573343-772561760-1001\...\MountPoints2: {85afdce2-6b93-11e4-8270-c9902d343257} - "F:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1615724195-3356573343-772561760-1001\...\MountPoints2: {b1d9c79a-3bbc-11e4-8250-806e6f6e6963} - "D:\install.EXE" id= ver=1.0.0.0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 12.lnk [2015-04-23]
ShortcutTarget: Snagit 12.lnk -> C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe (TechSmith Corporation)
Startup: C:\Users\kyled_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-29]
ShortcutTarget: Dropbox.lnk -> C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\kyled_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kyled_000.exe [2015-04-27] ()
Startup: C:\Users\kyled_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk [2014-09-14]
ShortcutTarget: Launchy.lnk -> C:\Program Files (x86)\Launchy\Launchy.exe ()
Startup: C:\Users\kyled_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Salesforce for Outlook.lnk [2015-04-29]
ShortcutTarget: Salesforce for Outlook.lnk -> C:\Users\kyled_000\AppData\Roaming\salesforce.com\Salesforce for Outlook\SfdcMsOl.exe (salesforce.com)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1615724195-3356573343-772561760-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://yourtv.link
URLSearchHook: [s-1-5-21-1615724195-3356573343-772561760-1001] ATTENTION ==> Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1615724195-3356573343-772561760-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.google.com/cse?cx=partner-pub-8036109189802438%3A7790813904&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=yourtv.link%2F
SearchScopes: HKU\S-1-5-21-1615724195-3356573343-772561760-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.google.com/cse?cx=partner-pub-8036109189802438%3A7790813904&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=yourtv.link%2F
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.2.200.21 10.2.200.22
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-22] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-22] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-09-20] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-19]
CHR Extension: (Bejeweled) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2015-05-27]
CHR Extension: (From Dust) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\anelkojiepicmcldgnmkplocifmegpfj [2015-05-27]
CHR Extension: (Google Docs) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-19]
CHR Extension: (Google Drive) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-19]
CHR Extension: (Session Manager) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2015-05-27]
CHR Extension: (YouTube) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-19]
CHR Extension: (Pushbullet) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2015-05-27]
CHR Extension: (uBlock Origin) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2015-05-27]
CHR Extension: (Google Search) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-19]
CHR Extension: (Google Sheets) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-19]
CHR Extension: (Bookmark Manager) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-20]
CHR Extension: (Kindle Cloud Reader) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2015-05-27]
CHR Extension: (Slingplayer for Google Chrome™ extension) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdceheklapbalfikfdppfpgdgabaglp [2015-05-19]
CHR Extension: (90`s Games) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\illbbfoihflomkbpcaaakhijinbnejom [2015-05-27]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2015-05-27]
CHR Extension: (The Great Suspender) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2015-05-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-19]
CHR Extension: (Google Mail Checker) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2015-05-27]
CHR Extension: (Plants vs Zombies) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina [2015-05-27]
CHR Extension: (Google Wallet) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-19]
CHR Extension: (Gmail) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-19]
CHR Extension: (Abstract-Blue) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnacehkknmafkjgkikclamogikoiaaa [2015-05-27]
CHR Extension: (Canvas Rider) - C:\Users\kyled_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk [2015-05-27]
CHR HKLM-x32\...\Chrome\Extension: [ihdceheklapbalfikfdppfpgdgabaglp] - https://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [324424 2014-08-14] (Intel Corporation)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1930608 2015-04-08] (Electronic Arts)
R2 PanGPS; C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe [2405680 2014-11-26] (Palo Alto Networks)
R2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3408384 2015-01-26] (TechSmith Corporation) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-19] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-26] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 PanGpd; C:\Windows\system32\DRIVERS\pangpd.sys [36352 2014-11-26] (Palo Alto Networks)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]
S3 iwdbus; \SystemRoot\System32\drivers\iwdbus.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-27 09:13 - 2015-05-27 09:13 - 00000000 ____D () C:\Users\kyled_000\Downloads\FRST-OlderVersion
2015-05-27 08:51 - 2015-05-27 08:15 - 00015885 _____ () C:\zoek-results2015-05-27-131521.log
2015-05-27 08:37 - 2015-05-27 08:37 - 00000000 ____D () C:\Users\kyled_000\Documents\Add-in Express
2015-05-27 08:15 - 2015-05-27 08:15 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\VirtualStore
2015-05-27 08:09 - 2015-05-26 16:02 - 00000626 _____ () C:\zoek-results2015-05-26-210248.log
2015-05-26 16:21 - 2015-05-26 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-05-26 16:21 - 2015-05-26 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-05-26 16:21 - 2015-05-26 16:21 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-05-26 16:21 - 2015-05-26 16:21 - 00000000 ____D () C:\Program Files\iTunes
2015-05-26 16:21 - 2015-05-26 16:21 - 00000000 ____D () C:\Program Files\iPod
2015-05-26 16:21 - 2015-05-26 16:21 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-05-26 16:20 - 2015-05-26 16:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-05-26 16:20 - 2015-05-26 16:20 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-05-26 16:02 - 2015-05-27 08:51 - 00001183 _____ () C:\zoek-results.log
2015-05-26 16:02 - 2015-05-27 08:13 - 00000000 ____D () C:\zoek_backup
2015-05-26 16:02 - 2015-05-26 16:02 - 01308672 _____ () C:\Users\kyled_000\Downloads\zoek.exe
2015-05-21 19:42 - 2015-05-21 19:47 - 00043689 _____ () C:\Users\kyled_000\Downloads\Addition.txt
2015-05-21 19:41 - 2015-05-27 09:14 - 00020291 _____ () C:\Users\kyled_000\Downloads\FRST.txt
2015-05-21 19:41 - 2015-05-21 19:47 - 00041249 _____ () C:\Users\kyled_000\Downloads\FRST(20).txt
2015-05-21 18:04 - 2015-05-21 18:04 - 00151245 _____ () C:\Users\kyled_000\Desktop\Copy of AUA 2015 Booth Scans - All Days - 5-19-15 df.xlsm
2015-05-21 17:15 - 2015-05-21 18:04 - 00000075 _____ () C:\Users\kyled_000\Downloads\debug.log
2015-05-21 17:15 - 2015-05-21 17:15 - 00002587 _____ () C:\Users\Public\Desktop\Slingplayer Desktop.lnk
2015-05-21 17:14 - 2015-05-21 17:14 - 40258296 _____ (Sling Media) C:\Users\kyled_000\Downloads\SlingplayerDesktop-5.0.0.83.exe
2015-05-21 10:46 - 2015-05-21 10:46 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-21 10:46 - 2015-05-21 10:46 - 00000000 _____ () C:\Windows\setupact.log
2015-05-21 08:05 - 2015-05-27 08:15 - 00001204 _____ () C:\Windows\PFRO.log
2015-05-20 22:27 - 2015-05-20 22:27 - 00000536 _____ () C:\Users\kyled_000\Downloads\Test Insert_05_21_2015-03_25_13_error.csv
2015-05-20 17:02 - 2015-05-20 17:02 - 03163665 _____ () C:\Users\kyled_000\Downloads\Contact Export-05_20_2015-22_02_15.csv
2015-05-19 12:26 - 2015-05-19 12:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-19 11:49 - 2015-05-27 09:13 - 00000000 ____D () C:\FRST
2015-05-19 11:49 - 2015-05-19 11:49 - 00000677 _____ () C:\Users\kyled_000\Downloads\Search.txt
2015-05-19 11:48 - 2015-05-27 09:13 - 02108928 _____ (Farbar) C:\Users\kyled_000\Downloads\FRST64.exe
2015-05-19 11:25 - 2015-05-19 11:25 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\Macromedia
2015-05-19 09:54 - 2015-05-19 09:54 - 00000000 _____ () C:\autoexec.bat
2015-05-19 09:52 - 2015-05-19 09:52 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\kyled_000\Downloads\SpyHunter-Installer.exe
2015-05-19 09:10 - 2015-05-19 09:10 - 16502728 _____ (Malwarebytes Corp.) C:\Users\kyled_000\Downloads\mbar-1.09.1.1004.exe
2015-05-19 08:20 - 2015-05-19 12:14 - 00000000 ____D () C:\Windows\Minidump
2015-05-18 18:05 - 2015-05-18 18:05 - 05197824 _____ () C:\Users\kyled_000\Downloads\HPSupportSolutionsFramework-11.51.0049.msi
2015-05-18 18:05 - 2015-05-18 18:05 - 00000000 ____D () C:\Program Files (x86)\Hp
2015-05-18 18:05 - 2015-05-18 18:05 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2015-05-18 12:29 - 2015-05-18 12:29 - 00880208 _____ (Google Inc.) C:\Users\kyled_000\Downloads\ChromeSetup.exe
2015-05-18 12:21 - 2015-05-18 12:21 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\Mozilla
2015-05-18 12:21 - 2015-05-18 12:21 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\Mozilla
2015-05-18 12:21 - 2015-05-18 12:21 - 00000000 ____D () C:\ProgramData\Mozilla
2015-05-18 09:44 - 2015-05-27 08:52 - 00000258 __RSH () C:\Users\kyled_000\ntuser.pol
2015-05-18 09:43 - 2015-05-27 08:53 - 00000000 __SHD () C:\ProgramData\Google
2015-05-18 08:00 - 2015-05-18 09:43 - 00000000 __SHD () C:\ProgramData\Unknown
2015-05-15 13:12 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2015-05-15 13:06 - 2015-05-15 13:06 - 152428336 _____ (Apple Inc.) C:\Users\kyled_000\Downloads\itunes6464setup (1).exe
2015-05-15 12:58 - 2015-05-15 12:59 - 152428336 _____ (Apple Inc.) C:\Users\kyled_000\Downloads\itunes6464setup.exe
2015-05-15 11:37 - 2015-05-15 11:37 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\Gaijin Games
2015-05-13 08:26 - 2015-05-13 08:26 - 00822248 _____ (MurGee.com ) C:\Users\kyled_000\Downloads\setup.exe
2015-05-11 13:04 - 2015-05-11 13:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2015-05-11 13:03 - 2015-05-11 13:03 - 00192816 _____ () C:\Users\kyled_000\Downloads\raptr_installer.exe
2015-05-11 13:01 - 2015-05-11 13:01 - 05127432 _____ (Piriform Ltd) C:\Users\kyled_000\Downloads\spsetup128.exe
2015-05-11 13:01 - 2015-05-11 13:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2015-05-11 13:01 - 2015-05-11 13:01 - 00000000 ____D () C:\Program Files\Speccy
2015-05-11 11:18 - 2015-05-11 11:18 - 00000000 ____D () C:\Users\kyled_000\.swt
2015-05-11 10:48 - 2015-05-11 10:48 - 00002623 _____ () C:\Users\kyled_000\Desktop\Data Loader.lnk
2015-05-11 10:48 - 2015-05-11 10:48 - 00000000 ____D () C:\Program Files (x86)\salesforce.com
2015-05-11 10:47 - 2015-05-11 10:48 - 41445890 _____ () C:\Users\kyled_000\Downloads\ApexDataLoader.exe
2015-05-11 10:19 - 2015-05-20 21:14 - 19718144 _____ () C:\Users\kyled_000\Documents\4K test matching for inserting.accdb
2015-05-11 09:30 - 2015-05-11 09:30 - 00000000 ____D () C:\Users\kyled_000\Documents\NBGI
2015-05-11 09:30 - 2015-05-11 09:30 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\NBGI
2015-05-08 07:53 - 2015-05-27 08:14 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-05-07 08:23 - 2015-05-07 08:23 - 00000048 _____ () C:\Users\kyled_000\Downloads\dbm06.m3u
2015-05-06 20:08 - 2015-05-06 20:51 - 00000000 ___HD () C:\ProgramData\CanonIJMIG
2015-05-06 19:59 - 2015-05-06 20:00 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2015-05-05 22:01 - 2015-05-05 22:01 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\AMD
2015-05-05 16:37 - 2015-05-05 16:37 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
2015-05-05 16:37 - 2015-05-05 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
2015-05-05 16:37 - 2015-05-05 16:37 - 00000000 ____D () C:\Program Files (x86)\WinDirStat
2015-05-05 16:36 - 2015-05-05 16:36 - 00645729 _____ (WDS Team) C:\Users\kyled_000\Downloads\windirstat1_1_2_setup.exe
2015-05-05 16:35 - 2015-05-05 16:36 - 00000000 ____D () C:\Program Files\Defraggler
2015-05-05 16:35 - 2015-05-05 16:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2015-05-05 16:34 - 2015-05-05 16:35 - 04532776 _____ (Piriform Ltd) C:\Users\kyled_000\Downloads\dfsetup219.exe
2015-05-05 13:21 - 2015-05-27 08:37 - 00000000 ____D () C:\Users\kyled_000\Documents\Outlook Files
2015-05-05 13:18 - 2015-05-05 13:18 - 00000015 _____ () C:\Users\kyled_000\Desktop\SFAdminSupport.txt
2015-05-05 13:03 - 2015-05-05 13:03 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\Citrix
2015-05-05 13:03 - 2015-05-05 13:03 - 00000000 ____D () C:\Program Files (x86)\Citrix
2015-05-04 10:55 - 2015-05-04 10:55 - 00000000 ____D () C:\ProgramData\ATI
2015-05-04 10:47 - 2015-05-15 08:28 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\Raptr
2015-05-04 10:47 - 2015-05-11 13:04 - 00000000 ____D () C:\Program Files (x86)\Raptr
2015-05-04 10:47 - 2015-05-04 10:47 - 00053564 _____ () C:\Windows\SysWOW64\CCCInstall_201505041047160405.log
2015-05-04 10:47 - 2015-05-04 10:47 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\library_dir
2015-05-04 10:47 - 2015-05-04 10:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-05-04 10:47 - 2015-05-04 10:47 - 00000000 ____D () C:\ProgramData\AMD
2015-05-04 10:47 - 2015-05-04 10:47 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2015-05-04 10:46 - 2015-05-04 10:46 - 00000000 ____D () C:\Windows\LastGood.Tmp
2015-05-04 10:46 - 2015-05-04 10:46 - 00000000 ____D () C:\Program Files (x86)\AMD
2015-05-04 10:45 - 2015-05-04 10:45 - 00059756 _____ () C:\Windows\SysWOW64\CCCInstall_201505041045552144.log
2015-05-04 10:39 - 2015-05-08 14:23 - 00022325 _____ () C:\Users\kyled_000\Documents\TombRaider.log
2015-05-02 18:58 - 2015-05-26 18:44 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\Popcorn-Time
2015-05-02 18:58 - 2015-05-02 18:58 - 00002240 _____ () C:\Users\kyled_000\Desktop\Popcorn Time.lnk
2015-05-02 18:58 - 2015-05-02 18:58 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time
2015-05-02 18:58 - 2015-05-02 18:58 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\Popcorn Time
2015-04-30 20:07 - 2015-04-30 20:07 - 00000000 ____D () C:\Program Files (x86)\Sling Media
2015-04-30 20:02 - 2015-04-30 20:02 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\SlingMedia
2015-04-30 20:02 - 2015-04-30 20:02 - 00000000 ____D () C:\Program Files (x86)\SlingplayerForChrome
2015-04-29 21:33 - 2015-05-12 08:01 - 00001041 _____ () C:\Users\kyled_000\Desktop\Dropbox.lnk
2015-04-29 21:32 - 2015-05-12 08:01 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-29 09:07 - 2015-05-27 08:37 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\Deployment
2015-04-29 09:07 - 2015-04-29 09:07 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\Apps\2.0
2015-04-29 09:04 - 2015-05-11 10:48 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\salesforce.com
2015-04-29 09:04 - 2015-05-11 10:48 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\salesforce.com
2015-04-28 15:00 - 2015-04-28 15:00 - 01536639 _____ () C:\Users\kyled_000\Downloads\Urologist List (3).csv
2015-04-28 14:30 - 2015-04-28 14:30 - 02176314 _____ () C:\Users\kyled_000\Downloads\Urologist List (2).csv
2015-04-27 15:32 - 2015-04-27 16:21 - 00002236 ____H () C:\Users\kyled_000\Documents\Default.rdp
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-27 09:13 - 2014-09-22 20:30 - 00005018 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for USSTR0N5TI2TI0N-kyled_000 USSTr0n5Ti2ti0n
2015-05-27 09:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru
2015-05-27 08:52 - 2014-09-13 22:59 - 00000000 ____D () C:\Users\kyled_000
2015-05-27 08:44 - 2015-04-22 10:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-27 08:37 - 2015-04-23 10:47 - 00012784 _____ () C:\Users\kyled_000\PanPortalCfg_df4e06ca886479cce62ff6072284d2.dat
2015-05-27 08:37 - 2015-04-23 10:47 - 00000016 _____ () C:\Users\kyled_000\PanPUAC_df4e06ca886479cce62ff6072284d2.dat
2015-05-27 08:37 - 2015-04-23 10:36 - 03910735 _____ () C:\Users\kyled_000\PanGPA.log
2015-05-27 08:37 - 2014-09-14 02:15 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-27 08:36 - 2014-09-13 22:59 - 01432860 _____ () C:\Windows\WindowsUpdate.log
2015-05-27 08:21 - 2014-03-18 05:03 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-27 08:17 - 2014-09-13 23:01 - 00000938 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-27 08:15 - 2014-09-14 02:18 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\Dropbox
2015-05-27 08:15 - 2014-09-13 23:01 - 00000934 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-27 08:15 - 2014-09-13 23:00 - 00000000 ___DO () C:\Users\kyled_000\OneDrive
2015-05-27 08:15 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-27 08:14 - 2013-08-22 10:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-05-27 08:14 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-05-27 08:14 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-05-26 18:29 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-05-26 17:50 - 2014-09-13 23:04 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1615724195-3356573343-772561760-1001
2015-05-26 16:21 - 2014-11-13 22:21 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-05-26 08:10 - 2014-09-22 20:30 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1615724195-3356573343-772561760-1001
2015-05-21 17:15 - 2014-09-15 22:00 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\Sling Media
2015-05-19 12:25 - 2014-09-13 23:01 - 00000000 ____D () C:\Program Files (x86)\Google
2015-05-19 12:14 - 2014-09-13 23:10 - 00000000 ____D () C:\Windows\Panther
2015-05-19 11:41 - 2015-04-26 11:57 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-19 08:20 - 2013-08-22 09:44 - 00487560 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-18 21:27 - 2014-09-20 20:34 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-05-18 20:46 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-05-18 12:30 - 2014-09-13 23:01 - 00000000 ____D () C:\Users\kyled_000\AppData\Local\Google
2015-05-15 14:12 - 2014-09-13 23:01 - 00003910 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-15 14:12 - 2014-09-13 23:01 - 00003674 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-15 13:27 - 2014-11-13 22:22 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\Apple Computer
2015-05-09 23:24 - 2014-09-28 14:44 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\vlc
2015-05-09 21:57 - 2014-09-28 14:45 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\dvdcss
2015-05-08 13:11 - 2014-09-14 02:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-05-06 20:08 - 2015-04-25 21:23 - 00000000 ____D () C:\Users\kyled_000\AppData\Roaming\canon
2015-05-05 16:32 - 2014-09-14 02:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-05 16:32 - 2014-09-14 02:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-04 10:45 - 2014-09-14 01:26 - 00000000 ____D () C:\Program Files\AMD
2015-05-04 10:42 - 2014-09-14 01:26 - 00000000 ____D () C:\AMD
 
Files to move or delete:
====================
C:\Users\kyled_000\PanPortalCfg_df4e06ca886479cce62ff6072284d2.dat
C:\Users\kyled_000\PanPUAC_df4e06ca886479cce62ff6072284d2.dat
 
 
Some files in TEMP:
====================
C:\Users\kyled_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2lzrm0.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-26 08:34
 
==================== End of log ============================
Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015

Ran by kyled_000 at 2015-05-27 09:14:17

Running from C:\Users\kyled_000\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-1615724195-3356573343-772561760-500 - Administrator - Disabled)

Guest (S-1-5-21-1615724195-3356573343-772561760-501 - Limited - Disabled)

kyled_000 (S-1-5-21-1615724195-3356573343-772561760-1001 - Administrator - Enabled) => C:\Users\kyled_000

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

ACE COMBAT™ ASSAULT HORIZON Enhanced Edition (HKLM-x32\...\Steam App 228400) (Version:  - Namco)

Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)

AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)

Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

BIT.TRIP Presents... Runner2: Future Legend of Rhythm Alien (HKLM-x32\...\Steam App 218060) (Version:  - Gaijin Games)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)

Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.2.3 - Canon Inc.)

Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.5.0 - Canon Inc.)

Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.)

Canon MG6600 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6600_series) (Version: 1.00 - Canon Inc.)

Canon MG6600 series On-screen Manual (HKLM-x32\...\Canon MG6600 series On-screen Manual) (Version: 7.7.0 - Canon Inc.)

Canon MG6600 series User Registration (HKLM-x32\...\Canon MG6600 series User Registration) (Version:  - ‭Canon Inc.)

Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.0.0 - Canon Inc.)

Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.0.0 - Canon Inc.)

Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)

Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.4.0 - Canon Inc.)

Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)

CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)

Citrix Online Launcher (HKLM-x32\...\{6740FE60-43C1-4D15-8C4A-001624134B14}) (Version: 1.0.312 - Citrix)

Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version:  - FromSoftware)

Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)

Dropbox (HKU\S-1-5-21-1615724195-3356573343-772561760-1001\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)

f.lux (HKU\S-1-5-21-1615724195-3356573343-772561760-1001\...\Flux) (Version:  - )

Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)

FEZ (HKLM-x32\...\Steam App 224760) (Version:  - Polytron Corporation)

Fraps (HKLM-x32\...\Fraps) (Version:  - )

FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - Subset Games)

GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)

GlobalProtect (HKLM\...\{BB18DEA5-4F6E-4A05-B73B-C2DC86FC60EF}) (Version: 2.1.1 - Palo Alto Networks)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)

Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden

HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)

iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)

iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)

join.me (HKU\S-1-5-21-1615724195-3356573343-772561760-1001\...\JoinMe) (Version: 1.20.0.125 - LogMeIn, Inc.)

Launchy 2.5 (HKLM-x32\...\Launchy_21344213_is1) (Version:  - Code Jelly)

Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)

Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.05.0.0 - Electronic Arts)

Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4719.1002 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-1615724195-3356573343-772561760-1001\...\OneDriveSetup.exe) (Version: 17.3.5860.0512 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)

MusicBee 2.4 (HKLM-x32\...\MusicBee) (Version: 2.4 - Steven Mayall)

NVIDIA PhysX (HKLM-x32\...\{9530AE42-DAE1-4619-9594-B23487285D17}) (Version: 9.11.1107 - NVIDIA Corporation)

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden

Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)

Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.9 - )

Popcorn Time (HKU\S-1-5-21-1615724195-3356573343-772561760-1001\...\Popcorn Time) (Version:  - Popcorn Official)

Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)

QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)

Raptr (HKLM-x32\...\Raptr) (Version:  - )

Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)

Salesforce for Outlook (HKLM\...\{F2CED60E-2E22-4880-8D21-3AAE1B0DE6CD}) (Version: 2.7.01.3490 - salesforce.com)

salesforce.com Data Loader (HKLM-x32\...\Data Loader) (Version:  - )

Skype™ 6.20 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.20.104 - Skype Technologies S.A.)

Slingplayer Desktop (x32 Version: 5.0.0.83 - Sling Media) Hidden

Slingplayer for Chrome Installer (x32 Version: 0.0.0.74 - Sling Media) Hidden

SlingPlayer for Web (HKLM-x32\...\{576AB4FA-71CB-4530-9EA2-91308367C169}) (Version: 2.4.0130 - Sling Media)

Slingplayer-Desktop (HKLM-x32\...\{176cb1f2-7151-4061-9811-46494cdc407d}) (Version: 5.0.0.83 - Sling Media)

SlingplayerForChrome (HKLM-x32\...\{bb0c4701-6cb0-48ad-bca2-413e8f92b9cd}) (Version: 0.0.0.74 - Sling Media)

Snagit 12 (HKLM-x32\...\{50f2d2b0-9e6e-466f-b418-b3526b61aa3f}) (Version: 12.3.2.2920 - TechSmith Corporation)

Snagit 12 (x32 Version: 12.3.2 - TechSmith Corporation) Hidden

Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)

SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )

Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)

SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 2.5.2 - Krzysztof Kowalczyk)

Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)

The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)

Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)

VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)

WinDirStat 1.1.2 (HKU\S-1-5-21-1615724195-3356573343-772561760-1001\...\WinDirStat) (Version:  - )

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-1615724195-3356573343-772561760-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1615724195-3356573343-772561760-1001_Classes\CLSID\{2FC26622-8613-373E-AF16-1037020B1210}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1615724195-3356573343-772561760-1001_Classes\CLSID\{65314D30-1EF1-362A-95EE-8A0E1EEDBB5B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1615724195-3356573343-772561760-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

CustomCLSID: HKU\S-1-5-21-1615724195-3356573343-772561760-1001_Classes\CLSID\{8DAB7772-9410-49BA-9958-EB8392EE2F35}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1615724195-3356573343-772561760-1001_Classes\CLSID\{8DC0828E-7DE4-37A6-951F-80EBE34305D1}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1615724195-3356573343-772561760-1001_Classes\CLSID\{DEC08347-BAAF-3527-AE62-D8E3651DEF72}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1615724195-3356573343-772561760-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1615724195-3356573343-772561760-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\kyled_000\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1615724195-3356573343-772561760-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1615724195-3356573343-772561760-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1615724195-3356573343-772561760-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1615724195-3356573343-772561760-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1615724195-3356573343-772561760-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1615724195-3356573343-772561760-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1615724195-3356573343-772561760-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1615724195-3356573343-772561760-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

 

==================== Restore Points =========================

 

11-05-2015 09:29:31 Installed DirectX

15-05-2015 13:03:08 Removed iTunes

18-05-2015 12:05:16 Revo Uninstaller's restore point - Auto Clicker v1.9

21-05-2015 17:14:57 Slingplayer-Desktop

26-05-2015 16:02:34 zoek.exe restore point

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {104A2B34-5DDC-4E18-A7B9-DB857D0B6E1A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)

Task: {13C4A6B7-4AA8-4023-9C0C-7DE06AEA7F5C} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe

Task: {19E5BBDD-061C-4684-B0DA-49B05EF60CFB} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

Task: {35DBD3D0-6C82-4911-A1A8-7D1B2E48F453} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-13] (Google Inc.)

Task: {3B2C0BF0-EF99-4E22-A89A-DE0871B4AA68} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

Task: {50394F3A-E099-404F-B6D8-F4EA99A18A54} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-22] (Adobe Systems Incorporated)

Task: {764D3134-E38E-46EF-800F-2EEE7E050D4E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)

Task: {8EFB7778-DA4F-44B6-ACC6-309AA8D3D6E0} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2014-07-31] (TechSmith Corporation)

Task: {8FCE1F11-7F0B-45CD-B4B3-628078EB7A5D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-13] (Google Inc.)

Task: {9557002D-05FA-46EF-A3BA-14EEA2720FAD} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1615724195-3356573343-772561760-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe

Task: {C2DE22EE-69DC-45EA-85CE-E1D7FBD52353} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)

Task: {C88F4D76-6FD4-4D6A-8936-BD76B8EAC319} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-18] (Microsoft Corporation)

Task: {EC544D53-0DFF-46D5-891F-8F2A4F7BB3C5} - System32\Tasks\Microsoft Office 15 Sync Maintenance for USSTR0N5TI2TI0N-kyled_000 USSTr0n5Ti2ti0n => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-03-10] (Microsoft Corporation)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (Whitelisted) ==============

 

2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2014-09-13 23:02 - 2013-07-04 05:32 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe

2014-09-20 20:34 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2015-03-16 17:50 - 2015-01-27 10:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2014-09-14 02:15 - 2010-04-03 16:05 - 00380928 _____ () C:\Program Files (x86)\Launchy\Launchy.exe

2014-11-26 10:15 - 2014-11-26 10:15 - 00910128 _____ () C:\Program Files\Palo Alto Networks\GlobalProtect\PanGpHipMp.exe

2014-11-26 10:14 - 2014-11-26 10:14 - 00045360 _____ () C:\Program Files\Palo Alto Networks\GlobalProtect\PanGpHipLib.dll

2014-09-13 23:02 - 2015-05-27 08:15 - 00034304 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll

2014-09-13 23:02 - 2013-07-04 05:32 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll

2015-04-17 04:23 - 2015-04-17 04:23 - 02099200 _____ () C:\Program Files (x86)\TechSmith\Snagit 12\opencv_core249.dll

2015-04-17 04:23 - 2015-04-17 04:23 - 00050688 _____ () C:\Program Files (x86)\TechSmith\Snagit 12\ScrollingCapture.dll

2015-04-17 04:23 - 2015-04-17 04:23 - 01914368 _____ () C:\Program Files (x86)\TechSmith\Snagit 12\opencv_imgproc249.dll

2015-05-27 08:15 - 2015-05-27 08:15 - 00043008 _____ () c:\Users\kyled_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2lzrm0.dll

2015-03-04 16:45 - 2015-03-04 16:45 - 00750080 _____ () C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\libGLESv2.dll

2015-03-04 16:45 - 2015-03-04 16:45 - 00047616 _____ () C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\libEGL.dll

2015-03-04 16:45 - 2015-03-04 16:45 - 00865280 _____ () C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll

2015-03-04 16:45 - 2015-03-04 16:45 - 00200704 _____ () C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll

2014-09-14 02:15 - 2009-12-17 01:13 - 08314880 _____ () C:\Program Files (x86)\Launchy\QtGui4.dll

2014-09-14 02:15 - 2009-12-17 00:56 - 00712704 _____ () C:\Program Files (x86)\Launchy\QtNetwork4.dll

2014-09-14 02:15 - 2009-12-17 00:54 - 02236416 _____ () C:\Program Files (x86)\Launchy\QtCore4.dll

2014-09-14 02:15 - 2009-12-17 03:18 - 00233472 _____ () C:\Program Files (x86)\Launchy\imageformats\qmng4.dll

2014-09-14 02:15 - 2010-04-03 16:06 - 00081920 _____ () C:\Program Files (x86)\Launchy\plugins\calcy.dll

2014-09-14 02:15 - 2010-04-03 16:05 - 00090112 _____ () C:\Program Files (x86)\Launchy\plugins\controly.dll

2014-09-14 02:15 - 2010-04-03 16:06 - 00024064 _____ () C:\Program Files (x86)\Launchy\plugins\gcalc.dll

2014-09-14 02:15 - 2010-04-03 16:06 - 00094208 _____ () C:\Program Files (x86)\Launchy\plugins\runner.dll

2014-09-14 02:15 - 2010-04-03 16:05 - 00057344 _____ () C:\Program Files (x86)\Launchy\plugins\verby.dll

2014-09-14 02:15 - 2010-04-03 16:05 - 00122880 _____ () C:\Program Files (x86)\Launchy\plugins\weby.dll

2014-09-20 20:35 - 2014-09-20 20:52 - 00122024 _____ () C:\Program Files\Microsoft Office 15\root\Office15\JitV.dll

2014-12-30 22:50 - 2014-12-30 22:50 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\Office15\AppVIsvStream32.dll

2014-09-14 03:29 - 2015-04-16 12:40 - 00776192 _____ () C:\Program Files (x86)\Steam\SDL2.dll

2015-01-24 14:28 - 2015-04-22 21:16 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll

2014-09-14 03:29 - 2015-05-14 20:58 - 02396352 _____ () C:\Program Files (x86)\Steam\video.dll

2015-01-24 14:28 - 2015-04-22 21:16 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll

2015-01-24 14:28 - 2015-04-22 21:16 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll

2014-09-14 03:29 - 2014-12-01 16:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll

2014-09-14 03:29 - 2014-12-01 16:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll

2014-09-14 03:29 - 2014-12-01 16:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll

2014-09-14 03:29 - 2014-12-01 16:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll

2014-09-14 03:29 - 2014-12-01 16:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll

2014-09-14 03:29 - 2015-05-14 20:57 - 00703168 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL

2014-09-14 03:29 - 2015-05-11 14:01 - 36302728 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

2015-05-14 09:29 - 2015-05-11 14:01 - 08958344 _____ () C:\Program Files (x86)\Steam\bin\pdf.dll

2014-12-30 22:50 - 2014-12-30 22:50 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll

2015-02-12 21:49 - 2015-02-12 21:49 - 00526344 ____R () C:\Users\kyled_000\AppData\Roaming\salesforce.com\Salesforce for Outlook\adxloader.dll

2015-05-18 20:57 - 2015-04-14 07:42 - 01032360 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll

2015-05-26 08:18 - 2015-05-22 15:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll

2015-05-26 08:18 - 2015-05-22 15:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll

2015-05-26 08:18 - 2015-05-22 15:22 - 14982472 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\PepperFlash\pepflashplayer.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

AlternateDataStreams: C:\Users\kyled_000\OneDrive:ms-properties

 

==================== Safe Mode (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-1615724195-3356573343-772561760-1001\Control Panel\Desktop\\Wallpaper -> 

DNS Servers: 10.2.200.21 - 10.2.200.22

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"

HKU\S-1-5-21-1615724195-3356573343-772561760-1001\...\StartupApproved\Run: => "Skype"

HKU\S-1-5-21-1615724195-3356573343-772561760-1001\...\StartupApproved\Run: => "USSTR0N5TI2TI0N"

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [{78942242-CB71-4FAE-8D73-77DC4BE489C1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{75055CAB-6AC5-472A-98A1-C476444A16B8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{A08B1E57-4117-4053-A9AF-F01E54D07719}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{C537216C-0488-4494-A7C2-CA9407C8E2DC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{912739FB-28F8-44D9-88AD-CA7D4F6E2703}] => (Allow) X:\SteamLibrary\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe

FirewallRules: [{2B5D4EC0-EFF6-4A10-ADF4-319D9B650089}] => (Allow) X:\SteamLibrary\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe

FirewallRules: [{E5C05F19-6DCA-4193-BF16-4B6A0B956C0F}] => (Allow) X:\SteamLibrary\SteamApps\common\Ace Combat Assault Horizon\Ace Combat_AH.exe

FirewallRules: [{9B1FF480-D65A-4F6D-90E7-8102F14A6D9A}] => (Allow) X:\SteamLibrary\SteamApps\common\Ace Combat Assault Horizon\Ace Combat_AH.exe

FirewallRules: [{7E200720-F003-437C-BEFF-C09B48E72119}] => (Allow) X:\SteamLibrary\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe

FirewallRules: [{58DE4761-F815-4A1C-B394-55D79596070B}] => (Allow) X:\SteamLibrary\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe

FirewallRules: [{6EF0488E-9A3C-4E88-80C5-0CAF65DB1431}] => (Allow) X:\SteamLibrary\SteamApps\common\FEZ\FEZ.exe

FirewallRules: [{99612B04-A5DB-440E-8E51-CFD4B59391F1}] => (Allow) X:\SteamLibrary\SteamApps\common\FEZ\FEZ.exe

FirewallRules: [{852B54DC-79A5-457E-95CA-7F19DA7F8774}] => (Allow) X:\SteamLibrary\SteamApps\common\FEZ\FEZ_LaunchOptions.exe

FirewallRules: [{D4D84DC6-B7D7-4B2A-A4D7-704FB3138250}] => (Allow) X:\SteamLibrary\SteamApps\common\FEZ\FEZ_LaunchOptions.exe

FirewallRules: [{DEFB0A29-C5CB-4C07-B63B-0D2DBCAB9404}] => (Allow) X:\SteamLibrary\SteamApps\common\Portal\hl2.exe

FirewallRules: [{9460F7C1-6E23-47D0-A9BA-B860C644B26D}] => (Allow) X:\SteamLibrary\SteamApps\common\Portal\hl2.exe

FirewallRules: [{F581F0F9-D102-4D64-A175-3D1E3FBC366C}] => (Allow) X:\SteamLibrary\SteamApps\common\FTL Faster Than Light\FTLGame.exe

FirewallRules: [{2F4A3CD4-DBA2-4D6D-AA2A-77FF769B0457}] => (Allow) X:\SteamLibrary\SteamApps\common\FTL Faster Than Light\FTLGame.exe

FirewallRules: [{1CF6A74D-8033-4CB8-8CEE-B2C9671FDEF4}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe

FirewallRules: [{43C0AA75-2C2D-47BD-8598-2883160A52A9}] => (Allow) X:\SteamLibrary\SteamApps\common\Team Fortress 2\hl2.exe

FirewallRules: [{07154223-1918-4FC6-9894-0ABE3A4AAFCE}] => (Allow) X:\SteamLibrary\SteamApps\common\Team Fortress 2\hl2.exe

FirewallRules: [{CE96ED5D-B8DF-4ECA-88AE-51044001BC38}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{44875495-7F33-44EF-84EB-BE186561B87E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{5D7082DD-6617-4B86-954A-A09A88B518DA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{985140B6-B639-4093-9929-8A14AD03D650}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{1FC783C3-7354-4F02-8C5F-057495A1CFCB}] => (Allow) X:\SteamLibrary\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe

FirewallRules: [{FF356184-076B-438E-91EF-8959E323DF76}] => (Allow) X:\SteamLibrary\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe

FirewallRules: [{615D4FD1-3837-4585-9378-4AC864603A81}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe

FirewallRules: [{6E86FF6F-ECB0-4B88-A21B-5B4743127361}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe

FirewallRules: [{995FDF37-272B-456F-B573-27A5373048D5}] => (Allow) C:\Program Files (x86)\Origin Games\Mass Effect 3\Binaries\Win32\MassEffect3.exe

FirewallRules: [{C0B5B38E-9CDB-4F1D-9C49-39427E0FD3DD}] => (Allow) C:\Program Files (x86)\Origin Games\Mass Effect 3\Binaries\Win32\MassEffect3.exe

FirewallRules: [{41433CF5-4423-4032-A548-E9BC5BA2EA3D}] => (Allow) X:\SteamLibrary\SteamApps\common\The Binding Of Isaac\Isaac.exe

FirewallRules: [{A4A34FFA-8246-4EF9-981C-111DC4A4D44A}] => (Allow) X:\SteamLibrary\SteamApps\common\The Binding Of Isaac\Isaac.exe

FirewallRules: [{15924362-A99A-4061-8590-BD7125F9F659}] => (Allow) LPort=8298

FirewallRules: [{FED65F50-8833-4946-B354-87946DDA75A5}] => (Allow) C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [{8FAAC323-5A77-4B0E-A336-074516249216}] => (Allow) C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [{D1B090AD-E918-4CC9-AAFE-7BF2172B57D9}] => (Allow) C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [{E4CA22B5-53B3-47B3-996A-DE431E74DA10}] => (Allow) C:\Users\kyled_000\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [TCP Query User{981B2877-332C-4184-8CF0-0078083A1671}C:\users\kyled_000\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\kyled_000\appdata\local\popcorn time\node-webkit\popcorn time.exe

FirewallRules: [uDP Query User{3AAAF304-FD53-4FE1-ADCB-5CF224589895}C:\users\kyled_000\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\kyled_000\appdata\local\popcorn time\node-webkit\popcorn time.exe

FirewallRules: [{2DF15FCB-2B40-406C-84B8-49E3DE6DD434}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe

FirewallRules: [{E688E708-DEC5-4ABA-8B3F-D43CC8CCD047}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe

FirewallRules: [{DAAE84DF-500F-45D8-8A4B-6273DFD2E56C}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe

FirewallRules: [{3217FC02-0F97-4BD5-9AF4-C5C58F39B57E}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe

FirewallRules: [{8C93650A-8D46-4674-A589-99596E5AB403}] => (Allow) X:\SteamLibrary\SteamApps\common\bittriprunner2\runner2.exe

FirewallRules: [{7230204D-5A26-42B3-AB2B-BA058E721BF0}] => (Allow) X:\SteamLibrary\SteamApps\common\bittriprunner2\runner2.exe

FirewallRules: [TCP Query User{BC4FC918-28E5-46A8-826F-7DD40E0BB112}C:\program files (x86)\slingplayer desktop\slingplayer desktop.exe] => (Allow) C:\program files (x86)\slingplayer desktop\slingplayer desktop.exe

FirewallRules: [uDP Query User{5AD5C138-17A1-45A7-A07F-CB4B7CC22BF2}C:\program files (x86)\slingplayer desktop\slingplayer desktop.exe] => (Allow) C:\program files (x86)\slingplayer desktop\slingplayer desktop.exe

FirewallRules: [{5498BFBF-40B0-4ACE-BE13-9B10CEC7E5AE}] => (Block) C:\program files (x86)\slingplayer desktop\slingplayer desktop.exe

FirewallRules: [{5FB0CB81-D7D4-438E-8219-9A5B72EF687C}] => (Block) C:\program files (x86)\slingplayer desktop\slingplayer desktop.exe

FirewallRules: [{564B2556-6B47-4C74-946A-4265BAAE74C8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [{400452FE-A17D-4A23-A040-955017CA241E}] => (Allow) C:\Program Files\iTunes\iTunes.exe

 

==================== Faulty Device Manager Devices =============

 

Name: SM Bus Controller

Description: SM Bus Controller

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: Ethernet Controller

Description: Ethernet Controller

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: PCI Simple Communications Controller

Description: PCI Simple Communications Controller

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (05/26/2015 10:43:11 AM) (Source: SideBySide) (EventID: 9) (User: )

Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.

The manifest file root element must be assembly.

 

Error: (05/26/2015 10:42:59 AM) (Source: SideBySide) (EventID: 9) (User: )

Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.

The manifest file root element must be assembly.

 

Error: (05/26/2015 09:28:25 AM) (Source: SideBySide) (EventID: 9) (User: )

Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.

The manifest file root element must be assembly.

 

Error: (05/26/2015 09:27:54 AM) (Source: SideBySide) (EventID: 9) (User: )

Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.

The manifest file root element must be assembly.

 

Error: (05/26/2015 08:42:59 AM) (Source: SideBySide) (EventID: 9) (User: )

Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.

The manifest file root element must be assembly.

 

Error: (05/26/2015 08:34:57 AM) (Source: SideBySide) (EventID: 9) (User: )

Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.

The manifest file root element must be assembly.

 

Error: (05/21/2015 08:04:45 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program MSACCESS.EXE version 15.0.4717.1000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 1c2c

 

Start Time: 01d09375f3f980d3

 

Termination Time: 0

 

Application Path: C:\Program Files\Microsoft Office 15\root\office15\MSACCESS.EXE

 

Report Id: ec6931ed-ffb9-11e4-82ab-c7d2a1c0aa42

 

Faulting package full name: 

 

Faulting package-relative application ID:

 

Error: (05/20/2015 00:16:43 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -2143485933

 

Error: (05/20/2015 00:16:43 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )

Description: Office Subscription licensing exception: Error Code: 0x5; CorrelationId: {8DBE96F3-E2F9-4623-8BB5-C869C9472A75}

 

Error: (05/20/2015 00:05:11 PM) (Source: SideBySide) (EventID: 9) (User: )

Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.

The manifest file root element must be assembly.

 

 

System errors:

=============

Error: (05/27/2015 08:13:49 AM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (05/27/2015 08:13:49 AM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (05/27/2015 08:13:49 AM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (05/27/2015 08:13:48 AM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (05/27/2015 08:13:48 AM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (05/26/2015 06:46:02 PM) (Source: DCOM) (EventID: 10010) (User: USSTR0N5TI2TI0N)

Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

 

Error: (05/26/2015 06:46:02 PM) (Source: DCOM) (EventID: 10010) (User: USSTR0N5TI2TI0N)

Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

 

Error: (05/26/2015 06:38:42 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 6:02:08 PM on ‎5/‎26/‎2015 was unexpected.

 

Error: (05/26/2015 06:38:36 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)

Description: 32212256845640700810234296

 

Error: (05/26/2015 08:02:08 AM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 8:45:07 PM on ‎5/‎21/‎2015 was unexpected.

 

 

Microsoft Office:

=========================

Error: (05/26/2015 10:43:11 AM) (Source: SideBySide) (EventID: 9) (User: )

Description: C:\Users\kyled_000\AppData\Roaming\salesforce.com\Salesforce for Outlook\adxloader.dll.ManifestC:\Users\kyled_000\AppData\Roaming\salesforce.com\Salesforce for Outlook\adxloader.dll.Manifest2

 

Error: (05/26/2015 10:42:59 AM) (Source: SideBySide) (EventID: 9) (User: )

Description: C:\Users\kyled_000\AppData\Roaming\salesforce.com\Salesforce for Outlook\adxloader.dll.ManifestC:\Users\kyled_000\AppData\Roaming\salesforce.com\Salesforce for Outlook\adxloader.dll.Manifest2

 

Error: (05/26/2015 09:28:25 AM) (Source: SideBySide) (EventID: 9) (User: )

Description: C:\Users\kyled_000\AppData\Roaming\salesforce.com\Salesforce for Outlook\adxloader.dll.ManifestC:\Users\kyled_000\AppData\Roaming\salesforce.com\Salesforce for Outlook\adxloader.dll.Manifest2

 

Error: (05/26/2015 09:27:54 AM) (Source: SideBySide) (EventID: 9) (User: )

Description: C:\Users\kyled_000\AppData\Roaming\salesforce.com\Salesforce for Outlook\adxloader.dll.ManifestC:\Users\kyled_000\AppData\Roaming\salesforce.com\Salesforce for Outlook\adxloader.dll.Manifest2

 

Error: (05/26/2015 08:42:59 AM) (Source: SideBySide) (EventID: 9) (User: )

Description: C:\Users\kyled_000\AppData\Roaming\salesforce.com\Salesforce for Outlook\adxloader.dll.ManifestC:\Users\kyled_000\AppData\Roaming\salesforce.com\Salesforce for Outlook\adxloader.dll.Manifest2

 

Error: (05/26/2015 08:34:57 AM) (Source: SideBySide) (EventID: 9) (User: )

Description: C:\Users\kyled_000\AppData\Roaming\salesforce.com\Salesforce for Outlook\adxloader.dll.ManifestC:\Users\kyled_000\AppData\Roaming\salesforce.com\Salesforce for Outlook\adxloader.dll.Manifest2

 

Error: (05/21/2015 08:04:45 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: MSACCESS.EXE15.0.4717.10001c2c01d09375f3f980d30C:\Program Files\Microsoft Office 15\root\office15\MSACCESS.EXEec6931ed-ffb9-11e4-82ab-c7d2a1c0aa42

 

Error: (05/20/2015 00:16:43 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -2143485933

 

Error: (05/20/2015 00:16:43 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )

Description: Office Subscription licensing exception: Error Code: 0x5; CorrelationId: {8DBE96F3-E2F9-4623-8BB5-C869C9472A75}

 

Error: (05/20/2015 00:05:11 PM) (Source: SideBySide) (EventID: 9) (User: )

Description: C:\Users\kyled_000\AppData\Roaming\salesforce.com\Salesforce for Outlook\adxloader.dll.ManifestC:\Users\kyled_000\AppData\Roaming\salesforce.com\Salesforce for Outlook\adxloader.dll.Manifest2

 

 

CodeIntegrity Errors:

===================================

  Date: 2015-05-19 10:27:31.797

  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-05-19 10:27:31.756

  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-05-19 10:27:27.442

  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-05-19 10:27:27.400

  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-05-19 10:27:27.285

  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-05-19 10:27:27.243

  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-05-19 10:27:27.128

  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-05-19 10:27:27.086

  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-10-02 19:04:43.792

  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-10-02 19:04:43.668

  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i7-4790 CPU @ 3.60GHz

Percentage of memory in use: 37%

Total physical RAM: 8133.54 MB

Available physical RAM: 5042.93 MB

Total Pagefile: 16325.54 MB

Available Pagefile: 12733.53 MB

Total Virtual: 131072 MB

Available Virtual: 131071.83 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:111.79 GB) (Free:42.11 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive x: (Professor) (Fixed) (Total:931.51 GB) (Free:855.15 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: C8BA435F)

Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C8BA4367)

Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

 

==================== End of log ============================

Link to post
Share on other sites

FRST.gif Fix with Farbar Recovery Scan Tool
 


icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

fixlist.txt

Link to post
Share on other sites

51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware
 
Please re-run 51a46ae42d560-malwarebytes_anti_malware. Malwarebytes' Anti-Malware.

  • First of all, select update.
  • Once updated, click the Settings tab, in the left panel choose Detection & Protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the newest Scan Log.
  • At the bottom click Export and choose Text file.

Save the file to your desktop and upload your next reply.
 


 

FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please upload them into your next reply.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.