Darth_Kittens Posted August 16, 2015 ID:983672 Share Posted August 16, 2015 My Windows 8.1 computer started acting flaky so I ran Malwarebytes (free version) and found a bunch of malware (4400 items). I cleaned all that up but shortly thereafter problems began again. I paid for and activated the full version but I fear the enemy was already inside the gates. Every time I scan I get the same malware showing up (PUP.Winsock.Hijackboot or something like that). I delete it via Malwarebytes but it comes right back. Also I am unable to contact Microsoft services. Logins using Microsoft profiles sometimes don't work and go to a temporary profile and Windows SmartScreen, Family Safety, and System Defender updates don't work. FRST logs below. Link to post Share on other sites More sharing options...
Darth_Kittens Posted August 16, 2015 Author ID:983673 Share Posted August 16, 2015 FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-08-2015Ran by Web (administrator) on JEFFERSON (16-08-2015 13:06:28)Running from C:\Users\Web\DesktopLoaded Profiles: Web (Available Profiles: Web & pauli_000 & mooke_000 & halca_000 & aklyk_000)Platform: Windows 8.1 (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: IE)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe(AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe(Microsoft Corporation) C:\Windows\System32\backgroundTaskHost.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [simplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2793016 2013-09-05] (Hewlett-Packard)HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [154680 2013-09-05] (Hewlett-Packard)HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [154680 2013-09-05] (Hewlett-Packard)HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7205592 2014-06-10] (Realtek Semiconductor)HKLM-x32\...\Run: [intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-02-27] (Intuit Inc. All rights reserved.)HKLM-x32\...\Run: [startCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-11] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /bootHKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\Run: [GoogleChromeAutoLaunch_E2EFA8B57D860A85EE2AA41549A6F263] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-08-07] (Google Inc.)HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22344224 2015-07-29] (Google)HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\Run: [GoogleChromeAutoLaunch_E79404C9801F5F746CB0082314E75BDB] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-08-07] (Google Inc.)HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\Run: [spotify] => C:\Users\Web\AppData\Roaming\Spotify\Spotify.exe [6621752 2014-08-29] (Spotify Ltd)HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\Run: [spotify Web Helper] => C:\Users\Web\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-29] (Spotify Ltd)AppInit_DLLs: C:\ProgramData\FlashBeat\FlashBeat64.dll => C:\ProgramData\FlashBeat\FlashBeat64.dll File not foundAppInit_DLLs-x32: C:\ProgramData\FlashBeat\FlashBeat32.dll => "C:\ProgramData\FlashBeat\FlashBeat32.dll" File not foundStartup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2014-06-08]ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2014-06-08]ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2014-06-08]ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.)ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)GroupPolicy: Group Policy on Chrome detected <======= ATTENTIONCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1HKU\S-1-5-21-2744511804-60897879-1795108344-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1HKU\S-1-5-21-2744511804-60897879-1795108344-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1SearchScopes: HKLM -> {AFD9007D-B1D0-490C-975A-78475FE8F8DE} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}SearchScopes: HKLM-x32 -> {AFD9007D-B1D0-490C-975A-78475FE8F8DE} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}SearchScopes: HKU\S-1-5-21-2744511804-60897879-1795108344-1001 -> {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = SearchScopes: HKU\S-1-5-21-2744511804-60897879-1795108344-1001 -> {AFD9007D-B1D0-490C-975A-78475FE8F8DE} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKU\S-1-5-21-2744511804-60897879-1795108344-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-08-16] (Oracle Corporation)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-16] (Oracle Corporation)BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cabHandler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll [2014-12-10] (Intuit, Inc.)Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\windows\SysWOW64\mscoree.dll [2013-08-21] (Microsoft Corporation)Winsock: Catalog9-x64 01 C:\windows\system32\WeWatcherLSP64.dll File Not ' & $found1 & 'Winsock: Catalog9-x64 02 C:\windows\system32\WeWatcherLSP64.dll File Not ' & $found1 & 'Winsock: Catalog9-x64 03 C:\windows\system32\WeWatcherLSP64.dll File Not ' & $found1 & 'Winsock: Catalog9-x64 04 C:\windows\system32\WeWatcherLSP64.dll File Not ' & $found1 & 'Winsock: Catalog9-x64 05 C:\windows\system32\Uiviuuj64.dll File Not ' & $found1 & 'Winsock: Catalog9-x64 06 C:\windows\system32\Uiviuuj64.dll File Not ' & $found1 & 'Winsock: Catalog9-x64 07 C:\windows\system32\Uiviuuj64.dll File Not ' & $found1 & 'Winsock: Catalog9-x64 08 C:\windows\system32\Uiviuuj64.dll File Not ' & $found1 & 'Winsock: Catalog9-x64 19 C:\windows\system32\Uiviuuj64.dll File Not ' & $found1 & 'Winsock: Catalog9-x64 20 C:\windows\system32\WeWatcherLSP64.dll File Not ' & $found1 & 'Tcpip\Parameters: [DhcpNameServer] 192.168.1.254Tcpip\..\Interfaces\{A3F2874C-718F-4260-98B6-DBD6F96607DF}: [DhcpNameServer] 192.168.1.254Tcpip\..\Interfaces\{AE402C42-EB0A-4278-A550-50AC5749342A}: [DhcpNameServer] 192.168.1.254 FireFox:========FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-16] (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-16] (Oracle Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) Chrome: =======CHR Profile: C:\Users\Web\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Docs) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-07]CHR Extension: (Google Drive) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-07]CHR Extension: (YouTube) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-07]CHR Extension: (Google Cast) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-01-01]CHR Extension: (Google Search) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-07]CHR Extension: (User-Agent Switcher for Chrome) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2014-06-07]CHR Extension: (Google News) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2014-06-07]CHR Extension: (Google+) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2014-06-07]CHR Extension: (Google Play Music) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2014-08-02]CHR Extension: (Google +1 Button) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp [2014-06-07]CHR Extension: (Google Voice (by Google)) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2014-06-07]CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-12]CHR Extension: (Boomerang for Gmail) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2014-06-07]CHR Extension: (Chrome Web Store Payments) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-07]CHR Extension: (Gmail) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-07]CHR HKU\S-1-5-21-2744511804-60897879-1795108344-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 0302601401919830mcinstcleanup; C:\windows\TEMP\030260~1.EXE [836168 2014-03-13] (McAfee, Inc.)S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-09-05] () [File not signed]R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-05] (Softex Inc.) [File not signed]S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2007048 2015-07-28] (Electronic Arts)R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-12-10] (Intuit) [File not signed]S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2013-10-10] (Intuit Inc.) [File not signed]R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-10-10] (Intuit Inc.) [File not signed]R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2014-06-10] (Realtek Semiconductor)S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-24] (Microsoft Corporation)R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)S3 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]S4 McMPFSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.)S3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-06-10] (Advanced Micro Devices)R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-16] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]S1 gaeymoun; \??\C:\windows\system32\drivers\gaeymoun.sys [X]S1 gilobxrb; \??\C:\windows\system32\drivers\gilobxrb.sys [X]S1 ktoqvcqe; \??\C:\windows\system32\drivers\ktoqvcqe.sys [X]S1 rixyksrm; \??\C:\windows\system32\drivers\rixyksrm.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-16 13:06 - 2015-08-16 13:06 - 00021298 _____ C:\Users\Web\Desktop\FRST.txt2015-08-16 13:05 - 2015-08-16 13:05 - 02173440 _____ (Farbar) C:\Users\Web\Desktop\FRST64.exe2015-08-16 12:52 - 2015-08-16 13:06 - 00000000 ____D C:\FRST2015-08-16 12:44 - 2015-08-16 12:44 - 00000000 ____D C:\ProgramData\Sun2015-08-16 12:44 - 2015-08-16 12:43 - 00110688 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll2015-08-16 12:43 - 2015-08-16 12:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2015-08-16 12:42 - 2015-08-16 12:42 - 00000000 ____D C:\ProgramData\Oracle2015-08-16 12:42 - 2015-08-16 12:42 - 00000000 ____D C:\Program Files\Java2015-08-16 12:35 - 2015-08-16 12:35 - 00000272 ____H C:\windows\Tasks\User_Feed_Synchronization-{C5F881FB-A495-42CB-A304-59516024C554}.job2015-08-16 12:33 - 2015-08-16 12:33 - 00000272 ____H C:\windows\Tasks\User_Feed_Synchronization-{04B9E90F-251F-4172-81A6-1ACCE334504E}.job2015-08-15 10:30 - 2015-08-15 11:28 - 00000000 ____D C:\Users\Web\AppData\Local\BrowserHelper2015-08-15 10:26 - 2015-08-15 10:26 - 00000272 ____H C:\windows\Tasks\User_Feed_Synchronization-{97BF5AF6-D346-4412-B19A-879C9F6FBBA8}.job2015-08-15 10:19 - 2015-08-15 10:19 - 694094341 _____ C:\windows\MEMORY.DMP2015-08-15 10:19 - 2015-08-15 10:19 - 00281296 _____ C:\windows\Minidump\081515-39234-01.dmp2015-08-15 10:19 - 2015-08-15 10:19 - 00000000 ____D C:\windows\Minidump2015-08-15 10:13 - 2015-08-15 11:28 - 00000000 ____D C:\Users\mooke_000\AppData\Local\BrowserHelper2015-08-15 10:13 - 2015-08-15 11:27 - 00000000 ____D C:\Program Files (x86)\0fbddb10-1b8a-43a6-825a-a4822c5d4b342015-08-15 10:13 - 2015-08-15 10:13 - 00000280 _____ C:\windows\Tasks\Launch 5906.job2015-08-15 10:12 - 2015-08-15 10:12 - 00001968 _____ C:\Users\pauli_000\Desktop\YTDownloader.lnk2015-08-15 10:12 - 2015-08-15 10:12 - 00000000 ____D C:\Users\pauli_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader2015-08-15 10:10 - 2015-08-15 10:10 - 00000000 ____D C:\Users\pauli_000\AppData\Local\CrashRpt2015-08-15 10:10 - 2015-08-15 10:10 - 00000000 _____ C:\windows\SysWOW64\Number of results2015-08-15 08:40 - 2015-08-15 10:21 - 00000010 _____ C:\Users\Public\Documents\test.txt2015-08-15 05:32 - 2015-08-15 05:32 - 00942955 _____ C:\Users\pauli_000\Downloads\Setup (3).zip2015-08-15 03:47 - 2015-08-15 03:47 - 00555288 _____ C:\Users\pauli_000\Downloads\Unconfirmed 588830.crdownload2015-08-15 03:11 - 2015-08-15 03:11 - 00943043 _____ C:\Users\pauli_000\Downloads\Setup (2).zip2015-08-15 03:11 - 2015-08-15 03:11 - 00446708 _____ C:\Users\pauli_000\Downloads\Setup (1).zip2015-08-15 02:02 - 2015-08-15 02:02 - 00555288 _____ C:\Users\pauli_000\Downloads\Unconfirmed 126890.crdownload2015-08-14 23:16 - 2015-08-14 23:17 - 00513920 _____ C:\Users\pauli_000\Downloads\Unconfirmed 693194.crdownload2015-08-14 22:15 - 2015-08-14 22:15 - 00340180 _____ C:\Users\pauli_000\Downloads\setup.zip2015-08-14 09:35 - 2015-08-14 09:35 - 00001055 _____ C:\Users\Web\Desktop\malwarebytes_20150814.txt2015-08-14 08:14 - 2015-08-14 08:14 - 00000000 ____D C:\Users\Web\AppData\Local\Games Bot2015-08-14 08:12 - 2015-08-14 08:12 - 00000258 __RSH C:\ProgramData\ntuser.pol2015-08-14 08:12 - 2015-08-14 08:12 - 00000033 _____ C:\CLMediaServer.ini2015-08-14 08:12 - 2015-08-14 08:12 - 00000000 ____D C:\Users\mooke_000\AppData\Local\Games Bot2015-08-14 07:42 - 2015-08-14 07:42 - 00000000 ____D C:\Users\pauli_000\AppData\Local\Torch2015-08-14 07:22 - 2015-08-14 07:22 - 00001152 _____ C:\Users\pauli_000\Desktop\Continue Live Installation.lnk2015-08-14 06:55 - 2015-08-14 07:50 - 00000000 ____D C:\Users\pauli_000\AppData\Local\125862015-08-14 06:46 - 2015-08-15 11:28 - 00000000 ____D C:\ProgramData\{8a7ebbef-ee3a-aeaf-8a7e-ebbefee3efbf}2015-08-14 06:45 - 2015-08-15 11:29 - 00000000 ____D C:\Users\pauli_000\Documents\DailyPCClean2015-08-14 06:45 - 2015-08-15 11:29 - 00000000 ____D C:\Program Files (x86)\ServiceUpdater2015-08-14 06:45 - 2015-08-14 08:11 - 00000000 ____D C:\Program Files (x86)\DailyPCClean2015-08-14 06:45 - 2015-08-14 07:59 - 00000000 _____ C:\end2015-08-14 06:45 - 2015-08-14 07:58 - 00000000 ____D C:\Program Files (x86)\DailyPcClean Support2015-08-14 06:45 - 2015-08-14 07:14 - 00003256 _____ C:\windows\System32\Tasks\DailyPCClean Schedule2015-08-14 06:45 - 2015-08-14 06:45 - 00003258 _____ C:\windows\System32\Tasks\runTask2015-08-14 06:45 - 2015-08-14 06:45 - 00003162 _____ C:\windows\System32\Tasks\updateTask2015-08-14 06:45 - 2015-08-14 06:45 - 00000217 _____ C:\task.vbs2015-08-14 06:44 - 2015-08-15 11:28 - 00000000 ____D C:\Program Files (x86)\adlevel2015-08-14 06:44 - 2015-08-14 06:44 - 00154826 _____ C:\Program Files (x86)\uninstaller.exe2015-08-14 06:44 - 2015-08-14 06:44 - 00000000 ____D C:\Users\pauli_000\AppData\Roaming\Mozilla2015-08-14 06:44 - 2015-08-14 06:44 - 00000000 ____D C:\Users\pauli_000\AppData\Roaming\Compete2015-08-14 06:44 - 2015-08-14 06:44 - 00000000 ____D C:\Program Files (x86)\TechVedic2015-08-14 06:43 - 2015-08-15 11:29 - 00000000 ____D C:\Program Files (x86)\Games Bot2015-08-14 06:43 - 2015-08-14 06:45 - 00000000 ____D C:\Users\pauli_000\AppData\Local\Games Bot2015-08-14 06:43 - 2015-08-14 06:43 - 00000000 ____D C:\windows\system32\upo2015-08-14 06:43 - 2015-08-14 06:43 - 00000000 ____D C:\Users\pauli_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games Bot2015-08-14 06:42 - 2015-08-15 11:28 - 00000000 ____D C:\Users\pauli_000\AppData\Local\SmartWeb2015-08-14 06:42 - 2015-08-15 11:28 - 00000000 ____D C:\Program Files (x86)\6cfea78c-9c9c-4604-995a-762bb7100ee62015-08-14 06:42 - 2015-08-14 08:12 - 00001056 _____ C:\windows\Tasks\zcS3EdYjY9p5nRKgHUxt47hB.job2015-08-14 06:42 - 2015-08-14 06:43 - 00004074 _____ C:\windows\System32\Tasks\zcS3EdYjY9p5nRKgHUxt47hB2015-08-14 06:42 - 2015-08-14 06:42 - 00000045 _____ C:\user.js2015-08-14 06:41 - 2015-08-15 21:37 - 00000000 ____D C:\Program Files (x86)\globalUpdate2015-08-14 06:41 - 2015-08-14 07:41 - 00000004 _____ C:\windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E72015-08-14 06:41 - 2015-08-14 06:41 - 00000000 ____D C:\Users\pauli_000\AppData\Local\globalUpdate2015-08-14 06:40 - 2015-08-15 11:29 - 00000000 ____D C:\ProgramData\Service12912015-08-14 06:40 - 2015-08-15 11:28 - 00000000 ____D C:\Users\pauli_000\AppData\Local\A2D4B635-D1D1-4A62-A97D-A44A47B89802015-08-14 06:40 - 2015-08-14 06:45 - 00000370 ____H C:\windows\Tasks\OKJQVJWHKAAQRNFR.job2015-08-14 06:40 - 2015-08-14 06:40 - 00004312 _____ C:\windows\System32\Tasks\A2D4B635-D1D1-4A62-A97D-A44A47B89802015-08-14 06:40 - 2015-08-14 06:40 - 00003386 _____ C:\windows\System32\Tasks\OKJQVJWHKAAQRNFR2015-08-14 06:40 - 2015-08-14 06:40 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e2015-08-13 20:32 - 2015-08-15 11:28 - 00000000 ____D C:\Users\pauli_000\AppData\Local\A6C6C989-1439497946-BC3E-14FC-D623B3EBFD982015-08-13 20:32 - 2013-08-22 08:25 - 00000824 _____ C:\windows\system32\Drivers\etc\hp.bak2015-08-13 20:31 - 2015-08-15 11:45 - 00000000 ____D C:\Program Files (x86)\A6C6C989-1439515876-BC3E-14FC-D623B3EBFD982015-08-13 20:30 - 2015-08-13 20:30 - 00001335 _____ C:\Users\mooke_000\AppData\Local\Chrome .lnk2015-08-13 20:30 - 2015-08-13 20:30 - 00000298 _____ C:\Users\mooke_000\AppData\Local\Firefox .lnk2015-08-13 20:29 - 2015-08-15 11:28 - 00000000 ____D C:\Program Files (x86)\Iminent2015-08-13 20:29 - 2015-08-14 09:31 - 00001365 _____ C:\Users\mooke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome .lnk2015-08-13 20:29 - 2015-08-13 20:29 - 00001008 _____ C:\Users\mooke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Iexplore .lnk2015-08-13 20:29 - 2015-08-13 20:29 - 00000984 _____ C:\Users\mooke_000\AppData\Local\Iexplore .lnk2015-08-13 20:29 - 2015-08-13 20:29 - 00000298 _____ C:\Users\mooke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefox .lnk2015-08-13 20:28 - 2015-08-15 11:28 - 00000000 ____D C:\ProgramData\SearchModule2015-08-13 20:28 - 2015-08-13 20:28 - 00003852 _____ C:\windows\System32\Tasks\Smp2015-08-13 20:28 - 2015-08-13 20:28 - 00000000 ____D C:\Program Files (x86)\app_setup2015-08-13 20:28 - 2015-08-13 20:28 - 00000000 _____ C:\windows\SysWOW64\minibrowser.log2015-08-13 20:27 - 2015-08-13 20:27 - 00000000 ____D C:\Users\pauli_000\AppData\Roaming\WTools2015-08-13 20:26 - 2015-08-15 21:37 - 00000000 ____D C:\Users\pauli_000\AppData\Roaming\Store2015-08-13 20:26 - 2015-08-15 11:28 - 00000000 ____D C:\Users\pauli_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bubble Dock2015-08-13 20:21 - 2015-08-14 07:58 - 00000000 ____D C:\Program Files (x86)\DnsIo2015-08-13 20:21 - 2015-08-13 20:21 - 00001249 _____ C:\Users\pauli_000\Desktop\Continue installation .lnk2015-08-13 19:05 - 2015-08-13 19:05 - 00000000 ____D C:\Users\mooke_000\Downloads\Trove Hack Tool Downloader__3687_i1580706326.exe2015-08-13 19:01 - 2015-08-13 19:01 - 00540750 _____ C:\Users\mooke_000\Downloads\Trove Hack Tool Downloader__3687_i1580706326.exe.rar2015-08-13 03:44 - 2015-07-30 09:04 - 00124624 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll2015-08-13 03:44 - 2015-07-30 08:48 - 00103120 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll2015-08-12 20:35 - 2015-08-12 20:36 - 00000000 ____D C:\Users\mooke_000\AppData\Roaming\Trove2015-08-12 19:58 - 2015-08-12 19:58 - 00000222 _____ C:\Users\mooke_000\Desktop\Trove.url2015-08-12 19:14 - 2015-08-12 19:14 - 00000000 ____D C:\Users\mooke_000\AppData\Roaming\com.freakinware.mitosis2015-08-12 19:05 - 2015-08-12 19:05 - 00000222 _____ C:\Users\mooke_000\Desktop\Mitos.is The Game.url2015-08-12 18:42 - 2015-08-12 18:42 - 00000222 _____ C:\Users\mooke_000\Desktop\Spooky's House of Jump Scares.url2015-08-12 16:05 - 2015-08-12 16:05 - 00000222 _____ C:\Users\mooke_000\Desktop\Time Clickers.url2015-08-12 04:06 - 2015-07-28 18:24 - 00025776 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe2015-08-12 04:06 - 2015-07-28 09:24 - 01148416 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll2015-08-12 04:06 - 2015-07-28 09:24 - 01116160 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll2015-08-12 04:06 - 2015-07-28 09:24 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll2015-08-12 04:06 - 2015-07-28 09:24 - 00743424 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll2015-08-12 04:06 - 2015-07-28 09:24 - 00437248 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll2015-08-12 04:06 - 2015-07-28 09:24 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll2015-08-12 04:06 - 2015-07-18 20:58 - 00136904 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe2015-08-12 04:06 - 2015-07-18 13:51 - 03704320 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll2015-08-12 04:06 - 2015-07-18 13:31 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll2015-08-12 04:06 - 2015-07-18 13:31 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll2015-08-12 04:06 - 2015-07-18 13:31 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe2015-08-12 04:06 - 2015-07-18 13:29 - 00409088 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll2015-08-12 04:06 - 2015-07-18 13:29 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll2015-08-12 04:06 - 2015-07-18 13:28 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll2015-08-12 04:06 - 2015-07-18 13:12 - 02228736 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll2015-08-12 04:06 - 2015-07-18 13:10 - 00891904 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll2015-08-12 04:06 - 2015-07-18 13:09 - 00721920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll2015-08-12 04:06 - 2015-07-15 19:29 - 07458648 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe2015-08-12 04:06 - 2015-07-15 19:29 - 01735000 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll2015-08-12 04:06 - 2015-07-15 19:29 - 00101720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys2015-08-12 04:06 - 2015-07-15 19:28 - 01499920 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll2015-08-12 04:06 - 2015-07-10 12:54 - 01217024 _____ (Microsoft Corporation) C:\windows\system32\sysmain.dll2015-08-12 04:06 - 2015-07-01 17:19 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll2015-08-12 04:06 - 2015-07-01 17:16 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll2015-08-12 04:06 - 2015-07-01 16:37 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll2015-08-12 04:06 - 2015-07-01 16:35 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll2015-08-12 04:05 - 2015-07-18 13:29 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe2015-08-12 04:05 - 2015-06-09 13:27 - 00411133 _____ C:\windows\system32\ApnDatabase.xml2015-08-12 04:04 - 2015-07-16 16:14 - 25192448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll2015-08-12 04:04 - 2015-07-16 15:36 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll2015-08-12 04:04 - 2015-07-16 15:36 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec2015-08-12 04:04 - 2015-07-16 15:35 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll2015-08-12 04:04 - 2015-07-16 15:26 - 05923328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll2015-08-12 04:04 - 2015-07-16 15:23 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll2015-08-12 04:04 - 2015-07-16 15:21 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll2015-08-12 04:04 - 2015-07-16 15:20 - 19870208 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll2015-08-12 04:04 - 2015-07-16 14:53 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll2015-08-12 04:04 - 2015-07-16 14:51 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll2015-08-12 04:04 - 2015-07-16 14:50 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec2015-08-12 04:04 - 2015-07-16 14:45 - 02279424 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll2015-08-12 04:04 - 2015-07-16 14:45 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll2015-08-12 04:04 - 2015-07-16 14:41 - 00479232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll2015-08-12 04:04 - 2015-07-16 14:39 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll2015-08-12 04:04 - 2015-07-16 14:38 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll2015-08-12 04:04 - 2015-07-16 14:36 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll2015-08-12 04:04 - 2015-07-16 14:34 - 14451200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll2015-08-12 04:04 - 2015-07-16 14:32 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl2015-08-12 04:04 - 2015-07-16 14:14 - 02880000 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll2015-08-12 04:04 - 2015-07-16 14:13 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll2015-08-12 04:04 - 2015-07-16 14:12 - 04520448 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll2015-08-12 04:04 - 2015-07-16 14:12 - 02427904 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll2015-08-12 04:04 - 2015-07-16 14:10 - 12856832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll2015-08-12 04:04 - 2015-07-16 14:06 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll2015-08-12 04:04 - 2015-07-16 14:01 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll2015-08-12 04:04 - 2015-07-16 13:52 - 01048576 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll2015-08-12 04:04 - 2015-07-16 13:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll2015-08-12 04:04 - 2015-07-16 13:42 - 01951232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll2015-08-12 04:04 - 2015-07-16 13:38 - 01310720 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll2015-08-12 04:04 - 2015-07-16 13:37 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll2015-08-12 04:03 - 2015-07-07 04:40 - 00270168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys2015-08-12 04:03 - 2015-07-07 04:40 - 00114520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdNisDrv.sys2015-08-12 04:03 - 2015-07-07 04:40 - 00044560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys2015-08-12 04:03 - 2015-06-12 12:03 - 18823680 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll2015-08-12 04:03 - 2015-06-12 11:36 - 15159296 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll2015-08-12 04:01 - 2015-07-29 09:37 - 01994752 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll2015-08-12 04:01 - 2015-07-29 09:30 - 01381888 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll2015-08-12 04:01 - 2015-07-29 09:23 - 01559552 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll2015-08-12 04:01 - 2015-07-24 13:57 - 04177408 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys2015-08-12 04:01 - 2015-07-24 13:57 - 00358912 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll2015-08-12 04:01 - 2015-07-24 13:52 - 00044032 _____ (Adobe Systems) C:\windows\system32\atmlib.dll2015-08-12 04:01 - 2015-07-24 12:27 - 00301568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll2015-08-12 04:01 - 2015-07-24 12:23 - 00035840 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll2015-08-12 04:01 - 2015-07-14 16:59 - 01113944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys2015-08-12 04:01 - 2015-07-14 16:59 - 00487256 _____ (Microsoft Corporation) C:\windows\system32\netcfgx.dll2015-08-12 04:01 - 2015-07-14 16:59 - 00393560 _____ (Microsoft Corporation) C:\windows\SysWOW64\netcfgx.dll2015-08-12 04:01 - 2015-07-13 22:22 - 02529880 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll2015-08-12 04:01 - 2015-07-13 22:21 - 01901776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll2015-08-12 04:01 - 2015-07-13 14:46 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll2015-08-12 04:01 - 2015-07-13 14:45 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\basesrv.dll2015-08-12 04:01 - 2015-07-10 13:19 - 01101824 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll2015-08-12 04:01 - 2015-07-10 12:42 - 02345472 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll2015-08-12 04:01 - 2015-07-10 12:14 - 00856064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll2015-08-12 04:01 - 2015-07-10 12:13 - 07032320 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll2015-08-12 04:01 - 2015-07-10 11:47 - 01556992 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll2015-08-12 04:01 - 2015-07-10 11:31 - 06213120 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll2015-08-12 04:01 - 2015-07-09 12:13 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\notepad.exe2015-08-12 04:01 - 2015-07-09 12:13 - 00221184 _____ (Microsoft Corporation) C:\windows\notepad.exe2015-08-12 04:01 - 2015-07-09 11:30 - 00212992 _____ (Microsoft Corporation) C:\windows\SysWOW64\notepad.exe2015-08-12 04:01 - 2015-06-11 15:12 - 02476376 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys2015-08-12 04:01 - 2015-06-11 15:12 - 00428888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS2015-08-12 04:01 - 2015-05-11 19:24 - 00536920 _____ (Microsoft Corporation) C:\windows\system32\mcupdate_GenuineIntel.dll2015-08-09 14:43 - 2015-08-09 14:43 - 00000742 _____ C:\Users\mooke_000\Documents\Desktop - Shortcut.lnk2015-08-09 13:45 - 2015-08-07 07:59 - 03930112 _____ (ProjectPokémon) C:\Users\mooke_000\Desktop\PKHeX.exe2015-08-09 13:42 - 2015-08-09 13:43 - 01982114 _____ C:\Users\mooke_000\Downloads\PKHeX (08-08-15).zip2015-07-29 11:07 - 2015-07-29 11:07 - 00000000 ____D C:\Users\mooke_000\Downloads\powersaves3ds-software-1292015-07-29 11:07 - 2015-07-27 12:30 - 04065363 _____ (Datel Design & Development ) C:\Users\mooke_000\Desktop\powersaves_setup_v1.29.exe2015-07-29 11:04 - 2015-07-29 11:04 - 04034094 _____ C:\Users\mooke_000\Downloads\powersaves3ds-software-129.zip2015-07-26 20:29 - 2015-07-26 20:29 - 00986311 _____ C:\Users\mooke_000\Downloads\RebirthCCLauncher.zip2015-07-24 16:52 - 2015-07-24 16:52 - 00969584 _____ (ROBLOX Corporation) C:\Users\mooke_000\Downloads\RobloxPlayerLauncher (1).exe2015-07-22 18:46 - 2015-07-22 18:46 - 00000000 ____D C:\Users\mooke_000\AppData\Local\CEF2015-07-20 16:58 - 2015-07-20 17:00 - 115236013 _____ C:\Users\mooke_000\Downloads\JSTR_Universal_1.7.x.zip ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-16 13:04 - 2014-06-04 17:07 - 01425902 _____ C:\windows\WindowsUpdate.log2015-08-16 13:03 - 2014-06-04 17:14 - 00000000 __RDO C:\Users\Web\SkyDrive2015-08-16 13:02 - 2014-10-10 14:19 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2015-08-16 13:02 - 2013-08-22 09:45 - 00000006 ____H C:\windows\Tasks\SA.DAT2015-08-16 13:01 - 2013-08-24 16:32 - 00296706 _____ C:\windows\PFRO.log2015-08-16 13:01 - 2013-08-22 09:46 - 00026440 _____ C:\windows\setupact.log2015-08-16 13:01 - 2013-08-22 08:25 - 01048576 ___SH C:\windows\system32\config\BBI2015-08-16 13:00 - 2013-08-22 10:36 - 00000000 ____D C:\windows\system32\sru2015-08-16 12:40 - 2013-08-22 10:36 - 00000000 ____D C:\windows\AppReadiness2015-08-16 12:35 - 2014-06-29 07:08 - 00000000 ____D C:\EDS2015-08-16 12:18 - 2014-06-27 15:25 - 00000000 ____D C:\Program Files (x86)\Steam2015-08-16 12:02 - 2014-12-29 17:02 - 00000000 ____D C:\Users\mooke_000\AppData\Roaming\Skype2015-08-16 10:00 - 2014-06-05 17:19 - 00000000 __RDO C:\Users\mooke_000\SkyDrive2015-08-16 09:07 - 2015-03-05 16:27 - 00000000 ____D C:\ProgramData\Origin2015-08-16 07:04 - 2014-06-05 17:30 - 00000000 ____D C:\Users\mooke_000\AppData\Roaming\.minecraft2015-08-15 21:39 - 2014-09-01 08:44 - 00000000 ___RD C:\Users\pauli_000\Google Drive2015-08-15 21:38 - 2014-06-04 21:41 - 00000000 __RDO C:\Users\pauli_000\SkyDrive2015-08-15 15:20 - 2013-08-24 16:38 - 00891920 _____ C:\windows\system32\PerfStringBackup.INI2015-08-15 15:05 - 2014-05-29 19:42 - 00065536 _____ C:\windows\system32\spu_storage.bin2015-08-15 11:29 - 2013-08-22 08:25 - 00000301 _____ C:\windows\win.ini2015-08-15 11:27 - 2015-04-10 19:27 - 00000000 ____D C:\Program Files (x86)\3602015-08-15 11:27 - 2013-08-22 10:36 - 00000000 ____D C:\windows\SysWOW64\GroupPolicy2015-08-15 10:27 - 2014-06-05 17:04 - 00000000 ____D C:\Users\mooke_0002015-08-15 10:25 - 2014-11-15 16:50 - 00000000 __SHD C:\Users\Web\AppData\Local\EmieBrowserModeList2015-08-15 10:25 - 2014-06-11 19:43 - 00000000 __SHD C:\Users\Web\AppData\Local\EmieUserList2015-08-15 10:25 - 2014-06-11 19:43 - 00000000 __SHD C:\Users\Web\AppData\Local\EmieSiteList2015-08-15 10:22 - 2014-06-04 18:06 - 00000000 ____D C:\Users\pauli_0002015-08-15 10:20 - 2014-06-05 17:57 - 00002348 _____ C:\Users\Public\Desktop\Google Chrome.lnk2015-08-15 10:12 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Common Files\System2015-08-14 09:30 - 2015-01-31 12:08 - 00035328 ___SH C:\Users\mooke_000\Desktop\Thumbs.db2015-08-14 08:11 - 2013-08-22 09:45 - 00000000 ____D C:\windows\Setup2015-08-14 08:08 - 2014-06-04 21:45 - 00003594 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2744511804-60897879-1795108344-10042015-08-14 07:14 - 2014-06-05 17:36 - 00000926 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job2015-08-14 07:00 - 2014-10-10 14:19 - 00001121 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-08-14 07:00 - 2014-10-10 14:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-08-14 07:00 - 2014-10-10 14:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware2015-08-14 06:50 - 2015-03-05 19:35 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk2015-08-14 06:43 - 2015-03-11 12:13 - 00657920 _____ (Microsoft Corporation) C:\windows\system32\dnsapi.dll2015-08-14 06:43 - 2015-03-11 12:12 - 00498688 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnsapi.dll2015-08-14 06:42 - 2014-06-04 18:06 - 00003946 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{CCDD9EF7-4E0A-476E-96E0-B7B28717D32C}2015-08-14 06:37 - 2015-06-28 18:12 - 00000998 _____ C:\Users\Public\Desktop\Minecraft.lnk2015-08-14 06:37 - 2015-04-12 19:54 - 00000605 _____ C:\Users\Public\Desktop\Fraps.lnk2015-08-14 06:37 - 2015-04-10 19:06 - 00001122 _____ C:\Users\pauli_000\Desktop\Cheat Engine.lnk2015-08-14 06:37 - 2015-03-08 16:36 - 00000955 _____ C:\Users\mooke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mine-imator.lnk2015-08-14 06:37 - 2015-03-05 21:17 - 00001368 _____ C:\Users\Public\Desktop\PVZ Garden Warfare.lnk2015-08-14 06:37 - 2015-03-05 19:35 - 00002064 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk2015-08-14 06:37 - 2015-03-05 16:27 - 00001016 _____ C:\Users\Public\Desktop\Origin.lnk2015-08-14 06:37 - 2015-01-31 12:08 - 00001255 _____ C:\Users\mooke_000\Desktop\TechnicLauncher - Shortcut.lnk2015-08-14 06:37 - 2015-01-19 08:48 - 00001521 _____ C:\Users\pauli_000\Desktop\ROBLOX Player.lnk2015-08-14 06:37 - 2015-01-19 08:48 - 00001336 _____ C:\Users\pauli_000\Desktop\ROBLOX Studio.lnk2015-08-14 06:37 - 2014-12-24 15:50 - 00001521 _____ C:\Users\mooke_000\Desktop\ROBLOX Player.lnk2015-08-14 06:37 - 2014-12-24 15:49 - 00001336 _____ C:\Users\mooke_000\Desktop\ROBLOX Studio.lnk2015-08-14 06:37 - 2014-12-22 11:32 - 00002731 _____ C:\Users\Public\Desktop\Skype.lnk2015-08-14 06:37 - 2014-09-01 08:44 - 00001848 _____ C:\Users\pauli_000\Desktop\Google Drive.lnk2015-08-14 06:37 - 2014-08-29 21:16 - 00001962 _____ C:\Users\Web\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk2015-08-14 06:37 - 2014-08-29 21:16 - 00001956 _____ C:\Users\Web\Desktop\Spotify.lnk2015-08-14 06:37 - 2014-08-22 14:58 - 00001355 _____ C:\Users\halca_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk2015-08-14 06:37 - 2014-08-02 10:19 - 00001163 _____ C:\Users\Public\Desktop\iRepo.lnk2015-08-14 06:37 - 2014-08-02 10:03 - 00003145 _____ C:\Users\Public\Desktop\Music Rescue.lnk2015-08-14 06:37 - 2014-08-02 09:53 - 00003069 _____ C:\Users\Web\Desktop\TouchCopy 12.lnk2015-08-14 06:37 - 2014-08-02 09:48 - 00001044 _____ C:\Users\Public\Desktop\Sharepod.lnk2015-08-14 06:37 - 2014-06-27 15:25 - 00001000 _____ C:\Users\Public\Desktop\Steam.lnk2015-08-14 06:37 - 2014-06-18 09:09 - 00001820 _____ C:\Users\Public\Desktop\iTunes.lnk2015-08-14 06:37 - 2014-06-13 18:14 - 00002258 _____ C:\Users\pauli_000\Desktop\HP Support Assistant.lnk2015-08-14 06:37 - 2014-06-11 19:44 - 00002655 _____ C:\Users\Web\Desktop\Microsoft Office Word 2007.lnk2015-08-14 06:37 - 2014-06-11 19:44 - 00002655 _____ C:\Users\Web\Desktop\Microsoft Office Excel 2007.lnk2015-08-14 06:37 - 2014-06-11 16:14 - 00002655 _____ C:\Users\pauli_000\Desktop\Microsoft Office Word 2007.lnk2015-08-14 06:37 - 2014-06-11 16:14 - 00002655 _____ C:\Users\pauli_000\Desktop\Microsoft Office Excel 2007.lnk2015-08-14 06:37 - 2014-06-08 15:49 - 00002152 _____ C:\Users\Public\Desktop\QuickBooks Pro 2014.lnk2015-08-14 06:37 - 2014-06-07 18:55 - 00001842 _____ C:\Users\Web\Desktop\Google Drive.lnk2015-08-14 06:37 - 2014-06-07 14:44 - 00002083 _____ C:\Users\Public\Desktop\Google Slides.lnk2015-08-14 06:37 - 2014-06-07 14:44 - 00002081 _____ C:\Users\Public\Desktop\Google Sheets.lnk2015-08-14 06:37 - 2014-06-07 14:44 - 00002071 _____ C:\Users\Public\Desktop\Google Docs.lnk2015-08-14 06:37 - 2014-06-05 17:36 - 00000922 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job2015-08-14 06:37 - 2014-06-05 17:29 - 00001077 _____ C:\Users\mooke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft.lnk2015-08-14 06:37 - 2014-06-04 21:53 - 00001819 _____ C:\Users\Public\Desktop\Vuze.lnk2015-08-14 06:37 - 2014-06-04 18:06 - 00001443 _____ C:\Users\pauli_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2015-08-14 06:37 - 2014-06-04 17:10 - 00001443 _____ C:\Users\Web\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2015-08-14 06:37 - 2014-05-29 20:41 - 00001332 _____ C:\Users\Public\Desktop\HP Smart Friend.lnk2015-08-14 06:36 - 2015-01-18 14:11 - 00001336 _____ C:\Users\halca_000\Desktop\ROBLOX Studio.lnk2015-08-14 06:36 - 2015-01-16 16:09 - 00001348 _____ C:\Users\halca_000\Desktop\Continue Five Nights at Freddy's Installation.lnk2015-08-14 06:36 - 2014-12-31 17:27 - 00001298 _____ C:\Users\halca_000\Desktop\Continue File Opener Installation.lnk2015-08-14 06:36 - 2014-10-12 15:04 - 00001521 _____ C:\Users\halca_000\Desktop\ROBLOX Player.lnk2015-08-14 06:36 - 2014-08-25 16:55 - 00001318 _____ C:\Users\halca_000\Desktop\Continue Free Download Installation.lnk2015-08-14 06:36 - 2014-08-24 10:40 - 00002472 _____ C:\Users\halca_000\Desktop\Facebook.lnk2015-08-14 06:36 - 2014-08-24 10:40 - 00002468 _____ C:\Users\halca_000\Desktop\Youtube.lnk2015-08-14 06:36 - 2014-08-24 10:40 - 00002448 _____ C:\Users\halca_000\Desktop\Free Music.lnk2015-08-14 06:36 - 2014-08-24 10:40 - 00002448 _____ C:\Users\halca_000\Desktop\Free Games.lnk2015-08-14 06:36 - 2014-08-22 14:58 - 00001547 _____ C:\Users\halca_000\Desktop\Torch.lnk2015-08-14 06:36 - 2014-08-22 14:56 - 00001211 _____ C:\Users\halca_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk2015-08-14 06:36 - 2014-06-29 07:08 - 00001443 _____ C:\Users\aklyk_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2015-08-14 06:36 - 2014-06-29 07:08 - 00000551 _____ C:\Users\aklyk_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk2015-08-14 06:36 - 2014-06-29 07:08 - 00000549 _____ C:\Users\aklyk_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk2015-08-14 06:36 - 2014-06-16 16:25 - 00001735 _____ C:\Users\halca_000\Desktop\Pokémon Trading Card Game Online.lnk2015-08-14 06:36 - 2014-06-08 02:03 - 00000551 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk2015-08-14 06:36 - 2014-06-08 02:03 - 00000551 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk2015-08-14 06:36 - 2014-06-08 02:03 - 00000549 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk2015-08-14 06:36 - 2014-06-08 02:03 - 00000549 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk2015-08-14 06:36 - 2014-06-05 18:34 - 00001443 _____ C:\Users\halca_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2015-08-13 21:41 - 2013-08-22 10:36 - 00000000 ___HD C:\windows\system32\GroupPolicy2015-08-13 20:40 - 2015-06-25 14:21 - 00000368 _____ C:\windows\Tasks\HPCeeScheduleForpauli_000.job2015-08-13 20:40 - 2013-08-22 09:44 - 00441296 _____ C:\windows\system32\FNTCACHE.DAT2015-08-13 20:38 - 2014-08-03 12:38 - 00000000 ____D C:\Program Files\Microsoft Silverlight2015-08-13 20:38 - 2014-08-03 12:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight2015-08-13 20:35 - 2014-12-12 08:32 - 00000000 ____D C:\windows\system32\appraiser2015-08-13 20:35 - 2014-07-16 17:12 - 00000000 ___SD C:\windows\system32\CompatTel2015-08-13 20:35 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2015-08-13 20:35 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2015-08-13 20:35 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2015-08-13 20:35 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2015-08-13 20:35 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Windows Defender2015-08-13 20:35 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender2015-08-13 20:33 - 2014-06-05 17:21 - 00003594 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2744511804-60897879-1795108344-10052015-08-13 20:16 - 2014-06-07 14:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive2015-08-13 17:27 - 2014-06-05 17:05 - 00003946 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{E1291903-9E5D-49F7-9CC8-108CE3F4EC8A}2015-08-13 14:45 - 2014-06-05 14:46 - 00000052 _____ C:\windows\SysWOW64\DOErrors.log2015-08-13 14:41 - 2014-12-24 15:49 - 00000000 ____D C:\Users\mooke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox2015-08-13 03:45 - 2014-06-11 08:45 - 00000000 ____D C:\ProgramData\Microsoft Help2015-08-13 03:45 - 2013-08-22 10:20 - 00000000 ____D C:\windows\CbsTemp2015-08-13 03:43 - 2014-08-03 12:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight2015-08-13 03:40 - 2014-06-07 05:31 - 00000000 ____D C:\windows\system32\MRT2015-08-13 03:21 - 2014-06-07 05:31 - 132483416 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe2015-08-12 19:28 - 2015-06-22 17:57 - 00000000 ____D C:\Users\mooke_000\Powersaves3DS2015-08-11 14:01 - 2015-06-25 14:21 - 00003190 _____ C:\windows\System32\Tasks\HPCeeScheduleForpauli_0002015-08-09 17:14 - 2014-06-05 17:05 - 00000000 ____D C:\Users\mooke_000\AppData\Local\Packages2015-08-08 08:55 - 2015-03-14 08:21 - 00794088 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe2015-08-08 08:55 - 2015-03-14 08:21 - 00179688 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl2015-08-01 15:49 - 2015-06-28 18:12 - 00000000 ____D C:\Program Files (x86)\Minecraft2015-08-01 14:11 - 2015-06-22 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Action Replay PowerSaves 3DS2015-08-01 14:11 - 2015-06-22 17:57 - 00000000 ____D C:\Program Files (x86)\Action Replay PowerSaves 3DS2015-08-01 14:06 - 2014-06-04 17:09 - 00000000 ____D C:\Users\Web2015-07-30 10:55 - 2013-08-22 10:36 - 00000000 ____D C:\windows\system32\NDF2015-07-30 09:45 - 2014-06-29 07:08 - 00000000 ____D C:\Users\aklyk_0002015-07-30 09:45 - 2014-06-05 18:34 - 00000000 ____D C:\Users\halca_0002015-07-30 09:09 - 2014-06-08 07:04 - 00003922 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{97BF5AF6-D346-4412-B19A-879C9F6FBBA8}2015-07-28 18:20 - 2015-03-05 16:30 - 00000000 ____D C:\Users\mooke_000\AppData\Roaming\Origin2015-07-28 18:14 - 2015-03-05 16:27 - 00000000 ____D C:\Program Files (x86)\Origin2015-07-25 05:11 - 2015-04-04 09:03 - 00000000 ___SD C:\windows\system32\GWX2015-07-22 21:11 - 2013-08-22 10:36 - 00000000 ____D C:\windows\rescache2015-07-22 07:28 - 2015-01-31 11:51 - 04731400 _____ () C:\Users\mooke_000\Desktop\TechnicLauncher.exe2015-07-22 07:27 - 2015-01-31 12:04 - 00000000 ____D C:\Users\mooke_000\AppData\Roaming\.technic2015-07-19 10:39 - 2015-04-04 09:03 - 00000000 ___SD C:\windows\SysWOW64\GWX2015-07-19 10:39 - 2013-08-22 10:36 - 00000000 ___RD C:\windows\ToastData2015-07-19 10:39 - 2013-08-22 10:36 - 00000000 ____D C:\windows\WinStore2015-07-19 07:50 - 2014-06-05 18:34 - 00003946 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{29EB089F-8B13-46EE-B4F2-40CFC60D11E2} ==================== Files in the root of some directories ======= 2015-05-12 18:22 - 2015-05-12 18:22 - 0099678 _____ () C:\Program Files (x86)\tunepro138x138.ico2015-08-14 06:44 - 2015-08-14 06:44 - 0154826 _____ () C:\Program Files (x86)\uninstaller.exe2014-08-02 10:04 - 2014-08-02 10:05 - 0000360 _____ () C:\Users\Web\AppData\Roaming\com.kennettnet.MusicRescue4.plist2014-11-14 13:52 - 2014-11-14 13:53 - 0002747 _____ () C:\Users\Web\AppData\Roaming\QBFileDrTool.log Some files in TEMP:====================C:\Users\mooke_000\AppData\Local\Temp\SkypeSetup.exeC:\Users\pauli_000\AppData\Local\Temp\UNINSTALL.EXEC:\Users\Web\AppData\Local\Temp\Abspdf.exeC:\Users\Web\AppData\Local\Temp\acfpdfu.dllC:\Users\Web\AppData\Local\Temp\acfpdfuamd64.dllC:\Users\Web\AppData\Local\Temp\acfpdfui.dllC:\Users\Web\AppData\Local\Temp\acfpdfuia64.dllC:\Users\Web\AppData\Local\Temp\acfpdfuiamd64.dllC:\Users\Web\AppData\Local\Temp\acfpdfuiia64.dllC:\Users\Web\AppData\Local\Temp\cdintf.dllC:\Users\Web\AppData\Local\Temp\converter.exeC:\Users\Web\AppData\Local\Temp\DseShExt-x64.dllC:\Users\Web\AppData\Local\Temp\DseShExt-x86.dllC:\Users\Web\AppData\Local\Temp\PDFPRT400.exeC:\Users\Web\AppData\Local\Temp\qqlghddd.dllC:\Users\Web\AppData\Local\Temp\SDShelEx-win32.dllC:\Users\Web\AppData\Local\Temp\SDShelEx-x64.dllC:\Users\Web\AppData\Local\Temp\tu17p84.exeC:\Users\Web\AppData\Local\Temp\xmllite.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\windows\system32\winlogon.exe => File is digitally signedC:\windows\system32\wininit.exe => File is digitally signedC:\windows\explorer.exe => File is digitally signedC:\windows\SysWOW64\explorer.exe => File is digitally signedC:\windows\system32\svchost.exe => File is digitally signedC:\windows\SysWOW64\svchost.exe => File is digitally signedC:\windows\system32\services.exe => File is digitally signedC:\windows\system32\User32.dll => File is digitally signedC:\windows\SysWOW64\User32.dll => File is digitally signedC:\windows\system32\userinit.exe => File is digitally signedC:\windows\SysWOW64\userinit.exe => File is digitally signedC:\windows\system32\rpcss.dll => File is digitally signedC:\windows\system32\dnsapi.dll[2015-03-11 12:13] - [2015-08-14 06:43] - 0657920 ____A (Microsoft Corporation) 089D030FF1B7D49ACD074B289D306F4D C:\windows\SysWOW64\dnsapi.dll => MD5 is legitC:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-08-10 04:49 ==================== End of log ============================ Link to post Share on other sites More sharing options...
Darth_Kittens Posted August 16, 2015 Author ID:983674 Share Posted August 16, 2015 Addition.txt: Additional scan result of Farbar Recovery Scan Tool (x64) Version:16-08-2015Ran by Web (2015-08-16 13:08:33)Running from C:\Users\Web\DesktopBoot Mode: Normal========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2744511804-60897879-1795108344-500 - Administrator - Disabled)aklyk_000 (S-1-5-21-2744511804-60897879-1795108344-1007 - Limited - Enabled) => C:\Users\aklyk_000Guest (S-1-5-21-2744511804-60897879-1795108344-501 - Limited - Disabled)halca_000 (S-1-5-21-2744511804-60897879-1795108344-1006 - Limited - Enabled) => C:\Users\halca_000HomeGroupUser$ (S-1-5-21-2744511804-60897879-1795108344-1003 - Limited - Enabled)mooke_000 (S-1-5-21-2744511804-60897879-1795108344-1005 - Limited - Enabled) => C:\Users\mooke_000pauli_000 (S-1-5-21-2744511804-60897879-1795108344-1004 - Administrator - Enabled) => C:\Users\pauli_000Web (S-1-5-21-2744511804-60897879-1795108344-1001 - Administrator - Enabled) => C:\Users\Web ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)Action Replay PowerSaves 3DS version 1.29 (HKLM-x32\...\{CD24B06F-0A4D-410A-AEF2-DFE6A28AB4C0}_is1) (Version: 1.29 - Datel Design & Development)Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)Airport Mania (x32 Version: 2.2.0.95 - WildTangent) HiddenAlcor Micro USB Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.)Alcor Micro USB Card Reader Driver (x32 Version: 20.21.3317.03861 - Alcor Micro Corp.) HiddenAmazing World (HKLM-x32\...\Steam App 293500) (Version: - Ganz)AMD Catalyst Install Manager (HKLM\...\{7288D4D9-90E0-2B03-43D0-0BB6D4496577}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)Amnesia: The Dark Descent (HKLM-x32\...\Steam App 57300) (Version: - Frictional Games)Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) HiddenBejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) HiddenBonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) HiddenBrick-Force (EU) (HKLM-x32\...\Steam App 335330) (Version: - Exe Games Inc.)Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) HiddenCastle Crashers (HKLM-x32\...\Steam App 204360) (Version: - The Behemoth)Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version: - Cheat Engine)Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)Clicker Heroes (HKLM-x32\...\Steam App 363970) (Version: - )Collaboration Data Objects 1.2.1 (HKLM-x32\...\{86EF9EB6-DE10-4ABB-B221-D61972BB3C09}) (Version: 6.5.7940.0 - Microsoft)Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) HiddenCradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) HiddenCry of Fear (HKLM-x32\...\Steam App 223710) (Version: - Team Psykskallar)Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) HiddenCutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.)CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6805 - CyberLink Corp.)CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3103 - CyberLink Corp.)Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4323 - CyberLink Corp.)CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3215 - CyberLink Corp.)CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3215 - CyberLink Corp.)CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3212 - CyberLink Corp.)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDelicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) HiddenDisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) HiddenFarm Frenzy (x32 Version: 2.2.0.98 - WildTangent) HiddenFishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) HiddenFistful of Frags (HKLM-x32\...\Steam App 265630) (Version: - Fistful of Frags Team)Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.155 - Google Inc.)Google Drive (HKLM-x32\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.28.1 - Google Inc.) HiddenGovernor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) HiddenGPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.15) (Version: 9.15 - Artifex Software Inc.)Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) HiddenHouse of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) HiddenHP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)HP Documentation (HKLM-x32\...\{06600E94-1C34-40E2-AB09-D30AECF78172}) (Version: 1.1.0.0 - Hewlett-Packard)HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard)HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.51 - Hewlett-Packard)HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)Inst5675 (Version: 8.00.51 - Softex Inc.) HiddenInst5676 (Version: 8.00.51 - Softex Inc.) HiddeniRepo 5.3.0.0 (HKLM-x32\...\iRepo_is1) (Version: 5.3.0.0 - Purple Ghost Software, Inc.)Ironclad Tactics (HKLM-x32\...\Steam App 226960) (Version: - Zachtronics)Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) HiddeniTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) HiddenJohn Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) HiddenKing Oddball (x32 Version: 3.0.2.48 - WildTangent) HiddenLuxor Evolved (x32 Version: 2.2.0.98 - WildTangent) HiddenMahjongg Dimensions Deluxe (x32 Version: 2.2.0.95 - WildTangent) HiddenMalwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)Mitos.is: The Game (HKLM-x32\...\Steam App 389570) (Version: - Freakinware Studios)Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) HiddenMusic Rescue (HKLM-x32\...\{5F503B34-022D-4C56-9D40-53D2916CE3C9}) (Version: 4.5.1 - KennettNet Software Ltd)Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) HiddenNBA 2K15 (HKLM-x32\...\Steam App 282350) (Version: - Visual Concepts)Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) HiddenPenguins! (x32 Version: 2.2.0.98 - WildTangent) HiddenPinger (HKLM-x32\...\Pinger 1.1.1.2) (Version: 1.1.1.2 - Pinger Inc.)Pinger (x32 Version: 1.1.1.2 - Pinger Inc.) HiddenPlants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) HiddenPokémon Trading Card Game Online (HKLM-x32\...\{D81F39D4-FDA9-4356-92B1-16081D8BF71A}) (Version: 1.0.0 - The Pokémon Company International)Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) HiddenPortal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)PVZ Garden Warfare (HKLM-x32\...\{A5AC7D7B-C1D5-4AF9-8829-993DA335BE1B}) (Version: 1.0.3.0 - Electronic Arts)Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)QuickBooks (x32 Version: 24.0.4008.2403 - Intuit Inc.) HiddenQuickBooks Pro 2014 (HKLM-x32\...\{4A21D17E-2FE8-42CD-88B7-ACF8E8860834}) (Version: 24.0.4003.2403 - Intuit Inc.)QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7090 - Realtek Semiconductor Corp.)Recovery Manager (x32 Version: 5.5.0.7001 - CyberLink Corp.) HiddenRoads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) HiddenSetup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - )Sharepod 4.0.1.1 (HKLM-x32\...\{085BCFB8-F6FB-4600-AFAB-1F6DBC7F5F99}_is1) (Version: - Macroplant LLC)Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)Spooky's House of Jump Scares (HKLM-x32\...\Steam App 356670) (Version: - Lag Studios)Spotify (HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB)Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) HiddenTeam Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)Team Fortress Classic (HKLM-x32\...\Steam App 20) (Version: - Valve)Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version: - Edmund McMillen and Florian Himsl)The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version: - Nicalis, Inc.)Time Clickers (HKLM-x32\...\Steam App 385770) (Version: - Proton Studio Inc)TouchCopy 12 (HKLM-x32\...\{363B852D-FBAD-4BAB-B1E9-28937DCDA620}) (Version: 12.46 - Wide Angle Software)Trove (HKLM-x32\...\Steam App 304050) (Version: - Trion Worlds)Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)Update Installer for WildTangent Games App (x32 Version: - WildTangent) HiddenVacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) HiddenVuze (HKLM\...\8461-7759-5462-8226) (Version: 5.3.0.0 - Azureus Software, Inc.)WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)X Rebirth (HKLM-x32\...\Steam App 2870) (Version: - Egosoft)Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) HiddenZuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 29-07-2015 04:09:48 Windows Update11-08-2015 11:39:06 Scheduled Checkpoint16-08-2015 12:39:33 Removed Java 7 Update 60 (64-bit) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {04BC670B-95B0-4AF2-84FB-463F165F917A} - System32\Tasks\A2D4B635-D1D1-4A62-A97D-A44A47B8980 => C:\Users\pauli_000\AppData\Local\A2D4B635-D1D1-4A62-A97D-A44A47B8980\A2D4B635-D1D1-4A62-A97D-A44A47B8980.exe <==== ATTENTIONTask: {089607A1-22D1-4172-A106-4DEEEDF53A49} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)Task: {0AE646E2-9F96-4A2F-98ED-782987460702} - \globalUpdateUpdateTaskMachineCore -> No File <==== ATTENTIONTask: {0BC35AC8-DBCA-4F36-A5DA-E53D1F232188} - \1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-1-7 -> No File <==== ATTENTIONTask: {19E2196E-E0F1-4518-84FF-7FD40FFFDF57} - \1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-6 -> No File <==== ATTENTIONTask: {1F795715-7993-4702-A09E-246EC9877C1E} - \WindApp Update -> No File <==== ATTENTIONTask: {20685D58-BC19-48BB-96E5-0EF4CB79BAEF} - \SushiLeads -> No File <==== ATTENTIONTask: {283EFFA8-8543-4156-9297-F4967767E0AC} - System32\Tasks\updateTask => c:\task.vbs [2015-08-14] ()Task: {2F8869EE-DDF4-4189-B218-0FA932BA833B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-05] (Google Inc.)Task: {324F8CF7-2C46-406D-B8A3-3B74DD06E559} - \1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-5 -> No File <==== ATTENTIONTask: {3278AEA8-72C5-4AFA-9261-70BA95437111} - System32\Tasks\DailyPCClean Schedule => C:\Program Files (x86)\DailyPCClean\DPCCSchedule.exeTask: {33C6C936-27C9-4864-BC10-AD0EE8157838} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)Task: {34250E27-3085-4A85-B311-A33E778664C3} - \1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-3 -> No File <==== ATTENTIONTask: {34CE367C-12F8-40EF-A247-F2A77A5692E5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)Task: {3513DBDC-1C2F-4246-B1AE-EAEA37C895CE} - \WordSurfer Auto Updater 1.10.0.19 Core -> No File <==== ATTENTIONTask: {364C2067-47B8-4DA0-9B7F-DEF696AC3D31} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)Task: {406634BE-2592-40E5-8185-7E60C2FC4AF0} - System32\Tasks\zcS3EdYjY9p5nRKgHUxt47hB => C:\Users\pauli_000\AppData\Roaming\zcS3EdYjY9p5nRKgHUxt47hB.exe <==== ATTENTIONTask: {4523B8B0-4096-4875-8416-87E38CFCBB5D} - \Jarmeee -> No File <==== ATTENTIONTask: {4D0A3E5D-EA2D-4BC2-A3B0-35166C769E0C} - System32\Tasks\runTask => %TEMP%/Updater.exeTask: {4D52730F-2073-4DBC-BB6C-3742301CBB9E} - \Superclean -> No File <==== ATTENTIONTask: {53E82944-B0B9-4C85-91AC-92071F7E1FB8} - \SMWUpd -> No File <==== ATTENTIONTask: {5D7FD6F8-DA6C-40D7-A7A7-0FB09A0CE9EC} - \1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-10_user -> No File <==== ATTENTIONTask: {6D630EE5-9363-4E34-80CB-05227AE6CFBA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-08-13] (Microsoft Corporation)Task: {7626125F-A9AE-4DE0-81D2-4CD57E6801AB} - \CIMT_S-1-5-21-2744511804-60897879-1795108344-1004 -> No File <==== ATTENTIONTask: {77200938-3CE4-4EBB-84E5-2C1A6B3FF06A} - \SMW_UpdateTask_Time_333332393435373737322d2350785732325b6c342a2d45 -> No File <==== ATTENTIONTask: {77CF4BB0-2AE6-4B31-B93A-DB11A592EF9C} - System32\Tasks\OKJQVJWHKAAQRNFR => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTIONTask: {78433DFD-CEDB-4793-AB00-0EAAE5EA786D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)Task: {7CA7A837-18A0-4220-A9A1-58392070FF63} - \1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-1-6 -> No File <==== ATTENTIONTask: {912CDA96-E250-45E0-A69F-CBE9F94642F8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-31] (Hewlett-Packard)Task: {A8A586F8-3AB2-43BE-B7E5-91B816889678} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {B1D11D2D-DEEB-4BFB-A956-2B8FB64C2A3C} - \TunePro360 Updater -> No File <==== ATTENTIONTask: {B706A7B2-9D42-4E31-B0ED-1D4E6DA59441} - \globalUpdateUpdateTaskMachineUA -> No File <==== ATTENTIONTask: {BD7DAA70-092B-4027-B7B0-E3BC5A7F2478} - \Selection Tools Update -> No File <==== ATTENTIONTask: {BE8F0C47-4BA8-459E-B418-526C6F55258F} - \CIMT_daily_S-1-5-21-2744511804-60897879-1795108344-1004 -> No File <==== ATTENTIONTask: {CA2C0F1A-EF1F-4D99-AA62-3274BBB1B9F3} - System32\Tasks\Smp => C:\Program Files\Common Files\Goobzo\GBUpdate\smp.exe <==== ATTENTIONTask: {D5016636-D008-4FA8-A9CA-F95655C46526} - System32\Tasks\HPCeeScheduleForpauli_000 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)Task: {D576BEE5-6B9B-4783-98AB-0F5C1E1AF9F9} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)Task: {D5E45616-3703-4421-BCF8-C2617A3EB32A} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiserTask: {D8C5C3DA-B014-4EA6-8AD6-C2489B10B7CE} - \UFGIMDA1 -> No File <==== ATTENTIONTask: {D964784B-64D9-4CDA-8E88-82E6376C60A8} - \ConsumerInputUpdateTaskMachineCore -> No File <==== ATTENTIONTask: {DF80B38C-CA93-4FAD-887C-AD8EDE5A02EB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-31] (Hewlett-Packard)Task: {E0656664-4567-4309-817B-5F2691F42BE0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-05] (Google Inc.)Task: {E5B134F3-B2F2-4DEC-BCD4-7D1F119E2737} - \WordSurfer Auto Updater 1.10.0.19 Pending Update -> No File <==== ATTENTIONTask: {E81456EC-E233-4971-8A38-08A91BF7C079} - \1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-5_user -> No File <==== ATTENTIONTask: {F1039C79-C9E6-4CBA-B9BE-6B0F0A3A5069} - \ConsumerInputUpdateTaskMachineUA -> No File <==== ATTENTIONTask: {F23B1A5B-0146-4E50-B83A-0E65D55F8CF3} - \AmiUpdXp -> No File <==== ATTENTIONTask: {F9FFB3B5-4844-4BA3-80F5-1FEB7C26B9ED} - \Inst_Rep -> No File <==== ATTENTIONTask: {FA5BAB30-E303-4575-AF1E-3F62E7ACF9F2} - \1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-7 -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\HPCeeScheduleForpauli_000.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exeTask: C:\windows\Tasks\Launch 5906.job => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATTENTIONTask: C:\windows\Tasks\OKJQVJWHKAAQRNFR.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTIONTask: C:\windows\Tasks\User_Feed_Synchronization-{04B9E90F-251F-4172-81A6-1ACCE334504E}.job => C:\windows\system32\msfeedssync.exeTask: C:\windows\Tasks\User_Feed_Synchronization-{97BF5AF6-D346-4412-B19A-879C9F6FBBA8}.job => C:\windows\system32\msfeedssync.exeTask: C:\windows\Tasks\User_Feed_Synchronization-{C5F881FB-A495-42CB-A304-59516024C554}.job => C:\windows\system32\msfeedssync.exeTask: C:\windows\Tasks\zcS3EdYjY9p5nRKgHUxt47hB.job => C:\Users\pauli_000\AppData\Roaming\zcS3EdYjY9p5nRKgHUxt47hB.exe <==== ATTENTION ==================== Loaded Modules (Whitelisted) ============== 2013-09-05 05:22 - 2013-09-05 05:22 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe2013-09-05 05:24 - 2013-09-05 05:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll2013-09-05 05:24 - 2013-09-05 05:24 - 02540544 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll2013-09-05 05:21 - 2013-09-05 05:21 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll2013-09-05 05:21 - 2013-09-05 05:21 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll2013-09-05 05:21 - 2013-09-05 05:21 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll2013-09-05 05:36 - 2013-09-05 05:36 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll2013-09-05 05:36 - 2013-09-05 05:36 - 01298832 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll2013-09-05 05:31 - 2013-09-05 05:31 - 00064000 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe2013-06-05 15:51 - 2013-06-05 15:51 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2015-08-16 13:03 - 2015-08-16 13:03 - 00098816 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\win32api.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00110080 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\pywintypes27.dll2015-08-16 13:03 - 2015-08-16 13:03 - 00364544 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\pythoncom27.dll2015-08-16 13:03 - 2015-08-16 13:03 - 00045568 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\_socket.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 01161216 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\_ssl.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00320512 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\win32com.shell.shell.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00713216 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\_hashlib.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 01176576 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\wx._core_.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00806400 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\wx._gdi_.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00816128 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\wx._windows_.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 01067008 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\wx._controls_.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00733184 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\wx._misc_.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00682496 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\pysqlite2._sqlite.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00087552 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\_ctypes.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00119808 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\win32file.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00108544 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\win32security.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00007168 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\hashobjs_ext.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00068096 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\usb_ext.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00167936 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\win32gui.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00018432 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\win32event.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00128512 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\_elementtree.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00127488 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\pyexpat.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00013824 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\common.time34.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00036864 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\_psutil_windows.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00038912 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\win32inet.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00011264 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\win32crypt.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00077312 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\wx._html2.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00027136 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\_multiprocessing.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00020480 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\_yappi.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00035840 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\win32process.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00686080 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\unicodedata.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00123392 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\wx._wizard.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00024064 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\win32pipe.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00010240 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\select.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00025600 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\win32pdh.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00525640 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\windows._lib_cacheinvalidation.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00017408 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\win32profile.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00022528 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\win32ts.pyd2015-08-16 13:03 - 2015-08-16 13:03 - 00078848 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\wx._animate.pyd2015-08-11 15:15 - 2015-08-07 19:13 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\libglesv2.dll2015-08-11 15:15 - 2015-08-07 19:13 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\aklyk_000\OneDrive:ms-propertiesAlternateDataStreams: C:\Users\halca_000\SkyDrive:ms-propertiesAlternateDataStreams: C:\Users\mooke_000\SkyDrive:ms-propertiesAlternateDataStreams: C:\Users\pauli_000\SkyDrive:ms-propertiesAlternateDataStreams: C:\Users\Web\SkyDrive:ms-properties ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Uiviuuj => ""="service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WeWatcherProxy => ""="service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2744511804-60897879-1795108344-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Web\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\20130104_180917.jpgDNS Servers: 192.168.1.254HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\StartupFolder: => "QuickBooks_Standard_21.lnk"HKLM\...\StartupApproved\Run32: => "Intuit SyncManager"HKLM\...\StartupApproved\Run32: => "iTunesHelper"HKLM\...\StartupApproved\Run32: => "QHSafeTray"HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_E2EFA8B57D860A85EE2AA41549A6F263"HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_E79404C9801F5F746CB0082314E75BDB"HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\StartupApproved\Run: => "Spotify"HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\StartupApproved\Run: => "Spotify Web Helper" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139FirewallRules: [{BE1E032E-59FB-4FD6-A4A7-7483640A14E2}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exeFirewallRules: [{6C1223DF-C175-4620-A10F-C10F3B53ADAD}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exeFirewallRules: [{10B96B04-F60E-4B27-B2AD-4DE58C0EA43D}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exeFirewallRules: [{9F21A3C9-C90F-412A-9567-272759693CAD}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exeFirewallRules: [{3B76E4E5-879F-4B5D-AECA-CF7E92170C41}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exeFirewallRules: [{C57BDA63-9FB1-4F0C-AE36-8EE96FEC22E3}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exeFirewallRules: [{3924102E-FF6B-4B83-8814-FF88FE11AB7A}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXEFirewallRules: [{EE574B00-7BF6-4DFD-B2F8-1EA49608A5E0}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exeFirewallRules: [{21E7021B-C5C7-45D1-9975-5787D14A44AA}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exeFirewallRules: [{F3F991D2-D911-444E-9CC4-F7D3C824850D}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exeFirewallRules: [{FA8134FB-7A4D-47F5-A745-EE21B2EC71DC}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exeFirewallRules: [{8FB586B4-6047-4608-92D9-9E3CCFE444C4}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exeFirewallRules: [{444EDE6B-1312-4115-9DAD-A4FBBD5FEC71}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exeFirewallRules: [{92EC95E1-E446-4F0A-B9BD-FE619836FF0C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{31C6EA78-FDCA-4EAA-9EF3-329774323E6E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{B9C2440C-FDD9-4CA8-8CBE-1CB5A7317482}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{B70D192F-164B-4D05-BFA2-0DBC6CFA4CFD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{6A9CCDF5-CA09-4A3C-91FD-4C1821F5C087}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exeFirewallRules: [{AAFEF149-C6A9-42A0-9506-71ECA24DCE2B}] => (Allow) LPort=2869FirewallRules: [{74072E8C-EBBF-4990-BF8D-DF3F0A70705B}] => (Allow) LPort=1900FirewallRules: [{1EDB488B-DE61-4A08-82F1-AF2EAC89C7F0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exeFirewallRules: [{89535837-6E40-4ADA-8F67-1E2DD36A4CB1}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exeFirewallRules: [{5A739BBF-C1B7-48D1-9985-0BB27D4010A7}] => (Allow) C:\Program Files\Vuze\Azureus.exeFirewallRules: [{525541B4-294B-4B11-B9BC-BBBC03578BD0}] => (Allow) C:\Program Files\Vuze\Azureus.exeFirewallRules: [TCP Query User{1EA3B08A-E61D-4829-BC45-B4DC73A5FDD6}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exeFirewallRules: [uDP Query User{F48061BA-97D0-489B-AC9A-CCB9334B4354}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exeFirewallRules: [{F5176B49-2ACD-4BB1-8592-4DD49D3ACB5B}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exeFirewallRules: [{D4094727-9CBC-47C6-B0B1-5D092972F3B8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exeFirewallRules: [{2C5E364E-0036-43E7-918F-86DECA98A4BE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exeFirewallRules: [TCP Query User{B981B08B-F1AB-4565-A371-17A30D1194A0}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exeFirewallRules: [uDP Query User{D4AD9723-A924-495C-BE4A-EA66A99F63C4}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exeFirewallRules: [{EE817AAF-9D62-4E65-B3FC-CD8076B76F33}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exeFirewallRules: [{E58FC6A6-9307-4280-AE24-E6FBE2557067}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exeFirewallRules: [{5D82F2EC-1AC8-4525-B30D-815A5BC40ABA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exeFirewallRules: [{82397B22-92B9-40D2-968A-1346D1068248}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exeFirewallRules: [TCP Query User{348FADAE-611E-4D3B-972C-4009B959179B}C:\users\web\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\web\appdata\roaming\spotify\spotify.exeFirewallRules: [uDP Query User{691D1B52-7F3E-429D-B119-5045A9A1B313}C:\users\web\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\web\appdata\roaming\spotify\spotify.exeFirewallRules: [{C3783617-F9FA-4489-8F55-5FAF1087501F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exeFirewallRules: [{89F398C4-5795-4A80-99E8-DAD027657813}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exeFirewallRules: [{1012B0E9-788E-4339-9C2A-BE8C02A486C7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fistful of Frags\sdk\hl2.exeFirewallRules: [{E02EFE82-455B-403A-B91A-9D6A2DA8808D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fistful of Frags\sdk\hl2.exeFirewallRules: [{43A590CA-716F-4AA6-AB24-87220381B8C6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amazing World\AmazingWorld.exeFirewallRules: [{5D29A9F9-8BA5-4C4A-92C5-84B0A50465F7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amazing World\AmazingWorld.exeFirewallRules: [{221B49BD-A410-48E8-B140-424CCC2440D2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Ironclad Tactics\Game.exeFirewallRules: [{3A2DD2E1-9E24-471A-B203-73912278E14C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Ironclad Tactics\Game.exeFirewallRules: [{F89D39A6-DC4C-43B0-9EC0-7BD15F51AC36}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exeFirewallRules: [{8A1B8B18-0018-49E5-9CCF-EB74958EFB24}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exeFirewallRules: [{2FE4DCD9-2BFF-486F-8DC1-C6883E0E5429}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exeFirewallRules: [{2A644A87-A2F6-4E2A-8035-79120CF19975}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exeFirewallRules: [{D8D74176-1369-4708-871A-96F934B4721D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cry of Fear\CoFLaunchApp.exeFirewallRules: [{678696E1-881B-41B6-98C6-0F2273D2FB45}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cry of Fear\CoFLaunchApp.exeFirewallRules: [TCP Query User{A424A491-10EC-4397-9036-A4AF203ACDCD}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Block) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exeFirewallRules: [uDP Query User{1702F69E-EC27-4497-9A9F-1F340057E704}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Block) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exeFirewallRules: [{09460DCB-E59D-4E82-A97E-CEC470617064}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CastleCrashers\castle.exeFirewallRules: [{40BAAC17-672F-464B-9974-D798C2E01F94}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CastleCrashers\castle.exeFirewallRules: [TCP Query User{D95210E3-F88C-42E9-9E62-9845D4AD4E1A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exeFirewallRules: [uDP Query User{97466C1C-29D4-46C9-AC35-79130A4F6726}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exeFirewallRules: [TCP Query User{8F359B21-2B49-4AEE-B13C-37F3737B64D6}C:\users\halca_000\appdata\local\torch\plugins\hola\hola_plugin_x64.exe] => (Block) C:\users\halca_000\appdata\local\torch\plugins\hola\hola_plugin_x64.exeFirewallRules: [uDP Query User{55A79EF8-E449-4FD7-BA63-8A3793F40977}C:\users\halca_000\appdata\local\torch\plugins\hola\hola_plugin_x64.exe] => (Block) C:\users\halca_000\appdata\local\torch\plugins\hola\hola_plugin_x64.exeFirewallRules: [TCP Query User{98090451-32DD-4F8A-B7CF-FAA2BE92F7C4}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exeFirewallRules: [uDP Query User{9DEDF3CC-69A8-4A87-889C-E051C9491E83}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exeFirewallRules: [{A154DEA0-1C43-48CB-B038-A2BA083EB563}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exeFirewallRules: [{BFE7530C-ED5C-43BB-A6F6-3ADF9E0321C6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exeFirewallRules: [{15DA8999-AE5B-4135-AD60-611722DED198}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Binding Of Isaac\Isaac.exeFirewallRules: [{20AAF40E-6C7C-41F6-9272-94D36DCA31CF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Binding Of Isaac\Isaac.exeFirewallRules: [{2E67CEE6-3D5A-41C8-B6B9-CB1225C49A1B}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exeFirewallRules: [{3768047C-8401-44D7-A71D-4CEA5EC5CB33}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exeFirewallRules: [{2D18C3D6-C6EC-4FA0-8B77-14B407A3AD10}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Brick-Force ROW\InfernumLogin.exeFirewallRules: [{255D589D-92C3-4FB9-82BF-3795907FB15C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Brick-Force ROW\InfernumLogin.exeFirewallRules: [{E35E1444-0683-4C26-8FD0-B8CE7F61ADC7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exeFirewallRules: [{415E1660-48A4-407E-8E1C-B5BB0AACF8D5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exeFirewallRules: [{7AB15407-B9B8-4472-A690-EA49B72CC04C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\X Rebirth\XRebirth.exeFirewallRules: [{B139A4E7-FB00-4F8E-ADCA-0EB4ABE350BE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\X Rebirth\XRebirth.exeFirewallRules: [TCP Query User{526B8273-C4F4-44B1-906F-4D5A3097A7B9}C:\program files (x86)\360\total security\safemon\qhsafetray.exe] => (Block) C:\program files (x86)\360\total security\safemon\qhsafetray.exeFirewallRules: [uDP Query User{2B8FC484-6980-4DBF-91EE-B16E52BDB45B}C:\program files (x86)\360\total security\safemon\qhsafetray.exe] => (Block) C:\program files (x86)\360\total security\safemon\qhsafetray.exeFirewallRules: [{4FB6E1EB-8AEC-44ED-BB51-6FCB840577D4}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exeFirewallRules: [{0920CB87-0C21-4262-A320-338716A9F521}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exeFirewallRules: [{A86BE10F-5A0C-48C6-82F1-D1DB59AFD214}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Amnesia.exeFirewallRules: [{23BA47CE-BC10-434E-85FE-1639C088E876}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Amnesia.exeFirewallRules: [{1469C652-B59B-4C0D-A1F3-E9F74F72DACB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Launcher.exeFirewallRules: [{630A237A-BC7D-44C2-B623-0B667376B8D7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Launcher.exeFirewallRules: [TCP Query User{F6A1232D-BCC5-417E-A635-56AB4D7FFE68}C:\windows\system32\javaw.exe] => (Block) C:\windows\system32\javaw.exeFirewallRules: [uDP Query User{A7893E4C-D812-4632-A5FA-9F92A65E3535}C:\windows\system32\javaw.exe] => (Block) C:\windows\system32\javaw.exeFirewallRules: [{C69D7EA4-445A-4D4D-BC47-82162F1B94FC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Clicker Heroes\Clicker Heroes.exeFirewallRules: [{3209999A-DD0C-499D-9634-0CD7A2904764}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Clicker Heroes\Clicker Heroes.exeFirewallRules: [TCP Query User{FACE13ED-1822-4F9C-9ADA-27348FED87B1}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exeFirewallRules: [uDP Query User{12DC88B8-9874-46E5-B91E-BF80226DB761}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exeFirewallRules: [{FCB323AE-08ED-48EE-8606-CBC0060C1211}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exeFirewallRules: [{2FB3D3BC-DD3F-43BD-9B1E-653D587AC663}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TimeClickers\TimeClickers.exeFirewallRules: [{CBC476DF-EAE8-49C4-B2C6-ED74ECCE47FA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TimeClickers\TimeClickers.exeFirewallRules: [{E28ADC6C-A414-409C-B2AA-34FA8A47D480}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Spooky's House of Jump Scares\SPOOKY.exeFirewallRules: [{C8A2EC8C-C62B-4636-BF0A-358D5494EE40}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Spooky's House of Jump Scares\SPOOKY.exeFirewallRules: [{0C63C7CA-46EB-41AD-9F27-F70A9D069687}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mitos.is The Game\Mitosis.exeFirewallRules: [{01F669C7-E877-489E-BBA1-C0846B280700}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mitos.is The Game\Mitosis.exeFirewallRules: [{17F9E0E3-F7E5-4021-B34F-0DEB8C88AFD6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Trove\GlyphClient.exeFirewallRules: [{4A741EC4-930E-4D7C-9BEB-49E47C87ED11}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Trove\GlyphClient.exeFirewallRules: [{807E8FA7-2211-4C20-AFA5-5DB11331B6BA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exeFirewallRules: [{77AE47F7-DABB-48F6-8AB3-C5F5B474B0A3}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exeFirewallRules: [{7519E145-7F27-4FA3-B832-1ADB1F50A55E}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe ==================== Faulty Device Manager Devices ============= Name: Qualcomm Atheros AR9485 802.11b/g/n WiFi AdapterDescription: Qualcomm Atheros AR9485 802.11b/g/n WiFi AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: Qualcomm Atheros Communications Inc.Service: athrProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors:==================Error: (08/16/2015 01:08:23 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )Description: Failed to schedule Software Protection service for re-start at 2115-07-23T18:08:22Z. Error Code: 0x80040154. Error: (08/16/2015 01:07:52 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )Description: Failed to schedule Software Protection service for re-start at 2115-07-23T18:07:52Z. Error Code: 0x80040154. Error: (08/16/2015 01:07:22 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )Description: Failed to schedule Software Protection service for re-start at 2115-07-23T18:07:22Z. Error Code: 0x80040154. Error: (08/16/2015 01:06:52 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )Description: Failed to schedule Software Protection service for re-start at 2115-07-23T18:06:52Z. Error Code: 0x80040154. Error: (08/16/2015 01:06:22 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )Description: Failed to schedule Software Protection service for re-start at 2115-07-23T18:06:22Z. Error Code: 0x80040154. Error: (08/16/2015 01:05:52 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )Description: Failed to schedule Software Protection service for re-start at 2115-07-23T18:05:52Z. Error Code: 0x80040154. Error: (08/16/2015 01:05:22 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )Description: Failed to schedule Software Protection service for re-start at 2115-07-23T18:05:22Z. Error Code: 0x80040154. Error: (08/16/2015 01:01:47 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: 030260~1.EXE, version: 7.8.712.2, time stamp: 0x5321d133Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005Fault offset: 0x676f7250Faulting process id: 0x608Faulting application start time: 0x030260~1.EXE0Faulting application path: 030260~1.EXE1Faulting module path: 030260~1.EXE2Report Id: 030260~1.EXE3Faulting package full name: 030260~1.EXE4Faulting package-relative application ID: 030260~1.EXE5 Error: (08/16/2015 01:00:24 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )Description: Failed to schedule Software Protection service for re-start at 2115-07-23T18:00:24Z. Error Code: 0x80040154. Error: (08/16/2015 12:59:54 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )Description: Failed to schedule Software Protection service for re-start at 2115-07-23T17:59:54Z. Error Code: 0x80040154. System errors:=============Error: (08/16/2015 01:08:47 PM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: The IPsec Policy Agent service terminated with the following error: %%10106 Error: (08/16/2015 01:06:16 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)Description: {4991D34B-80A1-4291-83B6-3328366B9097} Error: (08/16/2015 01:04:47 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)Description: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error: (08/16/2015 01:04:16 PM) (Source: Service Control Manager) (EventID: 7024) (User: )Description: The Background Intelligent Transfer Service service terminated with the following service-specific error: %%2147952506 Error: (08/16/2015 01:04:16 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT AUTHORITY)Description: The BITS service failed to start. Error 2147952506. Error: (08/16/2015 01:03:55 PM) (Source: WMPNetworkSvc) (EventID: 14348) (User: )Description: 0x80070057 Error: (08/16/2015 01:03:55 PM) (Source: WMPNetworkSvc) (EventID: 14323) (User: )Description: WMPNetworkSvc0xc00d4268 Error: (08/16/2015 01:03:55 PM) (Source: WMPNetworkSvc) (EventID: 14348) (User: )Description: 0x80070057 Error: (08/16/2015 01:03:55 PM) (Source: WMPNetworkSvc) (EventID: 14323) (User: )Description: WMPNetworkSvc0xc00d4268 Error: (08/16/2015 01:03:55 PM) (Source: WMPNetworkSvc) (EventID: 14348) (User: )Description: 0x80070057 Microsoft Office:========================= CodeIntegrity:=================================== Date: 2015-08-16 12:57:28.085 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-16 12:57:27.074 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-16 12:57:25.998 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-16 12:57:24.762 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-16 12:57:24.025 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-16 12:57:23.075 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-16 12:57:22.325 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-16 12:57:21.207 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-16 12:57:20.400 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-16 12:57:19.016 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: AMD A6-5200 APU with Radeon HD Graphics Percentage of memory in use: 36%Total physical RAM: 5580.01 MBAvailable physical RAM: 3534.62 MBTotal Virtual: 11212.01 MBAvailable Virtual: 8727.28 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:914.57 GB) (Free:626.43 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive d: (Recovery Image) (Fixed) (Total:15.46 GB) (Free:1.92 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 931.5 GB) (Disk ID: CE011A0D) Partition: GPT. ==================== End of log ============================ Link to post Share on other sites More sharing options...
MrCharlie Posted August 16, 2015 ID:983683 Share Posted August 16, 2015 Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe. Run FRST.exe/FRST64.exe and click Fix only once and wait The tool will create a log (Fixlog.txt) in the folder, please post it to your reply. ============================== Please download AdwCleaner from HERE or HERE to your desktop.Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As AdministratorClick on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.When it's done you'll see: Pending: Please uncheck elements you don't want removed.Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.Look over the log especially under Files/Folders for any program that may have been targeted by mistake.If there's a program you may want to save, just uncheck it from AdwCleaner.If you're not sure, post the log for review. (all items found are either adware/spyware/foistware)If you're ready to clean it all up.....click the Clean button.After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.Copy and paste the contents of that logfile in your next reply.A copy of that logfile will also be saved in the C:\AdwCleaner folder.Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\QuarantineTo restore an item that has been deleted:Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.Next.................. Download zoek.exe to your Desktop: http://hijackthis.nl/smeenk/ Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications Here http://www.bleepingcomputer.com/forums/topic114351.html On Windows Vista, 7, and 8, right-click Zoek.exe and select: Run as Administrator Give it a few seconds to appear Next, copy/paste the entire script inside the codebox below to the input field of Zoek: autoclean; emptyalltemp; emptyclsid; Now... Close any open programs. Click the Run script button, and wait. It takes a few minutes to run. When the tool finishes, the zoek-results.log is opened in Notepad. The log is also found on the systemdrive, normally C:\ If a reboot is needed, the log is opened after the reboot. =============================== Update and run a scan with Malwarebytes MrCfixlist.txt Link to post Share on other sites More sharing options...
Darth_Kittens Posted August 16, 2015 Author ID:983692 Share Posted August 16, 2015 I ran AdwCleaner.exe. Still getting popup ads and mystery redirects on links. AdwCleaner[C1].txt posted below. Moving on to the zoek.exe step. # AdwCleaner v5.000 - Logfile created 16/08/2015 at 15:09:09# Updated 14/08/2015 by Xplode# Database : 2015-08-14.3 [Local]# Operating system : Windows 8.1 (x64)# Username : Web - JEFFERSON# Running from : C:\Users\Web\Downloads\AdwCleaner.exe# Option : Cleaning ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder Deleted : C:\ftb[-] Folder Deleted : C:\Program Files (x86)\globalUpdate[-] Folder Deleted : C:\Program Files (x86)\Iminent[-] Folder Deleted : C:\Program Files (x86)\Games Bot[-] Folder Deleted : C:\Program Files (x86)\app_setup[-] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search[-] Folder Deleted : C:\Program Files (x86)\Common Files\Umbrella[-] Folder Deleted : C:\ProgramData\SearchModule[-] Folder Deleted : C:\ProgramData\torchcrashhandler[-] Folder Deleted : C:\ProgramData\{8a7ebbef-ee3a-aeaf-8a7e-ebbefee3efbf}[-] Folder Deleted : C:\Users\aklyk_000\AppData\LocalLow\AVG SafeGuard toolbar[-] Folder Deleted : C:\Users\halca_000\AppData\Local\torch[-] Folder Deleted : C:\Users\halca_000\AppData\LocalLow\AVG SafeGuard toolbar[-] Folder Deleted : C:\Users\halca_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch[-] Folder Deleted : C:\Users\mooke_000\AppData\Local\BrowserHelper[-] Folder Deleted : C:\Users\mooke_000\AppData\Local\Games Bot[-] Folder Deleted : C:\Users\mooke_000\AppData\LocalLow\AVG SafeGuard toolbar[-] Folder Deleted : C:\Users\pauli_000\AppData\Local\globalUpdate[-] Folder Deleted : C:\Users\pauli_000\AppData\Local\torch[-] Folder Deleted : C:\Users\pauli_000\AppData\Local\SmartWeb[-] Folder Deleted : C:\Users\pauli_000\AppData\Local\Games Bot[-] Folder Deleted : C:\Users\pauli_000\AppData\Local\A6C6C989-1439497946-BC3E-14FC-D623B3EBFD98[-] Folder Deleted : C:\Users\pauli_000\AppData\LocalLow\SmartWeb[-] Folder Deleted : C:\Users\pauli_000\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}[-] Folder Deleted : C:\Users\pauli_000\AppData\Roaming\Store[-] Folder Deleted : C:\Users\pauli_000\AppData\Roaming\WTools[-] Folder Deleted : C:\Users\pauli_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bubble Dock[-] Folder Deleted : C:\Users\pauli_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader[-] Folder Deleted : C:\Users\pauli_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games Bot[-] Folder Deleted : C:\Users\Web\AppData\Local\BrowserHelper[-] Folder Deleted : C:\Users\Web\AppData\Local\Games Bot[-] Folder Deleted : C:\Users\Web\AppData\LocalLow\AVG SafeGuard toolbar ***** [ Files ] ***** [-] File Deleted : C:\END[-] File Deleted : C:\Program Files (x86)\uninstaller.exe[-] File Deleted : C:\Program Files\Common Files\System\SysMenu.dll[-] File Deleted : C:\Program Files\Common Files\System\SysMenu64.dll[-] File Deleted : C:\Users\aklyk_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nociobghckdhokecfeajdpimjeapnopn_0.localstorage[-] File Deleted : C:\Users\aklyk_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_adpeheiliennogfclcgmchdfdmafjegc_0.localstorage[-] File Deleted : C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nociobghckdhokecfeajdpimjeapnopn_0.localstorage[-] File Deleted : C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_peglehonblabfemopkgmfcpofbchegcl_0.localstorage[-] File Deleted : C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_peglehonblabfemopkgmfcpofbchegcl_0.localstorage-journal[-] File Deleted : C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\peglehonblabfemopkgmfcpofbchegcl[-] File Deleted : C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_adpeheiliennogfclcgmchdfdmafjegc_0.localstorage[-] File Deleted : C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_home.tb.ask.com_0.localstorage[-] File Deleted : C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_home.tb.ask.com_0.localstorage-journal[-] File Deleted : C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.tb.ask.com_0.localstorage[-] File Deleted : C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.tb.ask.com_0.localstorage-journal[-] File Deleted : C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage[-] File Deleted : C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal[-] File Deleted : C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.search.ask.com_0.localstorage[-] File Deleted : C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.search.ask.com_0.localstorage-journal[-] File Deleted : C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.search.ask.com_0.localstorage[-] File Deleted : C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.search.ask.com_0.localstorage-journal[-] File Deleted : C:\Users\halca_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk[-] File Deleted : C:\Users\halca_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Torch.lnk[-] File Deleted : C:\Users\halca_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk[-] File Deleted : C:\Users\halca_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk[-] File Deleted : C:\Users\halca_000\Desktop\Facebook.lnk[-] File Deleted : C:\Users\halca_000\Desktop\Free Games.lnk[-] File Deleted : C:\Users\halca_000\Desktop\Torch.lnk[-] File Deleted : C:\Users\halca_000\Desktop\Youtube.lnk[-] File Deleted : C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nociobghckdhokecfeajdpimjeapnopn_0.localstorage[-] File Deleted : C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_adpeheiliennogfclcgmchdfdmafjegc_0.localstorage[-] File Deleted : C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.search.ask.com_0.localstorage[-] File Deleted : C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.search.ask.com_0.localstorage-journal[-] File Deleted : C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fraps.en.softonic.com_0.localstorage[-] File Deleted : C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fraps.en.softonic.com_0.localstorage-journal[-] File Deleted : C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage[-] File Deleted : C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal[-] File Deleted : C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.search.ask.com_0.localstorage[-] File Deleted : C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.search.ask.com_0.localstorage-journal[-] File Deleted : C:\Users\pauli_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nociobghckdhokecfeajdpimjeapnopn_0.localstorage[-] File Deleted : C:\Users\pauli_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_adpeheiliennogfclcgmchdfdmafjegc_0.localstorage[-] File Deleted : C:\Users\pauli_000\Desktop\Continue Live Installation.lnk[-] File Deleted : C:\Users\pauli_000\Desktop\YTDownloader.lnk[-] File Deleted : C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nociobghckdhokecfeajdpimjeapnopn_0.localstorage[-] File Deleted : C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_adpeheiliennogfclcgmchdfdmafjegc_0.localstorage ***** [ Shortcuts ] ***** [-] Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk[-] Shortcut Disinfected : C:\Users\mooke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome .lnk[-] Shortcut Disinfected : C:\Users\mooke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefox .lnk[-] Shortcut Disinfected : C:\Users\mooke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Iexplore .lnk ***** [ Scheduled tasks ] ***** [-] Task Deleted : Smp ***** [ Registry ] ***** [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader][-] Key Deleted : HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\SysMenuExt[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\SysMenu.DLL[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\smu.exe[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WeWatcherProxy[-] Key Deleted : HKLM\SOFTWARE\f6a6a069-13a3-4cef-bb58-829aca7aa7f2[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D813D5BB-EBC7-45F9-B8A4-36A305168069}[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{58124A0B-DC32-4180-9BFF-E0E21AE34026}][-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}][-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}][-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{020B1D4B-5738-4C77-9E19-4F173DD9B486}[-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}[-] Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Compete[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\_CrossriderRegNamePlaceHolder_[-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate[-] Key Deleted : HKLM\SOFTWARE\NpApp[-] Key Deleted : HKLM\SOFTWARE\SearchModule[-] Key Deleted : HKLM\SOFTWARE\Br MediaPlayer[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00B2-0409-0000-0000000FF1CE}[-] Key Deleted : [x64] HKLM\SOFTWARE\YTDownloader[-] Key Deleted : [x64] HKLM\SOFTWARE\SearchModule[-] Key Deleted : [x64] HKLM\SOFTWARE\WebBar[-] Data Restored : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] ***** [ Web browsers ] ***** [-] [C:\Users\aklyk_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : aol.com[-] [C:\Users\aklyk_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : ask.com[-] [C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : aol.com[-] [C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : ask.com[-] [C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : zelda-adventure-for-minecraft.en.softonic.com[-] [C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : vosteran.com[-] [C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_15_01_other&cd=2XzuyEtN2Y1L1Qzu0AtD0DtA0CtCtC0C0C0E0E0C0FzzyDzztN0D0Tzu0StCtDzyyDtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyDyCzytA0FtDtDtGyD0FtByDtGyBzytCtDtGtDyE0B0AtGtAyEtCtB0C0D0B0EtAzz0Dzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0D0AyD0AyD0ByCtGtB0CyE0CtGyEyCyDyBtGzytAyDzztGzyzyzyzz0D0ByB0CzytDtByE2Q&cr=1090904794&ir=[-] [C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [startup_URLs] Deleted : hxxp://Vosteran.com/?f=7&a=vst_ggfc_15_01_other&cd=2XzuyEtN2Y1L1Qzu0AtD0DtA0CtCtC0C0C0E0E0C0FzzyDzztN0D0Tzu0StCtDzyyDtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyDyCzytA0FtDtDtGyD0FtByDtGyBzytCtDtGtDyE0B0AtGtAyEtCtB0C0D0B0EtAzz0Dzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0D0AyD0AyD0ByCtGtB0CyE0CtGyEyCyDyBtGzytAyDzztGzyzyzyzz0D0ByB0CzytDtByE2Q&cr=1090904794&ir=[-] [C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : aol.com[-] [C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : ask.com[-] [C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : search.ask.com[-] [C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : fraps.en.softonic.com[-] [C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : start.iminent.com[-] [C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Deleted : hxxp://www.iminent.com/Content/Images/favicon.ico?2fdde4[-] [C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxp://start.iminent.com/?appId=92282980-be3c-46df-892d-3602649bd79a&ref=toolbox&q={searchTerms}[-] [C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://start.iminent.com/?appId=92282980-be3c-46df-892d-3602649bd79a[-] [C:\Users\pauli_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : aol.com[-] [C:\Users\pauli_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : netflix.com[-] [C:\Users\pauli_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : search.ask.com[-] [C:\Users\pauli_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : ask.com[-] [C:\Users\pauli_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxp://www-searching.com/search.aspx?site=shyos&prd=set&q={searchTerms}&s=F8Ezamobl03687,036dcff6-27d7-4930-8c92-47349eb37067[-] [C:\Users\pauli_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www-searching.com/?pid=s&s=F8Ezamobl03687,036dcff6-27d7-4930-8c92-47349eb37067&vp=ch&prd=set[-] [C:\Users\pauli_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [startup_URLs] Deleted : hxxp://www-searching.com/?pid=s&s=F8Ezamobl03687,036dcff6-27d7-4930-8c92-47349eb37067&vp=ch&prd=set ************************* :: Proxy settings cleared:: Winsock settings cleared ************************* C:\AdwCleaner[C1].txt - [18321 octets] - [16/08/2015 15:09:09]C:\AdwCleaner[s1].txt - [17836 octets] - [16/08/2015 15:05:17] ########## EOF - C:\AdwCleaner[C1].txt - [18449 octets] ########## Link to post Share on other sites More sharing options...
Darth_Kittens Posted August 16, 2015 Author ID:983693 Share Posted August 16, 2015 zoek.exe log: Zoek.exe v5.0.0.0 Updated 04-May-2015Tool run by Web on Sun 08/16/2015 at 15:30:15.53.Microsoft Windows 8.1 6.3.9600 x64Running in: Normal Mode Internet Access DetectedLaunched: C:\Users\Web\Desktop\zoek.exe [scan all users] [script inserted] ===== Runcheck 15:33:53.02 ===== --- Create Environment Variables 15:33:55.35 --- Create System Restore Point 15:34:17.82 --- Checking Input 15:34:21.71 --- AU AppData Check 15:34:33.55 --- Remove From Windows Installer 15:34:38.21 --- Empty Folders Check 15:36:32.10 --- Registry HKLM Software Check 15:36:32.18 --- Quick Launch Shortcut Check 15:36:55.55 --- IE Startpage Check 15:37:00.19 Link to post Share on other sites More sharing options...
MrCharlie Posted August 16, 2015 ID:983698 Share Posted August 16, 2015 I need to see the log from the FRST fix =========================== Still getting popup ads and mystery redirects on links. What browser??? =============================== Please re-scan with FRST and Make sure the Addition Box is checked. http://www.fixitpc.pl/picasso/images/malware/tools/frst/frst_win05.png Post or attach the 2 logs FRST.txt and Addition.txt MrC Link to post Share on other sites More sharing options...
Darth_Kittens Posted August 16, 2015 Author ID:983702 Share Posted August 16, 2015 I overlooked the step about running FRST the second time. I will go back and run that Should I re-run AdwClean and zoek after running FRST with the fix option? Link to post Share on other sites More sharing options...
Darth_Kittens Posted August 16, 2015 Author ID:983703 Share Posted August 16, 2015 Here is the fixlog.txt from FRST. Fix result of Farbar Recovery Scan Tool (x64) Version:16-08-2015Ran by Web (2015-08-16 16:12:30) Run:1Running from C:\Users\Web\DesktopLoaded Profiles: Web (Available Profiles: Web & pauli_000 & mooke_000 & halca_000 & aklyk_000)Boot Mode: Normal============================================== fixlist content:*****************CreateRestorePoint:HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /bootAppInit_DLLs: C:\ProgramData\FlashBeat\FlashBeat64.dll => C:\ProgramData\FlashBeat\FlashBeat64.dll File not foundAppInit_DLLs-x32: C:\ProgramData\FlashBeat\FlashBeat32.dll => "C:\ProgramData\FlashBeat\FlashBeat32.dll" File not foundGroupPolicy: Group Policy on Chrome detected <======= ATTENTIONCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONC:\ProgramData\FlashBeatHKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONWinsock: Catalog9-x64 01 C:\windows\system32\WeWatcherLSP64.dll File Not ' & $found1 & 'Winsock: Catalog9-x64 02 C:\windows\system32\WeWatcherLSP64.dll File Not ' & $found1 & 'Winsock: Catalog9-x64 03 C:\windows\system32\WeWatcherLSP64.dll File Not ' & $found1 & 'Winsock: Catalog9-x64 04 C:\windows\system32\WeWatcherLSP64.dll File Not ' & $found1 & 'Winsock: Catalog9-x64 05 C:\windows\system32\Uiviuuj64.dll File Not ' & $found1 & 'Winsock: Catalog9-x64 06 C:\windows\system32\Uiviuuj64.dll File Not ' & $found1 & 'Winsock: Catalog9-x64 07 C:\windows\system32\Uiviuuj64.dll File Not ' & $found1 & 'Winsock: Catalog9-x64 08 C:\windows\system32\Uiviuuj64.dll File Not ' & $found1 & 'Winsock: Catalog9-x64 19 C:\windows\system32\Uiviuuj64.dll File Not ' & $found1 & 'Winsock: Catalog9-x64 20 C:\windows\system32\WeWatcherLSP64.dll File Not ' & $found1 & 'cmd: netsh winsock resetCHR HKU\S-1-5-21-2744511804-60897879-1795108344-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.goo...ice/update2/crxS3 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]S4 McMPFSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]S1 gaeymoun; \??\C:\windows\system32\drivers\gaeymoun.sys [X]S1 gilobxrb; \??\C:\windows\system32\drivers\gilobxrb.sys [X]S1 ktoqvcqe; \??\C:\windows\system32\drivers\ktoqvcqe.sys [X]S1 rixyksrm; \??\C:\windows\system32\drivers\rixyksrm.sys [X]2015-08-15 10:12 - 2015-08-15 10:12 - 00001968 _____ C:\Users\pauli_000\Desktop\YTDownloader.lnk2015-08-15 10:12 - 2015-08-15 10:12 - 00000000 ____D C:\Users\pauli_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloaderC:\Users\mooke_000\AppData\Local\Temp\SkypeSetup.exeC:\Users\pauli_000\AppData\Local\Temp\UNINSTALL.EXEC:\Users\Web\AppData\Local\Temp\Abspdf.exeC:\Users\Web\AppData\Local\Temp\acfpdfu.dllC:\Users\Web\AppData\Local\Temp\acfpdfuamd64.dllC:\Users\Web\AppData\Local\Temp\acfpdfui.dllC:\Users\Web\AppData\Local\Temp\acfpdfuia64.dllC:\Users\Web\AppData\Local\Temp\acfpdfuiamd64.dllC:\Users\Web\AppData\Local\Temp\acfpdfuiia64.dllC:\Users\Web\AppData\Local\Temp\cdintf.dllC:\Users\Web\AppData\Local\Temp\converter.exeC:\Users\Web\AppData\Local\Temp\DseShExt-x64.dllC:\Users\Web\AppData\Local\Temp\DseShExt-x86.dllC:\Users\Web\AppData\Local\Temp\PDFPRT400.exeC:\Users\Web\AppData\Local\Temp\qqlghddd.dllC:\Users\Web\AppData\Local\Temp\SDShelEx-win32.dllC:\Users\Web\AppData\Local\Temp\SDShelEx-x64.dllC:\Users\Web\AppData\Local\Temp\tu17p84.exeC:\Users\Web\AppData\Local\Temp\xmllite.dllC:\Program Files (x86)\YTDownloaderC:\windows\Tasks\OKJQVJWHKAAQRNFR.job C:\ProgramData\Service1291\Service1291.exe C:\windows\Tasks\zcS3EdYjY9p5nRKgHUxt47hB.job C:\Users\pauli_000\AppData\Roaming\zcS3EdYjY9p5nRKgHUxt47hB.exe AlternateDataStreams: C:\Users\aklyk_000\OneDrive:ms-propertiesAlternateDataStreams: C:\Users\halca_000\SkyDrive:ms-propertiesAlternateDataStreams: C:\Users\mooke_000\SkyDrive:ms-propertiesAlternateDataStreams: C:\Users\pauli_000\SkyDrive:ms-propertiesAlternateDataStreams: C:\Users\Web\SkyDrive:ms-propertiesTask: C:\windows\Tasks\zcS3EdYjY9p5nRKgHUxt47hB.job => C:\Users\pauli_000\AppData\Roaming\zcS3EdYjY9p5nRKgHUxt47hB.exe <==== ATTENTIONTask: C:\windows\Tasks\Launch 5906.job => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATTENTIONTask: C:\windows\Tasks\OKJQVJWHKAAQRNFR.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTIONTask: {E5B134F3-B2F2-4DEC-BCD4-7D1F119E2737} - \WordSurfer Auto Updater 1.10.0.19 Pending Update -> No File <==== ATTENTIONTask: {E81456EC-E233-4971-8A38-08A91BF7C079} - \1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-5_user -> No File <==== ATTENTIONTask: {F1039C79-C9E6-4CBA-B9BE-6B0F0A3A5069} - \ConsumerInputUpdateTaskMachineUA -> No File <==== ATTENTIONTask: {F23B1A5B-0146-4E50-B83A-0E65D55F8CF3} - \AmiUpdXp -> No File <==== ATTENTIONTask: {F9FFB3B5-4844-4BA3-80F5-1FEB7C26B9ED} - \Inst_Rep -> No File <==== ATTENTIONTask: {FA5BAB30-E303-4575-AF1E-3F62E7ACF9F2} - \1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-7 -> No File <==== ATTENTIONTask: {D8C5C3DA-B014-4EA6-8AD6-C2489B10B7CE} - \UFGIMDA1 -> No File <==== ATTENTIONTask: {D964784B-64D9-4CDA-8E88-82E6376C60A8} - \ConsumerInputUpdateTaskMachineCore -> No File <==== ATTENTIONTask: {B1D11D2D-DEEB-4BFB-A956-2B8FB64C2A3C} - \TunePro360 Updater -> No File <==== ATTENTIONTask: {B706A7B2-9D42-4E31-B0ED-1D4E6DA59441} - \globalUpdateUpdateTaskMachineUA -> No File <==== ATTENTIONTask: {BD7DAA70-092B-4027-B7B0-E3BC5A7F2478} - \Selection Tools Update -> No File <==== ATTENTIONTask: {BE8F0C47-4BA8-459E-B418-526C6F55258F} - \CIMT_daily_S-1-5-21-2744511804-60897879-1795108344-1004 -> No File <==== ATTENTIONTask: {CA2C0F1A-EF1F-4D99-AA62-3274BBB1B9F3} - System32\Tasks\Smp => C:\Program Files\Common Files\Goobzo\GBUpdate\smp.exe <==== ATTENTIONC:\Program Files\Common Files\GoobzoTask: {7CA7A837-18A0-4220-A9A1-58392070FF63} - \1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-1-6 -> No File <==== ATTENTIONTask: {7626125F-A9AE-4DE0-81D2-4CD57E6801AB} - \CIMT_S-1-5-21-2744511804-60897879-1795108344-1004 -> No File <==== ATTENTIONTask: {77200938-3CE4-4EBB-84E5-2C1A6B3FF06A} - \SMW_UpdateTask_Time_333332393435373737322d2350785732325b6c342a2d45 -> No File <==== ATTENTIONTask: {77CF4BB0-2AE6-4B31-B93A-DB11A592EF9C} - System32\Tasks\OKJQVJWHKAAQRNFR => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTIONTask: {4D52730F-2073-4DBC-BB6C-3742301CBB9E} - \Superclean -> No File <==== ATTENTIONTask: {53E82944-B0B9-4C85-91AC-92071F7E1FB8} - \SMWUpd -> No File <==== ATTENTIONTask: {5D7FD6F8-DA6C-40D7-A7A7-0FB09A0CE9EC} - \1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-10_user -> No File <==== ATTENTIONTask: {406634BE-2592-40E5-8185-7E60C2FC4AF0} - System32\Tasks\zcS3EdYjY9p5nRKgHUxt47hB => C:\Users\pauli_000\AppData\Roaming\zcS3EdYjY9p5nRKgHUxt47hB.exe <==== ATTENTIONTask: {4523B8B0-4096-4875-8416-87E38CFCBB5D} - \Jarmeee -> No File <==== ATTENTIONC:\Users\pauli_000\AppData\Roaming\zcS3EdYjY9p5nRKgHUxt47hB.exe C:\ProgramData\Service1291Task: {3513DBDC-1C2F-4246-B1AE-EAEA37C895CE} - \WordSurfer Auto Updater 1.10.0.19 Core -> No File <==== ATTENTIONTask: {34250E27-3085-4A85-B311-A33E778664C3} - \1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-3 -> No File <==== ATTENTIONTask: {324F8CF7-2C46-406D-B8A3-3B74DD06E559} - \1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-5 -> No File <==== ATTENTIONTask: {0AE646E2-9F96-4A2F-98ED-782987460702} - \globalUpdateUpdateTaskMachineCore -> No File <==== ATTENTIONTask: {0BC35AC8-DBCA-4F36-A5DA-E53D1F232188} - \1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-1-7 -> No File <==== ATTENTIONTask: {19E2196E-E0F1-4518-84FF-7FD40FFFDF57} - \1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-6 -> No File <==== ATTENTIONTask: {1F795715-7993-4702-A09E-246EC9877C1E} - \WindApp Update -> No File <==== ATTENTIONTask: {20685D58-BC19-48BB-96E5-0EF4CB79BAEF} - \SushiLeads -> No File <==== ATTENTIONTask: {04BC670B-95B0-4AF2-84FB-463F165F917A} - System32\Tasks\A2D4B635-D1D1-4A62-A97D-A44A47B8980 => C:\Users\pauli_000\AppData\Local\A2D4B635-D1D1-4A62-A97D-A44A47B8980\A2D4B635-D1D1-4A62-A97D-A44A47B8980.exe <==== ATTENTION ***************** Restore point was successfully created.HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\YTDownloader => value not found."C:\ProgramData\FlashBeat\FlashBeat64.dll" => Value data removed successfully."C:\ProgramData\FlashBeat\FlashBeat32.dll" => Value data removed successfully."C:\windows\system32\GroupPolicy\Machine" => File/Folder not found.HKLM\SOFTWARE\Policies\Google => key not found. "C:\ProgramData\FlashBeat" => File/Folder not found."HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001" => key removed successfully"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002" => key removed successfully"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003" => key removed successfully"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004" => key removed successfully"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005" => key removed successfully"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006" => key removed successfully"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007" => key removed successfully"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008" => key removed successfullyHKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000019 => key not found. HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000020 => key not found. ========= netsh winsock reset ========= Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107 Sucessfully reset the Winsock Catalog.You must restart the computer in order to complete the reset. ========= End of CMD: ========= "HKU\S-1-5-21-2744511804-60897879-1795108344-1001\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => key removed successfullyMcAPExe => service removed successfullyMcMPFSvc => service removed successfullyBAPIDRV => service removed successfullygaeymoun => service removed successfullygilobxrb => service removed successfullyktoqvcqe => service removed successfullyrixyksrm => service removed successfully"C:\Users\pauli_000\Desktop\YTDownloader.lnk" => File/Folder not found."C:\Users\pauli_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader" => File/Folder not found."C:\Users\mooke_000\AppData\Local\Temp\SkypeSetup.exe" => File/Folder not found."C:\Users\pauli_000\AppData\Local\Temp\UNINSTALL.EXE" => File/Folder not found."C:\Users\Web\AppData\Local\Temp\Abspdf.exe" => File/Folder not found."C:\Users\Web\AppData\Local\Temp\acfpdfu.dll" => File/Folder not found."C:\Users\Web\AppData\Local\Temp\acfpdfuamd64.dll" => File/Folder not found."C:\Users\Web\AppData\Local\Temp\acfpdfui.dll" => File/Folder not found."C:\Users\Web\AppData\Local\Temp\acfpdfuia64.dll" => File/Folder not found."C:\Users\Web\AppData\Local\Temp\acfpdfuiamd64.dll" => File/Folder not found."C:\Users\Web\AppData\Local\Temp\acfpdfuiia64.dll" => File/Folder not found."C:\Users\Web\AppData\Local\Temp\cdintf.dll" => File/Folder not found."C:\Users\Web\AppData\Local\Temp\converter.exe" => File/Folder not found."C:\Users\Web\AppData\Local\Temp\DseShExt-x64.dll" => File/Folder not found."C:\Users\Web\AppData\Local\Temp\DseShExt-x86.dll" => File/Folder not found."C:\Users\Web\AppData\Local\Temp\PDFPRT400.exe" => File/Folder not found."C:\Users\Web\AppData\Local\Temp\qqlghddd.dll" => File/Folder not found."C:\Users\Web\AppData\Local\Temp\SDShelEx-win32.dll" => File/Folder not found."C:\Users\Web\AppData\Local\Temp\SDShelEx-x64.dll" => File/Folder not found."C:\Users\Web\AppData\Local\Temp\tu17p84.exe" => File/Folder not found."C:\Users\Web\AppData\Local\Temp\xmllite.dll" => File/Folder not found."C:\Program Files (x86)\YTDownloader" => File/Folder not found.C:\windows\Tasks\OKJQVJWHKAAQRNFR.job => moved successfully."C:\ProgramData\Service1291\Service1291.exe" => File/Folder not found.C:\windows\Tasks\zcS3EdYjY9p5nRKgHUxt47hB.job => moved successfully."C:\Users\pauli_000\AppData\Roaming\zcS3EdYjY9p5nRKgHUxt47hB.exe" => File/Folder not found."C:\Users\aklyk_000\OneDrive" => ":ms-properties" ADS not found.C:\Users\halca_000\SkyDrive => ":ms-properties" ADS removed successfully."C:\Users\mooke_000\SkyDrive" => ":ms-properties" ADS not found."C:\Users\pauli_000\SkyDrive" => ":ms-properties" ADS not found."C:\Users\Web\SkyDrive" => ":ms-properties" ADS not found.C:\windows\Tasks\zcS3EdYjY9p5nRKgHUxt47hB.job not found.C:\windows\Tasks\Launch 5906.job => moved successfully.C:\windows\Tasks\OKJQVJWHKAAQRNFR.job not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E5B134F3-B2F2-4DEC-BCD4-7D1F119E2737}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5B134F3-B2F2-4DEC-BCD4-7D1F119E2737}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WordSurfer Auto Updater 1.10.0.19 Pending Update => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E81456EC-E233-4971-8A38-08A91BF7C079}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E81456EC-E233-4971-8A38-08A91BF7C079}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-5_user => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F1039C79-C9E6-4CBA-B9BE-6B0F0A3A5069}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1039C79-C9E6-4CBA-B9BE-6B0F0A3A5069}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConsumerInputUpdateTaskMachineUA => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F23B1A5B-0146-4E50-B83A-0E65D55F8CF3}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F23B1A5B-0146-4E50-B83A-0E65D55F8CF3}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F9FFB3B5-4844-4BA3-80F5-1FEB7C26B9ED}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F9FFB3B5-4844-4BA3-80F5-1FEB7C26B9ED}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Inst_Rep => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FA5BAB30-E303-4575-AF1E-3F62E7ACF9F2}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA5BAB30-E303-4575-AF1E-3F62E7ACF9F2}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-7 => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D8C5C3DA-B014-4EA6-8AD6-C2489B10B7CE}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8C5C3DA-B014-4EA6-8AD6-C2489B10B7CE}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UFGIMDA1 => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D964784B-64D9-4CDA-8E88-82E6376C60A8}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D964784B-64D9-4CDA-8E88-82E6376C60A8}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConsumerInputUpdateTaskMachineCore => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B1D11D2D-DEEB-4BFB-A956-2B8FB64C2A3C}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1D11D2D-DEEB-4BFB-A956-2B8FB64C2A3C}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TunePro360 Updater => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B706A7B2-9D42-4E31-B0ED-1D4E6DA59441}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B706A7B2-9D42-4E31-B0ED-1D4E6DA59441}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BD7DAA70-092B-4027-B7B0-E3BC5A7F2478}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD7DAA70-092B-4027-B7B0-E3BC5A7F2478}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Selection Tools Update => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE8F0C47-4BA8-459E-B418-526C6F55258F}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE8F0C47-4BA8-459E-B418-526C6F55258F}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIMT_daily_S-1-5-21-2744511804-60897879-1795108344-1004 => key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA2C0F1A-EF1F-4D99-AA62-3274BBB1B9F3} => key not found. C:\windows\System32\Tasks\Smp not found.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Smp => key not found. "C:\Program Files\Common Files\Goobzo" => File/Folder not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7CA7A837-18A0-4220-A9A1-58392070FF63}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CA7A837-18A0-4220-A9A1-58392070FF63}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-1-6 => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7626125F-A9AE-4DE0-81D2-4CD57E6801AB}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7626125F-A9AE-4DE0-81D2-4CD57E6801AB}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIMT_S-1-5-21-2744511804-60897879-1795108344-1004 => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{77200938-3CE4-4EBB-84E5-2C1A6B3FF06A}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77200938-3CE4-4EBB-84E5-2C1A6B3FF06A}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_UpdateTask_Time_333332393435373737322d2350785732325b6c342a2d45 => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{77CF4BB0-2AE6-4B31-B93A-DB11A592EF9C}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77CF4BB0-2AE6-4B31-B93A-DB11A592EF9C}" => key removed successfullyC:\windows\System32\Tasks\OKJQVJWHKAAQRNFR not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OKJQVJWHKAAQRNFR" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D52730F-2073-4DBC-BB6C-3742301CBB9E}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D52730F-2073-4DBC-BB6C-3742301CBB9E}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Superclean => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{53E82944-B0B9-4C85-91AC-92071F7E1FB8}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53E82944-B0B9-4C85-91AC-92071F7E1FB8}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMWUpd => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5D7FD6F8-DA6C-40D7-A7A7-0FB09A0CE9EC}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D7FD6F8-DA6C-40D7-A7A7-0FB09A0CE9EC}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-10_user => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{406634BE-2592-40E5-8185-7E60C2FC4AF0}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{406634BE-2592-40E5-8185-7E60C2FC4AF0}" => key removed successfullyC:\windows\System32\Tasks\zcS3EdYjY9p5nRKgHUxt47hB => moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\zcS3EdYjY9p5nRKgHUxt47hB" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4523B8B0-4096-4875-8416-87E38CFCBB5D}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4523B8B0-4096-4875-8416-87E38CFCBB5D}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Jarmeee => key not found. "C:\Users\pauli_000\AppData\Roaming\zcS3EdYjY9p5nRKgHUxt47hB.exe" => File/Folder not found."C:\ProgramData\Service1291" => File/Folder not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3513DBDC-1C2F-4246-B1AE-EAEA37C895CE}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3513DBDC-1C2F-4246-B1AE-EAEA37C895CE}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WordSurfer Auto Updater 1.10.0.19 Core => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{34250E27-3085-4A85-B311-A33E778664C3}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34250E27-3085-4A85-B311-A33E778664C3}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-3 => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{324F8CF7-2C46-406D-B8A3-3B74DD06E559}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{324F8CF7-2C46-406D-B8A3-3B74DD06E559}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-5 => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0AE646E2-9F96-4A2F-98ED-782987460702}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AE646E2-9F96-4A2F-98ED-782987460702}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0BC35AC8-DBCA-4F36-A5DA-E53D1F232188}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0BC35AC8-DBCA-4F36-A5DA-E53D1F232188}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-1-7 => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{19E2196E-E0F1-4518-84FF-7FD40FFFDF57}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19E2196E-E0F1-4518-84FF-7FD40FFFDF57}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-6 => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F795715-7993-4702-A09E-246EC9877C1E}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F795715-7993-4702-A09E-246EC9877C1E}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WindApp Update => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{20685D58-BC19-48BB-96E5-0EF4CB79BAEF}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20685D58-BC19-48BB-96E5-0EF4CB79BAEF}" => key removed successfullyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SushiLeads => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{04BC670B-95B0-4AF2-84FB-463F165F917A}" => key removed successfully"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04BC670B-95B0-4AF2-84FB-463F165F917A}" => key removed successfullyC:\windows\System32\Tasks\A2D4B635-D1D1-4A62-A97D-A44A47B8980 => moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\A2D4B635-D1D1-4A62-A97D-A44A47B8980" => key removed successfully ==== End of Fixlog 16:13:21 ==== Link to post Share on other sites More sharing options...
Darth_Kittens Posted August 16, 2015 Author ID:983704 Share Posted August 16, 2015 Here is the log from the re-run of AdwCleaner, it's much shorter this time. Below that is the log from the first run of zoek, the one before I realized I had missed a step. I will re-run zoek and post that log in a separate comment. # AdwCleaner v5.000 - Logfile created 16/08/2015 at 16:19:02# Updated 14/08/2015 by Xplode# Database : 2015-08-16.2 [server]# Operating system : Windows 8.1 (x64)# Username : Web - JEFFERSON# Running from : C:\Users\Web\Downloads\AdwCleaner.exe# Option : Cleaning ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder Deleted : C:\Users\pauli_000\Documents\DailyPCClean ***** [ Files ] ***** [-] File Deleted : C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\peglehonblabfemopkgmfcpofbchegcl[-] File Deleted : C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage[-] File Deleted : C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal[-] File Deleted : C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage[-] File Deleted : C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal[-] File Deleted : C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage[-] File Deleted : C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal[-] File Deleted : C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage[-] File Deleted : C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** [-] Task Deleted : DailyPCClean Schedule ***** [ Registry ] ***** [-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF} ***** [ Web browsers ] ***** ************************* :: Proxy settings cleared:: Winsock settings cleared ************************* C:\AdwCleaner[C1].txt - [18555 octets] - [16/08/2015 15:09:09]C:\AdwCleaner[C2].txt - [2571 octets] - [16/08/2015 16:19:02]C:\AdwCleaner[s1].txt - [17836 octets] - [16/08/2015 15:05:17]C:\AdwCleaner[s2].txt - [2580 octets] - [16/08/2015 16:15:48] ########## EOF - C:\AdwCleaner[C2].txt - [2761 octets] ########## Zoek.exe v5.0.0.0 Updated 04-May-2015Tool run by Web on Sun 08/16/2015 at 15:30:15.53.Microsoft Windows 8.1 6.3.9600 x64Running in: Normal Mode Internet Access DetectedLaunched: C:\Users\Web\Desktop\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 8/16/2015 3:34:20 PM Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\0fbddb10-1b8a-43a6-825a-a4822c5d4b34 deleted successfullyC:\PROGRA~2\6cfea78c-9c9c-4604-995a-762bb7100ee6 deleted successfullyC:\PROGRA~2\A6C6C989-1439515876-BC3E-14FC-D623B3EBFD98 deleted successfullyC:\PROGRA~2\adlevel deleted successfullyC:\PROGRA~2\DailyPCClean deleted successfullyC:\PROGRA~2\DailyPcClean Support deleted successfullyC:\PROGRA~2\DnsIo deleted successfullyC:\PROGRA~2\ServiceUpdater deleted successfullyC:\PROGRA~3\Service1291 deleted successfullyC:\Users\mooke_000\AppData\Roaming\.crazycraft deleted successfullyC:\Users\mooke_000\AppData\Roaming\.electriciansjourney deleted successfullyC:\Users\mooke_000\AppData\Roaming\.heliwars deleted successfullyC:\Users\mooke_000\AppData\Roaming\.mariokart deleted successfullyC:\Users\mooke_000\AppData\Roaming\.morphhidenseek deleted successfullyC:\Users\mooke_000\AppData\Roaming\.mountolympussiege deleted successfullyC:\Users\mooke_000\AppData\Roaming\.vanilla1.5.2 deleted successfullyC:\Users\mooke_000\AppData\Roaming\.vanilla1.6.4 deleted successfullyC:\Users\mooke_000\AppData\Roaming\.vanilla1.7.10 deleted successfullyC:\Users\mooke_000\AppData\Roaming\.vanilla1.7.2 deleted successfullyC:\Users\mooke_000\AppData\Roaming\.vanilla162 deleted successfullyC:\Users\mooke_000\AppData\Roaming\Apple Computer deleted successfullyC:\Users\mooke_000\AppData\Roaming\hpqlog deleted successfullyC:\Users\aklyk_000\AppData\Local\EmieSiteList deleted successfullyC:\Users\aklyk_000\AppData\Local\EmieUserList deleted successfullyC:\Users\aklyk_000\AppData\Local\VirtualStore deleted successfullyC:\Users\halca_000\AppData\Local\EmieBrowserModeList deleted successfullyC:\Users\halca_000\AppData\Local\EmieSiteList deleted successfullyC:\Users\halca_000\AppData\Local\EmieUserList deleted successfullyC:\Users\halca_000\AppData\Local\PackageStaging deleted successfullyC:\Users\mooke_000\AppData\Local\EmieBrowserModeList deleted successfullyC:\Users\mooke_000\AppData\Local\EmieSiteList deleted successfullyC:\Users\mooke_000\AppData\Local\EmieUserList deleted successfullyC:\Users\mooke_000\AppData\Local\PackageStaging deleted successfullyC:\Users\pauli_000\AppData\Local\A2D4B635-D1D1-4A62-A97D-A44A47B8980 deleted successfullyC:\Users\pauli_000\AppData\Local\CutePDF Writer deleted successfullyC:\Users\pauli_000\AppData\Local\EmieBrowserModeList deleted successfullyC:\Users\pauli_000\AppData\Local\EmieSiteList deleted successfullyC:\Users\pauli_000\AppData\Local\EmieUserList deleted successfullyC:\Users\pauli_000\AppData\Local\PackageStaging deleted successfullyC:\Users\pauli_000\AppData\Local\VirtualStore deleted successfullyC:\Users\Web\AppData\Local\CutePDF Writer deleted successfullyC:\Users\Web\AppData\Local\EmieBrowserModeList deleted successfullyC:\Users\Web\AppData\Local\EmieSiteList deleted successfullyC:\Users\Web\AppData\Local\EmieUserList deleted successfullyC:\Users\Web\AppData\Local\PackageStaging deleted successfullyC:\Users\Web\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2744511804-60897879-1795108344-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFD9007D-B1D0-490C-975A-78475FE8F8DE} deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFD9007D-B1D0-490C-975A-78475FE8F8DE} deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFD9007D-B1D0-490C-975A-78475FE8F8DE} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\0fbddb10-1b8a-43a6-825a-a4822c5d4b34 not foundC:\PROGRA~2\6cfea78c-9c9c-4604-995a-762bb7100ee6 not foundC:\PROGRA~2\A6C6C989-1439515876-BC3E-14FC-D623B3EBFD98 not foundC:\PROGRA~2\adlevel not foundC:\PROGRA~2\DailyPCClean not foundC:\PROGRA~2\DailyPcClean Support not foundC:\PROGRA~2\DnsIo not foundC:\PROGRA~2\ServiceUpdater not foundC:\windows\SysNative\Tasks\OKJQVJWHKAAQRNFR deletedC:\PROGRA~3\28341ff220e0446c9fff27c4493d622e deletedC:\Users\pauli_000\AppData\Local\12586 deletedC:\task.vbs deletedC:\user.js deletedC:\Users\halca_000\AppData\Roaming\WB.CFG deletedC:\Users\pauli_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk deletedC:\Users\pauli_000\AppData\Roaming\Compete deletedC:\Users\Web\AppData\Roaming\QBFileDrTool.log deletedC:\PROGRA~3\Package Cache deletedC:\Users\pauli_000\AppData\Local\Installer deletedC:\Users\pauli_000\AppData\Local\CrashRpt deletedC:\windows\SysNative\config\systemprofile\AppData\Local\WebBar deletedC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services deletedC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deletedC:\Users\pauli_000\AppData\LocalLow\Company deletedC:\windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deletedC:\windows\SysNative\config\systemprofile\Searches deletedC:\windows\SysNative\GroupPolicy\machine deletedC:\windows\SysNative\GroupPolicy\User deletedC:\windows\SysNative\GroupPolicy\gpt.ini deletedC:\windows\Syswow64\GroupPolicy\gpt.ini deleted"C:\windows\Installer\c76e154.msi" deleted ==== Chromium Look ====================== Google Chrome Version: 44.0.2403.155 HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensionslmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[] Chrome Hotword Shared Module - aklyk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkgGoogle Cast - mooke_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafdTampermonkey - mooke_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfoChrome Hotword Shared Module - mooke_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkgChrome Hotword Shared Module - pauli_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkgGoogle Drive App Launcher - pauli_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbehGoogle Cast - Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafdUser-Agent Switcher for Chrome - Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmgGoogle News - Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililcGoogle Voice (by Google) - Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaoooChrome Hotword Shared Module - Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkgGoogle Drive App Launcher - Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbehBoomerang for Gmail - Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll ==== Chromium Startpages ====================== C:\Users\aklyk_000\AppData\Local\Google\Chrome\User Data\Default\Preferencesdisplay_name\":\"A5\",\"height_microns\":210000,\"name\":\"ISO_A5\",\"vendor_id\":\"11\",\"width_microns\":148000},{\"custom_display_name\":\"B5 (JIS)\",\"height_microns\":257000,\"name\":\"JIS_B5\",\"vendor_id\":\"13\",\"width_microns\":182000},{\"custom_display_name\":\"Envelope #10\",\"height_microns\":241300,\"name\":\"NA_NUMBER_10\",\"vendor_id\":\"20\",\"width_microns\":104700},{\"custom_display_name\":\"Envelope DL\",\"height_microns\":220000,\"name\":\"ISO_DL\",\"vendor_id\":\"27\",\"width_microns\":110000},{\"custom_display_name\":\"Envelope C6\",\"height_microns\":162000,\"name\":\"ISO_C6\",\"vendor_id\":\"31\",\"width_microns\":114000},{\"custom_display_name\":\"Envelope Monarch\",\"height_microns\":190500,\"name\":\"NA_MONARCH\",\"vendor_id\":\"37\",\"width_microns\":98400},{\"custom_display_name\":\"A6\",\"height_microns\":148000,\"name\":\"ISO_A6\",\"vendor_id\":\"70\",\"width_microns\":105000},{\"custom_display_name\":\"JIS Chou #3\",\"height_microns\":234900,\"name\":\"JPN_CHOU3\",\"vendor_id\":\"119\",\"width_microns\":119900},{\"custom_display_name\":\"JIS Chou #4\",\"height_microns\":204900,\"name\":\"JPN_CHOU4\",\"vendor_id\":\"120\",\"width_microns\":89900},{\"custom_display_name\":\"B5 (ISO)\",\"height_microns\":249900,\"name\":\"ISO_B5\",\"vendor_id\":\"121\",\"width_microns\":176000},{\"custom_display_name\":\"B7 (ISO)\",\"height_microns\":124900,\"name\":\"ISO_B7\",\"vendor_id\":\"122\",\"width_microns\":87800},{\"custom_display_name\":\"B7 (JIS)\",\"height_microns\":128000,\"name\":\"JIS_B7\",\"vendor_id\":\"123\",\"width_microns\":90900},{\"custom_display_name\":\"HV\",\"height_microns\":180000,\"vendor_id\":\"124\",\"width_microns\":101000},{\"custom_display_name\":\"10x15cm\",\"height_microns\":152400,\"name\":\"NA_INDEX_4X6\",\"vendor_id\":\"125\",\"width_microns\":101600},{\"custom_display_name\":\"L 89x127mm\",\"height_microns\":127000,\"vendor_id\":\"129\",\"width_microns\":88900},{\"custom_display_name\":\"2L 127x178mm\",\"height_microns\":178000,\"name\":\"NA_5X7\",\"vendor_id\":\"130\",\"width_microns\":127000},{\"custom_display_name\":\"13x18cm\",\"height_microns\":177800,\"name\":\"NA_5X7\",\"vendor_id\":\"131\",\"width_microns\":127000},{\"custom_display_name\":\"8x10in.\",\"height_microns\":254000,\"name\":\"NA_GOVT_LETTER\",\"vendor_id\":\"133\",\"width_microns\":203200},{\"custom_display_name\":\"Photo card 10x20cm (tab)\",\"height_microns\":203200,\"vendor_id\":\"135\",\"width_microns\":101600},{\"custom_display_name\":\"10x30cm\",\"height_microns\":304800,\"vendor_id\":\"137\",\"width_microns\":101600},{\"custom_display_name\":\"Borderless A4, 210x297mm\",\"height_microns\":296900,\"name\":\"ISO_A4\",\"vendor_id\":\"156\",\"width_microns\":210000},{\"custom_display_name\":\"Borderless cabinet 120x165mm\",\"height_microns\":165100,\"vendor_id\":\"157\",\"width_microns\":119800},{\"custom_display_name\":\"Borderless A6\",\"height_microns\":148000,\"name\":\"ISO_A6\",\"vendor_id\":\"159\",\"width_microns\":104900},{\"custom_display_name\":\"Borderless B5, 182x257mm\",\"height_microns\":257000,\"name\":\"JIS_B5\",\"vendor_id\":\"162\",\"width_microns\":182100},{\"custom_display_name\":\"Card envelope 4.4x6in.\",\"height_microns\":152400,\"vendor_id\":\"165\",\"width_microns\":111100},{\"custom_display_name\":\"Envelope A2\",\"height_microns\":146000,\"name\":\"JPN_CHOU2\",\"vendor_id\":\"166\",\"width_microns\":110900},{\"custom_display_name\":\"Hagaki 100x148mm\",\"height_microns\":148000,\"name\":\"JPN_HAGAKI\",\"vendor_id\":\"167\",\"width_microns\":100000},{\"custom_display_name\":\"Borderless hagaki 100x148mm\",\"height_microns\":148100,\"name\":\"JPN_HAGAKI\",\"vendor_id\":\"168\",\"width_microns\":100100},{\"custom_display_name\":\"Index card 3x5in.\",\"height_microns\":127000,\"name\":\"NA_INDEX_3X5\",\"vendor_id\":\"169\",\"width_microns\":76200},{\"custom_display_name\":\"No. 6 3/4 Envelope\",\"height_microns\":165100,\"name\":\"NA_PERSONAL\",\"vendor_id\":\"171\",\"width_microns\":92200},{\"custom_display_name\":\"Index card 5x8in.\",\"height_microns\":203200,\"name\":\"NA_INDEX_5X8\",\"vendor_id\":\"172\",\"width_microns\":127000},{\"custom_display_name\":\"Ofuku Hagaki\",\"height_microns\":199800,\"name\":\"JPN_OUFUKU\",\"vendor_id\":\"173\",\"width_microns\":148000}]},\"page_orientation\":{\"option\":[{\"is_default\":true,\"type\":\"PORTRAIT\"},{\"type\":\"LANDSCAPE\"},{\"type\":\"AUTO\"}]},\"supported_content_type\":[{\"content_type\":\"application/pdf\"}]},\"version\":\"1.0\"},\"selectedDestinationName\":\"HP6676F7 (HP Officejet J4680 series)\",\"mediaSize\":{\"custom_display_name\":\"Letter\",\"height_microns\":279400,\"is_default\":true,\"name\":\"NA_LETTER\",\"vendor_id\":\"1\",\"width_microns\":215900}}"}},"profile":{"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{"https://www.youtube.com:443,https://www.youtube.com:443":{"setting":1}},"geolocation":{},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{},"popups":{},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"https://www.youtube.com:443,https://www.youtube.com:443":{"fullscreen":1}},"pref_version":1},"created_by_version":"35.0.1916.153","exit_type":"Normal","exited_cleanly":true,"icon_version":3,"managed_user_id":"","migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Firstuser","per_host_zoom_levels":{}},"protection":{"macs":{}},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13048517670653135"},"settings":{"privacy":{"drm_salt":"7DAF463AE6F2DA27AE51B7C0A93BB0D02897979278374173A2A0C0DD49A97FCE"}},"sync_promo":{"startup_count":10},"translate_blocked_languages":["en"],"translate_whitelists":{}} let.google.com/","https://wallet-web.sandbox.google.com/","https://www.google.com/","https://www.googleapis.com/*"],"update_url":"https://clients2.google.com/service/update2/crx","version":"0.1.1.0"},"path":"nmmhkkegccagdldgiimedpiccmgmieda\\0.1.1.0_0","preferences":{},"regular_only_preferences":{},"running":false,"state":1,"was_installed_by_default":true,"was_installed_by_oem":false},"pafkbggdmjlpgkdkcbjmhmfcdpncadgh":{"active_permissions":{"api":["alarms","gcm","identity","metricsPrivate","notifications","storage","tabs","webstorePrivate"],"explicit_host":["*://*.google.com/*","*://*.gstatic.com/*","https://*.googleapis.com/*","https://*.googleusercontent.com/*"],"manifest_permissions":[]},"content_settings":[],"creation_flags":1,"events":["alarms.onAlarm","gcm.onMessage","identity.onSignInChanged","notifications.onButtonClicked","notifications.onClicked","notifications.onClosed","notifications.onPermissionLevelChanged","notifications.onShowSettings","pushMessaging.onMessage","runtime.onInstalled","runtime.onStartup","runtime.onSuspend","storage.onChanged"],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13048525384657718","location":5,"manifest":{"background":{"persistent":false,"scripts":["utility.js","cards.js","background.js"]},"description":"IntegratesGoogle Now into Chrome.","icons":{"128":"images/icon128.png","16":"images/icon16.png","48":"images/icon48.png"},"key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhqJr32OFD/bMXW4Md7jMfd7LbwHXVc6x5bBQG5U+dloofoxrICDR20yur/40mQ8O//0sS1b8srvbab1CRlSrxoNCr9T80NAkfzx0gHyVS+p1Zow+1FzLMu9PiGwwFyN80HIB7GI/dIa0wC9K/2OrrzcHEhVH96DacTtWQqjfDVtZPjT7Xwv23dgoWcpbkRC86jMJot3dmX9xnn0KzoVc9gDOHSIkBLbkkr6Sp3LGXCCM4L0DJgxdFwaLr5WBzgC3y5x0/wwPIwN4PtIaK3BhH6njlksfnKwwIJ9iRT41V4BqbWu4mszO/7VJ3HJyw2DBpIc2grU9ZRRxrV3fRQG4wIDAQAB","manifest_version":2,"name":"Google Now","oauth2":{"auto_approve":true,"scopes":["https://www.googleapis.com/auth/googlenow"]},"optional_permissions":["background"],"permissions":["alarms","identity","metricsPrivate","notifications","pushMessaging","storage","tabs","webstorePrivate","\u003Call_urls>"],"version":"1.2.0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\35.0.1916.153\\resources\\google_now","preferences":{},"regular_only_preferences":{},"was_installed_by_default":false,"was_installed_by_oem":false},"pjkljhegncpnkpknbcohdijeoejaedia":{"ack_external":true,"active_permissions":{"api":["notifications"],"manifest_permissions":[]},"app_launcher_ordinal":"x","commands":{},"content_settings":[],"creation_flags":137,"events":[],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["notifications"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13080682435387499","lastpingday":"13080726011904612","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"https://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"en_US","default_locale":"en","description":"Fast, searchable email with less spam.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","manifest_version":2,"name":"Gmail","options_page":"https://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"http://clients2.google.com/service/update2/crx","version":"8.1"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"1001F5640A953A5D086A090017622E2187961DD3D2087D7595BD5C8EE029AA3B"},"default_search_provider":{"keyword":"4627E3D4A8B5F1B916551AF358D153398B3B3A3944A743AE76A2459DD3F49B1B","name":"21F1619AEA5A935701D6B08F47C969BA29938020172026DF5E79C2C36C11F745","search_url":"3E12220E278B45787D436180D87C2769A25386E8969D6F45B22BC69FDCB3B881"},"default_search_provider_data":{"template_url_data":"0A93A7184365FAAC2AAFB2D4962CD46BBA4BF690B0CB87D537BFF4295D593BF8"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"08EDF4EEDDCD784AFA3796114941228143712047915F5D584A0259626CF9CE91","aohghmighlieiainnegkcijnfilokake":"A613A5A4E8DB7A433854F426F6BB1E4D2D848F48EA8AF1342F51E107449A871D","apdfllckaahabafndbhieahigkjlhalf":"D3FF13EA5A3BC5ACA47A44A3B49DC64BEA4A9112BCA977FDC319DDFC5F0433A3","bepbmhgboaologfdajaanbcjmnhjmhfn":"47674854842EB6BA4243051A4992DEA32E80B124DD9B3E1880FCD604D7D91529","blpcfgokakmgnkcojhhkbfbldkacnbeo":"6A3D696F206A71021D4295F3AE7C676663F545268F8AE869ED03E7F923ECBA16","coobgpohoikkiipiblmjeljniedjpjpf":"82413CB0DC4C90B518948FC0E56FBAC7D4B96A1AE9460016D84CC6EDAB97BC4E","dnhpdliibojhegemfjheidglijccjfmc":"D49F04C480B2574202F250BFB765FCD9389D63F879E7B9B43B142637FFA9CE66","eemcgdkfndhakfknompkggombfjjjeno":"C704B0B7604A6DA20DD21CE7B523FF0C54D5D800D3E1E745E396EA922FAADD84","ennkphjdgehloodpbhlhldgbnhmacadg":"222644A55E9E33779DDFB9C6F25EC33FEA75B1793E0EBB604CC64173A02B01A9","gfdkimpbcpahaombhbimeihdjnejgicl":"A4B451D8EA05D865E6F86D1E48F0A7A8527807265CC3418611877E6E17A7D72E","kmendfapggjehodndflmmgagdbamhnfd":"107585A49AF7BC319903CDC22F95A020B0583C1CE76A2DA184C4823E5929AC83","lccekmodgklaepjeofjdjpbminllajkg":"5E6342C9E6F3E475ECD73A9D594A40D10EC633D628D39EE5C7BDD57CE6EB74A5","mfehgcgbbipciphmccgaenjidiccnmng":"12B74E6621E4A9AD656BF66490F256DABA43DA929CC201A268935D308C6BDD7A","mfffpogegjflfpflabcdkioaeobkgjik":"CED74CD6D3C859555676D1037B60A0F1A3D14D19451F1E0C92383743F0AC3485","mgndgikekgjfcpckkfioiadnlibdjbkf":"DB67B8E5BEBAE1561EC2A0CC669CFF360EA19EA7DE3B496065C8760763CB8519","mhjfbmdgcfjbbpaeojofohoefgiehjai":"F364BCC0C38E476BD6D97F6E9BCFD17DA7B5312B421F419B152AF9A4FFEE7E99","nbpagnldghgfoolbancepceaanlmhfmd":"C4BE008B3443DA015CA1739169E697E5DEA6A96B35280ED5FA838F482A006227","neajdppkdcdipfabeoofebfddakdcjhd":"434EC733F5F43C8501FFDF29968769C897222C7123F302E77177F63956D74083","nkeimhogjdpnpccoofpliimaahmaaome":"F723ABE9852C076B249D8ECD2245C52DFDF2F34A15E69B1BCCCAC9DE19F09F75","nmmhkkegccagdldgiimedpiccmgmieda":"0256CA505452E1C72F897D3ADD02713F06CB04D165908ABBC8B50BDDE60BE10D","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"894F68BBB1BDAC02C28EB26FD5E724FDC5B2CD5B111862BC9869D2F7B1D8BD47","pjkljhegncpnkpknbcohdijeoejaedia":"64C42445D79289125F0F76A334EC22B7F6653F02C600750BC5264B45C4EFC142"}},"google":{"services":{"last_username":"2443B4B1E8483969A8793E688AD8D545724C2C29723E13998F74A3F5ACB43914","username":"ABF21DCE9B65566E6B4342B8B756DA0E9C18DF5B7203FF741CCE37704ADC3C6A"}},"homepage":"E70CD67B7C157C85AC13DBE0EBBCB19E0F4C1964CA80ADF583A3E950BDDE8ED7","homepage_is_newtabpage":"8DD91D45398D11FBEAA522EE798BD803AF6D4EFF02613B32D888EF84EAD90892","pinned_tabs":"ABBCAF7B14102307DFFDC120895205AB1EA5C050A53AC4989D68320721430E4C","prefs":{"preference_reset_time":"F2848AA681BB3B4987E713B9F4E8AEDEAB8CF1E794854EDFD5CDE7DC10C98EA0"},"profile":{"reset_prompt_memento":"707EA13DABA2EF2655E64AFBB0DB97CD7911954F3916B83AB7A6EA43EF9228EE"},"safebrowsing":{"incidents_sent":"A88C3330D98437CA294C42E1EEA144AC4882119C813682013C3459D79C77795B"},"search_provider_overrides":"5543D300B1131CA2D86EFE422BCC47A9801316556296311E57E8997568E822C9","session":{"restore_on_startup":"F51A7D73A61877826492F110250FE685DBF0C7009CF33B6DF8CD9F85296D343E","startup_urls":"B4ED088D82487A5D863DE4521E42C6FDB752421878723E444A6DD7ED3E9FF896"},"software_reporter":{"prompt_reason":"342BD00BDDD34D8231088CAD4045FC357E53238D59B9A185A80CC4C2A2639587","prompt_seed":"DCE4B85418CC56F13C00FF0A58B59DA52755954B89B0F0762F94512CD3F2FC25","prompt_version":"3D13246559DB5C92FCDAE70E2815AA1ECEB41175BA38A03598DDA6DC20DA0A9F"},"sync":{"remaining_rollback_tries":"00A44AC67AD32877AC3D3B6A677AF4E5BD371C752128B5832688435DBF9A6CBA"}},"super_mac":"4FAAC01FB18E91FBEED358AFE728A9B37618599FD9A984CB92D654204488717C"},"sync":{"remaining_rollback_tries":0}} C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Preferences0,\"vendor_id\":\"165\",\"width_microns\":111100},{\"custom_display_name\":\"Envelope A2\",\"height_microns\":146000,\"name\":\"JPN_CHOU2\",\"vendor_id\":\"166\",\"width_microns\":110900},{\"custom_display_name\":\"Hagaki 100x148mm\",\"height_microns\":148000,\"name\":\"JPN_HAGAKI\",\"vendor_id\":\"167\",\"width_microns\":100000},{\"custom_display_name\":\"Borderless hagaki 100x148mm\",\"height_microns\":148100,\"name\":\"JPN_HAGAKI\",\"vendor_id\":\"168\",\"width_microns\":100100},{\"custom_display_name\":\"Index card 3x5in.\",\"height_microns\":127000,\"name\":\"NA_INDEX_3X5\",\"vendor_id\":\"169\",\"width_microns\":76200},{\"custom_display_name\":\"No. 6 3/4 Envelope\",\"height_microns\":165100,\"name\":\"NA_PERSONAL\",\"vendor_id\":\"171\",\"width_microns\":92200},{\"custom_display_name\":\"Index card 5x8in.\",\"height_microns\":203200,\"name\":\"NA_INDEX_5X8\",\"vendor_id\":\"172\",\"width_microns\":127000},{\"custom_display_name\":\"Ofuku Hagaki\",\"height_microns\":199800,\"name\":\"JPN_OUFUKU\",\"vendor_id\":\"173\",\"width_microns\":148000}]},\"page_orientation\":{\"option\":[{\"is_default\":true,\"type\":\"PORTRAIT\"},{\"type\":\"LANDSCAPE\"},{\"type\":\"AUTO\"}]},\"supported_content_type\":[{\"content_type\":\"application/pdf\"}]},\"version\":\"1.0\"},\"selectedDestinationName\":\"HP6676F7 (HP Officejet J4680 series)\",\"isDuplexEnabled\":false,\"mediaSize\":{\"custom_display_name\":\"Letter\",\"height_microns\":279400,\"is_default\":true,\"name\":\"NA_LETTER\",\"vendor_id\":\"1\",\"width_microns\":215900},\"dpi\":{\"horizontal_dpi\":600,\"is_default\":true,\"vertical_dpi\":600},\"selectedDestinationExtensionId\":\"\"}"}},"profile":{"avatar_bubble_tutorial_shown":1,"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{"https://[*.]www.khanacademy.org:443,*":{"setting":1},"https://[*.]www.youtube.com:443,*":{"setting":1},"https://vimeo.com:443,https://vimeo.com:443":{"setting":1}},"geolocation":{"http://bindingofisaacrebirth.gamepedia.com:80,http://bindingofisaacrebirth.gamepedia.com:80":{"setting":1},"https://www.peiwei.com:443,https://www.peiwei.com:443":{"setting":1}},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{"https://www.google.com:443,*":{"setting":1}},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{"[*.]web.roblox.com,*":{"setting":1},"[*.]www.roblox.com,*":{"setting":1}},"popups":{"https://[*.]my.hrw.com:443,*":{"setting":1}},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"[*.]web.roblox.com,*":{"plugins":1},"[*.]www.roblox.com,*":{"plugins":1},"http://bindingofisaacrebirth.gamepedia.com:80,http://bindingofisaacrebirth.gamepedia.com:80":{"geolocation":1,"last_used":{"geolocation":1429972520.755725}},"https://[*.]my.hrw.com:443,*":{"popups":1},"https://[*.]www.khanacademy.org:443,*":{"fullscreen":1},"https://[*.]www.youtube.com:443,*":{"fullscreen":1},"https://vimeo.com:443,https://vimeo.com:443":{"fullscreen":1},"https://www.google.com:443,*":{"last_used":{"media-stream-mic":1429470270.991902},"media-stream-mic":1},"https://www.peiwei.com:443,https://www.peiwei.com:443":{"geolocation":1,"last_used":{"geolocation":1425162054.95262}}},"plugin_whitelist":{"npsitesafety":{"dll":true}},"pref_version":1},"created_by_version":"35.0.1916.114","exit_type":"SessionEnded","exited_cleanly":true,"gaia_info_picture_url":"https://lh5.googleusercontent.com/-haBLRz9eYLg/AAAAAAAAAAI/AAAAAAAAAV8/RTukSYhljaQ/s256-c/photo.jpg","gaia_info_update_time":"13084136882185926","icon_version":3,"managed_user_id":"","managed_users":{},"migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Firstuser","password_manager_groups_for_domains":[0,null,null,null,null,null,4],"per_host_zoom_levels":{}},"protection":{"macs":{}},"reverse_autologin":{"enabled":false},"safebrowsing":{"extended_reporting_enabled":false},"savefile":{"default_directory":"C:\\Users\\mooke_000\\Pictures","type":1},"selectfile":{"last_directory":"C:\\Users\\mooke_000\\Pictures"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13046482681127931"},"sync":{"app_list":true,"app_settings":true,"apps":true,"autofill":true,"autofill_profile":true,"autofill_wallet":true,"bookmarks":true,"dictionary":false,"encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA3c20YGNsc0OIiLhFdncglAAAAAACAAAAAAAQZgAAAAEAACAAAACXWDDZBcM+eA+9P7B1N7al7F/V1Z9Jg3oO2m/usZpr4QAAAAAOgAAAAAIAACAAAABtuVcmP1Y9WtoUIc1l1WRhI6lMc/EFEil2hw77LJTlbEAAAADAb3umj9ZM7Ux+OBqDYDOtcf8xR7sq/0rMxL1x4KFUBbbT8uMJhnb/GTOdmTML986xXtvOmQMCXlGZv1rwVri7QAAAAENcSY2Cg9AkE8Sx/UNVdHgBDLUw2gKJgeATZSabWRD6mNuNoniwlQdEp/hN/FTcEgalCRnsz/EAAQWfSveYP/I=","extension_settings":true,"extensions":true,"favicon_images":true,"favicon_tracking":true,"first_sync_time":"13055118736362832","has_setup_completed":true,"history_delete_directives":true,"keep_everything_synced":false,"keystore_encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA3c20YGNsc0OIiLhFdncglAAAAAACAAAAAAAQZgAAAAEAACAAAABNihHORacbJ504tbQtQopqD+WLIXt9lc5vwdFr7w8BLgAAAAAOgAAAAAIAACAAAAA9lPQWe0t5g7t2JhbyRoOFmfylRC30usGuzi66W7duWlAAAACj/yFZFmAHazLdalM2L8ZNwkmIVrRngESxtVm9oieUQ0dftoDB2aUROzZNA1gZnpVzDcqLQ0Xs27DojW3jZI+e5c9/ho+MtM7YtMFHaMrQ2UAAAABrDffZGWplmjjd2zfnOzh3MA6htoMFwy3v2AePFzXXx8H6agIOZfgQIvxbk7jahTxIbIENIvSqIbR7u6v/gCIy","last_synced_time":"13084219126304698","managed_user_settings":true,"managed_user_shared_settings":true,"managed_user_whitelists":true,"managed_users":true,"memory_warning_count":0,"passwords":true,"preferences":false,"priority_preferences":false,"search_engines":false,"session_sync_guid":"session_syncJLfaPHsGBIo9FLR1s53yZw==","sessions":true,"shutdown_cleanly":false,"suppress_start":false,"synced_notifications":true,"tabs":true,"themes":true,"typed_urls":true},"sync_promo":{"startup_count":1},"synced_notification":{"first_run":false},"translate_accepted_count":{"de":0,"en":0,"pt":0},"translate_blocked_languages":["en"],"translate_denied_count":{"en":1,"pt":1},"translate_denied_count_for_language":{"de":2,"en":1},"translate_last_denied_time":1425932860295.626,"translate_last_denied_time_for_language":{"de":1439684030402.555,"en":1438018787678.093},"translate_too_often_denied":true,"translate_whitelists":{},"zerosuggest":{"cachedresults":""}} C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Preferences.]upload.wikimedia.org,*":{"plugins":1},"[*.]www.cvsphoto.com,*":{"plugins":1},"[*.]www.ers-srl.com,*":{"plugins":1},"[*.]www.impactwrestling.com,*":{"fullscreen":1},"[*.]www.java.com,*":{"plugins":1},"[*.]www.myfoxdfw.com,*":{"plugins":1},"[*.]www.scholastic.com,*":{"plugins":1},"[*.]www.youtube.com,*":{"fullscreen":1},"http://192.168.1.85:8080,*":{"plugins":1},"http://maps.google.com:80,http://maps.google.com:80":{"geolocation":1},"http://touch.facebook.com:80,http://touch.facebook.com:80":{"geolocation":1},"http://www.greatclips.com:80,http://www.greatclips.com:80":{"geolocation":1},"http://www.wunderground.com:80,http://www.wunderground.com:80":{"geolocation":1},"http://www.zoomzoomzen.com:80,http://www.zoomzoomzen.com:80":{"geolocation":1},"https://[*.]download.citrixonline.com:443,*":{"plugins":1},"https://[*.]eft1.feps.cms.gov:443,*":{"plugins":1},"https://[*.]mail.google.com:443,*":{"popups":1},"https://[*.]plus.google.com:443,*":{"fullscreen":1},"https://[*.]qbo.intuit.com:443,*":{"popups":1},"https://[*.]us-mg205.mail.yahoo.com:443,*":{"multiple-automatic-downloads":1},"https://[*.]www.facebook.com:443,*":{"fullscreen":1},"https://app.mysms.com:443,*":{"notifications":1},"https://foursquare.com:443,https://foursquare.com:443":{"geolocation":1},"https://maps.google.com:443,https://maps.google.com:443":{"geolocation":1},"https://plus.google.com:443,https://plus.google.com:443":{"geolocation":1},"https://www.google.com:443,*":{"media-stream-mic":1}},"plugin_whitelist":{"npsitesafety":{"dll":true}},"pref_version":1},"created_by_version":"35.0.1916.114","default_content_setting_values":{"plugins":3},"default_content_settings":{"plugins":3},"exit_type":"Crashed","exited_cleanly":true,"gaia_info_update_time":"13084230345153625","icon_version":3,"is_managed":false,"managed_user_id":"","managed_users":{},"migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Firstuser","password_manager_groups_for_domains":[1],"per_host_zoom_levels":{}},"protection":{"macs":{}},"reverse_autologin":{"enabled":false},"savefile":{"default_directory":"C:\\Users\\Web\\Desktop"},"selectfile":{"last_directory":"C:\\Users\\Web\\Google Drive\\TQF\\Quickbooks\\Invoices"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13046643098031463"},"settings":{"privacy":{"drm_salt":"59D990A4BCF6D7DA80F0CE8659C908FC2FA5F4DE5A020533B694B6C1AAE84E44"}},"signin":{"signedin_time":"13064261698391182"},"sync":{"app_list":true,"app_settings":true,"apps":true,"autofill":true,"autofill_profile":true,"bookmarks":true,"dictionary":true,"encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAABysDQll0iEqH4Npf5cRrEwAAAAACAAAAAAAQZgAAAAEAACAAAAC7P9C05ipXTOzF0l4BjbyY/Ou+t3xd+MW8UJa3TaLU9gAAAAAOgAAAAAIAACAAAACBXditQkETqm6P+Nr7VpGS/WDlqtLRirKMehnoAMeBUkAAAABkKc1TGWikSPgQaBuy0LhefntKyg7j88fyOXLTugXGdbTeAp4cXzoKNi0BORaRe8kgKORe7mUa19RLcdepVn5vQAAAAFLuwP++8xk2K21Iq9GGF9W0HMVmSsAQfIEC5xeCpG1adaIH2GEK4YXVnyKN7xf/DRTHDQvytIhh7jG5snxzSaM=","extension_settings":true,"extensions":true,"favicon_images":true,"favicon_tracking":true,"first_sync_time":"13054232150315396","has_auth_error":true,"has_setup_completed":true,"history_delete_directives":true,"keystore_encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAABysDQll0iEqH4Npf5cRrEwAAAAACAAAAAAAQZgAAAAEAACAAAADabq7neynTCsZSn2NcWnNZ2SiNs1cdZ5fH16xV5JuVdQAAAAAOgAAAAAIAACAAAACK/KfwkrmTwJaHOt81rnX5WIz+9eX0cTcvAXKKGiWQtlAAAAALJILtIyo3gY/C9xlIauvuEtBrhjngB4+DJoBKNfWG3NLjbXEWYfm9YFADQnraWxrgpl52a6mWaoesox1FyrLiZB9guUGzeKIPPH8nBoY6uUAAAAC80pZOS4wt7GHJTqpvmMl84Bxp6QHQjHJ0oHgPPYAzm0TA59TUhfsiOHEdTwNzUZKEDL06TvfwuvzbVjNhk35c","last_synced_time":"13084231929936078","managed_user_settings":true,"managed_user_shared_settings":true,"managed_user_whitelists":true,"managed_users":true,"memory_warning_count":0,"passwords":true,"preferences":true,"priority_preferences":true,"search_engines":true,"session_sync_guid":"session_sync3Hda8RkRlmSyGv3B4D4+Uw==","sessions":true,"shutdown_cleanly":false,"suppress_start":false,"synced_notifications":true,"tabs":true,"themes":true,"typed_urls":true},"sync_promo":{"startup_count":1},"synced_notification":{"first_run":false},"translate_accepted_count":{"ar":0,"de":0,"es":0,"fr":0,"ga":0,"it":0,"ja":0,"zh-CN":1},"translate_blocked_languages":["en"],"translate_denied_count":{"ar":1,"de":6,"es":1,"fr":1,"ga":1,"it":1,"ja":1,"zh-CN":0},"translate_whitelists":{}} rdinal":"yz","commands":{},"content_settings":[],"creation_flags":137,"events":[],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["notifications"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13072631273697629","lastpingday":"13084182008088314","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"https://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"en_US","default_locale":"en","description":"Fast,searchable email with less spam.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","manifest_version":2,"name":"Gmail","options_page":"https://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"http://clients2.google.com/service/update2/crx","version":"8.1"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"google":{"services":{"account_id":"webmayfield@gmail.com","last_username":"web.mayfield@gmail.com"}},"homepage":"http://www.google.com/","homepage_is_newtabpage":true,"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"65BADC5D1501ECD4D65663C5467DD7BF9B6F0446D827D2F025DD707623BA857F"},"default_search_provider":{"keyword":"4627E3D4A8B5F1B916551AF358D153398B3B3A3944A743AE76A2459DD3F49B1B","name":"21F1619AEA5A935701D6B08F47C969BA29938020172026DF5E79C2C36C11F745","search_url":"3E12220E278B45787D436180D87C2769A25386E8969D6F45B22BC69FDCB3B881"},"default_search_provider_data":{"template_url_data":"0A93A7184365FAAC2AAFB2D4962CD46BBA4BF690B0CB87D537BFF4295D593BF8"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"B6107F2D9A072209447B33FA798172D801E0412049B11B512A6CDE824B8A7529","aohghmighlieiainnegkcijnfilokake":"0F042CD37D8FB8F306707D2397DDECD0C4947041B9E86C06BB07517E7AFA3E51","apdfllckaahabafndbhieahigkjlhalf":"8BB61460FCE6C2828FCC2A697A43C21D0349A26096138EE65E1CA02D28163A2A","bepbmhgboaologfdajaanbcjmnhjmhfn":"47674854842EB6BA4243051A4992DEA32E80B124DD9B3E1880FCD604D7D91529","bjnkloegafmkhgpjglcbldhaokjpandj":"24B7938329DE9AB10D8EB57F4432D4CA85ED931F065EBFECDFDB5495D92AD039","blpcfgokakmgnkcojhhkbfbldkacnbeo":"22139B7B65EDE4847312DF97FC3722B6F90659D55CF8EF5E8E62DF3B2339077E","boadgeojelhgndaghljhdicfkmllpafd":"73D5B8D187F59352EA46565961F0BED380A113A29001BC18A08E0B6619080351","coobgpohoikkiipiblmjeljniedjpjpf":"C34BAE37B055302D69149EC8E3D699B04BA5552FDD2B6837C35B2FFAE0A71994","djflhoibgkdhkhhcedjiklpkjnoahfmg":"D6482010194852602F7A636C298AA3D67140CF17E1B3B11507BD131001DF75EC","dllkocilcinkggkchnjgegijklcililc":"546C26621826802FEE766EF2A43B27E57E7E8BAB7DFE9820FD0BF83130452C7C","dlppkpafhbajpcmmoheippocdidnckmm":"BDD9595E4C53216BA27836B5602894113C6AB15950A9DCCD8343F457ECA86430","dnhpdliibojhegemfjheidglijccjfmc":"685E39C2C9269C636E59996E7A838DC9B29A2398995329C03D65872663118565","eemcgdkfndhakfknompkggombfjjjeno":"530B32C8EBBF29AEA3C0F50A7A1734E414ADD6445530B108C880B6FF4EF542E2","ennkphjdgehloodpbhlhldgbnhmacadg":"3F8610C6B800C2EFDB30766339C4A9DA9877C668E14BD6CAFA60A2BF9B526046","fahmaaghhglfmonjliepjlchgpgfmobi":"3F045871383505DAF83D7D8D04AE341E03F2600B11771995AA1CA21E19B5E924","gfdkimpbcpahaombhbimeihdjnejgicl":"CA550D1D921B95D364C464B73221603E801C2B91D018909C439DBD59268D2E44","hfdkmfjikkdbfkeikhenooopdpgpighd":"2223254B195EC962CAA30CF6D6966163F31F87BA6E987C55B8601DB7913DE2C2","jgoepmocgafhnchmokaimcmlojpnlkhp":"F2E03714FC04A45720D46BE1AD370D3A82B0F936595BF9EB4BA3597F5CCC0A99","kcnhkahnjcbndmmehfkdnkjomaanaooo":"3BDD816FF4B8BCD00A40E8916791450962FA112132F9E727CDBFD9F440DD6AD8","kmendfapggjehodndflmmgagdbamhnfd":"7DA3D4A52199148665E96723FB35BA12F2A2D84D55EB1C49FC8391ACDC334410","lccekmodgklaepjeofjdjpbminllajkg":"775537ACA5C4C1C18D476F16E8D1030E240A8868EC18AB816241F5E4C0D39401","lmjegmlicamnimmfhcmpkclmigmmcbeh":"715EC4B6BECA7332668A3304652F45CECD10A3C2A25B8A9C59C22BF65630101C","mdanidgdpmkimeiiojknlnekblgmpdll":"842C8DCAA3001FC325D87A7FDDFA437A62D780D8B69A2957938A39CF8E8E96E2","mfehgcgbbipciphmccgaenjidiccnmng":"5C80B580DBB982C14B45674368361E583ACF0A574D126100A12399FD3D829D20","mfffpogegjflfpflabcdkioaeobkgjik":"759EE9E3372C947413F64FB15B6308E3A69AB1FD3CF712407371CD9814576107","mgndgikekgjfcpckkfioiadnlibdjbkf":"7A3EC114C0D2F79E3349AF0C54F634BB98BA2E0CE4A1FFBAA552D8E32846EE27","mhjfbmdgcfjbbpaeojofohoefgiehjai":"E95ABB8B93739A6015EE2DF7EFF757F91E1695086C9041BC4A558AB035D5EA3F","nbpagnldghgfoolbancepceaanlmhfmd":"B94B07C11F64F233DB195F0011F69622336631975198319386B380F9429EA7B8","neajdppkdcdipfabeoofebfddakdcjhd":"B89658BF64A54A38918B07ACF7502E90AFDCDF5A8AFA8C049CF592756DF3FF86","nkeimhogjdpnpccoofpliimaahmaaome":"307952EE0534A61DF57AB555019973E56E760DB074BF08D0926F42E7545C5902","nmmhkkegccagdldgiimedpiccmgmieda":"6CA943D13464F83F998229545559436F6DA7C0E97E3FADD5168075963B95DA8B","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"AD7B7D2A8C248F0231757133EA951BF13B9B16EAFC98194B938B06B948A243E4","pjkljhegncpnkpknbcohdijeoejaedia":"47300CC856F3DC3D64632DD401F97CCA91C0345297FA52F676BAE67E11F8B0B4"}},"google":{"services":{"account_id":"2DEA2A1D1F6A46EFF112275EC09EB4AFDC139464F18221DFACC68AF2DFA27EEC","last_username":"F07B1FA68E7CEBE93EFA36CAF7FDD0E17256AF79EB14BF483C9B6D9DCB379DEC","username":"ABF21DCE9B65566E6B4342B8B756DA0E9C18DF5B7203FF741CCE37704ADC3C6A"}},"homepage":"85AED5E2968F2119291464B4E3080A1799E7EE6F4683DCF517D9013A316B9C62","homepage_is_newtabpage":"DEB34DF8DD4A0E6BB9F014EF459F2268BB76FD2545795EB33C7BE39B003E5F5F","pinned_tabs":"ABBCAF7B14102307DFFDC120895205AB1EA5C050A53AC4989D68320721430E4C","prefs":{"preference_reset_time":"F2848AA681BB3B4987E713B9F4E8AEDEAB8CF1E794854EDFD5CDE7DC10C98EA0"},"profile":{"reset_prompt_memento":"707EA13DABA2EF2655E64AFBB0DB97CD7911954F3916B83AB7A6EA43EF9228EE"},"safebrowsing":{"incidents_sent":"A88C3330D98437CA294C42E1EEA144AC4882119C813682013C3459D79C77795B"},"search_provider_overrides":"5543D300B1131CA2D86EFE422BCC47A9801316556296311E57E8997568E822C9","session":{"restore_on_startup":"E9CF315FBDA1E78D0BD435F88C87E882AD7C63CF982A7DC35E325D886ACFE320","startup_urls":"B4ED088D82487A5D863DE4521E42C6FDB752421878723E444A6DD7ED3E9FF896"},"software_reporter":{"prompt_reason":"342BD00BDDD34D8231088CAD4045FC357E53238D59B9A185A80CC4C2A2639587","prompt_seed":"DCE4B85418CC56F13C00FF0A58B59DA52755954B89B0F0762F94512CD3F2FC25","prompt_version":"3D13246559DB5C92FCDAE70E2815AA1ECEB41175BA38A03598DDA6DC20DA0A9F"},"sync":{"remaining_rollback_tries":"00A44AC67AD32877AC3D3B6A677AF4E5BD371C752128B5832688435DBF9A6CBA"}},"super_mac":"5C4D1519F0F7EA02D310DAB341A99F2C761E6BF724A90906304D98CE30C27522"},"session":{"restore_on_startup":1},"sync":{"remaining_rollback_tries":0}} ==== Chromium Fix ====================== C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricsbay.com_0.localstorage deleted successfullyC:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricsbay.com_0.localstorage-journal deleted successfullyC:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage deleted successfullyC:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage-journal deleted successfullyC:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfullyC:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfullyC:\Users\pauli_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.aadvantageeshopping.com_0.localstorage deleted successfullyC:\Users\pauli_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.aadvantageeshopping.com_0.localstorage-journal deleted successfullyC:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfullyC:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfullyC:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mediaservices-d.openxenterprise.com_0.localstorage deleted successfullyC:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mediaservices-d.openxenterprise.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://www.msn.com/?pc=MSE1" New Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://www.msn.com/?pc=MSE1" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS"{D944BB61-2E34-4DBF-A683-47E505C587DC} eBay Url="http://rover.ebay.com/rover/1/711-154371-11896-2/4" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4 deleted successfullyHKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfullyHKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D} deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4 deleted successfully ==== Empty IE Cache ====================== C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\aklyk_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\Users\aklyk_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfullyC:\Users\halca_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\Users\halca_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfullyC:\Users\mooke_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\Users\mooke_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfullyC:\Users\pauli_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\Users\pauli_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfullyC:\Users\Web\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\Users\Web\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfullyC:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\Users\aklyk_000\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfullyC:\Users\aklyk_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfullyC:\Users\halca_000\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfullyC:\Users\halca_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfullyC:\Users\mooke_000\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfullyC:\Users\mooke_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfullyC:\Users\pauli_000\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfullyC:\Users\pauli_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfullyC:\Users\Web\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfullyC:\Users\Web\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfullyC:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfullyC:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\aklyk_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfullyC:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfullyC:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfullyC:\Users\pauli_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfullyC:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=49 folders=36 20196232 bytes) ==== Empty Temp Folders ====================== C:\Users\aklyk_000\AppData\Local\Temp emptied successfullyC:\Users\Default\AppData\Local\Temp emptied successfullyC:\Users\Default User\AppData\Local\Temp emptied successfullyC:\Users\halca_000\AppData\Local\Temp emptied successfullyC:\Users\mooke_000\AppData\Local\Temp emptied successfullyC:\Users\pauli_000\AppData\Local\Temp emptied successfullyC:\Users\Web\AppData\Local\Temp will be emptied at rebootC:\windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at rebootC:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfullyC:\windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\windows\Temp successfully emptiedC:\Users\Web\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found ==== EOF on Sun 08/16/2015 at 16:06:18.43 ====================== Link to post Share on other sites More sharing options...
MrCharlie Posted August 16, 2015 ID:983707 Share Posted August 16, 2015 OK, how is it??? What browsers if any are a problem??? ========================= Please re-scan with FRST and Make sure the Addition Box is checked. http://www.fixitpc.pl/picasso/images/malware/tools/frst/frst_win05.png Post or attach the 2 logs FRST.txt and Addition.txt MrC Link to post Share on other sites More sharing options...
Darth_Kittens Posted August 16, 2015 Author ID:983709 Share Posted August 16, 2015 I just finished the re-scan with zoek -- log is below. I am in Chrome and still getting some 'best coupons' sidebar popping up. IE was doing the same thing before but it seems to be cured now. I have not yet done the scan with Malwarebytes. After I do that I will run FRST again and post the results. Zoek.exe v5.0.0.0 Updated 04-May-2015Tool run by Web on Sun 08/16/2015 at 16:24:55.69.Microsoft Windows 8.1 6.3.9600 x64Running in: Normal Mode Internet Access DetectedLaunched: C:\Users\Web\Desktop\zoek.exe [scan all users] [script inserted] ==== Older Logs ====================== C:\zoek-results2015-08-16-210618.log 47805 bytes ==== Empty Folders Check ====================== C:\Users\Web\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\0302601401919830mcinstcleanup deleted successfully ==== Chromium Look ====================== Google Chrome Version: 44.0.2403.155 Chrome Hotword Shared Module - aklyk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkgGoogle Cast - mooke_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafdTampermonkey - mooke_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfoChrome Hotword Shared Module - mooke_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkgChrome Hotword Shared Module - pauli_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkgGoogle Drive App Launcher - pauli_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbehGoogle Cast - Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafdUser-Agent Switcher for Chrome - Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmgGoogle News - Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililcGoogle Voice (by Google) - Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaoooChrome Hotword Shared Module - Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkgBoomerang for Gmail - Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll ==== Chromium Startpages ====================== C:\Users\aklyk_000\AppData\Local\Google\Chrome\User Data\Default\Preferencesdisplay_name\":\"A5\",\"height_microns\":210000,\"name\":\"ISO_A5\",\"vendor_id\":\"11\",\"width_microns\":148000},{\"custom_display_name\":\"B5 (JIS)\",\"height_microns\":257000,\"name\":\"JIS_B5\",\"vendor_id\":\"13\",\"width_microns\":182000},{\"custom_display_name\":\"Envelope #10\",\"height_microns\":241300,\"name\":\"NA_NUMBER_10\",\"vendor_id\":\"20\",\"width_microns\":104700},{\"custom_display_name\":\"Envelope DL\",\"height_microns\":220000,\"name\":\"ISO_DL\",\"vendor_id\":\"27\",\"width_microns\":110000},{\"custom_display_name\":\"Envelope C6\",\"height_microns\":162000,\"name\":\"ISO_C6\",\"vendor_id\":\"31\",\"width_microns\":114000},{\"custom_display_name\":\"Envelope Monarch\",\"height_microns\":190500,\"name\":\"NA_MONARCH\",\"vendor_id\":\"37\",\"width_microns\":98400},{\"custom_display_name\":\"A6\",\"height_microns\":148000,\"name\":\"ISO_A6\",\"vendor_id\":\"70\",\"width_microns\":105000},{\"custom_display_name\":\"JIS Chou #3\",\"height_microns\":234900,\"name\":\"JPN_CHOU3\",\"vendor_id\":\"119\",\"width_microns\":119900},{\"custom_display_name\":\"JIS Chou #4\",\"height_microns\":204900,\"name\":\"JPN_CHOU4\",\"vendor_id\":\"120\",\"width_microns\":89900},{\"custom_display_name\":\"B5 (ISO)\",\"height_microns\":249900,\"name\":\"ISO_B5\",\"vendor_id\":\"121\",\"width_microns\":176000},{\"custom_display_name\":\"B7 (ISO)\",\"height_microns\":124900,\"name\":\"ISO_B7\",\"vendor_id\":\"122\",\"width_microns\":87800},{\"custom_display_name\":\"B7 (JIS)\",\"height_microns\":128000,\"name\":\"JIS_B7\",\"vendor_id\":\"123\",\"width_microns\":90900},{\"custom_display_name\":\"HV\",\"height_microns\":180000,\"vendor_id\":\"124\",\"width_microns\":101000},{\"custom_display_name\":\"10x15cm\",\"height_microns\":152400,\"name\":\"NA_INDEX_4X6\",\"vendor_id\":\"125\",\"width_microns\":101600},{\"custom_display_name\":\"L 89x127mm\",\"height_microns\":127000,\"vendor_id\":\"129\",\"width_microns\":88900},{\"custom_display_name\":\"2L 127x178mm\",\"height_microns\":178000,\"name\":\"NA_5X7\",\"vendor_id\":\"130\",\"width_microns\":127000},{\"custom_display_name\":\"13x18cm\",\"height_microns\":177800,\"name\":\"NA_5X7\",\"vendor_id\":\"131\",\"width_microns\":127000},{\"custom_display_name\":\"8x10in.\",\"height_microns\":254000,\"name\":\"NA_GOVT_LETTER\",\"vendor_id\":\"133\",\"width_microns\":203200},{\"custom_display_name\":\"Photo card 10x20cm (tab)\",\"height_microns\":203200,\"vendor_id\":\"135\",\"width_microns\":101600},{\"custom_display_name\":\"10x30cm\",\"height_microns\":304800,\"vendor_id\":\"137\",\"width_microns\":101600},{\"custom_display_name\":\"Borderless A4, 210x297mm\",\"height_microns\":296900,\"name\":\"ISO_A4\",\"vendor_id\":\"156\",\"width_microns\":210000},{\"custom_display_name\":\"Borderless cabinet 120x165mm\",\"height_microns\":165100,\"vendor_id\":\"157\",\"width_microns\":119800},{\"custom_display_name\":\"Borderless A6\",\"height_microns\":148000,\"name\":\"ISO_A6\",\"vendor_id\":\"159\",\"width_microns\":104900},{\"custom_display_name\":\"Borderless B5, 182x257mm\",\"height_microns\":257000,\"name\":\"JIS_B5\",\"vendor_id\":\"162\",\"width_microns\":182100},{\"custom_display_name\":\"Card envelope 4.4x6in.\",\"height_microns\":152400,\"vendor_id\":\"165\",\"width_microns\":111100},{\"custom_display_name\":\"Envelope A2\",\"height_microns\":146000,\"name\":\"JPN_CHOU2\",\"vendor_id\":\"166\",\"width_microns\":110900},{\"custom_display_name\":\"Hagaki 100x148mm\",\"height_microns\":148000,\"name\":\"JPN_HAGAKI\",\"vendor_id\":\"167\",\"width_microns\":100000},{\"custom_display_name\":\"Borderless hagaki 100x148mm\",\"height_microns\":148100,\"name\":\"JPN_HAGAKI\",\"vendor_id\":\"168\",\"width_microns\":100100},{\"custom_display_name\":\"Index card 3x5in.\",\"height_microns\":127000,\"name\":\"NA_INDEX_3X5\",\"vendor_id\":\"169\",\"width_microns\":76200},{\"custom_display_name\":\"No. 6 3/4 Envelope\",\"height_microns\":165100,\"name\":\"NA_PERSONAL\",\"vendor_id\":\"171\",\"width_microns\":92200},{\"custom_display_name\":\"Index card 5x8in.\",\"height_microns\":203200,\"name\":\"NA_INDEX_5X8\",\"vendor_id\":\"172\",\"width_microns\":127000},{\"custom_display_name\":\"Ofuku Hagaki\",\"height_microns\":199800,\"name\":\"JPN_OUFUKU\",\"vendor_id\":\"173\",\"width_microns\":148000}]},\"page_orientation\":{\"option\":[{\"is_default\":true,\"type\":\"PORTRAIT\"},{\"type\":\"LANDSCAPE\"},{\"type\":\"AUTO\"}]},\"supported_content_type\":[{\"content_type\":\"application/pdf\"}]},\"version\":\"1.0\"},\"selectedDestinationName\":\"HP6676F7 (HP Officejet J4680 series)\",\"mediaSize\":{\"custom_display_name\":\"Letter\",\"height_microns\":279400,\"is_default\":true,\"name\":\"NA_LETTER\",\"vendor_id\":\"1\",\"width_microns\":215900}}"}},"profile":{"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{"https://www.youtube.com:443,https://www.youtube.com:443":{"setting":1}},"geolocation":{},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{},"popups":{},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"https://www.youtube.com:443,https://www.youtube.com:443":{"fullscreen":1}},"pref_version":1},"created_by_version":"35.0.1916.153","exit_type":"Normal","exited_cleanly":true,"icon_version":3,"managed_user_id":"","migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Firstuser","per_host_zoom_levels":{}},"protection":{"macs":{}},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13048517670653135"},"settings":{"privacy":{"drm_salt":"7DAF463AE6F2DA27AE51B7C0A93BB0D02897979278374173A2A0C0DD49A97FCE"}},"sync_promo":{"startup_count":10},"translate_blocked_languages":["en"],"translate_whitelists":{}} let.google.com/","https://wallet-web.sandbox.google.com/","https://www.google.com/","https://www.googleapis.com/*"],"update_url":"https://clients2.google.com/service/update2/crx","version":"0.1.1.0"},"path":"nmmhkkegccagdldgiimedpiccmgmieda\\0.1.1.0_0","preferences":{},"regular_only_preferences":{},"running":false,"state":1,"was_installed_by_default":true,"was_installed_by_oem":false},"pafkbggdmjlpgkdkcbjmhmfcdpncadgh":{"active_permissions":{"api":["alarms","gcm","identity","metricsPrivate","notifications","storage","tabs","webstorePrivate"],"explicit_host":["*://*.google.com/*","*://*.gstatic.com/*","https://*.googleapis.com/*","https://*.googleusercontent.com/*"],"manifest_permissions":[]},"content_settings":[],"creation_flags":1,"events":["alarms.onAlarm","gcm.onMessage","identity.onSignInChanged","notifications.onButtonClicked","notifications.onClicked","notifications.onClosed","notifications.onPermissionLevelChanged","notifications.onShowSettings","pushMessaging.onMessage","runtime.onInstalled","runtime.onStartup","runtime.onSuspend","storage.onChanged"],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13048525384657718","location":5,"manifest":{"background":{"persistent":false,"scripts":["utility.js","cards.js","background.js"]},"description":"IntegratesGoogle Now into Chrome.","icons":{"128":"images/icon128.png","16":"images/icon16.png","48":"images/icon48.png"},"key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhqJr32OFD/bMXW4Md7jMfd7LbwHXVc6x5bBQG5U+dloofoxrICDR20yur/40mQ8O//0sS1b8srvbab1CRlSrxoNCr9T80NAkfzx0gHyVS+p1Zow+1FzLMu9PiGwwFyN80HIB7GI/dIa0wC9K/2OrrzcHEhVH96DacTtWQqjfDVtZPjT7Xwv23dgoWcpbkRC86jMJot3dmX9xnn0KzoVc9gDOHSIkBLbkkr6Sp3LGXCCM4L0DJgxdFwaLr5WBzgC3y5x0/wwPIwN4PtIaK3BhH6njlksfnKwwIJ9iRT41V4BqbWu4mszO/7VJ3HJyw2DBpIc2grU9ZRRxrV3fRQG4wIDAQAB","manifest_version":2,"name":"Google Now","oauth2":{"auto_approve":true,"scopes":["https://www.googleapis.com/auth/googlenow"]},"optional_permissions":["background"],"permissions":["alarms","identity","metricsPrivate","notifications","pushMessaging","storage","tabs","webstorePrivate","\u003Call_urls>"],"version":"1.2.0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\35.0.1916.153\\resources\\google_now","preferences":{},"regular_only_preferences":{},"was_installed_by_default":false,"was_installed_by_oem":false},"pjkljhegncpnkpknbcohdijeoejaedia":{"ack_external":true,"active_permissions":{"api":["notifications"],"manifest_permissions":[]},"app_launcher_ordinal":"x","commands":{},"content_settings":[],"creation_flags":137,"events":[],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["notifications"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13080682435387499","lastpingday":"13080726011904612","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"https://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"en_US","default_locale":"en","description":"Fast, searchable email with less spam.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","manifest_version":2,"name":"Gmail","options_page":"https://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"http://clients2.google.com/service/update2/crx","version":"8.1"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"1001F5640A953A5D086A090017622E2187961DD3D2087D7595BD5C8EE029AA3B"},"default_search_provider":{"keyword":"4627E3D4A8B5F1B916551AF358D153398B3B3A3944A743AE76A2459DD3F49B1B","name":"21F1619AEA5A935701D6B08F47C969BA29938020172026DF5E79C2C36C11F745","search_url":"3E12220E278B45787D436180D87C2769A25386E8969D6F45B22BC69FDCB3B881"},"default_search_provider_data":{"template_url_data":"0A93A7184365FAAC2AAFB2D4962CD46BBA4BF690B0CB87D537BFF4295D593BF8"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"08EDF4EEDDCD784AFA3796114941228143712047915F5D584A0259626CF9CE91","aohghmighlieiainnegkcijnfilokake":"A613A5A4E8DB7A433854F426F6BB1E4D2D848F48EA8AF1342F51E107449A871D","apdfllckaahabafndbhieahigkjlhalf":"D3FF13EA5A3BC5ACA47A44A3B49DC64BEA4A9112BCA977FDC319DDFC5F0433A3","bepbmhgboaologfdajaanbcjmnhjmhfn":"47674854842EB6BA4243051A4992DEA32E80B124DD9B3E1880FCD604D7D91529","blpcfgokakmgnkcojhhkbfbldkacnbeo":"6A3D696F206A71021D4295F3AE7C676663F545268F8AE869ED03E7F923ECBA16","coobgpohoikkiipiblmjeljniedjpjpf":"82413CB0DC4C90B518948FC0E56FBAC7D4B96A1AE9460016D84CC6EDAB97BC4E","dnhpdliibojhegemfjheidglijccjfmc":"D49F04C480B2574202F250BFB765FCD9389D63F879E7B9B43B142637FFA9CE66","eemcgdkfndhakfknompkggombfjjjeno":"C704B0B7604A6DA20DD21CE7B523FF0C54D5D800D3E1E745E396EA922FAADD84","ennkphjdgehloodpbhlhldgbnhmacadg":"222644A55E9E33779DDFB9C6F25EC33FEA75B1793E0EBB604CC64173A02B01A9","gfdkimpbcpahaombhbimeihdjnejgicl":"A4B451D8EA05D865E6F86D1E48F0A7A8527807265CC3418611877E6E17A7D72E","kmendfapggjehodndflmmgagdbamhnfd":"107585A49AF7BC319903CDC22F95A020B0583C1CE76A2DA184C4823E5929AC83","lccekmodgklaepjeofjdjpbminllajkg":"5E6342C9E6F3E475ECD73A9D594A40D10EC633D628D39EE5C7BDD57CE6EB74A5","mfehgcgbbipciphmccgaenjidiccnmng":"12B74E6621E4A9AD656BF66490F256DABA43DA929CC201A268935D308C6BDD7A","mfffpogegjflfpflabcdkioaeobkgjik":"CED74CD6D3C859555676D1037B60A0F1A3D14D19451F1E0C92383743F0AC3485","mgndgikekgjfcpckkfioiadnlibdjbkf":"DB67B8E5BEBAE1561EC2A0CC669CFF360EA19EA7DE3B496065C8760763CB8519","mhjfbmdgcfjbbpaeojofohoefgiehjai":"F364BCC0C38E476BD6D97F6E9BCFD17DA7B5312B421F419B152AF9A4FFEE7E99","nbpagnldghgfoolbancepceaanlmhfmd":"C4BE008B3443DA015CA1739169E697E5DEA6A96B35280ED5FA838F482A006227","neajdppkdcdipfabeoofebfddakdcjhd":"434EC733F5F43C8501FFDF29968769C897222C7123F302E77177F63956D74083","nkeimhogjdpnpccoofpliimaahmaaome":"F723ABE9852C076B249D8ECD2245C52DFDF2F34A15E69B1BCCCAC9DE19F09F75","nmmhkkegccagdldgiimedpiccmgmieda":"0256CA505452E1C72F897D3ADD02713F06CB04D165908ABBC8B50BDDE60BE10D","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"894F68BBB1BDAC02C28EB26FD5E724FDC5B2CD5B111862BC9869D2F7B1D8BD47","pjkljhegncpnkpknbcohdijeoejaedia":"64C42445D79289125F0F76A334EC22B7F6653F02C600750BC5264B45C4EFC142"}},"google":{"services":{"last_username":"2443B4B1E8483969A8793E688AD8D545724C2C29723E13998F74A3F5ACB43914","username":"ABF21DCE9B65566E6B4342B8B756DA0E9C18DF5B7203FF741CCE37704ADC3C6A"}},"homepage":"E70CD67B7C157C85AC13DBE0EBBCB19E0F4C1964CA80ADF583A3E950BDDE8ED7","homepage_is_newtabpage":"8DD91D45398D11FBEAA522EE798BD803AF6D4EFF02613B32D888EF84EAD90892","pinned_tabs":"ABBCAF7B14102307DFFDC120895205AB1EA5C050A53AC4989D68320721430E4C","prefs":{"preference_reset_time":"F2848AA681BB3B4987E713B9F4E8AEDEAB8CF1E794854EDFD5CDE7DC10C98EA0"},"profile":{"reset_prompt_memento":"707EA13DABA2EF2655E64AFBB0DB97CD7911954F3916B83AB7A6EA43EF9228EE"},"safebrowsing":{"incidents_sent":"A88C3330D98437CA294C42E1EEA144AC4882119C813682013C3459D79C77795B"},"search_provider_overrides":"5543D300B1131CA2D86EFE422BCC47A9801316556296311E57E8997568E822C9","session":{"restore_on_startup":"F51A7D73A61877826492F110250FE685DBF0C7009CF33B6DF8CD9F85296D343E","startup_urls":"B4ED088D82487A5D863DE4521E42C6FDB752421878723E444A6DD7ED3E9FF896"},"software_reporter":{"prompt_reason":"342BD00BDDD34D8231088CAD4045FC357E53238D59B9A185A80CC4C2A2639587","prompt_seed":"DCE4B85418CC56F13C00FF0A58B59DA52755954B89B0F0762F94512CD3F2FC25","prompt_version":"3D13246559DB5C92FCDAE70E2815AA1ECEB41175BA38A03598DDA6DC20DA0A9F"},"sync":{"remaining_rollback_tries":"00A44AC67AD32877AC3D3B6A677AF4E5BD371C752128B5832688435DBF9A6CBA"}},"super_mac":"4FAAC01FB18E91FBEED358AFE728A9B37618599FD9A984CB92D654204488717C"},"sync":{"remaining_rollback_tries":0}} C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Preferences0,\"vendor_id\":\"165\",\"width_microns\":111100},{\"custom_display_name\":\"Envelope A2\",\"height_microns\":146000,\"name\":\"JPN_CHOU2\",\"vendor_id\":\"166\",\"width_microns\":110900},{\"custom_display_name\":\"Hagaki 100x148mm\",\"height_microns\":148000,\"name\":\"JPN_HAGAKI\",\"vendor_id\":\"167\",\"width_microns\":100000},{\"custom_display_name\":\"Borderless hagaki 100x148mm\",\"height_microns\":148100,\"name\":\"JPN_HAGAKI\",\"vendor_id\":\"168\",\"width_microns\":100100},{\"custom_display_name\":\"Index card 3x5in.\",\"height_microns\":127000,\"name\":\"NA_INDEX_3X5\",\"vendor_id\":\"169\",\"width_microns\":76200},{\"custom_display_name\":\"No. 6 3/4 Envelope\",\"height_microns\":165100,\"name\":\"NA_PERSONAL\",\"vendor_id\":\"171\",\"width_microns\":92200},{\"custom_display_name\":\"Index card 5x8in.\",\"height_microns\":203200,\"name\":\"NA_INDEX_5X8\",\"vendor_id\":\"172\",\"width_microns\":127000},{\"custom_display_name\":\"Ofuku Hagaki\",\"height_microns\":199800,\"name\":\"JPN_OUFUKU\",\"vendor_id\":\"173\",\"width_microns\":148000}]},\"page_orientation\":{\"option\":[{\"is_default\":true,\"type\":\"PORTRAIT\"},{\"type\":\"LANDSCAPE\"},{\"type\":\"AUTO\"}]},\"supported_content_type\":[{\"content_type\":\"application/pdf\"}]},\"version\":\"1.0\"},\"selectedDestinationName\":\"HP6676F7 (HP Officejet J4680 series)\",\"isDuplexEnabled\":false,\"mediaSize\":{\"custom_display_name\":\"Letter\",\"height_microns\":279400,\"is_default\":true,\"name\":\"NA_LETTER\",\"vendor_id\":\"1\",\"width_microns\":215900},\"dpi\":{\"horizontal_dpi\":600,\"is_default\":true,\"vertical_dpi\":600},\"selectedDestinationExtensionId\":\"\"}"}},"profile":{"avatar_bubble_tutorial_shown":1,"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{"https://[*.]www.khanacademy.org:443,*":{"setting":1},"https://[*.]www.youtube.com:443,*":{"setting":1},"https://vimeo.com:443,https://vimeo.com:443":{"setting":1}},"geolocation":{"http://bindingofisaacrebirth.gamepedia.com:80,http://bindingofisaacrebirth.gamepedia.com:80":{"setting":1},"https://www.peiwei.com:443,https://www.peiwei.com:443":{"setting":1}},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{"https://www.google.com:443,*":{"setting":1}},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{"[*.]web.roblox.com,*":{"setting":1},"[*.]www.roblox.com,*":{"setting":1}},"popups":{"https://[*.]my.hrw.com:443,*":{"setting":1}},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"[*.]web.roblox.com,*":{"plugins":1},"[*.]www.roblox.com,*":{"plugins":1},"http://bindingofisaacrebirth.gamepedia.com:80,http://bindingofisaacrebirth.gamepedia.com:80":{"geolocation":1,"last_used":{"geolocation":1429972520.755725}},"https://[*.]my.hrw.com:443,*":{"popups":1},"https://[*.]www.khanacademy.org:443,*":{"fullscreen":1},"https://[*.]www.youtube.com:443,*":{"fullscreen":1},"https://vimeo.com:443,https://vimeo.com:443":{"fullscreen":1},"https://www.google.com:443,*":{"last_used":{"media-stream-mic":1429470270.991902},"media-stream-mic":1},"https://www.peiwei.com:443,https://www.peiwei.com:443":{"geolocation":1,"last_used":{"geolocation":1425162054.95262}}},"plugin_whitelist":{"npsitesafety":{"dll":true}},"pref_version":1},"created_by_version":"35.0.1916.114","exit_type":"SessionEnded","exited_cleanly":true,"gaia_info_picture_url":"https://lh5.googleusercontent.com/-haBLRz9eYLg/AAAAAAAAAAI/AAAAAAAAAV8/RTukSYhljaQ/s256-c/photo.jpg","gaia_info_update_time":"13084136882185926","icon_version":3,"managed_user_id":"","managed_users":{},"migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Firstuser","password_manager_groups_for_domains":[0,null,null,null,null,null,4],"per_host_zoom_levels":{}},"protection":{"macs":{}},"reverse_autologin":{"enabled":false},"safebrowsing":{"extended_reporting_enabled":false},"savefile":{"default_directory":"C:\\Users\\mooke_000\\Pictures","type":1},"selectfile":{"last_directory":"C:\\Users\\mooke_000\\Pictures"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13046482681127931"},"sync":{"app_list":true,"app_settings":true,"apps":true,"autofill":true,"autofill_profile":true,"autofill_wallet":true,"bookmarks":true,"dictionary":false,"encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA3c20YGNsc0OIiLhFdncglAAAAAACAAAAAAAQZgAAAAEAACAAAACXWDDZBcM+eA+9P7B1N7al7F/V1Z9Jg3oO2m/usZpr4QAAAAAOgAAAAAIAACAAAABtuVcmP1Y9WtoUIc1l1WRhI6lMc/EFEil2hw77LJTlbEAAAADAb3umj9ZM7Ux+OBqDYDOtcf8xR7sq/0rMxL1x4KFUBbbT8uMJhnb/GTOdmTML986xXtvOmQMCXlGZv1rwVri7QAAAAENcSY2Cg9AkE8Sx/UNVdHgBDLUw2gKJgeATZSabWRD6mNuNoniwlQdEp/hN/FTcEgalCRnsz/EAAQWfSveYP/I=","extension_settings":true,"extensions":true,"favicon_images":true,"favicon_tracking":true,"first_sync_time":"13055118736362832","has_setup_completed":true,"history_delete_directives":true,"keep_everything_synced":false,"keystore_encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA3c20YGNsc0OIiLhFdncglAAAAAACAAAAAAAQZgAAAAEAACAAAABNihHORacbJ504tbQtQopqD+WLIXt9lc5vwdFr7w8BLgAAAAAOgAAAAAIAACAAAAA9lPQWe0t5g7t2JhbyRoOFmfylRC30usGuzi66W7duWlAAAACj/yFZFmAHazLdalM2L8ZNwkmIVrRngESxtVm9oieUQ0dftoDB2aUROzZNA1gZnpVzDcqLQ0Xs27DojW3jZI+e5c9/ho+MtM7YtMFHaMrQ2UAAAABrDffZGWplmjjd2zfnOzh3MA6htoMFwy3v2AePFzXXx8H6agIOZfgQIvxbk7jahTxIbIENIvSqIbR7u6v/gCIy","last_synced_time":"13084219126304698","managed_user_settings":true,"managed_user_shared_settings":true,"managed_user_whitelists":true,"managed_users":true,"memory_warning_count":0,"passwords":true,"preferences":false,"priority_preferences":false,"search_engines":false,"session_sync_guid":"session_syncJLfaPHsGBIo9FLR1s53yZw==","sessions":true,"shutdown_cleanly":false,"suppress_start":false,"synced_notifications":true,"tabs":true,"themes":true,"typed_urls":true},"sync_promo":{"startup_count":1},"synced_notification":{"first_run":false},"translate_accepted_count":{"de":0,"en":0,"pt":0},"translate_blocked_languages":["en"],"translate_denied_count":{"en":1,"pt":1},"translate_denied_count_for_language":{"de":2,"en":1},"translate_last_denied_time":1425932860295.626,"translate_last_denied_time_for_language":{"de":1439684030402.555,"en":1438018787678.093},"translate_too_often_denied":true,"translate_whitelists":{},"zerosuggest":{"cachedresults":""}} C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Preferencesa.com,*":{"plugins":1},"[*.]solutions1.learn.hp.com,*":{"plugins":1},"[*.]trinityrivercorridor.com,*":{"plugins":1},"[*.]upload.wikimedia.org,*":{"plugins":1},"[*.]www.cvsphoto.com,*":{"plugins":1},"[*.]www.ers-srl.com,*":{"plugins":1},"[*.]www.impactwrestling.com,*":{"fullscreen":1},"[*.]www.java.com,*":{"plugins":1},"[*.]www.myfoxdfw.com,*":{"plugins":1},"[*.]www.scholastic.com,*":{"plugins":1},"[*.]www.youtube.com,*":{"fullscreen":1},"http://192.168.1.85:8080,*":{"plugins":1},"http://maps.google.com:80,http://maps.google.com:80":{"geolocation":1},"http://touch.facebook.com:80,http://touch.facebook.com:80":{"geolocation":1},"http://www.greatclips.com:80,http://www.greatclips.com:80":{"geolocation":1},"http://www.wunderground.com:80,http://www.wunderground.com:80":{"geolocation":1},"http://www.zoomzoomzen.com:80,http://www.zoomzoomzen.com:80":{"geolocation":1},"https://[*.]download.citrixonline.com:443,*":{"plugins":1},"https://[*.]eft1.feps.cms.gov:443,*":{"plugins":1},"https://[*.]mail.google.com:443,*":{"popups":1},"https://[*.]plus.google.com:443,*":{"fullscreen":1},"https://[*.]qbo.intuit.com:443,*":{"popups":1},"https://[*.]us-mg205.mail.yahoo.com:443,*":{"multiple-automatic-downloads":1},"https://[*.]www.facebook.com:443,*":{"fullscreen":1},"https://app.mysms.com:443,*":{"notifications":1},"https://foursquare.com:443,https://foursquare.com:443":{"geolocation":1},"https://maps.google.com:443,https://maps.google.com:443":{"geolocation":1},"https://plus.google.com:443,https://plus.google.com:443":{"geolocation":1},"https://www.google.com:443,*":{"media-stream-mic":1}},"plugin_whitelist":{"npsitesafety":{"dll":true}},"pref_version":1},"created_by_version":"35.0.1916.114","default_content_setting_values":{"plugins":3},"default_content_settings":{"plugins":3},"exit_type":"Crashed","exited_cleanly":true,"gaia_info_update_time":"13084233681968367","icon_version":3,"is_managed":false,"managed_user_id":"","managed_users":{},"migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Firstuser","password_manager_groups_for_domains":[1],"per_host_zoom_levels":{}},"protection":{"macs":{}},"reverse_autologin":{"enabled":false},"savefile":{"default_directory":"C:\\Users\\Web\\Desktop"},"selectfile":{"last_directory":"C:\\Users\\Web\\Google Drive\\TQF\\Quickbooks\\Invoices"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13046643098031463"},"settings":{"privacy":{"drm_salt":"59D990A4BCF6D7DA80F0CE8659C908FC2FA5F4DE5A020533B694B6C1AAE84E44"}},"signin":{"signedin_time":"13064261698391182"},"sync":{"app_list":true,"app_settings":true,"apps":true,"autofill":true,"autofill_profile":true,"bookmarks":true,"dictionary":true,"encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAABysDQll0iEqH4Npf5cRrEwAAAAACAAAAAAAQZgAAAAEAACAAAAC7P9C05ipXTOzF0l4BjbyY/Ou+t3xd+MW8UJa3TaLU9gAAAAAOgAAAAAIAACAAAACBXditQkETqm6P+Nr7VpGS/WDlqtLRirKMehnoAMeBUkAAAABkKc1TGWikSPgQaBuy0LhefntKyg7j88fyOXLTugXGdbTeAp4cXzoKNi0BORaRe8kgKORe7mUa19RLcdepVn5vQAAAAFLuwP++8xk2K21Iq9GGF9W0HMVmSsAQfIEC5xeCpG1adaIH2GEK4YXVnyKN7xf/DRTHDQvytIhh7jG5snxzSaM=","extension_settings":true,"extensions":true,"favicon_images":true,"favicon_tracking":true,"first_sync_time":"13054232150315396","has_auth_error":true,"has_setup_completed":true,"history_delete_directives":true,"keystore_encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAABysDQll0iEqH4Npf5cRrEwAAAAACAAAAAAAQZgAAAAEAACAAAADabq7neynTCsZSn2NcWnNZ2SiNs1cdZ5fH16xV5JuVdQAAAAAOgAAAAAIAACAAAACK/KfwkrmTwJaHOt81rnX5WIz+9eX0cTcvAXKKGiWQtlAAAAALJILtIyo3gY/C9xlIauvuEtBrhjngB4+DJoBKNfWG3NLjbXEWYfm9YFADQnraWxrgpl52a6mWaoesox1FyrLiZB9guUGzeKIPPH8nBoY6uUAAAAC80pZOS4wt7GHJTqpvmMl84Bxp6QHQjHJ0oHgPPYAzm0TA59TUhfsiOHEdTwNzUZKEDL06TvfwuvzbVjNhk35c","last_synced_time":"13084234442806872","managed_user_settings":true,"managed_user_shared_settings":true,"managed_user_whitelists":true,"managed_users":true,"memory_warning_count":0,"passwords":true,"preferences":true,"priority_preferences":true,"search_engines":true,"session_sync_guid":"session_sync3Hda8RkRlmSyGv3B4D4+Uw==","sessions":true,"shutdown_cleanly":false,"suppress_start":false,"synced_notifications":true,"tabs":true,"themes":true,"typed_urls":true},"sync_promo":{"startup_count":1},"synced_notification":{"first_run":false},"translate_accepted_count":{"ar":0,"de":0,"es":0,"fr":0,"ga":0,"it":0,"ja":0,"zh-CN":1},"translate_blocked_languages":["en"],"translate_denied_count":{"ar":1,"de":6,"es":1,"fr":1,"ga":1,"it":1,"ja":1,"zh-CN":0},"translate_whitelists":{}} ==== Set IE to Default ====================== Old Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://www.msn.com/?pc=MSE1" New Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://www.msn.com/?pc=MSE1" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS"{D944BB61-2E34-4DBF-A683-47E505C587DC} eBay Url="http://rover.ebay.com/rover/1/711-154371-11896-2/4" ==== Empty IE Cache ====================== C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\aklyk_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\Users\aklyk_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfullyC:\Users\halca_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\Users\halca_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfullyC:\Users\mooke_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\Users\mooke_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfullyC:\Users\pauli_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\Users\pauli_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfullyC:\Users\Web\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\Users\Web\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfullyC:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\Users\aklyk_000\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfullyC:\Users\aklyk_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfullyC:\Users\halca_000\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfullyC:\Users\halca_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfullyC:\Users\mooke_000\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfullyC:\Users\mooke_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfullyC:\Users\pauli_000\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfullyC:\Users\pauli_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfullyC:\Users\Web\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfullyC:\Users\Web\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfullyC:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfullyC:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\aklyk_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfullyC:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfullyC:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfullyC:\Users\pauli_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfullyC:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=49 folders=36 20196232 bytes) ==== Empty Temp Folders ====================== C:\Users\aklyk_000\AppData\Local\Temp emptied successfullyC:\Users\Default\AppData\Local\Temp emptied successfullyC:\Users\Default User\AppData\Local\Temp emptied successfullyC:\Users\halca_000\AppData\Local\Temp emptied successfullyC:\Users\mooke_000\AppData\Local\Temp emptied successfullyC:\Users\pauli_000\AppData\Local\Temp emptied successfullyC:\Users\Web\AppData\Local\Temp will be emptied at rebootC:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfullyC:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfullyC:\windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\windows\Temp successfully emptiedC:\Users\Web\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on Sun 08/16/2015 at 16:59:09.69 ====================== Link to post Share on other sites More sharing options...
MrCharlie Posted August 16, 2015 ID:983711 Share Posted August 16, 2015 OK...after you scan with Malwarebytes Please re-scan with FRST and Make sure the Addition Box is checked. http://www.fixitpc.pl/picasso/images/malware/tools/frst/frst_win05.png Post or attach the 2 logs FRST.txt and Addition.txt MrC Link to post Share on other sites More sharing options...
Darth_Kittens Posted August 16, 2015 Author ID:983715 Share Posted August 16, 2015 Malwarebytes scan came back clean but as soon as I opened Chrome the advertising sidebar was still there. Although once I closed it it has not come back (yet). I did not reboot after the Malwarebytes scan. Should I have? FRST.txt below and addition.txt in next comment. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-08-2015Ran by Web (administrator) on JEFFERSON (16-08-2015 17:31:21)Running from C:\Users\Web\DesktopLoaded Profiles: Web (Available Profiles: Web & pauli_000 & mooke_000 & halca_000 & aklyk_000)Platform: Windows 8.1 (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: IE)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe(AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe(Microsoft Corporation) C:\Windows\System32\backgroundTaskHost.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [simplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2793016 2013-09-05] (Hewlett-Packard)HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [154680 2013-09-05] (Hewlett-Packard)HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [154680 2013-09-05] (Hewlett-Packard)HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7205592 2014-06-10] (Realtek Semiconductor)HKLM-x32\...\Run: [intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-02-27] (Intuit Inc. All rights reserved.)HKLM-x32\...\Run: [startCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-11] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\Run: [GoogleChromeAutoLaunch_E2EFA8B57D860A85EE2AA41549A6F263] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-08-07] (Google Inc.)HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22344224 2015-07-29] (Google)HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\Run: [GoogleChromeAutoLaunch_E79404C9801F5F746CB0082314E75BDB] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-08-07] (Google Inc.)HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\Run: [spotify] => C:\Users\Web\AppData\Roaming\Spotify\Spotify.exe [6621752 2014-08-29] (Spotify Ltd)HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\Run: [spotify Web Helper] => C:\Users\Web\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-29] (Spotify Ltd)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2014-06-08]ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2014-06-08]ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2014-06-08]ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.)ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1HKU\S-1-5-21-2744511804-60897879-1795108344-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1HKU\S-1-5-21-2744511804-60897879-1795108344-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}SearchScopes: HKU\S-1-5-21-2744511804-60897879-1795108344-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}SearchScopes: HKU\S-1-5-21-2744511804-60897879-1795108344-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-08-16] (Oracle Corporation)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-16] (Oracle Corporation)BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cabHandler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll [2014-12-10] (Intuit, Inc.)Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\windows\SysWOW64\mscoree.dll [2013-08-21] (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 192.168.1.254Tcpip\..\Interfaces\{A3F2874C-718F-4260-98B6-DBD6F96607DF}: [DhcpNameServer] 192.168.1.254Tcpip\..\Interfaces\{AE402C42-EB0A-4278-A550-50AC5749342A}: [DhcpNameServer] 192.168.1.254 FireFox:========FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-16] (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-16] (Oracle Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) Chrome: =======CHR Profile: C:\Users\Web\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Docs) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-07]CHR Extension: (Google Drive) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-07]CHR Extension: (YouTube) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-07]CHR Extension: (Google Cast) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-01-01]CHR Extension: (Google Search) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-07]CHR Extension: (User-Agent Switcher for Chrome) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2014-06-07]CHR Extension: (Google News) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2014-06-07]CHR Extension: (Google+) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2014-06-07]CHR Extension: (Google Play Music) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2014-08-02]CHR Extension: (Google +1 Button) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp [2014-06-07]CHR Extension: (Google Voice (by Google)) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2014-06-07]CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]CHR Extension: (Boomerang for Gmail) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2014-06-07]CHR Extension: (Chrome Web Store Payments) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-07]CHR Extension: (Gmail) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-07] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-09-05] () [File not signed]R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-05] (Softex Inc.) [File not signed]S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2007048 2015-07-28] (Electronic Arts)R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-12-10] (Intuit) [File not signed]S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2013-10-10] (Intuit Inc.) [File not signed]R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-10-10] (Intuit Inc.) [File not signed]R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2014-06-10] (Realtek Semiconductor)S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-24] (Microsoft Corporation)S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.)S3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-06-10] (Advanced Micro Devices)R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-16] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-16 16:52 - 2015-08-16 16:24 - 00024064 _____ C:\windows\zoek-delete.exe2015-08-16 16:35 - 2015-08-16 16:35 - 00000000 ____D C:\Users\Web\AppData\Local\VirtualStore2015-08-16 16:27 - 2015-08-16 16:06 - 00047805 _____ C:\zoek-results2015-08-16-210618.log2015-08-16 16:19 - 2015-08-16 16:19 - 00002830 _____ C:\AdwCleaner[C2].txt2015-08-16 16:15 - 2015-08-16 16:17 - 00002580 _____ C:\AdwCleaner[s2].txt2015-08-16 16:11 - 2015-08-16 16:11 - 00007930 _____ C:\Users\Web\Downloads\fixlist (1).txt2015-08-16 15:34 - 2015-08-16 16:59 - 00033304 _____ C:\zoek-results.log2015-08-16 15:29 - 2015-08-16 15:57 - 00000000 ____D C:\zoek_backup2015-08-16 15:29 - 2015-08-16 15:29 - 01308672 _____ C:\Users\Web\Desktop\zoek.exe2015-08-16 15:27 - 2015-08-16 16:52 - 00000344 _____ C:\windows\Tasks\HPCeeScheduleForWeb.job2015-08-16 15:27 - 2015-08-16 16:29 - 00003154 _____ C:\windows\System32\Tasks\HPCeeScheduleForWeb2015-08-16 15:09 - 2015-08-16 15:11 - 00018555 _____ C:\AdwCleaner[C1].txt2015-08-16 15:05 - 2015-08-16 15:09 - 00000000 ____D C:\AdwCleaner2015-08-16 15:05 - 2015-08-16 15:07 - 00017836 _____ C:\AdwCleaner[s1].txt2015-08-16 15:03 - 2015-08-16 15:03 - 01563648 _____ C:\Users\Web\Downloads\AdwCleaner.exe2015-08-16 13:08 - 2015-08-16 13:09 - 00057112 _____ C:\Users\Web\Desktop\Addition.txt2015-08-16 13:06 - 2015-08-16 17:32 - 00018550 _____ C:\Users\Web\Desktop\FRST.txt2015-08-16 13:05 - 2015-08-16 13:05 - 02173440 _____ (Farbar) C:\Users\Web\Desktop\FRST64.exe2015-08-16 12:52 - 2015-08-16 17:31 - 00000000 ____D C:\FRST2015-08-16 12:44 - 2015-08-16 12:44 - 00000000 ____D C:\ProgramData\Sun2015-08-16 12:44 - 2015-08-16 12:43 - 00110688 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll2015-08-16 12:43 - 2015-08-16 12:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2015-08-16 12:42 - 2015-08-16 12:42 - 00000000 ____D C:\ProgramData\Oracle2015-08-16 12:42 - 2015-08-16 12:42 - 00000000 ____D C:\Program Files\Java2015-08-16 12:35 - 2015-08-16 12:35 - 00000272 ____H C:\windows\Tasks\User_Feed_Synchronization-{C5F881FB-A495-42CB-A304-59516024C554}.job2015-08-16 12:33 - 2015-08-16 12:33 - 00000272 ____H C:\windows\Tasks\User_Feed_Synchronization-{04B9E90F-251F-4172-81A6-1ACCE334504E}.job2015-08-15 10:19 - 2015-08-15 10:19 - 694094341 _____ C:\windows\MEMORY.DMP2015-08-15 10:19 - 2015-08-15 10:19 - 00281296 _____ C:\windows\Minidump\081515-39234-01.dmp2015-08-15 10:19 - 2015-08-15 10:19 - 00000000 ____D C:\windows\Minidump2015-08-15 10:10 - 2015-08-15 10:10 - 00000000 _____ C:\windows\SysWOW64\Number of results2015-08-15 08:40 - 2015-08-15 10:21 - 00000010 _____ C:\Users\Public\Documents\test.txt2015-08-15 05:32 - 2015-08-15 05:32 - 00942955 _____ C:\Users\pauli_000\Downloads\Setup (3).zip2015-08-15 03:47 - 2015-08-15 03:47 - 00555288 _____ C:\Users\pauli_000\Downloads\Unconfirmed 588830.crdownload2015-08-15 03:11 - 2015-08-15 03:11 - 00943043 _____ C:\Users\pauli_000\Downloads\Setup (2).zip2015-08-15 03:11 - 2015-08-15 03:11 - 00446708 _____ C:\Users\pauli_000\Downloads\Setup (1).zip2015-08-15 02:02 - 2015-08-15 02:02 - 00555288 _____ C:\Users\pauli_000\Downloads\Unconfirmed 126890.crdownload2015-08-14 23:16 - 2015-08-14 23:17 - 00513920 _____ C:\Users\pauli_000\Downloads\Unconfirmed 693194.crdownload2015-08-14 22:15 - 2015-08-14 22:15 - 00340180 _____ C:\Users\pauli_000\Downloads\setup.zip2015-08-14 09:35 - 2015-08-14 09:35 - 00001055 _____ C:\Users\Web\Desktop\malwarebytes_20150814.txt2015-08-14 08:12 - 2015-08-16 16:04 - 00000008 __RSH C:\ProgramData\ntuser.pol2015-08-14 08:12 - 2015-08-14 08:12 - 00000033 _____ C:\CLMediaServer.ini2015-08-14 06:45 - 2015-08-14 06:45 - 00003258 _____ C:\windows\System32\Tasks\runTask2015-08-14 06:45 - 2015-08-14 06:45 - 00003162 _____ C:\windows\System32\Tasks\updateTask2015-08-14 06:44 - 2015-08-14 06:44 - 00000000 ____D C:\Users\pauli_000\AppData\Roaming\Mozilla2015-08-14 06:44 - 2015-08-14 06:44 - 00000000 ____D C:\Program Files (x86)\TechVedic2015-08-14 06:43 - 2015-08-14 06:43 - 00000000 ____D C:\windows\system32\upo2015-08-14 06:41 - 2015-08-14 07:41 - 00000004 _____ C:\windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E72015-08-13 20:32 - 2013-08-22 08:25 - 00000824 _____ C:\windows\system32\Drivers\etc\hp.bak2015-08-13 20:30 - 2015-08-13 20:30 - 00001335 _____ C:\Users\mooke_000\AppData\Local\Chrome .lnk2015-08-13 20:30 - 2015-08-13 20:30 - 00000298 _____ C:\Users\mooke_000\AppData\Local\Firefox .lnk2015-08-13 20:29 - 2015-08-16 15:10 - 00001205 _____ C:\Users\mooke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome .lnk2015-08-13 20:29 - 2015-08-16 15:10 - 00000854 _____ C:\Users\mooke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Iexplore .lnk2015-08-13 20:29 - 2015-08-16 15:10 - 00000144 _____ C:\Users\mooke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefox .lnk2015-08-13 20:29 - 2015-08-13 20:29 - 00000984 _____ C:\Users\mooke_000\AppData\Local\Iexplore .lnk2015-08-13 20:28 - 2015-08-13 20:28 - 00000000 _____ C:\windows\SysWOW64\minibrowser.log2015-08-13 20:21 - 2015-08-13 20:21 - 00001249 _____ C:\Users\pauli_000\Desktop\Continue installation .lnk2015-08-13 19:05 - 2015-08-13 19:05 - 00000000 ____D C:\Users\mooke_000\Downloads\Trove Hack Tool Downloader__3687_i1580706326.exe2015-08-13 19:01 - 2015-08-13 19:01 - 00540750 _____ C:\Users\mooke_000\Downloads\Trove Hack Tool Downloader__3687_i1580706326.exe.rar2015-08-13 03:44 - 2015-07-30 09:04 - 00124624 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll2015-08-13 03:44 - 2015-07-30 08:48 - 00103120 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll2015-08-12 20:35 - 2015-08-12 20:36 - 00000000 ____D C:\Users\mooke_000\AppData\Roaming\Trove2015-08-12 19:58 - 2015-08-12 19:58 - 00000222 _____ C:\Users\mooke_000\Desktop\Trove.url2015-08-12 19:14 - 2015-08-12 19:14 - 00000000 ____D C:\Users\mooke_000\AppData\Roaming\com.freakinware.mitosis2015-08-12 19:05 - 2015-08-12 19:05 - 00000222 _____ C:\Users\mooke_000\Desktop\Mitos.is The Game.url2015-08-12 18:42 - 2015-08-12 18:42 - 00000222 _____ C:\Users\mooke_000\Desktop\Spooky's House of Jump Scares.url2015-08-12 16:05 - 2015-08-12 16:05 - 00000222 _____ C:\Users\mooke_000\Desktop\Time Clickers.url2015-08-12 04:06 - 2015-07-28 18:24 - 00025776 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe2015-08-12 04:06 - 2015-07-28 09:24 - 01148416 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll2015-08-12 04:06 - 2015-07-28 09:24 - 01116160 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll2015-08-12 04:06 - 2015-07-28 09:24 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll2015-08-12 04:06 - 2015-07-28 09:24 - 00743424 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll2015-08-12 04:06 - 2015-07-28 09:24 - 00437248 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll2015-08-12 04:06 - 2015-07-28 09:24 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll2015-08-12 04:06 - 2015-07-18 20:58 - 00136904 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe2015-08-12 04:06 - 2015-07-18 13:51 - 03704320 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll2015-08-12 04:06 - 2015-07-18 13:31 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll2015-08-12 04:06 - 2015-07-18 13:31 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll2015-08-12 04:06 - 2015-07-18 13:31 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe2015-08-12 04:06 - 2015-07-18 13:29 - 00409088 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll2015-08-12 04:06 - 2015-07-18 13:29 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll2015-08-12 04:06 - 2015-07-18 13:28 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll2015-08-12 04:06 - 2015-07-18 13:12 - 02228736 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll2015-08-12 04:06 - 2015-07-18 13:10 - 00891904 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll2015-08-12 04:06 - 2015-07-18 13:09 - 00721920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll2015-08-12 04:06 - 2015-07-15 19:29 - 07458648 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe2015-08-12 04:06 - 2015-07-15 19:29 - 01735000 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll2015-08-12 04:06 - 2015-07-15 19:29 - 00101720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys2015-08-12 04:06 - 2015-07-15 19:28 - 01499920 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll2015-08-12 04:06 - 2015-07-10 12:54 - 01217024 _____ (Microsoft Corporation) C:\windows\system32\sysmain.dll2015-08-12 04:06 - 2015-07-01 17:19 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll2015-08-12 04:06 - 2015-07-01 17:16 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll2015-08-12 04:06 - 2015-07-01 16:37 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll2015-08-12 04:06 - 2015-07-01 16:35 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll2015-08-12 04:05 - 2015-07-18 13:29 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe2015-08-12 04:05 - 2015-06-09 13:27 - 00411133 _____ C:\windows\system32\ApnDatabase.xml2015-08-12 04:04 - 2015-07-16 16:14 - 25192448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll2015-08-12 04:04 - 2015-07-16 15:36 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll2015-08-12 04:04 - 2015-07-16 15:36 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec2015-08-12 04:04 - 2015-07-16 15:35 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll2015-08-12 04:04 - 2015-07-16 15:26 - 05923328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll2015-08-12 04:04 - 2015-07-16 15:23 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll2015-08-12 04:04 - 2015-07-16 15:21 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll2015-08-12 04:04 - 2015-07-16 15:20 - 19870208 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll2015-08-12 04:04 - 2015-07-16 14:53 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll2015-08-12 04:04 - 2015-07-16 14:51 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll2015-08-12 04:04 - 2015-07-16 14:50 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec2015-08-12 04:04 - 2015-07-16 14:45 - 02279424 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll2015-08-12 04:04 - 2015-07-16 14:45 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll2015-08-12 04:04 - 2015-07-16 14:41 - 00479232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll2015-08-12 04:04 - 2015-07-16 14:39 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll2015-08-12 04:04 - 2015-07-16 14:38 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll2015-08-12 04:04 - 2015-07-16 14:36 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll2015-08-12 04:04 - 2015-07-16 14:34 - 14451200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll2015-08-12 04:04 - 2015-07-16 14:32 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl2015-08-12 04:04 - 2015-07-16 14:14 - 02880000 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll2015-08-12 04:04 - 2015-07-16 14:13 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll2015-08-12 04:04 - 2015-07-16 14:12 - 04520448 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll2015-08-12 04:04 - 2015-07-16 14:12 - 02427904 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll2015-08-12 04:04 - 2015-07-16 14:10 - 12856832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll2015-08-12 04:04 - 2015-07-16 14:06 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll2015-08-12 04:04 - 2015-07-16 14:01 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll2015-08-12 04:04 - 2015-07-16 13:52 - 01048576 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll2015-08-12 04:04 - 2015-07-16 13:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll2015-08-12 04:04 - 2015-07-16 13:42 - 01951232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll2015-08-12 04:04 - 2015-07-16 13:38 - 01310720 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll2015-08-12 04:04 - 2015-07-16 13:37 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll2015-08-12 04:03 - 2015-07-07 04:40 - 00270168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys2015-08-12 04:03 - 2015-07-07 04:40 - 00114520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdNisDrv.sys2015-08-12 04:03 - 2015-07-07 04:40 - 00044560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys2015-08-12 04:03 - 2015-06-12 12:03 - 18823680 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll2015-08-12 04:03 - 2015-06-12 11:36 - 15159296 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll2015-08-12 04:01 - 2015-07-29 09:37 - 01994752 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll2015-08-12 04:01 - 2015-07-29 09:30 - 01381888 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll2015-08-12 04:01 - 2015-07-29 09:23 - 01559552 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll2015-08-12 04:01 - 2015-07-24 13:57 - 04177408 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys2015-08-12 04:01 - 2015-07-24 13:57 - 00358912 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll2015-08-12 04:01 - 2015-07-24 13:52 - 00044032 _____ (Adobe Systems) C:\windows\system32\atmlib.dll2015-08-12 04:01 - 2015-07-24 12:27 - 00301568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll2015-08-12 04:01 - 2015-07-24 12:23 - 00035840 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll2015-08-12 04:01 - 2015-07-14 16:59 - 01113944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys2015-08-12 04:01 - 2015-07-14 16:59 - 00487256 _____ (Microsoft Corporation) C:\windows\system32\netcfgx.dll2015-08-12 04:01 - 2015-07-14 16:59 - 00393560 _____ (Microsoft Corporation) C:\windows\SysWOW64\netcfgx.dll2015-08-12 04:01 - 2015-07-13 22:22 - 02529880 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll2015-08-12 04:01 - 2015-07-13 22:21 - 01901776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll2015-08-12 04:01 - 2015-07-13 14:46 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll2015-08-12 04:01 - 2015-07-13 14:45 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\basesrv.dll2015-08-12 04:01 - 2015-07-10 13:19 - 01101824 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll2015-08-12 04:01 - 2015-07-10 12:42 - 02345472 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll2015-08-12 04:01 - 2015-07-10 12:14 - 00856064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll2015-08-12 04:01 - 2015-07-10 12:13 - 07032320 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll2015-08-12 04:01 - 2015-07-10 11:47 - 01556992 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll2015-08-12 04:01 - 2015-07-10 11:31 - 06213120 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll2015-08-12 04:01 - 2015-07-09 12:13 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\notepad.exe2015-08-12 04:01 - 2015-07-09 12:13 - 00221184 _____ (Microsoft Corporation) C:\windows\notepad.exe2015-08-12 04:01 - 2015-07-09 11:30 - 00212992 _____ (Microsoft Corporation) C:\windows\SysWOW64\notepad.exe2015-08-12 04:01 - 2015-06-11 15:12 - 02476376 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys2015-08-12 04:01 - 2015-06-11 15:12 - 00428888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS2015-08-12 04:01 - 2015-05-11 19:24 - 00536920 _____ (Microsoft Corporation) C:\windows\system32\mcupdate_GenuineIntel.dll2015-08-09 14:43 - 2015-08-09 14:43 - 00000742 _____ C:\Users\mooke_000\Documents\Desktop - Shortcut.lnk2015-08-09 13:45 - 2015-08-07 07:59 - 03930112 _____ (ProjectPokémon) C:\Users\mooke_000\Desktop\PKHeX.exe2015-08-09 13:42 - 2015-08-09 13:43 - 01982114 _____ C:\Users\mooke_000\Downloads\PKHeX (08-08-15).zip2015-07-29 11:07 - 2015-07-29 11:07 - 00000000 ____D C:\Users\mooke_000\Downloads\powersaves3ds-software-1292015-07-29 11:07 - 2015-07-27 12:30 - 04065363 _____ (Datel Design & Development ) C:\Users\mooke_000\Desktop\powersaves_setup_v1.29.exe2015-07-29 11:04 - 2015-07-29 11:04 - 04034094 _____ C:\Users\mooke_000\Downloads\powersaves3ds-software-129.zip2015-07-26 20:29 - 2015-07-26 20:29 - 00986311 _____ C:\Users\mooke_000\Downloads\RebirthCCLauncher.zip2015-07-24 16:52 - 2015-07-24 16:52 - 00969584 _____ (ROBLOX Corporation) C:\Users\mooke_000\Downloads\RobloxPlayerLauncher (1).exe2015-07-22 18:46 - 2015-07-22 18:46 - 00000000 ____D C:\Users\mooke_000\AppData\Local\CEF2015-07-20 16:58 - 2015-07-20 17:00 - 115236013 _____ C:\Users\mooke_000\Downloads\JSTR_Universal_1.7.x.zip ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-16 17:31 - 2014-06-04 17:07 - 01053852 _____ C:\windows\WindowsUpdate.log2015-08-16 17:30 - 2014-06-04 17:16 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2744511804-60897879-1795108344-10012015-08-16 17:15 - 2013-08-22 10:36 - 00000000 ____D C:\windows\AppReadiness2015-08-16 17:14 - 2014-06-05 17:36 - 00000926 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job2015-08-16 17:02 - 2013-08-22 10:36 - 00000000 ____D C:\windows\system32\sru2015-08-16 16:59 - 2014-10-10 14:19 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2015-08-16 16:59 - 2014-06-05 17:36 - 00000922 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job2015-08-16 16:59 - 2014-06-04 17:14 - 00000000 __RDO C:\Users\Web\SkyDrive2015-08-16 16:59 - 2013-08-24 16:38 - 00891920 _____ C:\windows\system32\PerfStringBackup.INI2015-08-16 16:52 - 2013-08-24 16:32 - 00297358 _____ C:\windows\PFRO.log2015-08-16 16:52 - 2013-08-22 09:46 - 00026904 _____ C:\windows\setupact.log2015-08-16 16:52 - 2013-08-22 09:45 - 00000006 ____H C:\windows\Tasks\SA.DAT2015-08-16 16:52 - 2013-08-22 08:25 - 01048576 ___SH C:\windows\system32\config\BBI2015-08-16 15:55 - 2013-08-22 10:36 - 00000000 ___HD C:\windows\system32\GroupPolicy2015-08-16 15:55 - 2013-08-22 10:36 - 00000000 ____D C:\windows\SysWOW64\GroupPolicy2015-08-16 15:26 - 2014-06-08 07:04 - 00003922 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{97BF5AF6-D346-4412-B19A-879C9F6FBBA8}2015-08-16 15:10 - 2014-06-05 17:57 - 00001313 _____ C:\Users\Public\Desktop\Google Chrome.lnk2015-08-16 15:10 - 2014-06-05 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome2015-08-16 15:10 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Common Files\System2015-08-16 12:35 - 2014-06-29 07:08 - 00000000 ____D C:\EDS2015-08-16 12:18 - 2014-06-27 15:25 - 00000000 ____D C:\Program Files (x86)\Steam2015-08-16 12:02 - 2014-12-29 17:02 - 00000000 ____D C:\Users\mooke_000\AppData\Roaming\Skype2015-08-16 10:00 - 2014-06-05 17:19 - 00000000 __RDO C:\Users\mooke_000\SkyDrive2015-08-16 09:07 - 2015-03-05 16:27 - 00000000 ____D C:\ProgramData\Origin2015-08-16 07:04 - 2014-06-05 17:30 - 00000000 ____D C:\Users\mooke_000\AppData\Roaming\.minecraft2015-08-15 21:39 - 2014-09-01 08:44 - 00000000 ___RD C:\Users\pauli_000\Google Drive2015-08-15 21:38 - 2014-06-04 21:41 - 00000000 __RDO C:\Users\pauli_000\SkyDrive2015-08-15 15:05 - 2014-05-29 19:42 - 00065536 _____ C:\windows\system32\spu_storage.bin2015-08-15 11:29 - 2013-08-22 08:25 - 00000301 _____ C:\windows\win.ini2015-08-15 11:27 - 2015-04-10 19:27 - 00000000 ____D C:\Program Files (x86)\3602015-08-15 10:27 - 2014-06-05 17:04 - 00000000 ____D C:\Users\mooke_0002015-08-15 10:22 - 2014-06-04 18:06 - 00000000 ____D C:\Users\pauli_0002015-08-14 09:30 - 2015-01-31 12:08 - 00035328 ___SH C:\Users\mooke_000\Desktop\Thumbs.db2015-08-14 08:11 - 2013-08-22 09:45 - 00000000 ____D C:\windows\Setup2015-08-14 08:08 - 2014-06-04 21:45 - 00003594 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2744511804-60897879-1795108344-10042015-08-14 07:00 - 2014-10-10 14:19 - 00001121 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-08-14 07:00 - 2014-10-10 14:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-08-14 07:00 - 2014-10-10 14:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware2015-08-14 06:50 - 2015-03-05 19:35 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk2015-08-14 06:43 - 2015-03-11 12:13 - 00657920 _____ (Microsoft Corporation) C:\windows\system32\dnsapi.dll2015-08-14 06:43 - 2015-03-11 12:12 - 00498688 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnsapi.dll2015-08-14 06:42 - 2014-06-04 18:06 - 00003946 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{CCDD9EF7-4E0A-476E-96E0-B7B28717D32C}2015-08-14 06:37 - 2015-06-28 18:12 - 00000998 _____ C:\Users\Public\Desktop\Minecraft.lnk2015-08-14 06:37 - 2015-04-12 19:54 - 00000605 _____ C:\Users\Public\Desktop\Fraps.lnk2015-08-14 06:37 - 2015-04-10 19:06 - 00001122 _____ C:\Users\pauli_000\Desktop\Cheat Engine.lnk2015-08-14 06:37 - 2015-03-08 16:36 - 00000955 _____ C:\Users\mooke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mine-imator.lnk2015-08-14 06:37 - 2015-03-05 21:17 - 00001368 _____ C:\Users\Public\Desktop\PVZ Garden Warfare.lnk2015-08-14 06:37 - 2015-03-05 19:35 - 00002064 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk2015-08-14 06:37 - 2015-03-05 16:27 - 00001016 _____ C:\Users\Public\Desktop\Origin.lnk2015-08-14 06:37 - 2015-01-31 12:08 - 00001255 _____ C:\Users\mooke_000\Desktop\TechnicLauncher - Shortcut.lnk2015-08-14 06:37 - 2015-01-19 08:48 - 00001521 _____ C:\Users\pauli_000\Desktop\ROBLOX Player.lnk2015-08-14 06:37 - 2015-01-19 08:48 - 00001336 _____ C:\Users\pauli_000\Desktop\ROBLOX Studio.lnk2015-08-14 06:37 - 2014-12-24 15:50 - 00001521 _____ C:\Users\mooke_000\Desktop\ROBLOX Player.lnk2015-08-14 06:37 - 2014-12-24 15:49 - 00001336 _____ C:\Users\mooke_000\Desktop\ROBLOX Studio.lnk2015-08-14 06:37 - 2014-12-22 11:32 - 00002731 _____ C:\Users\Public\Desktop\Skype.lnk2015-08-14 06:37 - 2014-09-01 08:44 - 00001848 _____ C:\Users\pauli_000\Desktop\Google Drive.lnk2015-08-14 06:37 - 2014-08-29 21:16 - 00001962 _____ C:\Users\Web\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk2015-08-14 06:37 - 2014-08-29 21:16 - 00001956 _____ C:\Users\Web\Desktop\Spotify.lnk2015-08-14 06:37 - 2014-08-02 10:19 - 00001163 _____ C:\Users\Public\Desktop\iRepo.lnk2015-08-14 06:37 - 2014-08-02 10:03 - 00003145 _____ C:\Users\Public\Desktop\Music Rescue.lnk2015-08-14 06:37 - 2014-08-02 09:53 - 00003069 _____ C:\Users\Web\Desktop\TouchCopy 12.lnk2015-08-14 06:37 - 2014-08-02 09:48 - 00001044 _____ C:\Users\Public\Desktop\Sharepod.lnk2015-08-14 06:37 - 2014-06-27 15:25 - 00001000 _____ C:\Users\Public\Desktop\Steam.lnk2015-08-14 06:37 - 2014-06-18 09:09 - 00001820 _____ C:\Users\Public\Desktop\iTunes.lnk2015-08-14 06:37 - 2014-06-13 18:14 - 00002258 _____ C:\Users\pauli_000\Desktop\HP Support Assistant.lnk2015-08-14 06:37 - 2014-06-11 19:44 - 00002655 _____ C:\Users\Web\Desktop\Microsoft Office Word 2007.lnk2015-08-14 06:37 - 2014-06-11 19:44 - 00002655 _____ C:\Users\Web\Desktop\Microsoft Office Excel 2007.lnk2015-08-14 06:37 - 2014-06-11 16:14 - 00002655 _____ C:\Users\pauli_000\Desktop\Microsoft Office Word 2007.lnk2015-08-14 06:37 - 2014-06-11 16:14 - 00002655 _____ C:\Users\pauli_000\Desktop\Microsoft Office Excel 2007.lnk2015-08-14 06:37 - 2014-06-08 15:49 - 00002152 _____ C:\Users\Public\Desktop\QuickBooks Pro 2014.lnk2015-08-14 06:37 - 2014-06-07 18:55 - 00001842 _____ C:\Users\Web\Desktop\Google Drive.lnk2015-08-14 06:37 - 2014-06-07 14:44 - 00002083 _____ C:\Users\Public\Desktop\Google Slides.lnk2015-08-14 06:37 - 2014-06-07 14:44 - 00002081 _____ C:\Users\Public\Desktop\Google Sheets.lnk2015-08-14 06:37 - 2014-06-07 14:44 - 00002071 _____ C:\Users\Public\Desktop\Google Docs.lnk2015-08-14 06:37 - 2014-06-05 17:29 - 00001077 _____ C:\Users\mooke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft.lnk2015-08-14 06:37 - 2014-06-04 21:53 - 00001819 _____ C:\Users\Public\Desktop\Vuze.lnk2015-08-14 06:37 - 2014-06-04 18:06 - 00001443 _____ C:\Users\pauli_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2015-08-14 06:37 - 2014-06-04 17:10 - 00001443 _____ C:\Users\Web\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2015-08-14 06:37 - 2014-05-29 20:41 - 00001332 _____ C:\Users\Public\Desktop\HP Smart Friend.lnk2015-08-14 06:36 - 2015-01-18 14:11 - 00001336 _____ C:\Users\halca_000\Desktop\ROBLOX Studio.lnk2015-08-14 06:36 - 2015-01-16 16:09 - 00001348 _____ C:\Users\halca_000\Desktop\Continue Five Nights at Freddy's Installation.lnk2015-08-14 06:36 - 2014-12-31 17:27 - 00001298 _____ C:\Users\halca_000\Desktop\Continue File Opener Installation.lnk2015-08-14 06:36 - 2014-10-12 15:04 - 00001521 _____ C:\Users\halca_000\Desktop\ROBLOX Player.lnk2015-08-14 06:36 - 2014-08-25 16:55 - 00001318 _____ C:\Users\halca_000\Desktop\Continue Free Download Installation.lnk2015-08-14 06:36 - 2014-08-24 10:40 - 00002448 _____ C:\Users\halca_000\Desktop\Free Music.lnk2015-08-14 06:36 - 2014-06-29 07:08 - 00001443 _____ C:\Users\aklyk_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2015-08-14 06:36 - 2014-06-29 07:08 - 00000551 _____ C:\Users\aklyk_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk2015-08-14 06:36 - 2014-06-29 07:08 - 00000549 _____ C:\Users\aklyk_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk2015-08-14 06:36 - 2014-06-16 16:25 - 00001735 _____ C:\Users\halca_000\Desktop\Pokémon Trading Card Game Online.lnk2015-08-14 06:36 - 2014-06-08 02:03 - 00000551 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk2015-08-14 06:36 - 2014-06-08 02:03 - 00000551 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk2015-08-14 06:36 - 2014-06-08 02:03 - 00000549 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk2015-08-14 06:36 - 2014-06-08 02:03 - 00000549 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk2015-08-14 06:36 - 2014-06-05 18:34 - 00001443 _____ C:\Users\halca_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2015-08-13 20:40 - 2015-06-25 14:21 - 00000368 _____ C:\windows\Tasks\HPCeeScheduleForpauli_000.job2015-08-13 20:40 - 2013-08-22 09:44 - 00441296 _____ C:\windows\system32\FNTCACHE.DAT2015-08-13 20:38 - 2014-08-03 12:38 - 00000000 ____D C:\Program Files\Microsoft Silverlight2015-08-13 20:38 - 2014-08-03 12:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight2015-08-13 20:35 - 2014-12-12 08:32 - 00000000 ____D C:\windows\system32\appraiser2015-08-13 20:35 - 2014-07-16 17:12 - 00000000 ___SD C:\windows\system32\CompatTel2015-08-13 20:35 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2015-08-13 20:35 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2015-08-13 20:35 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2015-08-13 20:35 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2015-08-13 20:35 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Windows Defender2015-08-13 20:35 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender2015-08-13 20:33 - 2014-06-05 17:21 - 00003594 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2744511804-60897879-1795108344-10052015-08-13 20:16 - 2014-06-07 14:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive2015-08-13 17:27 - 2014-06-05 17:05 - 00003946 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{E1291903-9E5D-49F7-9CC8-108CE3F4EC8A}2015-08-13 14:45 - 2014-06-05 14:46 - 00000052 _____ C:\windows\SysWOW64\DOErrors.log2015-08-13 14:41 - 2014-12-24 15:49 - 00000000 ____D C:\Users\mooke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox2015-08-13 03:45 - 2014-06-11 08:45 - 00000000 ____D C:\ProgramData\Microsoft Help2015-08-13 03:45 - 2013-08-22 10:20 - 00000000 ____D C:\windows\CbsTemp2015-08-13 03:43 - 2014-08-03 12:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight2015-08-13 03:40 - 2014-06-07 05:31 - 00000000 ____D C:\windows\system32\MRT2015-08-13 03:21 - 2014-06-07 05:31 - 132483416 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe2015-08-12 19:28 - 2015-06-22 17:57 - 00000000 ____D C:\Users\mooke_000\Powersaves3DS2015-08-11 14:01 - 2015-06-25 14:21 - 00003190 _____ C:\windows\System32\Tasks\HPCeeScheduleForpauli_0002015-08-09 17:14 - 2014-06-05 17:05 - 00000000 ____D C:\Users\mooke_000\AppData\Local\Packages2015-08-08 08:55 - 2015-03-14 08:21 - 00794088 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe2015-08-08 08:55 - 2015-03-14 08:21 - 00179688 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl2015-08-01 15:49 - 2015-06-28 18:12 - 00000000 ____D C:\Program Files (x86)\Minecraft2015-08-01 14:11 - 2015-06-22 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Action Replay PowerSaves 3DS2015-08-01 14:11 - 2015-06-22 17:57 - 00000000 ____D C:\Program Files (x86)\Action Replay PowerSaves 3DS2015-08-01 14:06 - 2014-06-04 17:09 - 00000000 ____D C:\Users\Web2015-07-30 10:55 - 2013-08-22 10:36 - 00000000 ____D C:\windows\system32\NDF2015-07-30 09:45 - 2014-06-29 07:08 - 00000000 ____D C:\Users\aklyk_0002015-07-30 09:45 - 2014-06-05 18:34 - 00000000 ____D C:\Users\halca_0002015-07-28 18:20 - 2015-03-05 16:30 - 00000000 ____D C:\Users\mooke_000\AppData\Roaming\Origin2015-07-28 18:14 - 2015-03-05 16:27 - 00000000 ____D C:\Program Files (x86)\Origin2015-07-25 05:11 - 2015-04-04 09:03 - 00000000 ___SD C:\windows\system32\GWX2015-07-22 21:11 - 2013-08-22 10:36 - 00000000 ____D C:\windows\rescache2015-07-22 07:28 - 2015-01-31 11:51 - 04731400 _____ () C:\Users\mooke_000\Desktop\TechnicLauncher.exe2015-07-22 07:27 - 2015-01-31 12:04 - 00000000 ____D C:\Users\mooke_000\AppData\Roaming\.technic2015-07-19 10:39 - 2015-04-04 09:03 - 00000000 ___SD C:\windows\SysWOW64\GWX2015-07-19 10:39 - 2013-08-22 10:36 - 00000000 ___RD C:\windows\ToastData2015-07-19 10:39 - 2013-08-22 10:36 - 00000000 ____D C:\windows\WinStore2015-07-19 07:50 - 2014-06-05 18:34 - 00003946 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{29EB089F-8B13-46EE-B4F2-40CFC60D11E2} ==================== Files in the root of some directories ======= 2015-05-12 18:22 - 2015-05-12 18:22 - 0099678 _____ () C:\Program Files (x86)\tunepro138x138.ico2014-08-02 10:04 - 2014-08-02 10:05 - 0000360 _____ () C:\Users\Web\AppData\Roaming\com.kennettnet.MusicRescue4.plist ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\windows\system32\winlogon.exe => File is digitally signedC:\windows\system32\wininit.exe => File is digitally signedC:\windows\explorer.exe => File is digitally signedC:\windows\SysWOW64\explorer.exe => File is digitally signedC:\windows\system32\svchost.exe => File is digitally signedC:\windows\SysWOW64\svchost.exe => File is digitally signedC:\windows\system32\services.exe => File is digitally signedC:\windows\system32\User32.dll => File is digitally signedC:\windows\SysWOW64\User32.dll => File is digitally signedC:\windows\system32\userinit.exe => File is digitally signedC:\windows\SysWOW64\userinit.exe => File is digitally signedC:\windows\system32\rpcss.dll => File is digitally signedC:\windows\system32\dnsapi.dll[2015-03-11 12:13] - [2015-08-14 06:43] - 0657920 ____A (Microsoft Corporation) 089D030FF1B7D49ACD074B289D306F4D C:\windows\SysWOW64\dnsapi.dll => MD5 is legitC:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-08-10 04:49 ==================== End of log ============================ Link to post Share on other sites More sharing options...
Darth_Kittens Posted August 16, 2015 Author ID:983716 Share Posted August 16, 2015 Additional scan result of Farbar Recovery Scan Tool (x64) Version:16-08-2015Ran by Web (2015-08-16 17:32:59)Running from C:\Users\Web\DesktopBoot Mode: Normal========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2744511804-60897879-1795108344-500 - Administrator - Disabled)aklyk_000 (S-1-5-21-2744511804-60897879-1795108344-1007 - Limited - Enabled) => C:\Users\aklyk_000Guest (S-1-5-21-2744511804-60897879-1795108344-501 - Limited - Disabled)halca_000 (S-1-5-21-2744511804-60897879-1795108344-1006 - Limited - Enabled) => C:\Users\halca_000HomeGroupUser$ (S-1-5-21-2744511804-60897879-1795108344-1003 - Limited - Enabled)mooke_000 (S-1-5-21-2744511804-60897879-1795108344-1005 - Limited - Enabled) => C:\Users\mooke_000pauli_000 (S-1-5-21-2744511804-60897879-1795108344-1004 - Administrator - Enabled) => C:\Users\pauli_000Web (S-1-5-21-2744511804-60897879-1795108344-1001 - Administrator - Enabled) => C:\Users\Web ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)Action Replay PowerSaves 3DS version 1.29 (HKLM-x32\...\{CD24B06F-0A4D-410A-AEF2-DFE6A28AB4C0}_is1) (Version: 1.29 - Datel Design & Development)Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)Airport Mania (x32 Version: 2.2.0.95 - WildTangent) HiddenAlcor Micro USB Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.)Alcor Micro USB Card Reader Driver (x32 Version: 20.21.3317.03861 - Alcor Micro Corp.) HiddenAmazing World (HKLM-x32\...\Steam App 293500) (Version: - Ganz)AMD Catalyst Install Manager (HKLM\...\{7288D4D9-90E0-2B03-43D0-0BB6D4496577}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)Amnesia: The Dark Descent (HKLM-x32\...\Steam App 57300) (Version: - Frictional Games)Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) HiddenBejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) HiddenBonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) HiddenBrick-Force (EU) (HKLM-x32\...\Steam App 335330) (Version: - Exe Games Inc.)Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) HiddenCastle Crashers (HKLM-x32\...\Steam App 204360) (Version: - The Behemoth)Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version: - Cheat Engine)Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)Clicker Heroes (HKLM-x32\...\Steam App 363970) (Version: - )Collaboration Data Objects 1.2.1 (HKLM-x32\...\{86EF9EB6-DE10-4ABB-B221-D61972BB3C09}) (Version: 6.5.7940.0 - Microsoft)Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) HiddenCradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) HiddenCry of Fear (HKLM-x32\...\Steam App 223710) (Version: - Team Psykskallar)Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) HiddenCutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.)CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6805 - CyberLink Corp.)CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3103 - CyberLink Corp.)Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4323 - CyberLink Corp.)CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3215 - CyberLink Corp.)CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3215 - CyberLink Corp.)CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3212 - CyberLink Corp.)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDelicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) HiddenDisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) HiddenFarm Frenzy (x32 Version: 2.2.0.98 - WildTangent) HiddenFishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) HiddenFistful of Frags (HKLM-x32\...\Steam App 265630) (Version: - Fistful of Frags Team)Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.155 - Google Inc.)Google Drive (HKLM-x32\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.28.1 - Google Inc.) HiddenGovernor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) HiddenGPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.15) (Version: 9.15 - Artifex Software Inc.)Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) HiddenHouse of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) HiddenHP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)HP Documentation (HKLM-x32\...\{06600E94-1C34-40E2-AB09-D30AECF78172}) (Version: 1.1.0.0 - Hewlett-Packard)HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard)HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.51 - Hewlett-Packard)HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)Inst5675 (Version: 8.00.51 - Softex Inc.) HiddenInst5676 (Version: 8.00.51 - Softex Inc.) HiddeniRepo 5.3.0.0 (HKLM-x32\...\iRepo_is1) (Version: 5.3.0.0 - Purple Ghost Software, Inc.)Ironclad Tactics (HKLM-x32\...\Steam App 226960) (Version: - Zachtronics)iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) HiddenJohn Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) HiddenKing Oddball (x32 Version: 3.0.2.48 - WildTangent) HiddenLuxor Evolved (x32 Version: 2.2.0.98 - WildTangent) HiddenMahjongg Dimensions Deluxe (x32 Version: 2.2.0.95 - WildTangent) HiddenMalwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)Mitos.is: The Game (HKLM-x32\...\Steam App 389570) (Version: - Freakinware Studios)Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) HiddenMusic Rescue (HKLM-x32\...\{5F503B34-022D-4C56-9D40-53D2916CE3C9}) (Version: 4.5.1 - KennettNet Software Ltd)Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) HiddenNBA 2K15 (HKLM-x32\...\Steam App 282350) (Version: - Visual Concepts)Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) HiddenPenguins! (x32 Version: 2.2.0.98 - WildTangent) HiddenPinger (HKLM-x32\...\Pinger 1.1.1.2) (Version: 1.1.1.2 - Pinger Inc.)Pinger (x32 Version: 1.1.1.2 - Pinger Inc.) HiddenPlants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) HiddenPokémon Trading Card Game Online (HKLM-x32\...\{D81F39D4-FDA9-4356-92B1-16081D8BF71A}) (Version: 1.0.0 - The Pokémon Company International)Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) HiddenPortal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)PVZ Garden Warfare (HKLM-x32\...\{A5AC7D7B-C1D5-4AF9-8829-993DA335BE1B}) (Version: 1.0.3.0 - Electronic Arts)Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)QuickBooks (x32 Version: 24.0.4008.2403 - Intuit Inc.) HiddenQuickBooks Pro 2014 (HKLM-x32\...\{4A21D17E-2FE8-42CD-88B7-ACF8E8860834}) (Version: 24.0.4003.2403 - Intuit Inc.)QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7090 - Realtek Semiconductor Corp.)Recovery Manager (x32 Version: 5.5.0.7001 - CyberLink Corp.) HiddenRoads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) HiddenSharepod 4.0.1.1 (HKLM-x32\...\{085BCFB8-F6FB-4600-AFAB-1F6DBC7F5F99}_is1) (Version: - Macroplant LLC)Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)Spooky's House of Jump Scares (HKLM-x32\...\Steam App 356670) (Version: - Lag Studios)Spotify (HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB)Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) HiddenTeam Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)Team Fortress Classic (HKLM-x32\...\Steam App 20) (Version: - Valve)Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version: - Edmund McMillen and Florian Himsl)The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version: - Nicalis, Inc.)Time Clickers (HKLM-x32\...\Steam App 385770) (Version: - Proton Studio Inc)TouchCopy 12 (HKLM-x32\...\{363B852D-FBAD-4BAB-B1E9-28937DCDA620}) (Version: 12.46 - Wide Angle Software)Trove (HKLM-x32\...\Steam App 304050) (Version: - Trion Worlds)Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)Update Installer for WildTangent Games App (x32 Version: - WildTangent) HiddenVacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) HiddenVuze (HKLM\...\8461-7759-5462-8226) (Version: 5.3.0.0 - Azureus Software, Inc.)WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)X Rebirth (HKLM-x32\...\Steam App 2870) (Version: - Egosoft)Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) HiddenZuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 29-07-2015 04:09:48 Windows Update11-08-2015 11:39:06 Scheduled Checkpoint16-08-2015 12:39:33 Removed Java 7 Update 60 (64-bit)16-08-2015 16:12:37 Restore Point Created by FRST ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {089607A1-22D1-4172-A106-4DEEEDF53A49} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)Task: {283EFFA8-8543-4156-9297-F4967767E0AC} - System32\Tasks\updateTask => c:\task.vbsTask: {2F8869EE-DDF4-4189-B218-0FA932BA833B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-05] (Google Inc.)Task: {33C6C936-27C9-4864-BC10-AD0EE8157838} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)Task: {34CE367C-12F8-40EF-A247-F2A77A5692E5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)Task: {364C2067-47B8-4DA0-9B7F-DEF696AC3D31} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)Task: {4D0A3E5D-EA2D-4BC2-A3B0-35166C769E0C} - System32\Tasks\runTask => %TEMP%/Updater.exeTask: {6D630EE5-9363-4E34-80CB-05227AE6CFBA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-08-13] (Microsoft Corporation)Task: {78433DFD-CEDB-4793-AB00-0EAAE5EA786D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)Task: {912CDA96-E250-45E0-A69F-CBE9F94642F8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-31] (Hewlett-Packard)Task: {A8A586F8-3AB2-43BE-B7E5-91B816889678} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {C6F354D6-01F3-42C3-BCB8-DD6F19DF9582} - System32\Tasks\HPCeeScheduleForWeb => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)Task: {D5016636-D008-4FA8-A9CA-F95655C46526} - System32\Tasks\HPCeeScheduleForpauli_000 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)Task: {D576BEE5-6B9B-4783-98AB-0F5C1E1AF9F9} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)Task: {D5E45616-3703-4421-BCF8-C2617A3EB32A} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiserTask: {DF80B38C-CA93-4FAD-887C-AD8EDE5A02EB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-31] (Hewlett-Packard)Task: {E0656664-4567-4309-817B-5F2691F42BE0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-05] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\HPCeeScheduleForpauli_000.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exeTask: C:\windows\Tasks\HPCeeScheduleForWeb.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exeTask: C:\windows\Tasks\User_Feed_Synchronization-{04B9E90F-251F-4172-81A6-1ACCE334504E}.job => C:\windows\system32\msfeedssync.exeTask: C:\windows\Tasks\User_Feed_Synchronization-{C5F881FB-A495-42CB-A304-59516024C554}.job => C:\windows\system32\msfeedssync.exe ==================== Loaded Modules (Whitelisted) ============== 2013-09-05 05:22 - 2013-09-05 05:22 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe2013-09-05 05:24 - 2013-09-05 05:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll2013-09-05 05:24 - 2013-09-05 05:24 - 02540544 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll2013-09-05 05:21 - 2013-09-05 05:21 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll2013-09-05 05:21 - 2013-09-05 05:21 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll2013-09-05 05:21 - 2013-09-05 05:21 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll2013-09-05 05:36 - 2013-09-05 05:36 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll2013-09-05 05:36 - 2013-09-05 05:36 - 01298832 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll2014-11-15 16:50 - 2013-10-23 16:24 - 00087600 _____ () C:\windows\System32\cpwmon64.dll2013-09-05 05:31 - 2013-09-05 05:31 - 00064000 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe2013-06-05 15:51 - 2013-06-05 15:51 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll2015-07-03 02:01 - 2015-07-03 02:01 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\ErrorReporting.dll2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2015-08-11 15:15 - 2015-08-07 19:13 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\libglesv2.dll2015-08-11 15:15 - 2015-08-07 19:13 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\libegl.dll2015-08-16 16:59 - 2015-08-16 16:59 - 00098816 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\win32api.pyd2015-08-16 16:59 - 2015-08-16 16:59 - 00110080 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\pywintypes27.dll2015-08-16 16:59 - 2015-08-16 16:59 - 00364544 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\pythoncom27.dll2015-08-16 16:59 - 2015-08-16 16:59 - 00045568 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\_socket.pyd2015-08-16 16:59 - 2015-08-16 16:59 - 01161216 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\_ssl.pyd2015-08-16 16:59 - 2015-08-16 16:59 - 00320512 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\win32com.shell.shell.pyd2015-08-16 16:59 - 2015-08-16 16:59 - 00713216 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\_hashlib.pyd2015-08-16 16:59 - 2015-08-16 16:59 - 01176576 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\wx._core_.pyd2015-08-16 16:59 - 2015-08-16 16:59 - 00806400 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\wx._gdi_.pyd2015-08-16 16:59 - 2015-08-16 16:59 - 00816128 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\wx._windows_.pyd2015-08-16 16:59 - 2015-08-16 16:59 - 01067008 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\wx._controls_.pyd2015-08-16 16:59 - 2015-08-16 16:59 - 00733184 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\wx._misc_.pyd2015-08-16 16:59 - 2015-08-16 16:59 - 00682496 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\pysqlite2._sqlite.pyd2015-08-16 16:59 - 2015-08-16 16:59 - 00087552 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\_ctypes.pyd2015-08-16 16:59 - 2015-08-16 16:59 - 00119808 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\win32file.pyd2015-08-16 16:59 - 2015-08-16 16:59 - 00108544 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\win32security.pyd2015-08-16 16:59 - 2015-08-16 16:59 - 00007168 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\hashobjs_ext.pyd2015-08-16 16:59 - 2015-08-16 16:59 - 00068096 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\usb_ext.pyd2015-08-16 16:59 - 2015-08-16 16:59 - 00167936 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\win32gui.pyd2015-08-16 16:59 - 2015-08-16 16:59 - 00018432 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\win32event.pyd2015-08-16 16:59 - 2015-08-16 16:59 - 00128512 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\_elementtree.pyd2015-08-16 16:59 - 2015-08-16 16:59 - 00127488 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\pyexpat.pyd2015-08-16 16:59 - 2015-08-16 16:59 - 00013824 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\common.time34.pyd2015-08-16 16:59 - 2015-08-16 16:59 - 00036864 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\_psutil_windows.pyd2015-08-16 16:59 - 2015-08-16 16:59 - 00038912 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\win32inet.pyd2015-08-16 16:59 - 2015-08-16 16:59 - 00011264 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\win32crypt.pyd2015-08-16 16:59 - 2015-08-16 16:59 - 00077312 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\wx._html2.pyd2015-08-16 16:59 - 2015-08-16 16:59 - 00027136 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\_multiprocessing.pyd2015-08-16 16:59 - 2015-08-16 16:59 - 00020480 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\_yappi.pyd2015-08-16 16:59 - 2015-08-16 16:59 - 00035840 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\win32process.pyd2015-08-16 16:59 - 2015-08-16 16:59 - 00686080 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\unicodedata.pyd2015-08-16 16:59 - 2015-08-16 16:59 - 00123392 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\wx._wizard.pyd2015-08-16 16:59 - 2015-08-16 16:59 - 00024064 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\win32pipe.pyd2015-08-16 16:59 - 2015-08-16 16:59 - 00010240 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\select.pyd2015-08-16 16:59 - 2015-08-16 16:59 - 00025600 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\win32pdh.pyd2015-08-16 16:59 - 2015-08-16 16:59 - 00525640 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\windows._lib_cacheinvalidation.pyd2015-08-16 16:59 - 2015-08-16 16:59 - 00017408 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\win32profile.pyd2015-08-16 16:59 - 2015-08-16 16:59 - 00022528 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\win32ts.pyd2015-08-16 16:59 - 2015-08-16 16:59 - 00078848 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\wx._animate.pyd2014-05-29 20:05 - 2013-08-05 02:49 - 00627672 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll2013-08-05 17:48 - 2013-08-05 17:48 - 00016856 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\aklyk_000\OneDrive:ms-propertiesAlternateDataStreams: C:\Users\mooke_000\SkyDrive:ms-propertiesAlternateDataStreams: C:\Users\pauli_000\SkyDrive:ms-propertiesAlternateDataStreams: C:\Users\Web\SkyDrive:ms-properties ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Uiviuuj => ""="service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2744511804-60897879-1795108344-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Web\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\20130104_180917.jpgDNS Servers: 192.168.1.254HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\StartupFolder: => "QuickBooks_Standard_21.lnk"HKLM\...\StartupApproved\Run32: => "Intuit SyncManager"HKLM\...\StartupApproved\Run32: => "iTunesHelper"HKLM\...\StartupApproved\Run32: => "QHSafeTray"HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_E2EFA8B57D860A85EE2AA41549A6F263"HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_E79404C9801F5F746CB0082314E75BDB"HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\StartupApproved\Run: => "Spotify"HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\StartupApproved\Run: => "Spotify Web Helper" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139FirewallRules: [{BE1E032E-59FB-4FD6-A4A7-7483640A14E2}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exeFirewallRules: [{6C1223DF-C175-4620-A10F-C10F3B53ADAD}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exeFirewallRules: [{10B96B04-F60E-4B27-B2AD-4DE58C0EA43D}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exeFirewallRules: [{9F21A3C9-C90F-412A-9567-272759693CAD}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exeFirewallRules: [{3B76E4E5-879F-4B5D-AECA-CF7E92170C41}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exeFirewallRules: [{C57BDA63-9FB1-4F0C-AE36-8EE96FEC22E3}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exeFirewallRules: [{3924102E-FF6B-4B83-8814-FF88FE11AB7A}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXEFirewallRules: [{EE574B00-7BF6-4DFD-B2F8-1EA49608A5E0}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exeFirewallRules: [{21E7021B-C5C7-45D1-9975-5787D14A44AA}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exeFirewallRules: [{F3F991D2-D911-444E-9CC4-F7D3C824850D}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exeFirewallRules: [{FA8134FB-7A4D-47F5-A745-EE21B2EC71DC}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exeFirewallRules: [{8FB586B4-6047-4608-92D9-9E3CCFE444C4}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exeFirewallRules: [{444EDE6B-1312-4115-9DAD-A4FBBD5FEC71}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exeFirewallRules: [{92EC95E1-E446-4F0A-B9BD-FE619836FF0C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{31C6EA78-FDCA-4EAA-9EF3-329774323E6E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{B9C2440C-FDD9-4CA8-8CBE-1CB5A7317482}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{B70D192F-164B-4D05-BFA2-0DBC6CFA4CFD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{6A9CCDF5-CA09-4A3C-91FD-4C1821F5C087}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exeFirewallRules: [{AAFEF149-C6A9-42A0-9506-71ECA24DCE2B}] => (Allow) LPort=2869FirewallRules: [{74072E8C-EBBF-4990-BF8D-DF3F0A70705B}] => (Allow) LPort=1900FirewallRules: [{1EDB488B-DE61-4A08-82F1-AF2EAC89C7F0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exeFirewallRules: [{89535837-6E40-4ADA-8F67-1E2DD36A4CB1}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exeFirewallRules: [{5A739BBF-C1B7-48D1-9985-0BB27D4010A7}] => (Allow) C:\Program Files\Vuze\Azureus.exeFirewallRules: [{525541B4-294B-4B11-B9BC-BBBC03578BD0}] => (Allow) C:\Program Files\Vuze\Azureus.exeFirewallRules: [TCP Query User{1EA3B08A-E61D-4829-BC45-B4DC73A5FDD6}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exeFirewallRules: [uDP Query User{F48061BA-97D0-489B-AC9A-CCB9334B4354}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exeFirewallRules: [{F5176B49-2ACD-4BB1-8592-4DD49D3ACB5B}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exeFirewallRules: [{D4094727-9CBC-47C6-B0B1-5D092972F3B8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exeFirewallRules: [{2C5E364E-0036-43E7-918F-86DECA98A4BE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exeFirewallRules: [TCP Query User{B981B08B-F1AB-4565-A371-17A30D1194A0}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exeFirewallRules: [uDP Query User{D4AD9723-A924-495C-BE4A-EA66A99F63C4}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exeFirewallRules: [{EE817AAF-9D62-4E65-B3FC-CD8076B76F33}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exeFirewallRules: [{E58FC6A6-9307-4280-AE24-E6FBE2557067}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exeFirewallRules: [{5D82F2EC-1AC8-4525-B30D-815A5BC40ABA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exeFirewallRules: [{82397B22-92B9-40D2-968A-1346D1068248}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exeFirewallRules: [TCP Query User{348FADAE-611E-4D3B-972C-4009B959179B}C:\users\web\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\web\appdata\roaming\spotify\spotify.exeFirewallRules: [uDP Query User{691D1B52-7F3E-429D-B119-5045A9A1B313}C:\users\web\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\web\appdata\roaming\spotify\spotify.exeFirewallRules: [{C3783617-F9FA-4489-8F55-5FAF1087501F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exeFirewallRules: [{89F398C4-5795-4A80-99E8-DAD027657813}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exeFirewallRules: [{1012B0E9-788E-4339-9C2A-BE8C02A486C7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fistful of Frags\sdk\hl2.exeFirewallRules: [{E02EFE82-455B-403A-B91A-9D6A2DA8808D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fistful of Frags\sdk\hl2.exeFirewallRules: [{43A590CA-716F-4AA6-AB24-87220381B8C6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amazing World\AmazingWorld.exeFirewallRules: [{5D29A9F9-8BA5-4C4A-92C5-84B0A50465F7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amazing World\AmazingWorld.exeFirewallRules: [{221B49BD-A410-48E8-B140-424CCC2440D2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Ironclad Tactics\Game.exeFirewallRules: [{3A2DD2E1-9E24-471A-B203-73912278E14C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Ironclad Tactics\Game.exeFirewallRules: [{F89D39A6-DC4C-43B0-9EC0-7BD15F51AC36}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exeFirewallRules: [{8A1B8B18-0018-49E5-9CCF-EB74958EFB24}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exeFirewallRules: [{2FE4DCD9-2BFF-486F-8DC1-C6883E0E5429}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exeFirewallRules: [{2A644A87-A2F6-4E2A-8035-79120CF19975}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exeFirewallRules: [{D8D74176-1369-4708-871A-96F934B4721D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cry of Fear\CoFLaunchApp.exeFirewallRules: [{678696E1-881B-41B6-98C6-0F2273D2FB45}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cry of Fear\CoFLaunchApp.exeFirewallRules: [TCP Query User{A424A491-10EC-4397-9036-A4AF203ACDCD}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Block) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exeFirewallRules: [uDP Query User{1702F69E-EC27-4497-9A9F-1F340057E704}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Block) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exeFirewallRules: [{09460DCB-E59D-4E82-A97E-CEC470617064}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CastleCrashers\castle.exeFirewallRules: [{40BAAC17-672F-464B-9974-D798C2E01F94}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CastleCrashers\castle.exeFirewallRules: [TCP Query User{D95210E3-F88C-42E9-9E62-9845D4AD4E1A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exeFirewallRules: [uDP Query User{97466C1C-29D4-46C9-AC35-79130A4F6726}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exeFirewallRules: [TCP Query User{8F359B21-2B49-4AEE-B13C-37F3737B64D6}C:\users\halca_000\appdata\local\torch\plugins\hola\hola_plugin_x64.exe] => (Block) C:\users\halca_000\appdata\local\torch\plugins\hola\hola_plugin_x64.exeFirewallRules: [uDP Query User{55A79EF8-E449-4FD7-BA63-8A3793F40977}C:\users\halca_000\appdata\local\torch\plugins\hola\hola_plugin_x64.exe] => (Block) C:\users\halca_000\appdata\local\torch\plugins\hola\hola_plugin_x64.exeFirewallRules: [TCP Query User{98090451-32DD-4F8A-B7CF-FAA2BE92F7C4}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exeFirewallRules: [uDP Query User{9DEDF3CC-69A8-4A87-889C-E051C9491E83}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exeFirewallRules: [{A154DEA0-1C43-48CB-B038-A2BA083EB563}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exeFirewallRules: [{BFE7530C-ED5C-43BB-A6F6-3ADF9E0321C6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exeFirewallRules: [{15DA8999-AE5B-4135-AD60-611722DED198}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Binding Of Isaac\Isaac.exeFirewallRules: [{20AAF40E-6C7C-41F6-9272-94D36DCA31CF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Binding Of Isaac\Isaac.exeFirewallRules: [{2E67CEE6-3D5A-41C8-B6B9-CB1225C49A1B}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exeFirewallRules: [{3768047C-8401-44D7-A71D-4CEA5EC5CB33}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exeFirewallRules: [{2D18C3D6-C6EC-4FA0-8B77-14B407A3AD10}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Brick-Force ROW\InfernumLogin.exeFirewallRules: [{255D589D-92C3-4FB9-82BF-3795907FB15C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Brick-Force ROW\InfernumLogin.exeFirewallRules: [{E35E1444-0683-4C26-8FD0-B8CE7F61ADC7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exeFirewallRules: [{415E1660-48A4-407E-8E1C-B5BB0AACF8D5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exeFirewallRules: [{7AB15407-B9B8-4472-A690-EA49B72CC04C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\X Rebirth\XRebirth.exeFirewallRules: [{B139A4E7-FB00-4F8E-ADCA-0EB4ABE350BE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\X Rebirth\XRebirth.exeFirewallRules: [TCP Query User{526B8273-C4F4-44B1-906F-4D5A3097A7B9}C:\program files (x86)\360\total security\safemon\qhsafetray.exe] => (Block) C:\program files (x86)\360\total security\safemon\qhsafetray.exeFirewallRules: [uDP Query User{2B8FC484-6980-4DBF-91EE-B16E52BDB45B}C:\program files (x86)\360\total security\safemon\qhsafetray.exe] => (Block) C:\program files (x86)\360\total security\safemon\qhsafetray.exeFirewallRules: [{4FB6E1EB-8AEC-44ED-BB51-6FCB840577D4}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exeFirewallRules: [{0920CB87-0C21-4262-A320-338716A9F521}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exeFirewallRules: [{A86BE10F-5A0C-48C6-82F1-D1DB59AFD214}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Amnesia.exeFirewallRules: [{23BA47CE-BC10-434E-85FE-1639C088E876}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Amnesia.exeFirewallRules: [{1469C652-B59B-4C0D-A1F3-E9F74F72DACB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Launcher.exeFirewallRules: [{630A237A-BC7D-44C2-B623-0B667376B8D7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Launcher.exeFirewallRules: [TCP Query User{F6A1232D-BCC5-417E-A635-56AB4D7FFE68}C:\windows\system32\javaw.exe] => (Block) C:\windows\system32\javaw.exeFirewallRules: [uDP Query User{A7893E4C-D812-4632-A5FA-9F92A65E3535}C:\windows\system32\javaw.exe] => (Block) C:\windows\system32\javaw.exeFirewallRules: [{C69D7EA4-445A-4D4D-BC47-82162F1B94FC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Clicker Heroes\Clicker Heroes.exeFirewallRules: [{3209999A-DD0C-499D-9634-0CD7A2904764}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Clicker Heroes\Clicker Heroes.exeFirewallRules: [TCP Query User{FACE13ED-1822-4F9C-9ADA-27348FED87B1}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exeFirewallRules: [uDP Query User{12DC88B8-9874-46E5-B91E-BF80226DB761}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exeFirewallRules: [{FCB323AE-08ED-48EE-8606-CBC0060C1211}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exeFirewallRules: [{2FB3D3BC-DD3F-43BD-9B1E-653D587AC663}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TimeClickers\TimeClickers.exeFirewallRules: [{CBC476DF-EAE8-49C4-B2C6-ED74ECCE47FA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TimeClickers\TimeClickers.exeFirewallRules: [{E28ADC6C-A414-409C-B2AA-34FA8A47D480}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Spooky's House of Jump Scares\SPOOKY.exeFirewallRules: [{C8A2EC8C-C62B-4636-BF0A-358D5494EE40}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Spooky's House of Jump Scares\SPOOKY.exeFirewallRules: [{0C63C7CA-46EB-41AD-9F27-F70A9D069687}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mitos.is The Game\Mitosis.exeFirewallRules: [{01F669C7-E877-489E-BBA1-C0846B280700}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mitos.is The Game\Mitosis.exeFirewallRules: [{17F9E0E3-F7E5-4021-B34F-0DEB8C88AFD6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Trove\GlyphClient.exeFirewallRules: [{4A741EC4-930E-4D7C-9BEB-49E47C87ED11}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Trove\GlyphClient.exeFirewallRules: [{807E8FA7-2211-4C20-AFA5-5DB11331B6BA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exeFirewallRules: [{77AE47F7-DABB-48F6-8AB3-C5F5B474B0A3}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exeFirewallRules: [{7519E145-7F27-4FA3-B832-1ADB1F50A55E}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe ==================== Faulty Device Manager Devices ============= Name: Qualcomm Atheros AR9485 802.11b/g/n WiFi AdapterDescription: Qualcomm Atheros AR9485 802.11b/g/n WiFi AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: Qualcomm Atheros Communications Inc.Service: athrProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors:==================Error: (08/16/2015 05:32:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JEFFERSON)Description: Activation of app Facebook.Facebook_8xx8rvfyw5nnt!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (08/16/2015 05:32:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JEFFERSON)Description: Activation of app Facebook.Facebook_8xx8rvfyw5nnt!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (08/16/2015 05:31:20 PM) (Source: Perflib) (EventID: 1008) (User: )Description: .NETFrameworkC:\windows\system32\mscoree.dll8 Error: (08/16/2015 05:02:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JEFFERSON)Description: Activation of app Facebook.Facebook_8xx8rvfyw5nnt!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (08/16/2015 04:28:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JEFFERSON)Description: Activation of app Facebook.Facebook_8xx8rvfyw5nnt!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (08/16/2015 04:12:36 PM) (Source: VSS) (EventID: 8194) (User: )Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied..This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {97b2ec63-0b20-4176-bc7a-f5b0dce6f310} Error: (08/16/2015 04:10:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JEFFERSON)Description: Activation of app Facebook.Facebook_8xx8rvfyw5nnt!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (08/16/2015 03:28:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JEFFERSON)Description: Activation of app Facebook.Facebook_8xx8rvfyw5nnt!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (08/16/2015 03:17:09 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: 030260~1.EXE, version: 7.8.712.2, time stamp: 0x5321d133Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005Fault offset: 0x676f7250Faulting process id: 0x610Faulting application start time: 0x030260~1.EXE0Faulting application path: 030260~1.EXE1Faulting module path: 030260~1.EXE2Report Id: 030260~1.EXE3Faulting package full name: 030260~1.EXE4Faulting package-relative application ID: 030260~1.EXE5 Error: (08/16/2015 03:16:02 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )Description: Failed to schedule Software Protection service for re-start at 2115-07-23T20:16:02Z. Error Code: 0x80040154. System errors:=============Error: (08/16/2015 04:48:24 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (08/16/2015 04:48:24 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (08/16/2015 04:48:23 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (08/16/2015 04:48:23 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (08/16/2015 04:48:23 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (08/16/2015 04:48:22 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (08/16/2015 04:48:22 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (08/16/2015 04:48:21 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (08/16/2015 04:48:21 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (08/16/2015 04:48:21 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Microsoft Office:========================= CodeIntegrity:=================================== Date: 2015-08-16 12:57:28.085 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-16 12:57:27.074 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-16 12:57:25.998 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-16 12:57:24.762 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-16 12:57:24.025 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-16 12:57:23.075 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-16 12:57:22.325 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-16 12:57:21.207 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-16 12:57:20.400 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-16 12:57:19.016 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: AMD A6-5200 APU with Radeon HD Graphics Percentage of memory in use: 37%Total physical RAM: 5580.01 MBAvailable physical RAM: 3511.33 MBTotal Virtual: 11212.01 MBAvailable Virtual: 8479.51 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:914.57 GB) (Free:632.55 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive d: (Recovery Image) (Fixed) (Total:15.46 GB) (Free:1.92 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 931.5 GB) (Disk ID: CE011A0D) Partition: GPT. ==================== End of log ============================ Link to post Share on other sites More sharing options...
MrCharlie Posted August 16, 2015 ID:983718 Share Posted August 16, 2015 I did not reboot after the Malwarebytes scan. Should I have?No, it would have let you know if you had to reboot.==============================If you're still having a problem......Try Chrome with no extensions enabled:Open up Chrome by clicking on the 3 bars in the upper right hand corner.Then in Chrome go to Tools > > Extensions > Make sure the Developer Mode box is checked in the upper right hand corner > uncheck all the extensions and see if that makes a difference.If so......ad them back a couple at a time to find the culprit.Let me know........MrC Link to post Share on other sites More sharing options...
Darth_Kittens Posted August 16, 2015 Author ID:983721 Share Posted August 16, 2015 I don't think it's a Chrome problem -- even with all the extensions disabled it still happens in Chrome and it happens in IE now too -- 'best coupons' sidebar and random bogus tabs opening when I click on links. I guess I did not try IE long enough before when I said it seemed to be fixed. I am running another Malwarebytes scan. I will let you know how that turns out. Link to post Share on other sites More sharing options...
MrCharlie Posted August 16, 2015 ID:983722 Share Posted August 16, 2015 OK Link to post Share on other sites More sharing options...
Darth_Kittens Posted August 16, 2015 Author ID:983724 Share Posted August 16, 2015 The Malwarebytes scan came back clean but I'm still having the issues in both Chrome and IE. I also forgot to mention that I am also getting popups with debugging type messages that seem to have to do with Flash. Example: SecurityError: Error #2060: Security sandbox violation: ExternalInterface caller https://forums.malwarebytes.org/public/js/3rd_party/swfupload/swfupload.swf?preventswfcaching=1439768892957 cannot access <unknown>. at flash.external::ExternalInterface$/_evalJS() at flash.external::ExternalInterface$/call() at ExternalCall$/Bool() at SWFUpload/CheckExternalInterface() at MethodInfo-10() at flash.utils::Timer/_timerDispatch() at flash.utils::Timer/tick() Link to post Share on other sites More sharing options...
MrCharlie Posted August 17, 2015 ID:983728 Share Posted August 17, 2015 OK, see if this scanner will run on the system (it's only going to scan not delete.....I'll determine what to delete): Please run a free online scan with the ESET Online Scanner (it may take a while to run) Note: You will need to use Internet Explorer for this scan. First please Disable any Antivirus you have active, as shown in This Topic FAQ Note: Don't forget to re-enable it after the scan. http://www.eset.eu/online-scanner Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the ActiveX control to install Click Start Make sure that the options Remove found threats is unchecked and the option Scan unsafe applications is checked Click Advanced settings and select the following: Click Start Wait for the scan to finish If threats were found: Click on "list of threats found" Click on "export to text file" and save it as ESET SCAN and save to the desktop Click on back Put a checkmark in "Uninstall application on close" Click on finish Post back the log.....MrC Link to post Share on other sites More sharing options...
Recommended Posts