Jump to content

Hijacker problem


Recommended Posts

My Windows 8.1 computer started acting flaky so I ran Malwarebytes (free version) and found a bunch of malware (4400 items). I cleaned all that up but shortly thereafter problems began again. I paid for and activated the full version but I fear the enemy was already inside the gates. Every time I scan I get the same malware showing up (PUP.Winsock.Hijackboot or something like that). I delete it via Malwarebytes but it comes right back. 

 

Also I am unable to contact Microsoft services. Logins using Microsoft profiles sometimes don't work and go to a temporary profile and  Windows SmartScreen, Family Safety, and System Defender updates don't work.  FRST logs below. 

Link to post
Share on other sites

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-08-2015
Ran by Web (administrator) on JEFFERSON (16-08-2015 13:06:28)
Running from C:\Users\Web\Desktop
Loaded Profiles: Web (Available Profiles: Web & pauli_000 & mooke_000 & halca_000 & aklyk_000)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\backgroundTaskHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [simplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2793016 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [154680 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [154680 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7205592 2014-06-10] (Realtek Semiconductor)
HKLM-x32\...\Run: [intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-02-27] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [startCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\Run: [GoogleChromeAutoLaunch_E2EFA8B57D860A85EE2AA41549A6F263] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-08-07] (Google Inc.)
HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22344224 2015-07-29] (Google)
HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\Run: [GoogleChromeAutoLaunch_E79404C9801F5F746CB0082314E75BDB] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-08-07] (Google Inc.)
HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\Run: [spotify] => C:\Users\Web\AppData\Roaming\Spotify\Spotify.exe [6621752 2014-08-29] (Spotify Ltd)
HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\Run: [spotify Web Helper] => C:\Users\Web\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-29] (Spotify Ltd)
AppInit_DLLs: C:\ProgramData\FlashBeat\FlashBeat64.dll => C:\ProgramData\FlashBeat\FlashBeat64.dll File not found
AppInit_DLLs-x32: C:\ProgramData\FlashBeat\FlashBeat32.dll => "C:\ProgramData\FlashBeat\FlashBeat32.dll" File not found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2014-06-08]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2014-06-08]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2014-06-08]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-21-2744511804-60897879-1795108344-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKU\S-1-5-21-2744511804-60897879-1795108344-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {AFD9007D-B1D0-490C-975A-78475FE8F8DE} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {AFD9007D-B1D0-490C-975A-78475FE8F8DE} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2744511804-60897879-1795108344-1001 -> {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = 
SearchScopes: HKU\S-1-5-21-2744511804-60897879-1795108344-1001 -> {AFD9007D-B1D0-490C-975A-78475FE8F8DE} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2744511804-60897879-1795108344-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-08-16] (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-16] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll [2014-12-10] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\windows\SysWOW64\mscoree.dll [2013-08-21] (Microsoft Corporation)
Winsock: Catalog9-x64 01 C:\windows\system32\WeWatcherLSP64.dll File Not ' & $found1 & '
Winsock: Catalog9-x64 02 C:\windows\system32\WeWatcherLSP64.dll File Not ' & $found1 & '
Winsock: Catalog9-x64 03 C:\windows\system32\WeWatcherLSP64.dll File Not ' & $found1 & '
Winsock: Catalog9-x64 04 C:\windows\system32\WeWatcherLSP64.dll File Not ' & $found1 & '
Winsock: Catalog9-x64 05 C:\windows\system32\Uiviuuj64.dll File Not ' & $found1 & '
Winsock: Catalog9-x64 06 C:\windows\system32\Uiviuuj64.dll File Not ' & $found1 & '
Winsock: Catalog9-x64 07 C:\windows\system32\Uiviuuj64.dll File Not ' & $found1 & '
Winsock: Catalog9-x64 08 C:\windows\system32\Uiviuuj64.dll File Not ' & $found1 & '
Winsock: Catalog9-x64 19 C:\windows\system32\Uiviuuj64.dll File Not ' & $found1 & '
Winsock: Catalog9-x64 20 C:\windows\system32\WeWatcherLSP64.dll File Not ' & $found1 & '
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{A3F2874C-718F-4260-98B6-DBD6F96607DF}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{AE402C42-EB0A-4278-A550-50AC5749342A}: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-16] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-07]
CHR Extension: (Google Drive) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-07]
CHR Extension: (YouTube) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-07]
CHR Extension: (Google Cast) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-01-01]
CHR Extension: (Google Search) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-07]
CHR Extension: (User-Agent Switcher for Chrome) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2014-06-07]
CHR Extension: (Google News) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2014-06-07]
CHR Extension: (Google+) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2014-06-07]
CHR Extension: (Google Play Music) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2014-08-02]
CHR Extension: (Google +1 Button) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp [2014-06-07]
CHR Extension: (Google Voice (by Google)) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2014-06-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-12]
CHR Extension: (Boomerang for Gmail) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2014-06-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-07]
CHR Extension: (Gmail) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-07]
CHR HKU\S-1-5-21-2744511804-60897879-1795108344-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 0302601401919830mcinstcleanup; C:\windows\TEMP\030260~1.EXE [836168 2014-03-13] (McAfee, Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-09-05] () [File not signed]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-05] (Softex Inc.) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2007048 2015-07-28] (Electronic Arts)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-12-10] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2013-10-10] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-10-10] (Intuit Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2014-06-10] (Realtek Semiconductor)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-24] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S3 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
S4 McMPFSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.)
S3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-06-10] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
S1 gaeymoun; \??\C:\windows\system32\drivers\gaeymoun.sys [X]
S1 gilobxrb; \??\C:\windows\system32\drivers\gilobxrb.sys [X]
S1 ktoqvcqe; \??\C:\windows\system32\drivers\ktoqvcqe.sys [X]
S1 rixyksrm; \??\C:\windows\system32\drivers\rixyksrm.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-16 13:06 - 2015-08-16 13:06 - 00021298 _____ C:\Users\Web\Desktop\FRST.txt
2015-08-16 13:05 - 2015-08-16 13:05 - 02173440 _____ (Farbar) C:\Users\Web\Desktop\FRST64.exe
2015-08-16 12:52 - 2015-08-16 13:06 - 00000000 ____D C:\FRST
2015-08-16 12:44 - 2015-08-16 12:44 - 00000000 ____D C:\ProgramData\Sun
2015-08-16 12:44 - 2015-08-16 12:43 - 00110688 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2015-08-16 12:43 - 2015-08-16 12:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-16 12:42 - 2015-08-16 12:42 - 00000000 ____D C:\ProgramData\Oracle
2015-08-16 12:42 - 2015-08-16 12:42 - 00000000 ____D C:\Program Files\Java
2015-08-16 12:35 - 2015-08-16 12:35 - 00000272 ____H C:\windows\Tasks\User_Feed_Synchronization-{C5F881FB-A495-42CB-A304-59516024C554}.job
2015-08-16 12:33 - 2015-08-16 12:33 - 00000272 ____H C:\windows\Tasks\User_Feed_Synchronization-{04B9E90F-251F-4172-81A6-1ACCE334504E}.job
2015-08-15 10:30 - 2015-08-15 11:28 - 00000000 ____D C:\Users\Web\AppData\Local\BrowserHelper
2015-08-15 10:26 - 2015-08-15 10:26 - 00000272 ____H C:\windows\Tasks\User_Feed_Synchronization-{97BF5AF6-D346-4412-B19A-879C9F6FBBA8}.job
2015-08-15 10:19 - 2015-08-15 10:19 - 694094341 _____ C:\windows\MEMORY.DMP
2015-08-15 10:19 - 2015-08-15 10:19 - 00281296 _____ C:\windows\Minidump\081515-39234-01.dmp
2015-08-15 10:19 - 2015-08-15 10:19 - 00000000 ____D C:\windows\Minidump
2015-08-15 10:13 - 2015-08-15 11:28 - 00000000 ____D C:\Users\mooke_000\AppData\Local\BrowserHelper
2015-08-15 10:13 - 2015-08-15 11:27 - 00000000 ____D C:\Program Files (x86)\0fbddb10-1b8a-43a6-825a-a4822c5d4b34
2015-08-15 10:13 - 2015-08-15 10:13 - 00000280 _____ C:\windows\Tasks\Launch 5906.job
2015-08-15 10:12 - 2015-08-15 10:12 - 00001968 _____ C:\Users\pauli_000\Desktop\YTDownloader.lnk
2015-08-15 10:12 - 2015-08-15 10:12 - 00000000 ____D C:\Users\pauli_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
2015-08-15 10:10 - 2015-08-15 10:10 - 00000000 ____D C:\Users\pauli_000\AppData\Local\CrashRpt
2015-08-15 10:10 - 2015-08-15 10:10 - 00000000 _____ C:\windows\SysWOW64\Number of results
2015-08-15 08:40 - 2015-08-15 10:21 - 00000010 _____ C:\Users\Public\Documents\test.txt
2015-08-15 05:32 - 2015-08-15 05:32 - 00942955 _____ C:\Users\pauli_000\Downloads\Setup (3).zip
2015-08-15 03:47 - 2015-08-15 03:47 - 00555288 _____ C:\Users\pauli_000\Downloads\Unconfirmed 588830.crdownload
2015-08-15 03:11 - 2015-08-15 03:11 - 00943043 _____ C:\Users\pauli_000\Downloads\Setup (2).zip
2015-08-15 03:11 - 2015-08-15 03:11 - 00446708 _____ C:\Users\pauli_000\Downloads\Setup (1).zip
2015-08-15 02:02 - 2015-08-15 02:02 - 00555288 _____ C:\Users\pauli_000\Downloads\Unconfirmed 126890.crdownload
2015-08-14 23:16 - 2015-08-14 23:17 - 00513920 _____ C:\Users\pauli_000\Downloads\Unconfirmed 693194.crdownload
2015-08-14 22:15 - 2015-08-14 22:15 - 00340180 _____ C:\Users\pauli_000\Downloads\setup.zip
2015-08-14 09:35 - 2015-08-14 09:35 - 00001055 _____ C:\Users\Web\Desktop\malwarebytes_20150814.txt
2015-08-14 08:14 - 2015-08-14 08:14 - 00000000 ____D C:\Users\Web\AppData\Local\Games Bot
2015-08-14 08:12 - 2015-08-14 08:12 - 00000258 __RSH C:\ProgramData\ntuser.pol
2015-08-14 08:12 - 2015-08-14 08:12 - 00000033 _____ C:\CLMediaServer.ini
2015-08-14 08:12 - 2015-08-14 08:12 - 00000000 ____D C:\Users\mooke_000\AppData\Local\Games Bot
2015-08-14 07:42 - 2015-08-14 07:42 - 00000000 ____D C:\Users\pauli_000\AppData\Local\Torch
2015-08-14 07:22 - 2015-08-14 07:22 - 00001152 _____ C:\Users\pauli_000\Desktop\Continue Live Installation.lnk
2015-08-14 06:55 - 2015-08-14 07:50 - 00000000 ____D C:\Users\pauli_000\AppData\Local\12586
2015-08-14 06:46 - 2015-08-15 11:28 - 00000000 ____D C:\ProgramData\{8a7ebbef-ee3a-aeaf-8a7e-ebbefee3efbf}
2015-08-14 06:45 - 2015-08-15 11:29 - 00000000 ____D C:\Users\pauli_000\Documents\DailyPCClean
2015-08-14 06:45 - 2015-08-15 11:29 - 00000000 ____D C:\Program Files (x86)\ServiceUpdater
2015-08-14 06:45 - 2015-08-14 08:11 - 00000000 ____D C:\Program Files (x86)\DailyPCClean
2015-08-14 06:45 - 2015-08-14 07:59 - 00000000 _____ C:\end
2015-08-14 06:45 - 2015-08-14 07:58 - 00000000 ____D C:\Program Files (x86)\DailyPcClean Support
2015-08-14 06:45 - 2015-08-14 07:14 - 00003256 _____ C:\windows\System32\Tasks\DailyPCClean Schedule
2015-08-14 06:45 - 2015-08-14 06:45 - 00003258 _____ C:\windows\System32\Tasks\runTask
2015-08-14 06:45 - 2015-08-14 06:45 - 00003162 _____ C:\windows\System32\Tasks\updateTask
2015-08-14 06:45 - 2015-08-14 06:45 - 00000217 _____ C:\task.vbs
2015-08-14 06:44 - 2015-08-15 11:28 - 00000000 ____D C:\Program Files (x86)\adlevel
2015-08-14 06:44 - 2015-08-14 06:44 - 00154826 _____ C:\Program Files (x86)\uninstaller.exe
2015-08-14 06:44 - 2015-08-14 06:44 - 00000000 ____D C:\Users\pauli_000\AppData\Roaming\Mozilla
2015-08-14 06:44 - 2015-08-14 06:44 - 00000000 ____D C:\Users\pauli_000\AppData\Roaming\Compete
2015-08-14 06:44 - 2015-08-14 06:44 - 00000000 ____D C:\Program Files (x86)\TechVedic
2015-08-14 06:43 - 2015-08-15 11:29 - 00000000 ____D C:\Program Files (x86)\Games Bot
2015-08-14 06:43 - 2015-08-14 06:45 - 00000000 ____D C:\Users\pauli_000\AppData\Local\Games Bot
2015-08-14 06:43 - 2015-08-14 06:43 - 00000000 ____D C:\windows\system32\upo
2015-08-14 06:43 - 2015-08-14 06:43 - 00000000 ____D C:\Users\pauli_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games Bot
2015-08-14 06:42 - 2015-08-15 11:28 - 00000000 ____D C:\Users\pauli_000\AppData\Local\SmartWeb
2015-08-14 06:42 - 2015-08-15 11:28 - 00000000 ____D C:\Program Files (x86)\6cfea78c-9c9c-4604-995a-762bb7100ee6
2015-08-14 06:42 - 2015-08-14 08:12 - 00001056 _____ C:\windows\Tasks\zcS3EdYjY9p5nRKgHUxt47hB.job
2015-08-14 06:42 - 2015-08-14 06:43 - 00004074 _____ C:\windows\System32\Tasks\zcS3EdYjY9p5nRKgHUxt47hB
2015-08-14 06:42 - 2015-08-14 06:42 - 00000045 _____ C:\user.js
2015-08-14 06:41 - 2015-08-15 21:37 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-08-14 06:41 - 2015-08-14 07:41 - 00000004 _____ C:\windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-08-14 06:41 - 2015-08-14 06:41 - 00000000 ____D C:\Users\pauli_000\AppData\Local\globalUpdate
2015-08-14 06:40 - 2015-08-15 11:29 - 00000000 ____D C:\ProgramData\Service1291
2015-08-14 06:40 - 2015-08-15 11:28 - 00000000 ____D C:\Users\pauli_000\AppData\Local\A2D4B635-D1D1-4A62-A97D-A44A47B8980
2015-08-14 06:40 - 2015-08-14 06:45 - 00000370 ____H C:\windows\Tasks\OKJQVJWHKAAQRNFR.job
2015-08-14 06:40 - 2015-08-14 06:40 - 00004312 _____ C:\windows\System32\Tasks\A2D4B635-D1D1-4A62-A97D-A44A47B8980
2015-08-14 06:40 - 2015-08-14 06:40 - 00003386 _____ C:\windows\System32\Tasks\OKJQVJWHKAAQRNFR
2015-08-14 06:40 - 2015-08-14 06:40 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-08-13 20:32 - 2015-08-15 11:28 - 00000000 ____D C:\Users\pauli_000\AppData\Local\A6C6C989-1439497946-BC3E-14FC-D623B3EBFD98
2015-08-13 20:32 - 2013-08-22 08:25 - 00000824 _____ C:\windows\system32\Drivers\etc\hp.bak
2015-08-13 20:31 - 2015-08-15 11:45 - 00000000 ____D C:\Program Files (x86)\A6C6C989-1439515876-BC3E-14FC-D623B3EBFD98
2015-08-13 20:30 - 2015-08-13 20:30 - 00001335 _____ C:\Users\mooke_000\AppData\Local\Chrome .lnk
2015-08-13 20:30 - 2015-08-13 20:30 - 00000298 _____ C:\Users\mooke_000\AppData\Local\Firefox .lnk
2015-08-13 20:29 - 2015-08-15 11:28 - 00000000 ____D C:\Program Files (x86)\Iminent
2015-08-13 20:29 - 2015-08-14 09:31 - 00001365 _____ C:\Users\mooke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome .lnk
2015-08-13 20:29 - 2015-08-13 20:29 - 00001008 _____ C:\Users\mooke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Iexplore .lnk
2015-08-13 20:29 - 2015-08-13 20:29 - 00000984 _____ C:\Users\mooke_000\AppData\Local\Iexplore .lnk
2015-08-13 20:29 - 2015-08-13 20:29 - 00000298 _____ C:\Users\mooke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefox .lnk
2015-08-13 20:28 - 2015-08-15 11:28 - 00000000 ____D C:\ProgramData\SearchModule
2015-08-13 20:28 - 2015-08-13 20:28 - 00003852 _____ C:\windows\System32\Tasks\Smp
2015-08-13 20:28 - 2015-08-13 20:28 - 00000000 ____D C:\Program Files (x86)\app_setup
2015-08-13 20:28 - 2015-08-13 20:28 - 00000000 _____ C:\windows\SysWOW64\minibrowser.log
2015-08-13 20:27 - 2015-08-13 20:27 - 00000000 ____D C:\Users\pauli_000\AppData\Roaming\WTools
2015-08-13 20:26 - 2015-08-15 21:37 - 00000000 ____D C:\Users\pauli_000\AppData\Roaming\Store
2015-08-13 20:26 - 2015-08-15 11:28 - 00000000 ____D C:\Users\pauli_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bubble Dock
2015-08-13 20:21 - 2015-08-14 07:58 - 00000000 ____D C:\Program Files (x86)\DnsIo
2015-08-13 20:21 - 2015-08-13 20:21 - 00001249 _____ C:\Users\pauli_000\Desktop\Continue installation .lnk
2015-08-13 19:05 - 2015-08-13 19:05 - 00000000 ____D C:\Users\mooke_000\Downloads\Trove Hack Tool Downloader__3687_i1580706326.exe
2015-08-13 19:01 - 2015-08-13 19:01 - 00540750 _____ C:\Users\mooke_000\Downloads\Trove Hack Tool Downloader__3687_i1580706326.exe.rar
2015-08-13 03:44 - 2015-07-30 09:04 - 00124624 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 03:44 - 2015-07-30 08:48 - 00103120 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 20:35 - 2015-08-12 20:36 - 00000000 ____D C:\Users\mooke_000\AppData\Roaming\Trove
2015-08-12 19:58 - 2015-08-12 19:58 - 00000222 _____ C:\Users\mooke_000\Desktop\Trove.url
2015-08-12 19:14 - 2015-08-12 19:14 - 00000000 ____D C:\Users\mooke_000\AppData\Roaming\com.freakinware.mitosis
2015-08-12 19:05 - 2015-08-12 19:05 - 00000222 _____ C:\Users\mooke_000\Desktop\Mitos.is The Game.url
2015-08-12 18:42 - 2015-08-12 18:42 - 00000222 _____ C:\Users\mooke_000\Desktop\Spooky's House of Jump Scares.url
2015-08-12 16:05 - 2015-08-12 16:05 - 00000222 _____ C:\Users\mooke_000\Desktop\Time Clickers.url
2015-08-12 04:06 - 2015-07-28 18:24 - 00025776 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2015-08-12 04:06 - 2015-07-28 09:24 - 01148416 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-08-12 04:06 - 2015-07-28 09:24 - 01116160 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-08-12 04:06 - 2015-07-28 09:24 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-08-12 04:06 - 2015-07-28 09:24 - 00743424 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-08-12 04:06 - 2015-07-28 09:24 - 00437248 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-08-12 04:06 - 2015-07-28 09:24 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-08-12 04:06 - 2015-07-18 20:58 - 00136904 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-08-12 04:06 - 2015-07-18 13:51 - 03704320 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-08-12 04:06 - 2015-07-18 13:31 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-08-12 04:06 - 2015-07-18 13:31 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-08-12 04:06 - 2015-07-18 13:31 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-08-12 04:06 - 2015-07-18 13:29 - 00409088 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2015-08-12 04:06 - 2015-07-18 13:29 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-08-12 04:06 - 2015-07-18 13:28 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-08-12 04:06 - 2015-07-18 13:12 - 02228736 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-08-12 04:06 - 2015-07-18 13:10 - 00891904 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-08-12 04:06 - 2015-07-18 13:09 - 00721920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-08-12 04:06 - 2015-07-15 19:29 - 07458648 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-08-12 04:06 - 2015-07-15 19:29 - 01735000 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-08-12 04:06 - 2015-07-15 19:29 - 00101720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-08-12 04:06 - 2015-07-15 19:28 - 01499920 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-08-12 04:06 - 2015-07-10 12:54 - 01217024 _____ (Microsoft Corporation) C:\windows\system32\sysmain.dll
2015-08-12 04:06 - 2015-07-01 17:19 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2015-08-12 04:06 - 2015-07-01 17:16 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2015-08-12 04:06 - 2015-07-01 16:37 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2015-08-12 04:06 - 2015-07-01 16:35 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2015-08-12 04:05 - 2015-07-18 13:29 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-08-12 04:05 - 2015-06-09 13:27 - 00411133 _____ C:\windows\system32\ApnDatabase.xml
2015-08-12 04:04 - 2015-07-16 16:14 - 25192448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-08-12 04:04 - 2015-07-16 15:36 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-08-12 04:04 - 2015-07-16 15:36 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-08-12 04:04 - 2015-07-16 15:35 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-08-12 04:04 - 2015-07-16 15:26 - 05923328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-08-12 04:04 - 2015-07-16 15:23 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-08-12 04:04 - 2015-07-16 15:21 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-08-12 04:04 - 2015-07-16 15:20 - 19870208 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-08-12 04:04 - 2015-07-16 14:53 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2015-08-12 04:04 - 2015-07-16 14:51 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-08-12 04:04 - 2015-07-16 14:50 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-08-12 04:04 - 2015-07-16 14:45 - 02279424 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-08-12 04:04 - 2015-07-16 14:45 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-08-12 04:04 - 2015-07-16 14:41 - 00479232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-08-12 04:04 - 2015-07-16 14:39 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-08-12 04:04 - 2015-07-16 14:38 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-08-12 04:04 - 2015-07-16 14:36 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-08-12 04:04 - 2015-07-16 14:34 - 14451200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-08-12 04:04 - 2015-07-16 14:32 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-08-12 04:04 - 2015-07-16 14:14 - 02880000 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2015-08-12 04:04 - 2015-07-16 14:13 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-08-12 04:04 - 2015-07-16 14:12 - 04520448 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-08-12 04:04 - 2015-07-16 14:12 - 02427904 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-08-12 04:04 - 2015-07-16 14:10 - 12856832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-08-12 04:04 - 2015-07-16 14:06 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-08-12 04:04 - 2015-07-16 14:01 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-08-12 04:04 - 2015-07-16 13:52 - 01048576 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2015-08-12 04:04 - 2015-07-16 13:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-08-12 04:04 - 2015-07-16 13:42 - 01951232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-08-12 04:04 - 2015-07-16 13:38 - 01310720 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-08-12 04:04 - 2015-07-16 13:37 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-08-12 04:03 - 2015-07-07 04:40 - 00270168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
2015-08-12 04:03 - 2015-07-07 04:40 - 00114520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdNisDrv.sys
2015-08-12 04:03 - 2015-07-07 04:40 - 00044560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
2015-08-12 04:03 - 2015-06-12 12:03 - 18823680 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll
2015-08-12 04:03 - 2015-06-12 11:36 - 15159296 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll
2015-08-12 04:01 - 2015-07-29 09:37 - 01994752 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-08-12 04:01 - 2015-07-29 09:30 - 01381888 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-08-12 04:01 - 2015-07-29 09:23 - 01559552 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-08-12 04:01 - 2015-07-24 13:57 - 04177408 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-08-12 04:01 - 2015-07-24 13:57 - 00358912 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-08-12 04:01 - 2015-07-24 13:52 - 00044032 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-08-12 04:01 - 2015-07-24 12:27 - 00301568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-08-12 04:01 - 2015-07-24 12:23 - 00035840 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-08-12 04:01 - 2015-07-14 16:59 - 01113944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2015-08-12 04:01 - 2015-07-14 16:59 - 00487256 _____ (Microsoft Corporation) C:\windows\system32\netcfgx.dll
2015-08-12 04:01 - 2015-07-14 16:59 - 00393560 _____ (Microsoft Corporation) C:\windows\SysWOW64\netcfgx.dll
2015-08-12 04:01 - 2015-07-13 22:22 - 02529880 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2015-08-12 04:01 - 2015-07-13 22:21 - 01901776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2015-08-12 04:01 - 2015-07-13 14:46 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-08-12 04:01 - 2015-07-13 14:45 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\basesrv.dll
2015-08-12 04:01 - 2015-07-10 13:19 - 01101824 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2015-08-12 04:01 - 2015-07-10 12:42 - 02345472 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-08-12 04:01 - 2015-07-10 12:14 - 00856064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2015-08-12 04:01 - 2015-07-10 12:13 - 07032320 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-08-12 04:01 - 2015-07-10 11:47 - 01556992 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-08-12 04:01 - 2015-07-10 11:31 - 06213120 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-08-12 04:01 - 2015-07-09 12:13 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\notepad.exe
2015-08-12 04:01 - 2015-07-09 12:13 - 00221184 _____ (Microsoft Corporation) C:\windows\notepad.exe
2015-08-12 04:01 - 2015-07-09 11:30 - 00212992 _____ (Microsoft Corporation) C:\windows\SysWOW64\notepad.exe
2015-08-12 04:01 - 2015-06-11 15:12 - 02476376 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2015-08-12 04:01 - 2015-06-11 15:12 - 00428888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2015-08-12 04:01 - 2015-05-11 19:24 - 00536920 _____ (Microsoft Corporation) C:\windows\system32\mcupdate_GenuineIntel.dll
2015-08-09 14:43 - 2015-08-09 14:43 - 00000742 _____ C:\Users\mooke_000\Documents\Desktop - Shortcut.lnk
2015-08-09 13:45 - 2015-08-07 07:59 - 03930112 _____ (ProjectPokémon) C:\Users\mooke_000\Desktop\PKHeX.exe
2015-08-09 13:42 - 2015-08-09 13:43 - 01982114 _____ C:\Users\mooke_000\Downloads\PKHeX (08-08-15).zip
2015-07-29 11:07 - 2015-07-29 11:07 - 00000000 ____D C:\Users\mooke_000\Downloads\powersaves3ds-software-129
2015-07-29 11:07 - 2015-07-27 12:30 - 04065363 _____ (Datel Design & Development ) C:\Users\mooke_000\Desktop\powersaves_setup_v1.29.exe
2015-07-29 11:04 - 2015-07-29 11:04 - 04034094 _____ C:\Users\mooke_000\Downloads\powersaves3ds-software-129.zip
2015-07-26 20:29 - 2015-07-26 20:29 - 00986311 _____ C:\Users\mooke_000\Downloads\RebirthCCLauncher.zip
2015-07-24 16:52 - 2015-07-24 16:52 - 00969584 _____ (ROBLOX Corporation) C:\Users\mooke_000\Downloads\RobloxPlayerLauncher (1).exe
2015-07-22 18:46 - 2015-07-22 18:46 - 00000000 ____D C:\Users\mooke_000\AppData\Local\CEF
2015-07-20 16:58 - 2015-07-20 17:00 - 115236013 _____ C:\Users\mooke_000\Downloads\JSTR_Universal_1.7.x.zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-16 13:04 - 2014-06-04 17:07 - 01425902 _____ C:\windows\WindowsUpdate.log
2015-08-16 13:03 - 2014-06-04 17:14 - 00000000 __RDO C:\Users\Web\SkyDrive
2015-08-16 13:02 - 2014-10-10 14:19 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-16 13:02 - 2013-08-22 09:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-08-16 13:01 - 2013-08-24 16:32 - 00296706 _____ C:\windows\PFRO.log
2015-08-16 13:01 - 2013-08-22 09:46 - 00026440 _____ C:\windows\setupact.log
2015-08-16 13:01 - 2013-08-22 08:25 - 01048576 ___SH C:\windows\system32\config\BBI
2015-08-16 13:00 - 2013-08-22 10:36 - 00000000 ____D C:\windows\system32\sru
2015-08-16 12:40 - 2013-08-22 10:36 - 00000000 ____D C:\windows\AppReadiness
2015-08-16 12:35 - 2014-06-29 07:08 - 00000000 ____D C:\EDS
2015-08-16 12:18 - 2014-06-27 15:25 - 00000000 ____D C:\Program Files (x86)\Steam
2015-08-16 12:02 - 2014-12-29 17:02 - 00000000 ____D C:\Users\mooke_000\AppData\Roaming\Skype
2015-08-16 10:00 - 2014-06-05 17:19 - 00000000 __RDO C:\Users\mooke_000\SkyDrive
2015-08-16 09:07 - 2015-03-05 16:27 - 00000000 ____D C:\ProgramData\Origin
2015-08-16 07:04 - 2014-06-05 17:30 - 00000000 ____D C:\Users\mooke_000\AppData\Roaming\.minecraft
2015-08-15 21:39 - 2014-09-01 08:44 - 00000000 ___RD C:\Users\pauli_000\Google Drive
2015-08-15 21:38 - 2014-06-04 21:41 - 00000000 __RDO C:\Users\pauli_000\SkyDrive
2015-08-15 15:20 - 2013-08-24 16:38 - 00891920 _____ C:\windows\system32\PerfStringBackup.INI
2015-08-15 15:05 - 2014-05-29 19:42 - 00065536 _____ C:\windows\system32\spu_storage.bin
2015-08-15 11:29 - 2013-08-22 08:25 - 00000301 _____ C:\windows\win.ini
2015-08-15 11:27 - 2015-04-10 19:27 - 00000000 ____D C:\Program Files (x86)\360
2015-08-15 11:27 - 2013-08-22 10:36 - 00000000 ____D C:\windows\SysWOW64\GroupPolicy
2015-08-15 10:27 - 2014-06-05 17:04 - 00000000 ____D C:\Users\mooke_000
2015-08-15 10:25 - 2014-11-15 16:50 - 00000000 __SHD C:\Users\Web\AppData\Local\EmieBrowserModeList
2015-08-15 10:25 - 2014-06-11 19:43 - 00000000 __SHD C:\Users\Web\AppData\Local\EmieUserList
2015-08-15 10:25 - 2014-06-11 19:43 - 00000000 __SHD C:\Users\Web\AppData\Local\EmieSiteList
2015-08-15 10:22 - 2014-06-04 18:06 - 00000000 ____D C:\Users\pauli_000
2015-08-15 10:20 - 2014-06-05 17:57 - 00002348 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-15 10:12 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Common Files\System
2015-08-14 09:30 - 2015-01-31 12:08 - 00035328 ___SH C:\Users\mooke_000\Desktop\Thumbs.db
2015-08-14 08:11 - 2013-08-22 09:45 - 00000000 ____D C:\windows\Setup
2015-08-14 08:08 - 2014-06-04 21:45 - 00003594 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2744511804-60897879-1795108344-1004
2015-08-14 07:14 - 2014-06-05 17:36 - 00000926 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-14 07:00 - 2014-10-10 14:19 - 00001121 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-14 07:00 - 2014-10-10 14:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-14 07:00 - 2014-10-10 14:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-14 06:50 - 2015-03-05 19:35 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-08-14 06:43 - 2015-03-11 12:13 - 00657920 _____ (Microsoft Corporation) C:\windows\system32\dnsapi.dll
2015-08-14 06:43 - 2015-03-11 12:12 - 00498688 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnsapi.dll
2015-08-14 06:42 - 2014-06-04 18:06 - 00003946 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{CCDD9EF7-4E0A-476E-96E0-B7B28717D32C}
2015-08-14 06:37 - 2015-06-28 18:12 - 00000998 _____ C:\Users\Public\Desktop\Minecraft.lnk
2015-08-14 06:37 - 2015-04-12 19:54 - 00000605 _____ C:\Users\Public\Desktop\Fraps.lnk
2015-08-14 06:37 - 2015-04-10 19:06 - 00001122 _____ C:\Users\pauli_000\Desktop\Cheat Engine.lnk
2015-08-14 06:37 - 2015-03-08 16:36 - 00000955 _____ C:\Users\mooke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mine-imator.lnk
2015-08-14 06:37 - 2015-03-05 21:17 - 00001368 _____ C:\Users\Public\Desktop\PVZ Garden Warfare.lnk
2015-08-14 06:37 - 2015-03-05 19:35 - 00002064 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-08-14 06:37 - 2015-03-05 16:27 - 00001016 _____ C:\Users\Public\Desktop\Origin.lnk
2015-08-14 06:37 - 2015-01-31 12:08 - 00001255 _____ C:\Users\mooke_000\Desktop\TechnicLauncher - Shortcut.lnk
2015-08-14 06:37 - 2015-01-19 08:48 - 00001521 _____ C:\Users\pauli_000\Desktop\ROBLOX Player.lnk
2015-08-14 06:37 - 2015-01-19 08:48 - 00001336 _____ C:\Users\pauli_000\Desktop\ROBLOX Studio.lnk
2015-08-14 06:37 - 2014-12-24 15:50 - 00001521 _____ C:\Users\mooke_000\Desktop\ROBLOX Player.lnk
2015-08-14 06:37 - 2014-12-24 15:49 - 00001336 _____ C:\Users\mooke_000\Desktop\ROBLOX Studio.lnk
2015-08-14 06:37 - 2014-12-22 11:32 - 00002731 _____ C:\Users\Public\Desktop\Skype.lnk
2015-08-14 06:37 - 2014-09-01 08:44 - 00001848 _____ C:\Users\pauli_000\Desktop\Google Drive.lnk
2015-08-14 06:37 - 2014-08-29 21:16 - 00001962 _____ C:\Users\Web\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-08-14 06:37 - 2014-08-29 21:16 - 00001956 _____ C:\Users\Web\Desktop\Spotify.lnk
2015-08-14 06:37 - 2014-08-22 14:58 - 00001355 _____ C:\Users\halca_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
2015-08-14 06:37 - 2014-08-02 10:19 - 00001163 _____ C:\Users\Public\Desktop\iRepo.lnk
2015-08-14 06:37 - 2014-08-02 10:03 - 00003145 _____ C:\Users\Public\Desktop\Music Rescue.lnk
2015-08-14 06:37 - 2014-08-02 09:53 - 00003069 _____ C:\Users\Web\Desktop\TouchCopy 12.lnk
2015-08-14 06:37 - 2014-08-02 09:48 - 00001044 _____ C:\Users\Public\Desktop\Sharepod.lnk
2015-08-14 06:37 - 2014-06-27 15:25 - 00001000 _____ C:\Users\Public\Desktop\Steam.lnk
2015-08-14 06:37 - 2014-06-18 09:09 - 00001820 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-08-14 06:37 - 2014-06-13 18:14 - 00002258 _____ C:\Users\pauli_000\Desktop\HP Support Assistant.lnk
2015-08-14 06:37 - 2014-06-11 19:44 - 00002655 _____ C:\Users\Web\Desktop\Microsoft Office Word 2007.lnk
2015-08-14 06:37 - 2014-06-11 19:44 - 00002655 _____ C:\Users\Web\Desktop\Microsoft Office Excel 2007.lnk
2015-08-14 06:37 - 2014-06-11 16:14 - 00002655 _____ C:\Users\pauli_000\Desktop\Microsoft Office Word 2007.lnk
2015-08-14 06:37 - 2014-06-11 16:14 - 00002655 _____ C:\Users\pauli_000\Desktop\Microsoft Office Excel 2007.lnk
2015-08-14 06:37 - 2014-06-08 15:49 - 00002152 _____ C:\Users\Public\Desktop\QuickBooks Pro 2014.lnk
2015-08-14 06:37 - 2014-06-07 18:55 - 00001842 _____ C:\Users\Web\Desktop\Google Drive.lnk
2015-08-14 06:37 - 2014-06-07 14:44 - 00002083 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-08-14 06:37 - 2014-06-07 14:44 - 00002081 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-08-14 06:37 - 2014-06-07 14:44 - 00002071 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-08-14 06:37 - 2014-06-05 17:36 - 00000922 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-14 06:37 - 2014-06-05 17:29 - 00001077 _____ C:\Users\mooke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft.lnk
2015-08-14 06:37 - 2014-06-04 21:53 - 00001819 _____ C:\Users\Public\Desktop\Vuze.lnk
2015-08-14 06:37 - 2014-06-04 18:06 - 00001443 _____ C:\Users\pauli_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-14 06:37 - 2014-06-04 17:10 - 00001443 _____ C:\Users\Web\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-14 06:37 - 2014-05-29 20:41 - 00001332 _____ C:\Users\Public\Desktop\HP Smart Friend.lnk
2015-08-14 06:36 - 2015-01-18 14:11 - 00001336 _____ C:\Users\halca_000\Desktop\ROBLOX Studio.lnk
2015-08-14 06:36 - 2015-01-16 16:09 - 00001348 _____ C:\Users\halca_000\Desktop\Continue Five Nights at Freddy's Installation.lnk
2015-08-14 06:36 - 2014-12-31 17:27 - 00001298 _____ C:\Users\halca_000\Desktop\Continue File Opener Installation.lnk
2015-08-14 06:36 - 2014-10-12 15:04 - 00001521 _____ C:\Users\halca_000\Desktop\ROBLOX Player.lnk
2015-08-14 06:36 - 2014-08-25 16:55 - 00001318 _____ C:\Users\halca_000\Desktop\Continue Free Download Installation.lnk
2015-08-14 06:36 - 2014-08-24 10:40 - 00002472 _____ C:\Users\halca_000\Desktop\Facebook.lnk
2015-08-14 06:36 - 2014-08-24 10:40 - 00002468 _____ C:\Users\halca_000\Desktop\Youtube.lnk
2015-08-14 06:36 - 2014-08-24 10:40 - 00002448 _____ C:\Users\halca_000\Desktop\Free Music.lnk
2015-08-14 06:36 - 2014-08-24 10:40 - 00002448 _____ C:\Users\halca_000\Desktop\Free Games.lnk
2015-08-14 06:36 - 2014-08-22 14:58 - 00001547 _____ C:\Users\halca_000\Desktop\Torch.lnk
2015-08-14 06:36 - 2014-08-22 14:56 - 00001211 _____ C:\Users\halca_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
2015-08-14 06:36 - 2014-06-29 07:08 - 00001443 _____ C:\Users\aklyk_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-14 06:36 - 2014-06-29 07:08 - 00000551 _____ C:\Users\aklyk_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-08-14 06:36 - 2014-06-29 07:08 - 00000549 _____ C:\Users\aklyk_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-08-14 06:36 - 2014-06-16 16:25 - 00001735 _____ C:\Users\halca_000\Desktop\Pokémon Trading Card Game Online.lnk
2015-08-14 06:36 - 2014-06-08 02:03 - 00000551 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-08-14 06:36 - 2014-06-08 02:03 - 00000551 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-08-14 06:36 - 2014-06-08 02:03 - 00000549 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-08-14 06:36 - 2014-06-08 02:03 - 00000549 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-08-14 06:36 - 2014-06-05 18:34 - 00001443 _____ C:\Users\halca_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-13 21:41 - 2013-08-22 10:36 - 00000000 ___HD C:\windows\system32\GroupPolicy
2015-08-13 20:40 - 2015-06-25 14:21 - 00000368 _____ C:\windows\Tasks\HPCeeScheduleForpauli_000.job
2015-08-13 20:40 - 2013-08-22 09:44 - 00441296 _____ C:\windows\system32\FNTCACHE.DAT
2015-08-13 20:38 - 2014-08-03 12:38 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-13 20:38 - 2014-08-03 12:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-13 20:35 - 2014-12-12 08:32 - 00000000 ____D C:\windows\system32\appraiser
2015-08-13 20:35 - 2014-07-16 17:12 - 00000000 ___SD C:\windows\system32\CompatTel
2015-08-13 20:35 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-13 20:35 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-13 20:35 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-13 20:35 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-13 20:35 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-13 20:35 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-13 20:33 - 2014-06-05 17:21 - 00003594 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2744511804-60897879-1795108344-1005
2015-08-13 20:16 - 2014-06-07 14:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-08-13 17:27 - 2014-06-05 17:05 - 00003946 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{E1291903-9E5D-49F7-9CC8-108CE3F4EC8A}
2015-08-13 14:45 - 2014-06-05 14:46 - 00000052 _____ C:\windows\SysWOW64\DOErrors.log
2015-08-13 14:41 - 2014-12-24 15:49 - 00000000 ____D C:\Users\mooke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2015-08-13 03:45 - 2014-06-11 08:45 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-13 03:45 - 2013-08-22 10:20 - 00000000 ____D C:\windows\CbsTemp
2015-08-13 03:43 - 2014-08-03 12:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-13 03:40 - 2014-06-07 05:31 - 00000000 ____D C:\windows\system32\MRT
2015-08-13 03:21 - 2014-06-07 05:31 - 132483416 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-08-12 19:28 - 2015-06-22 17:57 - 00000000 ____D C:\Users\mooke_000\Powersaves3DS
2015-08-11 14:01 - 2015-06-25 14:21 - 00003190 _____ C:\windows\System32\Tasks\HPCeeScheduleForpauli_000
2015-08-09 17:14 - 2014-06-05 17:05 - 00000000 ____D C:\Users\mooke_000\AppData\Local\Packages
2015-08-08 08:55 - 2015-03-14 08:21 - 00794088 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-08-08 08:55 - 2015-03-14 08:21 - 00179688 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-01 15:49 - 2015-06-28 18:12 - 00000000 ____D C:\Program Files (x86)\Minecraft
2015-08-01 14:11 - 2015-06-22 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Action Replay PowerSaves 3DS
2015-08-01 14:11 - 2015-06-22 17:57 - 00000000 ____D C:\Program Files (x86)\Action Replay PowerSaves 3DS
2015-08-01 14:06 - 2014-06-04 17:09 - 00000000 ____D C:\Users\Web
2015-07-30 10:55 - 2013-08-22 10:36 - 00000000 ____D C:\windows\system32\NDF
2015-07-30 09:45 - 2014-06-29 07:08 - 00000000 ____D C:\Users\aklyk_000
2015-07-30 09:45 - 2014-06-05 18:34 - 00000000 ____D C:\Users\halca_000
2015-07-30 09:09 - 2014-06-08 07:04 - 00003922 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{97BF5AF6-D346-4412-B19A-879C9F6FBBA8}
2015-07-28 18:20 - 2015-03-05 16:30 - 00000000 ____D C:\Users\mooke_000\AppData\Roaming\Origin
2015-07-28 18:14 - 2015-03-05 16:27 - 00000000 ____D C:\Program Files (x86)\Origin
2015-07-25 05:11 - 2015-04-04 09:03 - 00000000 ___SD C:\windows\system32\GWX
2015-07-22 21:11 - 2013-08-22 10:36 - 00000000 ____D C:\windows\rescache
2015-07-22 07:28 - 2015-01-31 11:51 - 04731400 _____ () C:\Users\mooke_000\Desktop\TechnicLauncher.exe
2015-07-22 07:27 - 2015-01-31 12:04 - 00000000 ____D C:\Users\mooke_000\AppData\Roaming\.technic
2015-07-19 10:39 - 2015-04-04 09:03 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-07-19 10:39 - 2013-08-22 10:36 - 00000000 ___RD C:\windows\ToastData
2015-07-19 10:39 - 2013-08-22 10:36 - 00000000 ____D C:\windows\WinStore
2015-07-19 07:50 - 2014-06-05 18:34 - 00003946 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{29EB089F-8B13-46EE-B4F2-40CFC60D11E2}
 
==================== Files in the root of some directories =======
 
2015-05-12 18:22 - 2015-05-12 18:22 - 0099678 _____ () C:\Program Files (x86)\tunepro138x138.ico
2015-08-14 06:44 - 2015-08-14 06:44 - 0154826 _____ () C:\Program Files (x86)\uninstaller.exe
2014-08-02 10:04 - 2014-08-02 10:05 - 0000360 _____ () C:\Users\Web\AppData\Roaming\com.kennettnet.MusicRescue4.plist
2014-11-14 13:52 - 2014-11-14 13:53 - 0002747 _____ () C:\Users\Web\AppData\Roaming\QBFileDrTool.log
 
Some files in TEMP:
====================
C:\Users\mooke_000\AppData\Local\Temp\SkypeSetup.exe
C:\Users\pauli_000\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Web\AppData\Local\Temp\Abspdf.exe
C:\Users\Web\AppData\Local\Temp\acfpdfu.dll
C:\Users\Web\AppData\Local\Temp\acfpdfuamd64.dll
C:\Users\Web\AppData\Local\Temp\acfpdfui.dll
C:\Users\Web\AppData\Local\Temp\acfpdfuia64.dll
C:\Users\Web\AppData\Local\Temp\acfpdfuiamd64.dll
C:\Users\Web\AppData\Local\Temp\acfpdfuiia64.dll
C:\Users\Web\AppData\Local\Temp\cdintf.dll
C:\Users\Web\AppData\Local\Temp\converter.exe
C:\Users\Web\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Web\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Web\AppData\Local\Temp\PDFPRT400.exe
C:\Users\Web\AppData\Local\Temp\qqlghddd.dll
C:\Users\Web\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Web\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Web\AppData\Local\Temp\tu17p84.exe
C:\Users\Web\AppData\Local\Temp\xmllite.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll
[2015-03-11 12:13] - [2015-08-14 06:43] - 0657920 ____A (Microsoft Corporation) 089D030FF1B7D49ACD074B289D306F4D
 
C:\windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-10 04:49
 
==================== End of log ============================
Link to post
Share on other sites

Addition.txt: 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:16-08-2015
Ran by Web (2015-08-16 13:08:33)
Running from C:\Users\Web\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2744511804-60897879-1795108344-500 - Administrator - Disabled)
aklyk_000 (S-1-5-21-2744511804-60897879-1795108344-1007 - Limited - Enabled) => C:\Users\aklyk_000
Guest (S-1-5-21-2744511804-60897879-1795108344-501 - Limited - Disabled)
halca_000 (S-1-5-21-2744511804-60897879-1795108344-1006 - Limited - Enabled) => C:\Users\halca_000
HomeGroupUser$ (S-1-5-21-2744511804-60897879-1795108344-1003 - Limited - Enabled)
mooke_000 (S-1-5-21-2744511804-60897879-1795108344-1005 - Limited - Enabled) => C:\Users\mooke_000
pauli_000 (S-1-5-21-2744511804-60897879-1795108344-1004 - Administrator - Enabled) => C:\Users\pauli_000
Web (S-1-5-21-2744511804-60897879-1795108344-1001 - Administrator - Enabled) => C:\Users\Web
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Action Replay PowerSaves 3DS version 1.29 (HKLM-x32\...\{CD24B06F-0A4D-410A-AEF2-DFE6A28AB4C0}_is1) (Version: 1.29 - Datel Design & Development)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver  (x32 Version: 20.21.3317.03861 - Alcor Micro Corp.) Hidden
Amazing World (HKLM-x32\...\Steam App 293500) (Version:  - Ganz)
AMD Catalyst Install Manager (HKLM\...\{7288D4D9-90E0-2B03-43D0-0BB6D4496577}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Amnesia: The Dark Descent (HKLM-x32\...\Steam App 57300) (Version:  - Frictional Games)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Brick-Force (EU) (HKLM-x32\...\Steam App 335330) (Version:  - Exe Games Inc.)
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Castle Crashers (HKLM-x32\...\Steam App 204360) (Version:  - The Behemoth)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Clicker Heroes (HKLM-x32\...\Steam App 363970) (Version:  - )
Collaboration Data Objects 1.2.1 (HKLM-x32\...\{86EF9EB6-DE10-4ABB-B221-D61972BB3C09}) (Version: 6.5.7940.0 - Microsoft)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cry of Fear (HKLM-x32\...\Steam App 223710) (Version:  - Team Psykskallar)
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6805 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3103 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4323 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3215 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3215 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3212 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
Fistful of Frags (HKLM-x32\...\Steam App 265630) (Version:  - Fistful of Frags Team)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.155 - Google Inc.)
Google Drive (HKLM-x32\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.15) (Version: 9.15 - Artifex Software Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Documentation (HKLM-x32\...\{06600E94-1C34-40E2-AB09-D30AECF78172}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.51 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
Inst5675 (Version: 8.00.51 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.51 - Softex Inc.) Hidden
iRepo 5.3.0.0 (HKLM-x32\...\iRepo_is1) (Version: 5.3.0.0 - Purple Ghost Software, Inc.)
Ironclad Tactics (HKLM-x32\...\Steam App 226960) (Version:  - Zachtronics)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mitos.is: The Game (HKLM-x32\...\Steam App 389570) (Version:  - Freakinware Studios)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Music Rescue (HKLM-x32\...\{5F503B34-022D-4C56-9D40-53D2916CE3C9}) (Version: 4.5.1 - KennettNet Software Ltd)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
NBA 2K15 (HKLM-x32\...\Steam App 282350) (Version:  - Visual Concepts)
Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pinger (HKLM-x32\...\Pinger 1.1.1.2) (Version: 1.1.1.2 - Pinger Inc.)
Pinger (x32 Version: 1.1.1.2 - Pinger Inc.) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pokémon Trading Card Game Online (HKLM-x32\...\{D81F39D4-FDA9-4356-92B1-16081D8BF71A}) (Version: 1.0.0 - The Pokémon Company International)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
PVZ Garden Warfare (HKLM-x32\...\{A5AC7D7B-C1D5-4AF9-8829-993DA335BE1B}) (Version: 1.0.3.0 - Electronic Arts)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickBooks (x32 Version: 24.0.4008.2403 - Intuit Inc.) Hidden
QuickBooks Pro 2014 (HKLM-x32\...\{4A21D17E-2FE8-42CD-88B7-ACF8E8860834}) (Version: 24.0.4003.2403 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7090 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.7001 - CyberLink Corp.) Hidden
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version:  - )
Sharepod 4.0.1.1 (HKLM-x32\...\{085BCFB8-F6FB-4600-AFAB-1F6DBC7F5F99}_is1) (Version:  - Macroplant LLC)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Spooky's House of Jump Scares (HKLM-x32\...\Steam App 356670) (Version:  - Lag Studios)
Spotify (HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Team Fortress Classic (HKLM-x32\...\Steam App 20) (Version:  - Valve)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version:  - Nicalis, Inc.)
Time Clickers (HKLM-x32\...\Steam App 385770) (Version:  - Proton Studio Inc)
TouchCopy 12 (HKLM-x32\...\{363B852D-FBAD-4BAB-B1E9-28937DCDA620}) (Version: 12.46 - Wide Angle Software)
Trove (HKLM-x32\...\Steam App 304050) (Version:  - Trion Worlds)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.3.0.0 - Azureus Software, Inc.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
X Rebirth (HKLM-x32\...\Steam App 2870) (Version:  - Egosoft)
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
29-07-2015 04:09:48 Windows Update
11-08-2015 11:39:06 Scheduled Checkpoint
16-08-2015 12:39:33 Removed Java 7 Update 60 (64-bit)
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {04BC670B-95B0-4AF2-84FB-463F165F917A} - System32\Tasks\A2D4B635-D1D1-4A62-A97D-A44A47B8980 => C:\Users\pauli_000\AppData\Local\A2D4B635-D1D1-4A62-A97D-A44A47B8980\A2D4B635-D1D1-4A62-A97D-A44A47B8980.exe <==== ATTENTION
Task: {089607A1-22D1-4172-A106-4DEEEDF53A49} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {0AE646E2-9F96-4A2F-98ED-782987460702} - \globalUpdateUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {0BC35AC8-DBCA-4F36-A5DA-E53D1F232188} - \1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-1-7 -> No File <==== ATTENTION
Task: {19E2196E-E0F1-4518-84FF-7FD40FFFDF57} - \1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-6 -> No File <==== ATTENTION
Task: {1F795715-7993-4702-A09E-246EC9877C1E} - \WindApp Update -> No File <==== ATTENTION
Task: {20685D58-BC19-48BB-96E5-0EF4CB79BAEF} - \SushiLeads -> No File <==== ATTENTION
Task: {283EFFA8-8543-4156-9297-F4967767E0AC} - System32\Tasks\updateTask => c:\task.vbs [2015-08-14] ()
Task: {2F8869EE-DDF4-4189-B218-0FA932BA833B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-05] (Google Inc.)
Task: {324F8CF7-2C46-406D-B8A3-3B74DD06E559} - \1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-5 -> No File <==== ATTENTION
Task: {3278AEA8-72C5-4AFA-9261-70BA95437111} - System32\Tasks\DailyPCClean Schedule => C:\Program Files (x86)\DailyPCClean\DPCCSchedule.exe
Task: {33C6C936-27C9-4864-BC10-AD0EE8157838} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {34250E27-3085-4A85-B311-A33E778664C3} - \1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-3 -> No File <==== ATTENTION
Task: {34CE367C-12F8-40EF-A247-F2A77A5692E5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {3513DBDC-1C2F-4246-B1AE-EAEA37C895CE} - \WordSurfer Auto Updater 1.10.0.19 Core -> No File <==== ATTENTION
Task: {364C2067-47B8-4DA0-9B7F-DEF696AC3D31} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {406634BE-2592-40E5-8185-7E60C2FC4AF0} - System32\Tasks\zcS3EdYjY9p5nRKgHUxt47hB => C:\Users\pauli_000\AppData\Roaming\zcS3EdYjY9p5nRKgHUxt47hB.exe <==== ATTENTION
Task: {4523B8B0-4096-4875-8416-87E38CFCBB5D} - \Jarmeee -> No File <==== ATTENTION
Task: {4D0A3E5D-EA2D-4BC2-A3B0-35166C769E0C} - System32\Tasks\runTask => %TEMP%/Updater.exe
Task: {4D52730F-2073-4DBC-BB6C-3742301CBB9E} - \Superclean -> No File <==== ATTENTION
Task: {53E82944-B0B9-4C85-91AC-92071F7E1FB8} - \SMWUpd -> No File <==== ATTENTION
Task: {5D7FD6F8-DA6C-40D7-A7A7-0FB09A0CE9EC} - \1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-10_user -> No File <==== ATTENTION
Task: {6D630EE5-9363-4E34-80CB-05227AE6CFBA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-08-13] (Microsoft Corporation)
Task: {7626125F-A9AE-4DE0-81D2-4CD57E6801AB} - \CIMT_S-1-5-21-2744511804-60897879-1795108344-1004 -> No File <==== ATTENTION
Task: {77200938-3CE4-4EBB-84E5-2C1A6B3FF06A} - \SMW_UpdateTask_Time_333332393435373737322d2350785732325b6c342a2d45 -> No File <==== ATTENTION
Task: {77CF4BB0-2AE6-4B31-B93A-DB11A592EF9C} - System32\Tasks\OKJQVJWHKAAQRNFR => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
Task: {78433DFD-CEDB-4793-AB00-0EAAE5EA786D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {7CA7A837-18A0-4220-A9A1-58392070FF63} - \1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-1-6 -> No File <==== ATTENTION
Task: {912CDA96-E250-45E0-A69F-CBE9F94642F8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-31] (Hewlett-Packard)
Task: {A8A586F8-3AB2-43BE-B7E5-91B816889678} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B1D11D2D-DEEB-4BFB-A956-2B8FB64C2A3C} - \TunePro360 Updater -> No File <==== ATTENTION
Task: {B706A7B2-9D42-4E31-B0ED-1D4E6DA59441} - \globalUpdateUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {BD7DAA70-092B-4027-B7B0-E3BC5A7F2478} - \Selection Tools Update -> No File <==== ATTENTION
Task: {BE8F0C47-4BA8-459E-B418-526C6F55258F} - \CIMT_daily_S-1-5-21-2744511804-60897879-1795108344-1004 -> No File <==== ATTENTION
Task: {CA2C0F1A-EF1F-4D99-AA62-3274BBB1B9F3} - System32\Tasks\Smp => C:\Program Files\Common Files\Goobzo\GBUpdate\smp.exe <==== ATTENTION
Task: {D5016636-D008-4FA8-A9CA-F95655C46526} - System32\Tasks\HPCeeScheduleForpauli_000 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {D576BEE5-6B9B-4783-98AB-0F5C1E1AF9F9} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {D5E45616-3703-4421-BCF8-C2617A3EB32A} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {D8C5C3DA-B014-4EA6-8AD6-C2489B10B7CE} - \UFGIMDA1 -> No File <==== ATTENTION
Task: {D964784B-64D9-4CDA-8E88-82E6376C60A8} - \ConsumerInputUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {DF80B38C-CA93-4FAD-887C-AD8EDE5A02EB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-31] (Hewlett-Packard)
Task: {E0656664-4567-4309-817B-5F2691F42BE0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-05] (Google Inc.)
Task: {E5B134F3-B2F2-4DEC-BCD4-7D1F119E2737} - \WordSurfer Auto Updater 1.10.0.19 Pending Update -> No File <==== ATTENTION
Task: {E81456EC-E233-4971-8A38-08A91BF7C079} - \1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-5_user -> No File <==== ATTENTION
Task: {F1039C79-C9E6-4CBA-B9BE-6B0F0A3A5069} - \ConsumerInputUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {F23B1A5B-0146-4E50-B83A-0E65D55F8CF3} - \AmiUpdXp -> No File <==== ATTENTION
Task: {F9FFB3B5-4844-4BA3-80F5-1FEB7C26B9ED} - \Inst_Rep -> No File <==== ATTENTION
Task: {FA5BAB30-E303-4575-AF1E-3F62E7ACF9F2} - \1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-7 -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForpauli_000.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\windows\Tasks\Launch 5906.job => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATTENTION
Task: C:\windows\Tasks\OKJQVJWHKAAQRNFR.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
Task: C:\windows\Tasks\User_Feed_Synchronization-{04B9E90F-251F-4172-81A6-1ACCE334504E}.job => C:\windows\system32\msfeedssync.exe
Task: C:\windows\Tasks\User_Feed_Synchronization-{97BF5AF6-D346-4412-B19A-879C9F6FBBA8}.job => C:\windows\system32\msfeedssync.exe
Task: C:\windows\Tasks\User_Feed_Synchronization-{C5F881FB-A495-42CB-A304-59516024C554}.job => C:\windows\system32\msfeedssync.exe
Task: C:\windows\Tasks\zcS3EdYjY9p5nRKgHUxt47hB.job => C:\Users\pauli_000\AppData\Roaming\zcS3EdYjY9p5nRKgHUxt47hB.exe <==== ATTENTION
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-09-05 05:22 - 2013-09-05 05:22 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-09-05 05:24 - 2013-09-05 05:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-09-05 05:24 - 2013-09-05 05:24 - 02540544 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-09-05 05:21 - 2013-09-05 05:21 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-09-05 05:21 - 2013-09-05 05:21 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-09-05 05:21 - 2013-09-05 05:21 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-09-05 05:36 - 2013-09-05 05:36 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-09-05 05:36 - 2013-09-05 05:36 - 01298832 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2013-09-05 05:31 - 2013-09-05 05:31 - 00064000 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2013-06-05 15:51 - 2013-06-05 15:51 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-16 13:03 - 2015-08-16 13:03 - 00098816 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\win32api.pyd
2015-08-16 13:03 - 2015-08-16 13:03 - 00110080 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\pywintypes27.dll
2015-08-16 13:03 - 2015-08-16 13:03 - 00364544 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\pythoncom27.dll
2015-08-16 13:03 - 2015-08-16 13:03 - 00045568 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\_socket.pyd
2015-08-16 13:03 - 2015-08-16 13:03 - 01161216 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\_ssl.pyd
2015-08-16 13:03 - 2015-08-16 13:03 - 00320512 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\win32com.shell.shell.pyd
2015-08-16 13:03 - 2015-08-16 13:03 - 00713216 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\_hashlib.pyd
2015-08-16 13:03 - 2015-08-16 13:03 - 01176576 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\wx._core_.pyd
2015-08-16 13:03 - 2015-08-16 13:03 - 00806400 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\wx._gdi_.pyd
2015-08-16 13:03 - 2015-08-16 13:03 - 00816128 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\wx._windows_.pyd
2015-08-16 13:03 - 2015-08-16 13:03 - 01067008 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\wx._controls_.pyd
2015-08-16 13:03 - 2015-08-16 13:03 - 00733184 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\wx._misc_.pyd
2015-08-16 13:03 - 2015-08-16 13:03 - 00682496 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\pysqlite2._sqlite.pyd
2015-08-16 13:03 - 2015-08-16 13:03 - 00087552 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\_ctypes.pyd
2015-08-16 13:03 - 2015-08-16 13:03 - 00119808 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\win32file.pyd
2015-08-16 13:03 - 2015-08-16 13:03 - 00108544 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\win32security.pyd
2015-08-16 13:03 - 2015-08-16 13:03 - 00007168 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\hashobjs_ext.pyd
2015-08-16 13:03 - 2015-08-16 13:03 - 00068096 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\usb_ext.pyd
2015-08-16 13:03 - 2015-08-16 13:03 - 00167936 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\win32gui.pyd
2015-08-16 13:03 - 2015-08-16 13:03 - 00018432 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\win32event.pyd
2015-08-16 13:03 - 2015-08-16 13:03 - 00128512 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\_elementtree.pyd
2015-08-16 13:03 - 2015-08-16 13:03 - 00127488 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\pyexpat.pyd
2015-08-16 13:03 - 2015-08-16 13:03 - 00013824 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\common.time34.pyd
2015-08-16 13:03 - 2015-08-16 13:03 - 00036864 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\_psutil_windows.pyd
2015-08-16 13:03 - 2015-08-16 13:03 - 00038912 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\win32inet.pyd
2015-08-16 13:03 - 2015-08-16 13:03 - 00011264 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\win32crypt.pyd
2015-08-16 13:03 - 2015-08-16 13:03 - 00077312 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\wx._html2.pyd
2015-08-16 13:03 - 2015-08-16 13:03 - 00027136 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\_multiprocessing.pyd
2015-08-16 13:03 - 2015-08-16 13:03 - 00020480 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\_yappi.pyd
2015-08-16 13:03 - 2015-08-16 13:03 - 00035840 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\win32process.pyd
2015-08-16 13:03 - 2015-08-16 13:03 - 00686080 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\unicodedata.pyd
2015-08-16 13:03 - 2015-08-16 13:03 - 00123392 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\wx._wizard.pyd
2015-08-16 13:03 - 2015-08-16 13:03 - 00024064 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\win32pipe.pyd
2015-08-16 13:03 - 2015-08-16 13:03 - 00010240 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\select.pyd
2015-08-16 13:03 - 2015-08-16 13:03 - 00025600 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\win32pdh.pyd
2015-08-16 13:03 - 2015-08-16 13:03 - 00525640 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\windows._lib_cacheinvalidation.pyd
2015-08-16 13:03 - 2015-08-16 13:03 - 00017408 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\win32profile.pyd
2015-08-16 13:03 - 2015-08-16 13:03 - 00022528 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\win32ts.pyd
2015-08-16 13:03 - 2015-08-16 13:03 - 00078848 _____ () C:\Users\Web\AppData\Local\Temp\_MEI27922\wx._animate.pyd
2015-08-11 15:15 - 2015-08-07 19:13 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\libglesv2.dll
2015-08-11 15:15 - 2015-08-07 19:13 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\aklyk_000\OneDrive:ms-properties
AlternateDataStreams: C:\Users\halca_000\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\mooke_000\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\pauli_000\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Web\SkyDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Uiviuuj => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WeWatcherProxy => ""="service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2744511804-60897879-1795108344-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Web\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\20130104_180917.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\StartupFolder: => "QuickBooks_Standard_21.lnk"
HKLM\...\StartupApproved\Run32: => "Intuit SyncManager"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "QHSafeTray"
HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_E2EFA8B57D860A85EE2AA41549A6F263"
HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_E79404C9801F5F746CB0082314E75BDB"
HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\StartupApproved\Run: => "Spotify Web Helper"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{BE1E032E-59FB-4FD6-A4A7-7483640A14E2}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{6C1223DF-C175-4620-A10F-C10F3B53ADAD}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{10B96B04-F60E-4B27-B2AD-4DE58C0EA43D}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{9F21A3C9-C90F-412A-9567-272759693CAD}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{3B76E4E5-879F-4B5D-AECA-CF7E92170C41}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{C57BDA63-9FB1-4F0C-AE36-8EE96FEC22E3}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{3924102E-FF6B-4B83-8814-FF88FE11AB7A}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{EE574B00-7BF6-4DFD-B2F8-1EA49608A5E0}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{21E7021B-C5C7-45D1-9975-5787D14A44AA}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{F3F991D2-D911-444E-9CC4-F7D3C824850D}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{FA8134FB-7A4D-47F5-A745-EE21B2EC71DC}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{8FB586B4-6047-4608-92D9-9E3CCFE444C4}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{444EDE6B-1312-4115-9DAD-A4FBBD5FEC71}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{92EC95E1-E446-4F0A-B9BD-FE619836FF0C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{31C6EA78-FDCA-4EAA-9EF3-329774323E6E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B9C2440C-FDD9-4CA8-8CBE-1CB5A7317482}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B70D192F-164B-4D05-BFA2-0DBC6CFA4CFD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6A9CCDF5-CA09-4A3C-91FD-4C1821F5C087}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{AAFEF149-C6A9-42A0-9506-71ECA24DCE2B}] => (Allow) LPort=2869
FirewallRules: [{74072E8C-EBBF-4990-BF8D-DF3F0A70705B}] => (Allow) LPort=1900
FirewallRules: [{1EDB488B-DE61-4A08-82F1-AF2EAC89C7F0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{89535837-6E40-4ADA-8F67-1E2DD36A4CB1}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{5A739BBF-C1B7-48D1-9985-0BB27D4010A7}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{525541B4-294B-4B11-B9BC-BBBC03578BD0}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [TCP Query User{1EA3B08A-E61D-4829-BC45-B4DC73A5FDD6}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [uDP Query User{F48061BA-97D0-489B-AC9A-CCB9334B4354}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{F5176B49-2ACD-4BB1-8592-4DD49D3ACB5B}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{D4094727-9CBC-47C6-B0B1-5D092972F3B8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2C5E364E-0036-43E7-918F-86DECA98A4BE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{B981B08B-F1AB-4565-A371-17A30D1194A0}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [uDP Query User{D4AD9723-A924-495C-BE4A-EA66A99F63C4}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{EE817AAF-9D62-4E65-B3FC-CD8076B76F33}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{E58FC6A6-9307-4280-AE24-E6FBE2557067}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{5D82F2EC-1AC8-4525-B30D-815A5BC40ABA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{82397B22-92B9-40D2-968A-1346D1068248}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [TCP Query User{348FADAE-611E-4D3B-972C-4009B959179B}C:\users\web\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\web\appdata\roaming\spotify\spotify.exe
FirewallRules: [uDP Query User{691D1B52-7F3E-429D-B119-5045A9A1B313}C:\users\web\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\web\appdata\roaming\spotify\spotify.exe
FirewallRules: [{C3783617-F9FA-4489-8F55-5FAF1087501F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{89F398C4-5795-4A80-99E8-DAD027657813}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1012B0E9-788E-4339-9C2A-BE8C02A486C7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fistful of Frags\sdk\hl2.exe
FirewallRules: [{E02EFE82-455B-403A-B91A-9D6A2DA8808D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fistful of Frags\sdk\hl2.exe
FirewallRules: [{43A590CA-716F-4AA6-AB24-87220381B8C6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amazing World\AmazingWorld.exe
FirewallRules: [{5D29A9F9-8BA5-4C4A-92C5-84B0A50465F7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amazing World\AmazingWorld.exe
FirewallRules: [{221B49BD-A410-48E8-B140-424CCC2440D2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Ironclad Tactics\Game.exe
FirewallRules: [{3A2DD2E1-9E24-471A-B203-73912278E14C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Ironclad Tactics\Game.exe
FirewallRules: [{F89D39A6-DC4C-43B0-9EC0-7BD15F51AC36}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{8A1B8B18-0018-49E5-9CCF-EB74958EFB24}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{2FE4DCD9-2BFF-486F-8DC1-C6883E0E5429}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{2A644A87-A2F6-4E2A-8035-79120CF19975}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{D8D74176-1369-4708-871A-96F934B4721D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [{678696E1-881B-41B6-98C6-0F2273D2FB45}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [TCP Query User{A424A491-10EC-4397-9036-A4AF203ACDCD}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Block) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [uDP Query User{1702F69E-EC27-4497-9A9F-1F340057E704}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Block) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [{09460DCB-E59D-4E82-A97E-CEC470617064}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CastleCrashers\castle.exe
FirewallRules: [{40BAAC17-672F-464B-9974-D798C2E01F94}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CastleCrashers\castle.exe
FirewallRules: [TCP Query User{D95210E3-F88C-42E9-9E62-9845D4AD4E1A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [uDP Query User{97466C1C-29D4-46C9-AC35-79130A4F6726}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{8F359B21-2B49-4AEE-B13C-37F3737B64D6}C:\users\halca_000\appdata\local\torch\plugins\hola\hola_plugin_x64.exe] => (Block) C:\users\halca_000\appdata\local\torch\plugins\hola\hola_plugin_x64.exe
FirewallRules: [uDP Query User{55A79EF8-E449-4FD7-BA63-8A3793F40977}C:\users\halca_000\appdata\local\torch\plugins\hola\hola_plugin_x64.exe] => (Block) C:\users\halca_000\appdata\local\torch\plugins\hola\hola_plugin_x64.exe
FirewallRules: [TCP Query User{98090451-32DD-4F8A-B7CF-FAA2BE92F7C4}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [uDP Query User{9DEDF3CC-69A8-4A87-889C-E051C9491E83}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{A154DEA0-1C43-48CB-B038-A2BA083EB563}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{BFE7530C-ED5C-43BB-A6F6-3ADF9E0321C6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{15DA8999-AE5B-4135-AD60-611722DED198}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{20AAF40E-6C7C-41F6-9272-94D36DCA31CF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{2E67CEE6-3D5A-41C8-B6B9-CB1225C49A1B}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exe
FirewallRules: [{3768047C-8401-44D7-A71D-4CEA5EC5CB33}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exe
FirewallRules: [{2D18C3D6-C6EC-4FA0-8B77-14B407A3AD10}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Brick-Force ROW\InfernumLogin.exe
FirewallRules: [{255D589D-92C3-4FB9-82BF-3795907FB15C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Brick-Force ROW\InfernumLogin.exe
FirewallRules: [{E35E1444-0683-4C26-8FD0-B8CE7F61ADC7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{415E1660-48A4-407E-8E1C-B5BB0AACF8D5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{7AB15407-B9B8-4472-A690-EA49B72CC04C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\X Rebirth\XRebirth.exe
FirewallRules: [{B139A4E7-FB00-4F8E-ADCA-0EB4ABE350BE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\X Rebirth\XRebirth.exe
FirewallRules: [TCP Query User{526B8273-C4F4-44B1-906F-4D5A3097A7B9}C:\program files (x86)\360\total security\safemon\qhsafetray.exe] => (Block) C:\program files (x86)\360\total security\safemon\qhsafetray.exe
FirewallRules: [uDP Query User{2B8FC484-6980-4DBF-91EE-B16E52BDB45B}C:\program files (x86)\360\total security\safemon\qhsafetray.exe] => (Block) C:\program files (x86)\360\total security\safemon\qhsafetray.exe
FirewallRules: [{4FB6E1EB-8AEC-44ED-BB51-6FCB840577D4}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{0920CB87-0C21-4262-A320-338716A9F521}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{A86BE10F-5A0C-48C6-82F1-D1DB59AFD214}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{23BA47CE-BC10-434E-85FE-1639C088E876}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{1469C652-B59B-4C0D-A1F3-E9F74F72DACB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{630A237A-BC7D-44C2-B623-0B667376B8D7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [TCP Query User{F6A1232D-BCC5-417E-A635-56AB4D7FFE68}C:\windows\system32\javaw.exe] => (Block) C:\windows\system32\javaw.exe
FirewallRules: [uDP Query User{A7893E4C-D812-4632-A5FA-9F92A65E3535}C:\windows\system32\javaw.exe] => (Block) C:\windows\system32\javaw.exe
FirewallRules: [{C69D7EA4-445A-4D4D-BC47-82162F1B94FC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{3209999A-DD0C-499D-9634-0CD7A2904764}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [TCP Query User{FACE13ED-1822-4F9C-9ADA-27348FED87B1}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [uDP Query User{12DC88B8-9874-46E5-B91E-BF80226DB761}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{FCB323AE-08ED-48EE-8606-CBC0060C1211}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{2FB3D3BC-DD3F-43BD-9B1E-653D587AC663}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TimeClickers\TimeClickers.exe
FirewallRules: [{CBC476DF-EAE8-49C4-B2C6-ED74ECCE47FA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TimeClickers\TimeClickers.exe
FirewallRules: [{E28ADC6C-A414-409C-B2AA-34FA8A47D480}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Spooky's House of Jump Scares\SPOOKY.exe
FirewallRules: [{C8A2EC8C-C62B-4636-BF0A-358D5494EE40}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Spooky's House of Jump Scares\SPOOKY.exe
FirewallRules: [{0C63C7CA-46EB-41AD-9F27-F70A9D069687}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mitos.is The Game\Mitosis.exe
FirewallRules: [{01F669C7-E877-489E-BBA1-C0846B280700}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mitos.is The Game\Mitosis.exe
FirewallRules: [{17F9E0E3-F7E5-4021-B34F-0DEB8C88AFD6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Trove\GlyphClient.exe
FirewallRules: [{4A741EC4-930E-4D7C-9BEB-49E47C87ED11}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Trove\GlyphClient.exe
FirewallRules: [{807E8FA7-2211-4C20-AFA5-5DB11331B6BA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{77AE47F7-DABB-48F6-8AB3-C5F5B474B0A3}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{7519E145-7F27-4FA3-B832-1ADB1F50A55E}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter
Description: Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/16/2015 01:08:23 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2115-07-23T18:08:22Z. Error Code: 0x80040154.
 
Error: (08/16/2015 01:07:52 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2115-07-23T18:07:52Z. Error Code: 0x80040154.
 
Error: (08/16/2015 01:07:22 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2115-07-23T18:07:22Z. Error Code: 0x80040154.
 
Error: (08/16/2015 01:06:52 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2115-07-23T18:06:52Z. Error Code: 0x80040154.
 
Error: (08/16/2015 01:06:22 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2115-07-23T18:06:22Z. Error Code: 0x80040154.
 
Error: (08/16/2015 01:05:52 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2115-07-23T18:05:52Z. Error Code: 0x80040154.
 
Error: (08/16/2015 01:05:22 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2115-07-23T18:05:22Z. Error Code: 0x80040154.
 
Error: (08/16/2015 01:01:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 030260~1.EXE, version: 7.8.712.2, time stamp: 0x5321d133
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x676f7250
Faulting process id: 0x608
Faulting application start time: 0x030260~1.EXE0
Faulting application path: 030260~1.EXE1
Faulting module path: 030260~1.EXE2
Report Id: 030260~1.EXE3
Faulting package full name: 030260~1.EXE4
Faulting package-relative application ID: 030260~1.EXE5
 
Error: (08/16/2015 01:00:24 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2115-07-23T18:00:24Z. Error Code: 0x80040154.
 
Error: (08/16/2015 12:59:54 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2115-07-23T17:59:54Z. Error Code: 0x80040154.
 
 
System errors:
=============
Error: (08/16/2015 01:08:47 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error: 
%%10106
 
Error: (08/16/2015 01:06:16 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {4991D34B-80A1-4291-83B6-3328366B9097}
 
Error: (08/16/2015 01:04:47 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error: (08/16/2015 01:04:16 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Background Intelligent Transfer Service service terminated with the following service-specific error: 
%%2147952506
 
Error: (08/16/2015 01:04:16 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT AUTHORITY)
Description: The BITS service failed to start.  Error 2147952506.
 
Error: (08/16/2015 01:03:55 PM) (Source: WMPNetworkSvc) (EventID: 14348) (User: )
Description: 0x80070057
 
Error: (08/16/2015 01:03:55 PM) (Source: WMPNetworkSvc) (EventID: 14323) (User: )
Description: WMPNetworkSvc0xc00d4268
 
Error: (08/16/2015 01:03:55 PM) (Source: WMPNetworkSvc) (EventID: 14348) (User: )
Description: 0x80070057
 
Error: (08/16/2015 01:03:55 PM) (Source: WMPNetworkSvc) (EventID: 14323) (User: )
Description: WMPNetworkSvc0xc00d4268
 
Error: (08/16/2015 01:03:55 PM) (Source: WMPNetworkSvc) (EventID: 14348) (User: )
Description: 0x80070057
 
 
Microsoft Office:
=========================
 
CodeIntegrity:
===================================
  Date: 2015-08-16 12:57:28.085
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-16 12:57:27.074
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-16 12:57:25.998
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-16 12:57:24.762
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-16 12:57:24.025
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-16 12:57:23.075
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-16 12:57:22.325
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-16 12:57:21.207
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-16 12:57:20.400
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-16 12:57:19.016
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD A6-5200 APU with Radeon HD Graphics 
Percentage of memory in use: 36%
Total physical RAM: 5580.01 MB
Available physical RAM: 3534.62 MB
Total Virtual: 11212.01 MB
Available Virtual: 8727.28 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:914.57 GB) (Free:626.43 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:15.46 GB) (Free:1.92 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: CE011A0D)
 
Partition: GPT.
 
==================== End of log ============================
Link to post
Share on other sites

Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.

Run FRST.exe/FRST64.exe and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

==============================

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program that may have been targeted by mistake.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are either adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Next..................

Download zoek.exe to your Desktop:

http://hijackthis.nl/smeenk/

Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications Here

http://www.bleepingcomputer.com/forums/topic114351.html

On Windows Vista, 7, and 8, right-click Zoek.exe and select: Run as Administrator

Give it a few seconds to appear

Next, copy/paste the entire script inside the codebox below to the input field of Zoek:

autoclean;

emptyalltemp;

emptyclsid;

Now...

Close any open programs.

Click the Run script button, and wait. It takes a few minutes to run.

When the tool finishes, the zoek-results.log is opened in Notepad.

The log is also found on the systemdrive, normally C:\

If a reboot is needed, the log is opened after the reboot.

===============================

Update and run a scan with Malwarebytes

MrC

fixlist.txt

Link to post
Share on other sites

I ran AdwCleaner.exe. Still getting popup ads and mystery redirects on links. 

 

AdwCleaner[C1].txt posted below. Moving on to the zoek.exe step. 

 

# AdwCleaner v5.000 - Logfile created 16/08/2015 at 15:09:09
# Updated 14/08/2015 by Xplode
# Database : 2015-08-14.3 [Local]
# Operating system : Windows 8.1  (x64)
# Username : Web - JEFFERSON
# Running from : C:\Users\Web\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\ftb
[-] Folder Deleted : C:\Program Files (x86)\globalUpdate
[-] Folder Deleted : C:\Program Files (x86)\Iminent
[-] Folder Deleted : C:\Program Files (x86)\Games Bot
[-] Folder Deleted : C:\Program Files (x86)\app_setup
[-] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[-] Folder Deleted : C:\Program Files (x86)\Common Files\Umbrella
[-] Folder Deleted : C:\ProgramData\SearchModule
[-] Folder Deleted : C:\ProgramData\torchcrashhandler
[-] Folder Deleted : C:\ProgramData\{8a7ebbef-ee3a-aeaf-8a7e-ebbefee3efbf}
[-] Folder Deleted : C:\Users\aklyk_000\AppData\LocalLow\AVG SafeGuard toolbar
[-] Folder Deleted : C:\Users\halca_000\AppData\Local\torch
[-] Folder Deleted : C:\Users\halca_000\AppData\LocalLow\AVG SafeGuard toolbar
[-] Folder Deleted : C:\Users\halca_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch
[-] Folder Deleted : C:\Users\mooke_000\AppData\Local\BrowserHelper
[-] Folder Deleted : C:\Users\mooke_000\AppData\Local\Games Bot
[-] Folder Deleted : C:\Users\mooke_000\AppData\LocalLow\AVG SafeGuard toolbar
[-] Folder Deleted : C:\Users\pauli_000\AppData\Local\globalUpdate
[-] Folder Deleted : C:\Users\pauli_000\AppData\Local\torch
[-] Folder Deleted : C:\Users\pauli_000\AppData\Local\SmartWeb
[-] Folder Deleted : C:\Users\pauli_000\AppData\Local\Games Bot
[-] Folder Deleted : C:\Users\pauli_000\AppData\Local\A6C6C989-1439497946-BC3E-14FC-D623B3EBFD98
[-] Folder Deleted : C:\Users\pauli_000\AppData\LocalLow\SmartWeb
[-] Folder Deleted : C:\Users\pauli_000\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
[-] Folder Deleted : C:\Users\pauli_000\AppData\Roaming\Store
[-] Folder Deleted : C:\Users\pauli_000\AppData\Roaming\WTools
[-] Folder Deleted : C:\Users\pauli_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bubble Dock
[-] Folder Deleted : C:\Users\pauli_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
[-] Folder Deleted : C:\Users\pauli_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games Bot
[-] Folder Deleted : C:\Users\Web\AppData\Local\BrowserHelper
[-] Folder Deleted : C:\Users\Web\AppData\Local\Games Bot
[-] Folder Deleted : C:\Users\Web\AppData\LocalLow\AVG SafeGuard toolbar
 
***** [ Files ] *****
 
[-] File Deleted : C:\END
[-] File Deleted : C:\Program Files (x86)\uninstaller.exe
[-] File Deleted : C:\Program Files\Common Files\System\SysMenu.dll
[-] File Deleted : C:\Program Files\Common Files\System\SysMenu64.dll
[-] File Deleted : C:\Users\aklyk_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nociobghckdhokecfeajdpimjeapnopn_0.localstorage
[-] File Deleted : C:\Users\aklyk_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_adpeheiliennogfclcgmchdfdmafjegc_0.localstorage
[-] File Deleted : C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nociobghckdhokecfeajdpimjeapnopn_0.localstorage
[-] File Deleted : C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_peglehonblabfemopkgmfcpofbchegcl_0.localstorage
[-] File Deleted : C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_peglehonblabfemopkgmfcpofbchegcl_0.localstorage-journal
[-] File Deleted : C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\peglehonblabfemopkgmfcpofbchegcl
[-] File Deleted : C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_adpeheiliennogfclcgmchdfdmafjegc_0.localstorage
[-] File Deleted : C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_home.tb.ask.com_0.localstorage
[-] File Deleted : C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_home.tb.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.tb.ask.com_0.localstorage
[-] File Deleted : C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.tb.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
[-] File Deleted : C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.search.ask.com_0.localstorage
[-] File Deleted : C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.search.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.search.ask.com_0.localstorage
[-] File Deleted : C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.search.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\halca_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk
[-] File Deleted : C:\Users\halca_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Torch.lnk
[-] File Deleted : C:\Users\halca_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
[-] File Deleted : C:\Users\halca_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
[-] File Deleted : C:\Users\halca_000\Desktop\Facebook.lnk
[-] File Deleted : C:\Users\halca_000\Desktop\Free Games.lnk
[-] File Deleted : C:\Users\halca_000\Desktop\Torch.lnk
[-] File Deleted : C:\Users\halca_000\Desktop\Youtube.lnk
[-] File Deleted : C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nociobghckdhokecfeajdpimjeapnopn_0.localstorage
[-] File Deleted : C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_adpeheiliennogfclcgmchdfdmafjegc_0.localstorage
[-] File Deleted : C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.search.ask.com_0.localstorage
[-] File Deleted : C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.search.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fraps.en.softonic.com_0.localstorage
[-] File Deleted : C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fraps.en.softonic.com_0.localstorage-journal
[-] File Deleted : C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
[-] File Deleted : C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.search.ask.com_0.localstorage
[-] File Deleted : C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.search.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\pauli_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nociobghckdhokecfeajdpimjeapnopn_0.localstorage
[-] File Deleted : C:\Users\pauli_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_adpeheiliennogfclcgmchdfdmafjegc_0.localstorage
[-] File Deleted : C:\Users\pauli_000\Desktop\Continue Live Installation.lnk
[-] File Deleted : C:\Users\pauli_000\Desktop\YTDownloader.lnk
[-] File Deleted : C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nociobghckdhokecfeajdpimjeapnopn_0.localstorage
[-] File Deleted : C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_adpeheiliennogfclcgmchdfdmafjegc_0.localstorage
 
***** [ Shortcuts ] *****
 
[-] Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
[-] Shortcut Disinfected : C:\Users\mooke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome .lnk
[-] Shortcut Disinfected : C:\Users\mooke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefox .lnk
[-] Shortcut Disinfected : C:\Users\mooke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Iexplore .lnk
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : Smp
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
[-] Key Deleted : HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\SysMenuExt
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\SysMenu.DLL
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\smu.exe
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WeWatcherProxy
[-] Key Deleted : HKLM\SOFTWARE\f6a6a069-13a3-4cef-bb58-829aca7aa7f2
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D813D5BB-EBC7-45F9-B8A4-36A305168069}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{020B1D4B-5738-4C77-9E19-4F173DD9B486}
[-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Compete
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate
[-] Key Deleted : HKLM\SOFTWARE\NpApp
[-] Key Deleted : HKLM\SOFTWARE\SearchModule
[-] Key Deleted : HKLM\SOFTWARE\Br MediaPlayer
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00B2-0409-0000-0000000FF1CE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\YTDownloader
[-] Key Deleted : [x64] HKLM\SOFTWARE\SearchModule
[-] Key Deleted : [x64] HKLM\SOFTWARE\WebBar
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
 
***** [ Web browsers ] *****
 
[-] [C:\Users\aklyk_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : aol.com
[-] [C:\Users\aklyk_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : ask.com
[-] [C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : aol.com
[-] [C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : ask.com
[-] [C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : zelda-adventure-for-minecraft.en.softonic.com
[-] [C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : vosteran.com
[-] [C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_15_01_other&cd=2XzuyEtN2Y1L1Qzu0AtD0DtA0CtCtC0C0C0E0E0C0FzzyDzztN0D0Tzu0StCtDzyyDtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyDyCzytA0FtDtDtGyD0FtByDtGyBzytCtDtGtDyE0B0AtGtAyEtCtB0C0D0B0EtAzz0Dzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0D0AyD0AyD0ByCtGtB0CyE0CtGyEyCyDyBtGzytAyDzztGzyzyzyzz0D0ByB0CzytDtByE2Q&cr=1090904794&ir=
[-] [C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [startup_URLs] Deleted : hxxp://Vosteran.com/?f=7&a=vst_ggfc_15_01_other&cd=2XzuyEtN2Y1L1Qzu0AtD0DtA0CtCtC0C0C0E0E0C0FzzyDzztN0D0Tzu0StCtDzyyDtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyDyCzytA0FtDtDtGyD0FtByDtGyBzytCtDtGtDyE0B0AtGtAyEtCtB0C0D0B0EtAzz0Dzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0D0AyD0AyD0ByCtGtB0CyE0CtGyEyCyDyBtGzytAyDzztGzyzyzyzz0D0ByB0CzytDtByE2Q&cr=1090904794&ir=
[-] [C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : aol.com
[-] [C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : ask.com
[-] [C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : search.ask.com
[-] [C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : fraps.en.softonic.com
[-] [C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : start.iminent.com
[-] [C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Deleted : hxxp://www.iminent.com/Content/Images/favicon.ico?2fdde4
[-] [C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxp://start.iminent.com/?appId=92282980-be3c-46df-892d-3602649bd79a&ref=toolbox&q={searchTerms}
[-] [C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://start.iminent.com/?appId=92282980-be3c-46df-892d-3602649bd79a
[-] [C:\Users\pauli_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : aol.com
[-] [C:\Users\pauli_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : netflix.com
[-] [C:\Users\pauli_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : search.ask.com
[-] [C:\Users\pauli_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : ask.com
[-] [C:\Users\pauli_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxp://www-searching.com/search.aspx?site=shyos&prd=set&q={searchTerms}&s=F8Ezamobl03687,036dcff6-27d7-4930-8c92-47349eb37067
[-] [C:\Users\pauli_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www-searching.com/?pid=s&s=F8Ezamobl03687,036dcff6-27d7-4930-8c92-47349eb37067&vp=ch&prd=set
[-] [C:\Users\pauli_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [startup_URLs] Deleted : hxxp://www-searching.com/?pid=s&s=F8Ezamobl03687,036dcff6-27d7-4930-8c92-47349eb37067&vp=ch&prd=set
 
*************************
 
:: Proxy settings cleared
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner[C1].txt - [18321 octets] - [16/08/2015 15:09:09]
C:\AdwCleaner[s1].txt - [17836 octets] - [16/08/2015 15:05:17]
 
########## EOF - C:\AdwCleaner[C1].txt - [18449 octets] ##########
Link to post
Share on other sites

zoek.exe log: 

 

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Web on Sun 08/16/2015 at 15:30:15.53.
Microsoft Windows 8.1 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Web\Desktop\zoek.exe [scan all users] [script inserted] 
 
===== Runcheck 15:33:53.02 =====
 
--- Create Environment Variables 15:33:55.35 
--- Create System Restore Point 15:34:17.82 
--- Checking Input 15:34:21.71 
--- AU AppData Check 15:34:33.55 
--- Remove From Windows Installer 15:34:38.21 
--- Empty Folders Check 15:36:32.10 
--- Registry HKLM Software Check 15:36:32.18 
--- Quick Launch Shortcut Check 15:36:55.55 
--- IE Startpage Check 15:37:00.19 
Link to post
Share on other sites

I need to see the log from the FRST fix

===========================

Still getting popup ads and mystery redirects on links.

What browser???

===============================

Please re-scan with FRST and Make sure the Addition Box is checked.

http://www.fixitpc.pl/picasso/images/malware/tools/frst/frst_win05.png

Post or attach the 2 logs FRST.txt and Addition.txt

MrC

Link to post
Share on other sites

Here is the fixlog.txt from FRST. 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:16-08-2015
Ran by Web (2015-08-16 16:12:30) Run:1
Running from C:\Users\Web\Desktop
Loaded Profiles: Web (Available Profiles: Web & pauli_000 & mooke_000 & halca_000 & aklyk_000)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
AppInit_DLLs: C:\ProgramData\FlashBeat\FlashBeat64.dll => C:\ProgramData\FlashBeat\FlashBeat64.dll File not found
AppInit_DLLs-x32: C:\ProgramData\FlashBeat\FlashBeat32.dll => "C:\ProgramData\FlashBeat\FlashBeat32.dll" File not found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\ProgramData\FlashBeat
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Winsock: Catalog9-x64 01 C:\windows\system32\WeWatcherLSP64.dll File Not ' & $found1 & '
Winsock: Catalog9-x64 02 C:\windows\system32\WeWatcherLSP64.dll File Not ' & $found1 & '
Winsock: Catalog9-x64 03 C:\windows\system32\WeWatcherLSP64.dll File Not ' & $found1 & '
Winsock: Catalog9-x64 04 C:\windows\system32\WeWatcherLSP64.dll File Not ' & $found1 & '
Winsock: Catalog9-x64 05 C:\windows\system32\Uiviuuj64.dll File Not ' & $found1 & '
Winsock: Catalog9-x64 06 C:\windows\system32\Uiviuuj64.dll File Not ' & $found1 & '
Winsock: Catalog9-x64 07 C:\windows\system32\Uiviuuj64.dll File Not ' & $found1 & '
Winsock: Catalog9-x64 08 C:\windows\system32\Uiviuuj64.dll File Not ' & $found1 & '
Winsock: Catalog9-x64 19 C:\windows\system32\Uiviuuj64.dll File Not ' & $found1 & '
Winsock: Catalog9-x64 20 C:\windows\system32\WeWatcherLSP64.dll File Not ' & $found1 & '
cmd: netsh winsock reset
CHR HKU\S-1-5-21-2744511804-60897879-1795108344-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.goo...ice/update2/crx
S3 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
S4 McMPFSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
S1 gaeymoun; \??\C:\windows\system32\drivers\gaeymoun.sys [X]
S1 gilobxrb; \??\C:\windows\system32\drivers\gilobxrb.sys [X]
S1 ktoqvcqe; \??\C:\windows\system32\drivers\ktoqvcqe.sys [X]
S1 rixyksrm; \??\C:\windows\system32\drivers\rixyksrm.sys [X]
2015-08-15 10:12 - 2015-08-15 10:12 - 00001968 _____ C:\Users\pauli_000\Desktop\YTDownloader.lnk
2015-08-15 10:12 - 2015-08-15 10:12 - 00000000 ____D C:\Users\pauli_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
C:\Users\mooke_000\AppData\Local\Temp\SkypeSetup.exe
C:\Users\pauli_000\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Web\AppData\Local\Temp\Abspdf.exe
C:\Users\Web\AppData\Local\Temp\acfpdfu.dll
C:\Users\Web\AppData\Local\Temp\acfpdfuamd64.dll
C:\Users\Web\AppData\Local\Temp\acfpdfui.dll
C:\Users\Web\AppData\Local\Temp\acfpdfuia64.dll
C:\Users\Web\AppData\Local\Temp\acfpdfuiamd64.dll
C:\Users\Web\AppData\Local\Temp\acfpdfuiia64.dll
C:\Users\Web\AppData\Local\Temp\cdintf.dll
C:\Users\Web\AppData\Local\Temp\converter.exe
C:\Users\Web\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Web\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Web\AppData\Local\Temp\PDFPRT400.exe
C:\Users\Web\AppData\Local\Temp\qqlghddd.dll
C:\Users\Web\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Web\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Web\AppData\Local\Temp\tu17p84.exe
C:\Users\Web\AppData\Local\Temp\xmllite.dll
C:\Program Files (x86)\YTDownloader
C:\windows\Tasks\OKJQVJWHKAAQRNFR.job 
C:\ProgramData\Service1291\Service1291.exe 
C:\windows\Tasks\zcS3EdYjY9p5nRKgHUxt47hB.job 
C:\Users\pauli_000\AppData\Roaming\zcS3EdYjY9p5nRKgHUxt47hB.exe 
AlternateDataStreams: C:\Users\aklyk_000\OneDrive:ms-properties
AlternateDataStreams: C:\Users\halca_000\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\mooke_000\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\pauli_000\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Web\SkyDrive:ms-properties
Task: C:\windows\Tasks\zcS3EdYjY9p5nRKgHUxt47hB.job => C:\Users\pauli_000\AppData\Roaming\zcS3EdYjY9p5nRKgHUxt47hB.exe <==== ATTENTION
Task: C:\windows\Tasks\Launch 5906.job => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATTENTION
Task: C:\windows\Tasks\OKJQVJWHKAAQRNFR.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
Task: {E5B134F3-B2F2-4DEC-BCD4-7D1F119E2737} - \WordSurfer Auto Updater 1.10.0.19 Pending Update -> No File <==== ATTENTION
Task: {E81456EC-E233-4971-8A38-08A91BF7C079} - \1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-5_user -> No File <==== ATTENTION
Task: {F1039C79-C9E6-4CBA-B9BE-6B0F0A3A5069} - \ConsumerInputUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {F23B1A5B-0146-4E50-B83A-0E65D55F8CF3} - \AmiUpdXp -> No File <==== ATTENTION
Task: {F9FFB3B5-4844-4BA3-80F5-1FEB7C26B9ED} - \Inst_Rep -> No File <==== ATTENTION
Task: {FA5BAB30-E303-4575-AF1E-3F62E7ACF9F2} - \1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-7 -> No File <==== ATTENTION
Task: {D8C5C3DA-B014-4EA6-8AD6-C2489B10B7CE} - \UFGIMDA1 -> No File <==== ATTENTION
Task: {D964784B-64D9-4CDA-8E88-82E6376C60A8} - \ConsumerInputUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {B1D11D2D-DEEB-4BFB-A956-2B8FB64C2A3C} - \TunePro360 Updater -> No File <==== ATTENTION
Task: {B706A7B2-9D42-4E31-B0ED-1D4E6DA59441} - \globalUpdateUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {BD7DAA70-092B-4027-B7B0-E3BC5A7F2478} - \Selection Tools Update -> No File <==== ATTENTION
Task: {BE8F0C47-4BA8-459E-B418-526C6F55258F} - \CIMT_daily_S-1-5-21-2744511804-60897879-1795108344-1004 -> No File <==== ATTENTION
Task: {CA2C0F1A-EF1F-4D99-AA62-3274BBB1B9F3} - System32\Tasks\Smp => C:\Program Files\Common Files\Goobzo\GBUpdate\smp.exe <==== ATTENTION
C:\Program Files\Common Files\Goobzo
Task: {7CA7A837-18A0-4220-A9A1-58392070FF63} - \1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-1-6 -> No File <==== ATTENTION
Task: {7626125F-A9AE-4DE0-81D2-4CD57E6801AB} - \CIMT_S-1-5-21-2744511804-60897879-1795108344-1004 -> No File <==== ATTENTION
Task: {77200938-3CE4-4EBB-84E5-2C1A6B3FF06A} - \SMW_UpdateTask_Time_333332393435373737322d2350785732325b6c342a2d45 -> No File <==== ATTENTION
Task: {77CF4BB0-2AE6-4B31-B93A-DB11A592EF9C} - System32\Tasks\OKJQVJWHKAAQRNFR => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
Task: {4D52730F-2073-4DBC-BB6C-3742301CBB9E} - \Superclean -> No File <==== ATTENTION
Task: {53E82944-B0B9-4C85-91AC-92071F7E1FB8} - \SMWUpd -> No File <==== ATTENTION
Task: {5D7FD6F8-DA6C-40D7-A7A7-0FB09A0CE9EC} - \1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-10_user -> No File <==== ATTENTION
Task: {406634BE-2592-40E5-8185-7E60C2FC4AF0} - System32\Tasks\zcS3EdYjY9p5nRKgHUxt47hB => C:\Users\pauli_000\AppData\Roaming\zcS3EdYjY9p5nRKgHUxt47hB.exe <==== ATTENTION
Task: {4523B8B0-4096-4875-8416-87E38CFCBB5D} - \Jarmeee -> No File <==== ATTENTION
C:\Users\pauli_000\AppData\Roaming\zcS3EdYjY9p5nRKgHUxt47hB.exe 
C:\ProgramData\Service1291
Task: {3513DBDC-1C2F-4246-B1AE-EAEA37C895CE} - \WordSurfer Auto Updater 1.10.0.19 Core -> No File <==== ATTENTION
Task: {34250E27-3085-4A85-B311-A33E778664C3} - \1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-3 -> No File <==== ATTENTION
Task: {324F8CF7-2C46-406D-B8A3-3B74DD06E559} - \1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-5 -> No File <==== ATTENTION
Task: {0AE646E2-9F96-4A2F-98ED-782987460702} - \globalUpdateUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {0BC35AC8-DBCA-4F36-A5DA-E53D1F232188} - \1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-1-7 -> No File <==== ATTENTION
Task: {19E2196E-E0F1-4518-84FF-7FD40FFFDF57} - \1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-6 -> No File <==== ATTENTION
Task: {1F795715-7993-4702-A09E-246EC9877C1E} - \WindApp Update -> No File <==== ATTENTION
Task: {20685D58-BC19-48BB-96E5-0EF4CB79BAEF} - \SushiLeads -> No File <==== ATTENTION
Task: {04BC670B-95B0-4AF2-84FB-463F165F917A} - System32\Tasks\A2D4B635-D1D1-4A62-A97D-A44A47B8980 => C:\Users\pauli_000\AppData\Local\A2D4B635-D1D1-4A62-A97D-A44A47B8980\A2D4B635-D1D1-4A62-A97D-A44A47B8980.exe <==== ATTENTION
 
*****************
 
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\YTDownloader => value not found.
"C:\ProgramData\FlashBeat\FlashBeat64.dll" => Value data removed successfully.
"C:\ProgramData\FlashBeat\FlashBeat32.dll" => Value data removed successfully.
"C:\windows\system32\GroupPolicy\Machine" => File/Folder not found.
HKLM\SOFTWARE\Policies\Google => key not found. 
"C:\ProgramData\FlashBeat" => File/Folder not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000019 => key not found. 
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000020 => key not found. 
 
=========  netsh winsock reset =========
 
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
"HKU\S-1-5-21-2744511804-60897879-1795108344-1001\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => key removed successfully
McAPExe => service removed successfully
McMPFSvc => service removed successfully
BAPIDRV => service removed successfully
gaeymoun => service removed successfully
gilobxrb => service removed successfully
ktoqvcqe => service removed successfully
rixyksrm => service removed successfully
"C:\Users\pauli_000\Desktop\YTDownloader.lnk" => File/Folder not found.
"C:\Users\pauli_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader" => File/Folder not found.
"C:\Users\mooke_000\AppData\Local\Temp\SkypeSetup.exe" => File/Folder not found.
"C:\Users\pauli_000\AppData\Local\Temp\UNINSTALL.EXE" => File/Folder not found.
"C:\Users\Web\AppData\Local\Temp\Abspdf.exe" => File/Folder not found.
"C:\Users\Web\AppData\Local\Temp\acfpdfu.dll" => File/Folder not found.
"C:\Users\Web\AppData\Local\Temp\acfpdfuamd64.dll" => File/Folder not found.
"C:\Users\Web\AppData\Local\Temp\acfpdfui.dll" => File/Folder not found.
"C:\Users\Web\AppData\Local\Temp\acfpdfuia64.dll" => File/Folder not found.
"C:\Users\Web\AppData\Local\Temp\acfpdfuiamd64.dll" => File/Folder not found.
"C:\Users\Web\AppData\Local\Temp\acfpdfuiia64.dll" => File/Folder not found.
"C:\Users\Web\AppData\Local\Temp\cdintf.dll" => File/Folder not found.
"C:\Users\Web\AppData\Local\Temp\converter.exe" => File/Folder not found.
"C:\Users\Web\AppData\Local\Temp\DseShExt-x64.dll" => File/Folder not found.
"C:\Users\Web\AppData\Local\Temp\DseShExt-x86.dll" => File/Folder not found.
"C:\Users\Web\AppData\Local\Temp\PDFPRT400.exe" => File/Folder not found.
"C:\Users\Web\AppData\Local\Temp\qqlghddd.dll" => File/Folder not found.
"C:\Users\Web\AppData\Local\Temp\SDShelEx-win32.dll" => File/Folder not found.
"C:\Users\Web\AppData\Local\Temp\SDShelEx-x64.dll" => File/Folder not found.
"C:\Users\Web\AppData\Local\Temp\tu17p84.exe" => File/Folder not found.
"C:\Users\Web\AppData\Local\Temp\xmllite.dll" => File/Folder not found.
"C:\Program Files (x86)\YTDownloader" => File/Folder not found.
C:\windows\Tasks\OKJQVJWHKAAQRNFR.job => moved successfully.
"C:\ProgramData\Service1291\Service1291.exe" => File/Folder not found.
C:\windows\Tasks\zcS3EdYjY9p5nRKgHUxt47hB.job => moved successfully.
"C:\Users\pauli_000\AppData\Roaming\zcS3EdYjY9p5nRKgHUxt47hB.exe" => File/Folder not found.
"C:\Users\aklyk_000\OneDrive" => ":ms-properties" ADS not found.
C:\Users\halca_000\SkyDrive => ":ms-properties" ADS removed successfully.
"C:\Users\mooke_000\SkyDrive" => ":ms-properties" ADS not found.
"C:\Users\pauli_000\SkyDrive" => ":ms-properties" ADS not found.
"C:\Users\Web\SkyDrive" => ":ms-properties" ADS not found.
C:\windows\Tasks\zcS3EdYjY9p5nRKgHUxt47hB.job not found.
C:\windows\Tasks\Launch 5906.job => moved successfully.
C:\windows\Tasks\OKJQVJWHKAAQRNFR.job not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E5B134F3-B2F2-4DEC-BCD4-7D1F119E2737}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5B134F3-B2F2-4DEC-BCD4-7D1F119E2737}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WordSurfer Auto Updater 1.10.0.19 Pending Update => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E81456EC-E233-4971-8A38-08A91BF7C079}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E81456EC-E233-4971-8A38-08A91BF7C079}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-5_user => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F1039C79-C9E6-4CBA-B9BE-6B0F0A3A5069}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1039C79-C9E6-4CBA-B9BE-6B0F0A3A5069}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConsumerInputUpdateTaskMachineUA => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F23B1A5B-0146-4E50-B83A-0E65D55F8CF3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F23B1A5B-0146-4E50-B83A-0E65D55F8CF3}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F9FFB3B5-4844-4BA3-80F5-1FEB7C26B9ED}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F9FFB3B5-4844-4BA3-80F5-1FEB7C26B9ED}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Inst_Rep => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FA5BAB30-E303-4575-AF1E-3F62E7ACF9F2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA5BAB30-E303-4575-AF1E-3F62E7ACF9F2}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-7 => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D8C5C3DA-B014-4EA6-8AD6-C2489B10B7CE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8C5C3DA-B014-4EA6-8AD6-C2489B10B7CE}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UFGIMDA1 => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D964784B-64D9-4CDA-8E88-82E6376C60A8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D964784B-64D9-4CDA-8E88-82E6376C60A8}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConsumerInputUpdateTaskMachineCore => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B1D11D2D-DEEB-4BFB-A956-2B8FB64C2A3C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1D11D2D-DEEB-4BFB-A956-2B8FB64C2A3C}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TunePro360 Updater => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B706A7B2-9D42-4E31-B0ED-1D4E6DA59441}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B706A7B2-9D42-4E31-B0ED-1D4E6DA59441}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BD7DAA70-092B-4027-B7B0-E3BC5A7F2478}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD7DAA70-092B-4027-B7B0-E3BC5A7F2478}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Selection Tools Update => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE8F0C47-4BA8-459E-B418-526C6F55258F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE8F0C47-4BA8-459E-B418-526C6F55258F}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIMT_daily_S-1-5-21-2744511804-60897879-1795108344-1004 => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA2C0F1A-EF1F-4D99-AA62-3274BBB1B9F3} => key not found. 
C:\windows\System32\Tasks\Smp not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Smp => key not found. 
"C:\Program Files\Common Files\Goobzo" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7CA7A837-18A0-4220-A9A1-58392070FF63}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CA7A837-18A0-4220-A9A1-58392070FF63}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-1-6 => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7626125F-A9AE-4DE0-81D2-4CD57E6801AB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7626125F-A9AE-4DE0-81D2-4CD57E6801AB}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIMT_S-1-5-21-2744511804-60897879-1795108344-1004 => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{77200938-3CE4-4EBB-84E5-2C1A6B3FF06A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77200938-3CE4-4EBB-84E5-2C1A6B3FF06A}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_UpdateTask_Time_333332393435373737322d2350785732325b6c342a2d45 => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{77CF4BB0-2AE6-4B31-B93A-DB11A592EF9C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77CF4BB0-2AE6-4B31-B93A-DB11A592EF9C}" => key removed successfully
C:\windows\System32\Tasks\OKJQVJWHKAAQRNFR not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OKJQVJWHKAAQRNFR" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D52730F-2073-4DBC-BB6C-3742301CBB9E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D52730F-2073-4DBC-BB6C-3742301CBB9E}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Superclean => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{53E82944-B0B9-4C85-91AC-92071F7E1FB8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53E82944-B0B9-4C85-91AC-92071F7E1FB8}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMWUpd => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5D7FD6F8-DA6C-40D7-A7A7-0FB09A0CE9EC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D7FD6F8-DA6C-40D7-A7A7-0FB09A0CE9EC}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-10_user => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{406634BE-2592-40E5-8185-7E60C2FC4AF0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{406634BE-2592-40E5-8185-7E60C2FC4AF0}" => key removed successfully
C:\windows\System32\Tasks\zcS3EdYjY9p5nRKgHUxt47hB => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\zcS3EdYjY9p5nRKgHUxt47hB" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4523B8B0-4096-4875-8416-87E38CFCBB5D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4523B8B0-4096-4875-8416-87E38CFCBB5D}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Jarmeee => key not found. 
"C:\Users\pauli_000\AppData\Roaming\zcS3EdYjY9p5nRKgHUxt47hB.exe" => File/Folder not found.
"C:\ProgramData\Service1291" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3513DBDC-1C2F-4246-B1AE-EAEA37C895CE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3513DBDC-1C2F-4246-B1AE-EAEA37C895CE}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WordSurfer Auto Updater 1.10.0.19 Core => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{34250E27-3085-4A85-B311-A33E778664C3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34250E27-3085-4A85-B311-A33E778664C3}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-3 => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{324F8CF7-2C46-406D-B8A3-3B74DD06E559}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{324F8CF7-2C46-406D-B8A3-3B74DD06E559}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-5 => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0AE646E2-9F96-4A2F-98ED-782987460702}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AE646E2-9F96-4A2F-98ED-782987460702}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0BC35AC8-DBCA-4F36-A5DA-E53D1F232188}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0BC35AC8-DBCA-4F36-A5DA-E53D1F232188}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-1-7 => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{19E2196E-E0F1-4518-84FF-7FD40FFFDF57}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19E2196E-E0F1-4518-84FF-7FD40FFFDF57}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1c3056dd-8c5a-4f90-ba31-44b5a103f4b6-6 => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F795715-7993-4702-A09E-246EC9877C1E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F795715-7993-4702-A09E-246EC9877C1E}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WindApp Update => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{20685D58-BC19-48BB-96E5-0EF4CB79BAEF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20685D58-BC19-48BB-96E5-0EF4CB79BAEF}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SushiLeads => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{04BC670B-95B0-4AF2-84FB-463F165F917A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04BC670B-95B0-4AF2-84FB-463F165F917A}" => key removed successfully
C:\windows\System32\Tasks\A2D4B635-D1D1-4A62-A97D-A44A47B8980 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\A2D4B635-D1D1-4A62-A97D-A44A47B8980" => key removed successfully
 
==== End of Fixlog 16:13:21 ====
Link to post
Share on other sites

Here is the log from the re-run of AdwCleaner, it's much shorter this time. Below that is the log from the first run of zoek, the one before I realized I had missed a step. I will re-run zoek and post that log in a separate comment.

 

 

# AdwCleaner v5.000 - Logfile created 16/08/2015 at 16:19:02
# Updated 14/08/2015 by Xplode
# Database : 2015-08-16.2 [server]
# Operating system : Windows 8.1  (x64)
# Username : Web - JEFFERSON
# Running from : C:\Users\Web\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Users\pauli_000\Documents\DailyPCClean
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\peglehonblabfemopkgmfcpofbchegcl
[-] File Deleted : C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : DailyPCClean Schedule
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
 
***** [ Web browsers ] *****
 
 
*************************
 
:: Proxy settings cleared
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner[C1].txt - [18555 octets] - [16/08/2015 15:09:09]
C:\AdwCleaner[C2].txt - [2571 octets] - [16/08/2015 16:19:02]
C:\AdwCleaner[s1].txt - [17836 octets] - [16/08/2015 15:05:17]
C:\AdwCleaner[s2].txt - [2580 octets] - [16/08/2015 16:15:48]
 
########## EOF - C:\AdwCleaner[C2].txt - [2761 octets] ##########
 
 
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Web on Sun 08/16/2015 at 15:30:15.53.
Microsoft Windows 8.1 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Web\Desktop\zoek.exe [scan all users] [script inserted] 
 
==== System Restore Info ======================
 
8/16/2015 3:34:20 PM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\0fbddb10-1b8a-43a6-825a-a4822c5d4b34 deleted successfully
C:\PROGRA~2\6cfea78c-9c9c-4604-995a-762bb7100ee6 deleted successfully
C:\PROGRA~2\A6C6C989-1439515876-BC3E-14FC-D623B3EBFD98 deleted successfully
C:\PROGRA~2\adlevel deleted successfully
C:\PROGRA~2\DailyPCClean deleted successfully
C:\PROGRA~2\DailyPcClean Support deleted successfully
C:\PROGRA~2\DnsIo deleted successfully
C:\PROGRA~2\ServiceUpdater deleted successfully
C:\PROGRA~3\Service1291 deleted successfully
C:\Users\mooke_000\AppData\Roaming\.crazycraft deleted successfully
C:\Users\mooke_000\AppData\Roaming\.electriciansjourney deleted successfully
C:\Users\mooke_000\AppData\Roaming\.heliwars deleted successfully
C:\Users\mooke_000\AppData\Roaming\.mariokart deleted successfully
C:\Users\mooke_000\AppData\Roaming\.morphhidenseek deleted successfully
C:\Users\mooke_000\AppData\Roaming\.mountolympussiege deleted successfully
C:\Users\mooke_000\AppData\Roaming\.vanilla1.5.2 deleted successfully
C:\Users\mooke_000\AppData\Roaming\.vanilla1.6.4 deleted successfully
C:\Users\mooke_000\AppData\Roaming\.vanilla1.7.10 deleted successfully
C:\Users\mooke_000\AppData\Roaming\.vanilla1.7.2 deleted successfully
C:\Users\mooke_000\AppData\Roaming\.vanilla162 deleted successfully
C:\Users\mooke_000\AppData\Roaming\Apple Computer deleted successfully
C:\Users\mooke_000\AppData\Roaming\hpqlog deleted successfully
C:\Users\aklyk_000\AppData\Local\EmieSiteList deleted successfully
C:\Users\aklyk_000\AppData\Local\EmieUserList deleted successfully
C:\Users\aklyk_000\AppData\Local\VirtualStore deleted successfully
C:\Users\halca_000\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\halca_000\AppData\Local\EmieSiteList deleted successfully
C:\Users\halca_000\AppData\Local\EmieUserList deleted successfully
C:\Users\halca_000\AppData\Local\PackageStaging deleted successfully
C:\Users\mooke_000\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\mooke_000\AppData\Local\EmieSiteList deleted successfully
C:\Users\mooke_000\AppData\Local\EmieUserList deleted successfully
C:\Users\mooke_000\AppData\Local\PackageStaging deleted successfully
C:\Users\pauli_000\AppData\Local\A2D4B635-D1D1-4A62-A97D-A44A47B8980 deleted successfully
C:\Users\pauli_000\AppData\Local\CutePDF Writer deleted successfully
C:\Users\pauli_000\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\pauli_000\AppData\Local\EmieSiteList deleted successfully
C:\Users\pauli_000\AppData\Local\EmieUserList deleted successfully
C:\Users\pauli_000\AppData\Local\PackageStaging deleted successfully
C:\Users\pauli_000\AppData\Local\VirtualStore deleted successfully
C:\Users\Web\AppData\Local\CutePDF Writer deleted successfully
C:\Users\Web\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Web\AppData\Local\EmieSiteList deleted successfully
C:\Users\Web\AppData\Local\EmieUserList deleted successfully
C:\Users\Web\AppData\Local\PackageStaging deleted successfully
C:\Users\Web\AppData\Local\VirtualStore deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-2744511804-60897879-1795108344-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFD9007D-B1D0-490C-975A-78475FE8F8DE} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFD9007D-B1D0-490C-975A-78475FE8F8DE} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFD9007D-B1D0-490C-975A-78475FE8F8DE} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~2\0fbddb10-1b8a-43a6-825a-a4822c5d4b34 not found
C:\PROGRA~2\6cfea78c-9c9c-4604-995a-762bb7100ee6 not found
C:\PROGRA~2\A6C6C989-1439515876-BC3E-14FC-D623B3EBFD98 not found
C:\PROGRA~2\adlevel not found
C:\PROGRA~2\DailyPCClean not found
C:\PROGRA~2\DailyPcClean Support not found
C:\PROGRA~2\DnsIo not found
C:\PROGRA~2\ServiceUpdater not found
C:\windows\SysNative\Tasks\OKJQVJWHKAAQRNFR deleted
C:\PROGRA~3\28341ff220e0446c9fff27c4493d622e deleted
C:\Users\pauli_000\AppData\Local\12586 deleted
C:\task.vbs deleted
C:\user.js deleted
C:\Users\halca_000\AppData\Roaming\WB.CFG deleted
C:\Users\pauli_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk deleted
C:\Users\pauli_000\AppData\Roaming\Compete deleted
C:\Users\Web\AppData\Roaming\QBFileDrTool.log deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\pauli_000\AppData\Local\Installer deleted
C:\Users\pauli_000\AppData\Local\CrashRpt deleted
C:\windows\SysNative\config\systemprofile\AppData\Local\WebBar deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\pauli_000\AppData\LocalLow\Company deleted
C:\windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted
C:\windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\windows\Syswow64\GroupPolicy\gpt.ini deleted
"C:\windows\Installer\c76e154.msi" deleted
 
==== Chromium Look ======================
 
Google Chrome Version: 44.0.2403.155
 
 
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[]
 
Chrome Hotword Shared Module - aklyk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Google Cast - mooke_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd
Tampermonkey - mooke_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo
Chrome Hotword Shared Module - mooke_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Chrome Hotword Shared Module - pauli_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Google Drive App Launcher - pauli_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
Google Cast - Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd
User-Agent Switcher for Chrome - Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg
Google News - Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc
Google Voice (by Google) - Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo
Chrome Hotword Shared Module - Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Google Drive App Launcher - Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
Boomerang for Gmail - Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll
 
==== Chromium Startpages ======================
 
C:\Users\aklyk_000\AppData\Local\Google\Chrome\User Data\Default\Preferences
display_name\":\"A5\",\"height_microns\":210000,\"name\":\"ISO_A5\",\"vendor_id\":\"11\",\"width_microns\":148000},{\"custom_display_name\":\"B5 (JIS)\",\"height_microns\":257000,\"name\":\"JIS_B5\",\"vendor_id\":\"13\",\"width_microns\":182000},{\"custom_display_name\":\"Envelope #10\",\"height_microns\":241300,\"name\":\"NA_NUMBER_10\",\"vendor_id\":\"20\",\"width_microns\":104700},{\"custom_display_name\":\"Envelope DL\",\"height_microns\":220000,\"name\":\"ISO_DL\",\"vendor_id\":\"27\",\"width_microns\":110000},{\"custom_display_name\":\"Envelope C6\",\"height_microns\":162000,\"name\":\"ISO_C6\",\"vendor_id\":\"31\",\"width_microns\":114000},{\"custom_display_name\":\"Envelope Monarch\",\"height_microns\":190500,\"name\":\"NA_MONARCH\",\"vendor_id\":\"37\",\"width_microns\":98400},{\"custom_display_name\":\"A6\",\"height_microns\":148000,\"name\":\"ISO_A6\",\"vendor_id\":\"70\",\"width_microns\":105000},{\"custom_display_name\":\"JIS Chou #3\",\"height_microns\":234900,\"name\":\"JPN_CHOU3\",\"vendor_id\":\"119\",\"width_microns\":119900},{\"custom_display_name\":\"JIS Chou #4\",\"height_microns\":204900,\"name\":\"JPN_CHOU4\",\"vendor_id\":\"120\",\"width_microns\":89900},{\"custom_display_name\":\"B5 (ISO)\",\"height_microns\":249900,\"name\":\"ISO_B5\",\"vendor_id\":\"121\",\"width_microns\":176000},{\"custom_display_name\":\"B7 (ISO)\",\"height_microns\":124900,\"name\":\"ISO_B7\",\"vendor_id\":\"122\",\"width_microns\":87800},{\"custom_display_name\":\"B7 (JIS)\",\"height_microns\":128000,\"name\":\"JIS_B7\",\"vendor_id\":\"123\",\"width_microns\":90900},{\"custom_display_name\":\"HV\",\"height_microns\":180000,\"vendor_id\":\"124\",\"width_microns\":101000},{\"custom_display_name\":\"10x15cm\",\"height_microns\":152400,\"name\":\"NA_INDEX_4X6\",\"vendor_id\":\"125\",\"width_microns\":101600},{\"custom_display_name\":\"L 89x127mm\",\"height_microns\":127000,\"vendor_id\":\"129\",\"width_microns\":88900},{\"custom_display_name\":\"2L 127x178mm\",\"height_microns\":178000,\"name\":\"NA_5X7\",\"vendor_id\":\"130\",\"width_microns\":127000},{\"custom_display_name\":\"13x18cm\",\"height_microns\":177800,\"name\":\"NA_5X7\",\"vendor_id\":\"131\",\"width_microns\":127000},{\"custom_display_name\":\"8x10in.\",\"height_microns\":254000,\"name\":\"NA_GOVT_LETTER\",\"vendor_id\":\"133\",\"width_microns\":203200},{\"custom_display_name\":\"Photo card 10x20cm (tab)\",\"height_microns\":203200,\"vendor_id\":\"135\",\"width_microns\":101600},{\"custom_display_name\":\"10x30cm\",\"height_microns\":304800,\"vendor_id\":\"137\",\"width_microns\":101600},{\"custom_display_name\":\"Borderless A4, 210x297mm\",\"height_microns\":296900,\"name\":\"ISO_A4\",\"vendor_id\":\"156\",\"width_microns\":210000},{\"custom_display_name\":\"Borderless cabinet 120x165mm\",\"height_microns\":165100,\"vendor_id\":\"157\",\"width_microns\":119800},{\"custom_display_name\":\"Borderless A6\",\"height_microns\":148000,\"name\":\"ISO_A6\",\"vendor_id\":\"159\",\"width_microns\":104900},{\"custom_display_name\":\"Borderless B5, 182x257mm\",\"height_microns\":257000,\"name\":\"JIS_B5\",\"vendor_id\":\"162\",\"width_microns\":182100},{\"custom_display_name\":\"Card envelope 4.4x6in.\",\"height_microns\":152400,\"vendor_id\":\"165\",\"width_microns\":111100},{\"custom_display_name\":\"Envelope A2\",\"height_microns\":146000,\"name\":\"JPN_CHOU2\",\"vendor_id\":\"166\",\"width_microns\":110900},{\"custom_display_name\":\"Hagaki 100x148mm\",\"height_microns\":148000,\"name\":\"JPN_HAGAKI\",\"vendor_id\":\"167\",\"width_microns\":100000},{\"custom_display_name\":\"Borderless hagaki 100x148mm\",\"height_microns\":148100,\"name\":\"JPN_HAGAKI\",\"vendor_id\":\"168\",\"width_microns\":100100},{\"custom_display_name\":\"Index card 3x5in.\",\"height_microns\":127000,\"name\":\"NA_INDEX_3X5\",\"vendor_id\":\"169\",\"width_microns\":76200},{\"custom_display_name\":\"No. 6 3/4 Envelope\",\"height_microns\":165100,\"name\":\"NA_PERSONAL\",\"vendor_id\":\"171\",\"width_microns\":92200},{\"custom_display_name\":\"Index card 5x8in.\",\"height_microns\":203200,\"name\":\"NA_INDEX_5X8\",\"vendor_id\":\"172\",\"width_microns\":127000},{\"custom_display_name\":\"Ofuku Hagaki\",\"height_microns\":199800,\"name\":\"JPN_OUFUKU\",\"vendor_id\":\"173\",\"width_microns\":148000}]},\"page_orientation\":{\"option\":[{\"is_default\":true,\"type\":\"PORTRAIT\"},{\"type\":\"LANDSCAPE\"},{\"type\":\"AUTO\"}]},\"supported_content_type\":[{\"content_type\":\"application/pdf\"}]},\"version\":\"1.0\"},\"selectedDestinationName\":\"HP6676F7 (HP Officejet J4680 series)\",\"mediaSize\":{\"custom_display_name\":\"Letter\",\"height_microns\":279400,\"is_default\":true,\"name\":\"NA_LETTER\",\"vendor_id\":\"1\",\"width_microns\":215900}}"}},"profile":{"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{"https://www.youtube.com:443,https://www.youtube.com:443":{"setting":1}},"geolocation":{},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{},"popups":{},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"https://www.youtube.com:443,https://www.youtube.com:443":{"fullscreen":1}},"pref_version":1},"created_by_version":"35.0.1916.153","exit_type":"Normal","exited_cleanly":true,"icon_version":3,"managed_user_id":"","migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Firstuser","per_host_zoom_levels":{}},"protection":{"macs":{}},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13048517670653135"},"settings":{"privacy":{"drm_salt":"7DAF463AE6F2DA27AE51B7C0A93BB0D02897979278374173A2A0C0DD49A97FCE"}},"sync_promo":{"startup_count":10},"translate_blocked_languages":["en"],"translate_whitelists":{}}
let.google.com/","https://wallet-web.sandbox.google.com/","https://www.google.com/","https://www.googleapis.com/*"],"update_url":"https://clients2.google.com/service/update2/crx","version":"0.1.1.0"},"path":"nmmhkkegccagdldgiimedpiccmgmieda\\0.1.1.0_0","preferences":{},"regular_only_preferences":{},"running":false,"state":1,"was_installed_by_default":true,"was_installed_by_oem":false},"pafkbggdmjlpgkdkcbjmhmfcdpncadgh":{"active_permissions":{"api":["alarms","gcm","identity","metricsPrivate","notifications","storage","tabs","webstorePrivate"],"explicit_host":["*://*.google.com/*","*://*.gstatic.com/*","https://*.googleapis.com/*","https://*.googleusercontent.com/*"],"manifest_permissions":[]},"content_settings":[],"creation_flags":1,"events":["alarms.onAlarm","gcm.onMessage","identity.onSignInChanged","notifications.onButtonClicked","notifications.onClicked","notifications.onClosed","notifications.onPermissionLevelChanged","notifications.onShowSettings","pushMessaging.onMessage","runtime.onInstalled","runtime.onStartup","runtime.onSuspend","storage.onChanged"],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13048525384657718","location":5,"manifest":{"background":{"persistent":false,"scripts":["utility.js","cards.js","background.js"]},"description":"IntegratesGoogle Now into Chrome.","icons":{"128":"images/icon128.png","16":"images/icon16.png","48":"images/icon48.png"},"key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhqJr32OFD/bMXW4Md7jMfd7LbwHXVc6x5bBQG5U+dloofoxrICDR20yur/40mQ8O//0sS1b8srvbab1CRlSrxoNCr9T80NAkfzx0gHyVS+p1Zow+1FzLMu9PiGwwFyN80HIB7GI/dIa0wC9K/2OrrzcHEhVH96DacTtWQqjfDVtZPjT7Xwv23dgoWcpbkRC86jMJot3dmX9xnn0KzoVc9gDOHSIkBLbkkr6Sp3LGXCCM4L0DJgxdFwaLr5WBzgC3y5x0/wwPIwN4PtIaK3BhH6njlksfnKwwIJ9iRT41V4BqbWu4mszO/7VJ3HJyw2DBpIc2grU9ZRRxrV3fRQG4wIDAQAB","manifest_version":2,"name":"Google Now","oauth2":{"auto_approve":true,"scopes":["https://www.googleapis.com/auth/googlenow"]},"optional_permissions":["background"],"permissions":["alarms","identity","metricsPrivate","notifications","pushMessaging","storage","tabs","webstorePrivate","\u003Call_urls>"],"version":"1.2.0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\35.0.1916.153\\resources\\google_now","preferences":{},"regular_only_preferences":{},"was_installed_by_default":false,"was_installed_by_oem":false},"pjkljhegncpnkpknbcohdijeoejaedia":{"ack_external":true,"active_permissions":{"api":["notifications"],"manifest_permissions":[]},"app_launcher_ordinal":"x","commands":{},"content_settings":[],"creation_flags":137,"events":[],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["notifications"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13080682435387499","lastpingday":"13080726011904612","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"https://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"en_US","default_locale":"en","description":"Fast, searchable email with less spam.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","manifest_version":2,"name":"Gmail","options_page":"https://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"http://clients2.google.com/service/update2/crx","version":"8.1"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"1001F5640A953A5D086A090017622E2187961DD3D2087D7595BD5C8EE029AA3B"},"default_search_provider":{"keyword":"4627E3D4A8B5F1B916551AF358D153398B3B3A3944A743AE76A2459DD3F49B1B","name":"21F1619AEA5A935701D6B08F47C969BA29938020172026DF5E79C2C36C11F745","search_url":"3E12220E278B45787D436180D87C2769A25386E8969D6F45B22BC69FDCB3B881"},"default_search_provider_data":{"template_url_data":"0A93A7184365FAAC2AAFB2D4962CD46BBA4BF690B0CB87D537BFF4295D593BF8"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"08EDF4EEDDCD784AFA3796114941228143712047915F5D584A0259626CF9CE91","aohghmighlieiainnegkcijnfilokake":"A613A5A4E8DB7A433854F426F6BB1E4D2D848F48EA8AF1342F51E107449A871D","apdfllckaahabafndbhieahigkjlhalf":"D3FF13EA5A3BC5ACA47A44A3B49DC64BEA4A9112BCA977FDC319DDFC5F0433A3","bepbmhgboaologfdajaanbcjmnhjmhfn":"47674854842EB6BA4243051A4992DEA32E80B124DD9B3E1880FCD604D7D91529","blpcfgokakmgnkcojhhkbfbldkacnbeo":"6A3D696F206A71021D4295F3AE7C676663F545268F8AE869ED03E7F923ECBA16","coobgpohoikkiipiblmjeljniedjpjpf":"82413CB0DC4C90B518948FC0E56FBAC7D4B96A1AE9460016D84CC6EDAB97BC4E","dnhpdliibojhegemfjheidglijccjfmc":"D49F04C480B2574202F250BFB765FCD9389D63F879E7B9B43B142637FFA9CE66","eemcgdkfndhakfknompkggombfjjjeno":"C704B0B7604A6DA20DD21CE7B523FF0C54D5D800D3E1E745E396EA922FAADD84","ennkphjdgehloodpbhlhldgbnhmacadg":"222644A55E9E33779DDFB9C6F25EC33FEA75B1793E0EBB604CC64173A02B01A9","gfdkimpbcpahaombhbimeihdjnejgicl":"A4B451D8EA05D865E6F86D1E48F0A7A8527807265CC3418611877E6E17A7D72E","kmendfapggjehodndflmmgagdbamhnfd":"107585A49AF7BC319903CDC22F95A020B0583C1CE76A2DA184C4823E5929AC83","lccekmodgklaepjeofjdjpbminllajkg":"5E6342C9E6F3E475ECD73A9D594A40D10EC633D628D39EE5C7BDD57CE6EB74A5","mfehgcgbbipciphmccgaenjidiccnmng":"12B74E6621E4A9AD656BF66490F256DABA43DA929CC201A268935D308C6BDD7A","mfffpogegjflfpflabcdkioaeobkgjik":"CED74CD6D3C859555676D1037B60A0F1A3D14D19451F1E0C92383743F0AC3485","mgndgikekgjfcpckkfioiadnlibdjbkf":"DB67B8E5BEBAE1561EC2A0CC669CFF360EA19EA7DE3B496065C8760763CB8519","mhjfbmdgcfjbbpaeojofohoefgiehjai":"F364BCC0C38E476BD6D97F6E9BCFD17DA7B5312B421F419B152AF9A4FFEE7E99","nbpagnldghgfoolbancepceaanlmhfmd":"C4BE008B3443DA015CA1739169E697E5DEA6A96B35280ED5FA838F482A006227","neajdppkdcdipfabeoofebfddakdcjhd":"434EC733F5F43C8501FFDF29968769C897222C7123F302E77177F63956D74083","nkeimhogjdpnpccoofpliimaahmaaome":"F723ABE9852C076B249D8ECD2245C52DFDF2F34A15E69B1BCCCAC9DE19F09F75","nmmhkkegccagdldgiimedpiccmgmieda":"0256CA505452E1C72F897D3ADD02713F06CB04D165908ABBC8B50BDDE60BE10D","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"894F68BBB1BDAC02C28EB26FD5E724FDC5B2CD5B111862BC9869D2F7B1D8BD47","pjkljhegncpnkpknbcohdijeoejaedia":"64C42445D79289125F0F76A334EC22B7F6653F02C600750BC5264B45C4EFC142"}},"google":{"services":{"last_username":"2443B4B1E8483969A8793E688AD8D545724C2C29723E13998F74A3F5ACB43914","username":"ABF21DCE9B65566E6B4342B8B756DA0E9C18DF5B7203FF741CCE37704ADC3C6A"}},"homepage":"E70CD67B7C157C85AC13DBE0EBBCB19E0F4C1964CA80ADF583A3E950BDDE8ED7","homepage_is_newtabpage":"8DD91D45398D11FBEAA522EE798BD803AF6D4EFF02613B32D888EF84EAD90892","pinned_tabs":"ABBCAF7B14102307DFFDC120895205AB1EA5C050A53AC4989D68320721430E4C","prefs":{"preference_reset_time":"F2848AA681BB3B4987E713B9F4E8AEDEAB8CF1E794854EDFD5CDE7DC10C98EA0"},"profile":{"reset_prompt_memento":"707EA13DABA2EF2655E64AFBB0DB97CD7911954F3916B83AB7A6EA43EF9228EE"},"safebrowsing":{"incidents_sent":"A88C3330D98437CA294C42E1EEA144AC4882119C813682013C3459D79C77795B"},"search_provider_overrides":"5543D300B1131CA2D86EFE422BCC47A9801316556296311E57E8997568E822C9","session":{"restore_on_startup":"F51A7D73A61877826492F110250FE685DBF0C7009CF33B6DF8CD9F85296D343E","startup_urls":"B4ED088D82487A5D863DE4521E42C6FDB752421878723E444A6DD7ED3E9FF896"},"software_reporter":{"prompt_reason":"342BD00BDDD34D8231088CAD4045FC357E53238D59B9A185A80CC4C2A2639587","prompt_seed":"DCE4B85418CC56F13C00FF0A58B59DA52755954B89B0F0762F94512CD3F2FC25","prompt_version":"3D13246559DB5C92FCDAE70E2815AA1ECEB41175BA38A03598DDA6DC20DA0A9F"},"sync":{"remaining_rollback_tries":"00A44AC67AD32877AC3D3B6A677AF4E5BD371C752128B5832688435DBF9A6CBA"}},"super_mac":"4FAAC01FB18E91FBEED358AFE728A9B37618599FD9A984CB92D654204488717C"},"sync":{"remaining_rollback_tries":0}}
 
C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Preferences
0,\"vendor_id\":\"165\",\"width_microns\":111100},{\"custom_display_name\":\"Envelope A2\",\"height_microns\":146000,\"name\":\"JPN_CHOU2\",\"vendor_id\":\"166\",\"width_microns\":110900},{\"custom_display_name\":\"Hagaki 100x148mm\",\"height_microns\":148000,\"name\":\"JPN_HAGAKI\",\"vendor_id\":\"167\",\"width_microns\":100000},{\"custom_display_name\":\"Borderless hagaki 100x148mm\",\"height_microns\":148100,\"name\":\"JPN_HAGAKI\",\"vendor_id\":\"168\",\"width_microns\":100100},{\"custom_display_name\":\"Index card 3x5in.\",\"height_microns\":127000,\"name\":\"NA_INDEX_3X5\",\"vendor_id\":\"169\",\"width_microns\":76200},{\"custom_display_name\":\"No. 6 3/4 Envelope\",\"height_microns\":165100,\"name\":\"NA_PERSONAL\",\"vendor_id\":\"171\",\"width_microns\":92200},{\"custom_display_name\":\"Index card 5x8in.\",\"height_microns\":203200,\"name\":\"NA_INDEX_5X8\",\"vendor_id\":\"172\",\"width_microns\":127000},{\"custom_display_name\":\"Ofuku Hagaki\",\"height_microns\":199800,\"name\":\"JPN_OUFUKU\",\"vendor_id\":\"173\",\"width_microns\":148000}]},\"page_orientation\":{\"option\":[{\"is_default\":true,\"type\":\"PORTRAIT\"},{\"type\":\"LANDSCAPE\"},{\"type\":\"AUTO\"}]},\"supported_content_type\":[{\"content_type\":\"application/pdf\"}]},\"version\":\"1.0\"},\"selectedDestinationName\":\"HP6676F7 (HP Officejet J4680 series)\",\"isDuplexEnabled\":false,\"mediaSize\":{\"custom_display_name\":\"Letter\",\"height_microns\":279400,\"is_default\":true,\"name\":\"NA_LETTER\",\"vendor_id\":\"1\",\"width_microns\":215900},\"dpi\":{\"horizontal_dpi\":600,\"is_default\":true,\"vertical_dpi\":600},\"selectedDestinationExtensionId\":\"\"}"}},"profile":{"avatar_bubble_tutorial_shown":1,"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{"https://[*.]www.khanacademy.org:443,*":{"setting":1},"https://[*.]www.youtube.com:443,*":{"setting":1},"https://vimeo.com:443,https://vimeo.com:443":{"setting":1}},"geolocation":{"http://bindingofisaacrebirth.gamepedia.com:80,http://bindingofisaacrebirth.gamepedia.com:80":{"setting":1},"https://www.peiwei.com:443,https://www.peiwei.com:443":{"setting":1}},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{"https://www.google.com:443,*":{"setting":1}},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{"[*.]web.roblox.com,*":{"setting":1},"[*.]www.roblox.com,*":{"setting":1}},"popups":{"https://[*.]my.hrw.com:443,*":{"setting":1}},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"[*.]web.roblox.com,*":{"plugins":1},"[*.]www.roblox.com,*":{"plugins":1},"http://bindingofisaacrebirth.gamepedia.com:80,http://bindingofisaacrebirth.gamepedia.com:80":{"geolocation":1,"last_used":{"geolocation":1429972520.755725}},"https://[*.]my.hrw.com:443,*":{"popups":1},"https://[*.]www.khanacademy.org:443,*":{"fullscreen":1},"https://[*.]www.youtube.com:443,*":{"fullscreen":1},"https://vimeo.com:443,https://vimeo.com:443":{"fullscreen":1},"https://www.google.com:443,*":{"last_used":{"media-stream-mic":1429470270.991902},"media-stream-mic":1},"https://www.peiwei.com:443,https://www.peiwei.com:443":{"geolocation":1,"last_used":{"geolocation":1425162054.95262}}},"plugin_whitelist":{"npsitesafety":{"dll":true}},"pref_version":1},"created_by_version":"35.0.1916.114","exit_type":"SessionEnded","exited_cleanly":true,"gaia_info_picture_url":"https://lh5.googleusercontent.com/-haBLRz9eYLg/AAAAAAAAAAI/AAAAAAAAAV8/RTukSYhljaQ/s256-c/photo.jpg","gaia_info_update_time":"13084136882185926","icon_version":3,"managed_user_id":"","managed_users":{},"migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Firstuser","password_manager_groups_for_domains":[0,null,null,null,null,null,4],"per_host_zoom_levels":{}},"protection":{"macs":{}},"reverse_autologin":{"enabled":false},"safebrowsing":{"extended_reporting_enabled":false},"savefile":{"default_directory":"C:\\Users\\mooke_000\\Pictures","type":1},"selectfile":{"last_directory":"C:\\Users\\mooke_000\\Pictures"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13046482681127931"},"sync":{"app_list":true,"app_settings":true,"apps":true,"autofill":true,"autofill_profile":true,"autofill_wallet":true,"bookmarks":true,"dictionary":false,"encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA3c20YGNsc0OIiLhFdncglAAAAAACAAAAAAAQZgAAAAEAACAAAACXWDDZBcM+eA+9P7B1N7al7F/V1Z9Jg3oO2m/usZpr4QAAAAAOgAAAAAIAACAAAABtuVcmP1Y9WtoUIc1l1WRhI6lMc/EFEil2hw77LJTlbEAAAADAb3umj9ZM7Ux+OBqDYDOtcf8xR7sq/0rMxL1x4KFUBbbT8uMJhnb/GTOdmTML986xXtvOmQMCXlGZv1rwVri7QAAAAENcSY2Cg9AkE8Sx/UNVdHgBDLUw2gKJgeATZSabWRD6mNuNoniwlQdEp/hN/FTcEgalCRnsz/EAAQWfSveYP/I=","extension_settings":true,"extensions":true,"favicon_images":true,"favicon_tracking":true,"first_sync_time":"13055118736362832","has_setup_completed":true,"history_delete_directives":true,"keep_everything_synced":false,"keystore_encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA3c20YGNsc0OIiLhFdncglAAAAAACAAAAAAAQZgAAAAEAACAAAABNihHORacbJ504tbQtQopqD+WLIXt9lc5vwdFr7w8BLgAAAAAOgAAAAAIAACAAAAA9lPQWe0t5g7t2JhbyRoOFmfylRC30usGuzi66W7duWlAAAACj/yFZFmAHazLdalM2L8ZNwkmIVrRngESxtVm9oieUQ0dftoDB2aUROzZNA1gZnpVzDcqLQ0Xs27DojW3jZI+e5c9/ho+MtM7YtMFHaMrQ2UAAAABrDffZGWplmjjd2zfnOzh3MA6htoMFwy3v2AePFzXXx8H6agIOZfgQIvxbk7jahTxIbIENIvSqIbR7u6v/gCIy","last_synced_time":"13084219126304698","managed_user_settings":true,"managed_user_shared_settings":true,"managed_user_whitelists":true,"managed_users":true,"memory_warning_count":0,"passwords":true,"preferences":false,"priority_preferences":false,"search_engines":false,"session_sync_guid":"session_syncJLfaPHsGBIo9FLR1s53yZw==","sessions":true,"shutdown_cleanly":false,"suppress_start":false,"synced_notifications":true,"tabs":true,"themes":true,"typed_urls":true},"sync_promo":{"startup_count":1},"synced_notification":{"first_run":false},"translate_accepted_count":{"de":0,"en":0,"pt":0},"translate_blocked_languages":["en"],"translate_denied_count":{"en":1,"pt":1},"translate_denied_count_for_language":{"de":2,"en":1},"translate_last_denied_time":1425932860295.626,"translate_last_denied_time_for_language":{"de":1439684030402.555,"en":1438018787678.093},"translate_too_often_denied":true,"translate_whitelists":{},"zerosuggest":{"cachedresults":""}}
 
C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Preferences
.]upload.wikimedia.org,*":{"plugins":1},"[*.]www.cvsphoto.com,*":{"plugins":1},"[*.]www.ers-srl.com,*":{"plugins":1},"[*.]www.impactwrestling.com,*":{"fullscreen":1},"[*.]www.java.com,*":{"plugins":1},"[*.]www.myfoxdfw.com,*":{"plugins":1},"[*.]www.scholastic.com,*":{"plugins":1},"[*.]www.youtube.com,*":{"fullscreen":1},"http://192.168.1.85:8080,*":{"plugins":1},"http://maps.google.com:80,http://maps.google.com:80":{"geolocation":1},"http://touch.facebook.com:80,http://touch.facebook.com:80":{"geolocation":1},"http://www.greatclips.com:80,http://www.greatclips.com:80":{"geolocation":1},"http://www.wunderground.com:80,http://www.wunderground.com:80":{"geolocation":1},"http://www.zoomzoomzen.com:80,http://www.zoomzoomzen.com:80":{"geolocation":1},"https://[*.]download.citrixonline.com:443,*":{"plugins":1},"https://[*.]eft1.feps.cms.gov:443,*":{"plugins":1},"https://[*.]mail.google.com:443,*":{"popups":1},"https://[*.]plus.google.com:443,*":{"fullscreen":1},"https://[*.]qbo.intuit.com:443,*":{"popups":1},"https://[*.]us-mg205.mail.yahoo.com:443,*":{"multiple-automatic-downloads":1},"https://[*.]www.facebook.com:443,*":{"fullscreen":1},"https://app.mysms.com:443,*":{"notifications":1},"https://foursquare.com:443,https://foursquare.com:443":{"geolocation":1},"https://maps.google.com:443,https://maps.google.com:443":{"geolocation":1},"https://plus.google.com:443,https://plus.google.com:443":{"geolocation":1},"https://www.google.com:443,*":{"media-stream-mic":1}},"plugin_whitelist":{"npsitesafety":{"dll":true}},"pref_version":1},"created_by_version":"35.0.1916.114","default_content_setting_values":{"plugins":3},"default_content_settings":{"plugins":3},"exit_type":"Crashed","exited_cleanly":true,"gaia_info_update_time":"13084230345153625","icon_version":3,"is_managed":false,"managed_user_id":"","managed_users":{},"migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Firstuser","password_manager_groups_for_domains":[1],"per_host_zoom_levels":{}},"protection":{"macs":{}},"reverse_autologin":{"enabled":false},"savefile":{"default_directory":"C:\\Users\\Web\\Desktop"},"selectfile":{"last_directory":"C:\\Users\\Web\\Google Drive\\TQF\\Quickbooks\\Invoices"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13046643098031463"},"settings":{"privacy":{"drm_salt":"59D990A4BCF6D7DA80F0CE8659C908FC2FA5F4DE5A020533B694B6C1AAE84E44"}},"signin":{"signedin_time":"13064261698391182"},"sync":{"app_list":true,"app_settings":true,"apps":true,"autofill":true,"autofill_profile":true,"bookmarks":true,"dictionary":true,"encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAABysDQll0iEqH4Npf5cRrEwAAAAACAAAAAAAQZgAAAAEAACAAAAC7P9C05ipXTOzF0l4BjbyY/Ou+t3xd+MW8UJa3TaLU9gAAAAAOgAAAAAIAACAAAACBXditQkETqm6P+Nr7VpGS/WDlqtLRirKMehnoAMeBUkAAAABkKc1TGWikSPgQaBuy0LhefntKyg7j88fyOXLTugXGdbTeAp4cXzoKNi0BORaRe8kgKORe7mUa19RLcdepVn5vQAAAAFLuwP++8xk2K21Iq9GGF9W0HMVmSsAQfIEC5xeCpG1adaIH2GEK4YXVnyKN7xf/DRTHDQvytIhh7jG5snxzSaM=","extension_settings":true,"extensions":true,"favicon_images":true,"favicon_tracking":true,"first_sync_time":"13054232150315396","has_auth_error":true,"has_setup_completed":true,"history_delete_directives":true,"keystore_encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAABysDQll0iEqH4Npf5cRrEwAAAAACAAAAAAAQZgAAAAEAACAAAADabq7neynTCsZSn2NcWnNZ2SiNs1cdZ5fH16xV5JuVdQAAAAAOgAAAAAIAACAAAACK/KfwkrmTwJaHOt81rnX5WIz+9eX0cTcvAXKKGiWQtlAAAAALJILtIyo3gY/C9xlIauvuEtBrhjngB4+DJoBKNfWG3NLjbXEWYfm9YFADQnraWxrgpl52a6mWaoesox1FyrLiZB9guUGzeKIPPH8nBoY6uUAAAAC80pZOS4wt7GHJTqpvmMl84Bxp6QHQjHJ0oHgPPYAzm0TA59TUhfsiOHEdTwNzUZKEDL06TvfwuvzbVjNhk35c","last_synced_time":"13084231929936078","managed_user_settings":true,"managed_user_shared_settings":true,"managed_user_whitelists":true,"managed_users":true,"memory_warning_count":0,"passwords":true,"preferences":true,"priority_preferences":true,"search_engines":true,"session_sync_guid":"session_sync3Hda8RkRlmSyGv3B4D4+Uw==","sessions":true,"shutdown_cleanly":false,"suppress_start":false,"synced_notifications":true,"tabs":true,"themes":true,"typed_urls":true},"sync_promo":{"startup_count":1},"synced_notification":{"first_run":false},"translate_accepted_count":{"ar":0,"de":0,"es":0,"fr":0,"ga":0,"it":0,"ja":0,"zh-CN":1},"translate_blocked_languages":["en"],"translate_denied_count":{"ar":1,"de":6,"es":1,"fr":1,"ga":1,"it":1,"ja":1,"zh-CN":0},"translate_whitelists":{}}
rdinal":"yz","commands":{},"content_settings":[],"creation_flags":137,"events":[],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["notifications"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13072631273697629","lastpingday":"13084182008088314","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"https://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"en_US","default_locale":"en","description":"Fast,searchable email with less spam.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","manifest_version":2,"name":"Gmail","options_page":"https://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"http://clients2.google.com/service/update2/crx","version":"8.1"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"google":{"services":{"account_id":"webmayfield@gmail.com","last_username":"web.mayfield@gmail.com"}},"homepage":"http://www.google.com/","homepage_is_newtabpage":true,"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"65BADC5D1501ECD4D65663C5467DD7BF9B6F0446D827D2F025DD707623BA857F"},"default_search_provider":{"keyword":"4627E3D4A8B5F1B916551AF358D153398B3B3A3944A743AE76A2459DD3F49B1B","name":"21F1619AEA5A935701D6B08F47C969BA29938020172026DF5E79C2C36C11F745","search_url":"3E12220E278B45787D436180D87C2769A25386E8969D6F45B22BC69FDCB3B881"},"default_search_provider_data":{"template_url_data":"0A93A7184365FAAC2AAFB2D4962CD46BBA4BF690B0CB87D537BFF4295D593BF8"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"B6107F2D9A072209447B33FA798172D801E0412049B11B512A6CDE824B8A7529","aohghmighlieiainnegkcijnfilokake":"0F042CD37D8FB8F306707D2397DDECD0C4947041B9E86C06BB07517E7AFA3E51","apdfllckaahabafndbhieahigkjlhalf":"8BB61460FCE6C2828FCC2A697A43C21D0349A26096138EE65E1CA02D28163A2A","bepbmhgboaologfdajaanbcjmnhjmhfn":"47674854842EB6BA4243051A4992DEA32E80B124DD9B3E1880FCD604D7D91529","bjnkloegafmkhgpjglcbldhaokjpandj":"24B7938329DE9AB10D8EB57F4432D4CA85ED931F065EBFECDFDB5495D92AD039","blpcfgokakmgnkcojhhkbfbldkacnbeo":"22139B7B65EDE4847312DF97FC3722B6F90659D55CF8EF5E8E62DF3B2339077E","boadgeojelhgndaghljhdicfkmllpafd":"73D5B8D187F59352EA46565961F0BED380A113A29001BC18A08E0B6619080351","coobgpohoikkiipiblmjeljniedjpjpf":"C34BAE37B055302D69149EC8E3D699B04BA5552FDD2B6837C35B2FFAE0A71994","djflhoibgkdhkhhcedjiklpkjnoahfmg":"D6482010194852602F7A636C298AA3D67140CF17E1B3B11507BD131001DF75EC","dllkocilcinkggkchnjgegijklcililc":"546C26621826802FEE766EF2A43B27E57E7E8BAB7DFE9820FD0BF83130452C7C","dlppkpafhbajpcmmoheippocdidnckmm":"BDD9595E4C53216BA27836B5602894113C6AB15950A9DCCD8343F457ECA86430","dnhpdliibojhegemfjheidglijccjfmc":"685E39C2C9269C636E59996E7A838DC9B29A2398995329C03D65872663118565","eemcgdkfndhakfknompkggombfjjjeno":"530B32C8EBBF29AEA3C0F50A7A1734E414ADD6445530B108C880B6FF4EF542E2","ennkphjdgehloodpbhlhldgbnhmacadg":"3F8610C6B800C2EFDB30766339C4A9DA9877C668E14BD6CAFA60A2BF9B526046","fahmaaghhglfmonjliepjlchgpgfmobi":"3F045871383505DAF83D7D8D04AE341E03F2600B11771995AA1CA21E19B5E924","gfdkimpbcpahaombhbimeihdjnejgicl":"CA550D1D921B95D364C464B73221603E801C2B91D018909C439DBD59268D2E44","hfdkmfjikkdbfkeikhenooopdpgpighd":"2223254B195EC962CAA30CF6D6966163F31F87BA6E987C55B8601DB7913DE2C2","jgoepmocgafhnchmokaimcmlojpnlkhp":"F2E03714FC04A45720D46BE1AD370D3A82B0F936595BF9EB4BA3597F5CCC0A99","kcnhkahnjcbndmmehfkdnkjomaanaooo":"3BDD816FF4B8BCD00A40E8916791450962FA112132F9E727CDBFD9F440DD6AD8","kmendfapggjehodndflmmgagdbamhnfd":"7DA3D4A52199148665E96723FB35BA12F2A2D84D55EB1C49FC8391ACDC334410","lccekmodgklaepjeofjdjpbminllajkg":"775537ACA5C4C1C18D476F16E8D1030E240A8868EC18AB816241F5E4C0D39401","lmjegmlicamnimmfhcmpkclmigmmcbeh":"715EC4B6BECA7332668A3304652F45CECD10A3C2A25B8A9C59C22BF65630101C","mdanidgdpmkimeiiojknlnekblgmpdll":"842C8DCAA3001FC325D87A7FDDFA437A62D780D8B69A2957938A39CF8E8E96E2","mfehgcgbbipciphmccgaenjidiccnmng":"5C80B580DBB982C14B45674368361E583ACF0A574D126100A12399FD3D829D20","mfffpogegjflfpflabcdkioaeobkgjik":"759EE9E3372C947413F64FB15B6308E3A69AB1FD3CF712407371CD9814576107","mgndgikekgjfcpckkfioiadnlibdjbkf":"7A3EC114C0D2F79E3349AF0C54F634BB98BA2E0CE4A1FFBAA552D8E32846EE27","mhjfbmdgcfjbbpaeojofohoefgiehjai":"E95ABB8B93739A6015EE2DF7EFF757F91E1695086C9041BC4A558AB035D5EA3F","nbpagnldghgfoolbancepceaanlmhfmd":"B94B07C11F64F233DB195F0011F69622336631975198319386B380F9429EA7B8","neajdppkdcdipfabeoofebfddakdcjhd":"B89658BF64A54A38918B07ACF7502E90AFDCDF5A8AFA8C049CF592756DF3FF86","nkeimhogjdpnpccoofpliimaahmaaome":"307952EE0534A61DF57AB555019973E56E760DB074BF08D0926F42E7545C5902","nmmhkkegccagdldgiimedpiccmgmieda":"6CA943D13464F83F998229545559436F6DA7C0E97E3FADD5168075963B95DA8B","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"AD7B7D2A8C248F0231757133EA951BF13B9B16EAFC98194B938B06B948A243E4","pjkljhegncpnkpknbcohdijeoejaedia":"47300CC856F3DC3D64632DD401F97CCA91C0345297FA52F676BAE67E11F8B0B4"}},"google":{"services":{"account_id":"2DEA2A1D1F6A46EFF112275EC09EB4AFDC139464F18221DFACC68AF2DFA27EEC","last_username":"F07B1FA68E7CEBE93EFA36CAF7FDD0E17256AF79EB14BF483C9B6D9DCB379DEC","username":"ABF21DCE9B65566E6B4342B8B756DA0E9C18DF5B7203FF741CCE37704ADC3C6A"}},"homepage":"85AED5E2968F2119291464B4E3080A1799E7EE6F4683DCF517D9013A316B9C62","homepage_is_newtabpage":"DEB34DF8DD4A0E6BB9F014EF459F2268BB76FD2545795EB33C7BE39B003E5F5F","pinned_tabs":"ABBCAF7B14102307DFFDC120895205AB1EA5C050A53AC4989D68320721430E4C","prefs":{"preference_reset_time":"F2848AA681BB3B4987E713B9F4E8AEDEAB8CF1E794854EDFD5CDE7DC10C98EA0"},"profile":{"reset_prompt_memento":"707EA13DABA2EF2655E64AFBB0DB97CD7911954F3916B83AB7A6EA43EF9228EE"},"safebrowsing":{"incidents_sent":"A88C3330D98437CA294C42E1EEA144AC4882119C813682013C3459D79C77795B"},"search_provider_overrides":"5543D300B1131CA2D86EFE422BCC47A9801316556296311E57E8997568E822C9","session":{"restore_on_startup":"E9CF315FBDA1E78D0BD435F88C87E882AD7C63CF982A7DC35E325D886ACFE320","startup_urls":"B4ED088D82487A5D863DE4521E42C6FDB752421878723E444A6DD7ED3E9FF896"},"software_reporter":{"prompt_reason":"342BD00BDDD34D8231088CAD4045FC357E53238D59B9A185A80CC4C2A2639587","prompt_seed":"DCE4B85418CC56F13C00FF0A58B59DA52755954B89B0F0762F94512CD3F2FC25","prompt_version":"3D13246559DB5C92FCDAE70E2815AA1ECEB41175BA38A03598DDA6DC20DA0A9F"},"sync":{"remaining_rollback_tries":"00A44AC67AD32877AC3D3B6A677AF4E5BD371C752128B5832688435DBF9A6CBA"}},"super_mac":"5C4D1519F0F7EA02D310DAB341A99F2C761E6BF724A90906304D98CE30C27522"},"session":{"restore_on_startup":1},"sync":{"remaining_rollback_tries":0}}
 
 
==== Chromium Fix ======================
 
C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricsbay.com_0.localstorage deleted successfully
C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricsbay.com_0.localstorage-journal deleted successfully
C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage deleted successfully
C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage-journal deleted successfully
C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully
C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\pauli_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.aadvantageeshopping.com_0.localstorage deleted successfully
C:\Users\pauli_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.aadvantageeshopping.com_0.localstorage-journal deleted successfully
C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully
C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully
C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mediaservices-d.openxenterprise.com_0.localstorage deleted successfully
C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mediaservices-d.openxenterprise.com_0.localstorage-journal deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{D944BB61-2E34-4DBF-A683-47E505C587DC} eBay  Url="http://rover.ebay.com/rover/1/711-154371-11896-2/4"
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4 deleted successfully
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4 deleted successfully
 
==== Empty IE Cache ======================
 
C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\aklyk_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\aklyk_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\halca_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\halca_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\mooke_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\mooke_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\pauli_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\pauli_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\Web\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Web\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\aklyk_000\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\aklyk_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Users\halca_000\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\halca_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Users\mooke_000\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\mooke_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Users\pauli_000\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\pauli_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Users\Web\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Web\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\aklyk_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\pauli_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
No Java Cache Found
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=49 folders=36 20196232 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\aklyk_000\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\halca_000\AppData\Local\Temp emptied successfully
C:\Users\mooke_000\AppData\Local\Temp emptied successfully
C:\Users\pauli_000\AppData\Local\Temp emptied successfully
C:\Users\Web\AppData\Local\Temp will be emptied at reboot
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\windows\Temp successfully emptied
C:\Users\Web\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found
 
==== EOF on Sun 08/16/2015 at 16:06:18.43 ======================
 
Link to post
Share on other sites

I just finished the re-scan with zoek -- log is below. 

 

I am in Chrome and still getting some 'best coupons' sidebar popping up.  IE was doing the same thing before but it seems to be cured now.  I have not yet done the scan with Malwarebytes. After I do that I will run FRST again and post the results. 

 

 
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Web on Sun 08/16/2015 at 16:24:55.69.
Microsoft Windows 8.1 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Web\Desktop\zoek.exe [scan all users] [script inserted] 
 
==== Older Logs ======================
 
C:\zoek-results2015-08-16-210618.log 47805 bytes
 
==== Empty Folders Check ======================
 
C:\Users\Web\AppData\Local\VirtualStore deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\0302601401919830mcinstcleanup deleted successfully
 
==== Chromium Look ======================
 
Google Chrome Version: 44.0.2403.155
 
 
Chrome Hotword Shared Module - aklyk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Google Cast - mooke_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd
Tampermonkey - mooke_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo
Chrome Hotword Shared Module - mooke_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Chrome Hotword Shared Module - pauli_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Google Drive App Launcher - pauli_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
Google Cast - Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd
User-Agent Switcher for Chrome - Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg
Google News - Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc
Google Voice (by Google) - Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo
Chrome Hotword Shared Module - Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Boomerang for Gmail - Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll
 
==== Chromium Startpages ======================
 
C:\Users\aklyk_000\AppData\Local\Google\Chrome\User Data\Default\Preferences
display_name\":\"A5\",\"height_microns\":210000,\"name\":\"ISO_A5\",\"vendor_id\":\"11\",\"width_microns\":148000},{\"custom_display_name\":\"B5 (JIS)\",\"height_microns\":257000,\"name\":\"JIS_B5\",\"vendor_id\":\"13\",\"width_microns\":182000},{\"custom_display_name\":\"Envelope #10\",\"height_microns\":241300,\"name\":\"NA_NUMBER_10\",\"vendor_id\":\"20\",\"width_microns\":104700},{\"custom_display_name\":\"Envelope DL\",\"height_microns\":220000,\"name\":\"ISO_DL\",\"vendor_id\":\"27\",\"width_microns\":110000},{\"custom_display_name\":\"Envelope C6\",\"height_microns\":162000,\"name\":\"ISO_C6\",\"vendor_id\":\"31\",\"width_microns\":114000},{\"custom_display_name\":\"Envelope Monarch\",\"height_microns\":190500,\"name\":\"NA_MONARCH\",\"vendor_id\":\"37\",\"width_microns\":98400},{\"custom_display_name\":\"A6\",\"height_microns\":148000,\"name\":\"ISO_A6\",\"vendor_id\":\"70\",\"width_microns\":105000},{\"custom_display_name\":\"JIS Chou #3\",\"height_microns\":234900,\"name\":\"JPN_CHOU3\",\"vendor_id\":\"119\",\"width_microns\":119900},{\"custom_display_name\":\"JIS Chou #4\",\"height_microns\":204900,\"name\":\"JPN_CHOU4\",\"vendor_id\":\"120\",\"width_microns\":89900},{\"custom_display_name\":\"B5 (ISO)\",\"height_microns\":249900,\"name\":\"ISO_B5\",\"vendor_id\":\"121\",\"width_microns\":176000},{\"custom_display_name\":\"B7 (ISO)\",\"height_microns\":124900,\"name\":\"ISO_B7\",\"vendor_id\":\"122\",\"width_microns\":87800},{\"custom_display_name\":\"B7 (JIS)\",\"height_microns\":128000,\"name\":\"JIS_B7\",\"vendor_id\":\"123\",\"width_microns\":90900},{\"custom_display_name\":\"HV\",\"height_microns\":180000,\"vendor_id\":\"124\",\"width_microns\":101000},{\"custom_display_name\":\"10x15cm\",\"height_microns\":152400,\"name\":\"NA_INDEX_4X6\",\"vendor_id\":\"125\",\"width_microns\":101600},{\"custom_display_name\":\"L 89x127mm\",\"height_microns\":127000,\"vendor_id\":\"129\",\"width_microns\":88900},{\"custom_display_name\":\"2L 127x178mm\",\"height_microns\":178000,\"name\":\"NA_5X7\",\"vendor_id\":\"130\",\"width_microns\":127000},{\"custom_display_name\":\"13x18cm\",\"height_microns\":177800,\"name\":\"NA_5X7\",\"vendor_id\":\"131\",\"width_microns\":127000},{\"custom_display_name\":\"8x10in.\",\"height_microns\":254000,\"name\":\"NA_GOVT_LETTER\",\"vendor_id\":\"133\",\"width_microns\":203200},{\"custom_display_name\":\"Photo card 10x20cm (tab)\",\"height_microns\":203200,\"vendor_id\":\"135\",\"width_microns\":101600},{\"custom_display_name\":\"10x30cm\",\"height_microns\":304800,\"vendor_id\":\"137\",\"width_microns\":101600},{\"custom_display_name\":\"Borderless A4, 210x297mm\",\"height_microns\":296900,\"name\":\"ISO_A4\",\"vendor_id\":\"156\",\"width_microns\":210000},{\"custom_display_name\":\"Borderless cabinet 120x165mm\",\"height_microns\":165100,\"vendor_id\":\"157\",\"width_microns\":119800},{\"custom_display_name\":\"Borderless A6\",\"height_microns\":148000,\"name\":\"ISO_A6\",\"vendor_id\":\"159\",\"width_microns\":104900},{\"custom_display_name\":\"Borderless B5, 182x257mm\",\"height_microns\":257000,\"name\":\"JIS_B5\",\"vendor_id\":\"162\",\"width_microns\":182100},{\"custom_display_name\":\"Card envelope 4.4x6in.\",\"height_microns\":152400,\"vendor_id\":\"165\",\"width_microns\":111100},{\"custom_display_name\":\"Envelope A2\",\"height_microns\":146000,\"name\":\"JPN_CHOU2\",\"vendor_id\":\"166\",\"width_microns\":110900},{\"custom_display_name\":\"Hagaki 100x148mm\",\"height_microns\":148000,\"name\":\"JPN_HAGAKI\",\"vendor_id\":\"167\",\"width_microns\":100000},{\"custom_display_name\":\"Borderless hagaki 100x148mm\",\"height_microns\":148100,\"name\":\"JPN_HAGAKI\",\"vendor_id\":\"168\",\"width_microns\":100100},{\"custom_display_name\":\"Index card 3x5in.\",\"height_microns\":127000,\"name\":\"NA_INDEX_3X5\",\"vendor_id\":\"169\",\"width_microns\":76200},{\"custom_display_name\":\"No. 6 3/4 Envelope\",\"height_microns\":165100,\"name\":\"NA_PERSONAL\",\"vendor_id\":\"171\",\"width_microns\":92200},{\"custom_display_name\":\"Index card 5x8in.\",\"height_microns\":203200,\"name\":\"NA_INDEX_5X8\",\"vendor_id\":\"172\",\"width_microns\":127000},{\"custom_display_name\":\"Ofuku Hagaki\",\"height_microns\":199800,\"name\":\"JPN_OUFUKU\",\"vendor_id\":\"173\",\"width_microns\":148000}]},\"page_orientation\":{\"option\":[{\"is_default\":true,\"type\":\"PORTRAIT\"},{\"type\":\"LANDSCAPE\"},{\"type\":\"AUTO\"}]},\"supported_content_type\":[{\"content_type\":\"application/pdf\"}]},\"version\":\"1.0\"},\"selectedDestinationName\":\"HP6676F7 (HP Officejet J4680 series)\",\"mediaSize\":{\"custom_display_name\":\"Letter\",\"height_microns\":279400,\"is_default\":true,\"name\":\"NA_LETTER\",\"vendor_id\":\"1\",\"width_microns\":215900}}"}},"profile":{"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{"https://www.youtube.com:443,https://www.youtube.com:443":{"setting":1}},"geolocation":{},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{},"popups":{},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"https://www.youtube.com:443,https://www.youtube.com:443":{"fullscreen":1}},"pref_version":1},"created_by_version":"35.0.1916.153","exit_type":"Normal","exited_cleanly":true,"icon_version":3,"managed_user_id":"","migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Firstuser","per_host_zoom_levels":{}},"protection":{"macs":{}},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13048517670653135"},"settings":{"privacy":{"drm_salt":"7DAF463AE6F2DA27AE51B7C0A93BB0D02897979278374173A2A0C0DD49A97FCE"}},"sync_promo":{"startup_count":10},"translate_blocked_languages":["en"],"translate_whitelists":{}}
let.google.com/","https://wallet-web.sandbox.google.com/","https://www.google.com/","https://www.googleapis.com/*"],"update_url":"https://clients2.google.com/service/update2/crx","version":"0.1.1.0"},"path":"nmmhkkegccagdldgiimedpiccmgmieda\\0.1.1.0_0","preferences":{},"regular_only_preferences":{},"running":false,"state":1,"was_installed_by_default":true,"was_installed_by_oem":false},"pafkbggdmjlpgkdkcbjmhmfcdpncadgh":{"active_permissions":{"api":["alarms","gcm","identity","metricsPrivate","notifications","storage","tabs","webstorePrivate"],"explicit_host":["*://*.google.com/*","*://*.gstatic.com/*","https://*.googleapis.com/*","https://*.googleusercontent.com/*"],"manifest_permissions":[]},"content_settings":[],"creation_flags":1,"events":["alarms.onAlarm","gcm.onMessage","identity.onSignInChanged","notifications.onButtonClicked","notifications.onClicked","notifications.onClosed","notifications.onPermissionLevelChanged","notifications.onShowSettings","pushMessaging.onMessage","runtime.onInstalled","runtime.onStartup","runtime.onSuspend","storage.onChanged"],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13048525384657718","location":5,"manifest":{"background":{"persistent":false,"scripts":["utility.js","cards.js","background.js"]},"description":"IntegratesGoogle Now into Chrome.","icons":{"128":"images/icon128.png","16":"images/icon16.png","48":"images/icon48.png"},"key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhqJr32OFD/bMXW4Md7jMfd7LbwHXVc6x5bBQG5U+dloofoxrICDR20yur/40mQ8O//0sS1b8srvbab1CRlSrxoNCr9T80NAkfzx0gHyVS+p1Zow+1FzLMu9PiGwwFyN80HIB7GI/dIa0wC9K/2OrrzcHEhVH96DacTtWQqjfDVtZPjT7Xwv23dgoWcpbkRC86jMJot3dmX9xnn0KzoVc9gDOHSIkBLbkkr6Sp3LGXCCM4L0DJgxdFwaLr5WBzgC3y5x0/wwPIwN4PtIaK3BhH6njlksfnKwwIJ9iRT41V4BqbWu4mszO/7VJ3HJyw2DBpIc2grU9ZRRxrV3fRQG4wIDAQAB","manifest_version":2,"name":"Google Now","oauth2":{"auto_approve":true,"scopes":["https://www.googleapis.com/auth/googlenow"]},"optional_permissions":["background"],"permissions":["alarms","identity","metricsPrivate","notifications","pushMessaging","storage","tabs","webstorePrivate","\u003Call_urls>"],"version":"1.2.0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\35.0.1916.153\\resources\\google_now","preferences":{},"regular_only_preferences":{},"was_installed_by_default":false,"was_installed_by_oem":false},"pjkljhegncpnkpknbcohdijeoejaedia":{"ack_external":true,"active_permissions":{"api":["notifications"],"manifest_permissions":[]},"app_launcher_ordinal":"x","commands":{},"content_settings":[],"creation_flags":137,"events":[],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["notifications"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13080682435387499","lastpingday":"13080726011904612","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"https://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"en_US","default_locale":"en","description":"Fast, searchable email with less spam.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","manifest_version":2,"name":"Gmail","options_page":"https://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"http://clients2.google.com/service/update2/crx","version":"8.1"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"1001F5640A953A5D086A090017622E2187961DD3D2087D7595BD5C8EE029AA3B"},"default_search_provider":{"keyword":"4627E3D4A8B5F1B916551AF358D153398B3B3A3944A743AE76A2459DD3F49B1B","name":"21F1619AEA5A935701D6B08F47C969BA29938020172026DF5E79C2C36C11F745","search_url":"3E12220E278B45787D436180D87C2769A25386E8969D6F45B22BC69FDCB3B881"},"default_search_provider_data":{"template_url_data":"0A93A7184365FAAC2AAFB2D4962CD46BBA4BF690B0CB87D537BFF4295D593BF8"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"08EDF4EEDDCD784AFA3796114941228143712047915F5D584A0259626CF9CE91","aohghmighlieiainnegkcijnfilokake":"A613A5A4E8DB7A433854F426F6BB1E4D2D848F48EA8AF1342F51E107449A871D","apdfllckaahabafndbhieahigkjlhalf":"D3FF13EA5A3BC5ACA47A44A3B49DC64BEA4A9112BCA977FDC319DDFC5F0433A3","bepbmhgboaologfdajaanbcjmnhjmhfn":"47674854842EB6BA4243051A4992DEA32E80B124DD9B3E1880FCD604D7D91529","blpcfgokakmgnkcojhhkbfbldkacnbeo":"6A3D696F206A71021D4295F3AE7C676663F545268F8AE869ED03E7F923ECBA16","coobgpohoikkiipiblmjeljniedjpjpf":"82413CB0DC4C90B518948FC0E56FBAC7D4B96A1AE9460016D84CC6EDAB97BC4E","dnhpdliibojhegemfjheidglijccjfmc":"D49F04C480B2574202F250BFB765FCD9389D63F879E7B9B43B142637FFA9CE66","eemcgdkfndhakfknompkggombfjjjeno":"C704B0B7604A6DA20DD21CE7B523FF0C54D5D800D3E1E745E396EA922FAADD84","ennkphjdgehloodpbhlhldgbnhmacadg":"222644A55E9E33779DDFB9C6F25EC33FEA75B1793E0EBB604CC64173A02B01A9","gfdkimpbcpahaombhbimeihdjnejgicl":"A4B451D8EA05D865E6F86D1E48F0A7A8527807265CC3418611877E6E17A7D72E","kmendfapggjehodndflmmgagdbamhnfd":"107585A49AF7BC319903CDC22F95A020B0583C1CE76A2DA184C4823E5929AC83","lccekmodgklaepjeofjdjpbminllajkg":"5E6342C9E6F3E475ECD73A9D594A40D10EC633D628D39EE5C7BDD57CE6EB74A5","mfehgcgbbipciphmccgaenjidiccnmng":"12B74E6621E4A9AD656BF66490F256DABA43DA929CC201A268935D308C6BDD7A","mfffpogegjflfpflabcdkioaeobkgjik":"CED74CD6D3C859555676D1037B60A0F1A3D14D19451F1E0C92383743F0AC3485","mgndgikekgjfcpckkfioiadnlibdjbkf":"DB67B8E5BEBAE1561EC2A0CC669CFF360EA19EA7DE3B496065C8760763CB8519","mhjfbmdgcfjbbpaeojofohoefgiehjai":"F364BCC0C38E476BD6D97F6E9BCFD17DA7B5312B421F419B152AF9A4FFEE7E99","nbpagnldghgfoolbancepceaanlmhfmd":"C4BE008B3443DA015CA1739169E697E5DEA6A96B35280ED5FA838F482A006227","neajdppkdcdipfabeoofebfddakdcjhd":"434EC733F5F43C8501FFDF29968769C897222C7123F302E77177F63956D74083","nkeimhogjdpnpccoofpliimaahmaaome":"F723ABE9852C076B249D8ECD2245C52DFDF2F34A15E69B1BCCCAC9DE19F09F75","nmmhkkegccagdldgiimedpiccmgmieda":"0256CA505452E1C72F897D3ADD02713F06CB04D165908ABBC8B50BDDE60BE10D","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"894F68BBB1BDAC02C28EB26FD5E724FDC5B2CD5B111862BC9869D2F7B1D8BD47","pjkljhegncpnkpknbcohdijeoejaedia":"64C42445D79289125F0F76A334EC22B7F6653F02C600750BC5264B45C4EFC142"}},"google":{"services":{"last_username":"2443B4B1E8483969A8793E688AD8D545724C2C29723E13998F74A3F5ACB43914","username":"ABF21DCE9B65566E6B4342B8B756DA0E9C18DF5B7203FF741CCE37704ADC3C6A"}},"homepage":"E70CD67B7C157C85AC13DBE0EBBCB19E0F4C1964CA80ADF583A3E950BDDE8ED7","homepage_is_newtabpage":"8DD91D45398D11FBEAA522EE798BD803AF6D4EFF02613B32D888EF84EAD90892","pinned_tabs":"ABBCAF7B14102307DFFDC120895205AB1EA5C050A53AC4989D68320721430E4C","prefs":{"preference_reset_time":"F2848AA681BB3B4987E713B9F4E8AEDEAB8CF1E794854EDFD5CDE7DC10C98EA0"},"profile":{"reset_prompt_memento":"707EA13DABA2EF2655E64AFBB0DB97CD7911954F3916B83AB7A6EA43EF9228EE"},"safebrowsing":{"incidents_sent":"A88C3330D98437CA294C42E1EEA144AC4882119C813682013C3459D79C77795B"},"search_provider_overrides":"5543D300B1131CA2D86EFE422BCC47A9801316556296311E57E8997568E822C9","session":{"restore_on_startup":"F51A7D73A61877826492F110250FE685DBF0C7009CF33B6DF8CD9F85296D343E","startup_urls":"B4ED088D82487A5D863DE4521E42C6FDB752421878723E444A6DD7ED3E9FF896"},"software_reporter":{"prompt_reason":"342BD00BDDD34D8231088CAD4045FC357E53238D59B9A185A80CC4C2A2639587","prompt_seed":"DCE4B85418CC56F13C00FF0A58B59DA52755954B89B0F0762F94512CD3F2FC25","prompt_version":"3D13246559DB5C92FCDAE70E2815AA1ECEB41175BA38A03598DDA6DC20DA0A9F"},"sync":{"remaining_rollback_tries":"00A44AC67AD32877AC3D3B6A677AF4E5BD371C752128B5832688435DBF9A6CBA"}},"super_mac":"4FAAC01FB18E91FBEED358AFE728A9B37618599FD9A984CB92D654204488717C"},"sync":{"remaining_rollback_tries":0}}
 
C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Preferences
0,\"vendor_id\":\"165\",\"width_microns\":111100},{\"custom_display_name\":\"Envelope A2\",\"height_microns\":146000,\"name\":\"JPN_CHOU2\",\"vendor_id\":\"166\",\"width_microns\":110900},{\"custom_display_name\":\"Hagaki 100x148mm\",\"height_microns\":148000,\"name\":\"JPN_HAGAKI\",\"vendor_id\":\"167\",\"width_microns\":100000},{\"custom_display_name\":\"Borderless hagaki 100x148mm\",\"height_microns\":148100,\"name\":\"JPN_HAGAKI\",\"vendor_id\":\"168\",\"width_microns\":100100},{\"custom_display_name\":\"Index card 3x5in.\",\"height_microns\":127000,\"name\":\"NA_INDEX_3X5\",\"vendor_id\":\"169\",\"width_microns\":76200},{\"custom_display_name\":\"No. 6 3/4 Envelope\",\"height_microns\":165100,\"name\":\"NA_PERSONAL\",\"vendor_id\":\"171\",\"width_microns\":92200},{\"custom_display_name\":\"Index card 5x8in.\",\"height_microns\":203200,\"name\":\"NA_INDEX_5X8\",\"vendor_id\":\"172\",\"width_microns\":127000},{\"custom_display_name\":\"Ofuku Hagaki\",\"height_microns\":199800,\"name\":\"JPN_OUFUKU\",\"vendor_id\":\"173\",\"width_microns\":148000}]},\"page_orientation\":{\"option\":[{\"is_default\":true,\"type\":\"PORTRAIT\"},{\"type\":\"LANDSCAPE\"},{\"type\":\"AUTO\"}]},\"supported_content_type\":[{\"content_type\":\"application/pdf\"}]},\"version\":\"1.0\"},\"selectedDestinationName\":\"HP6676F7 (HP Officejet J4680 series)\",\"isDuplexEnabled\":false,\"mediaSize\":{\"custom_display_name\":\"Letter\",\"height_microns\":279400,\"is_default\":true,\"name\":\"NA_LETTER\",\"vendor_id\":\"1\",\"width_microns\":215900},\"dpi\":{\"horizontal_dpi\":600,\"is_default\":true,\"vertical_dpi\":600},\"selectedDestinationExtensionId\":\"\"}"}},"profile":{"avatar_bubble_tutorial_shown":1,"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{"https://[*.]www.khanacademy.org:443,*":{"setting":1},"https://[*.]www.youtube.com:443,*":{"setting":1},"https://vimeo.com:443,https://vimeo.com:443":{"setting":1}},"geolocation":{"http://bindingofisaacrebirth.gamepedia.com:80,http://bindingofisaacrebirth.gamepedia.com:80":{"setting":1},"https://www.peiwei.com:443,https://www.peiwei.com:443":{"setting":1}},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{"https://www.google.com:443,*":{"setting":1}},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{"[*.]web.roblox.com,*":{"setting":1},"[*.]www.roblox.com,*":{"setting":1}},"popups":{"https://[*.]my.hrw.com:443,*":{"setting":1}},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"[*.]web.roblox.com,*":{"plugins":1},"[*.]www.roblox.com,*":{"plugins":1},"http://bindingofisaacrebirth.gamepedia.com:80,http://bindingofisaacrebirth.gamepedia.com:80":{"geolocation":1,"last_used":{"geolocation":1429972520.755725}},"https://[*.]my.hrw.com:443,*":{"popups":1},"https://[*.]www.khanacademy.org:443,*":{"fullscreen":1},"https://[*.]www.youtube.com:443,*":{"fullscreen":1},"https://vimeo.com:443,https://vimeo.com:443":{"fullscreen":1},"https://www.google.com:443,*":{"last_used":{"media-stream-mic":1429470270.991902},"media-stream-mic":1},"https://www.peiwei.com:443,https://www.peiwei.com:443":{"geolocation":1,"last_used":{"geolocation":1425162054.95262}}},"plugin_whitelist":{"npsitesafety":{"dll":true}},"pref_version":1},"created_by_version":"35.0.1916.114","exit_type":"SessionEnded","exited_cleanly":true,"gaia_info_picture_url":"https://lh5.googleusercontent.com/-haBLRz9eYLg/AAAAAAAAAAI/AAAAAAAAAV8/RTukSYhljaQ/s256-c/photo.jpg","gaia_info_update_time":"13084136882185926","icon_version":3,"managed_user_id":"","managed_users":{},"migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Firstuser","password_manager_groups_for_domains":[0,null,null,null,null,null,4],"per_host_zoom_levels":{}},"protection":{"macs":{}},"reverse_autologin":{"enabled":false},"safebrowsing":{"extended_reporting_enabled":false},"savefile":{"default_directory":"C:\\Users\\mooke_000\\Pictures","type":1},"selectfile":{"last_directory":"C:\\Users\\mooke_000\\Pictures"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13046482681127931"},"sync":{"app_list":true,"app_settings":true,"apps":true,"autofill":true,"autofill_profile":true,"autofill_wallet":true,"bookmarks":true,"dictionary":false,"encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA3c20YGNsc0OIiLhFdncglAAAAAACAAAAAAAQZgAAAAEAACAAAACXWDDZBcM+eA+9P7B1N7al7F/V1Z9Jg3oO2m/usZpr4QAAAAAOgAAAAAIAACAAAABtuVcmP1Y9WtoUIc1l1WRhI6lMc/EFEil2hw77LJTlbEAAAADAb3umj9ZM7Ux+OBqDYDOtcf8xR7sq/0rMxL1x4KFUBbbT8uMJhnb/GTOdmTML986xXtvOmQMCXlGZv1rwVri7QAAAAENcSY2Cg9AkE8Sx/UNVdHgBDLUw2gKJgeATZSabWRD6mNuNoniwlQdEp/hN/FTcEgalCRnsz/EAAQWfSveYP/I=","extension_settings":true,"extensions":true,"favicon_images":true,"favicon_tracking":true,"first_sync_time":"13055118736362832","has_setup_completed":true,"history_delete_directives":true,"keep_everything_synced":false,"keystore_encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA3c20YGNsc0OIiLhFdncglAAAAAACAAAAAAAQZgAAAAEAACAAAABNihHORacbJ504tbQtQopqD+WLIXt9lc5vwdFr7w8BLgAAAAAOgAAAAAIAACAAAAA9lPQWe0t5g7t2JhbyRoOFmfylRC30usGuzi66W7duWlAAAACj/yFZFmAHazLdalM2L8ZNwkmIVrRngESxtVm9oieUQ0dftoDB2aUROzZNA1gZnpVzDcqLQ0Xs27DojW3jZI+e5c9/ho+MtM7YtMFHaMrQ2UAAAABrDffZGWplmjjd2zfnOzh3MA6htoMFwy3v2AePFzXXx8H6agIOZfgQIvxbk7jahTxIbIENIvSqIbR7u6v/gCIy","last_synced_time":"13084219126304698","managed_user_settings":true,"managed_user_shared_settings":true,"managed_user_whitelists":true,"managed_users":true,"memory_warning_count":0,"passwords":true,"preferences":false,"priority_preferences":false,"search_engines":false,"session_sync_guid":"session_syncJLfaPHsGBIo9FLR1s53yZw==","sessions":true,"shutdown_cleanly":false,"suppress_start":false,"synced_notifications":true,"tabs":true,"themes":true,"typed_urls":true},"sync_promo":{"startup_count":1},"synced_notification":{"first_run":false},"translate_accepted_count":{"de":0,"en":0,"pt":0},"translate_blocked_languages":["en"],"translate_denied_count":{"en":1,"pt":1},"translate_denied_count_for_language":{"de":2,"en":1},"translate_last_denied_time":1425932860295.626,"translate_last_denied_time_for_language":{"de":1439684030402.555,"en":1438018787678.093},"translate_too_often_denied":true,"translate_whitelists":{},"zerosuggest":{"cachedresults":""}}
 
C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Preferences
a.com,*":{"plugins":1},"[*.]solutions1.learn.hp.com,*":{"plugins":1},"[*.]trinityrivercorridor.com,*":{"plugins":1},"[*.]upload.wikimedia.org,*":{"plugins":1},"[*.]www.cvsphoto.com,*":{"plugins":1},"[*.]www.ers-srl.com,*":{"plugins":1},"[*.]www.impactwrestling.com,*":{"fullscreen":1},"[*.]www.java.com,*":{"plugins":1},"[*.]www.myfoxdfw.com,*":{"plugins":1},"[*.]www.scholastic.com,*":{"plugins":1},"[*.]www.youtube.com,*":{"fullscreen":1},"http://192.168.1.85:8080,*":{"plugins":1},"http://maps.google.com:80,http://maps.google.com:80":{"geolocation":1},"http://touch.facebook.com:80,http://touch.facebook.com:80":{"geolocation":1},"http://www.greatclips.com:80,http://www.greatclips.com:80":{"geolocation":1},"http://www.wunderground.com:80,http://www.wunderground.com:80":{"geolocation":1},"http://www.zoomzoomzen.com:80,http://www.zoomzoomzen.com:80":{"geolocation":1},"https://[*.]download.citrixonline.com:443,*":{"plugins":1},"https://[*.]eft1.feps.cms.gov:443,*":{"plugins":1},"https://[*.]mail.google.com:443,*":{"popups":1},"https://[*.]plus.google.com:443,*":{"fullscreen":1},"https://[*.]qbo.intuit.com:443,*":{"popups":1},"https://[*.]us-mg205.mail.yahoo.com:443,*":{"multiple-automatic-downloads":1},"https://[*.]www.facebook.com:443,*":{"fullscreen":1},"https://app.mysms.com:443,*":{"notifications":1},"https://foursquare.com:443,https://foursquare.com:443":{"geolocation":1},"https://maps.google.com:443,https://maps.google.com:443":{"geolocation":1},"https://plus.google.com:443,https://plus.google.com:443":{"geolocation":1},"https://www.google.com:443,*":{"media-stream-mic":1}},"plugin_whitelist":{"npsitesafety":{"dll":true}},"pref_version":1},"created_by_version":"35.0.1916.114","default_content_setting_values":{"plugins":3},"default_content_settings":{"plugins":3},"exit_type":"Crashed","exited_cleanly":true,"gaia_info_update_time":"13084233681968367","icon_version":3,"is_managed":false,"managed_user_id":"","managed_users":{},"migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Firstuser","password_manager_groups_for_domains":[1],"per_host_zoom_levels":{}},"protection":{"macs":{}},"reverse_autologin":{"enabled":false},"savefile":{"default_directory":"C:\\Users\\Web\\Desktop"},"selectfile":{"last_directory":"C:\\Users\\Web\\Google Drive\\TQF\\Quickbooks\\Invoices"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13046643098031463"},"settings":{"privacy":{"drm_salt":"59D990A4BCF6D7DA80F0CE8659C908FC2FA5F4DE5A020533B694B6C1AAE84E44"}},"signin":{"signedin_time":"13064261698391182"},"sync":{"app_list":true,"app_settings":true,"apps":true,"autofill":true,"autofill_profile":true,"bookmarks":true,"dictionary":true,"encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAABysDQll0iEqH4Npf5cRrEwAAAAACAAAAAAAQZgAAAAEAACAAAAC7P9C05ipXTOzF0l4BjbyY/Ou+t3xd+MW8UJa3TaLU9gAAAAAOgAAAAAIAACAAAACBXditQkETqm6P+Nr7VpGS/WDlqtLRirKMehnoAMeBUkAAAABkKc1TGWikSPgQaBuy0LhefntKyg7j88fyOXLTugXGdbTeAp4cXzoKNi0BORaRe8kgKORe7mUa19RLcdepVn5vQAAAAFLuwP++8xk2K21Iq9GGF9W0HMVmSsAQfIEC5xeCpG1adaIH2GEK4YXVnyKN7xf/DRTHDQvytIhh7jG5snxzSaM=","extension_settings":true,"extensions":true,"favicon_images":true,"favicon_tracking":true,"first_sync_time":"13054232150315396","has_auth_error":true,"has_setup_completed":true,"history_delete_directives":true,"keystore_encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAABysDQll0iEqH4Npf5cRrEwAAAAACAAAAAAAQZgAAAAEAACAAAADabq7neynTCsZSn2NcWnNZ2SiNs1cdZ5fH16xV5JuVdQAAAAAOgAAAAAIAACAAAACK/KfwkrmTwJaHOt81rnX5WIz+9eX0cTcvAXKKGiWQtlAAAAALJILtIyo3gY/C9xlIauvuEtBrhjngB4+DJoBKNfWG3NLjbXEWYfm9YFADQnraWxrgpl52a6mWaoesox1FyrLiZB9guUGzeKIPPH8nBoY6uUAAAAC80pZOS4wt7GHJTqpvmMl84Bxp6QHQjHJ0oHgPPYAzm0TA59TUhfsiOHEdTwNzUZKEDL06TvfwuvzbVjNhk35c","last_synced_time":"13084234442806872","managed_user_settings":true,"managed_user_shared_settings":true,"managed_user_whitelists":true,"managed_users":true,"memory_warning_count":0,"passwords":true,"preferences":true,"priority_preferences":true,"search_engines":true,"session_sync_guid":"session_sync3Hda8RkRlmSyGv3B4D4+Uw==","sessions":true,"shutdown_cleanly":false,"suppress_start":false,"synced_notifications":true,"tabs":true,"themes":true,"typed_urls":true},"sync_promo":{"startup_count":1},"synced_notification":{"first_run":false},"translate_accepted_count":{"ar":0,"de":0,"es":0,"fr":0,"ga":0,"it":0,"ja":0,"zh-CN":1},"translate_blocked_languages":["en"],"translate_denied_count":{"ar":1,"de":6,"es":1,"fr":1,"ga":1,"it":1,"ja":1,"zh-CN":0},"translate_whitelists":{}}
 
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{D944BB61-2E34-4DBF-A683-47E505C587DC} eBay  Url="http://rover.ebay.com/rover/1/711-154371-11896-2/4"
 
==== Empty IE Cache ======================
 
C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\aklyk_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\aklyk_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\halca_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\halca_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\mooke_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\mooke_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\pauli_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\pauli_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\Web\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Web\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\aklyk_000\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\aklyk_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Users\halca_000\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\halca_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Users\mooke_000\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\mooke_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Users\pauli_000\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\pauli_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Users\Web\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Web\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\aklyk_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\halca_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\mooke_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\pauli_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
No Java Cache Found
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=49 folders=36 20196232 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\aklyk_000\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\halca_000\AppData\Local\Temp emptied successfully
C:\Users\mooke_000\AppData\Local\Temp emptied successfully
C:\Users\pauli_000\AppData\Local\Temp emptied successfully
C:\Users\Web\AppData\Local\Temp will be emptied at reboot
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\windows\Temp successfully emptied
C:\Users\Web\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on Sun 08/16/2015 at 16:59:09.69 ======================
Link to post
Share on other sites

Malwarebytes scan came back clean but as soon as I opened Chrome the advertising sidebar was still there. Although once I closed it it has not come back (yet). 

 

I did not reboot after the Malwarebytes scan.  Should I have?

 

FRST.txt below and addition.txt in next comment. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-08-2015
Ran by Web (administrator) on JEFFERSON (16-08-2015 17:31:21)
Running from C:\Users\Web\Desktop
Loaded Profiles: Web (Available Profiles: Web & pauli_000 & mooke_000 & halca_000 & aklyk_000)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\backgroundTaskHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [simplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2793016 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [154680 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [154680 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7205592 2014-06-10] (Realtek Semiconductor)
HKLM-x32\...\Run: [intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-02-27] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [startCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\Run: [GoogleChromeAutoLaunch_E2EFA8B57D860A85EE2AA41549A6F263] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-08-07] (Google Inc.)
HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22344224 2015-07-29] (Google)
HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\Run: [GoogleChromeAutoLaunch_E79404C9801F5F746CB0082314E75BDB] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-08-07] (Google Inc.)
HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\Run: [spotify] => C:\Users\Web\AppData\Roaming\Spotify\Spotify.exe [6621752 2014-08-29] (Spotify Ltd)
HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\Run: [spotify Web Helper] => C:\Users\Web\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-29] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2014-06-08]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2014-06-08]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2014-06-08]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-21-2744511804-60897879-1795108344-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKU\S-1-5-21-2744511804-60897879-1795108344-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2744511804-60897879-1795108344-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2744511804-60897879-1795108344-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-08-16] (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-16] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll [2014-12-10] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\windows\SysWOW64\mscoree.dll [2013-08-21] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{A3F2874C-718F-4260-98B6-DBD6F96607DF}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{AE402C42-EB0A-4278-A550-50AC5749342A}: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-16] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-07]
CHR Extension: (Google Drive) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-07]
CHR Extension: (YouTube) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-07]
CHR Extension: (Google Cast) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-01-01]
CHR Extension: (Google Search) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-07]
CHR Extension: (User-Agent Switcher for Chrome) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2014-06-07]
CHR Extension: (Google News) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2014-06-07]
CHR Extension: (Google+) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2014-06-07]
CHR Extension: (Google Play Music) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2014-08-02]
CHR Extension: (Google +1 Button) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp [2014-06-07]
CHR Extension: (Google Voice (by Google)) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2014-06-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]
CHR Extension: (Boomerang for Gmail) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2014-06-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-07]
CHR Extension: (Gmail) - C:\Users\Web\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-07]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-09-05] () [File not signed]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-05] (Softex Inc.) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2007048 2015-07-28] (Electronic Arts)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-12-10] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2013-10-10] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-10-10] (Intuit Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2014-06-10] (Realtek Semiconductor)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-24] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.)
S3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-06-10] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-16 16:52 - 2015-08-16 16:24 - 00024064 _____ C:\windows\zoek-delete.exe
2015-08-16 16:35 - 2015-08-16 16:35 - 00000000 ____D C:\Users\Web\AppData\Local\VirtualStore
2015-08-16 16:27 - 2015-08-16 16:06 - 00047805 _____ C:\zoek-results2015-08-16-210618.log
2015-08-16 16:19 - 2015-08-16 16:19 - 00002830 _____ C:\AdwCleaner[C2].txt
2015-08-16 16:15 - 2015-08-16 16:17 - 00002580 _____ C:\AdwCleaner[s2].txt
2015-08-16 16:11 - 2015-08-16 16:11 - 00007930 _____ C:\Users\Web\Downloads\fixlist (1).txt
2015-08-16 15:34 - 2015-08-16 16:59 - 00033304 _____ C:\zoek-results.log
2015-08-16 15:29 - 2015-08-16 15:57 - 00000000 ____D C:\zoek_backup
2015-08-16 15:29 - 2015-08-16 15:29 - 01308672 _____ C:\Users\Web\Desktop\zoek.exe
2015-08-16 15:27 - 2015-08-16 16:52 - 00000344 _____ C:\windows\Tasks\HPCeeScheduleForWeb.job
2015-08-16 15:27 - 2015-08-16 16:29 - 00003154 _____ C:\windows\System32\Tasks\HPCeeScheduleForWeb
2015-08-16 15:09 - 2015-08-16 15:11 - 00018555 _____ C:\AdwCleaner[C1].txt
2015-08-16 15:05 - 2015-08-16 15:09 - 00000000 ____D C:\AdwCleaner
2015-08-16 15:05 - 2015-08-16 15:07 - 00017836 _____ C:\AdwCleaner[s1].txt
2015-08-16 15:03 - 2015-08-16 15:03 - 01563648 _____ C:\Users\Web\Downloads\AdwCleaner.exe
2015-08-16 13:08 - 2015-08-16 13:09 - 00057112 _____ C:\Users\Web\Desktop\Addition.txt
2015-08-16 13:06 - 2015-08-16 17:32 - 00018550 _____ C:\Users\Web\Desktop\FRST.txt
2015-08-16 13:05 - 2015-08-16 13:05 - 02173440 _____ (Farbar) C:\Users\Web\Desktop\FRST64.exe
2015-08-16 12:52 - 2015-08-16 17:31 - 00000000 ____D C:\FRST
2015-08-16 12:44 - 2015-08-16 12:44 - 00000000 ____D C:\ProgramData\Sun
2015-08-16 12:44 - 2015-08-16 12:43 - 00110688 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2015-08-16 12:43 - 2015-08-16 12:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-16 12:42 - 2015-08-16 12:42 - 00000000 ____D C:\ProgramData\Oracle
2015-08-16 12:42 - 2015-08-16 12:42 - 00000000 ____D C:\Program Files\Java
2015-08-16 12:35 - 2015-08-16 12:35 - 00000272 ____H C:\windows\Tasks\User_Feed_Synchronization-{C5F881FB-A495-42CB-A304-59516024C554}.job
2015-08-16 12:33 - 2015-08-16 12:33 - 00000272 ____H C:\windows\Tasks\User_Feed_Synchronization-{04B9E90F-251F-4172-81A6-1ACCE334504E}.job
2015-08-15 10:19 - 2015-08-15 10:19 - 694094341 _____ C:\windows\MEMORY.DMP
2015-08-15 10:19 - 2015-08-15 10:19 - 00281296 _____ C:\windows\Minidump\081515-39234-01.dmp
2015-08-15 10:19 - 2015-08-15 10:19 - 00000000 ____D C:\windows\Minidump
2015-08-15 10:10 - 2015-08-15 10:10 - 00000000 _____ C:\windows\SysWOW64\Number of results
2015-08-15 08:40 - 2015-08-15 10:21 - 00000010 _____ C:\Users\Public\Documents\test.txt
2015-08-15 05:32 - 2015-08-15 05:32 - 00942955 _____ C:\Users\pauli_000\Downloads\Setup (3).zip
2015-08-15 03:47 - 2015-08-15 03:47 - 00555288 _____ C:\Users\pauli_000\Downloads\Unconfirmed 588830.crdownload
2015-08-15 03:11 - 2015-08-15 03:11 - 00943043 _____ C:\Users\pauli_000\Downloads\Setup (2).zip
2015-08-15 03:11 - 2015-08-15 03:11 - 00446708 _____ C:\Users\pauli_000\Downloads\Setup (1).zip
2015-08-15 02:02 - 2015-08-15 02:02 - 00555288 _____ C:\Users\pauli_000\Downloads\Unconfirmed 126890.crdownload
2015-08-14 23:16 - 2015-08-14 23:17 - 00513920 _____ C:\Users\pauli_000\Downloads\Unconfirmed 693194.crdownload
2015-08-14 22:15 - 2015-08-14 22:15 - 00340180 _____ C:\Users\pauli_000\Downloads\setup.zip
2015-08-14 09:35 - 2015-08-14 09:35 - 00001055 _____ C:\Users\Web\Desktop\malwarebytes_20150814.txt
2015-08-14 08:12 - 2015-08-16 16:04 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-08-14 08:12 - 2015-08-14 08:12 - 00000033 _____ C:\CLMediaServer.ini
2015-08-14 06:45 - 2015-08-14 06:45 - 00003258 _____ C:\windows\System32\Tasks\runTask
2015-08-14 06:45 - 2015-08-14 06:45 - 00003162 _____ C:\windows\System32\Tasks\updateTask
2015-08-14 06:44 - 2015-08-14 06:44 - 00000000 ____D C:\Users\pauli_000\AppData\Roaming\Mozilla
2015-08-14 06:44 - 2015-08-14 06:44 - 00000000 ____D C:\Program Files (x86)\TechVedic
2015-08-14 06:43 - 2015-08-14 06:43 - 00000000 ____D C:\windows\system32\upo
2015-08-14 06:41 - 2015-08-14 07:41 - 00000004 _____ C:\windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-08-13 20:32 - 2013-08-22 08:25 - 00000824 _____ C:\windows\system32\Drivers\etc\hp.bak
2015-08-13 20:30 - 2015-08-13 20:30 - 00001335 _____ C:\Users\mooke_000\AppData\Local\Chrome .lnk
2015-08-13 20:30 - 2015-08-13 20:30 - 00000298 _____ C:\Users\mooke_000\AppData\Local\Firefox .lnk
2015-08-13 20:29 - 2015-08-16 15:10 - 00001205 _____ C:\Users\mooke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome .lnk
2015-08-13 20:29 - 2015-08-16 15:10 - 00000854 _____ C:\Users\mooke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Iexplore .lnk
2015-08-13 20:29 - 2015-08-16 15:10 - 00000144 _____ C:\Users\mooke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefox .lnk
2015-08-13 20:29 - 2015-08-13 20:29 - 00000984 _____ C:\Users\mooke_000\AppData\Local\Iexplore .lnk
2015-08-13 20:28 - 2015-08-13 20:28 - 00000000 _____ C:\windows\SysWOW64\minibrowser.log
2015-08-13 20:21 - 2015-08-13 20:21 - 00001249 _____ C:\Users\pauli_000\Desktop\Continue installation .lnk
2015-08-13 19:05 - 2015-08-13 19:05 - 00000000 ____D C:\Users\mooke_000\Downloads\Trove Hack Tool Downloader__3687_i1580706326.exe
2015-08-13 19:01 - 2015-08-13 19:01 - 00540750 _____ C:\Users\mooke_000\Downloads\Trove Hack Tool Downloader__3687_i1580706326.exe.rar
2015-08-13 03:44 - 2015-07-30 09:04 - 00124624 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 03:44 - 2015-07-30 08:48 - 00103120 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 20:35 - 2015-08-12 20:36 - 00000000 ____D C:\Users\mooke_000\AppData\Roaming\Trove
2015-08-12 19:58 - 2015-08-12 19:58 - 00000222 _____ C:\Users\mooke_000\Desktop\Trove.url
2015-08-12 19:14 - 2015-08-12 19:14 - 00000000 ____D C:\Users\mooke_000\AppData\Roaming\com.freakinware.mitosis
2015-08-12 19:05 - 2015-08-12 19:05 - 00000222 _____ C:\Users\mooke_000\Desktop\Mitos.is The Game.url
2015-08-12 18:42 - 2015-08-12 18:42 - 00000222 _____ C:\Users\mooke_000\Desktop\Spooky's House of Jump Scares.url
2015-08-12 16:05 - 2015-08-12 16:05 - 00000222 _____ C:\Users\mooke_000\Desktop\Time Clickers.url
2015-08-12 04:06 - 2015-07-28 18:24 - 00025776 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2015-08-12 04:06 - 2015-07-28 09:24 - 01148416 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-08-12 04:06 - 2015-07-28 09:24 - 01116160 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-08-12 04:06 - 2015-07-28 09:24 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-08-12 04:06 - 2015-07-28 09:24 - 00743424 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-08-12 04:06 - 2015-07-28 09:24 - 00437248 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-08-12 04:06 - 2015-07-28 09:24 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-08-12 04:06 - 2015-07-18 20:58 - 00136904 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-08-12 04:06 - 2015-07-18 13:51 - 03704320 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-08-12 04:06 - 2015-07-18 13:31 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-08-12 04:06 - 2015-07-18 13:31 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-08-12 04:06 - 2015-07-18 13:31 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-08-12 04:06 - 2015-07-18 13:29 - 00409088 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2015-08-12 04:06 - 2015-07-18 13:29 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-08-12 04:06 - 2015-07-18 13:28 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-08-12 04:06 - 2015-07-18 13:12 - 02228736 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-08-12 04:06 - 2015-07-18 13:10 - 00891904 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-08-12 04:06 - 2015-07-18 13:09 - 00721920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-08-12 04:06 - 2015-07-15 19:29 - 07458648 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-08-12 04:06 - 2015-07-15 19:29 - 01735000 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-08-12 04:06 - 2015-07-15 19:29 - 00101720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-08-12 04:06 - 2015-07-15 19:28 - 01499920 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-08-12 04:06 - 2015-07-10 12:54 - 01217024 _____ (Microsoft Corporation) C:\windows\system32\sysmain.dll
2015-08-12 04:06 - 2015-07-01 17:19 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2015-08-12 04:06 - 2015-07-01 17:16 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2015-08-12 04:06 - 2015-07-01 16:37 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2015-08-12 04:06 - 2015-07-01 16:35 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2015-08-12 04:05 - 2015-07-18 13:29 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-08-12 04:05 - 2015-06-09 13:27 - 00411133 _____ C:\windows\system32\ApnDatabase.xml
2015-08-12 04:04 - 2015-07-16 16:14 - 25192448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-08-12 04:04 - 2015-07-16 15:36 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-08-12 04:04 - 2015-07-16 15:36 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-08-12 04:04 - 2015-07-16 15:35 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-08-12 04:04 - 2015-07-16 15:26 - 05923328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-08-12 04:04 - 2015-07-16 15:23 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-08-12 04:04 - 2015-07-16 15:21 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-08-12 04:04 - 2015-07-16 15:20 - 19870208 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-08-12 04:04 - 2015-07-16 14:53 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2015-08-12 04:04 - 2015-07-16 14:51 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-08-12 04:04 - 2015-07-16 14:50 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-08-12 04:04 - 2015-07-16 14:45 - 02279424 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-08-12 04:04 - 2015-07-16 14:45 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-08-12 04:04 - 2015-07-16 14:41 - 00479232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-08-12 04:04 - 2015-07-16 14:39 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-08-12 04:04 - 2015-07-16 14:38 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-08-12 04:04 - 2015-07-16 14:36 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-08-12 04:04 - 2015-07-16 14:34 - 14451200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-08-12 04:04 - 2015-07-16 14:32 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-08-12 04:04 - 2015-07-16 14:14 - 02880000 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2015-08-12 04:04 - 2015-07-16 14:13 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-08-12 04:04 - 2015-07-16 14:12 - 04520448 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-08-12 04:04 - 2015-07-16 14:12 - 02427904 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-08-12 04:04 - 2015-07-16 14:10 - 12856832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-08-12 04:04 - 2015-07-16 14:06 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-08-12 04:04 - 2015-07-16 14:01 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-08-12 04:04 - 2015-07-16 13:52 - 01048576 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2015-08-12 04:04 - 2015-07-16 13:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-08-12 04:04 - 2015-07-16 13:42 - 01951232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-08-12 04:04 - 2015-07-16 13:38 - 01310720 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-08-12 04:04 - 2015-07-16 13:37 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-08-12 04:03 - 2015-07-07 04:40 - 00270168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
2015-08-12 04:03 - 2015-07-07 04:40 - 00114520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdNisDrv.sys
2015-08-12 04:03 - 2015-07-07 04:40 - 00044560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
2015-08-12 04:03 - 2015-06-12 12:03 - 18823680 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll
2015-08-12 04:03 - 2015-06-12 11:36 - 15159296 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll
2015-08-12 04:01 - 2015-07-29 09:37 - 01994752 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-08-12 04:01 - 2015-07-29 09:30 - 01381888 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-08-12 04:01 - 2015-07-29 09:23 - 01559552 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-08-12 04:01 - 2015-07-24 13:57 - 04177408 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-08-12 04:01 - 2015-07-24 13:57 - 00358912 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-08-12 04:01 - 2015-07-24 13:52 - 00044032 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-08-12 04:01 - 2015-07-24 12:27 - 00301568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-08-12 04:01 - 2015-07-24 12:23 - 00035840 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-08-12 04:01 - 2015-07-14 16:59 - 01113944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2015-08-12 04:01 - 2015-07-14 16:59 - 00487256 _____ (Microsoft Corporation) C:\windows\system32\netcfgx.dll
2015-08-12 04:01 - 2015-07-14 16:59 - 00393560 _____ (Microsoft Corporation) C:\windows\SysWOW64\netcfgx.dll
2015-08-12 04:01 - 2015-07-13 22:22 - 02529880 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2015-08-12 04:01 - 2015-07-13 22:21 - 01901776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2015-08-12 04:01 - 2015-07-13 14:46 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-08-12 04:01 - 2015-07-13 14:45 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\basesrv.dll
2015-08-12 04:01 - 2015-07-10 13:19 - 01101824 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2015-08-12 04:01 - 2015-07-10 12:42 - 02345472 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-08-12 04:01 - 2015-07-10 12:14 - 00856064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2015-08-12 04:01 - 2015-07-10 12:13 - 07032320 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-08-12 04:01 - 2015-07-10 11:47 - 01556992 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-08-12 04:01 - 2015-07-10 11:31 - 06213120 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-08-12 04:01 - 2015-07-09 12:13 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\notepad.exe
2015-08-12 04:01 - 2015-07-09 12:13 - 00221184 _____ (Microsoft Corporation) C:\windows\notepad.exe
2015-08-12 04:01 - 2015-07-09 11:30 - 00212992 _____ (Microsoft Corporation) C:\windows\SysWOW64\notepad.exe
2015-08-12 04:01 - 2015-06-11 15:12 - 02476376 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2015-08-12 04:01 - 2015-06-11 15:12 - 00428888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2015-08-12 04:01 - 2015-05-11 19:24 - 00536920 _____ (Microsoft Corporation) C:\windows\system32\mcupdate_GenuineIntel.dll
2015-08-09 14:43 - 2015-08-09 14:43 - 00000742 _____ C:\Users\mooke_000\Documents\Desktop - Shortcut.lnk
2015-08-09 13:45 - 2015-08-07 07:59 - 03930112 _____ (ProjectPokémon) C:\Users\mooke_000\Desktop\PKHeX.exe
2015-08-09 13:42 - 2015-08-09 13:43 - 01982114 _____ C:\Users\mooke_000\Downloads\PKHeX (08-08-15).zip
2015-07-29 11:07 - 2015-07-29 11:07 - 00000000 ____D C:\Users\mooke_000\Downloads\powersaves3ds-software-129
2015-07-29 11:07 - 2015-07-27 12:30 - 04065363 _____ (Datel Design & Development ) C:\Users\mooke_000\Desktop\powersaves_setup_v1.29.exe
2015-07-29 11:04 - 2015-07-29 11:04 - 04034094 _____ C:\Users\mooke_000\Downloads\powersaves3ds-software-129.zip
2015-07-26 20:29 - 2015-07-26 20:29 - 00986311 _____ C:\Users\mooke_000\Downloads\RebirthCCLauncher.zip
2015-07-24 16:52 - 2015-07-24 16:52 - 00969584 _____ (ROBLOX Corporation) C:\Users\mooke_000\Downloads\RobloxPlayerLauncher (1).exe
2015-07-22 18:46 - 2015-07-22 18:46 - 00000000 ____D C:\Users\mooke_000\AppData\Local\CEF
2015-07-20 16:58 - 2015-07-20 17:00 - 115236013 _____ C:\Users\mooke_000\Downloads\JSTR_Universal_1.7.x.zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-16 17:31 - 2014-06-04 17:07 - 01053852 _____ C:\windows\WindowsUpdate.log
2015-08-16 17:30 - 2014-06-04 17:16 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2744511804-60897879-1795108344-1001
2015-08-16 17:15 - 2013-08-22 10:36 - 00000000 ____D C:\windows\AppReadiness
2015-08-16 17:14 - 2014-06-05 17:36 - 00000926 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-16 17:02 - 2013-08-22 10:36 - 00000000 ____D C:\windows\system32\sru
2015-08-16 16:59 - 2014-10-10 14:19 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-16 16:59 - 2014-06-05 17:36 - 00000922 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-16 16:59 - 2014-06-04 17:14 - 00000000 __RDO C:\Users\Web\SkyDrive
2015-08-16 16:59 - 2013-08-24 16:38 - 00891920 _____ C:\windows\system32\PerfStringBackup.INI
2015-08-16 16:52 - 2013-08-24 16:32 - 00297358 _____ C:\windows\PFRO.log
2015-08-16 16:52 - 2013-08-22 09:46 - 00026904 _____ C:\windows\setupact.log
2015-08-16 16:52 - 2013-08-22 09:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-08-16 16:52 - 2013-08-22 08:25 - 01048576 ___SH C:\windows\system32\config\BBI
2015-08-16 15:55 - 2013-08-22 10:36 - 00000000 ___HD C:\windows\system32\GroupPolicy
2015-08-16 15:55 - 2013-08-22 10:36 - 00000000 ____D C:\windows\SysWOW64\GroupPolicy
2015-08-16 15:26 - 2014-06-08 07:04 - 00003922 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{97BF5AF6-D346-4412-B19A-879C9F6FBBA8}
2015-08-16 15:10 - 2014-06-05 17:57 - 00001313 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-16 15:10 - 2014-06-05 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-16 15:10 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Common Files\System
2015-08-16 12:35 - 2014-06-29 07:08 - 00000000 ____D C:\EDS
2015-08-16 12:18 - 2014-06-27 15:25 - 00000000 ____D C:\Program Files (x86)\Steam
2015-08-16 12:02 - 2014-12-29 17:02 - 00000000 ____D C:\Users\mooke_000\AppData\Roaming\Skype
2015-08-16 10:00 - 2014-06-05 17:19 - 00000000 __RDO C:\Users\mooke_000\SkyDrive
2015-08-16 09:07 - 2015-03-05 16:27 - 00000000 ____D C:\ProgramData\Origin
2015-08-16 07:04 - 2014-06-05 17:30 - 00000000 ____D C:\Users\mooke_000\AppData\Roaming\.minecraft
2015-08-15 21:39 - 2014-09-01 08:44 - 00000000 ___RD C:\Users\pauli_000\Google Drive
2015-08-15 21:38 - 2014-06-04 21:41 - 00000000 __RDO C:\Users\pauli_000\SkyDrive
2015-08-15 15:05 - 2014-05-29 19:42 - 00065536 _____ C:\windows\system32\spu_storage.bin
2015-08-15 11:29 - 2013-08-22 08:25 - 00000301 _____ C:\windows\win.ini
2015-08-15 11:27 - 2015-04-10 19:27 - 00000000 ____D C:\Program Files (x86)\360
2015-08-15 10:27 - 2014-06-05 17:04 - 00000000 ____D C:\Users\mooke_000
2015-08-15 10:22 - 2014-06-04 18:06 - 00000000 ____D C:\Users\pauli_000
2015-08-14 09:30 - 2015-01-31 12:08 - 00035328 ___SH C:\Users\mooke_000\Desktop\Thumbs.db
2015-08-14 08:11 - 2013-08-22 09:45 - 00000000 ____D C:\windows\Setup
2015-08-14 08:08 - 2014-06-04 21:45 - 00003594 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2744511804-60897879-1795108344-1004
2015-08-14 07:00 - 2014-10-10 14:19 - 00001121 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-14 07:00 - 2014-10-10 14:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-14 07:00 - 2014-10-10 14:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-14 06:50 - 2015-03-05 19:35 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-08-14 06:43 - 2015-03-11 12:13 - 00657920 _____ (Microsoft Corporation) C:\windows\system32\dnsapi.dll
2015-08-14 06:43 - 2015-03-11 12:12 - 00498688 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnsapi.dll
2015-08-14 06:42 - 2014-06-04 18:06 - 00003946 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{CCDD9EF7-4E0A-476E-96E0-B7B28717D32C}
2015-08-14 06:37 - 2015-06-28 18:12 - 00000998 _____ C:\Users\Public\Desktop\Minecraft.lnk
2015-08-14 06:37 - 2015-04-12 19:54 - 00000605 _____ C:\Users\Public\Desktop\Fraps.lnk
2015-08-14 06:37 - 2015-04-10 19:06 - 00001122 _____ C:\Users\pauli_000\Desktop\Cheat Engine.lnk
2015-08-14 06:37 - 2015-03-08 16:36 - 00000955 _____ C:\Users\mooke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mine-imator.lnk
2015-08-14 06:37 - 2015-03-05 21:17 - 00001368 _____ C:\Users\Public\Desktop\PVZ Garden Warfare.lnk
2015-08-14 06:37 - 2015-03-05 19:35 - 00002064 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-08-14 06:37 - 2015-03-05 16:27 - 00001016 _____ C:\Users\Public\Desktop\Origin.lnk
2015-08-14 06:37 - 2015-01-31 12:08 - 00001255 _____ C:\Users\mooke_000\Desktop\TechnicLauncher - Shortcut.lnk
2015-08-14 06:37 - 2015-01-19 08:48 - 00001521 _____ C:\Users\pauli_000\Desktop\ROBLOX Player.lnk
2015-08-14 06:37 - 2015-01-19 08:48 - 00001336 _____ C:\Users\pauli_000\Desktop\ROBLOX Studio.lnk
2015-08-14 06:37 - 2014-12-24 15:50 - 00001521 _____ C:\Users\mooke_000\Desktop\ROBLOX Player.lnk
2015-08-14 06:37 - 2014-12-24 15:49 - 00001336 _____ C:\Users\mooke_000\Desktop\ROBLOX Studio.lnk
2015-08-14 06:37 - 2014-12-22 11:32 - 00002731 _____ C:\Users\Public\Desktop\Skype.lnk
2015-08-14 06:37 - 2014-09-01 08:44 - 00001848 _____ C:\Users\pauli_000\Desktop\Google Drive.lnk
2015-08-14 06:37 - 2014-08-29 21:16 - 00001962 _____ C:\Users\Web\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-08-14 06:37 - 2014-08-29 21:16 - 00001956 _____ C:\Users\Web\Desktop\Spotify.lnk
2015-08-14 06:37 - 2014-08-02 10:19 - 00001163 _____ C:\Users\Public\Desktop\iRepo.lnk
2015-08-14 06:37 - 2014-08-02 10:03 - 00003145 _____ C:\Users\Public\Desktop\Music Rescue.lnk
2015-08-14 06:37 - 2014-08-02 09:53 - 00003069 _____ C:\Users\Web\Desktop\TouchCopy 12.lnk
2015-08-14 06:37 - 2014-08-02 09:48 - 00001044 _____ C:\Users\Public\Desktop\Sharepod.lnk
2015-08-14 06:37 - 2014-06-27 15:25 - 00001000 _____ C:\Users\Public\Desktop\Steam.lnk
2015-08-14 06:37 - 2014-06-18 09:09 - 00001820 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-08-14 06:37 - 2014-06-13 18:14 - 00002258 _____ C:\Users\pauli_000\Desktop\HP Support Assistant.lnk
2015-08-14 06:37 - 2014-06-11 19:44 - 00002655 _____ C:\Users\Web\Desktop\Microsoft Office Word 2007.lnk
2015-08-14 06:37 - 2014-06-11 19:44 - 00002655 _____ C:\Users\Web\Desktop\Microsoft Office Excel 2007.lnk
2015-08-14 06:37 - 2014-06-11 16:14 - 00002655 _____ C:\Users\pauli_000\Desktop\Microsoft Office Word 2007.lnk
2015-08-14 06:37 - 2014-06-11 16:14 - 00002655 _____ C:\Users\pauli_000\Desktop\Microsoft Office Excel 2007.lnk
2015-08-14 06:37 - 2014-06-08 15:49 - 00002152 _____ C:\Users\Public\Desktop\QuickBooks Pro 2014.lnk
2015-08-14 06:37 - 2014-06-07 18:55 - 00001842 _____ C:\Users\Web\Desktop\Google Drive.lnk
2015-08-14 06:37 - 2014-06-07 14:44 - 00002083 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-08-14 06:37 - 2014-06-07 14:44 - 00002081 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-08-14 06:37 - 2014-06-07 14:44 - 00002071 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-08-14 06:37 - 2014-06-05 17:29 - 00001077 _____ C:\Users\mooke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft.lnk
2015-08-14 06:37 - 2014-06-04 21:53 - 00001819 _____ C:\Users\Public\Desktop\Vuze.lnk
2015-08-14 06:37 - 2014-06-04 18:06 - 00001443 _____ C:\Users\pauli_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-14 06:37 - 2014-06-04 17:10 - 00001443 _____ C:\Users\Web\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-14 06:37 - 2014-05-29 20:41 - 00001332 _____ C:\Users\Public\Desktop\HP Smart Friend.lnk
2015-08-14 06:36 - 2015-01-18 14:11 - 00001336 _____ C:\Users\halca_000\Desktop\ROBLOX Studio.lnk
2015-08-14 06:36 - 2015-01-16 16:09 - 00001348 _____ C:\Users\halca_000\Desktop\Continue Five Nights at Freddy's Installation.lnk
2015-08-14 06:36 - 2014-12-31 17:27 - 00001298 _____ C:\Users\halca_000\Desktop\Continue File Opener Installation.lnk
2015-08-14 06:36 - 2014-10-12 15:04 - 00001521 _____ C:\Users\halca_000\Desktop\ROBLOX Player.lnk
2015-08-14 06:36 - 2014-08-25 16:55 - 00001318 _____ C:\Users\halca_000\Desktop\Continue Free Download Installation.lnk
2015-08-14 06:36 - 2014-08-24 10:40 - 00002448 _____ C:\Users\halca_000\Desktop\Free Music.lnk
2015-08-14 06:36 - 2014-06-29 07:08 - 00001443 _____ C:\Users\aklyk_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-14 06:36 - 2014-06-29 07:08 - 00000551 _____ C:\Users\aklyk_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-08-14 06:36 - 2014-06-29 07:08 - 00000549 _____ C:\Users\aklyk_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-08-14 06:36 - 2014-06-16 16:25 - 00001735 _____ C:\Users\halca_000\Desktop\Pokémon Trading Card Game Online.lnk
2015-08-14 06:36 - 2014-06-08 02:03 - 00000551 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-08-14 06:36 - 2014-06-08 02:03 - 00000551 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-08-14 06:36 - 2014-06-08 02:03 - 00000549 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-08-14 06:36 - 2014-06-08 02:03 - 00000549 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-08-14 06:36 - 2014-06-05 18:34 - 00001443 _____ C:\Users\halca_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-13 20:40 - 2015-06-25 14:21 - 00000368 _____ C:\windows\Tasks\HPCeeScheduleForpauli_000.job
2015-08-13 20:40 - 2013-08-22 09:44 - 00441296 _____ C:\windows\system32\FNTCACHE.DAT
2015-08-13 20:38 - 2014-08-03 12:38 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-13 20:38 - 2014-08-03 12:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-13 20:35 - 2014-12-12 08:32 - 00000000 ____D C:\windows\system32\appraiser
2015-08-13 20:35 - 2014-07-16 17:12 - 00000000 ___SD C:\windows\system32\CompatTel
2015-08-13 20:35 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-13 20:35 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-13 20:35 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-13 20:35 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-13 20:35 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-13 20:35 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-13 20:33 - 2014-06-05 17:21 - 00003594 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2744511804-60897879-1795108344-1005
2015-08-13 20:16 - 2014-06-07 14:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-08-13 17:27 - 2014-06-05 17:05 - 00003946 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{E1291903-9E5D-49F7-9CC8-108CE3F4EC8A}
2015-08-13 14:45 - 2014-06-05 14:46 - 00000052 _____ C:\windows\SysWOW64\DOErrors.log
2015-08-13 14:41 - 2014-12-24 15:49 - 00000000 ____D C:\Users\mooke_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2015-08-13 03:45 - 2014-06-11 08:45 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-13 03:45 - 2013-08-22 10:20 - 00000000 ____D C:\windows\CbsTemp
2015-08-13 03:43 - 2014-08-03 12:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-13 03:40 - 2014-06-07 05:31 - 00000000 ____D C:\windows\system32\MRT
2015-08-13 03:21 - 2014-06-07 05:31 - 132483416 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-08-12 19:28 - 2015-06-22 17:57 - 00000000 ____D C:\Users\mooke_000\Powersaves3DS
2015-08-11 14:01 - 2015-06-25 14:21 - 00003190 _____ C:\windows\System32\Tasks\HPCeeScheduleForpauli_000
2015-08-09 17:14 - 2014-06-05 17:05 - 00000000 ____D C:\Users\mooke_000\AppData\Local\Packages
2015-08-08 08:55 - 2015-03-14 08:21 - 00794088 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-08-08 08:55 - 2015-03-14 08:21 - 00179688 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-01 15:49 - 2015-06-28 18:12 - 00000000 ____D C:\Program Files (x86)\Minecraft
2015-08-01 14:11 - 2015-06-22 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Action Replay PowerSaves 3DS
2015-08-01 14:11 - 2015-06-22 17:57 - 00000000 ____D C:\Program Files (x86)\Action Replay PowerSaves 3DS
2015-08-01 14:06 - 2014-06-04 17:09 - 00000000 ____D C:\Users\Web
2015-07-30 10:55 - 2013-08-22 10:36 - 00000000 ____D C:\windows\system32\NDF
2015-07-30 09:45 - 2014-06-29 07:08 - 00000000 ____D C:\Users\aklyk_000
2015-07-30 09:45 - 2014-06-05 18:34 - 00000000 ____D C:\Users\halca_000
2015-07-28 18:20 - 2015-03-05 16:30 - 00000000 ____D C:\Users\mooke_000\AppData\Roaming\Origin
2015-07-28 18:14 - 2015-03-05 16:27 - 00000000 ____D C:\Program Files (x86)\Origin
2015-07-25 05:11 - 2015-04-04 09:03 - 00000000 ___SD C:\windows\system32\GWX
2015-07-22 21:11 - 2013-08-22 10:36 - 00000000 ____D C:\windows\rescache
2015-07-22 07:28 - 2015-01-31 11:51 - 04731400 _____ () C:\Users\mooke_000\Desktop\TechnicLauncher.exe
2015-07-22 07:27 - 2015-01-31 12:04 - 00000000 ____D C:\Users\mooke_000\AppData\Roaming\.technic
2015-07-19 10:39 - 2015-04-04 09:03 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-07-19 10:39 - 2013-08-22 10:36 - 00000000 ___RD C:\windows\ToastData
2015-07-19 10:39 - 2013-08-22 10:36 - 00000000 ____D C:\windows\WinStore
2015-07-19 07:50 - 2014-06-05 18:34 - 00003946 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{29EB089F-8B13-46EE-B4F2-40CFC60D11E2}
 
==================== Files in the root of some directories =======
 
2015-05-12 18:22 - 2015-05-12 18:22 - 0099678 _____ () C:\Program Files (x86)\tunepro138x138.ico
2014-08-02 10:04 - 2014-08-02 10:05 - 0000360 _____ () C:\Users\Web\AppData\Roaming\com.kennettnet.MusicRescue4.plist
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll
[2015-03-11 12:13] - [2015-08-14 06:43] - 0657920 ____A (Microsoft Corporation) 089D030FF1B7D49ACD074B289D306F4D
 
C:\windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-10 04:49
 
==================== End of log ============================
Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version:16-08-2015

Ran by Web (2015-08-16 17:32:59)

Running from C:\Users\Web\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-2744511804-60897879-1795108344-500 - Administrator - Disabled)

aklyk_000 (S-1-5-21-2744511804-60897879-1795108344-1007 - Limited - Enabled) => C:\Users\aklyk_000

Guest (S-1-5-21-2744511804-60897879-1795108344-501 - Limited - Disabled)

halca_000 (S-1-5-21-2744511804-60897879-1795108344-1006 - Limited - Enabled) => C:\Users\halca_000

HomeGroupUser$ (S-1-5-21-2744511804-60897879-1795108344-1003 - Limited - Enabled)

mooke_000 (S-1-5-21-2744511804-60897879-1795108344-1005 - Limited - Enabled) => C:\Users\mooke_000

pauli_000 (S-1-5-21-2744511804-60897879-1795108344-1004 - Administrator - Enabled) => C:\Users\pauli_000

Web (S-1-5-21-2744511804-60897879-1795108344-1001 - Administrator - Enabled) => C:\Users\Web

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

Action Replay PowerSaves 3DS version 1.29 (HKLM-x32\...\{CD24B06F-0A4D-410A-AEF2-DFE6A28AB4C0}_is1) (Version: 1.29 - Datel Design & Development)

Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)

Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden

Alcor Micro USB Card Reader Driver  (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.)

Alcor Micro USB Card Reader Driver  (x32 Version: 20.21.3317.03861 - Alcor Micro Corp.) Hidden

Amazing World (HKLM-x32\...\Steam App 293500) (Version:  - Ganz)

AMD Catalyst Install Manager (HKLM\...\{7288D4D9-90E0-2B03-43D0-0BB6D4496577}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)

Amnesia: The Dark Descent (HKLM-x32\...\Steam App 57300) (Version:  - Frictional Games)

Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden

Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden

Brick-Force (EU) (HKLM-x32\...\Steam App 335330) (Version:  - Exe Games Inc.)

Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden

Castle Crashers (HKLM-x32\...\Steam App 204360) (Version:  - The Behemoth)

Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)

Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)

Clicker Heroes (HKLM-x32\...\Steam App 363970) (Version:  - )

Collaboration Data Objects 1.2.1 (HKLM-x32\...\{86EF9EB6-DE10-4ABB-B221-D61972BB3C09}) (Version: 6.5.7940.0 - Microsoft)

Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden

Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Cry of Fear (HKLM-x32\...\Steam App 223710) (Version:  - Team Psykskallar)

Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden

CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)

CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6805 - CyberLink Corp.)

CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3103 - CyberLink Corp.)

Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4323 - CyberLink Corp.)

CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3215 - CyberLink Corp.)

CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3215 - CyberLink Corp.)

CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3212 - CyberLink Corp.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden

DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden

Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden

Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden

Fistful of Frags (HKLM-x32\...\Steam App 265630) (Version:  - Fistful of Frags Team)

Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )

Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.155 - Google Inc.)

Google Drive (HKLM-x32\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden

Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden

GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.15) (Version: 9.15 - Artifex Software Inc.)

Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden

House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden

HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)

HP Documentation (HKLM-x32\...\{06600E94-1C34-40E2-AB09-D30AECF78172}) (Version: 1.1.0.0 - Hewlett-Packard)

HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard)

HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.51 - Hewlett-Packard)

HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)

HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)

Inst5675 (Version: 8.00.51 - Softex Inc.) Hidden

Inst5676 (Version: 8.00.51 - Softex Inc.) Hidden

iRepo 5.3.0.0 (HKLM-x32\...\iRepo_is1) (Version: 5.3.0.0 - Purple Ghost Software, Inc.)

Ironclad Tactics (HKLM-x32\...\Steam App 226960) (Version:  - Zachtronics)

iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)

Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)

Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden

King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden

Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden

Mahjongg Dimensions Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)

Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)

Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)

Mitos.is: The Game (HKLM-x32\...\Steam App 389570) (Version:  - Freakinware Studios)

Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Music Rescue (HKLM-x32\...\{5F503B34-022D-4C56-9D40-53D2916CE3C9}) (Version: 4.5.1 - KennettNet Software Ltd)

Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden

NBA 2K15 (HKLM-x32\...\Steam App 282350) (Version:  - Visual Concepts)

Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)

PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)

Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden

Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden

Pinger (HKLM-x32\...\Pinger 1.1.1.2) (Version: 1.1.1.2 - Pinger Inc.)

Pinger (x32 Version: 1.1.1.2 - Pinger Inc.) Hidden

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden

Pokémon Trading Card Game Online (HKLM-x32\...\{D81F39D4-FDA9-4356-92B1-16081D8BF71A}) (Version: 1.0.0 - The Pokémon Company International)

Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden

Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)

PVZ Garden Warfare (HKLM-x32\...\{A5AC7D7B-C1D5-4AF9-8829-993DA335BE1B}) (Version: 1.0.3.0 - Electronic Arts)

Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)

QuickBooks (x32 Version: 24.0.4008.2403 - Intuit Inc.) Hidden

QuickBooks Pro 2014 (HKLM-x32\...\{4A21D17E-2FE8-42CD-88B7-ACF8E8860834}) (Version: 24.0.4003.2403 - Intuit Inc.)

QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7090 - Realtek Semiconductor Corp.)

Recovery Manager (x32 Version: 5.5.0.7001 - CyberLink Corp.) Hidden

Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Sharepod 4.0.1.1 (HKLM-x32\...\{085BCFB8-F6FB-4600-AFAB-1F6DBC7F5F99}_is1) (Version:  - Macroplant LLC)

Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)

Spooky's House of Jump Scares (HKLM-x32\...\Steam App 356670) (Version:  - Lag Studios)

Spotify (HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB)

Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)

Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden

Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)

Team Fortress Classic (HKLM-x32\...\Steam App 20) (Version:  - Valve)

Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)

The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)

The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version:  - Nicalis, Inc.)

Time Clickers (HKLM-x32\...\Steam App 385770) (Version:  - Proton Studio Inc)

TouchCopy 12 (HKLM-x32\...\{363B852D-FBAD-4BAB-B1E9-28937DCDA620}) (Version: 12.46 - Wide Angle Software)

Trove (HKLM-x32\...\Steam App 304050) (Version:  - Trion Worlds)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden

Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden

Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.3.0.0 - Azureus Software, Inc.)

WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)

WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)

X Rebirth (HKLM-x32\...\Steam App 2870) (Version:  - Egosoft)

Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden

Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== Restore Points =========================

 

29-07-2015 04:09:48 Windows Update

11-08-2015 11:39:06 Scheduled Checkpoint

16-08-2015 12:39:33 Removed Java 7 Update 60 (64-bit)

16-08-2015 16:12:37 Restore Point Created by FRST

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {089607A1-22D1-4172-A106-4DEEEDF53A49} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)

Task: {283EFFA8-8543-4156-9297-F4967767E0AC} - System32\Tasks\updateTask => c:\task.vbs

Task: {2F8869EE-DDF4-4189-B218-0FA932BA833B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-05] (Google Inc.)

Task: {33C6C936-27C9-4864-BC10-AD0EE8157838} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)

Task: {34CE367C-12F8-40EF-A247-F2A77A5692E5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)

Task: {364C2067-47B8-4DA0-9B7F-DEF696AC3D31} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)

Task: {4D0A3E5D-EA2D-4BC2-A3B0-35166C769E0C} - System32\Tasks\runTask => %TEMP%/Updater.exe

Task: {6D630EE5-9363-4E34-80CB-05227AE6CFBA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-08-13] (Microsoft Corporation)

Task: {78433DFD-CEDB-4793-AB00-0EAAE5EA786D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)

Task: {912CDA96-E250-45E0-A69F-CBE9F94642F8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-31] (Hewlett-Packard)

Task: {A8A586F8-3AB2-43BE-B7E5-91B816889678} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {C6F354D6-01F3-42C3-BCB8-DD6F19DF9582} - System32\Tasks\HPCeeScheduleForWeb => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)

Task: {D5016636-D008-4FA8-A9CA-F95655C46526} - System32\Tasks\HPCeeScheduleForpauli_000 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)

Task: {D576BEE5-6B9B-4783-98AB-0F5C1E1AF9F9} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)

Task: {D5E45616-3703-4421-BCF8-C2617A3EB32A} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser

Task: {DF80B38C-CA93-4FAD-887C-AD8EDE5A02EB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-31] (Hewlett-Packard)

Task: {E0656664-4567-4309-817B-5F2691F42BE0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-05] (Google Inc.)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\HPCeeScheduleForpauli_000.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

Task: C:\windows\Tasks\HPCeeScheduleForWeb.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

Task: C:\windows\Tasks\User_Feed_Synchronization-{04B9E90F-251F-4172-81A6-1ACCE334504E}.job => C:\windows\system32\msfeedssync.exe

Task: C:\windows\Tasks\User_Feed_Synchronization-{C5F881FB-A495-42CB-A304-59516024C554}.job => C:\windows\system32\msfeedssync.exe

 

==================== Loaded Modules (Whitelisted) ==============

 

2013-09-05 05:22 - 2013-09-05 05:22 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe

2013-09-05 05:24 - 2013-09-05 05:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll

2013-09-05 05:24 - 2013-09-05 05:24 - 02540544 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll

2013-09-05 05:21 - 2013-09-05 05:21 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll

2013-09-05 05:21 - 2013-09-05 05:21 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll

2013-09-05 05:21 - 2013-09-05 05:21 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll

2013-09-05 05:36 - 2013-09-05 05:36 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll

2013-09-05 05:36 - 2013-09-05 05:36 - 01298832 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll

2014-11-15 16:50 - 2013-10-23 16:24 - 00087600 _____ () C:\windows\System32\cpwmon64.dll

2013-09-05 05:31 - 2013-09-05 05:31 - 00064000 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe

2013-06-05 15:51 - 2013-06-05 15:51 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll

2015-07-03 02:01 - 2015-07-03 02:01 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\ErrorReporting.dll

2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2015-08-11 15:15 - 2015-08-07 19:13 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\libglesv2.dll

2015-08-11 15:15 - 2015-08-07 19:13 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\libegl.dll

2015-08-16 16:59 - 2015-08-16 16:59 - 00098816 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\win32api.pyd

2015-08-16 16:59 - 2015-08-16 16:59 - 00110080 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\pywintypes27.dll

2015-08-16 16:59 - 2015-08-16 16:59 - 00364544 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\pythoncom27.dll

2015-08-16 16:59 - 2015-08-16 16:59 - 00045568 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\_socket.pyd

2015-08-16 16:59 - 2015-08-16 16:59 - 01161216 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\_ssl.pyd

2015-08-16 16:59 - 2015-08-16 16:59 - 00320512 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\win32com.shell.shell.pyd

2015-08-16 16:59 - 2015-08-16 16:59 - 00713216 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\_hashlib.pyd

2015-08-16 16:59 - 2015-08-16 16:59 - 01176576 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\wx._core_.pyd

2015-08-16 16:59 - 2015-08-16 16:59 - 00806400 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\wx._gdi_.pyd

2015-08-16 16:59 - 2015-08-16 16:59 - 00816128 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\wx._windows_.pyd

2015-08-16 16:59 - 2015-08-16 16:59 - 01067008 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\wx._controls_.pyd

2015-08-16 16:59 - 2015-08-16 16:59 - 00733184 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\wx._misc_.pyd

2015-08-16 16:59 - 2015-08-16 16:59 - 00682496 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\pysqlite2._sqlite.pyd

2015-08-16 16:59 - 2015-08-16 16:59 - 00087552 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\_ctypes.pyd

2015-08-16 16:59 - 2015-08-16 16:59 - 00119808 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\win32file.pyd

2015-08-16 16:59 - 2015-08-16 16:59 - 00108544 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\win32security.pyd

2015-08-16 16:59 - 2015-08-16 16:59 - 00007168 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\hashobjs_ext.pyd

2015-08-16 16:59 - 2015-08-16 16:59 - 00068096 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\usb_ext.pyd

2015-08-16 16:59 - 2015-08-16 16:59 - 00167936 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\win32gui.pyd

2015-08-16 16:59 - 2015-08-16 16:59 - 00018432 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\win32event.pyd

2015-08-16 16:59 - 2015-08-16 16:59 - 00128512 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\_elementtree.pyd

2015-08-16 16:59 - 2015-08-16 16:59 - 00127488 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\pyexpat.pyd

2015-08-16 16:59 - 2015-08-16 16:59 - 00013824 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\common.time34.pyd

2015-08-16 16:59 - 2015-08-16 16:59 - 00036864 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\_psutil_windows.pyd

2015-08-16 16:59 - 2015-08-16 16:59 - 00038912 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\win32inet.pyd

2015-08-16 16:59 - 2015-08-16 16:59 - 00011264 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\win32crypt.pyd

2015-08-16 16:59 - 2015-08-16 16:59 - 00077312 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\wx._html2.pyd

2015-08-16 16:59 - 2015-08-16 16:59 - 00027136 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\_multiprocessing.pyd

2015-08-16 16:59 - 2015-08-16 16:59 - 00020480 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\_yappi.pyd

2015-08-16 16:59 - 2015-08-16 16:59 - 00035840 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\win32process.pyd

2015-08-16 16:59 - 2015-08-16 16:59 - 00686080 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\unicodedata.pyd

2015-08-16 16:59 - 2015-08-16 16:59 - 00123392 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\wx._wizard.pyd

2015-08-16 16:59 - 2015-08-16 16:59 - 00024064 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\win32pipe.pyd

2015-08-16 16:59 - 2015-08-16 16:59 - 00010240 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\select.pyd

2015-08-16 16:59 - 2015-08-16 16:59 - 00025600 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\win32pdh.pyd

2015-08-16 16:59 - 2015-08-16 16:59 - 00525640 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\windows._lib_cacheinvalidation.pyd

2015-08-16 16:59 - 2015-08-16 16:59 - 00017408 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\win32profile.pyd

2015-08-16 16:59 - 2015-08-16 16:59 - 00022528 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\win32ts.pyd

2015-08-16 16:59 - 2015-08-16 16:59 - 00078848 _____ () C:\Users\Web\AppData\Local\Temp\_MEI49482\wx._animate.pyd

2014-05-29 20:05 - 2013-08-05 02:49 - 00627672 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll

2013-08-05 17:48 - 2013-08-05 17:48 - 00016856 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

AlternateDataStreams: C:\Users\aklyk_000\OneDrive:ms-properties

AlternateDataStreams: C:\Users\mooke_000\SkyDrive:ms-properties

AlternateDataStreams: C:\Users\pauli_000\SkyDrive:ms-properties

AlternateDataStreams: C:\Users\Web\SkyDrive:ms-properties

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Uiviuuj => ""="service"

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-2744511804-60897879-1795108344-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Web\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\20130104_180917.jpg

DNS Servers: 192.168.1.254

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

HKLM\...\StartupApproved\StartupFolder: => "QuickBooks_Standard_21.lnk"

HKLM\...\StartupApproved\Run32: => "Intuit SyncManager"

HKLM\...\StartupApproved\Run32: => "iTunesHelper"

HKLM\...\StartupApproved\Run32: => "QHSafeTray"

HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_E2EFA8B57D860A85EE2AA41549A6F263"

HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_E79404C9801F5F746CB0082314E75BDB"

HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\StartupApproved\Run: => "Spotify"

HKU\S-1-5-21-2744511804-60897879-1795108344-1001\...\StartupApproved\Run: => "Spotify Web Helper"

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [{BE1E032E-59FB-4FD6-A4A7-7483640A14E2}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe

FirewallRules: [{6C1223DF-C175-4620-A10F-C10F3B53ADAD}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe

FirewallRules: [{10B96B04-F60E-4B27-B2AD-4DE58C0EA43D}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe

FirewallRules: [{9F21A3C9-C90F-412A-9567-272759693CAD}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe

FirewallRules: [{3B76E4E5-879F-4B5D-AECA-CF7E92170C41}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe

FirewallRules: [{C57BDA63-9FB1-4F0C-AE36-8EE96FEC22E3}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe

FirewallRules: [{3924102E-FF6B-4B83-8814-FF88FE11AB7A}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE

FirewallRules: [{EE574B00-7BF6-4DFD-B2F8-1EA49608A5E0}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe

FirewallRules: [{21E7021B-C5C7-45D1-9975-5787D14A44AA}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe

FirewallRules: [{F3F991D2-D911-444E-9CC4-F7D3C824850D}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe

FirewallRules: [{FA8134FB-7A4D-47F5-A745-EE21B2EC71DC}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe

FirewallRules: [{8FB586B4-6047-4608-92D9-9E3CCFE444C4}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe

FirewallRules: [{444EDE6B-1312-4115-9DAD-A4FBBD5FEC71}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe

FirewallRules: [{92EC95E1-E446-4F0A-B9BD-FE619836FF0C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{31C6EA78-FDCA-4EAA-9EF3-329774323E6E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{B9C2440C-FDD9-4CA8-8CBE-1CB5A7317482}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{B70D192F-164B-4D05-BFA2-0DBC6CFA4CFD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{6A9CCDF5-CA09-4A3C-91FD-4C1821F5C087}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{AAFEF149-C6A9-42A0-9506-71ECA24DCE2B}] => (Allow) LPort=2869

FirewallRules: [{74072E8C-EBBF-4990-BF8D-DF3F0A70705B}] => (Allow) LPort=1900

FirewallRules: [{1EDB488B-DE61-4A08-82F1-AF2EAC89C7F0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe

FirewallRules: [{89535837-6E40-4ADA-8F67-1E2DD36A4CB1}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe

FirewallRules: [{5A739BBF-C1B7-48D1-9985-0BB27D4010A7}] => (Allow) C:\Program Files\Vuze\Azureus.exe

FirewallRules: [{525541B4-294B-4B11-B9BC-BBBC03578BD0}] => (Allow) C:\Program Files\Vuze\Azureus.exe

FirewallRules: [TCP Query User{1EA3B08A-E61D-4829-BC45-B4DC73A5FDD6}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe

FirewallRules: [uDP Query User{F48061BA-97D0-489B-AC9A-CCB9334B4354}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe

FirewallRules: [{F5176B49-2ACD-4BB1-8592-4DD49D3ACB5B}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe

FirewallRules: [{D4094727-9CBC-47C6-B0B1-5D092972F3B8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{2C5E364E-0036-43E7-918F-86DECA98A4BE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [TCP Query User{B981B08B-F1AB-4565-A371-17A30D1194A0}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe

FirewallRules: [uDP Query User{D4AD9723-A924-495C-BE4A-EA66A99F63C4}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe

FirewallRules: [{EE817AAF-9D62-4E65-B3FC-CD8076B76F33}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe

FirewallRules: [{E58FC6A6-9307-4280-AE24-E6FBE2557067}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe

FirewallRules: [{5D82F2EC-1AC8-4525-B30D-815A5BC40ABA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe

FirewallRules: [{82397B22-92B9-40D2-968A-1346D1068248}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe

FirewallRules: [TCP Query User{348FADAE-611E-4D3B-972C-4009B959179B}C:\users\web\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\web\appdata\roaming\spotify\spotify.exe

FirewallRules: [uDP Query User{691D1B52-7F3E-429D-B119-5045A9A1B313}C:\users\web\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\web\appdata\roaming\spotify\spotify.exe

FirewallRules: [{C3783617-F9FA-4489-8F55-5FAF1087501F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{89F398C4-5795-4A80-99E8-DAD027657813}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{1012B0E9-788E-4339-9C2A-BE8C02A486C7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fistful of Frags\sdk\hl2.exe

FirewallRules: [{E02EFE82-455B-403A-B91A-9D6A2DA8808D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fistful of Frags\sdk\hl2.exe

FirewallRules: [{43A590CA-716F-4AA6-AB24-87220381B8C6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amazing World\AmazingWorld.exe

FirewallRules: [{5D29A9F9-8BA5-4C4A-92C5-84B0A50465F7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amazing World\AmazingWorld.exe

FirewallRules: [{221B49BD-A410-48E8-B140-424CCC2440D2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Ironclad Tactics\Game.exe

FirewallRules: [{3A2DD2E1-9E24-471A-B203-73912278E14C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Ironclad Tactics\Game.exe

FirewallRules: [{F89D39A6-DC4C-43B0-9EC0-7BD15F51AC36}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe

FirewallRules: [{8A1B8B18-0018-49E5-9CCF-EB74958EFB24}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe

FirewallRules: [{2FE4DCD9-2BFF-486F-8DC1-C6883E0E5429}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe

FirewallRules: [{2A644A87-A2F6-4E2A-8035-79120CF19975}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe

FirewallRules: [{D8D74176-1369-4708-871A-96F934B4721D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cry of Fear\CoFLaunchApp.exe

FirewallRules: [{678696E1-881B-41B6-98C6-0F2273D2FB45}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cry of Fear\CoFLaunchApp.exe

FirewallRules: [TCP Query User{A424A491-10EC-4397-9036-A4AF203ACDCD}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Block) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe

FirewallRules: [uDP Query User{1702F69E-EC27-4497-9A9F-1F340057E704}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Block) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe

FirewallRules: [{09460DCB-E59D-4E82-A97E-CEC470617064}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CastleCrashers\castle.exe

FirewallRules: [{40BAAC17-672F-464B-9974-D798C2E01F94}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CastleCrashers\castle.exe

FirewallRules: [TCP Query User{D95210E3-F88C-42E9-9E62-9845D4AD4E1A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe

FirewallRules: [uDP Query User{97466C1C-29D4-46C9-AC35-79130A4F6726}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe

FirewallRules: [TCP Query User{8F359B21-2B49-4AEE-B13C-37F3737B64D6}C:\users\halca_000\appdata\local\torch\plugins\hola\hola_plugin_x64.exe] => (Block) C:\users\halca_000\appdata\local\torch\plugins\hola\hola_plugin_x64.exe

FirewallRules: [uDP Query User{55A79EF8-E449-4FD7-BA63-8A3793F40977}C:\users\halca_000\appdata\local\torch\plugins\hola\hola_plugin_x64.exe] => (Block) C:\users\halca_000\appdata\local\torch\plugins\hola\hola_plugin_x64.exe

FirewallRules: [TCP Query User{98090451-32DD-4F8A-B7CF-FAA2BE92F7C4}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe

FirewallRules: [uDP Query User{9DEDF3CC-69A8-4A87-889C-E051C9491E83}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe

FirewallRules: [{A154DEA0-1C43-48CB-B038-A2BA083EB563}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe

FirewallRules: [{BFE7530C-ED5C-43BB-A6F6-3ADF9E0321C6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe

FirewallRules: [{15DA8999-AE5B-4135-AD60-611722DED198}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Binding Of Isaac\Isaac.exe

FirewallRules: [{20AAF40E-6C7C-41F6-9272-94D36DCA31CF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Binding Of Isaac\Isaac.exe

FirewallRules: [{2E67CEE6-3D5A-41C8-B6B9-CB1225C49A1B}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exe

FirewallRules: [{3768047C-8401-44D7-A71D-4CEA5EC5CB33}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exe

FirewallRules: [{2D18C3D6-C6EC-4FA0-8B77-14B407A3AD10}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Brick-Force ROW\InfernumLogin.exe

FirewallRules: [{255D589D-92C3-4FB9-82BF-3795907FB15C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Brick-Force ROW\InfernumLogin.exe

FirewallRules: [{E35E1444-0683-4C26-8FD0-B8CE7F61ADC7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe

FirewallRules: [{415E1660-48A4-407E-8E1C-B5BB0AACF8D5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe

FirewallRules: [{7AB15407-B9B8-4472-A690-EA49B72CC04C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\X Rebirth\XRebirth.exe

FirewallRules: [{B139A4E7-FB00-4F8E-ADCA-0EB4ABE350BE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\X Rebirth\XRebirth.exe

FirewallRules: [TCP Query User{526B8273-C4F4-44B1-906F-4D5A3097A7B9}C:\program files (x86)\360\total security\safemon\qhsafetray.exe] => (Block) C:\program files (x86)\360\total security\safemon\qhsafetray.exe

FirewallRules: [uDP Query User{2B8FC484-6980-4DBF-91EE-B16E52BDB45B}C:\program files (x86)\360\total security\safemon\qhsafetray.exe] => (Block) C:\program files (x86)\360\total security\safemon\qhsafetray.exe

FirewallRules: [{4FB6E1EB-8AEC-44ED-BB51-6FCB840577D4}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe

FirewallRules: [{0920CB87-0C21-4262-A320-338716A9F521}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe

FirewallRules: [{A86BE10F-5A0C-48C6-82F1-D1DB59AFD214}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Amnesia.exe

FirewallRules: [{23BA47CE-BC10-434E-85FE-1639C088E876}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Amnesia.exe

FirewallRules: [{1469C652-B59B-4C0D-A1F3-E9F74F72DACB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Launcher.exe

FirewallRules: [{630A237A-BC7D-44C2-B623-0B667376B8D7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Launcher.exe

FirewallRules: [TCP Query User{F6A1232D-BCC5-417E-A635-56AB4D7FFE68}C:\windows\system32\javaw.exe] => (Block) C:\windows\system32\javaw.exe

FirewallRules: [uDP Query User{A7893E4C-D812-4632-A5FA-9F92A65E3535}C:\windows\system32\javaw.exe] => (Block) C:\windows\system32\javaw.exe

FirewallRules: [{C69D7EA4-445A-4D4D-BC47-82162F1B94FC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Clicker Heroes\Clicker Heroes.exe

FirewallRules: [{3209999A-DD0C-499D-9634-0CD7A2904764}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Clicker Heroes\Clicker Heroes.exe

FirewallRules: [TCP Query User{FACE13ED-1822-4F9C-9ADA-27348FED87B1}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe

FirewallRules: [uDP Query User{12DC88B8-9874-46E5-B91E-BF80226DB761}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe

FirewallRules: [{FCB323AE-08ED-48EE-8606-CBC0060C1211}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [{2FB3D3BC-DD3F-43BD-9B1E-653D587AC663}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TimeClickers\TimeClickers.exe

FirewallRules: [{CBC476DF-EAE8-49C4-B2C6-ED74ECCE47FA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TimeClickers\TimeClickers.exe

FirewallRules: [{E28ADC6C-A414-409C-B2AA-34FA8A47D480}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Spooky's House of Jump Scares\SPOOKY.exe

FirewallRules: [{C8A2EC8C-C62B-4636-BF0A-358D5494EE40}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Spooky's House of Jump Scares\SPOOKY.exe

FirewallRules: [{0C63C7CA-46EB-41AD-9F27-F70A9D069687}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mitos.is The Game\Mitosis.exe

FirewallRules: [{01F669C7-E877-489E-BBA1-C0846B280700}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mitos.is The Game\Mitosis.exe

FirewallRules: [{17F9E0E3-F7E5-4021-B34F-0DEB8C88AFD6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Trove\GlyphClient.exe

FirewallRules: [{4A741EC4-930E-4D7C-9BEB-49E47C87ED11}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Trove\GlyphClient.exe

FirewallRules: [{807E8FA7-2211-4C20-AFA5-5DB11331B6BA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe

FirewallRules: [{77AE47F7-DABB-48F6-8AB3-C5F5B474B0A3}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe

FirewallRules: [{7519E145-7F27-4FA3-B832-1ADB1F50A55E}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe

 

==================== Faulty Device Manager Devices =============

 

Name: Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter

Description: Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Qualcomm Atheros Communications Inc.

Service: athr

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (08/16/2015 05:32:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JEFFERSON)

Description: Activation of app Facebook.Facebook_8xx8rvfyw5nnt!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (08/16/2015 05:32:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JEFFERSON)

Description: Activation of app Facebook.Facebook_8xx8rvfyw5nnt!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (08/16/2015 05:31:20 PM) (Source: Perflib) (EventID: 1008) (User: )

Description: .NETFrameworkC:\windows\system32\mscoree.dll8

 

Error: (08/16/2015 05:02:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JEFFERSON)

Description: Activation of app Facebook.Facebook_8xx8rvfyw5nnt!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (08/16/2015 04:28:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JEFFERSON)

Description: Activation of app Facebook.Facebook_8xx8rvfyw5nnt!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (08/16/2015 04:12:36 PM) (Source: VSS) (EventID: 8194) (User: )

Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.

.

This is often caused by incorrect security settings in either the writer or requestor process.

 

 

Operation:

   Gathering Writer Data

 

Context:

   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

   Writer Name: System Writer

   Writer Instance ID: {97b2ec63-0b20-4176-bc7a-f5b0dce6f310}

 

Error: (08/16/2015 04:10:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JEFFERSON)

Description: Activation of app Facebook.Facebook_8xx8rvfyw5nnt!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (08/16/2015 03:28:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JEFFERSON)

Description: Activation of app Facebook.Facebook_8xx8rvfyw5nnt!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (08/16/2015 03:17:09 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: 030260~1.EXE, version: 7.8.712.2, time stamp: 0x5321d133

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x676f7250

Faulting process id: 0x610

Faulting application start time: 0x030260~1.EXE0

Faulting application path: 030260~1.EXE1

Faulting module path: 030260~1.EXE2

Report Id: 030260~1.EXE3

Faulting package full name: 030260~1.EXE4

Faulting package-relative application ID: 030260~1.EXE5

 

Error: (08/16/2015 03:16:02 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )

Description: Failed to schedule Software Protection service for re-start at 2115-07-23T20:16:02Z. Error Code: 0x80040154.

 

 

System errors:

=============

Error: (08/16/2015 04:48:24 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (08/16/2015 04:48:24 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (08/16/2015 04:48:23 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (08/16/2015 04:48:23 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (08/16/2015 04:48:23 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (08/16/2015 04:48:22 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (08/16/2015 04:48:22 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (08/16/2015 04:48:21 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (08/16/2015 04:48:21 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (08/16/2015 04:48:21 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

 

Microsoft Office:

=========================

 

CodeIntegrity:

===================================

  Date: 2015-08-16 12:57:28.085

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-08-16 12:57:27.074

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-08-16 12:57:25.998

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-08-16 12:57:24.762

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-08-16 12:57:24.025

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-08-16 12:57:23.075

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-08-16 12:57:22.325

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-08-16 12:57:21.207

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-08-16 12:57:20.400

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-08-16 12:57:19.016

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

 

==================== Memory info =========================== 

 

Processor: AMD A6-5200 APU with Radeon HD Graphics 

Percentage of memory in use: 37%

Total physical RAM: 5580.01 MB

Available physical RAM: 3511.33 MB

Total Virtual: 11212.01 MB

Available Virtual: 8479.51 MB

 

==================== Drives ================================

 

Drive c: (Windows) (Fixed) (Total:914.57 GB) (Free:632.55 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive d: (Recovery Image) (Fixed) (Total:15.46 GB) (Free:1.92 GB) NTFS ==>[system with boot components (obtained from reading drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 931.5 GB) (Disk ID: CE011A0D)

 

Partition: GPT.

 

==================== End of log ============================

Link to post
Share on other sites

I did not reboot after the Malwarebytes scan. Should I have?

No, it would have let you know if you had to reboot.

==============================

If you're still having a problem......

Try Chrome with no extensions enabled:

Open up Chrome by clicking on the 3 bars in the upper right hand corner.
Then in Chrome go to Tools > > Extensions > Make sure the Developer Mode box is checked in the upper right hand corner > uncheck all the extensions and see if that makes a difference.
If so......ad them back a couple at a time to find the culprit.

Let me know........MrC

Link to post
Share on other sites

I don't think it's a Chrome problem -- even with all the extensions disabled it still happens in Chrome and it happens in IE now too -- 'best coupons' sidebar and random bogus tabs opening when I click on links. I guess I did not try IE long enough before when I said it seemed to be fixed.

 

I am running another Malwarebytes scan. I will let you know how that turns out.

 

 

Link to post
Share on other sites

The Malwarebytes scan came back clean but I'm still having the issues in both Chrome and IE.

 

I also forgot to mention that I am also getting popups with debugging type messages that seem to have to do with Flash. Example:

 

SecurityError: Error #2060: Security sandbox violation: ExternalInterface caller https://forums.malwarebytes.org/public/js/3rd_party/swfupload/swfupload.swf?preventswfcaching=1439768892957 cannot access <unknown>.
 at flash.external::ExternalInterface$/_evalJS()
 at flash.external::ExternalInterface$/call()
 at ExternalCall$/Bool()
 at SWFUpload/CheckExternalInterface()
 at MethodInfo-10()
 at flash.utils::Timer/_timerDispatch()
 at flash.utils::Timer/tick()

Link to post
Share on other sites

OK, see if this scanner will run on the system (it's only going to scan not delete.....I'll determine what to delete):

Please run a free online scan with the ESET Online Scanner (it may take a while to run)

Note: You will need to use Internet Explorer for this scan.

First please Disable any Antivirus you have active, as shown in This Topic

FAQ

Note: Don't forget to re-enable it after the scan.

http://www.eset.eu/online-scanner

Tick the box next to YES, I accept the Terms of Use.

Click Start

When asked, allow the ActiveX control to install

Click Start

Make sure that the options Remove found threats is unchecked and the option Scan unsafe applications is checked

Click Advanced settings and select the following:

ceba8c51-8f88-44b9-ad41-5f07ba8351b1.png

Click Start

Wait for the scan to finish

If threats were found:

Click on "list of threats found"

Click on "export to text file" and save it as ESET SCAN and save to the desktop

Click on back

Put a checkmark in "Uninstall application on close"

Click on finish

Post back the log.....MrC

Link to post
Share on other sites