Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Service.exe by Search Safer, Inc.


  • This topic is locked This topic is locked
7 replies to this topic

#1 dloakley

dloakley

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 29 April 2014 - 04:09 AM

Please help. I have been infected with Seervice.exe by Search Safer. 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.55.2
Run by coakley at 4:52:57 on 2014-04-29
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3554.749 [GMT -4:00]
.
AV: Ad-Aware Antivirus *Enabled/Updated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Ad-Aware Antivirus *Enabled/Updated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\system32\dashost.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files\pcreg\pcreg.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\Windows\system32\EscSvc64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\dwm.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\System32\M-AudioTaskBarIcon.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe
C:\Program Files (x86)\Hoopla\GPlayer.exe
C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareDesktop.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = hxxp://www.google.com
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll
uRun: [pcreg] C:\Program Files\pcreg\service.exe
uRun: [Exetender] "C:\Program Files (x86)\Hoopla\GPlayer.exe" /runonstartup
uRun: [BlockNSurf] C:\Program Files (x86)\BlockAndSurf-soft\BlockNSurf.exe
uRun: [GoogleChromeAutoLaunch_7242921E48DB703CD43297D6DB9062F0] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [pcreg] C:\Program Files\pcreg\service.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
dRun: [Exetender] "C:\Program Files (x86)\Hoopla\GPlayer.exe" /runonstartup
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\AMAZON~1.LNK - C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:0
IE: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - 
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab?rnd=1233726694
TCP: Interfaces\{51FBCAE6-5F03-48BB-A96B-E9CE7B32E7EA} : DHCPNameServer = 192.168.1.1 71.243.0.12
TCP: Interfaces\{64624FC2-822D-46E7-AAF3-E97E9451916F} : DHCPNameServer = 192.168.1.1 71.243.0.12
TCP: Interfaces\{64624FC2-822D-46E7-AAF3-E97E9451916F}\0786370796167657563747 : DHCPNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{64624FC2-822D-46E7-AAF3-E97E9451916F}\144616D67424 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{64624FC2-822D-46E7-AAF3-E97E9451916F}\E45445745414252333 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{64624FC2-822D-46E7-AAF3-E97E9451916F}\E45445745414257333 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{64624FC2-822D-46E7-AAF3-E97E9451916F}\E45445745414257363 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{64624FC2-822D-46E7-AAF3-E97E9451916F}\F416B6723702C4169627 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{C9857BB7-BBA2-43F7-A8DE-D5D4EC202209} : DHCPNameServer = 172.26.38.1 172.26.38.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
x64-mStart Page = about:blank
x64-BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll
x64-Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [pcreg] C:\Program Files\pcreg\service.exe
x64-Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe"
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-mPolicies-Explorer: HideSCAHealth = dword:1
x64-mPolicies-System: ConsentPromptBehaviorUser = dword:0
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 54.225.95.126 imfpmncmbojnbdhnogcegojocabhpbnh
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\Drivers\amd_sata.sys [2012-9-2 79528]
R0 amd_xata;amd_xata;C:\Windows\System32\Drivers\amd_xata.sys [2012-9-2 26280]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfndisf6.sys [2013-7-17 97816]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [2013-7-17 107080]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2012-12-22 92536]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-18 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-9-18 361984]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-3-3 1363584]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-3-3 1748608]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392]
R2 EpsonScanSvc;Epson Scanner Service;C:\Windows\System32\escsvc64.exe [2014-3-5 135824]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160]
R2 HPConnectedRemote;HP Connected Remote Service;C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [2012-10-12 35744]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-9-24 31040]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [2013-12-17 46904]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-9-7 35232]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-12-22 2451456]
R2 LavasoftAdAwareService11;Ad-Aware Service 11;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [2014-1-23 702744]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-4-8 377616]
R2 X5XSEx_Pr152;X5XSEx_Pr152;C:\Program Files (x86)\Hoopla\X5XSEx_Pr152.sys [2014-3-24 56584]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2012-8-21 91648]
R3 gzflt;gzflt;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\gzflt.sys [2013-7-17 138232]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\Drivers\RtsP2Stor.sys [2012-12-22 269968]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-12-22 690832]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2012-12-22 57000]
R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-31 20800]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2014-4-15 2227536]
S3 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-9-28 650808]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\Drivers\MBAMSwissArmy.sys [2014-4-14 119512]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\Drivers\netaapl64.sys [2013-7-25 23040]
S3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2012-8-24 41272]
S3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2012-8-24 43832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\Drivers\wdcsam64.sys [2008-5-6 14464]
S3 WSDScan;WSD Scan Support;C:\Windows\System32\Drivers\WSDScan.sys [2013-3-5 23552]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
.
=============== Created Last 30 ================
.
2014-04-28 14:12:51 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-25 13:20:12 693760 ----a-w- C:\Windows\System32\WSShared.dll
2014-04-25 13:20:12 628024 ----a-w- C:\Windows\System32\NotificationUI.exe
2014-04-25 13:20:12 566784 ----a-w- C:\Windows\SysWow64\WSShared.dll
2014-04-25 13:20:11 163840 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-25 13:20:11 124928 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-24 21:29:12 -------- d-----w- C:\Users\coakley\AppData\Local\Skype
2014-04-24 08:37:37 217776 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10237.bin
2014-04-20 10:29:21 78296 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-20 10:29:21 694232 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-04-19 10:43:58 701952 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll
2014-04-19 10:42:49 108032 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
2014-04-18 18:11:11 2232664 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-04-18 18:11:02 1939288 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2014-04-18 18:11:00 5979648 ----a-w- C:\Windows\System32\mstscax.dll
2014-04-17 11:35:14 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2014-04-15 14:46:14 46136 ---ha-w- C:\Windows\System32\drivers\Hamdrv.sys
2014-04-14 12:41:04 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
.
==================== Find3M  ====================
.
2014-04-03 13:51:22 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-04-03 13:51:04 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-04-03 13:50:58 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-03-07 00:48:11 1766400 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-03-07 00:47:24 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-07 00:08:30 2240000 ----a-w- C:\Windows\System32\wininet.dll
2014-03-07 00:08:27 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2014-03-07 00:08:06 3959808 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-24 11:02:47 40448 ----a-w- C:\Windows\SysWow64\pdf995mon64.dll
2014-02-08 04:34:42 4036608 ----a-w- C:\Windows\System32\win32k.sys
2014-02-05 23:41:39 595968 ----a-w- C:\Windows\System32\qedit.dll
2014-02-05 23:41:21 978432 ----a-w- C:\Windows\System32\KernelBase.dll
2014-02-05 23:37:51 496640 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-02-05 23:26:01 666112 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2014-02-03 23:56:23 332632 ----a-w- C:\Windows\System32\drivers\storport.sys
2014-02-03 23:56:20 278872 ----a-w- C:\Windows\System32\drivers\msiscsi.sys
2014-01-31 00:48:35 485888 ----a-w- C:\Windows\SysWow64\WSDApi.dll
2014-01-31 00:48:33 143872 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll
2014-01-31 00:48:33 1339392 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-01-31 00:06:03 599040 ----a-w- C:\Windows\System32\WSDApi.dll
2014-01-31 00:06:01 1628160 ----a-w- C:\Windows\System32\WindowsCodecs.dll
.
============= FINISH:  4:55:16.84 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:56 PM

Posted 29 April 2014 - 04:38 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

You need to redo these steps so please read carefully - please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Regards,

Georgi


cXfZ4wS.png


#3 dloakley

dloakley
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 29 April 2014 - 05:06 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2014
Ran by coakley (administrator) on GEORGE on 29-04-2014 05:45:22
Running from C:\Users\coakley\Downloads
Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
() C:\Program Files\pcreg\pcreg.exe
(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Amazon.com) C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
(Seiko Epson Corporation) C:\Windows\system32\EscSvc64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Avid Technology, Inc.) C:\Windows\System32\M-AudioTaskBarIcon.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe
(Exent Technologies Ltd.) C:\Program Files (x86)\Hoopla\GPlayer.exe
(Amazon.com) C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [M-Audio Taskbar Icon] => C:\Windows\system32\M-AudioTaskBarIcon.exe [798216 2009-09-03] (Avid Technology, Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-20] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-08-26] (Synaptics Incorporated)
HKLM\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe [90184 2014-03-13] ()
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe [4114264 2014-01-23] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-09-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-10] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe [90184 2014-03-13] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-04-15] (LogMeIn Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-08] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\.DEFAULT\...\Run: [Exetender] => C:\Program Files (x86)\Hoopla\GPlayer.exe [5043096 2014-03-05] (Exent Technologies Ltd.)
HKU\S-1-5-21-4278458405-1562588558-2467747291-1004\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe [90184 2014-03-13] ()
HKU\S-1-5-21-4278458405-1562588558-2467747291-1004\...\Run: [Exetender] => C:\Program Files (x86)\Hoopla\GPlayer.exe [5043096 2014-03-05] (Exent Technologies Ltd.)
HKU\S-1-5-21-4278458405-1562588558-2467747291-1004\...\Run: [BlockNSurf] => C:\Program Files (x86)\BlockAndSurf-soft\BlockNSurf.exe
HKU\S-1-5-21-4278458405-1562588558-2467747291-1004\...\Run: [GoogleChromeAutoLaunch_7242921E48DB703CD43297D6DB9062F0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032 2014-04-23] (Google Inc.)
HKU\S-1-5-21-4278458405-1562588558-2467747291-1004\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-4278458405-1562588558-2467747291-1004\...\Policies\Explorer: [HideSCAHealth] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Unbox.lnk
ShortcutTarget: Amazon Unbox.lnk -> C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe (Amazon.com)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
BHO: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll ()
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll ()
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/RACtrl.cab?rnd=1233726694
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 54.225.95.126 imfpmncmbojnbdhnogcegojocabhpbnh
 
FireFox:
========
FF ProfilePath: C:\Users\coakley\AppData\Roaming\Mozilla\Firefox\Profiles\u62ptnr2.default
FF NewTab: user_pref("plugins.hide_infobar_for_missing_plugin",true);about:blank
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 - C:\Program Files (x86)\Hoopla\npExentCtl.dll (Exent Technologies Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: www.exent.com/GameTreatWidget - C:\Program Files (x86)\Hoopla\NPGameTreatPlugin.dll No File
FF Plugin HKCU: hp.com/HPDetect - C:\Users\coakley\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll (HP)
FF Extension: Start Savin - C:\Users\coakley\AppData\Roaming\Mozilla\Firefox\Profiles\u62ptnr2.default\Extensions\{8C5FCD2C-1E9D-137D-E624-6E9E2017F1D7} [2014-03-24]
FF HKCU\...\Firefox\Extensions: [{e919e40d-669b-4732-9991-dbcf47582d16}] - C:\Program Files (x86)\BlockAndSurf-soft\157.xpi
 
Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (BlockAndSurf) - C:\Users\coakley\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgboogeaaklojbicocbcepgdjjfbmgli [2014-03-26]
CHR HKCU\...\Chrome\Extension: [lcnnhcneegeeojhgpfijnlnocjdmlaon] - C:\ProgramData\ValueApps\CH\ValueApps.crx [2014-03-26]
CHR HKLM-x32\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Users\coakley\AppData\Local\Torch\Plugins\TorchPlugin.crx [2014-03-26]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-03-03]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 ADVService; C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2011-11-23] (Amazon.com)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-09-18] (Advanced Micro Devices, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [46904 2013-12-17] (Hewlett-Packard Company)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [702744 2014-01-23] ()
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-04-08] (LogMeIn, Inc.)
R2 pcregservice; C:\Program Files\pcreg\pcreg.exe [33864 2014-03-13] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-21] (Advanced Micro Devices)
R1 BdfNdisf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfndisf6.sys [97816 2013-07-17] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [107080 2013-07-17] (BitDefender LLC)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\gzflt.sys [138232 2013-07-17] (BitDefender LLC)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-04-15] (LogMeIn Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-28] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [329800 2013-07-17] (BitDefender S.R.L.)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
R2 X5XSEx_Pr152; C:\Program Files (x86)\Hoopla\X5XSEx_Pr152.Sys [56584 2013-07-18] (Exent Technologies Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-29 05:45 - 2014-04-29 05:45 - 00022301 _____ () C:\Users\coakley\Downloads\FRST.txt
2014-04-29 05:45 - 2014-04-29 05:45 - 00000000 ____D () C:\FRST
2014-04-29 05:44 - 2014-04-29 05:44 - 02061824 _____ (Farbar) C:\Users\coakley\Downloads\FRST64.exe
2014-04-29 05:43 - 2014-04-29 05:43 - 01049600 _____ (Farbar) C:\Users\coakley\Downloads\FRST.exe
2014-04-29 04:55 - 2014-04-29 05:01 - 00007403 _____ () C:\Users\coakley\Desktop\attach.txt
2014-04-29 04:55 - 2014-04-29 05:00 - 00022291 _____ () C:\Users\coakley\Desktop\dds.txt
2014-04-29 04:52 - 2014-04-29 04:52 - 00000000 ___RD () C:\Users\coakley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-29 04:51 - 2014-04-29 04:51 - 00688992 ____R (Swearware) C:\Users\coakley\Downloads\dds.com
2014-04-29 04:41 - 2014-04-29 04:42 - 00001392 _____ () C:\Users\coakley\Desktop\FixExec.txt
2014-04-29 04:41 - 2014-04-29 04:41 - 00883616 _____ (Bleeping Computer, LLC) C:\Users\coakley\Downloads\FixExec.exe
2014-04-29 04:40 - 2014-04-29 04:40 - 00982016 _____ (Farbar) C:\Users\coakley\Downloads\MiniToolBox.exe
2014-04-29 04:39 - 2014-04-29 04:39 - 00409600 _____ (Farbar) C:\Users\coakley\Downloads\FSS.exe
2014-04-28 10:12 - 2014-04-28 10:12 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-28 10:12 - 2014-04-28 10:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-28 10:12 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-28 10:12 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-28 10:12 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-28 10:12 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-26 08:16 - 2014-04-26 08:16 - 00008005 _____ () C:\Users\coakley\Downloads\FlyMod_V043.zip
2014-04-25 17:07 - 2014-04-25 17:07 - 00108326 _____ () C:\Users\coakley\Downloads\IronMan_5.6.0.jar
2014-04-25 16:59 - 2014-04-25 16:59 - 00016609 _____ () C:\Users\coakley\Downloads\SuperHeroesCore_1.0.0.jar
2014-04-25 15:58 - 2014-04-25 15:58 - 00134734 _____ () C:\Users\coakley\Downloads\watch.htm
2014-04-25 09:20 - 2014-04-19 05:39 - 00628024 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-04-25 09:20 - 2014-04-19 04:45 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-04-25 09:20 - 2014-04-19 04:45 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-25 09:20 - 2014-04-19 02:57 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-04-25 09:20 - 2014-04-19 02:57 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-24 17:29 - 2014-04-24 17:29 - 00000000 ____D () C:\Users\coakley\AppData\Local\Skype
2014-04-24 17:28 - 2014-04-24 17:28 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-04-24 17:28 - 2014-04-24 17:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-04-23 15:55 - 2014-04-23 15:55 - 23135157 _____ () C:\Users\coakley\Downloads\ModernHD.zip
2014-04-23 15:55 - 2014-04-23 15:55 - 23135157 _____ () C:\Users\coakley\Downloads\ModernHD (1).zip
2014-04-23 15:45 - 2014-04-23 15:45 - 02685071 _____ () C:\Users\coakley\Downloads\ModernCraft 1.7.2.zip
2014-04-23 15:35 - 2014-04-23 15:36 - 36863181 _____ () C:\Users\coakley\Downloads\Lord v2.zip
2014-04-21 07:03 - 2014-04-21 07:03 - 03715768 _____ (LogMeIn, Inc.) C:\Users\coakley\Downloads\LogMeIn Client (4).exe
2014-04-20 06:29 - 2014-03-31 17:18 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-20 06:29 - 2014-03-31 17:18 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-19 06:44 - 2014-03-06 20:48 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-19 06:44 - 2014-03-06 20:48 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-19 06:44 - 2014-03-06 20:47 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-19 06:44 - 2014-03-06 20:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-19 06:44 - 2014-03-06 20:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-19 06:44 - 2014-03-06 20:08 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-19 06:44 - 2014-03-06 20:08 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-19 06:44 - 2014-03-06 20:08 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-19 06:44 - 2014-03-06 20:08 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-04-19 06:44 - 2014-03-06 20:08 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-19 06:44 - 2014-03-06 20:08 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-19 06:44 - 2013-05-15 18:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-04-19 06:44 - 2013-05-15 18:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-04-19 06:44 - 2013-05-14 09:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-19 06:44 - 2013-05-14 05:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-19 06:44 - 2013-02-21 06:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-04-19 06:44 - 2013-02-21 06:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-19 06:44 - 2013-02-21 06:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-19 06:44 - 2013-02-21 06:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-19 06:44 - 2013-02-19 05:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-04-19 06:44 - 2012-11-08 00:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-19 06:44 - 2012-11-08 00:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-19 06:44 - 2012-07-25 23:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-19 06:43 - 2014-03-06 20:47 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-19 06:43 - 2014-03-06 20:47 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-19 06:43 - 2014-03-06 20:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-19 06:43 - 2014-03-06 20:08 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-19 06:43 - 2014-03-06 20:08 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-19 06:43 - 2014-03-06 20:08 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-19 06:43 - 2014-03-06 20:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-19 06:43 - 2013-02-21 06:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-19 06:43 - 2013-02-21 06:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-19 06:42 - 2014-03-06 20:47 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-18 14:11 - 2014-01-26 23:42 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-04-18 14:11 - 2014-01-26 23:39 - 01939288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-18 14:11 - 2014-01-26 20:52 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-04-18 14:11 - 2014-01-26 20:31 - 19752448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-04-18 14:11 - 2014-01-11 02:48 - 05979648 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-18 14:10 - 2014-02-05 19:41 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-18 14:10 - 2014-02-05 19:41 - 00978432 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-04-18 14:10 - 2014-02-05 19:26 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-04-18 14:10 - 2014-02-05 19:19 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-18 14:10 - 2014-02-03 19:56 - 00332632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-18 14:10 - 2014-02-03 19:56 - 00278872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-18 14:10 - 2014-01-30 20:48 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2014-04-18 14:10 - 2014-01-30 20:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2014-04-18 14:10 - 2014-01-30 20:06 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2014-04-18 14:10 - 2014-01-26 19:17 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml
2014-04-18 14:10 - 2014-01-15 19:42 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-04-18 14:10 - 2014-01-11 01:06 - 05092352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-04-18 14:10 - 2014-01-02 19:35 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-04-18 14:10 - 2014-01-02 19:32 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-04-17 07:35 - 2014-04-17 07:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-04-17 07:35 - 2014-04-17 07:35 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-04-15 10:46 - 2014-04-15 10:46 - 00046136 ____H (LogMeIn Inc.) C:\Windows\system32\Drivers\Hamdrv.sys
2014-04-15 08:37 - 2014-04-15 08:37 - 00009388 _____ () C:\Users\coakley\Downloads\Darrell Oakley.vcf
2014-04-14 08:41 - 2014-04-28 08:13 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
 
==================== One Month Modified Files and Folders =======
 
2014-04-29 05:45 - 2014-04-29 05:45 - 00022301 _____ () C:\Users\coakley\Downloads\FRST.txt
2014-04-29 05:45 - 2014-04-29 05:45 - 00000000 ____D () C:\FRST
2014-04-29 05:44 - 2014-04-29 05:44 - 02061824 _____ (Farbar) C:\Users\coakley\Downloads\FRST64.exe
2014-04-29 05:43 - 2014-04-29 05:43 - 01049600 _____ (Farbar) C:\Users\coakley\Downloads\FRST.exe
2014-04-29 05:41 - 2014-03-16 08:57 - 01152654 _____ () C:\Windows\WindowsUpdate.log
2014-04-29 05:07 - 2013-07-23 12:06 - 00000000 ____D () C:\Users\coakley\Documents\Darrell
2014-04-29 05:02 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\sru
2014-04-29 05:01 - 2014-04-29 04:55 - 00007403 _____ () C:\Users\coakley\Desktop\attach.txt
2014-04-29 05:00 - 2014-04-29 04:55 - 00022291 _____ () C:\Users\coakley\Desktop\dds.txt
2014-04-29 04:52 - 2014-04-29 04:52 - 00000000 ___RD () C:\Users\coakley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-29 04:51 - 2014-04-29 04:51 - 00688992 ____R (Swearware) C:\Users\coakley\Downloads\dds.com
2014-04-29 04:42 - 2014-04-29 04:41 - 00001392 _____ () C:\Users\coakley\Desktop\FixExec.txt
2014-04-29 04:41 - 2014-04-29 04:41 - 00883616 _____ (Bleeping Computer, LLC) C:\Users\coakley\Downloads\FixExec.exe
2014-04-29 04:40 - 2014-04-29 04:40 - 00982016 _____ (Farbar) C:\Users\coakley\Downloads\MiniToolBox.exe
2014-04-29 04:39 - 2014-04-29 04:39 - 00409600 _____ (Farbar) C:\Users\coakley\Downloads\FSS.exe
2014-04-29 04:29 - 2013-03-08 11:04 - 00350208 ___SH () C:\Users\coakley\Documents\Thumbs.db
2014-04-29 04:25 - 2014-03-27 12:35 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-04-29 04:24 - 2013-03-02 18:02 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-28 22:23 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\rescache
2014-04-28 20:44 - 2013-03-02 18:02 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-28 17:54 - 2014-02-03 11:07 - 00000000 ____D () C:\Users\coakley\AppData\Roaming\.minecraft
2014-04-28 16:36 - 2014-03-27 05:27 - 00002143 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-28 10:29 - 2014-03-27 12:37 - 00002305 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-04-28 10:27 - 2012-07-26 03:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-28 10:14 - 2013-11-07 10:50 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-28 10:12 - 2014-04-28 10:12 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-28 10:12 - 2014-04-28 10:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-28 10:12 - 2013-08-21 13:30 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-28 10:03 - 2013-03-02 17:52 - 00000000 ____D () C:\Users\coakley
2014-04-28 09:34 - 2014-03-27 06:55 - 00060382 _____ () C:\Windows\PFRO.log
2014-04-28 09:31 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-04-28 08:13 - 2014-04-14 08:41 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-28 08:12 - 2014-03-04 10:25 - 00000354 _____ () C:\Windows\Tasks\HPCeeScheduleForcoakley.job
2014-04-28 08:12 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\Speech
2014-04-28 08:12 - 2012-07-26 01:26 - 00786432 ___SH () C:\Windows\system32\config\BBI
2014-04-26 19:17 - 2014-03-04 10:25 - 00003172 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForcoakley
2014-04-26 12:15 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\WinStore
2014-04-26 08:16 - 2014-04-26 08:16 - 00008005 _____ () C:\Users\coakley\Downloads\FlyMod_V043.zip
2014-04-26 06:52 - 2013-11-24 18:40 - 00000000 ____D () C:\Users\coakley\AppData\Local\LogMeIn Hamachi
2014-04-25 20:41 - 2013-03-02 18:03 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4278458405-1562588558-2467747291-1004
2014-04-25 17:07 - 2014-04-25 17:07 - 00108326 _____ () C:\Users\coakley\Downloads\IronMan_5.6.0.jar
2014-04-25 16:59 - 2014-04-25 16:59 - 00016609 _____ () C:\Users\coakley\Downloads\SuperHeroesCore_1.0.0.jar
2014-04-25 15:58 - 2014-04-25 15:58 - 00134734 _____ () C:\Users\coakley\Downloads\watch.htm
2014-04-25 06:07 - 2014-01-08 16:54 - 00000000 ____D () C:\Users\coakley\Desktop\minecraft stuff like mods and forge
2014-04-24 20:15 - 2013-10-24 11:29 - 00000000 ____D () C:\Users\coakley\AppData\Roaming\Skype
2014-04-24 20:15 - 2013-03-08 10:49 - 00000000 ___RD () C:\Users\coakley\Dropbox
2014-04-24 17:29 - 2014-04-24 17:29 - 00000000 ____D () C:\Users\coakley\AppData\Local\Skype
2014-04-24 17:28 - 2014-04-24 17:28 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-04-24 17:28 - 2014-04-24 17:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-04-24 17:28 - 2013-10-24 11:28 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-24 17:28 - 2013-10-24 11:28 - 00000000 ____D () C:\ProgramData\Skype
2014-04-24 00:05 - 2013-03-02 18:32 - 00000000 ____D () C:\Users\coakley\AppData\Local\CrashDumps
2014-04-23 15:55 - 2014-04-23 15:55 - 23135157 _____ () C:\Users\coakley\Downloads\ModernHD.zip
2014-04-23 15:55 - 2014-04-23 15:55 - 23135157 _____ () C:\Users\coakley\Downloads\ModernHD (1).zip
2014-04-23 15:45 - 2014-04-23 15:45 - 02685071 _____ () C:\Users\coakley\Downloads\ModernCraft 1.7.2.zip
2014-04-23 15:36 - 2014-04-23 15:35 - 36863181 _____ () C:\Users\coakley\Downloads\Lord v2.zip
2014-04-21 17:43 - 2013-03-04 17:05 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-04-21 17:42 - 2013-03-04 17:05 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-04-21 07:03 - 2014-04-21 07:03 - 03715768 _____ (LogMeIn, Inc.) C:\Users\coakley\Downloads\LogMeIn Client (4).exe
2014-04-20 17:45 - 2013-12-09 19:07 - 00000000 ____D () C:\ProgramData\Sonos,_Inc
2014-04-20 06:21 - 2012-07-26 04:12 - 00000000 ___RD () C:\Windows\ToastData
2014-04-19 10:03 - 2013-03-10 17:31 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-19 10:01 - 2013-08-16 14:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-19 09:50 - 2013-03-05 12:31 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-19 05:39 - 2014-04-25 09:20 - 00628024 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-04-19 04:45 - 2014-04-25 09:20 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-04-19 04:45 - 2014-04-25 09:20 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-19 02:57 - 2014-04-25 09:20 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-04-19 02:57 - 2014-04-25 09:20 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-17 07:35 - 2014-04-17 07:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-04-17 07:35 - 2014-04-17 07:35 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-04-15 13:04 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-04-15 10:46 - 2014-04-15 10:46 - 00046136 ____H (LogMeIn Inc.) C:\Windows\system32\Drivers\Hamdrv.sys
2014-04-15 08:37 - 2014-04-15 08:37 - 00009388 _____ () C:\Users\coakley\Downloads\Darrell Oakley.vcf
2014-04-15 08:36 - 2014-02-22 07:13 - 00000000 ____D () C:\Users\coakley\Documents\Taxes
2014-04-14 20:13 - 2014-04-28 10:12 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-14 20:05 - 2014-04-28 10:12 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-14 20:05 - 2014-04-28 10:12 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-14 20:04 - 2014-04-28 10:12 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-14 16:54 - 2014-03-27 12:35 - 00000000 ____D () C:\ProgramData\Search Protection
2014-04-14 08:40 - 2014-03-27 07:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-14 08:40 - 2014-03-27 07:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-14 08:40 - 2013-05-29 19:46 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-09 17:41 - 2014-03-25 12:54 - 00000000 ____D () C:\Users\coakley\Desktop\minecraft mods
2014-04-08 09:34 - 2013-03-10 18:35 - 00225792 ___SH () C:\Users\coakley\Desktop\Thumbs.db
2014-04-08 09:31 - 2013-08-27 10:41 - 00000000 ____D () C:\Users\coakley\Desktop\minecraft pics
2014-04-04 10:27 - 2014-02-13 10:43 - 00000000 ____D () C:\BigBrainz
2014-04-03 09:51 - 2014-03-27 07:13 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-03-27 07:13 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2013-05-29 19:46 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-31 17:18 - 2014-04-20 06:29 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-31 17:18 - 2014-04-20 06:29 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 
Some content of TEMP:
====================
C:\Users\coakley\AppData\Local\Temp\51b4f088-f17f-460d-8d8e-b31750f375a7.exe
C:\Users\coakley\AppData\Local\Temp\BackupSetup.exe
C:\Users\coakley\AppData\Local\Temp\dlLogic.exe
C:\Users\coakley\AppData\Local\Temp\dltr.exe
C:\Users\coakley\AppData\Local\Temp\fynsboiu.dll
C:\Users\coakley\AppData\Local\Temp\GCVerifier.dll
C:\Users\coakley\AppData\Local\Temp\helper.exe
C:\Users\coakley\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\coakley\AppData\Local\Temp\Quarantine.exe
C:\Users\coakley\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-04-18 14:00
 
==================== End Of Log ============================

Attached Files



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:56 PM

Posted 01 May 2014 - 07:33 AM

Hello,

 

Sorry for the delayed reply here. Somehow I missed your reply.

 

 

Click on Start > type in appwiz.cpl in the search box and press Enter
Find and uninstall the following programs from the list
 

Ad-Aware Security Add-on

 

 

Next please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

 

Regards,

Georgi


cXfZ4wS.png


#5 dloakley

dloakley
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 02 May 2014 - 07:44 PM

Here's the fix log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-05-2014
Ran by coakley at 2014-05-02 20:36:34 Run:1
Running from C:\Users\coakley\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
() C:\Program Files\pcreg\pcreg.exe
HKLM\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe [90184 2014-03-13] ()
HKLM-x32\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe [90184 2014-03-13] ()
HKU\S-1-5-21-4278458405-1562588558-2467747291-1004\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe [90184 2014-03-13] ()
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-4278458405-1562588558-2467747291-1004\...\Run: [BlockNSurf] => C:\Program Files (x86)\BlockAndSurf-soft\BlockNSurf.exe
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft)
C:\ProgramData\Ad-Aware Browsing Protection
C:\Program Files\pcreg
C:\Program Files (x86)\BlockAndSurf-soft
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll ()
BHO-x32: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll ()
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Hosts: 54.225.95.126 imfpmncmbojnbdhnogcegojocabhpbnh
FF Plugin-x32: www.exent.com/GameTreatWidget - C:\Program Files (x86)\Hoopla\NPGameTreatPlugin.dll No File
FF Extension: Start Savin - C:\Users\coakley\AppData\Roaming\Mozilla\Firefox\Profiles\u62ptnr2.default\Extensions\{8C5FCD2C-1E9D-137D-E624-6E9E2017F1D7} [2014-03-24]
FF HKCU\...\Firefox\Extensions: [{e919e40d-669b-4732-9991-dbcf47582d16}] - C:\Program Files (x86)\BlockAndSurf-soft\157.xpi
CHR Extension: (BlockAndSurf) - C:\Users\coakley\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgboogeaaklojbicocbcepgdjjfbmgli [2014-03-26]
CHR HKCU\...\Chrome\Extension: [lcnnhcneegeeojhgpfijnlnocjdmlaon] - C:\ProgramData\ValueApps\CH\ValueApps.crx [2014-03-26]
CHR HKLM-x32\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Users\coakley\AppData\Local\Torch\Plugins\TorchPlugin.crx [2014-03-26]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 pcregservice; C:\Program Files\pcreg\pcreg.exe [33864 2014-03-13] ()
Task: {226A7CC2-87BD-44A5-B481-82D21B9189E0} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {52ECD884-5E7F-47D0-BB2E-096AEFFBC83A} - System32\Tasks\BlockAndSurf_wd => C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurf_wd.exe
Task: {9C054B17-A25A-4660-A65D-AA3AFEC3036E} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {A48F005C-9B6E-42AB-8F45-936649CCBA67} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe [2014-03-13] ()
Task: {DF286791-9876-44B4-B8DA-EA94032555BC} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
AlternateDataStreams: C:\ProgramData\Microsoft:PNuQ8SAdRm1YZJMFbl3p0RhOLLlj9
AlternateDataStreams: C:\ProgramData\Microsoft:Zcy3GhkEBaC0ASVRnIr
AlternateDataStreams: C:\Users\coakley\AppData\Local\Temp:79tvtBxClA3yd5f9enfcpKsTFQl
AlternateDataStreams: C:\Users\coakley\AppData\Local\Temp:aAi2ea24Mm02uVcBpHZ7tl
AlternateDataStreams: C:\Users\coakley\AppData\Local\Temp:o7xULZ7DxpvwKHVffDbZXQJt
AlternateDataStreams: C:\Users\coakley\AppData\Local\Temporary Internet Files:his2hj3WOfT6h0jPtlv5jIeS
AlternateDataStreams: C:\Users\coakley\AppData\Local\Temporary Internet Files:pm2NMaYoWZFaxcTyRH8U
C:\Users\coakley\AppData\Local\Temp
end
*****************
 
[2176] C:\Program Files\pcreg\pcreg.exe => Process closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\pcreg => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\pcreg => Value deleted successfully.
HKU\S-1-5-21-4278458405-1562588558-2467747291-1004\Software\Microsoft\Windows\CurrentVersion\Run\\pcreg => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKU\S-1-5-21-4278458405-1562588558-2467747291-1004\Software\Microsoft\Windows\CurrentVersion\Run\\BlockNSurf => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Ad-Aware Browsing Protection => Value not found.
C:\ProgramData\Ad-Aware Browsing Protection => Moved successfully.
C:\Program Files\pcreg => Moved successfully.
"C:\Program Files (x86)\BlockAndSurf-soft" => File/Directory not found.
"C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar" => File/Directory not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3F2D23FC-D35B-405E-B68A-D58CA275E31B} => Key deleted successfully.
HKCR\CLSID\{3F2D23FC-D35B-405E-B68A-D58CA275E31B} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key deleted successfully.
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key deleted successfully.
HKCR\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} => Key deleted successfully.
HKCR\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c} => Key not found.
HKCR\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c} => Key not found.
HKCR\Wow6432Node\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => Value deleted successfully.
HKCR\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{6c97a91e-4524-4019-86af-2aa2d567bf5c} => Value not found.
HKCR\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{6c97a91e-4524-4019-86af-2aa2d567bf5c} => Value not found.
HKCR\Wow6432Node\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\www.exent.com/GameTreatWidget => Key deleted successfully.
C:\Program Files (x86)\Hoopla\NPGameTreatPlugin.dll not found.
C:\Users\coakley\AppData\Roaming\Mozilla\Firefox\Profiles\u62ptnr2.default\Extensions\{8C5FCD2C-1E9D-137D-E624-6E9E2017F1D7} => Moved successfully.
HKCU\Software\Mozilla\Firefox\Extensions\\{e919e40d-669b-4732-9991-dbcf47582d16} => Value deleted successfully.
C:\Users\coakley\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgboogeaaklojbicocbcepgdjjfbmgli => Moved successfully.
HKCU\SOFTWARE\Google\Chrome\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon => Key deleted successfully.
"C:\ProgramData\ValueApps\CH\ValueApps.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof => Key deleted successfully.
"C:\Users\coakley\AppData\Local\Torch\Plugins\TorchPlugin.crx" => File/Directory not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
HKCU\SOFTWARE\Policies\Google => Key deleted successfully.
pcregservice => Service deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{226A7CC2-87BD-44A5-B481-82D21B9189E0} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{226A7CC2-87BD-44A5-B481-82D21B9189E0} => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierPP2 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{52ECD884-5E7F-47D0-BB2E-096AEFFBC83A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52ECD884-5E7F-47D0-BB2E-096AEFFBC83A} => Key deleted successfully.
C:\Windows\System32\Tasks\BlockAndSurf_wd => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BlockAndSurf_wd => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9C054B17-A25A-4660-A65D-AA3AFEC3036E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C054B17-A25A-4660-A65D-AA3AFEC3036E} => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierPP3 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A48F005C-9B6E-42AB-8F45-936649CCBA67} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A48F005C-9B6E-42AB-8F45-936649CCBA67} => Key deleted successfully.
C:\Windows\System32\Tasks\pcreg => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pcreg => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DF286791-9876-44B4-B8DA-EA94032555BC} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF286791-9876-44B4-B8DA-EA94032555BC} => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierPP1 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1 => Key deleted successfully.
C:\Windows\Tasks\APSnotifierPP1.job => Moved successfully.
C:\Windows\Tasks\APSnotifierPP2.job => Moved successfully.
C:\Windows\Tasks\APSnotifierPP3.job => Moved successfully.
C:\ProgramData\Microsoft => ":PNuQ8SAdRm1YZJMFbl3p0RhOLLlj9" ADS removed successfully.
C:\ProgramData\Microsoft => ":Zcy3GhkEBaC0ASVRnIr" ADS removed successfully.
C:\Users\coakley\AppData\Local\Temp => ":79tvtBxClA3yd5f9enfcpKsTFQl" ADS removed successfully.
C:\Users\coakley\AppData\Local\Temp => ":aAi2ea24Mm02uVcBpHZ7tl" ADS removed successfully.
C:\Users\coakley\AppData\Local\Temp => ":o7xULZ7DxpvwKHVffDbZXQJt" ADS removed successfully.
"C:\Users\coakley\AppData\Local\Temporary Internet Files" => ":his2hj3WOfT6h0jPtlv5jIeS" ADS not found.
"C:\Users\coakley\AppData\Local\Temporary Internet Files" => ":pm2NMaYoWZFaxcTyRH8U" ADS not found.
 
"C:\Users\coakley\AppData\Local\Temp" directory move:
 
C:\Users\coakley\AppData\Local\Temp\3903-6183-22b8-e2f9 => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\51b4f088-f17f-460d-8d8e-b31750f375a7.exe => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\adaware-toolbar.xml => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\adawaretb_Install_Log.txt => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\adawaretb_Uninstall_Log.txt => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\AdobeARM.log => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\AdwCleaner.jpg => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\Attach.txt => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\au-descriptor-1.7.0_55-b14.xml => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\AUCHECK_PARSER.txt => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\cdmB894.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\chrome_installer.log => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\Cleaning.ico => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\CSC5245.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\CVR271F.tmp.cvr => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\CVR6344.tmp.cvr => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\CVR637C.tmp.cvr => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\CVR7905.tmp.cvr => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\CVR7DC.tmp.cvr => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\CVR9DF8.tmp.cvr => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\CVREFD2.tmp.cvr => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\D94CB95F.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\DDS.txt => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\dlLogic.exe => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\dltr.exe => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\Donate.ico => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\drmtemp27C68A806EB176A.htm => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\etilqs_2OROiVvtnPNlMCf => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\etilqs_5r0UVVm7dycxUdx => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\etilqs_6yZ7395uhv94i2I => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\etilqs_7dWk96fJB6OlnvB => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\etilqs_7OALXMM7DfM8c8B => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\etilqs_8hGh1vdUoQuLheR => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\etilqs_8ik3HgxnfI23Dqa => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\etilqs_a9LOAdzzYrgd0ag => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\etilqs_apIWsEK5WFNfGr0 => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\etilqs_aSqaCahAady4i46 => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\etilqs_b4GwEjZW7Z0UZIN => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\etilqs_bnJEIzbU2U6kCSH => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\etilqs_bwPZzPCsulNdI5L => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\etilqs_c487TkUi7blsKOi => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\etilqs_D0MXkyew5qD5nXD => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\etilqs_EieacD7GIUBoXbu => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\etilqs_eUGZyTedzQxIpuz => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\etilqs_f93IO0LIO6wnTTz => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\etilqs_fgiqnI4IXARGNbv => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\etilqs_gAnx3rgyOZQboN1 => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\etilqs_GfLHQg9CP6ABtwl => Moved successfully.
Could not move "C:\Users\coakley\AppData\Local\Temp\etilqs_h56p0X61uVk5cLY" => Scheduled to move on reboot.
C:\Users\coakley\AppData\Local\Temp\etilqs_HH2dF2GOG0AQXm4 => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\etilqs_HtSghb4tPoZcJly => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\etilqs_iHhVQ8whxT6Jpuq => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\etilqs_kBjzI7VbPm0izYI => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\etilqs_l7V96yTHg6Tcl49 => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\etilqs_LBNqBjcfHi7vJxk => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\etilqs_MCPH7gpH9aV1Lzf => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\etilqs_n2VtlvtiLdFwPFI => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\etilqs_NVAbltrBcifPb4f => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\etilqs_o4LmYZHKP5WF545 => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\etilqs_Oh97hDpr30WFuOH => Moved successfully.
Could not move "C:\Users\coakley\AppData\Local\Temp\etilqs_PHUXpWEe1WfC0QN" => Scheduled to move on reboot.
C:\Users\coakley\AppData\Local\Temp\etilqs_QBV0o85z2AH2ANg => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\etilqs_RsgSmSARPVU5oi1 => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\etilqs_tAZmBtBJSeXKfBv => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\etilqs_tkeH4611uxKqDVf => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\etilqs_TRn1SKqbMoenbqB => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\etilqs_Tsl1rlLDGYP0wKx => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\etilqs_VaxW3oVgRIoqSMF => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\etilqs_WcalQJprwpYfQRD => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\etilqs_WjYejzy5WSTsqVD => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\etilqs_YiG47FL7pUTIOlB => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\etilqs_yiyjpBlx9l8HITW => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\etilqs_yLkRR2Qc8Cf56ag => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\etilqs_ZchPBKKNW8V6urM => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\EULA.txt => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\fla3B4A.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\flaAB9.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\FXSAPIDebugLogFile.txt => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\FXSTIFFDebugLogFile.txt => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\fynsboiu.0.cs => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\fynsboiu.cmdline => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\fynsboiu.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\fynsboiu.err => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\fynsboiu.out => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\fynsboiu.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\GCVerifier.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\geColladaModelCacheLock => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\geIconCacheLock => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\ham499C.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\hamachi.lng => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\helper.exe => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\heu39T.nss => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\HPSAActionItems.xml => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\HQ-Vid-1.9bInstaller_1395852664.log => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\inst22995.txt => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\JAUReg.log => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\JavaDeployReg.log => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\java_install_reg.log => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\java_install_sp.log => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jinstall.cfg => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jusched.log => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\mpbtrk.log => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\MSI171b6.LOG => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\MSI5fdce.LOG => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\MSIbe56e.LOG => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\nsa3132.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\nsb6A68.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\nscF50B.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\nse4901.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\nsh1798.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\nshEFFA.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\nsj7FE.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\nsk340E.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\nsm1545.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\nsnD346.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\nsu8D9F.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\nsv4532.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\nsv5CE7.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\nsw8623.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\nsy7501.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\nsz2BA2.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\nsz9695.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\ocv76C4.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\PCULog0.txt => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\RDB1A3.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\RDFFB2.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\RegisterLsp.log => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\Report.ico => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\RES5256.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\Scan.ico => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\Setup Log 2014-03-26 #001.txt => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\Setup Log 2014-03-26 #002.txt => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\SetupAdminBAC.log => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\skin105016089781918638.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\skin1084919858704488776.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\skin1206796561340202368.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\skin1261004292313562567.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\skin1360038301231675780.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\skin2110193609270253270.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\skin3028432903566907362.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\skin3153779089339291243.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\skin3532647167492318400.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\skin3803526211663007837.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\skin3947246624136094000.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\skin4395578124311062981.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\skin529305195368109826.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\skin627976925787358019.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\skin7404414329878273879.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\skin767473719745978943.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\skin7879462643651487360.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\skin8449306200209565237.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\swf7F.tmp.swf => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\swf80.tmp.swf => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\swfD5C.tmp.swf => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\swfD635.tmp.swf => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\swfE937.tmp.swf => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\swfE938.tmp.swf => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\SymCCISDll.txt => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\tempfile.t => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\TWAIN.LOG => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\Twain001.Mtx => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\Twunk001.MTX => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\Twunk002.MTX => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\Uninstall.ico => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\upe123A.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\upe1305.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\upe207C.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\upe341C.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\upe3E39.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\upe44AF.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\upe4CF0.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\upe4F0B.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\upe510E.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\upe5283.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\upe5909.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\upe71F6.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\upe7705.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\upe7EF1.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\upeBA0F.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\upeC6A7.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\upeCE48.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\upeDDA4.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\upeECC.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\upeED9C.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\upeEEA2.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\upeF0CE.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\upeF661.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\upeF789.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\upeF7C9.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\upr1074.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\upr13AF.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\upr158.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\upr2D38.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\upr34B.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\upr3958.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\upr40F6.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\upr4CA9.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\upr565A.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\upr7272.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\upr954F.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\uprAB2A.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\uprAF03.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\uprBDF4.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\uprBF88.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\uprC062.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\uprCA87.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\uprD296.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\uprD384.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\uprD539.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\uprD866.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\uprD976.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\uprEE16.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\uprFAA.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\winstore.log => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DF01BA913DB0FDFA3E.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DF027DB1BFD6EE2828.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DF0462204CBEB90471.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DF0AA309AEA3329061.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DF0DCFC29BA15959BC.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DF1004565BAC36732E.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DF10C062587C13A7C1.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DF18912AA80113FC70.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DF1A4C3776C15583D8.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DF1A83EB8CD33D56F6.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DF1B462FE1DB4386B8.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DF2037A15CE6F70875.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DF224979F44CEE61DE.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DF2897046779BFE32C.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DF2DC54C63B2610FD7.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DF2FF143344F92E86F.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DF374AC966F358B8D6.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DF39BE622F18F4C405.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DF3B6F0236E88716F8.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DF3C8F75550FE70691.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DF3DD0CBEB9CF41AE6.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DF4784E5B93233462C.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DF4A74780629877456.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DF4FC72CB8E220E952.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DF63E222B4431F5D1D.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DF698692D1DC69A062.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DF6DAFD247C2090E88.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DF70BD8B69E9817747.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DF745282C17A4B1FD6.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DF78824152FABE16BB.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DF790C6EC09F8CFECE.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DF800016D0AD9D0DD7.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DF82CB3CEE28BE5387.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DF86A8BCB2311ACABC.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DF87BFF314780CD393.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DF87FF2BD1770665ED.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DF8B703E7CB8B041DC.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DF8E6102200761DCD4.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DF921898DA2B8A40CA.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DF923C8D25F58DF97E.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DF92DC2D38A21F9D9C.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DF985B89EC8D350536.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DF9B7A991EECD1C93C.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DFA1A56C2E4F520C44.TMP => Moved successfully.
Could not move "C:\Users\coakley\AppData\Local\Temp\~DFAEF146B552883939.TMP" => Scheduled to move on reboot.
C:\Users\coakley\AppData\Local\Temp\~DFB201E9D67640E837.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DFB3356FFAED864583.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DFB972110470A9831A.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DFC1E267D896FAB45F.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DFD34E62D3A01B8FEC.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DFD7224E6562EC15D0.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DFD8AF669CBB4CE631.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DFDFC58A8F7F3DEFB3.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DFE02C5DDB3DA0F887.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DFE4A0829FA42C20C8.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DFEE2794B879C78DDE.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DFF542274D8ED84924.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DFFAA1086E88845FBB.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DFFC7196773EF54968.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DFFFB85B6E5A161719.TMP => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~nsu.tmp\Au_.exe => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\~nsu.tmp\Bu_.exe => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{FB429A25-E647-4A41-8E9E-114FDD8AE911}\ISBEW64.exe => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{ED646C37-474F-4CAB-B367-670AD37D4017}\ISBEW64.exe => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{D363631E-162F-4D41-AB8F-118D6A266829}\ISBEW64.exe => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{6c97a91e-4524-4019-86af-2aa2d567bf5c}\geodata.xml => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\GoogleCrashHandler.exe => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\GoogleCrashHandler64.exe => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\GoogleUpdate.exe => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\GoogleUpdateBroker.exe => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\GoogleUpdateHelper.msi => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\GoogleUpdateOnDemand.exe => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\GoogleUpdateSetup.exe => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdate.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_am.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_ar.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_bg.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_bn.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_ca.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_cs.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_da.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_de.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_el.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_en-GB.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_en.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_es-419.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_es.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_et.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_fa.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_fi.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_fil.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_fr.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_gu.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_hi.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_hr.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_hu.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_id.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_is.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_it.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_iw.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_ja.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_kn.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_ko.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_lt.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_lv.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_ml.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_mr.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_ms.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_nl.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_no.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_pl.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_pt-BR.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_pt-PT.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_ro.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_ru.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_sk.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_sl.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_sr.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_sv.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_sw.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_ta.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_te.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_th.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_tr.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_uk.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_ur.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_vi.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_zh-CN.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\goopdateres_zh-TW.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\npGoogleUpdate3.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\psmachine.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{3767E06D-1241-4064-8954-2F660AC6FA91}\psuser.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{260E2E4D-98C8-4D18-83F3-61C31A5A7636}\ISBEW64.exe => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\{09CCFE27-07DA-45AD-9E32-EB88D336CE42}\ISBEW64.exe => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\TCD7F72.tmp\CleanGradient.thmx => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\OICE_9000B290-C7E1-4B58-86D9-9D4C95674D7D.0\F658A847. not found.
C:\Users\coakley\AppData\Local\Temp\nsz11DD.tmp\nsProcess.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\nswF00A.tmp\inetc.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\nswF00A.tmp\System.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\nsq1FA1.tmp\inetc.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\nsq1FA1.tmp\System.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\nsn7511.tmp\md5dll.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\nsn7511.tmp\nsExec.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\nsn7511.tmp\ping.js => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\nsn7511.tmp\System.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\nsm1546.tmp\inetc.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\nsm1546.tmp\StubUtils.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\nsm1546.tmp\System.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\nskE781.tmp\inetc.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\nskE781.tmp\System.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\nsjD8D3.tmp\xml.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\nsf22BA.tmp\inetc.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\nsf22BA.tmp\System.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\nsdD357.tmp\inetc.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\nsdD357.tmp\System.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\msohtmlclip1\01\clip_colorschememapping.xml => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\msohtmlclip1\01\clip_themedata.thmx => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\Low\JavaDeployReg.log => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\APPID_clsid.dat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\APPID_files.dat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\appinit64_null.reg => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\appinit_null.reg => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\APPPATHS.dat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\APPROVEDEXTENSIONS_clsid.dat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\ask.bat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\askCLSID.dat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\askregkey_x64.dat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\askregkey_x86.dat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\askregvalue_x64.dat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\askregvalue_x86.dat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\askservices.dat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\badAPPINIT.dat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\badFOLDERS.cfg => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\badFOLDERScom.cfg => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\badFOLDERSstart.cfg => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\badLNK.cfg => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\badvalues.cfg => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\BHO_clsid.dat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\BHO_name.dat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\browsermngr_keys.cfg => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\browsermngr_values.cfg => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\CHOICE.DAT => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\chrome.bat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\CHRregkey_x64.cfg => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\CHRregkey_x86.cfg => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\CHR_extensions.cfg => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\CHR_open_x64.reg => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\CHR_open_x86.reg => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\clean_shortcut.vbs => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\CLSID_clsid.dat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\currentmd5.txt => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\CUT.DAT => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\datamngr_del.reg => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\defaultscope.cfg => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\delfolders.bat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\delorphans.bat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\ELEVATIONPOLICY_clsid.dat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\ev_clear.bat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\EXT.dat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\FFbrowsermngr.dat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\FFextensions.dat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\FFpluginREG.dat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\FFplugins.dat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\FFprefs.dat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\FFregkey_x64.dat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\FFregkey_x86.dat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\FFwhtlist.cfg => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\FFXML.dat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\FFXPI.dat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\FF_open_x64.reg => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\FF_open_x86.reg => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\firefox.bat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\FWCLSID.dat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\FWPolicy.bat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\get.bat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\IEwhtlst.cfg => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\iexplore.bat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\IE_open_x64.reg => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\IE_open_x86.reg => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\IFEO.dat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\INTERFACE_clsid.dat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\JRT.bat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\medfos.bat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\MENUEXT.dat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\misc.bat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\modules.bat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\modules.dat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\moduleservices.dat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\newmd5.txt => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\NIRCMD.DAT => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\NOTIFY.dat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\PREAPPROVED_clsid.dat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\prelim.bat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\PRODUCTS.dat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\REGhcr.cfg => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\REGhkcu_and_hklm_allow.cfg => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\REGhkcu_and_hklm_software.cfg => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\REGhkcu_software_appdatalow.cfg => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\REGhkcu_software_microsoft.cfg => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\REGhklm_software_classes.cfg => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\REGISTRYUSERSID.cfg => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\runvalues.bat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\runvalues_x64.cfg => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\runvalues_x86.cfg => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\S1518COMPONENTS.dat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\searchlnk.bat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\SED.DAT => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\sednewline.txt => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\services.dat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\serviceseventlog.cfg => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\SETTINGS_clsid.dat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\SHORTCUT.DAT => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\STATS_clsid.dat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\TDL4.bat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\TRACING.dat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\TYPELIB_clsid.dat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\UNINSTALL.dat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\UpgradeCodes.dat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\WGET.DAT => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\WOW6432NODE.dat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\temp\appinit.txt => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\temp\appinit64.txt => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\temp\badAPPINIT.txt => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\temp\badAPPINIT64.txt => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\temp\BADmodules.txt => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\temp\conduitfloat.txt => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\temp\keys.txt => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\temp\moduledump.txt => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\temp\modulefilter1.txt => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\temp\null.txt => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\temp\values.txt => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\erunt\ERDNT.E_E => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\erunt\ERDNTDOS.LOC => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\erunt\ERDNTWIN.LOC => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\erunt\ERUNT.EXE => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\erunt\ERUNT.EXE.manifest => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\erunt\ERUNT.LOC => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\jrt\erunt\README.TXT => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is45637729\6005059_stp.CIS => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is45637729\6005059_stp.CIS.part => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is45637729\6005195_stp.CIS => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is45637729\6005195_stp.CIS.part => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is45637729\6005247_stp.CIS => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is45637729\6005247_stp.CIS.part => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is45637729\6005344_stp.CIS => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is45637729\6005344_stp.CIS.part => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is45637729\6005375_stp.CIS => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is45637729\6005375_stp.CIS.part => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is45637729\6005508_stp.EXE => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is45637729\6005508_stp.EXE.part => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is45637729\6005560_stp.CIS => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is45637729\6005560_stp.CIS.part => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is45637729\6005648_stp.CIS => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is45637729\6005648_stp.CIS.part => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is45637729\6005668_stp.CIS => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is45637729\6005668_stp.CIS.part => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is45637729\6005821_stp.CIS => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is45637729\6005821_stp.CIS.part => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is45637729\6005195_stp\SCC.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is45637729\6005059_stp\AnyProtectScannerSetup.exe => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is-R2Q88.tmp\38901us.exe => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is-R2Q88.tmp\itdownload.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is-R2Q88.tmp\itd_fr.ini => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is-R2Q88.tmp\_isetup\_setup64.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is-R2Q88.tmp\_isetup\_shfoldr.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is-NBP2G.tmp\InstallerExtensions.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is-NBP2G.tmp\license.en.rtf => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is-NBP2G.tmp\notcertified.bmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is-NBP2G.tmp\printer.bmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is-NBP2G.tmp\SpeedUpMyPC-standalone-setup.exe => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is-NBP2G.tmp\_isetup\_setup64.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is-NBP2G.tmp\_isetup\_shfoldr.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is-MK0JM.tmp\dragon.bmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is-MK0JM.tmp\innocallback.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is-MK0JM.tmp\itdownload.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is-MK0JM.tmp\itd_en.ini => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is-MK0JM.tmp\package_ddragon_installer_multilang.exe => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is-MK0JM.tmp\_isetup\_setup64.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is-MK0JM.tmp\_isetup\_shfoldr.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is-J7AS4.tmp\speedupmypc.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is-J0763.tmp\package_ddragon_installer_multilang.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is-HO1P2.tmp\innocallback.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is-HO1P2.tmp\itdownload.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is-HO1P2.tmp\itd_en.ini => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is-HO1P2.tmp\package_ddragon_offer_multilang.exe => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is-HO1P2.tmp\package_secureprotect_offer_multilang.exe => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is-HO1P2.tmp\VirtualMachineDetect.exe => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is-HO1P2.tmp\_isetup\_setup64.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is-HO1P2.tmp\_isetup\_shfoldr.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is-FBD8C.tmp\majfst.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is-E3F81.tmp\package_bueno_installer_multilang.exe => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is-5OQRK.tmp\innocallback.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is-5OQRK.tmp\itdownload.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is-5OQRK.tmp\itd_en.ini => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is-5OQRK.tmp\memo_text.txt => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is-5OQRK.tmp\package_secureprotect_installer_multilang.exe => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is-5OQRK.tmp\_isetup\_setup64.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\is-5OQRK.tmp\_isetup\_shfoldr.dll => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\HP Support Framework\HPSF_Config1.dll => Moved successfully.
Could not move "C:\Users\coakley\AppData\Local\Temp\Exent\GI20140502231159GMT.Log" => Scheduled to move on reboot.
C:\Users\coakley\AppData\Local\Temp\EPSON\Download Navigator\Share\Share.dat => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\AppleMediaCache\CM-55EE.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\AppleMediaCache\CM-63D4.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\AppleMediaCache\diskcacherepository.plist => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\Amazon Digital Video\Applog.adv => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\Amazon Digital Video\Systraylog.adv => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\8724_7875\crl-set => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\8724_7875\manifest.fingerprint => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\8724_7875\manifest.json => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\8184_20846\crl-set => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\8184_20846\manifest.fingerprint => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\8184_20846\manifest.json => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\7512_11968\crl-set => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\7512_11968\manifest.fingerprint => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\7512_11968\manifest.json => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\7200_20286\crl-set => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\7200_20286\manifest.fingerprint => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\7200_20286\manifest.json => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\6880_25831\crl-set => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\6880_25831\manifest.fingerprint => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\6880_25831\manifest.json => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\6364_2473\crl-set => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\6364_2473\manifest.fingerprint => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\6364_2473\manifest.json => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\6056_4798\crl-set => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\6056_4798\manifest.fingerprint => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\6056_4798\manifest.json => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\5948_10255\crl-set => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\5948_10255\manifest.fingerprint => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\5948_10255\manifest.json => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\5864_17142\crl-set => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\5864_17142\manifest.fingerprint => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\5864_17142\manifest.json => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\5728_25596\crl-set => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\5728_25596\manifest.fingerprint => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\5728_25596\manifest.json => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\5628_29500\crl-set => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\5628_29500\manifest.fingerprint => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\5628_29500\manifest.json => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\5500_26397\crl-set => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\5500_26397\manifest.fingerprint => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\5500_26397\manifest.json => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\4396_23120\crl-set => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\4396_23120\manifest.fingerprint => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\4396_23120\manifest.json => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\4148_18316\crl-set => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\4148_18316\manifest.fingerprint => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\4148_18316\manifest.json => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\2780_24192\crl-set => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\2780_24192\manifest.fingerprint => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\2780_24192\manifest.json => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\bin.dmc => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\config.dmc => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\temp\ConvertFilesforFreeinfo.dfe => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\temp\Dockings.dfe => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\temp\Freesofttodayinfo.dfe => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\temp\HQVideo-Proinfo.dfe => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\temp\Muvicinfo.dfe => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\temp\templateDisplays.dfe => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\temp\templateStyle.dfe => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\software\ccleaner.exe => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\software\Cloud_Backup_Setup.exe => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\software\Installer.exe => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\software\setup.exe => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\software\speedupmypc.exe => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\bin\bin.html => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\bin\Muvic\info.html => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\bin\HQVideo-Pro\info.html => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\bin\Freesofttoday\info.html => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\bin\exe\box.html => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\bin\exe\close.html => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\bin\exe\finish.html => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\bin\exe\group.html => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\bin\exe\instalando.html => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\bin\exe\options.html => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\bin\exe\welcome.html => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\bin\css\base.css => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\bin\css\convertfilesforfree.css => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\bin\css\freesoftoday.css => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\bin\css\hq-videopro.css => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\bin\css\jquery.min.js => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\bin\css\muvic.css => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\bin\css\position1A.css => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\bin\css\position2A.css => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\bin\css\position2B.css => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\bin\css\position2C.css => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\bin\css\position3A.css => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\bin\css\position3B.css => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\bin\css\position3C.css => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\bin\css\position3D.css => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\bin\css\position4A.css => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\bin\css\style.css => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\bin\css\images\bg_app.jpg => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\bin\css\images\bg_app.png => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\bin\css\images\bg_app_obv.jpg => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\bin\css\images\boton.jpg => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\bin\css\images\boton_xl.jpg => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\bin\css\images\bullet-short.gif => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\bin\css\images\bullet.gif => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\bin\css\images\butpause.png => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\bin\css\images\butplay.png => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\bin\css\images\check-close.png => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\bin\css\images\check.jpg => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\bin\css\images\cross.jpg => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\bin\css\images\less.png => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\bin\css\images\logo-win.jpg => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\bin\css\images\more.png => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\bin\css\images\percentage-bg.png => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\bin\css\images\progress.png => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\bin\css\images\progress_small.png => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\bin\css\images\progress_small_bg.png => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\25d19dc0-2590-41c4-99bf-2cd25a5ec64d\bin\ConvertFilesforFree\info.html => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\2484_24321\crl-set => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\2484_24321\manifest.fingerprint => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\2484_24321\manifest.json => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\2388_23607\crl-set => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\2388_23607\manifest.fingerprint => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\2388_23607\manifest.json => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\03291524-00001438-xmfpmyttoa\tmpAE9C.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\03291524-00001438-xmfpmyttoa\tmpAFB5.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\03291521-00001eb4-nwkzyzqbwa\tmpF080.tmp => Moved successfully.
C:\Users\coakley\AppData\Local\Temp\03291521-00001eb4-nwkzyzqbwa\tmpF0FE.tmp => Moved successfully.
Could not move "C:\Users\coakley\AppData\Local\Temp" directory. => Scheduled to move on reboot.
 
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-05-02 20:39:53)<=
 
C:\Users\coakley\AppData\Local\Temp\etilqs_h56p0X61uVk5cLY => Is moved successfully.
C:\Users\coakley\AppData\Local\Temp\etilqs_PHUXpWEe1WfC0QN => Is moved successfully.
C:\Users\coakley\AppData\Local\Temp\~DFAEF146B552883939.TMP => Is moved successfully.
C:\Users\coakley\AppData\Local\Temp\Exent\GI20140502231159GMT.Log => Is moved successfully.
C:\Users\coakley\AppData\Local\Temp => Moved successfully.
 
==== End of Fixlog ====


#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:56 PM

Posted 03 May 2014 - 05:19 PM

Hello,

 

Sorry for the delay. There was a massive electric storm and I had to keep my computer turned off.

Let's continue this way:

 

 

STEP 1

 

 

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

STEP 2

 

 

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

Regards,

Georgi


cXfZ4wS.png


#7 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:56 PM

Posted 07 May 2014 - 01:34 PM

Hello,

 

Do you still need assistance?

 

 

Regards,

Georgi


cXfZ4wS.png


#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:56 PM

Posted 11 May 2014 - 11:08 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users