Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

UnnisAle adware/malware infestation


  • This topic is locked This topic is locked
7 replies to this topic

#1 Ridir

Ridir

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 26 January 2015 - 05:33 PM

I recently tried to download a download accelerator (bad idea I know) from basically a torrent website, I didn't pay 100% attention to the third party files and included was unniSale adware/malware.

 

I have not found it in my internet explorer but it has manifested itself into google chrome and although I can remove extension and negate it a bit, the program keeps popping up opening more and more dialogue boxes. 

 

I am asking for help and understand the turn around time might be a little longer than most people like, I do have to depart on a business trip where I will not have internet access in a little under a week so hopefully I will have time to enact the fixes that are provided. 

 

I have already run FRST and attached the txt files FRST and addition and will post them in a reply <> as well.

 

Thank you in advance!

Attached Files



BC AdBot (Login to Remove)

 


m

#2 Ridir

Ridir
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 26 January 2015 - 05:34 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Wes (administrator) on GAMECOCK on 27-01-2015 07:17:39
Running from C:\Users\Wes\Desktop
Loaded Profiles: Wes (Available profiles: Wes)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ZTE Corporation) C:\Program Files\Pre-Paid Telstra WIFI 4G\DeviceMonitor_x64.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
() C:\Windows\System32\valWBFPolicyService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
() C:\Program Files\Pre-Paid Telstra WIFI 4G\CancelAutoPlay.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-24] (IDT, Inc.)
HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-03] (ActivIdentity)
HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-03] (ActivIdentity)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-25] (Synaptics Incorporated)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-08-01] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Razer Naga Driver] => C:\Program Files (x86)\Razer\Naga\NagaTray.exe [810880 2010-05-12] (Razer USA Ltd)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-11-03] (Razer Inc.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-08] (Fitbit, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-10-07] (BlueStack Systems, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2347897825-1624010096-2217604703-1001\...\Run: [CancelAutoPlay] => C:\Program Files\Pre-Paid Telstra WIFI 4G\CancelAutoPlay.exe [68096 2012-03-01] ()
HKU\S-1-5-21-2347897825-1624010096-2217604703-1001\...\Run: [Google Update] => C:\Users\Wes\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-08-18] (Google Inc.)
HKU\S-1-5-21-2347897825-1624010096-2217604703-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2347897825-1624010096-2217604703-1001\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55360 2013-09-28] (Raptr, Inc)
HKU\S-1-5-21-2347897825-1624010096-2217604703-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-08] (Fitbit, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ActivClient Agent.lnk
ShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
Startup: C:\Users\Wes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1510 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1510 series.lnk -> C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Wes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1Qzu0AtD0BtA0C0CyE0AyD0E0CyC0FyEtA0AtN0D0Tzu0SyDyEtDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB&cr=1591824645&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.thesearchpage.info/?pid=2921&r=2015/01/20&hid=11767690471680125434&lg=EN&cc=US&unqvl=74
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKU\S-1-5-21-2347897825-1624010096-2217604703-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd62&cd=2XzuyEtN2Y1L1Qzu0AtD0BtA0C0CyE0AyD0E0CyC0FyEtA0AtN0D0Tzu0SyDyEtDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB&cr=1591824645&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd62&cd=2XzuyEtN2Y1L1Qzu0AtD0BtA0C0CyE0AyD0E0CyC0FyEtA0AtN0D0Tzu0SyDyEtDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB&cr=1591824645&ir=
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {706B54B1-62BF-4F37-BFCB-95BBF4380A8B} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=2921&r=2015/01/20&hid=11767690471680125434&lg=EN&cc=US&unqvl=74
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd62&cd=2XzuyEtN2Y1L1Qzu0AtD0BtA0C0CyE0AyD0E0CyC0FyEtA0AtN0D0Tzu0SyDyEtDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB&cr=1591824645&ir=
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {706B54B1-62BF-4F37-BFCB-95BBF4380A8B} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=2921&r=2015/01/20&hid=11767690471680125434&lg=EN&cc=US&unqvl=74
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
SearchScopes: HKU\S-1-5-21-2347897825-1624010096-2217604703-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd62&cd=2XzuyEtN2Y1L1Qzu0AtD0BtA0C0CyE0AyD0E0CyC0FyEtA0AtN0D0Tzu0SyDyEtDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB&cr=1591824645&ir=
SearchScopes: HKU\S-1-5-21-2347897825-1624010096-2217604703-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-2347897825-1624010096-2217604703-1001 -> {706B54B1-62BF-4F37-BFCB-95BBF4380A8B} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2347897825-1624010096-2217604703-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-2347897825-1624010096-2217604703-1001 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=2921&r=2015/01/20&hid=11767690471680125434&lg=EN&cc=US&unqvl=74
SearchScopes: HKU\S-1-5-21-2347897825-1624010096-2217604703-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 192.168.1.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2347897825-1624010096-2217604703-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Wes\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2347897825-1624010096-2217604703-1001: @talk.google.com/O1DPlugin -> C:\Users\Wes\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2347897825-1624010096-2217604703-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Wes\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2347897825-1624010096-2217604703-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Wes\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Wes\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Wes\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Wes\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bejeweled) - C:\Users\Wes\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2013-03-07]
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\Wes\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2013-03-07]
CHR Extension: (Google Docs) - C:\Users\Wes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-07]
CHR Extension: (Docs Offline Background Page) - C:\Users\Wes\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Wes\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-20]
CHR Extension: (Rage Comics) - C:\Users\Wes\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigbpmgpdffelbefknlmefjiejgoinao [2013-10-05]
CHR Extension: (YouTube) - C:\Users\Wes\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-07]
CHR Extension: (Google Search) - C:\Users\Wes\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-07]
CHR Extension: (Website Logon) - C:\Users\Wes\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo [2013-03-07]
CHR Extension: (Marvel Comics) - C:\Users\Wes\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfaknohpjconjoefidanhihokmkice [2013-03-07]
CHR Extension: (The Weather Channel for Chrome) - C:\Users\Wes\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2013-03-07]
CHR Extension: (WordPress.com) - C:\Users\Wes\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjnjifipfkgglficmipimgjpbmlbemd [2013-03-07]
CHR Extension: (Google Maps) - C:\Users\Wes\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-03-07]
CHR Extension: (Poppit!) - C:\Users\Wes\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2013-03-07]
CHR Extension: (Hangouts) - C:\Users\Wes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2013-08-18]
CHR Extension: (Google Wallet) - C:\Users\Wes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Rdio) - C:\Users\Wes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pchjhmiapbbphflbgejhigbmfmmgbngn [2013-03-07]
CHR Extension: (Gmail) - C:\Users\Wes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-07]
CHR Extension: (unnisAles) - C:\ProgramData\cijefmjnafcoloemfcjblmficmpbfkoo\ [2013-03-07]
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Wes\AppData\Local\mysearchdial_speedial_v9.0.2.crx [2013-06-24]
CHR HKU\S-1-5-21-2347897825-1624010096-2217604703-1001\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Wes\AppData\Local\mysearchdial_speedial_v9.0.2.crx [2013-06-24]
CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-07-12]
CHR HKLM-x32\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Wes\AppData\Local\mysearchdial_speedial_v9.0.2.crx [2013-06-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [476936 2013-09-13] (BitRaider, LLC)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.)
S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.)
R2 d65a1a66; c:\Program Files (x86)\TampaGeneration\TampaGeneration.dll [3329536 2015-01-20] () [File not signed]
R2 DeviceMonitor_MF91; C:\Program Files\Pre-Paid Telstra WIFI 4G\DeviceMonitor_x64.exe [234008 2012-03-29] (ZTE Corporation)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-08] (Fitbit, Inc.)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641320 2012-08-10] (HP)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-11] (Hewlett-Packard Company) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1860264 2013-02-22] (Microsoft Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2013-11-04] ()
S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [183488 2014-11-01] ()
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-19] (Razer, Inc.)
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] () [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-11-04] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-07] (BlueStack Systems)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-26] (CyberLink)
S3 EMVSCARD; C:\Windows\System32\Drivers\EMVSCARD.sys [28544 2006-12-14] (USB Smart Card Reader)
S3 Netaapl; C:\Windows\system32\DRIVERS\netaapl64.sys [22528 2012-09-11] (Apple Inc.) [File not signed]
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [266896 2012-06-14] (Realtek Semiconductor Corp.)
R3 RzDxgk; C:\WINDOWS\system32\drivers\RzDxgk.sys [129472 2014-04-19] (Razer, Inc.)
R1 RzFilter; C:\WINDOWS\system32\drivers\RzFilter.sys [74432 2014-04-19] (Razer, Inc.)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2014-11-01] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [129600 2014-11-18] (Razer, Inc.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-25] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-25] (Synaptics Incorporated)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-14] (Apple, Inc.) [File not signed]
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-04] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-27 07:17 - 2015-01-27 07:18 - 00026419 _____ () C:\Users\Wes\Desktop\FRST.txt
2015-01-27 07:17 - 2015-01-27 07:17 - 00000000 ____D () C:\FRST
2015-01-27 06:19 - 2015-01-27 06:18 - 02129920 _____ (Farbar) C:\Users\Wes\Desktop\FRST64.exe
2015-01-27 06:18 - 2015-01-27 06:18 - 02129920 _____ (Farbar) C:\Users\Wes\Downloads\FRST64.exe
2015-01-27 06:17 - 2015-01-27 06:16 - 04176437 _____ () C:\Users\Wes\Desktop\tdsskiller.zip
2015-01-27 06:17 - 2015-01-27 06:16 - 00380416 _____ () C:\Users\Wes\Desktop\pkqf7qrh.exe
2015-01-27 06:16 - 2015-01-27 06:16 - 04176437 _____ () C:\Users\Wes\Downloads\tdsskiller.zip
2015-01-27 06:16 - 2015-01-27 06:16 - 00380416 _____ () C:\Users\Wes\Downloads\pkqf7qrh.exe
2015-01-27 06:15 - 2015-01-27 06:15 - 00001284 _____ () C:\Users\Wes\Desktop\Revo Uninstaller.lnk
2015-01-27 06:15 - 2015-01-27 06:15 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-27 06:14 - 2015-01-27 06:15 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Wes\Downloads\revosetup.exe
2015-01-27 06:09 - 2015-01-27 06:10 - 00000000 ____D () C:\Users\Wes\AppData\Local\Deployment
2015-01-20 14:16 - 2015-01-20 14:17 - 00017654 _____ () C:\Users\Wes\Desktop\20 JAN SNIPERS_AASE SOE.xlsx
2015-01-20 13:16 - 2015-01-20 13:16 - 00000123 _____ () C:\Users\Wes\Desktop\BN FRAGO 17-31 JAN.docx‎ (40 KB‎).url
2015-01-20 12:26 - 2015-01-20 12:26 - 00000000 ____D () C:\Program Files (x86)\TampaGeneration
2015-01-20 12:25 - 2015-01-20 12:25 - 00000000 ____D () C:\Program Files (x86)\Quebles Emoticons
2015-01-20 12:24 - 2015-01-20 13:57 - 00000000 ____D () C:\Program Files (x86)\unnisAles
2015-01-20 12:24 - 2015-01-20 12:24 - 00000000 ____D () C:\ProgramData\7064121796721006040
2015-01-20 12:23 - 2015-01-20 12:23 - 00000000 ____D () C:\ProgramData\cijefmjnafcoloemfcjblmficmpbfkoo
2015-01-20 11:37 - 2015-01-20 11:37 - 00010187 _____ () C:\Users\Wes\Desktop\ACM KMEP packinglist.xlsx
2015-01-19 11:48 - 2015-01-19 11:48 - 00000000 ____D () C:\Users\Wes\AppData\Roaming\FiraxisLive
2015-01-18 16:00 - 2015-01-18 16:02 - 00000000 ____D () C:\Users\Wes\Documents\Catan
2015-01-18 16:00 - 2015-01-18 16:00 - 00000000 ____D () C:\Users\Wes\AppData\Local\CrashRpt
2015-01-18 16:00 - 2015-01-18 16:00 - 00000000 ____D () C:\Users\Wes\AppData\Local\Chromium
2015-01-16 07:56 - 2015-01-16 07:56 - 00001819 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2015-01-16 07:55 - 2015-01-16 08:03 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2015-01-16 07:55 - 2015-01-16 07:55 - 00001836 _____ () C:\Users\Public\Desktop\Apps.lnk
2015-01-16 07:55 - 2015-01-16 07:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2015-01-16 07:55 - 2015-01-16 07:55 - 00000000 ____D () C:\ProgramData\BlueStacks
2015-01-16 07:52 - 2015-01-16 08:01 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2015-01-16 07:51 - 2015-01-16 07:51 - 13444288 _____ (BlueStack Systems Inc.) C:\Users\Wes\Downloads\BlueStacks-SplitInstaller_native.exe
2015-01-16 07:51 - 2015-01-16 07:51 - 00000000 ____D () C:\Users\Wes\AppData\Local\Bluestacks
2015-01-14 18:04 - 2014-12-19 15:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 18:04 - 2014-12-12 11:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 18:04 - 2014-12-12 09:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 18:04 - 2014-12-09 10:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 18:04 - 2014-12-09 04:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 18:04 - 2014-12-09 04:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 18:04 - 2014-12-09 04:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 18:04 - 2014-12-09 04:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 18:04 - 2014-12-09 04:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 18:04 - 2014-12-09 04:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 18:04 - 2014-12-09 04:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 18:04 - 2014-12-06 12:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 18:04 - 2014-12-06 10:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 18:04 - 2014-12-06 10:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-14 18:04 - 2014-10-29 13:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-14 18:04 - 2014-10-29 12:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-14 18:04 - 2014-10-29 12:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-14 18:04 - 2014-10-29 10:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-14 18:04 - 2014-10-29 10:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-14 18:03 - 2014-12-09 04:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 18:03 - 2014-10-29 13:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-14 18:03 - 2014-10-29 12:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-14 18:03 - 2014-10-29 12:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-14 18:03 - 2014-10-29 12:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-14 18:03 - 2014-10-29 12:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-14 18:03 - 2014-10-29 12:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-14 18:03 - 2014-10-29 12:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-14 18:03 - 2014-10-29 12:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-14 18:03 - 2014-10-29 11:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-14 18:03 - 2014-10-29 10:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-14 18:03 - 2014-10-29 10:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-06 21:30 - 2015-01-06 21:30 - 01948431 _____ () C:\Users\Wes\Downloads\The Hill Fights- The First Battle of Khe Sanh.azw
2015-01-06 21:29 - 2015-01-06 21:29 - 01411296 _____ () C:\Users\Wes\Downloads\Firefight (Reckoners Book 2).azw3
2015-01-04 19:14 - 2015-01-04 19:14 - 00265728 _____ () C:\Users\Wes\Downloads\Kilo Co - TP 0501-0803 - 31 DEC.xls
2015-01-04 18:59 - 2015-01-04 19:05 - 00012383 _____ () C:\Users\Wes\Desktop\Kilo Co - PT 12 Jan- 16 Jan.xlsx
2015-01-04 18:57 - 2015-01-04 19:17 - 00013167 _____ () C:\Users\Wes\Desktop\Kilo Co - PT 05 Jan- 09 Jan.xlsx
2015-01-04 15:23 - 2015-01-04 18:37 - 00232960 _____ () C:\Users\Wes\Desktop\Kilo Co - TP 20150112-20150125 - 06 JAN.xls
2015-01-04 14:47 - 2015-01-04 19:08 - 00239104 _____ () C:\Users\Wes\Desktop\Kilo Co - TP 20150105-20150118 - 06 JAN.xls
2015-01-04 14:14 - 2015-01-04 14:14 - 00007963 _____ () C:\Users\Wes\Desktop\PT_Schedule JAN 5-16.xlsx
2015-01-04 14:03 - 2015-01-04 14:03 - 00012998 _____ () C:\Users\Wes\Desktop\HQ Kilo Co - PT 05 Jan- 09 Jan.xlsx
2015-01-04 14:02 - 2015-01-04 14:02 - 00014092 _____ () C:\Users\Wes\Desktop\3rd Plt PT 5Jan-18Jan.xlsx
2015-01-04 14:01 - 2015-01-04 14:01 - 00231424 _____ () C:\Users\Wes\Desktop\3rd Plt TP 5Jan-18Jan.xls
2015-01-04 13:07 - 2015-01-04 18:51 - 00000000 ____D () C:\Users\Wes\Desktop\XO JAN
2015-01-04 12:50 - 2015-01-04 12:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-01-04 12:49 - 2015-01-04 12:50 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-01-04 12:48 - 2015-01-04 12:48 - 00001795 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-01-04 12:48 - 2015-01-04 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-01-04 12:47 - 2015-01-04 12:48 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-04 12:47 - 2015-01-04 12:48 - 00000000 ____D () C:\Program Files\iTunes
2015-01-04 12:47 - 2015-01-04 12:48 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-04 12:47 - 2015-01-04 12:47 - 00000000 ____D () C:\Program Files\iPod
2015-01-04 12:39 - 2015-01-04 12:40 - 00000000 ____D () C:\Users\Wes\Desktop\movies tv
2015-01-04 12:37 - 2015-01-04 17:47 - 00000000 ____D () C:\Users\Wes\Desktop\xo drop
2015-01-03 19:02 - 2015-01-04 14:15 - 00165376 _____ () C:\Users\Wes\Desktop\1st TP schedule 2015-01 5-11.xls
2015-01-03 19:02 - 2015-01-04 14:15 - 00010836 _____ () C:\Users\Wes\Desktop\1st PT schedule 2015-01 5-9.xlsx
2015-01-03 18:59 - 2015-01-04 14:00 - 00173568 _____ () C:\Users\Wes\Desktop\2ND_Kilo Co - TP 0501-0803 - 31 DEC.xls
2015-01-03 18:59 - 2015-01-04 14:00 - 00010686 _____ () C:\Users\Wes\Desktop\2ND_Kilo Co - PT 05jan-09jan.xlsx
2015-01-01 09:02 - 2015-01-01 09:04 - 151539370 _____ () C:\Users\Wes\Downloads\V10.18.10.3383_Win8.1_64.exe
2015-01-01 09:00 - 2015-01-08 10:04 - 00000000 ____D () C:\Users\Wes\AppData\Roaming\HpUpdate
2015-01-01 09:00 - 2015-01-01 09:00 - 00002232 _____ () C:\Users\Public\Desktop\HP Deskjet 1510 series.lnk
2014-12-31 10:16 - 2014-12-31 17:56 - 00000000 ____D () C:\Users\Wes\Desktop\FTP Individual Skills
2014-12-29 21:08 - 2014-12-29 21:08 - 00001012 _____ () C:\Users\Wes\Downloads\Reports.csv
2014-12-29 20:31 - 2014-12-29 20:31 - 02432000 _____ () C:\Users\Wes\Downloads\WPNS MASTER DATA BOOK V8.xls

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-27 07:15 - 2013-11-04 04:10 - 01774570 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-27 07:08 - 2013-11-04 12:09 - 00003918 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0F758BE1-34E4-4757-838D-11B731BADC5F}
2015-01-27 07:00 - 2013-08-23 00:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-27 06:40 - 2013-03-07 14:23 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2347897825-1624010096-2217604703-1001
2015-01-27 06:37 - 2013-08-18 13:17 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2347897825-1624010096-2217604703-1001UA.job
2015-01-27 06:26 - 2013-03-07 19:23 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-27 05:47 - 2013-11-04 12:13 - 00000000 __RDO () C:\Users\Wes\SkyDrive
2015-01-27 05:47 - 2013-06-18 13:46 - 00000626 _____ () C:\WINDOWS\DeviceMonitor_x64.exe.log
2015-01-27 05:47 - 2013-03-07 19:23 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-27 05:46 - 2013-08-22 23:46 - 00319997 _____ () C:\WINDOWS\setupact.log
2015-01-26 17:52 - 2013-05-09 13:17 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-26 17:39 - 2013-08-23 00:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-26 10:37 - 2013-08-18 13:17 - 00000866 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2347897825-1624010096-2217604703-1001Core.job
2015-01-24 22:58 - 2013-09-11 16:07 - 00000000 ____D () C:\Users\Wes\AppData\Local\Battle.net
2015-01-24 08:27 - 2013-03-14 13:40 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2015-01-24 00:05 - 2012-07-26 16:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-20 12:36 - 2013-09-30 13:04 - 00956476 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-20 12:29 - 2013-11-04 03:47 - 00000000 ____D () C:\Users\Wes
2015-01-20 12:29 - 2013-08-22 23:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-20 06:32 - 2014-12-13 11:51 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-20 06:32 - 2014-11-17 08:51 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-19 11:48 - 2013-07-08 17:47 - 00000000 ____D () C:\Users\Wes\AppData\Local\My Games
2015-01-19 11:48 - 2013-06-10 11:12 - 00000000 ____D () C:\Users\Wes\Documents\My Games
2015-01-18 16:02 - 2014-12-07 04:17 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-01-17 10:13 - 2013-09-30 12:55 - 00052262 _____ () C:\WINDOWS\PFRO.log
2015-01-17 10:12 - 2013-08-22 22:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-16 07:55 - 2013-08-23 00:36 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-14 19:44 - 2013-08-15 21:51 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-14 19:35 - 2013-03-27 05:51 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-10 19:02 - 2013-03-07 14:15 - 00000000 ____D () C:\Users\Wes\AppData\Local\Packages
2015-01-09 00:13 - 2013-11-27 16:43 - 00000000 ____D () C:\Users\Wes\Desktop\Work
2015-01-04 13:58 - 2014-10-22 03:26 - 00000000 ____D () C:\Users\Wes\Desktop\Happy Thoughts
2015-01-04 12:47 - 2013-08-17 16:18 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-01-04 12:47 - 2013-03-22 04:13 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-04 12:44 - 2012-11-03 22:25 - 00000000 ____D () C:\ProgramData\Apple
2015-01-01 09:00 - 2013-09-18 14:36 - 00000000 ____D () C:\Program Files (x86)\HP
2015-01-01 09:00 - 2013-03-07 14:20 - 00000000 ____D () C:\Users\Wes\AppData\Local\HP
2015-01-01 09:00 - 2012-11-03 22:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-01-01 09:00 - 2012-09-13 03:00 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2015-01-01 08:59 - 2013-09-18 14:36 - 00000000 ____D () C:\Program Files\HP
2015-01-01 08:56 - 2013-09-18 14:36 - 00000000 ____D () C:\ProgramData\HP
2014-12-31 20:14 - 2013-03-27 04:06 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2013-07-11 10:55 - 2013-09-19 16:43 - 0000000 _____ () C:\Users\Wes\AppData\Roaming\bitlord_log.txt
2013-06-24 17:46 - 2013-06-24 17:46 - 0423709 _____ () C:\Users\Wes\AppData\Local\mysearchdial_speedial_v9.0.2.crx
2013-09-18 15:12 - 2013-09-18 15:12 - 0000218 _____ () C:\Users\Wes\AppData\Local\recently-used.xbel
2013-11-07 06:43 - 2014-08-08 16:17 - 0007597 _____ () C:\Users\Wes\AppData\Local\resmon.resmoncfg
2013-09-18 14:36 - 2013-09-18 14:36 - 0000057 _____ () C:\ProgramData\Ament.ini

Some content of TEMP:
====================
C:\Users\Wes\AppData\Local\Temp\4374E0e7D94c.exe
C:\Users\Wes\AppData\Local\Temp\7eda6125743F.exe
C:\Users\Wes\AppData\Local\Temp\C4dbA1C.exe
C:\Users\Wes\AppData\Local\Temp\sonarinst.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 05:46

==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by Wes at 2015-01-27 07:18:47
Running from C:\Users\Wes\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
ActivClient CAC x64 (HKLM\...\{86E45973-5352-439F-A115-2E8EE4D40140}) (Version: 6.2 - ActivIdentity)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.2.8900 - Adobe Systems Inc.)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Age of Empires® III: Complete Collection (HKLM-x32\...\Steam App 105450) (Version:  - Ensemble Studios)
Alien Swarm (HKLM-x32\...\Steam App 630) (Version:  - Valve)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.86 - AuthenTec, Inc.) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.2.0.0 - Electronic Arts)
Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
BitLord 2.3 (HKLM-x32\...\BitLord) (Version: 2.3.1-225 - House of Life)
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.8.1 - BitRaider, LLC)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{152E0B21-19D5-4772-9EF8-8E76074B0C0A}) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
Castle Crashers (HKLM-x32\...\Steam App 204360) (Version:  - The Behemoth)
Catan (HKLM-x32\...\Steam App 239410) (Version:  - United Soft Media)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1926 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Device Installer x64 (HKLM\...\{90FE5BFC-C6C5-45D3-A7E3-463D707E2D44}) (Version: 2.2 - ActivIdentity)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dragon Age Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.0.4.0 - Electronic Arts)
EA Installer (HKLM-x32\...\EA Installer.-1202606811) (Version: 2.2.0.62 - Electronic Arts, Inc.)
EA Shared Game Component: Activation (HKLM-x32\...\com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1) (Version: 2.2.0.62 - Electronic Arts)
EA Shared Game Component: Activation (x32 Version: 2.2.0 - Electronic Arts) Hidden
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fitbit Connect (HKLM-x32\...\{E54705FB-98A6-4C03-B2DC-D8C3B5486DCD}) (Version: 2.0.0.6512 - Fitbit Inc.)
FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{6821D775-9303-46DD-977A-2D97CA18B054}) (Version: 4.2.8.1 - Hewlett-Packard Company)
HP Connected Backup (HKLM-x32\...\{6BA5F6E7-6CC1-4117-816D-A549A06CE44E}) (Version: 8.7.0.0 - Autonomy)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company)
HP Deskjet 1510 series Basic Device Software (HKLM\...\{C9064E5C-D5AB-4EEB-86A6-50756901038A}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP Documentation (HKLM-x32\...\{92524C67-A99D-44C6-8995-04F5E76486AF}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Quick Launch (HKLM-x32\...\{609B11CC-8CED-4116-AD8A-A72168894D39}) (Version: 3.0.4 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\{34C821CA-6B55-44A0-8A9B-2EF471D6019E}) (Version: 6.0.100.244 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{B8019B54-F9BE-490A-9619-6D06F18F129F}) (Version: 7.0.32.44 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Kingdom Rush (HKLM-x32\...\Steam App 246420) (Version:  - Ironhide Game Studio)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic 2014  (HKLM-x32\...\Steam App 213850) (Version:  - Stainless Games)
Magic: The Gathering – Tactics (HKLM-x32\...\Steam App 201190) (Version:  - Sony Online Entertainment, LLC.)
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mass Effect™ (HKLM-x32\...\{44A570EE-FD93-4086-8997-2C38DFDE0019}) (Version: 1.2.20608.0 - Electronic Arts)
Mass Effect™ 2 (HKLM-x32\...\{E19B628D-A9BC-4519-B1D4-4C8C09074F7F}) (Version: 1.2.1604.0 - Electronic Arts)
Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.05.0.0 - Electronic Arts)
Microsoft Office 365 Home Premium - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4454.1513 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version:  - Robot Entertainment)
Origin (HKLM-x32\...\Origin) (Version: 9.1.15.109 - Electronic Arts, Inc.)
OvertCentre (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{d65a1a66}) (Version:  - QuasarCorner) <==== ATTENTION
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies: Game of the Year (HKLM-x32\...\Steam App 3590) (Version:  - PopCap Games, Inc.)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pre-Paid Telstra WIFI 4G (HKLM\...\{E6051155-B0FE-4E88-A7A7-A2BA8C1E7D4C}_is1) (Version: 8.2088.0.1B09 - ZTE Corporation)
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Quebles Emoticons (HKLM-x32\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version:  - ) <==== ATTENTION
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.66 - Razer Inc)
Razer Naga (HKLM-x32\...\{9F64A0D3-B0D2-4EE1-9A9D-452BD4459D09}) (Version: 2.03.05 - Razer USA Ltd.)
Razer Naga Epic Dock Firmware Updater (HKLM-x32\...\{F75090F5-8B98-4E66-B97B-E54F527C1221}) (Version: 1.01.08 - Razer USA Ltd.)
Razer Naga Epic Firmware Updater (HKLM-x32\...\{0C3B3058-F1DB-4E51-8115-AD06825EE1C5}) (Version: 1.04.00 - Razer USA Ltd.)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.18.23036 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.29025 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Sid Meier's Civilization: Beyond Earth (HKLM-x32\...\Steam App 65980) (Version:  - Firaxis Games)
Star Wars Republic Commando (HKLM-x32\...\Steam App 6000) (Version:  - LucasArts)
Star Wars Starfighter (HKLM-x32\...\{0C321D1F-2262-42C2-94C5-5E5765507C72}) (Version:  - )
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 7.0.0.12 - Bioware/EA)
Star Wars: Empire at War Gold (HKLM-x32\...\Steam App 32470) (Version:  - Petroglyph)
Star Wars: Knights of the Old Republic (HKLM-x32\...\Steam App 32370) (Version:  - BioWare)
Star Wars: Knights of the Old Republic II (HKLM-x32\...\Steam App 208580) (Version:  - Obsidian Entertainment)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
StarCraft (HKLM-x32\...\StarCraft) (Version:  - Blizzard Entertainment)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden
Validity WBF DDK (HKLM\...\{1F91C200-8F0F-4009-A75E-DB6CE151BD4E}) (Version: 4.4.234.0 - Validity Sensors, Inc.)
VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)
ZTE LTE Device USB Driver (HKLM\...\{00C1EF09-B5B7-4082-B1F4-C35CE7A7FCA9}) (Version:  - ZTE Corporation)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2347897825-1624010096-2217604703-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Wes\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2347897825-1624010096-2217604703-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Wes\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2347897825-1624010096-2217604703-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Wes\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2347897825-1624010096-2217604703-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Wes\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2347897825-1624010096-2217604703-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Wes\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2347897825-1624010096-2217604703-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Wes\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

11-01-2015 00:17:24 Scheduled Checkpoint
14-01-2015 19:32:22 Windows Update
18-01-2015 15:58:11 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
18-01-2015 15:59:02 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
24-01-2015 00:03:29 Windows Update
27-01-2015 06:10:11 Removed Gtk# for .Net 2.12.10

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 22:25 - 2013-08-22 22:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {04099C1F-F940-427A-B3C0-32CE79AB328A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-07] (Google Inc.)
Task: {1F70BDB7-4D16-48AE-9922-C4C984427C2C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-07] (Google Inc.)
Task: {339743C4-97E1-43D5-901F-F5351B0EF7DD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2347897825-1624010096-2217604703-1001Core => C:\Users\Wes\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-18] (Google Inc.)
Task: {34E53C91-C3F4-474E-9A13-3FCF6FDD1FFA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-11] (Hewlett-Packard Company)
Task: {4DC3C192-0F12-42C9-8863-E6CF77979308} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-25] (Synaptics Incorporated)
Task: {5B54BD9B-EBEE-41DB-8B63-DCC30FE42E70} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {8580C7BB-0518-4862-8AD2-4DF4121D56F7} - System32\Tasks\Microsoft\Office\Office First Run Task => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-02-22] (Microsoft Corporation)
Task: {A2D38BB9-B6D6-4756-B52D-C734940CDDAB} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {A2E416EC-ECDF-42D9-9217-832B04207360} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)
Task: {A450FE8F-0B80-4D66-9370-79CB53684C84} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2347897825-1624010096-2217604703-1001UA => C:\Users\Wes\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-18] (Google Inc.)
Task: {BD507541-5630-4B1E-90AB-7E967B22005D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-14] (Microsoft Corporation)
Task: {D46C278E-224B-41E5-8AC6-36FC38D91736} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-08-08] (Hewlett-Packard Company)
Task: {FB066C03-E9DC-42F2-A3D6-208A4588BF38} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-28] (CyberLink)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2347897825-1624010096-2217604703-1001Core.job => C:\Users\Wes\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2347897825-1624010096-2217604703-1001UA.job => C:\Users\Wes\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) =============

2013-03-07 00:36 - 2013-02-22 10:39 - 00373392 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2013-03-07 00:36 - 2013-02-22 10:39 - 00513680 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2013-03-07 00:36 - 2013-02-22 10:40 - 00607400 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2013-05-19 15:01 - 2013-11-04 16:01 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2012-09-06 17:47 - 2012-09-06 17:47 - 00028160 _____ () C:\Windows\system32\valWBFPolicyService.exe
2012-08-10 17:36 - 2012-08-10 17:36 - 04073320 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
2013-10-04 18:42 - 2013-10-04 18:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-06-18 13:45 - 2012-03-01 14:43 - 00068096 _____ () C:\Program Files\Pre-Paid Telstra WIFI 4G\CancelAutoPlay.exe
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-20 12:26 - 2015-01-20 12:26 - 03329536 _____ () c:\Program Files (x86)\TampaGeneration\TampaGeneration.dll
2012-11-03 22:19 - 2012-06-26 03:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-10-29 07:22 - 2014-10-29 07:22 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2015-01-16 04:59 - 2015-01-09 09:35 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
2015-01-16 04:58 - 2015-01-09 09:35 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll
2015-01-16 04:59 - 2015-01-09 09:35 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll
2015-01-16 04:58 - 2015-01-09 09:35 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll
2015-01-16 04:59 - 2015-01-09 09:35 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Wes\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Wes\Downloads\noname.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "accrdsub"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Razer Naga Driver"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "Fitbit Connect"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKU\S-1-5-21-2347897825-1624010096-2217604703-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-2347897825-1624010096-2217604703-1001\...\StartupApproved\Run: => "HP Officejet Pro 8600 (NET)"
HKU\S-1-5-21-2347897825-1624010096-2217604703-1001\...\StartupApproved\Run: => "Raptr"
HKU\S-1-5-21-2347897825-1624010096-2217604703-1001\...\StartupApproved\Run: => "Fitbit Connect"

========================= Accounts: ==========================

Administrator (S-1-5-21-2347897825-1624010096-2217604703-500 - Administrator - Disabled)
Guest (S-1-5-21-2347897825-1624010096-2217604703-501 - Limited - Disabled)
Wes (S-1-5-21-2347897825-1624010096-2217604703-1001 - Administrator - Enabled) => C:\Users\Wes

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/27/2015 05:48:37 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (01/26/2015 07:32:32 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (01/26/2015 07:31:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 28782422

Error: (01/26/2015 07:31:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 28782422

Error: (01/26/2015 07:31:33 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/25/2015 06:53:21 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (01/25/2015 06:53:17 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "AppVOpcServices.dll,processorArchitecture="x86",type="win32",version="4.6.0.111"1".
Dependent Assembly AppVOpcServices.dll,processorArchitecture="x86",type="win32",version="4.6.0.111" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/25/2015 06:48:29 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (01/25/2015 06:48:05 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "AppVOpcServices.dll,processorArchitecture="x86",type="win32",version="4.6.0.111"1".
Dependent Assembly AppVOpcServices.dll,processorArchitecture="x86",type="win32",version="4.6.0.111" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/25/2015 08:24:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 6.3.9600.16384, time stamp: 0x5215e1f6
Faulting module name: twinapi.appcore.dll, version: 6.3.9600.17195, time stamp: 0x53894a69
Exception code: 0xc000027b
Fault offset: 0x00000000000547ac
Faulting process id: 0x9de0
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5


System errors:
=============
Error: (01/27/2015 05:53:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BlueStacks Updater Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/27/2015 05:53:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BlueStacks Log Rotator Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/24/2015 02:28:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053

Error: (01/24/2015 02:28:48 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (01/20/2015 10:40:58 PM) (Source: DCOM) (EventID: 10010) (User: GAMECOCK)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (01/20/2015 10:40:58 PM) (Source: DCOM) (EventID: 10010) (User: GAMECOCK)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (01/20/2015 10:40:58 PM) (Source: DCOM) (EventID: 10010) (User: GAMECOCK)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (01/20/2015 10:40:58 PM) (Source: DCOM) (EventID: 10010) (User: GAMECOCK)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (01/20/2015 10:40:58 PM) (Source: DCOM) (EventID: 10010) (User: GAMECOCK)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (01/20/2015 10:40:58 PM) (Source: DCOM) (EventID: 10010) (User: GAMECOCK)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}


Microsoft Office Sessions:
=========================
Error: (01/27/2015 05:48:37 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: -2147024883

Error: (01/26/2015 07:32:32 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: -2147024883

Error: (01/26/2015 07:31:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 28782422

Error: (01/26/2015 07:31:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 28782422

Error: (01/26/2015 07:31:33 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/25/2015 06:53:21 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (01/25/2015 06:53:17 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: AppVOpcServices.dll,processorArchitecture="x86",type="win32",version="4.6.0.111"c:\program files\microsoft office 15\root\flattener\Flattener.exe

Error: (01/25/2015 06:48:29 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (01/25/2015 06:48:05 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: AppVOpcServices.dll,processorArchitecture="x86",type="win32",version="4.6.0.111"c:\program files\microsoft office 15\root\flattener\Flattener.exe

Error: (01/25/2015 08:24:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: backgroundTaskHost.exe6.3.9600.163845215e1f6twinapi.appcore.dll6.3.9600.1719553894a69c000027b00000000000547ac9de001d0382ccccce048C:\WINDOWS\system32\backgroundTaskHost.exeC:\Windows\System32\twinapi.appcore.dll1ede6ff7-a420-11e4-bec1-a0b3cc4a5ec6Microsoft.XboxOneSmartGlass_2.2.1501.12006_x64__8wekyb3d8bbweMicrosoft.XboxOneSmartGlass


CodeIntegrity Errors:
===================================
  Date: 2015-01-27 06:19:52.688
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-27 06:19:52.590
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-27 06:19:52.477
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-27 06:19:52.383
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-27 06:19:52.290
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-27 06:19:51.945
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-27 06:19:51.851
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-27 06:19:51.757
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-27 06:19:50.890
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-27 06:19:50.791
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 47%
Total physical RAM: 6033.27 MB
Available physical RAM: 3173.2 MB
Total Pagefile: 8493.42 MB
Available Pagefile: 4881.23 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:670.42 GB) (Free:120.13 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:27.1 GB) (Free:3.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: A50E1C7D)

Partition: GPT Partition Type.

==================== End Of Log ============================


#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:36 PM

Posted 28 January 2015 - 11:07 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove these installed programs in bold using the Add/Remove Programs applet.
OvertCentre (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{d65a1a66}) (Version: - QuasarCorner) <==== ATTENTION
Quebles Emoticons (HKLM-x32\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version: - ) <==== ATTENTION

===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CloseProcesses:

HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1Qzu0AtD0BtA0C0CyE0AyD0E0CyC0FyEtA0AtN0D0Tzu0SyDyEtDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB&cr=1591824645&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.thesearchpage.info/?pid=2921&r=2015/01/20&hid=11767690471680125434&lg=EN&cc=US&unqvl=74
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd62&cd=2XzuyEtN2Y1L1Qzu0AtD0BtA0C0CyE0AyD0E0CyC0FyEtA0AtN0D0Tzu0SyDyEtDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB&cr=1591824645&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd62&cd=2XzuyEtN2Y1L1Qzu0AtD0BtA0C0CyE0AyD0E0CyC0FyEtA0AtN0D0Tzu0SyDyEtDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB&cr=1591824645&ir=
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=2921&r=2015/01/20&hid=11767690471680125434&lg=EN&cc=US&unqvl=74
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd62&cd=2XzuyEtN2Y1L1Qzu0AtD0BtA0C0CyE0AyD0E0CyC0FyEtA0AtN0D0Tzu0SyDyEtDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB&cr=1591824645&ir=
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=2921&r=2015/01/20&hid=11767690471680125434&lg=EN&cc=US&unqvl=74
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2347897825-1624010096-2217604703-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd62&cd=2XzuyEtN2Y1L1Qzu0AtD0BtA0C0CyE0AyD0E0CyC0FyEtA0AtN0D0Tzu0SyDyEtDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB&cr=1591824645&ir=
SearchScopes: HKU\S-1-5-21-2347897825-1624010096-2217604703-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-2347897825-1624010096-2217604703-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-2347897825-1624010096-2217604703-1001 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=2921&r=2015/01/20&hid=11767690471680125434&lg=EN&cc=US&unqvl=74
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Extension: (Poppit!) - C:\Users\Wes\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2013-03-07]
CHR Extension: (Google Wallet) - C:\Users\Wes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (unnisAles) - C:\ProgramData\cijefmjnafcoloemfcjblmficmpbfkoo\ [2013-03-07]
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Wes\AppData\Local\mysearchdial_speedial_v9.0.2.crx [2013-06-24]
CHR HKU\S-1-5-21-2347897825-1624010096-2217604703-1001\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Wes\AppData\Local\mysearchdial_speedial_v9.0.2.crx [2013-06-24]
CHR HKLM-x32\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Wes\AppData\Local\mysearchdial_speedial_v9.0.2.crx [2013-06-24]
R2 d65a1a66; c:\Program Files (x86)\TampaGeneration\TampaGeneration.dll [3329536 2015-01-20] () [File not signed]
C:\Users\Wes\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi
C:\ProgramData\cijefmjnafcoloemfcjblmficmpbfkoo
c:\Program Files (x86)\TampaGeneration
C:\Users\Wes\AppData\Local\Temp\4374E0e7D94c.exe
C:\Users\Wes\AppData\Local\Temp\7eda6125743F.exe
C:\Users\Wes\AppData\Local\Temp\C4dbA1C.exe
C:\Users\Wes\AppData\Local\Temp\sonarinst.exe

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Please post the logs and let me know what problem persists.

#4 Ridir

Ridir
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 30 January 2015 - 06:43 PM

Thanks, working that now. (sorry for the delay, work)

 

Update: Removed the programs, ran the FRST fix script you gave me, and used the adware removal (it wanted to restart my computer and left it in the restart loop for a good long time. Manually hard rebooted it after about 20 minutes or more of waiting on the restart.  I went to google chrome and immediately to the extensions page and didn't see any of the adware extensions. (usually I have had to turn two off to be able to go to any webpages). 

 

Reports below:

adware:

# AdwCleaner v4.109 - Report created 31/01/2015 at 10:00:18
# Updated 24/01/2015 by Xplode
# Database : 2015-01-26.1 [Live]
# Operating System : Windows 8.1  (64 bits)
# Username : Wes - GAMECOCK
# Running from : C:\Users\Wes\Desktop\adwcleaner_4.109.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\StarApp
Folder Deleted : C:\ProgramData\57371ae0000047f9
Folder Deleted : C:\ProgramData\7064121796721006040
Folder Deleted : C:\Users\Wes\AppData\Local\CrashRpt
Folder Deleted : C:\Users\Wes\AppData\Roaming\Mysearchdial
Folder Deleted : C:\ProgramData\mdekafeeflmgmkcljckejejkeambogbc
Folder Deleted : C:\Users\Wes\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\P0e53baf9_1ebe_4773_a010_a66641c07f9f_.P0e53baf9_1ebe_4773_a010_a66641c07f9f_
Key Deleted : HKLM\SOFTWARE\Classes\P0e53baf9_1ebe_4773_a010_a66641c07f9f_.P0e53baf9_1ebe_4773_a010_a66641c07f9f_.9
Key Deleted : HKLM\SOFTWARE\Classes\P248c0d09_2a53_4383_ba49_16405a39b3ed_.P248c0d09_2a53_4383_ba49_16405a39b3ed_
Key Deleted : HKLM\SOFTWARE\Classes\P248c0d09_2a53_4383_ba49_16405a39b3ed_.P248c0d09_2a53_4383_ba49_16405a39b3ed_.9
Key Deleted : HKLM\SOFTWARE\Classes\P29cdd7d3_f9fd_4dc4_848a_db1aaa3db839_.P29cdd7d3_f9fd_4dc4_848a_db1aaa3db839_
Key Deleted : HKLM\SOFTWARE\Classes\P29cdd7d3_f9fd_4dc4_848a_db1aaa3db839_.P29cdd7d3_f9fd_4dc4_848a_db1aaa3db839_.9
Key Deleted : HKLM\SOFTWARE\Classes\Pa3eacb3f_e9b7_4bed_9116_70f940773576_.Pa3eacb3f_e9b7_4bed_9116_70f940773576_
Key Deleted : HKLM\SOFTWARE\Classes\Pa3eacb3f_e9b7_4bed_9116_70f940773576_.Pa3eacb3f_e9b7_4bed_9116_70f940773576_.9
Key Deleted : HKLM\SOFTWARE\Classes\Pb79a245e_3e4c_45f1_bd86_f69279383ec2_.Pb79a245e_3e4c_45f1_bd86_f69279383ec2_
Key Deleted : HKLM\SOFTWARE\Classes\Pb79a245e_3e4c_45f1_bd86_f69279383ec2_.Pb79a245e_3e4c_45f1_bd86_f69279383ec2_.9
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0e53baf9-1ebe-4773-a010-a66641c07f9f}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{248c0d09-2a53-4383-ba49-16405a39b3ed}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{29cdd7d3-f9fd-4dc4-848a-db1aaa3db839}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{a3eacb3f-e9b7-4bed-9116-70f940773576}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{b79a245e-3e4c-45f1-bd86-f69279383ec2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{230332DF-D235-47EE-BC42-60860EF144CD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{248c0d09-2a53-4383-ba49-16405a39b3ed}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a3eacb3f-e9b7-4bed-9116-70f940773576}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b79a245e-3e4c-45f1-bd86-f69279383ec2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0e53baf9-1ebe-4773-a010-a66641c07f9f}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{248c0d09-2a53-4383-ba49-16405a39b3ed}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{29cdd7d3-f9fd-4dc4-848a-db1aaa3db839}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a3eacb3f-e9b7-4bed-9116-70f940773576}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{b79a245e-3e4c-45f1-bd86-f69279383ec2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0e53baf9-1ebe-4773-a010-a66641c07f9f}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{248c0d09-2a53-4383-ba49-16405a39b3ed}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{29cdd7d3-f9fd-4dc4-848a-db1aaa3db839}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{a3eacb3f-e9b7-4bed-9116-70f940773576}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{b79a245e-3e4c-45f1-bd86-f69279383ec2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0e53baf9-1ebe-4773-a010-a66641c07f9f}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{248c0d09-2a53-4383-ba49-16405a39b3ed}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{29cdd7d3-f9fd-4dc4-848a-db1aaa3db839}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a3eacb3f-e9b7-4bed-9116-70f940773576}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{b79a245e-3e4c-45f1-bd86-f69279383ec2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{0e53baf9-1ebe-4773-a010-a66641c07f9f}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{248c0d09-2a53-4383-ba49-16405a39b3ed}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{29cdd7d3-f9fd-4dc4-848a-db1aaa3db839}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{a3eacb3f-e9b7-4bed-9116-70f940773576}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{b79a245e-3e4c-45f1-bd86-f69279383ec2}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{248c0d09-2a53-4383-ba49-16405a39b3ed}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a3eacb3f-e9b7-4bed-9116-70f940773576}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b79a245e-3e4c-45f1-bd86-f69279383ec2}
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\mysearchdial
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\websearch.thesearchpage.info

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Google Chrome v39.0.2171.99

[C:\Users\Wes\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Wes\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Wes\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=2921&r=2015/01/20&hid=11767690471680125434&lg=EN&cc=US&unqvl=74
[C:\Users\Wes\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : pflphaooapbgpeakohlggbpidpppgdff
[C:\Users\Wes\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : mdekafeeflmgmkcljckejejkeambogbc
[C:\Users\Wes\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : iflpcokdamgefbghpdipcibmhlkdopop
[C:\Users\Wes\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Startup_URLs] : hxxp://websearch.thesearchpage.info/?pid=2921&r=2015/01/20&hid=11767690471680125434&lg=EN&cc=US&unqvl=74

-\\ Chromium v

[C:\Users\Wes\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Wes\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Wes\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=2921&r=2015/01/20&hid=11767690471680125434&lg=EN&cc=US&unqvl=74

*************************

AdwCleaner[R0].txt - [7904 octets] - [31/01/2015 08:55:41]
AdwCleaner[R1].txt - [8471 octets] - [31/01/2015 09:58:50]
AdwCleaner[S0].txt - [8873 octets] - [31/01/2015 10:00:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8933 octets] ##########

FRST:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-01-2015
Ran by Wes at 2015-01-31 08:46:04 Run:1
Running from C:\Users\Wes\Desktop
Loaded Profiles: Wes (Available profiles: Wes)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CloseProcesses:

HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=irmsd62&cd=2XzuyEtN2Y1L1Qzu0AtD0BtA0C0CyE0AyD0E0CyC0FyEtA0AtN0D0Tzu0SyDyEtDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB&cr=1591824645&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.thesearchpage.info/?pid=2921&r=2015/01/20&hid=11767690471680125434&lg=EN&cc=US&unqvl=74
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd62&cd=2XzuyEtN2Y1L1Qzu0AtD0BtA0C0CyE0AyD0E0CyC0FyEtA0AtN0D0Tzu0SyDyEtDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB&cr=1591824645&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd62&cd=2XzuyEtN2Y1L1Qzu0AtD0BtA0C0CyE0AyD0E0CyC0FyEtA0AtN0D0Tzu0SyDyEtDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB&cr=1591824645&ir=
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=2921&r=2015/01/20&hid=11767690471680125434&lg=EN&cc=US&unqvl=74
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd62&cd=2XzuyEtN2Y1L1Qzu0AtD0BtA0C0CyE0AyD0E0CyC0FyEtA0AtN0D0Tzu0SyDyEtDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB&cr=1591824645&ir=
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=2921&r=2015/01/20&hid=11767690471680125434&lg=EN&cc=US&unqvl=74
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2347897825-1624010096-2217604703-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd62&cd=2XzuyEtN2Y1L1Qzu0AtD0BtA0C0CyE0AyD0E0CyC0FyEtA0AtN0D0Tzu0SyDyEtDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtB&cr=1591824645&ir=
SearchScopes: HKU\S-1-5-21-2347897825-1624010096-2217604703-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-2347897825-1624010096-2217604703-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-2347897825-1624010096-2217604703-1001 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=2921&r=2015/01/20&hid=11767690471680125434&lg=EN&cc=US&unqvl=74
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Extension: (Poppit!) - C:\Users\Wes\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2013-03-07]
CHR Extension: (Google Wallet) - C:\Users\Wes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (unnisAles) - C:\ProgramData\cijefmjnafcoloemfcjblmficmpbfkoo\ [2013-03-07]
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Wes\AppData\Local\mysearchdial_speedial_v9.0.2.crx [2013-06-24]
CHR HKU\S-1-5-21-2347897825-1624010096-2217604703-1001\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Wes\AppData\Local\mysearchdial_speedial_v9.0.2.crx [2013-06-24]
CHR HKLM-x32\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Wes\AppData\Local\mysearchdial_speedial_v9.0.2.crx [2013-06-24]
R2 d65a1a66; c:\Program Files (x86)\TampaGeneration\TampaGeneration.dll [3329536 2015-01-20] () [File not signed]
C:\Users\Wes\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi
C:\ProgramData\cijefmjnafcoloemfcjblmficmpbfkoo
c:\Program Files (x86)\TampaGeneration
C:\Users\Wes\AppData\Local\Temp\4374E0e7D94c.exe
C:\Users\Wes\AppData\Local\Temp\7eda6125743F.exe
C:\Users\Wes\AppData\Local\Temp\C4dbA1C.exe
C:\Users\Wes\AppData\Local\Temp\sonarinst.exe

End
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => Key deleted successfully.
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => Key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2347897825-1624010096-2217604703-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
"HKU\S-1-5-21-2347897825-1624010096-2217604703-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found. 
"HKU\S-1-5-21-2347897825-1624010096-2217604703-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => Key deleted successfully.
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => Key not found. 
"HKU\S-1-5-21-2347897825-1624010096-2217604703-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key deleted successfully.
HKCR\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found. 
"HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=2.1.4" => Key deleted successfully.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
C:\Users\Wes\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi => Moved successfully.
C:\Users\Wes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
C:\ProgramData\cijefmjnafcoloemfcjblmficmpbfkoo\ => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff" => Key deleted successfully.
C:\Users\Wes\AppData\Local\mysearchdial_speedial_v9.0.2.crx => Moved successfully.
"HKU\S-1-5-21-2347897825-1624010096-2217604703-1001\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff" => Key deleted successfully.
"C:\Users\Wes\AppData\Local\mysearchdial_speedial_v9.0.2.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff" => Key deleted successfully.
"C:\Users\Wes\AppData\Local\mysearchdial_speedial_v9.0.2.crx" => File/Directory not found.
d65a1a66 => Service not found.
"C:\Users\Wes\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi" => File/Directory not found.
"C:\ProgramData\cijefmjnafcoloemfcjblmficmpbfkoo" => File/Directory not found.
"c:\Program Files (x86)\TampaGeneration" => File/Directory not found.
C:\Users\Wes\AppData\Local\Temp\4374E0e7D94c.exe => Moved successfully.
C:\Users\Wes\AppData\Local\Temp\7eda6125743F.exe => Moved successfully.
C:\Users\Wes\AppData\Local\Temp\C4dbA1C.exe => Moved successfully.
C:\Users\Wes\AppData\Local\Temp\sonarinst.exe => Moved successfully.


The system needed a reboot. 

==== End of Fixlog 08:46:05 ====

If problems persist I will return. 

Attached Files


Edited by Ridir, 30 January 2015 - 08:22 PM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:36 PM

Posted 31 January 2015 - 08:32 AM

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#6 Ridir

Ridir
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 31 January 2015 - 06:08 PM

Results of screen317's Security Check version 0.99.95
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java 64-bit 8 Update 31
Adobe Reader XI
Google Chrome (39.0.2171.99)
Google Chrome (40.0.2214.94)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Computer is running great now, thank you.

Edited by nasdaq, 01 February 2015 - 09:03 AM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:36 PM

Posted 01 February 2015 - 09:03 AM

Looking good.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:36 PM

Posted 06 February 2015 - 09:10 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users