Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Stubborn Total Ad Performance will not be removed.


  • This topic is locked This topic is locked
13 replies to this topic

#1 sparky2000

sparky2000

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:51 AM

Posted 02 July 2015 - 04:08 PM

Someone help me please. This is at least my 3rd attempt to get this cleaned/removed. 

 

I tried:

RKill

RogueKiller

MBAM

Super Anti-Spyware

Kaspersky free security scan and Kaspersky's rootkit scan

 

I had help from Bleeping Computer

Here:http://www.bleepingcomputer.com/forums/t/578031/total-ad-performance-removal/

and here: http://www.bleepingcomputer.com/forums/t/579828/total-ad-performance-persistently-returning-in-chrome/

 

It appears to have infected my other chrome browsers on other devices e.g. my iPad.

 

Your help to remove this will be greatly appreciated!


Edited by sparky2000, 02 July 2015 - 04:29 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:51 AM

Posted 04 July 2015 - 09:30 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===


Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Restart Chrome.
====

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

How is the computer running now?

#3 sparky2000

sparky2000
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:51 AM

Posted 06 July 2015 - 03:44 PM

Woah this deleted some college stuff. Will I have to install them again? (Open VPN, Cisco stuff amongst others)

 

Results:

 

 
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Mark Packard Bell on 06/07/2015 at 21:56:51.70.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Mark Packard Bell\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
06/07/2015 22:00:22 Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\All Answers Ltd deleted successfully
C:\PROGRA~2\BitZipper deleted successfully
C:\PROGRA~2\Electronic Arts deleted successfully
C:\PROGRA~2\OpenVPN Technologies deleted successfully
C:\PROGRA~2\SEGA deleted successfully
C:\PROGRA~2\Trend Micro deleted successfully
C:\PROGRA~2\TuneUp Utilities 2014 deleted successfully
C:\PROGRA~2\Zemana AntiLogger Free deleted successfully
C:\PROGRA~2\COMMON~1\MicroWorld deleted successfully
C:\Program Files\ATI Technologies deleted successfully
C:\Program Files\Bitdefender deleted successfully
C:\Program Files\Symantec deleted successfully
C:\PROGRA~3\DAEMON Tools Net deleted successfully
C:\PROGRA~3\deletepart deleted successfully
C:\PROGRA~3\explauncher deleted successfully
C:\PROGRA~3\formatpart deleted successfully
C:\PROGRA~3\ICND1 Network Simulator Lite deleted successfully
C:\PROGRA~3\launcher deleted successfully
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\PROGRA~3\redistpart deleted successfully
C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001} deleted successfully
C:\PROGRA~3\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} deleted successfully
C:\PROGRA~3\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} deleted successfully
C:\Users\Mark Packard Bell\AppData\Roaming\dvdcss deleted successfully
C:\Users\Mark Packard Bell\AppData\Local\Downloaded Installations deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Batch Command(s) Run By Tool======================
 
C:\Windows\system32\appdata deleted
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~2\All Answers Ltd not found
C:\PROGRA~2\BitZipper not found
C:\PROGRA~2\Electronic Arts not found
C:\PROGRA~2\OpenVPN Technologies not found
C:\PROGRA~2\SEGA not found
C:\PROGRA~2\Trend Micro not found
C:\PROGRA~2\TuneUp Utilities 2014 not found
C:\PROGRA~2\Zemana AntiLogger Free not found
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found
C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001} not found
C:\PROGRA~3\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} not found
C:\PROGRA~3\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} not found
C:\PROGRA~2\Windows Live SkyDrive deleted
C:\Windows\syswow64\appdata deleted
C:\Users\Mark Packard Bell\.android deleted
C:\PROGRA~2\GUM70AD.tmp deleted
C:\PROGRA~2\cWorldLeagueChampionship Manager 01-02 deleted
C:\PROGRA~2\Pearson IT Certification Practice Test deleted
C:\found.000 deleted
C:\Users\Mark Packard Bell\GDFBinary_cs_CZ.dll deleted
C:\Users\Mark Packard Bell\GDFBinary_de_DE.dll deleted
C:\Users\Mark Packard Bell\GDFBinary_en_GB.dll deleted
C:\Users\Mark Packard Bell\GDFBinary_en_US.dll deleted
C:\Users\Mark Packard Bell\GDFBinary_es_ES.dll deleted
C:\Users\Mark Packard Bell\GDFBinary_es_MX.dll deleted
C:\Users\Mark Packard Bell\GDFBinary_fr_FR.dll deleted
C:\Users\Mark Packard Bell\GDFBinary_hu_HU.dll deleted
C:\Users\Mark Packard Bell\GDFBinary_it_IT.dll deleted
C:\Users\Mark Packard Bell\GDFBinary_nl_NL.dll deleted
C:\Users\Mark Packard Bell\GDFBinary_pl_PL.dll deleted
C:\Users\Mark Packard Bell\GDFBinary_pt_BR.dll deleted
C:\Users\Mark Packard Bell\GDFBinary_pt_PT.dll deleted
C:\Users\Mark Packard Bell\GDFBinary_ru_RU.dll deleted
C:\PROGRA~3\Package Cache deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
"C:\Windows\Installer\2cde47.msi" deleted
"C:\Users\Mark Packard Bell\AppData\Roaming\Cpu\cpu.exe" deleted
"C:\Users\Mark Packard Bell\AppData\Roaming\Cpu" deleted
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn" [06/07/2015 21:41]
 
==== Firefox Extensions ======================
 
ProfilePath: C:\Users\MARKPA~1\AppData\Roaming\Mozilla\Firefox\Profiles\umqorouy.default-1433188102237
- FastestFox - %ProfilePath%\extensions\smarterwiki@wikiatic.com.xpi
 
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
==== Firefox Plugins ======================
 
Profilepath: C:\Users\Mark Packard Bell\AppData\Roaming\Mozilla\Firefox\Profiles\umqorouy.default-1433188102237
45EC39FF6C85A7E51F7EF03D5D24790E - C:\ProgramData\VisualOn\BrowserPlugin\npStofaWebtvPlayer.dll - npvoBrowserPlugin Dynamic Link Library
4174499E49FE276D9BDCE13364559080 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_160.dll - Shockwave Flash
D493C8FC0D0FD015BB9765658D77346E - C:\Users\Mark Packard Bell\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
08ACECEB47FAF053C468D8AFE44709AD - C:\Users\Mark Packard Bell\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll - Google Update
F4EB13D930F9D381E7898E40A7461F8B - C:\ProgramData\VisualOn\BrowserPlugin\npStofaWebtvPlayerIE.dll - VisualOn ActiveX Player
 
 
==== Chromium Look ======================
 
Google Chrome Version: 43.0.2357.130
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
iikflkcanblccfahdhdonehdalibjnif - No path found[]
mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx[05/03/2015 10:45]
 
WOT - Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp
Google Cast - Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd
Chromebleed - Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeoekjnjgppnaegdjbcafdggilajhpic
TV - Voozy.tv - Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\flnepcgaapadgbmfkmacafjiejjhbipm
Norton Identity Safe - Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif
Chrome Hotword Shared Module - Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
FlashControl - Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe
Norton Security Toolbar - Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Publish5 - DIY Mobile App Creator - Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pljongdhniobjippcfefmkjnjkcbflfl
iReader - Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppelffpjgkifjfgnbaaldcehkpajlmbc
undetermined - Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeppdapcjiogpjjnceheinbfmkkpkfni
 
==== Chromium Startpages ======================
 
C:\Users\Mark Packard Bell\AppData\Local\Chromium\User Data\Default\Preferences
 
C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Preferences
ngs":{"4":20,"7":65536},"supports_spdy":true},"fbcdn-profile-a.akamaihd.net:443":{"settings":{"4":20,"7":65536},"supports_spdy":true},"fbexternal-a.akamaihd.net:443":{"settings":{"4":20,"7":65536},"supports_spdy":true},"fbstatic-a.akamaihd.net:443":{"settings":{"4":20,"7":65536},"supports_spdy":true},"fonts.googleapis.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":25728},"supports_spdy":true},"gg.google.com:443":{"supports_spdy":true},"googleads.g.doubleclick.net:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":32375},"supports_spdy":true},"googleads.g.doubleclick.net:80":{"alternative_service":[{"port":80,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":24022}},"gp3.googleusercontent.com:443":{"network_stats":{"srtt":48255},"supports_spdy":true},"gp4.googleusercontent.com:443":{"network_stats":{"srtt":48255}},"gp5.googleusercontent.com:443":{"network_stats":{"srtt":52533}},"gp6.googleusercontent.com:443":{"network_stats":{"srtt":48255}},"id.google.dk:443":{"supports_spdy":true},"kastatic.com:443":{"supports_spdy":true},"kat.cr:443":{"supports_spdy":true},"lh3.googleusercontent.com:443":{"network_stats":{"srtt":38250},"supports_spdy":true},"lh4.googleusercontent.com:443":{"network_stats":{"srtt":32802}},"lh5.googleusercontent.com:443":{"network_stats":{"srtt":23382}},"lh6.googleusercontent.com:443":{"network_stats":{"srtt":23382}},"mail-attachment.googleusercontent.com:443":{"network_stats":{"srtt":33142},"supports_spdy":true},"mail.google.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":27991},"supports_spdy":true},"notification.adblockplus.org:443":{"supports_spdy":true},"oauth.googleusercontent.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":30000}},"play.google.com:443":{"supports_spdy":true},"plus.google.com:443":{"supports_spdy":true},"r2---sn-4g57kued.googlevideo.com:443":{"alternative_service":[{"port":443,"probability":0.01,"protocol_str":"quic"}]},"rescueyourcomputer.blogspot.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"rescueyourcomputer.blogspot.dk:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"s.youtube.com:443":{"supports_spdy":true},"s.ytimg.com:443":{"supports_spdy":true},"s2.googleusercontent.com:443":{"network_stats":{"srtt":32802},"supports_spdy":true},"scontent-arn2-1.xx.fbcdn.net:443":{"supports_spdy":true},"scontent-fra3-1.xx.fbcdn.net:443":{"supports_spdy":true},"ssl.google-analytics.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":19875},"supports_spdy":true},"ssl.gstatic.com:443":{"supports_spdy":true},"static.addtoany.com:443":{"supports_spdy":true},"stats.g.doubleclick.net:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":34734},"supports_spdy":true},"su.addthis.com:443":{"supports_spdy":true},"survey.g.doubleclick.net:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"syndication.twitter.com:443":{"supports_spdy":true},"translate.google.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"translate.googleapis.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":28899},"supports_spdy":true},"www.blogblog.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":34171},"supports_spdy":true},"www.blogger.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":27435},"supports_spdy":true},"www.facebook.com:443":{"supports_spdy":true},"www.google-analytics.com:443":{"supports_spdy":true},"www.google-analytics.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.google.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":119136},"supports_spdy":true},"www.google.dk:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":115478},"supports_spdy":true},"www.googleadservices.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true},"www.googleapis.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true},"www.googletagmanager.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true},"www.googletagservices.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":21221},"supports_spdy":true},"www.gstatic.com:443":{"supports_spdy":true},"www.youtube.com:443":{"supports_spdy":true},"youtu.be:443":{"supports_spdy":true},"yt3.ggpht.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":38941},"supports_spdy":true}},"supports_quic":{"address":"192.168.87.106","used_quic":true},"version":3}},"plugins":{"migrated_to_pepper_flash":true,"plugins_list":[],"removed_old_component_pepper_flash_settings":true},"profile":{"avatar_bubble_tutorial_shown":2,"avatar_index":0,"content_settings":{"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{"https://www.youtube.com:443,https://www.youtube.com:443":{"setting":1}},"geolocation":{},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{},"popups":{},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"https://www.youtube.com:443,https://www.youtube.com:443":{"fullscreen":1}},"pref_version":1},"created_by_version":"43.0.2357.130","exit_type":"Crashed","exited_cleanly":true,"icon_version":3,"managed_user_id":"","migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Mark","per_host_zoom_levels":{}},"protection":{"macs":{}},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13080346077759085"},"translate_blocked_languages":["en"],"translate_whitelists":{}}
 
 
==== Chromium Fix ======================
 
C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully
C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Old Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page Redirect Cache"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page Redirect Cache"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Old Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A374D8EF60F699F45B4FEB7DB2A230C8 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A374D8EF60F699F45B4FEB7DB2A230C8 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ Maintance deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\emsisoft anti-malware deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray.exe deleted successfully
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Mark Packard Bell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
C:\Users\Mark Packard Bell\AppData\Local\Mozilla\Firefox\Profiles\umqorouy.default-1433188102237\cache2 emptied successfully
 
==== Empty Chrome Cache ======================
 
C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=1919 folders=58 1162328103 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Mark Packard Bell\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\MARKPA~1\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on 06/07/2015 at 22:40:14.96 ======================


#4 sparky2000

sparky2000
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:51 AM

Posted 06 July 2015 - 04:01 PM

I hadn't seen the Total Ad Performance pop in a few days, admittedly I've been working all weekend, and after these two scans...when I went to re-open this page it popped up again.

 

Anyway ADW Log

 

# AdwCleaner v4.207 - Logfile created 06/07/2015 at 22:48:45
# Updated 21/06/2015 by Xplode
# Database : 2015-07-05.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Mark Packard Bell - MARKPACKARDBELL
# Running from : C:\Users\Mark Packard Bell\Desktop\adwcleaner_4.207.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\93BAD29AC2E44034A96BCB446EB8552E
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Mozilla Firefox v38.0.5 (x86 en-US)
 
 
-\\ Google Chrome v43.0.2357.130
 
 
-\\ Chromium v
 
 
*************************
 
AdwCleaner[R0].txt - [334 bytes] - [18/06/2015 13:31:03]
AdwCleaner[R1].txt - [335 bytes] - [18/06/2015 13:52:06]
AdwCleaner[R2].txt - [334 bytes] - [18/06/2015 13:57:53]
AdwCleaner[R3].txt - [1532 bytes] - [18/06/2015 14:03:21]
AdwCleaner[R4].txt - [1246 bytes] - [24/06/2015 20:38:02]
AdwCleaner[R5].txt - [1260 bytes] - [02/07/2015 23:50:36]
AdwCleaner[R6].txt - [1688 bytes] - [06/07/2015 22:45:18]
AdwCleaner[S0].txt - [1602 bytes] - [18/06/2015 14:11:23]
AdwCleaner[S1].txt - [1312 bytes] - [24/06/2015 20:40:21]
AdwCleaner[S2].txt - [1324 bytes] - [02/07/2015 23:54:45]
AdwCleaner[S3].txt - [1615 bytes] - [06/07/2015 22:48:45]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1674  bytes] ##########


#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:51 AM

Posted 07 July 2015 - 07:24 AM

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)


See post no. 2 and download the Farbar tool and post the logs for my review.

#6 sparky2000

sparky2000
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:51 AM

Posted 10 July 2015 - 02:07 PM

I'm on it now.



#7 sparky2000

sparky2000
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:51 AM

Posted 10 July 2015 - 02:28 PM

This took forever a few days ago and I had to quit as I was leaving. Now it ran in no time.

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-07-2015
Ran by Mark Packard Bell (administrator) on MARKPACKARDBELL on 10-07-2015 21:09:56
Running from C:\Users\Mark Packard Bell\Desktop
Loaded Profiles: Mark Packard Bell (Available Profiles: Mark Packard Bell)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe
(Puran Software) C:\Windows\System32\PuranDefragS.exe
() C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsEngineSvc.exe
(Acer Group) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
() C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe
(Puran Software) C:\Program Files\Puran Defrag\PuranADT.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Mark Packard Bell\Desktop\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12235120 2015-06-30] (Zemana Ltd.)
HKLM\...\Run: [PuranADT] => C:\Program Files\Puran Defrag\PuranADT.exe [443776 2013-08-15] (Puran Software)
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\S-1-5-21-539220840-4066696231-1515832666-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd)
HKU\S-1-5-21-539220840-4066696231-1515832666-1000\...\Run: [GoogleChromeAutoLaunch_AB4AFE18D8CF4DF0FEC18B5AE2A4ED3B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-06-20] (Google Inc.)
HKU\S-1-5-21-539220840-4066696231-1515832666-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
BootExecute: bootdeleteautocheck PuranDefragBT -AD
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-539220840-4066696231-1515832666-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-539220840-4066696231-1515832666-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-05] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-11] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-11] (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/betapit/PCPitStop.CAB
DPF: HKLM-x32 {C8C1066B-FE9E-4B1B-9951-1BBC5EE03E38} https://www2.web-direct.dk/wdx.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 212.10.10.4 212.10.24.252 212.10.10.5
Tcpip\..\Interfaces\{80FFFBAA-458D-4878-94E1-91E6C7B92CC2}: [DhcpNameServer] 212.10.10.4 212.10.24.252 212.10.10.5
 
FireFox:
========
FF ProfilePath: C:\Users\Mark Packard Bell\AppData\Roaming\Mozilla\Firefox\Profiles\umqorouy.default-1433188102237
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_160.dll [2015-06-11] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_160.dll [2015-06-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @fronter.com/FronterOES -> C:\Program Files (x86)\Fronter\Fronter OES\npfronter_oes2.dll [2012-12-18] (Fronter AS)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-28] (Google Inc.)
FF Plugin-x32: @verimatrix.com/ViewRightWeb -> C:\Program Files (x86)\Verimatrix\ViewRight Web\\npViewRight.dll [2012-07-05] (Verimatrix, Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @vmware.com/vmrc,version=5.5.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.5\Firefox\np-vmware-vmrc.dll [2013-08-17] (VMware, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: visualon.com/voBrowserPlugin -> C:\ProgramData\VisualOn\BrowserPlugin\npStofaWebtvPlayer.dll [2014-12-08] ()
FF Plugin HKU\S-1-5-21-539220840-4066696231-1515832666-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Mark Packard Bell\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-539220840-4066696231-1515832666-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Mark Packard Bell\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-539220840-4066696231-1515832666-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Mark Packard Bell\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-04-23] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-539220840-4066696231-1515832666-1000: @verimatrix.com/ViewRightWeb -> C:\Program Files (x86)\Verimatrix\ViewRight Web\\npViewRight.dll [2012-07-05] (Verimatrix, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-01-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-01-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-01-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-01-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-01-14] (Apple Inc.)
FF Extension: FastestFox - C:\Users\Mark Packard Bell\AppData\Roaming\Mozilla\Firefox\Profiles\umqorouy.default-1433188102237\Extensions\smarterwiki@wikiatic.com.xpi [2015-06-11]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-06-02]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-06-02]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2015-07-10]
 
Chrome: 
=======
CHR Profile: C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-06-10]
CHR Extension: (Google Slides) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-10]
CHR Extension: (Google Docs) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-10]
CHR Extension: (Google Drive) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-10]
CHR Extension: (WOT) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-06-10]
CHR Extension: (YouTube) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-10]
CHR Extension: (Google Cast) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-06-18]
CHR Extension: (Adblock Plus) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-06-10]
CHR Extension: (Adblock for Youtube™) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-06-10]
CHR Extension: (Google Search) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-10]
CHR Extension: (Chromebleed) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeoekjnjgppnaegdjbcafdggilajhpic [2015-06-10]
CHR Extension: (Google Sheets) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-10]
CHR Extension: (TV - Voozy.tv) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\flnepcgaapadgbmfkmacafjiejjhbipm [2015-06-10]
CHR Extension: (HTTPS Everywhere) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2015-06-10]
CHR Extension: (Norton Identity Safe) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-06-10]
CHR Extension: (Adblock Super) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2015-06-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-10]
CHR Extension: (FlashControl) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2015-06-10]
CHR Extension: (Norton Security Toolbar) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-06-25]
CHR Extension: (Google Wallet) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-10]
CHR Extension: (Gmail) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-10]
CHR Extension: (Publish5 - DIY Mobile App Creator) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pljongdhniobjippcfefmkjnjkcbflfl [2015-06-10]
CHR Extension: (iReader) - C:\Users\Mark Packard Bell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppelffpjgkifjfgnbaaldcehkpajlmbc [2015-06-10]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-19]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-19]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-10-02] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
S4 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2015-03-17] () [File not signed]
S4 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] () [File not signed]
S4 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [37416 2014-12-15] (CHENGDU YIWO Tech Development Co., Ltd)
R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [868896 2010-06-12] (Acer Incorporated)
R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-03-07] (Realsil Microelectronics Inc.) [File not signed]
S4 kss; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [675096 2014-12-13] (Kaspersky Lab ZAO)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe [276336 2015-03-07] (Symantec Corporation)
S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
S4 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [255744 2010-06-29] (NewTech Infosystems, Inc.)
S4 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2015-03-19] (The OpenVPN Project)
R2 PuranDefrag; C:\Windows\system32\PuranDefragS.exe [292736 2013-08-15] (Puran Software) [File not signed]
S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 rscp; C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe [164600 2015-06-27] ()
R2 rsEngineSvc; C:\Program Files\Reason\Security\rsEngineSvc.exe [81168 2015-05-18] (Reason Software Company Inc.)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5491984 2015-05-20] (TeamViewer GmbH)
R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12235120 2015-06-30] (Zemana Ltd.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20150706.001\BHDrvx64.sys [1648880 2015-06-17] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1507000.00B\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows ® Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-05] (Disc Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [489776 2015-05-27] (Symantec Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2011-07-29] () [File not signed]
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [145200 2015-05-27] (Symantec Corporation)
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48168 2014-12-15] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2011-07-29] () [File not signed]
R0 F825DD4D; C:\Windows\System32\drivers\F825DD4D.sys [457824 2015-04-24] (Kaspersky Lab ZAO)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-04-15] ()
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20150709.001\IDSvia64.sys [692984 2015-06-22] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150709.021\ENG64.SYS [138488 2015-06-24] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150709.021\EX64.SYS [2146040 2015-06-24] (Symantec Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2015-01-26] (The OpenVPN Project)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2013-03-07] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [9584 2013-03-07] () [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ser2at; C:\Windows\System32\DRIVERS\ser2at64.sys [96256 2009-10-15] (ATEN)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1507000.00B\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1507000.00B\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1507000.00B\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1507000.00B\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-21] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-09-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1507000.00B\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-06-18] ()
S3 trufos; C:\Windows\System32\drivers\trufos.sys [350160 2015-04-10] (BitDefender S.R.L.)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [108920 2015-07-02] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [108920 2015-07-02] (Zemana Ltd.)
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-10 21:09 - 2015-07-10 21:09 - 02112512 _____ (Farbar) C:\Users\Mark Packard Bell\Downloads\FRST64 (1).exe
2015-07-10 21:09 - 2015-07-10 21:09 - 02112512 _____ (Farbar) C:\Users\Mark Packard Bell\Desktop\FRST64 (1).exe
2015-07-10 21:01 - 2015-07-10 21:01 - 00000834 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-07-10 20:51 - 2015-07-10 20:51 - 06565736 _____ (Piriform Ltd) C:\Users\Mark Packard Bell\Downloads\ccsetup507.exe
2015-07-10 20:48 - 2015-07-10 20:54 - 00000000 ____D C:\Users\Mark Packard Bell\Downloads\Mr.Robot.S01E03.720p.HDTV.x264-IMMERSE[rarbg]
2015-07-07 12:41 - 2015-07-07 12:41 - 00039216 _____ C:\Users\Mark Packard Bell\Desktop\Addition.txt
2015-07-07 12:39 - 2015-07-10 21:09 - 00033399 _____ C:\Users\Mark Packard Bell\Desktop\FRST.txt
2015-07-07 12:18 - 2015-07-07 12:18 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Local\Apple
2015-07-06 22:41 - 2015-07-06 22:41 - 00021522 _____ C:\Users\Mark Packard Bell\Desktop\zoek-results.txt
2015-07-06 22:35 - 2015-07-06 21:56 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-07-06 21:59 - 2015-07-06 22:40 - 00021522 _____ C:\zoek-results.log
2015-07-06 21:57 - 2015-07-06 21:57 - 02244096 _____ C:\Users\Mark Packard Bell\Desktop\adwcleaner_4.207.exe
2015-07-06 21:56 - 2015-07-06 22:31 - 00000000 ____D C:\zoek_backup
2015-07-06 21:51 - 2015-07-06 21:51 - 01308672 _____ C:\Users\Mark Packard Bell\Desktop\zoek.exe
2015-07-03 22:25 - 2015-07-03 22:27 - 00000000 ____D C:\Users\Mark Packard Bell\Downloads\Mr.Robot.S01E02.720p.HDTV.x264-KILLERS[rarbg]
2015-07-03 22:24 - 2015-07-03 22:24 - 00058946 _____ C:\Users\Mark Packard Bell\Downloads\[kat.cr]mr.robot.s01e02.720p.hdtv.x264.killers.rartv.torrent
2015-07-03 15:07 - 2015-07-10 21:03 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Local\CrashDumps
2015-07-02 23:31 - 2015-07-02 23:31 - 02244096 _____ C:\Users\Mark Packard Bell\Downloads\AdwCleaner (1).exe
2015-07-02 23:13 - 2015-07-02 23:19 - 00000000 ____D C:\Users\Mark Packard Bell\Desktop\Anti-Malware
2015-07-02 16:13 - 2015-07-02 16:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2015-06-29 22:24 - 2015-06-29 22:33 - 00000000 ____D C:\Users\Mark Packard Bell\Downloads\Kurt Cobain Montage of Heck (2015) [1080p]
2015-06-29 20:05 - 2015-06-29 20:05 - 01998432 _____ (BitTorrent Inc.) C:\Users\Mark Packard Bell\Downloads\uTorrent (1).exe
2015-06-29 19:39 - 2015-06-29 19:39 - 00025849 _____ C:\Users\Mark Packard Bell\Downloads\[kat.cr]true.detective.s02e02.hdtv.x264.asap.ettv.torrent
2015-06-29 19:36 - 2015-06-29 19:36 - 00016801 _____ C:\Users\Mark Packard Bell\Downloads\[kat.cr]soaked.in.bleach.2015.720p.brrip.800mb.mkvcage.torrent
2015-06-29 18:47 - 2015-06-29 18:47 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Roaming\9-lab
2015-06-29 18:42 - 2015-06-29 18:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\9-lab Removal Tool
2015-06-29 18:42 - 2015-06-29 18:42 - 00000000 ____D C:\ProgramData\9-lab
2015-06-29 18:42 - 2015-06-29 18:42 - 00000000 ____D C:\Program Files\9-lab
2015-06-29 18:39 - 2015-06-29 18:39 - 06366920 _____ C:\Users\Mark Packard Bell\Downloads\rmtool-setup-x86 (1).exe
2015-06-29 15:21 - 2015-06-29 15:21 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Local\Macromedia
2015-06-29 13:41 - 2015-06-29 13:41 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Roaming\Crystal Security
2015-06-29 13:41 - 2015-06-29 13:41 - 00000000 ____D C:\Program Files (x86)\Crystal Security
2015-06-27 19:24 - 2015-06-27 19:24 - 00003572 _____ C:\Windows\System32\Tasks\ReasonSecurityScheduledScan
2015-06-27 19:24 - 2015-06-27 19:24 - 00000000 ____D C:\ProgramData\Reason
2015-06-27 19:23 - 2015-06-27 19:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reason Core Security
2015-06-27 19:22 - 2015-06-27 19:22 - 00000000 ____D C:\Program Files\Reason
2015-06-26 18:15 - 2015-06-26 18:15 - 10571443 _____ C:\Users\Mark Packard Bell\Downloads\SCP-DS-Driver-Package-1.2.0.160.7z
2015-06-26 18:14 - 2015-06-26 18:14 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Local\BetterDS3
2015-06-26 18:09 - 2015-06-26 18:09 - 00759932 _____ C:\Users\Mark Packard Bell\Downloads\BetterDS3_1.5.3.zip
2015-06-26 17:51 - 2015-06-26 17:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
2015-06-26 17:51 - 2015-06-26 17:56 - 00000000 ____D C:\Program Files\MotioninJoy
2015-06-26 17:51 - 2015-06-26 17:51 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Roaming\MotioninJoy
2015-06-26 17:51 - 2010-05-03 16:12 - 00328712 _____ (Logitech Inc.) C:\Windows\system32\MijFrc.dll
2015-06-26 17:45 - 2015-06-26 17:45 - 02299287 _____ C:\Users\Mark Packard Bell\Downloads\MotioninJoy_060001_amd64_signed.zip
2015-06-26 15:31 - 2015-06-26 15:31 - 00000000 ____D C:\Program Files (x86)\ESET
2015-06-26 15:22 - 2015-06-26 15:22 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-06-26 03:01 - 2015-07-02 23:10 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2015-06-26 03:01 - 2015-07-02 23:10 - 00000000 ____D C:\Program Files\Adware-Removal-Tool
2015-06-24 17:41 - 2015-07-02 20:55 - 00108920 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2015-06-24 17:41 - 2015-07-02 20:50 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2015-06-24 17:40 - 2015-07-02 16:13 - 00108920 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2015-06-24 17:40 - 2015-06-24 17:40 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Local\Zemana
2015-06-24 17:29 - 2015-06-24 17:29 - 00060468 _____ C:\MWAV.LOG
2015-06-24 00:08 - 2015-06-24 00:08 - 00000000 ____D C:\Windows\VDLL.DLL
2015-06-24 00:08 - 2015-06-24 00:08 - 00000000 ____D C:\Windows\SysWOW64\runouce.exe
2015-06-24 00:08 - 2015-06-24 00:08 - 00000000 ____D C:\Windows\RUNDL132.EXE
2015-06-24 00:08 - 2015-06-24 00:08 - 00000000 ____D C:\Windows\logo_1.exe
2015-06-23 23:01 - 2015-06-23 23:01 - 00121827 _____ C:\Users\Mark Packard Bell\Downloads\[kat.cr]true.detective.s02e01.proper.720p.hdtv.x264.killers.rartv.torrent
2015-06-23 22:43 - 2015-06-23 22:44 - 158158304 _____ C:\Users\Mark Packard Bell\Downloads\mwav (2).exe
2015-06-23 22:43 - 2015-06-23 22:44 - 158158304 _____ C:\Users\Mark Packard Bell\Downloads\mwav (1).exe
2015-06-23 22:42 - 2015-06-23 22:43 - 158158304 _____ C:\Users\Mark Packard Bell\Downloads\mwav.exe
2015-06-23 22:31 - 2015-06-23 22:31 - 00002770 _____ C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2015-06-23 21:35 - 2015-06-23 21:35 - 00003202 _____ C:\Windows\System32\Tasks\{5E620AA4-B6DE-4595-B40A-9155C256FB19}
2015-06-22 20:32 - 2015-06-22 20:38 - 00000000 ____D C:\Users\Mark Packard Bell\Downloads\Danny Collins (2015)
2015-06-22 20:23 - 2015-06-22 20:23 - 00090346 _____ C:\Users\Mark Packard Bell\Downloads\[kat.cr]danny.collins.2015.1080p.bluray.x264.dts.hd.ma.5.1.rarbg.torrent
2015-06-22 13:17 - 2014-07-16 10:24 - 00040760 _____ (TuneUp Software) C:\Windows\system32\TURegOpt.exe
2015-06-22 13:17 - 2014-07-16 10:24 - 00029496 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2015-06-22 13:17 - 2014-07-16 10:24 - 00025400 _____ (TuneUp Software) C:\Windows\SysWOW64\authuitu.dll
2015-06-22 13:16 - 2015-06-22 13:16 - 00002167 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014.lnk
2015-06-22 13:15 - 2015-06-22 13:15 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Roaming\TuneUp Software
2015-06-22 13:15 - 2015-06-22 13:15 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Local\TuneUp Software
2015-06-22 13:07 - 2015-06-22 13:18 - 00000000 ____D C:\ProgramData\TuneUp Software
2015-06-22 13:06 - 2015-06-25 15:11 - 00000000 ____D C:\Program Files (x86)\System Ninja
2015-06-22 13:06 - 2015-06-22 13:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Ninja
2015-06-22 12:36 - 2015-06-22 12:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wipe
2015-06-22 12:35 - 2015-06-22 13:48 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Roaming\Wipe
2015-06-22 12:35 - 2015-06-22 12:36 - 00000000 ____D C:\Program Files\Wipe
2015-06-22 12:25 - 2015-06-22 12:25 - 00546456 _____ (www.privacyroot.com) C:\Users\Mark Packard Bell\Downloads\setup_wipe.exe
2015-06-18 16:51 - 2015-06-18 16:52 - 02001540 _____ C:\Users\Mark Packard Bell\Downloads\pc-decrapifier-3.0.0.exe
2015-06-18 13:58 - 2015-06-18 13:58 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Mark Packard Bell\Downloads\rkill(1)64.exe
2015-06-18 13:32 - 2015-06-18 13:32 - 02953520 _____ (AVAST Software) C:\Users\Mark Packard Bell\Downloads\avast-browser-cleanup.exe
2015-06-18 13:30 - 2015-07-06 22:49 - 00000000 ____D C:\AdwCleaner
2015-06-18 12:21 - 2015-06-18 12:21 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-06-18 12:18 - 2015-06-22 20:12 - 00000966 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-539220840-4066696231-1515832666-1000UA.job
2015-06-18 12:18 - 2015-06-22 20:12 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-539220840-4066696231-1515832666-1000Core.job
2015-06-18 12:18 - 2015-06-22 20:09 - 00003972 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-539220840-4066696231-1515832666-1000UA
2015-06-18 12:18 - 2015-06-22 20:09 - 00003576 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-539220840-4066696231-1515832666-1000Core
2015-06-18 12:18 - 2015-06-22 13:23 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Local\Dropbox
2015-06-18 12:18 - 2015-06-18 12:18 - 00000000 ____D C:\ProgramData\Dropbox
2015-06-18 01:39 - 2015-06-29 22:22 - 00000000 ____D C:\Users\Mark Packard Bell\Desktop\mbar
2015-06-18 01:38 - 2015-06-18 01:38 - 00000000 ____D C:\Users\Mark Packard Bell\Downloads\FRST-OlderVersion
2015-06-18 01:17 - 2015-06-18 01:17 - 00000000 ____D C:\TDSSKiller_Quarantine
2015-06-17 23:21 - 2015-06-17 23:21 - 00089827 _____ C:\Users\Mark Packard Bell\Downloads\[kat.cr]game.of.thrones.s05e10.720p.hdtv.x264.immerse.rarbg.torrent
2015-06-17 20:18 - 2015-06-17 20:18 - 17659640 _____ C:\Users\Mark Packard Bell\Downloads\RogueKiller.exe
2015-06-17 20:18 - 2015-06-17 20:18 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Mark Packard Bell\Downloads\tdsskiller.exe
2015-06-17 20:15 - 2015-06-17 20:15 - 12907304 _____ C:\Users\Mark Packard Bell\Downloads\tweaking.com_windows_repair_aio_setup.exe
2015-06-17 20:15 - 2015-06-17 20:15 - 00000574 _____ C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job
2015-06-17 20:08 - 2015-06-17 20:08 - 02231296 _____ C:\Users\Mark Packard Bell\Downloads\AdwCleaner.exe
2015-06-17 20:08 - 2015-06-17 20:08 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Mark Packard Bell\Downloads\rkill(1).exe
2015-06-17 01:46 - 2015-06-17 01:46 - 00000000 ____D C:\Program Files\Common Files\AV
2015-06-17 00:50 - 2015-06-17 00:50 - 00001261 _____ C:\Users\Mark Packard Bell\Desktop\Chromecast.lnk
2015-06-17 00:50 - 2015-06-17 00:50 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast
2015-06-17 00:49 - 2015-06-17 00:49 - 00931408 _____ (Google Inc.) C:\Users\Mark Packard Bell\Downloads\chromecastinstaller.exe
2015-06-16 05:00 - 2015-06-16 05:00 - 00309362 _____ C:\Users\Mark Packard Bell\Downloads\repository.FTV-Guide-Repo-1.1 (1).zip
2015-06-16 04:45 - 2015-06-16 04:45 - 01749374 _____ C:\Users\Mark Packard Bell\Downloads\plugin.program.addoninstaller-1.2.0.zip
2015-06-16 04:43 - 2015-06-16 04:43 - 00000674 _____ C:\Users\Mark Packard Bell\Downloads\repository.alelec.zip
2015-06-16 03:35 - 2015-06-16 03:35 - 01029262 _____ C:\Users\Mark Packard Bell\Downloads\plugin.video.phstreams-2.0.7.zip
2015-06-16 02:58 - 2015-06-16 04:44 - 00000000 ____D C:\Users\Mark Packard Bell\Desktop\New folder
2015-06-16 02:54 - 2015-06-16 02:53 - 100396526 _____ C:\Users\Mark Packard Bell\Desktop\OpenELEC-RPi2.arm-5.0.8.img.gz
2015-06-16 02:54 - 2015-03-31 23:38 - 306184192 _____ C:\Users\Mark Packard Bell\Desktop\OpenELEC-RPi2.arm-5.0.8.img
2015-06-16 02:52 - 2015-06-16 02:53 - 110387200 _____ C:\Users\Mark Packard Bell\Downloads\OpenELEC-RPi2.arm-5.0.8 (1).tar
2015-06-16 02:52 - 2015-06-16 02:53 - 100396526 _____ C:\Users\Mark Packard Bell\Downloads\OpenELEC-RPi2.arm-5.0.8.img.gz
2015-06-16 02:26 - 2015-06-16 02:26 - 00000000 ____D C:\Users\Mark Packard Bell\Desktop\OpenELEC-RPi2.arm-5.0.8
2015-06-16 02:25 - 2015-06-16 02:25 - 110387200 _____ C:\Users\Mark Packard Bell\Desktop\OpenELEC-RPi2.arm-5.0.8.tar
2015-06-16 02:24 - 2015-06-16 02:25 - 110387200 _____ C:\Users\Mark Packard Bell\Downloads\OpenELEC-RPi2.arm-5.0.8.tar
2015-06-16 02:14 - 2015-06-16 02:15 - 04547467 _____ C:\Users\Mark Packard Bell\Downloads\3D printing.pptx
2015-06-11 01:30 - 2015-06-11 01:30 - 00315634 _____ C:\Users\Mark Packard Bell\Documents\cc_20150611_013030.reg
2015-06-11 01:08 - 2015-06-11 01:07 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-06-11 01:07 - 2015-06-11 01:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-06-11 00:52 - 2015-06-11 00:52 - 00561248 _____ (Oracle Corporation) C:\Users\Mark Packard Bell\Downloads\jxpiinstall(1).exe
2015-06-11 00:49 - 2015-06-11 00:49 - 01125056 _____ (Adobe Systems Incorporated) C:\Users\Mark Packard Bell\Downloads\flashplayer18_ha_install.exe
2015-06-10 23:46 - 2015-07-10 21:02 - 00002167 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-10 23:46 - 2015-06-10 23:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-10 23:44 - 2015-06-10 23:44 - 00931408 _____ (Google Inc.) C:\Users\Mark Packard Bell\Downloads\ChromeSetup.exe
2015-06-10 12:55 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 12:55 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 12:55 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 12:55 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 12:55 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 12:55 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 12:55 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 12:55 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 12:55 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 12:55 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 12:55 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 12:55 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 12:55 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 12:54 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 12:54 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 12:54 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 12:54 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-10 12:54 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 12:54 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-10 12:54 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-10 12:54 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 12:54 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-10 12:54 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 12:54 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-10 12:54 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-10 12:54 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-10 12:54 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 12:54 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-10 12:54 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 12:54 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-10 12:54 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 12:54 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-10 12:54 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 12:54 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 12:54 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 12:54 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 12:54 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 12:54 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-10 12:54 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 12:54 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 12:54 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 12:54 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 12:54 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 12:54 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 12:54 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 12:54 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 12:54 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 12:54 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 12:54 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 12:54 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 12:54 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 12:54 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 12:54 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 12:54 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 12:54 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 12:54 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 12:54 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 12:54 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 12:54 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 12:54 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 12:53 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 12:53 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 12:53 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 12:53 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 12:53 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 12:53 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 12:53 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 12:53 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 12:53 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 12:53 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 12:53 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 12:53 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 12:53 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-10 21:10 - 2015-06-02 23:52 - 00000000 ____D C:\FRST
2015-07-10 21:03 - 2014-11-06 07:57 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-10 21:03 - 2014-03-26 10:26 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Roaming\Notepad++
2015-07-10 21:03 - 2011-08-01 17:45 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Roaming\uTorrent
2015-07-10 21:01 - 2010-12-01 11:38 - 02076609 ____N C:\Windows\WindowsUpdate.log
2015-07-10 21:00 - 2012-02-22 02:49 - 00000000 ____D C:\Program Files\CCleaner
2015-07-10 20:59 - 2009-07-14 06:45 - 00018736 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-10 20:59 - 2009-07-14 06:45 - 00018736 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-10 20:43 - 2012-09-01 07:31 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-07-10 20:43 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-07 13:26 - 2015-06-02 21:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-06 23:13 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-07-06 23:11 - 2011-08-01 17:19 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Roaming\Adobe
2015-07-06 22:28 - 2011-08-01 17:03 - 00000000 ____D C:\Users\Mark Packard Bell
2015-07-02 23:18 - 2014-01-22 14:01 - 00000000 ____D C:\Users\Mark Packard Bell\Desktop\Utilities
2015-07-01 20:53 - 2011-08-01 19:30 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Roaming\Skype
2015-07-01 12:14 - 2014-05-26 10:47 - 00000000 ___RD C:\Users\Mark Packard Bell\Dropbox
2015-07-01 12:13 - 2014-12-15 16:42 - 00000337 _____ C:\Users\Mark Packard Bell\Documents\Jacklyn.txt
2015-06-29 20:35 - 2015-04-11 19:26 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-29 20:34 - 2015-04-11 19:26 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-29 20:26 - 2009-07-14 07:13 - 00739030 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-29 20:17 - 2014-05-12 20:56 - 00002700 _____ C:\Users\Mark Packard Bell\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-06-29 16:28 - 2015-04-11 19:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-29 14:57 - 2015-04-11 19:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-25 19:00 - 2011-08-25 00:06 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-06-25 15:22 - 2015-04-15 20:12 - 00000000 ____D C:\Program Files\Puran Defrag
2015-06-25 05:11 - 2014-02-03 11:41 - 00000600 _____ C:\Users\Mark Packard Bell\AppData\Local\PUTTY.RND
2015-06-25 01:41 - 2014-04-07 11:56 - 00000600 _____ C:\Users\Mark Packard Bell\AppData\Roaming\winscp.rnd
2015-06-24 21:39 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-06-24 20:53 - 2009-07-14 04:34 - 00000931 _____ C:\Windows\win.ini
2015-06-24 20:48 - 2015-04-10 15:37 - 00000056 _____ C:\Windows\Lic.xxx
2015-06-23 23:11 - 2014-04-21 23:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2015-06-23 23:08 - 2014-04-29 11:37 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Local\VMware
2015-06-23 23:08 - 2014-02-11 14:52 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Local\Microsoft Help
2015-06-23 23:05 - 2015-03-02 10:54 - 00000000 ____D C:\Users\Mark Packard Bell\Desktop\Telenet
2015-06-23 23:05 - 2014-09-09 08:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iometer 1.1
2015-06-23 23:05 - 2014-04-23 22:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Undelete
2015-06-23 23:05 - 2014-02-04 20:34 - 00000000 ____D C:\Users\Mark Packard Bell\Desktop\College
2015-06-23 23:05 - 2014-01-22 14:01 - 00000000 ____D C:\Users\Mark Packard Bell\Desktop\Games
2015-06-23 23:05 - 2011-09-30 14:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Championship Manager 01-02
2015-06-23 22:47 - 2011-08-01 17:34 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Roaming\Mozilla
2015-06-23 21:32 - 2012-07-31 00:12 - 00002796 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-06-22 20:12 - 2014-01-04 14:26 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-22 20:12 - 2014-01-04 14:26 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-22 20:12 - 2012-09-19 00:38 - 00000956 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-539220840-4066696231-1515832666-1000UA.job
2015-06-22 20:12 - 2012-09-19 00:38 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-539220840-4066696231-1515832666-1000Core.job
2015-06-22 20:09 - 2015-05-27 23:20 - 00005036 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for MARKPACKARDBELL-Mark Packard Bell MarkPackardBell
2015-06-22 20:09 - 2015-04-09 16:09 - 00003694 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2015-06-22 20:09 - 2014-01-04 14:26 - 00003906 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-06-22 20:09 - 2014-01-04 14:26 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-06-22 20:09 - 2012-09-19 00:38 - 00003962 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-539220840-4066696231-1515832666-1000UA
2015-06-22 20:09 - 2012-09-19 00:38 - 00003566 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-539220840-4066696231-1515832666-1000Core
2015-06-22 20:09 - 2011-08-01 17:49 - 00003162 _____ C:\Windows\System32\Tasks\SidebarExecute
2015-06-22 13:44 - 2013-11-25 06:33 - 00000000 ____D C:\Windows\pss
2015-06-22 13:36 - 2014-01-28 19:33 - 00000000 ____D C:\Users\Mark Packard Bell\.VirtualBox
2015-06-22 13:36 - 2013-11-19 03:21 - 00000000 ____D C:\Program Files\Defraggler
2015-06-22 13:30 - 2015-06-07 16:44 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\OICE_15_974FA576_32C1D314_2598
2015-06-22 13:30 - 2015-05-21 14:09 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\OICE_15_974FA576_32C1D314_3B6
2015-06-22 13:30 - 2015-05-21 11:01 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\OICE_15_974FA576_32C1D314_3ECE
2015-06-22 13:30 - 2015-05-15 09:10 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\OICE_15_974FA576_32C1D314_830
2015-06-22 13:30 - 2015-04-29 00:24 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\OICE_15_974FA576_32C1D314_1813
2015-06-22 13:30 - 2015-02-23 15:55 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\OICE_15_974FA576_32C1D314_1792
2015-06-22 13:30 - 2014-11-05 10:50 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\OICE_15_974FA576_32C1D314_19C9
2015-06-22 13:30 - 2014-09-24 10:43 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\OICE_15_974FA576_32C1D314_F56
2015-06-22 13:30 - 2014-09-12 00:15 - 00000000 ____D C:\Program Files (x86)\Raptr
2015-06-22 13:30 - 2014-06-10 09:55 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\OICE_15_974FA576_32C1D314_F50
2015-06-22 13:30 - 2014-04-28 14:23 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\OICE_15_974FA576_32C1D314_636
2015-06-22 13:30 - 2014-04-28 13:11 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\OICE_15_974FA576_32C1D314_2D5E
2015-06-22 13:30 - 2014-04-08 12:47 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\OICE_15_974FA576_32C1D314_450
2015-06-22 13:30 - 2014-04-08 11:52 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\OICE_15_974FA576_32C1D314_1D7B
2015-06-22 13:30 - 2014-04-08 10:40 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\OICE_15_974FA576_32C1D314_3C13
2015-06-22 13:30 - 2014-04-08 09:16 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\OICE_15_974FA576_32C1D314_2F3E
2015-06-22 13:30 - 2014-04-07 09:40 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\OICE_15_974FA576_32C1D314_1984
2015-06-22 13:30 - 2014-04-07 08:54 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\OICE_15_974FA576_32C1D314_3A01
2015-06-22 13:30 - 2014-04-07 00:29 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\OICE_15_974FA576_32C1D314_3237
2015-06-22 13:30 - 2014-03-21 00:13 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\OICE_15_974FA576_32C1D314_1CFA
2015-06-22 13:30 - 2014-03-18 18:00 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\OICE_15_974FA576_32C1D314_30FA
2015-06-22 13:30 - 2014-03-12 13:57 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\OICE_15_974FA576_32C1D314_1F9E
2015-06-22 13:30 - 2014-03-10 15:35 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\OICE_15_974FA576_32C1D314_1199
2015-06-22 13:30 - 2014-03-04 14:36 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\OICE_15_974FA576_32C1D314_1980
2015-06-22 13:30 - 2014-03-04 10:40 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\OICE_15_974FA576_32C1D314_3E99
2015-06-22 13:30 - 2014-03-04 10:37 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\OICE_15_974FA576_32C1D314_8F0
2015-06-22 13:30 - 2014-02-25 11:58 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\OICE_15_974FA576_32C1D314_2691
2015-06-22 13:30 - 2014-02-25 11:13 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\OICE_15_974FA576_32C1D314_397B
2015-06-22 13:30 - 2014-02-12 12:43 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\OICE_15_974FA576_32C1D314_4CF
2015-06-22 13:30 - 2013-10-22 00:32 - 00000000 ____D C:\Program Files (x86)\ccTapanifiedChampionship Manager 01-02
2015-06-22 13:30 - 2013-10-10 01:06 - 00000000 ____D C:\Program Files (x86)\ccccChampionship Manager 01-02
2015-06-22 13:30 - 2013-10-08 03:30 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Local\Screencast-O-Matic
2015-06-22 13:30 - 2013-09-09 05:49 - 00000000 ____D C:\Users\Mark Packard Bell\Downloads\Wiley.-.Android.Application.Development.Cookbook.2013.RETAiL.eBOOk-rebOOk
2015-06-22 13:30 - 2013-09-09 04:58 - 00000000 ____D C:\Users\Mark Packard Bell\Downloads\Apress.Beginning.iOS.6.Games.Development.2012.RETAIL.eBook-repackb00k
2015-06-22 13:02 - 2015-01-26 13:06 - 00000000 ____D C:\Users\Mark Packard Bell\Cisco Packet Tracer 6.0.1
2015-06-22 13:02 - 2014-04-04 21:58 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Roaming\XBMC
2015-06-22 13:02 - 2012-07-30 19:03 - 00000000 ____D C:\Users\Mark Packard Bell\Documents\My Photos
2015-06-22 13:01 - 2015-03-27 13:01 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Roaming\Pearson IT Certification Practice Test
2015-06-22 13:01 - 2015-03-22 20:46 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Roaming\Kodi
2015-06-22 13:01 - 2014-09-12 00:15 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Roaming\Raptr
2015-06-22 13:01 - 2014-07-24 22:53 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Roaming\redsn0w
2015-06-22 13:01 - 2013-12-02 00:21 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Roaming\TeamViewer
2015-06-22 13:01 - 2013-09-30 02:55 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Roaming\Origin
2015-06-22 13:01 - 2011-10-28 17:25 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Roaming\Spotify
2015-06-22 13:01 - 2011-10-19 04:12 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Roaming\wargaming.net
2015-06-22 13:01 - 2011-08-01 19:56 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Roaming\Dropbox
2015-06-22 13:01 - 2011-08-01 18:13 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Roaming\vlc
2015-06-22 13:00 - 2011-10-18 17:36 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Roaming\Apple Computer
2015-06-22 13:00 - 2011-08-01 17:47 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Roaming\DAEMON Tools Lite
2015-06-22 12:56 - 2011-08-01 17:45 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Local\Google
2015-06-22 12:55 - 2011-10-28 17:26 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Local\Spotify
2015-06-22 12:55 - 2011-08-01 19:54 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Local\Sports Interactive
2015-06-22 12:54 - 2012-04-30 02:08 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Local\NPE
2015-06-22 12:52 - 2014-11-21 11:09 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Local\Akamai
2015-06-22 12:52 - 2014-10-16 20:46 - 00000000 ____D C:\Users\Mark Packard Bell\.shsh
2015-06-22 12:52 - 2014-09-03 11:16 - 00000000 ____D C:\Users\Mark Packard Bell\.freemind
2015-06-22 12:52 - 2014-08-19 11:07 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Local\Adobe
2015-06-22 12:52 - 2012-06-13 15:28 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Local\Apps\2.0
2015-06-22 12:52 - 2012-04-06 21:10 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Local\Facebook
2015-06-22 12:52 - 2012-01-04 18:19 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Local\FilmOn.com
2015-06-22 12:52 - 2011-10-18 17:36 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Local\Apple Computer
2015-06-18 21:39 - 2010-09-16 12:11 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2015-06-18 21:33 - 2010-09-16 12:14 - 00000000 ____D C:\Program Files (x86)\Packard Bell Games
2015-06-18 17:25 - 2010-09-16 12:14 - 00000000 ____D C:\ProgramData\WildTangent
2015-06-18 17:25 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-06-18 16:00 - 2013-02-23 17:30 - 00000000 ____D C:\Users\Mark Packard Bell\AppData\Roaming\.Torrent Stream
2015-06-18 15:57 - 2013-01-27 14:13 - 00002562 _____ C:\Users\Mark Packard Bell\Documents\The secret to my success.txt
2015-06-18 15:47 - 2012-01-24 02:47 - 00000000 ____D C:\Users\Mark Packard Bell\Documents\KONAMI
2015-06-18 08:41 - 2015-04-11 19:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-18 08:41 - 2015-04-11 19:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-18 01:39 - 2015-06-02 13:01 - 00003780 _____ C:\Users\Mark Packard Bell\Downloads\FSS.txt
2015-06-18 01:38 - 2015-06-02 23:50 - 02109952 _____ (Farbar) C:\Users\Mark Packard Bell\Downloads\FRST64.exe
2015-06-18 01:38 - 2015-06-02 13:02 - 00051388 _____ C:\Users\Mark Packard Bell\Downloads\Result.txt
2015-06-18 01:37 - 2014-11-13 16:22 - 00000000 ____D C:\ProgramData\RogueKiller
2015-06-18 01:37 - 2009-07-14 04:34 - 00000747 _____ C:\Windows\system32\Drivers\etc\hosts.old
2015-06-18 01:27 - 2014-11-13 16:23 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-06-18 00:52 - 2015-04-09 20:55 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-06-18 00:40 - 2014-04-28 11:38 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-11 15:31 - 2009-07-14 06:45 - 00000000 ____D C:\Windows\Setup
2015-06-11 11:27 - 2012-04-10 09:37 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-11 01:07 - 2011-08-01 19:46 - 00000000 ____D C:\Program Files (x86)\Java
2015-06-11 00:56 - 2012-04-10 09:37 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-11 00:56 - 2012-04-10 09:37 - 00003770 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-11 00:56 - 2011-08-01 18:07 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-10 23:46 - 2011-08-01 18:06 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-10 21:41 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-10 21:29 - 2015-05-26 23:04 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2015-06-10 20:07 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-10 15:29 - 2014-03-26 10:22 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-06-10 15:28 - 2014-03-26 10:06 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-10 14:44 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2015-06-10 14:30 - 2013-08-15 01:54 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 13:47 - 2015-04-16 20:18 - 00000000 ____D C:\Users\Mark Packard Bell\Desktop\Security
2015-06-10 13:46 - 2015-01-27 14:40 - 00000000 ____D C:\Users\Mark Packard Bell\Desktop\Consultancy
2015-06-10 13:46 - 2015-01-26 10:28 - 00000000 ____D C:\Users\Mark Packard Bell\Desktop\CV Info
2015-06-10 13:44 - 2015-06-02 21:47 - 00000000 ____D C:\Users\Mark Packard Bell\Desktop\SNORT
2015-06-10 13:42 - 2011-08-01 21:29 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-10 12:19 - 2015-04-16 20:16 - 00000000 ____D C:\Users\Mark Packard Bell\Desktop\Cisco
2015-06-10 02:50 - 2009-07-14 04:34 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_269
 
==================== Files in the root of some directories =======
 
2013-10-28 05:19 - 2013-10-12 20:47 - 0000732 _____ () C:\Program Files (x86)\visit-www.nosteam.ro.html
2014-04-07 11:56 - 2015-06-25 01:41 - 0000600 _____ () C:\Users\Mark Packard Bell\AppData\Roaming\winscp.rnd
2014-11-18 12:15 - 2014-11-18 12:15 - 0000037 ___SH () C:\Users\Mark Packard Bell\AppData\Local\70149b02515b3bb20dd492.47983420
2013-11-13 00:54 - 2015-05-07 20:57 - 0129400 _____ () C:\Users\Mark Packard Bell\AppData\Local\ars.cache
2013-11-13 00:55 - 2015-05-07 20:57 - 0589483 _____ () C:\Users\Mark Packard Bell\AppData\Local\census.cache
2013-11-13 00:01 - 2013-11-13 00:01 - 0000036 _____ () C:\Users\Mark Packard Bell\AppData\Local\housecall.guid.cache
2014-02-03 11:41 - 2015-06-25 05:11 - 0000600 _____ () C:\Users\Mark Packard Bell\AppData\Local\PUTTY.RND
2015-04-27 13:28 - 2015-04-27 13:28 - 0000729 _____ () C:\Users\Mark Packard Bell\AppData\Local\recently-used.xbel
2012-05-06 00:18 - 2015-01-14 20:45 - 0007597 _____ () C:\Users\Mark Packard Bell\AppData\Local\resmon.resmoncfg
2015-05-07 20:39 - 2015-05-07 20:39 - 0000010 _____ () C:\Users\Mark Packard Bell\AppData\Local\sponge.last.runtime.cache
2014-01-21 16:01 - 2014-01-21 16:01 - 0000000 _____ () C:\ProgramData\DP45977C.lfl
2014-04-13 20:46 - 2014-04-17 15:58 - 0000193 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2015-03-27 13:01 - 2015-03-27 13:01 - 0000113 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
Some zero byte size files/folders:
==========================
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\runouce.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-03 00:20
 
==================== End of log ============================


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:51 AM

Posted 11 July 2015 - 08:03 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-539220840-4066696231-1515832666-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF Extension: FastestFox - C:\Users\Mark Packard Bell\AppData\Roaming\Mozilla\Firefox\Profiles\umqorouy.default-1433188102237\Extensions\smarterwiki@wikiatic.com.xpi [2015-06-11]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys [X]
C:\Users\Mark Packard Bell\AppData\Roaming\Mozilla\Firefox\Profiles\umqorouy.default-1433188102237\Extensions\smarterwiki@wikiatic.com.xpi

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.

====

How is the computer running now?

Edited by nasdaq, 11 July 2015 - 08:03 AM.


#9 sparky2000

sparky2000
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:51 AM

Posted 11 July 2015 - 08:48 AM

Done. Just give it a few days and I'll see how the computer and browser are. The Total Ad Performance only pops up periodically but I just don't trust my browser with this in it. Thanks.



#10 sparky2000

sparky2000
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:51 AM

Posted 11 July 2015 - 08:50 AM

By the way, is there an Ad Blocker extension for Chrome that is trusted?



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:51 AM

Posted 11 July 2015 - 01:17 PM

This one is recommended.

https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb

Keep me posted if you still get popups from Ad Performance

Edited by nasdaq, 16 July 2015 - 07:47 AM.


#12 sparky2000

sparky2000
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:51 AM

Posted 16 July 2015 - 06:38 AM

I haven't used this much in the last 5 days but no sign of it just yet.



#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:51 AM

Posted 16 July 2015 - 07:47 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:51 AM

Posted 22 July 2015 - 07:24 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users