Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Malware Issues - Companion, others


  • This topic is locked This topic is locked
12 replies to this topic

#1 Cjshoop99

Cjshoop99

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 01 August 2015 - 02:49 PM

Hi, I'm trying to get rid of a bunch of malware on a laptop. It's my sisters' computer so I can't give a whole lot of detail, but what I do know is that there are tons of popups when using Chrome. There is specifically something called "companion". Most popups say "Brought to you by companion" at the bottom, or "Ads by companion". I've tried running Windows Defender to no avail (and it periodically pops up a message saying that it's working on removing something, but never seems to succeed). I think my sister tried a system restore at some point as well. The biggest issue is the companion ads, however before that became a problem there were some other issues that I can't specifically name. They were caused when opening some file from piratebay. We tried removing them and she eventually got tired of trying and thought it was "good enough". I'm pretty sure there are still some remnants of whatever that was. Thanks for the help!

 

FRST Log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-07-2015
Ran by Jordan (administrator) on KHALEESI (01-08-2015 12:29:43)
Running from C:\Users\Jordan\Desktop
Loaded Profiles: Jordan (Available Profiles: Jordan)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Windows\maos.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Spotify Ltd) C:\Users\Jordan\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Public\Documents\windows.exe
(Dropbox, Inc.) C:\Users\Jordan\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\Users\Public\Documents\windows.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510232 2014-01-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [285272 2013-12-30] (Waves Audio Ltd.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3777696 2014-01-16] (Dell Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [133760 2014-01-08] (Qualcomm®Atheros®)
HKU\S-1-5-21-1949905117-3184062509-4024357042-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1949905117-3184062509-4024357042-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1949905117-3184062509-4024357042-1001\...\Run: [Spotify Web Helper] => C:\Users\Jordan\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2021944 2015-05-28] (Spotify Ltd)
HKU\S-1-5-21-1949905117-3184062509-4024357042-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1949905117-3184062509-4024357042-1001\...\Run: [Spotify] => C:\Users\Jordan\AppData\Roaming\Spotify\Spotify.exe [7323192 2015-05-28] (Spotify Ltd)
HKU\S-1-5-21-1949905117-3184062509-4024357042-1001\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-1949905117-3184062509-4024357042-1001\...\Run: [Dropbox Update] => C:\Users\Jordan\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.)
HKU\S-1-5-21-1949905117-3184062509-4024357042-1001\...\Run: [Br Media Player] => C:\Program Files (x86)\Br Media Player\Br Media Player\Br Media Player.exe
HKU\S-1-5-21-1949905117-3184062509-4024357042-1001\...\Run: [Application] => C:\Users\Public\Documents\windows.exe [8368733 2015-06-29] ()
HKU\S-1-5-21-1949905117-3184062509-4024357042-1001\...\Run: [WindApp] => "C:\Users\Jordan\AppData\Roaming\Store\WindApp\WindApp.exe" /winstartup
HKU\S-1-5-21-1949905117-3184062509-4024357042-1001\...\Run: [Selection Tools] => "C:\Users\Jordan\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe" /winstartup
HKU\S-1-5-21-1949905117-3184062509-4024357042-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-1949905117-3184062509-4024357042-1001\...\Run: [GoogleChromeAutoLaunch_D35563CBE1D1A1436A67A5E5C259B9F5] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-25] (Google Inc.)
AppInit_DLLs-x32: c:\programdata\flashbeat\flashbeat32.dll => "c:\programdata\flashbeat\flashbeat32.dll" File not found
Startup: C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-12-26]
ShortcutTarget: Dropbox.lnk -> C:\Users\Jordan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jordan\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jordan\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jordan\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jordan\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jordan\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jordan\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jordan\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jordan\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jordan\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jordan\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jordan\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jordan\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jordan\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jordan\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jordan\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jordan\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jordan\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jordan\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jordan\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1949905117-3184062509-4024357042-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1949905117-3184062509-4024357042-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www-searching.com/?pid=s&s=F7Mzamobl0,99999999-9999-43db-b335-391dfec73537&vp=ch&prd=set
HKU\S-1-5-21-1949905117-3184062509-4024357042-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
URLSearchHook: HKU\S-1-5-21-1949905117-3184062509-4024357042-1001 - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-searching.com/search.aspx?site=shdefault&prd=smw&pid=s&shr=d&q={searchTerms}&s=Unknown
SearchScopes: HKLM-x32 -> {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = http://start.iminent.com/?appId=0811b80b-3018-4343-9cf1-94c1c1ed89d6&ref=toolbox&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1949905117-3184062509-4024357042-1001 -> DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-searching.com/search.aspx?site=shdefault&prd=smw&pid=s&shr=d&q={searchTerms}&s=Unknown
SearchScopes: HKU\S-1-5-21-1949905117-3184062509-4024357042-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www-searching.com/search.aspx?s=F7Mzamobl0,99999999-9999-43db-b335-391dfec73537&site=shyosie&prd=set&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1949905117-3184062509-4024357042-1001 -> {578021BF-F416-4DA6-AE77-E70D685723F7} URL = 
SearchScopes: HKU\S-1-5-21-1949905117-3184062509-4024357042-1001 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-searching.com/search.aspx?site=shdefault&prd=smw&pid=s&shr=d&q={searchTerms}&s=Unknown
SearchScopes: HKU\S-1-5-21-1949905117-3184062509-4024357042-1001 -> {F8557AD9-B59E-4A5B-A8E1-81A6F0A8007B} URL = http://start.iminent.com/?appId=0811b80b-3018-4343-9cf1-94c1c1ed89d6&ref=toolbox&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation)
BHO-x32: No Name -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} ->  No File
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0524BABB-5EE3-4304-A247-AC07032043ED}: [NameServer] 81.218.119.5,82.163.142.130
Tcpip\..\Interfaces\{5DFDF11A-EA04-41C6-83DD-3504D6BF2AB8}: [NameServer] 81.218.119.5,82.163.142.130
Tcpip\..\Interfaces\{5DFDF11A-EA04-41C6-83DD-3504D6BF2AB8}: [DhcpNameServer] 172.27.1.171
Tcpip\..\Interfaces\{61E3551B-DBB2-4BE4-A63B-C1D863708E54}: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\e17p0ect.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-02-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF user.js: detected! => C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\e17p0ect.default\user.js [2015-07-23]
FF SearchPlugin: C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\e17p0ect.default\searchplugins\smod.xml [2015-07-22]
FF Extension: HQCinema Pro 2.1V24.05 - C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\e17p0ect.default\Extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com [2015-05-24]
FF Extension: cccc5f0db9d0431488b57e27551f9e84jetpack - C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\e17p0ect.default\Extensions\cccc5f0d-b9d0-4314-88b5-7e27551f9e84@jetpack [2015-08-01]
FF Extension: jid0jJRRRBMgoShUhb07IvnxTBAl29wjetpack - C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\e17p0ect.default\Extensions\jid0-jJRRRBMgoShUhb07IvnxTBAl29w@jetpack [2015-05-28]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\prefs.js [2015-08-01]
 
Chrome: 
=======
CHR Profile: C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-24]
CHR Extension: (ahdcbmcfcelhbaajmnfilcmnchogibdn) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahdcbmcfcelhbaajmnfilcmnchogibdn [2015-08-01]
CHR Extension: (Google Docs) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-24]
CHR Extension: (Google Drive) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-24]
CHR Extension: (YouTube) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-24]
CHR Extension: (Adblock Plus) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-07-23]
CHR Extension: (Send to Kindle for Google Chrome™) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdjpilhipecahhcilnafpblkieebhea [2015-07-23]
CHR Extension: (Google Search) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-24]
CHR Extension: (Google Sheets) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-24]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-07-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-24]
CHR Extension: (No History) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljamgkbcojbnmcaonjokopmcblmmpfch [2015-07-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-01]
CHR Extension: (Gmail) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-24]
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [318592 2014-01-08] (Windows ® Win 7 DDK provider) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2753720 2015-07-01] (Microsoft Corporation)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe [145288 2015-04-09] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-06-09] (Dell Inc.)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 maos; c:\windows\maos.exe [408576 2015-05-27] () [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-29] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2005392 2015-02-11] (SoftThinks SAS)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]
S2 UpdateCheck; C:\Program Files (x86)\Coupoon\UpdateCheck.exe run  [X]
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3881472 2013-12-12] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-01-08] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
S1 fbjmqewi; C:\Windows\system32\drivers\fbjmqewi.sys [55168 2015-08-01] (Microsoft Corporation)
S1 jtglhzzi; C:\Windows\system32\drivers\jtglhzzi.sys [55168 2015-08-01] (Microsoft Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
S1 qiauefnt; C:\Windows\system32\drivers\qiauefnt.sys [55168 2015-08-01] (Microsoft Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [41200 2014-01-15] (Synaptics Incorporated)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R1 {1d672de2-cd4a-47bd-a031-f1b874644e67}Gw64; C:\Windows\System32\drivers\{1d672de2-cd4a-47bd-a031-f1b874644e67}Gw64.sys [48784 2015-07-22] (StdLib)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-01 12:29 - 2015-08-01 12:30 - 00027611 _____ C:\Users\Jordan\Desktop\FRST.txt
2015-08-01 12:27 - 2015-08-01 12:29 - 00000000 ____D C:\FRST
2015-08-01 12:27 - 2015-08-01 12:27 - 00055168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\qiauefnt.sys
2015-08-01 12:26 - 2015-08-01 12:26 - 00055168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fbjmqewi.sys
2015-08-01 12:25 - 2015-08-01 12:25 - 02168832 _____ (Farbar) C:\Users\Jordan\Desktop\FRST64.exe
2015-08-01 12:12 - 2015-08-01 12:12 - 00000000 ___RD C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-08-01 12:07 - 2015-08-01 12:07 - 00055168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\jtglhzzi.sys
2015-08-01 11:54 - 2015-08-01 11:54 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-23 15:17 - 2015-07-23 15:00 - 00000000 ____D C:\Windows\system32\%LOCALAPPDATA%
2015-07-23 01:41 - 2015-07-23 01:43 - 00001478 _____ C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome .lnk
2015-07-23 01:26 - 2015-07-23 01:26 - 00003094 _____ C:\Windows\System32\Tasks\{AE46AC0B-D7AA-46DC-8655-720A1A19DBF5}
2015-07-23 01:04 - 2015-07-23 01:04 - 00003094 _____ C:\Windows\System32\Tasks\{56AA7803-327E-4556-B658-25519F4F5F5E}
2015-07-22 20:45 - 2015-07-22 21:06 - 00081776 _____ C:\ProgramData\Fhl7f5Oc.dat
2015-07-22 16:59 - 2015-07-22 16:59 - 00003684 _____ C:\Windows\System32\Tasks\boosterpop
2015-07-22 16:58 - 2015-07-23 15:00 - 00000000 ____D C:\Users\Jordan\AppData\Local\PCMATICPLUS_fixed
2015-07-22 16:58 - 2015-07-23 00:51 - 00000000 ____D C:\Program Files (x86)\PCMATICPLUSSOL
2015-07-22 16:40 - 2015-07-23 01:18 - 00000000 ____D C:\Users\Jordan\AppData\Local\BrowserAir
2015-07-22 16:28 - 2015-07-23 04:33 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-07-22 16:28 - 2015-07-22 16:28 - 00003654 _____ C:\Windows\System32\Tasks\IE_ERR4WDR
2015-07-22 16:28 - 2015-07-22 16:28 - 00003630 _____ C:\Windows\System32\Tasks\HDNINSTSCHD
2015-07-22 16:28 - 2015-07-22 16:28 - 00003496 _____ C:\Windows\System32\Tasks\UPDTEXE4_WDR
2015-07-22 16:28 - 2015-07-22 16:28 - 00000000 ____D C:\Users\Jordan\AppData\Local\globalUpdate
2015-07-22 16:27 - 2015-07-23 00:52 - 00000000 ____D C:\Program Files (x86)\Portable WeatherApp
2015-07-22 16:26 - 2015-07-22 16:26 - 00004628 _____ C:\Windows\System32\Tasks\Web Tool Runner
2015-07-22 16:25 - 2015-07-23 15:00 - 00000000 ____D C:\ProgramData\SearchModule
2015-07-22 16:25 - 2015-07-23 14:53 - 00000000 ____D C:\Program Files\Common Files\Goobzo
2015-07-22 16:25 - 2015-07-22 16:25 - 05316216 _____ C:\Windows\SysWOW64\ins_smk.exe
2015-07-22 16:25 - 2015-07-22 16:25 - 00519680 _____ C:\Windows\SysWOW64\ins_U501EXE.exe
2015-07-22 16:25 - 2015-07-22 16:25 - 00004244 _____ C:\Windows\System32\Tasks\SMW_UpdateTask_Time_333733313238313338332d415b343437414545785a5a6c
2015-07-22 16:23 - 2015-07-22 16:23 - 00000000 ____D C:\Program Files (x86)\ospd_us_014010038
2015-07-22 16:22 - 2015-07-23 15:00 - 00000000 ____D C:\Program Files (x86)\4C4C4544-1437607326-4210-8054-C8C04F433132
2015-07-22 16:22 - 2015-07-22 20:31 - 00000000 ____D C:\ProgramData\abc
2015-07-22 16:22 - 2015-07-22 16:22 - 00000005 _____ C:\end
2015-07-22 16:22 - 2015-07-22 16:22 - 00000000 ____D C:\Program Files\Coupoon
2015-07-22 16:21 - 2015-08-01 12:07 - 00000000 ____D C:\Program Files (x86)\Coupoon
2015-07-22 16:21 - 2015-07-23 01:17 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\WTools
2015-07-22 16:21 - 2015-07-22 16:21 - 00000078 _____ C:\Users\Jordan\AppData\Roaming\Selection Tools.installation.log
2015-07-22 16:20 - 2015-07-23 13:21 - 00000010 _____ C:\Users\Public\Documents\test.txt
2015-07-22 16:20 - 2015-07-23 01:18 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\Nosibay
2015-07-22 16:20 - 2015-07-23 01:17 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\Store
2015-07-22 16:20 - 2015-07-22 16:20 - 00005721 _____ C:\Users\Jordan\AppData\Roaming\Bubble Dock.installation.log
2015-07-22 16:20 - 2015-07-22 16:20 - 00000078 _____ C:\Users\Jordan\AppData\Roaming\WindApp.installation.log
2015-07-22 16:19 - 2015-07-22 16:21 - 00001276 _____ C:\Users\Jordan\AppData\Roaming\Bubble Dock.boostrap.log
2015-07-22 16:19 - 2015-07-22 16:19 - 00000097 _____ C:\Users\Jordan\AppData\Roaming\WindApp.boostrap.log
2015-07-22 16:19 - 2015-06-29 21:11 - 08368733 _____ C:\Users\Public\Documents\windows.exe
2015-07-22 16:18 - 2015-07-23 15:00 - 00000000 ____D C:\Program Files (x86)\Br Media Player
2015-07-22 16:18 - 2015-07-23 15:00 - 00000000 ____D C:\Program Files (x86)\4C4C4544-1437607138-4210-8054-C8C04F433132
2015-07-22 16:18 - 2015-07-23 00:53 - 00000732 _____ C:\Windows\SysWOW64\application.log
2015-07-22 16:18 - 2015-07-23 00:53 - 00000000 ____D C:\Program Files (x86)\BrowseForTheCause
2015-07-22 16:18 - 2015-07-22 16:05 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{1d672de2-cd4a-47bd-a031-f1b874644e67}Gw64.sys
2015-07-22 16:17 - 2015-07-22 16:17 - 00000000 ____D C:\Program Files (x86)\app_setup
2015-07-22 16:16 - 2015-07-23 00:39 - 00200229 _____ C:\Windows\SysWOW64\debug.log
2015-07-22 16:14 - 2015-07-23 15:00 - 00000000 ____D C:\Program Files\ffsecure
2015-07-22 16:11 - 2015-07-22 16:11 - 01010730 _____ C:\Users\Jordan\Downloads\SimCity BuildIt Hack 2015 Downloader.zip
2015-07-20 23:01 - 2015-07-20 23:01 - 00000000 ____D C:\Users\Jordan\Desktop\NEW
2015-07-20 19:06 - 2015-07-14 07:14 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-20 19:06 - 2015-07-14 07:14 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-20 19:06 - 2015-07-14 07:14 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-20 19:06 - 2015-07-14 07:13 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-16 15:27 - 2015-07-16 15:27 - 00000000 ____D C:\Users\Jordan\Downloads\The Devil in the White City by Erik Larson
2015-07-14 14:01 - 2015-07-09 12:51 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-14 14:01 - 2015-07-09 11:40 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-14 14:01 - 2015-07-09 09:03 - 03701760 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-14 14:01 - 2015-07-09 08:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-14 14:01 - 2015-07-09 08:53 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-14 14:01 - 2015-07-09 08:50 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-07-14 14:01 - 2015-07-09 08:50 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-14 14:01 - 2015-07-09 08:48 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-14 14:01 - 2015-07-09 08:46 - 02229248 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-14 14:01 - 2015-07-09 08:38 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-14 14:01 - 2015-07-09 08:37 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-14 14:01 - 2015-07-09 08:35 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-14 14:01 - 2015-07-09 08:34 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-14 14:01 - 2015-06-29 15:43 - 00026288 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-14 14:01 - 2015-06-29 08:07 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-14 14:01 - 2015-06-29 08:07 - 01084928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-14 14:01 - 2015-06-29 08:07 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-14 14:01 - 2015-06-29 08:07 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-14 14:01 - 2015-06-29 08:07 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-14 14:01 - 2015-06-27 22:07 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-14 14:01 - 2015-06-27 22:07 - 00178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-14 14:01 - 2015-06-27 22:06 - 01311960 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-14 14:01 - 2015-06-27 22:06 - 00332120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-14 14:01 - 2015-06-27 09:42 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-14 14:01 - 2015-06-26 20:13 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-14 14:01 - 2015-06-26 20:12 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-14 14:01 - 2015-06-26 20:12 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-14 14:01 - 2015-06-26 20:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-14 14:01 - 2015-06-26 20:08 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-14 14:01 - 2015-06-26 19:40 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-07-14 14:01 - 2015-06-26 19:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-14 14:01 - 2015-06-26 19:05 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-14 14:01 - 2015-06-26 19:00 - 00989184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-14 14:01 - 2015-06-26 18:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-07-14 14:01 - 2015-06-26 18:26 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-14 14:01 - 2015-06-26 16:21 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-14 14:01 - 2015-06-26 16:21 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-14 14:01 - 2015-06-24 19:31 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-14 14:01 - 2015-06-15 15:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-14 14:01 - 2015-06-15 15:24 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-14 14:01 - 2015-06-15 14:16 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-14 14:01 - 2015-06-15 14:09 - 03607552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-14 14:01 - 2015-06-15 13:50 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-14 14:01 - 2015-06-15 12:57 - 02460160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-14 14:01 - 2015-05-30 14:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-07-14 14:01 - 2015-05-30 12:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-07-14 14:01 - 2015-05-30 12:35 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-07-14 14:01 - 2015-05-11 11:17 - 01201664 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2015-07-14 14:01 - 2015-05-07 10:50 - 22292672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-07-14 14:01 - 2015-05-07 10:00 - 03109376 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-07-14 14:01 - 2015-05-07 09:53 - 19734960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-07-14 14:01 - 2015-05-07 09:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-07-14 14:01 - 2015-05-07 08:21 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll
2015-07-14 14:01 - 2015-05-07 08:05 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll
2015-07-14 14:01 - 2015-05-02 17:39 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-07-14 14:01 - 2015-04-29 16:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2015-07-14 14:01 - 2015-04-24 19:25 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-07-14 14:01 - 2014-11-04 12:25 - 00059712 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys
2015-07-14 14:01 - 2014-11-04 12:25 - 00051008 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys
2015-07-14 14:01 - 2014-11-03 23:55 - 00026112 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys
2015-07-14 14:01 - 2014-11-03 23:54 - 00108544 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys
2015-07-14 14:01 - 2014-11-03 23:54 - 00032256 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys
2015-07-14 14:01 - 2014-11-03 23:54 - 00030208 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys
2015-07-14 14:00 - 2015-06-15 15:39 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-14 14:00 - 2015-06-15 15:38 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-14 14:00 - 2015-06-15 15:26 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-14 14:00 - 2015-06-15 15:24 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-14 14:00 - 2015-06-15 15:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-07-14 14:00 - 2015-06-15 14:58 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-14 14:00 - 2015-06-15 14:57 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-14 14:00 - 2015-06-15 14:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-07-14 14:00 - 2015-06-15 14:55 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-14 14:00 - 2015-06-15 14:49 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-07-14 14:00 - 2015-06-15 14:41 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-07-14 14:00 - 2015-06-15 14:38 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-14 14:00 - 2015-06-15 14:36 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-14 14:00 - 2015-06-15 14:17 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-07-14 14:00 - 2015-06-15 14:16 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-14 14:00 - 2015-06-15 14:15 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-14 14:00 - 2015-06-15 14:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-14 14:00 - 2015-06-15 14:04 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-14 14:00 - 2015-06-15 14:03 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-14 14:00 - 2015-06-15 13:52 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-14 14:00 - 2015-06-15 13:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-07-14 14:00 - 2015-06-15 13:44 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-14 14:00 - 2015-06-15 13:43 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-14 14:00 - 2015-06-15 13:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-07-14 14:00 - 2015-06-15 13:41 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-14 14:00 - 2015-06-15 13:37 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-07-14 14:00 - 2015-06-15 13:32 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-07-14 14:00 - 2015-06-15 13:31 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-14 14:00 - 2015-06-15 13:30 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-14 14:00 - 2015-06-15 13:30 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-14 14:00 - 2015-06-15 13:17 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-07-14 14:00 - 2015-06-15 13:07 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-14 14:00 - 2015-06-15 13:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-14 13:59 - 2015-07-02 14:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-14 13:59 - 2015-07-02 13:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-14 13:59 - 2015-07-01 15:08 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-14 13:59 - 2015-07-01 14:14 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-14 13:59 - 2015-06-15 22:36 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-14 13:59 - 2015-06-15 22:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-14 13:59 - 2015-06-10 20:49 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-14 13:59 - 2015-06-10 09:13 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-14 13:59 - 2015-05-12 06:19 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2015-07-14 13:59 - 2015-05-11 09:34 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\fhcpl.dll
2015-07-14 13:59 - 2015-05-07 09:47 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-07-14 13:59 - 2015-05-03 08:09 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-14 13:59 - 2015-05-03 07:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-14 13:59 - 2015-05-03 07:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-07-14 13:59 - 2015-05-03 07:49 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-07-14 13:59 - 2015-05-01 16:33 - 00410739 _____ C:\Windows\system32\ApnDatabase.xml
2015-07-14 13:59 - 2015-04-28 06:13 - 00513480 _____ C:\Windows\SysWOW64\locale.nls
2015-07-14 13:59 - 2015-04-28 06:13 - 00513480 _____ C:\Windows\system32\locale.nls
2015-07-14 13:59 - 2015-04-23 08:47 - 03084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-07-14 13:59 - 2015-04-23 08:16 - 02471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-07-14 13:58 - 2015-07-02 13:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-14 13:58 - 2015-07-02 13:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-14 13:58 - 2015-07-02 13:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-14 13:58 - 2015-07-02 12:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-14 13:58 - 2015-07-02 12:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-14 13:58 - 2015-07-02 11:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-14 13:58 - 2015-05-03 08:07 - 07784448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2015-07-14 13:58 - 2015-05-03 07:57 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2015-07-08 21:44 - 2015-07-08 21:44 - 00000000 ____D C:\Program Files (x86)\Dell Update
2015-07-08 16:11 - 2015-07-08 17:05 - 00000000 ____D C:\Users\Jordan\Downloads\New Girl (2011) Season 4 -E.Rev 480p MKV x264
2015-07-06 17:22 - 2015-07-06 17:23 - 00000000 ____D C:\Users\Jordan\Downloads\The Spectacular Now
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-01 12:25 - 2014-12-25 10:57 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1949905117-3184062509-4024357042-1001
2015-08-01 12:22 - 2014-09-30 08:12 - 01782917 _____ C:\Windows\WindowsUpdate.log
2015-08-01 12:20 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\AppReadiness
2015-08-01 12:17 - 2014-09-30 08:37 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2015-08-01 12:13 - 2015-02-13 08:38 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\Spotify
2015-08-01 12:13 - 2014-12-26 13:40 - 00000000 ___RD C:\Users\Jordan\Dropbox
2015-08-01 12:13 - 2014-12-26 13:37 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\Dropbox
2015-08-01 12:12 - 2015-02-13 08:39 - 00000000 ____D C:\Users\Jordan\AppData\Local\Spotify
2015-08-01 12:11 - 2015-05-24 23:34 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-01 12:11 - 2015-05-24 20:47 - 00000350 _____ C:\Windows\Tasks\GPZMERTTIY1.job
2015-08-01 12:11 - 2015-01-01 19:10 - 00000000 ___RD C:\Users\Jordan\iCloudDrive
2015-08-01 12:11 - 2014-12-25 10:55 - 00000000 ___RD C:\Users\Jordan\OneDrive
2015-08-01 12:08 - 2015-05-24 23:34 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-01 12:03 - 2015-06-19 18:53 - 00000940 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1949905117-3184062509-4024357042-1001UA.job
2015-08-01 12:02 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\sru
2015-08-01 12:01 - 2014-12-25 11:00 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B4A9D753-529E-4C99-A746-B705285B5601}
2015-08-01 11:55 - 2015-04-04 14:09 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-23 23:24 - 2013-08-22 07:46 - 00027810 _____ C:\Windows\setupact.log
2015-07-23 23:24 - 2013-08-22 07:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-23 15:00 - 2015-05-24 23:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-23 15:00 - 2015-04-04 14:09 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-23 15:00 - 2014-12-28 13:01 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-23 15:00 - 2014-12-28 13:01 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-23 15:00 - 2014-12-25 14:48 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\vlc
2015-07-23 15:00 - 2014-12-25 12:48 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\uTorrent
2015-07-23 15:00 - 2014-12-25 10:52 - 00000000 ____D C:\ProgramData\Atheros
2015-07-23 15:00 - 2014-12-25 10:51 - 00000000 ___RD C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-07-23 15:00 - 2014-12-25 10:51 - 00000000 ___RD C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-23 15:00 - 2014-12-25 10:51 - 00000000 ___RD C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-07-23 15:00 - 2013-08-22 08:36 - 00000000 ___RD C:\Windows\ToastData
2015-07-23 15:00 - 2013-08-22 08:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-07-23 15:00 - 2013-08-22 08:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-23 15:00 - 2013-08-22 08:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-07-23 15:00 - 2013-08-22 08:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-07-23 15:00 - 2013-08-22 08:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-23 15:00 - 2013-08-22 08:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-07-23 15:00 - 2013-08-22 08:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-07-23 15:00 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\WinStore
2015-07-23 15:00 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\SysWOW64\WinMetadata
2015-07-23 15:00 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\rescache
2015-07-23 15:00 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-23 15:00 - 2013-08-22 08:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-07-23 15:00 - 2013-08-22 06:36 - 00000000 ____D C:\Windows\system32\Sysprep
2015-07-23 14:53 - 2014-03-18 02:44 - 00106212 _____ C:\Windows\PFRO.log
2015-07-23 14:53 - 2013-08-22 06:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-07-23 01:18 - 2015-05-24 23:05 - 00001795 _____ C:\Windows\SysWOW64\${LOGFILE}
2015-07-23 01:10 - 2015-05-24 20:32 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-07-23 01:10 - 2015-02-15 08:33 - 00001295 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-23 00:51 - 2015-01-04 10:09 - 00000000 ____D C:\Users\Jordan\AppData\Local\CrashDumps
2015-07-23 00:50 - 2014-09-30 08:19 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-23 00:44 - 2013-08-22 06:25 - 00000226 _____ C:\Windows\win.ini
2015-07-23 00:42 - 2013-08-22 07:44 - 00510872 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-22 22:03 - 2015-06-19 18:53 - 00000888 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1949905117-3184062509-4024357042-1001Core.job
2015-07-22 16:25 - 2014-12-25 10:51 - 00001692 _____ C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-22 16:18 - 2015-02-13 08:39 - 00001932 _____ C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-07-22 16:18 - 2015-01-09 07:26 - 00000000 __SHD C:\Users\Jordan\AppData\Local\EmieBrowserModeList
2015-07-22 16:18 - 2014-12-25 11:00 - 00000000 __SHD C:\Users\Jordan\AppData\Local\EmieUserList
2015-07-22 16:18 - 2014-12-25 11:00 - 00000000 __SHD C:\Users\Jordan\AppData\Local\EmieSiteList
2015-07-22 16:18 - 2014-12-25 10:51 - 00000551 _____ C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-07-22 16:18 - 2014-12-25 10:51 - 00000549 _____ C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-07-22 16:18 - 2014-03-18 02:54 - 00000551 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-07-22 16:18 - 2014-03-18 02:54 - 00000551 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-07-22 16:18 - 2014-03-18 02:54 - 00000549 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-07-22 16:18 - 2014-03-18 02:54 - 00000549 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-07-21 15:56 - 2015-02-18 06:44 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-07-21 02:22 - 2013-08-22 08:20 - 00000000 ____D C:\Windows\CbsTemp
2015-07-20 15:58 - 2014-12-26 13:36 - 00000000 ____D C:\Users\Jordan\Desktop\Jordan
2015-07-18 21:58 - 2015-06-19 18:53 - 00003892 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1949905117-3184062509-4024357042-1001UA
2015-07-18 21:58 - 2015-06-19 18:53 - 00003512 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1949905117-3184062509-4024357042-1001Core
2015-07-18 21:42 - 2015-01-01 20:57 - 00000000 ____D C:\Program Files\PeerBlock
2015-07-15 22:44 - 2015-05-24 23:34 - 00003660 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-15 22:44 - 2014-12-25 11:01 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-14 14:23 - 2014-12-26 11:09 - 00000000 ____D C:\Windows\system32\MRT
2015-07-13 14:10 - 2015-05-06 06:27 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-13 14:10 - 2015-05-06 06:27 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-09 14:11 - 2014-03-18 02:53 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-08 21:44 - 2014-09-30 08:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-07-05 03:08 - 2014-12-26 11:03 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-03 08:43 - 2014-12-26 11:09 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2015-07-22 16:19 - 2015-07-22 16:21 - 0001276 _____ () C:\Users\Jordan\AppData\Roaming\Bubble Dock.boostrap.log
2015-07-22 16:20 - 2015-07-22 16:20 - 0005721 _____ () C:\Users\Jordan\AppData\Roaming\Bubble Dock.installation.log
2015-07-22 16:21 - 2015-07-22 16:21 - 0000078 _____ () C:\Users\Jordan\AppData\Roaming\Selection Tools.installation.log
2015-07-22 16:19 - 2015-07-22 16:19 - 0000097 _____ () C:\Users\Jordan\AppData\Roaming\WindApp.boostrap.log
2015-07-22 16:20 - 2015-07-22 16:20 - 0000078 _____ () C:\Users\Jordan\AppData\Roaming\WindApp.installation.log
2015-05-24 21:22 - 2015-05-24 22:54 - 0000112 _____ () C:\ProgramData\CD42Dt5v.dat
2014-09-30 08:03 - 2014-09-30 08:03 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-07-22 20:45 - 2015-07-22 21:06 - 0081776 _____ () C:\ProgramData\Fhl7f5Oc.dat
2014-09-30 08:25 - 2014-09-30 08:26 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-09-30 08:22 - 2014-09-30 08:23 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-09-30 08:23 - 2014-09-30 08:24 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-09-30 08:24 - 2014-09-30 08:25 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-09-30 08:21 - 2014-09-30 08:22 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
Files to move or delete:
====================
C:\ProgramData\CD42Dt5v.dat
C:\ProgramData\Fhl7f5Oc.dat
 
 
Some files in TEMP:
====================
C:\Users\Jordan\AppData\Local\Temp\1344.exe
C:\Users\Jordan\AppData\Local\Temp\6580.exe
C:\Users\Jordan\AppData\Local\Temp\chromeupdate.exe
C:\Users\Jordan\AppData\Local\Temp\cw.exe
C:\Users\Jordan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphmdww9.dll
C:\Users\Jordan\AppData\Local\Temp\dskb.exe
C:\Users\Jordan\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Jordan\AppData\Local\Temp\Quarantine.exe
C:\Users\Jordan\AppData\Local\Temp\SimCity BuildIt Hack 2015 Downloader__3687_i1563219805_il571912.exe
C:\Users\Jordan\AppData\Local\Temp\sqlite3.dll
C:\Users\Jordan\AppData\Local\Temp\tu17p84.exe
C:\Users\Jordan\AppData\Local\Temp\Uninstall.exe
C:\Users\Jordan\AppData\Local\Temp\UninstallEADM.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-18 22:07
 
==================== End of log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:46 PM

Posted 01 August 2015 - 08:17 PM

Hi and welcome to the Virus/Trojan/Spyware/Malware Removal forum,

I am thcbytes and I am here to help you!

Your computer is significantly infected. Be patient with the cleanup. It might take a while.

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.

In the upper right hand corner of the topic you will see a button called Watch this topic. Click on this then choose Immediate E-Mail notification and then Proceed and you will be advised when I respond to your topic by email.

Please try to reply within 24 hours. If you find yourself delayed simply post a quick reply here and let me know!! After 5 days if your topic is not replied I will assume it has been abandoned and I will close it.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

<<<<<<<<<<

Lastly if you have not already done so you should consider backing up your important data - pictures, documents, etc... Worse case scenario is need for a wipe and reinstall your operating system to its factory settings. Therefore your precious data will be salvaged. There are both free and paid applications available.

Cobian Backup
DriveImage XML
CrashPlan

<<<<<<<<<<

Going over your logs I noticed that you have utorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall utorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start; Control Panel; Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

<<<<<<<<<<

Send me a copy of a suspicious file for analysis

1. Please go to here.
2. Where it asks for the "Link to topic where this file was requested" copy and paste in
http://www.bleepingcomputer.com/forums/t/584867/multiple-malware-issues-companion-others/#entry3777370
3. Where it says "Browse to the file you want to submit", browse to
C:\Windows\maos.exe
4. Press the Send File button.

<<<<<<<<<<
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed you will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Cleaning
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
<<<<<<<<<<

Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
Copy and paste the contents in your reply

<<<<<<<<<<

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions
  • for doing a Quick Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

<<<<<<<<<<

Re-run FRST, check the Addition.txt box, press SCAN and copy/paste the 2 logs in your next reply.

<<<<<<<<<<

With your next post please provide:
  • AdwCleaner.txt
  • JRT log
  • MBAM log
  • FRST.txt
  • Addition.txt
  • An update about the problems that persist
Kind regards,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 Cjshoop99

Cjshoop99
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 02 August 2015 - 05:57 PM

Hi, I think I've finished everything you asked. The maos.exe file has also been uploaded. The computer is definitely running better now. Startup is faster, and I haven't seen a single ad. All in all it seems completely normal. Attached are the logs for all the various scans. Thanks!

 

ADW Log

# AdwCleaner v4.208 - Logfile created 02/08/2015 at 13:58:45
# Updated 09/07/2015 by Xplode
# Database : 2015-08-01.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Jordan - KHALEESI
# Running from : C:\Users\Jordan\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
Service Deleted : netfilter64
[#] Service Deleted : UpdateCheck
Service Deleted : {1d672de2-cd4a-47bd-a031-f1b874644e67}Gw64
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\SearchModule
Folder Deleted : C:\Program Files (x86)\BrowseForTheCause
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\coupoon
Folder Deleted : C:\Program Files (x86)\app_setup
Folder Deleted : C:\Program Files (x86)\ControlThis Parental Control
Folder Deleted : C:\Program Files (x86)\Portable WeatherApp
Folder Deleted : C:\Program Files (x86)\Br Media Player
Folder Deleted : C:\Users\Jordan\AppData\Local\Temp\Iminent
Folder Deleted : C:\Users\Jordan\AppData\Local\Temp\Coupon Time
Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\StormWatch
Folder Deleted : C:\Program Files\coupoon
Folder Deleted : C:\Program Files\Common Files\Goobzo
Folder Deleted : C:\Users\Jordan\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Jordan\AppData\Roaming\Nosibay
Folder Deleted : C:\Users\Jordan\AppData\Roaming\Store
Folder Deleted : C:\Users\Jordan\AppData\Roaming\WTools
File Deleted : C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ehhlaekjfiiojlddgndcnefflngfmhen_0.localstorage
File Deleted : C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Deleted : C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jdkokpcldhneihjdhigfjmoeojkdcbmg_0.localstorage
File Deleted : C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_paegfioodgpjfnjhibkahegobfeofeei_0.localstorage-journal
File Deleted : C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nociobghckdhokecfeajdpimjeapnopn_0.localstorage
File Deleted : C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_adpeheiliennogfclcgmchdfdmafjegc_0.localstorage
File Deleted : C:\END
File Deleted : C:\Windows\System32\drivers\{1d672de2-cd4a-47bd-a031-f1b874644e67}Gw64.sys
File Deleted : C:\Users\Jordan\AppData\Roaming\Bubble Dock.boostrap.log
File Deleted : C:\Users\Jordan\AppData\Roaming\Bubble Dock.installation.log
File Deleted : C:\Users\Jordan\AppData\Roaming\Selection Tools.installation.log
File Deleted : C:\Users\Jordan\AppData\Roaming\WindApp.boostrap.log
File Deleted : C:\Users\Jordan\AppData\Roaming\WindApp.installation.log
File Deleted : C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\e17p0ect.default\user.js
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\defaults\preferences\prefs.js
File Deleted : C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
File Deleted : C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
File Deleted : C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage
File Deleted : C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage-journal
File Deleted : C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage
File Deleted : C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage-journal
File Deleted : C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_start.iminent.com_0.localstorage
File Deleted : C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_start.iminent.com_0.localstorage-journal
File Deleted : C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www-searching.com_0.localstorage
File Deleted : C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www-searching.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
Task Deleted : UPDTEXE4_WDR
Task Deleted : IE_ERR4WDR
Task Deleted : SMW_UpdateTask_Time_333733313238313338332d415b343437414545785a5a6c
 
***** [ Shortcuts ] *****
 
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome .lnk
Shortcut Disinfected : C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Hola Better Internet Engine.lnk
Shortcut Disinfected : C:\Users\Jordan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Jordan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Jordan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
 
***** [ Registry ] *****
 
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [WindApp]
Key Deleted : HKLM\SOFTWARE\Classes\Iminent
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Selection Tools]
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Br Media Player]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D6A5312-AB4D-41AA-8BED-0E019B87CA11}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{F8557AD9-B59E-4A5B-A8E1-81A6F0A8007B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\Nosibay
Key Deleted : HKCU\Software\Store
Key Deleted : HKCU\Software\StormWatchApp
Key Deleted : HKCU\Software\WTools
Key Deleted : HKCU\Software\Crossbrowse
Key Deleted : HKCU\Software\YorkNewCin
Key Deleted : HKCU\Software\HighDefAction
Key Deleted : HKCU\Software\ArenaHD
Key Deleted : HKCU\Software\TWV OK
Key Deleted : HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\Iminent
Key Deleted : HKLM\SOFTWARE\BrowseForTheCause
Key Deleted : HKLM\SOFTWARE\Crossbrowse
Key Deleted : HKLM\SOFTWARE\coupoon
Key Deleted : HKLM\SOFTWARE\YorkNewCin
Key Deleted : HKLM\SOFTWARE\HighDefAction
Key Deleted : HKLM\SOFTWARE\ArenaHD
Key Deleted : HKLM\SOFTWARE\Br MediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
Key Deleted : [x64] HKLM\SOFTWARE\Iminent
Key Deleted : [x64] HKLM\SOFTWARE\coupoon
Key Deleted : [x64] HKLM\SOFTWARE\YorkNewCin
Key Deleted : [x64] HKLM\SOFTWARE\HighDefAction
Key Deleted : [x64] HKLM\SOFTWARE\ArenaHD
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\programdata\flashbeat\flashbeat32.dll
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\globalupdate.exe
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Mozilla Firefox v35.0.1 (x86 en-GB)
 
[e17p0ect.default\prefs.js] - Line Deleted : user_pref("iminent.BirthDate", "1437607078");
[e17p0ect.default\prefs.js] - Line Deleted : user_pref("iminent.cifs", "1");
 
-\\ Google Chrome v44.0.2403.125
 
[C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : 
[C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : 7AEFDD415B8AE86E128EF5D22C7554EEC0AEC3C7F1EE3BF5E2C144D3AB549532"},"software_reporter":{"prompt_reason":"267432859D9DEA1FA40B2B265485592CE3BFE0E9DAD60BA1B173B771CAA68EC6","prompt_seed":"263C8122AD2517C7DCB5618A75A241A87179A20ABEDB74D8FCFF7580C0D08E7E","prompt_version":"0ADF31D758B29E0ABACEA45F5464E416813AE63869383F11ADD7898CD3BE61F2"},"sync":{"remaining_rollback_tries":"3553D57918B7375BB50C9B7A8403C529947D542969613E09D89E9BB8D937D067"}},"super_mac":"BCA3ABEB22CEB7E2027B3A9E7C6DD1A081C98B2ACC14B1BA7307A9BFE14F8394"},"session":{"restore_on_startup":5,"startup_urls":["hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M94C1861C-09E3-48B4-8C76-D51DCEF2FFCC&SearchSource=55&CUI=&UM=8&UP=SPF0CF013D-1E18-4BD1-9FF1-DE2B5F5054F7&D=052515&SSPV=SP22340TB_sp_ch
 
*************************
 
AdwCleaner[R0].txt - [17595 bytes] - [28/05/2015 21:40:03]
AdwCleaner[R1].txt - [17837 bytes] - [02/08/2015 13:57:08]
AdwCleaner[S0].txt - [16563 bytes] - [28/05/2015 21:42:48]
AdwCleaner[S1].txt - [11041 bytes] - [02/08/2015 13:58:45]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [11101  bytes] ##########
 
 
 
JRT Log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.4 (07.27.2015:1)
OS: Windows 8.1 x64
Ran by Jordan on Sun 08/02/2015 at 14:15:17.36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
Successfully deleted: [Service] pcsuucdrv [Reboot required]
 
 
 
~~~ Tasks
 
Successfully deleted: [Task] C:\Windows\system32\tasks\boosterpop
Successfully deleted: [Task] C:\Windows\system32\tasks\boosterpop
Successfully deleted: [Task] C:\Windows\system32\tasks\HDNINSTSCHD
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\application
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_D35563CBE1D1A1436A67A5E5C259B9F5
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
 
 
 
~~~ Files
 
Failed to delete: [File] C:\Windows\SysWOW64\number of results
Successfully deleted: [File] C:\users\Public\Documents\windows.exe
Successfully deleted: [File] C:\ProgramData\CD42Dt5v.dat
Successfully deleted: [File] C:\ProgramData\Fhl7f5Oc.dat
Successfully deleted: [File] C:\Users\Jordan\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_gkojfkhlekighikafcpjkiklfbnlmeio_0.localstorage
Successfully deleted: [File] C:\Users\Jordan\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_gkojfkhlekighikafcpjkiklfbnlmeio_0.localstorage-journal
Successfully deleted: [File] C:\Users\Jordan\Appdata\Local\google\chrome\user data\default\local storage\hxxp_static.re-markable00.re-markable.net_0.localstorage
Successfully deleted: [File] C:\Users\Jordan\Appdata\Local\google\chrome\user data\default\local storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal
Successfully disinfected: [Shortcut] C:\$Recycle.Bin\S-1-5-21-1949905117-3184062509-4024357042-1001\$R7NS64W.lnk
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Program Files (x86)\ospd_us_014010038 [Adware.EoRezo]
Successfully deleted: [Folder] C:\Program Files (x86)\pcmaticplussol
Successfully deleted: [Folder] C:\ProgramData\abc
Successfully deleted: [Folder] C:\Users\Jordan\Appdata\Local\installer
 
 
 
~~~ FireFox
 
Successfully deleted: [File] C:\Users\Jordan\AppData\Roaming\mozilla\firefox\profiles\e17p0ect.default\searchplugins\smod.xml
Successfully deleted: [Folder] C:\Users\Jordan\AppData\Roaming\mozilla\firefox\profiles\e17p0ect.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com
 
 
 
~~~ Chrome
 
 
[C:\Users\Jordan\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Jordan\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Jordan\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Jordan\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 08/02/2015 at 14:21:32.18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
Malwarebytes Log
 
 
<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2015/08/02 14:30:10 -0700</date>
<logfile>mbam-log-2015-08-02 (14-30-08).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.1.8.1057</version>
<malware-database>v2015.08.02.04</malware-database>
<rootkit-database>v2015.07.30.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 8.1</osversion>
<arch>x64</arch>
<username>Jordan</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>393567</objects>
<time>1470</time>
<processes>0</processes>
<modules>0</modules>
<keys>13</keys>
<values>3</values>
<datas>2</datas>
<folders>10</folders>
<files>129</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\maos</path><vendor>Trojan.Downloader</vendor><action>success</action><hash>cd3f41c3e0abc472559b7f3830d1d42c</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\Tree\GPZMERTTIY1</path><vendor>PUP.Optional.FlashBeat.A</vendor><action>delete-on-reboot</action><hash>9e6e788c4e3d83b35283f51b9a6916ea</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\Tree\Web Tool Runner</path><vendor>PUP.Optional.WebToolRunner.A</vendor><action>delete-on-reboot</action><hash>a96343c1abe09b9b35b1e12e42c130d0</hash></key>
<key><path>HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE</path><vendor>PUM.Security.Hijack.DisableChromeUpdates</vendor><action>success</action><hash>a06c040035566fc76d6a089828dca759</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\GigaClicks</path><vendor>PUP.Optional.GigaClicks.C</vendor><action>success</action><hash>7a924db78605e84ef13b061148bb30d0</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider</path><vendor>PUP.Optional.CrossRider.C</vendor><action>success</action><hash>ca4211f3e9a2b77f821c1005986bf30d</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE</path><vendor>PUM.Security.Hijack.DisableChromeUpdates</vendor><action>success</action><hash>58b4a26202895dd9fbdc039d9b69dd23</hash></key>
<key><path>HKU\S-1-5-18\SOFTWARE\Cinema_Plus-1.2V22.07-nv</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>0606659f3a51cb6b8d882e03e221d12f</hash></key>
<key><path>HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}</path><vendor>PUP.Optional.SuperOptimizer.C</vendor><action>success</action><hash>0a02a4606328063096325949a65e52ae</hash></key>
<key><path>HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\coupoon</path><vendor>PUP.Optional.Coupoon.A</vendor><action>success</action><hash>927a80840b804ceaef52e1b74abaab55</hash></key>
<key><path>HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\_CrossriderRegNamePlaceHolder_</path><vendor>PUP.Optional.Crossrider.C</vendor><action>success</action><hash>d636ec18018ae254c8dc0893679d4fb1</hash></key>
<key><path>HKU\S-1-5-21-1949905117-3184062509-4024357042-1001\SOFTWARE\Cinema_Plus-1.2V22.07-nv-ie</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>7e8ee123f299c670f81d3ef323e019e7</hash></key>
<key><path>HKU\S-1-5-21-1949905117-3184062509-4024357042-1001\SOFTWARE\GigaClicks</path><vendor>PUP.Optional.GigaClicks.C</vendor><action>success</action><hash>ad5fcc38addee45270bd4ccbf2116d93</hash></key>
<value><path>HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE</path><valuename>DisableAutoUpdateChecksCheckboxValue</valuename><vendor>PUM.Security.Hijack.DisableChromeUpdates</vendor><action>success</action><valuedata>1</valuedata><hash>a06c040035566fc76d6a089828dca759</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE</path><valuename>DisableAutoUpdateChecksCheckboxValue</valuename><vendor>PUM.Security.Hijack.DisableChromeUpdates</vendor><action>success</action><valuedata>1</valuedata><hash>58b4a26202895dd9fbdc039d9b69dd23</hash></value>
<value><path>HKU\S-1-5-21-1949905117-3184062509-4024357042-1001\SOFTWARE\INSTALLPATH\STATUS</path><valuename>NuvisionDataRemarketer</valuename><vendor>PUP.Optional.IEAudioAds.A</vendor><action>success</action><valuedata>R</valuedata><hash>0a02e71d7c0fb581af5fabf8976d42be</hash></value>
<data><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{0524BABB-5EE3-4304-A247-AC07032043ED}</path><valuename>NameServer</valuename><vendor>Trojan.DNSChanger</vendor><action>replaced</action><valuedata>81.218.119.5,82.163.142.130</valuedata><baddata>81.218.119.5,82.163.142.130</baddata><gooddata></gooddata><hash>dd2f679d78138aacd076cd7bb2532ed2</hash></data>
<data><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{5DFDF11A-EA04-41C6-83DD-3504D6BF2AB8}</path><valuename>NameServer</valuename><vendor>Trojan.DNSChanger</vendor><action>replaced</action><valuedata>81.218.119.5,82.163.142.130</valuedata><baddata>81.218.119.5,82.163.142.130</baddata><gooddata></gooddata><hash>f6164cb8cfbc02346fd74efaf80d0bf5</hash></data>
<folder><path>C:\Users\Jordan\AppData\Local\Temp\comh.124277</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>d23a5da7afdc0d29187d41ae20e23ec2</hash></folder>
<folder><path>C:\Users\Jordan\AppData\Local\BrowserAir</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></folder>
<folder><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></folder>
<folder><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></folder>
<folder><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\dext</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></folder>
<folder><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Installer</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></folder>
<folder><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></folder>
<folder><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\pls</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></folder>
<folder><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\VisualElements</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></folder>
<folder><path>C:\Program Files\ffsecure</path><vendor>Trojan.FFSecure.C</vendor><action>success</action><hash>ab616d975b304beb1f312ee08a79f30d</hash></folder>
<file><path>C:\Windows\maos.exe</path><vendor>Trojan.Downloader</vendor><action>success</action><hash>cd3f41c3e0abc472559b7f3830d1d42c</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\Temp\SimCity BuildIt Hack 2015 Downloader__3687_i1563219805_il571912.exe</path><vendor>PUP.Optional.Installcore</vendor><action>success</action><hash>28e4966e454613237c3bde9c689dc739</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\Temp\ICReinstall_nsmBC4F.tmp</path><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><hash>5daf7d872962082eaccda40b748d04fc</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\Temp\1344.exe</path><vendor>PUP.Optional.CinemaPlus.A</vendor><action>success</action><hash>db31d232d6b5c076ec8af1810104c937</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\Temp\nssB9E9.tmp</path><vendor>PUP.Optional.Somoto.C</vendor><action>success</action><hash>917be4207e0d3ef87caa09710afbc040</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\Temp\6580.exe</path><vendor>PUP.Optional.Crossbrowse.C</vendor><action>success</action><hash>818b6d97adde60d698482677649d35cb</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\Temp\nsb5EB0.tmp</path><vendor>PUP.Optional.Somoto.C</vendor><action>success</action><hash>9d6ff90bff8cc076b76faad07e870af6</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\Temp\nsf9D0C.tmp</path><vendor>PUP.Optional.Somoto.C</vendor><action>success</action><hash>888480841c6f90a6b0761a6022e32ed2</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\Temp\nsmBC4F.tmp</path><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><hash>30dc29db810a9c9a5326fab536cb55ab</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\Temp\tu17p84.exe</path><vendor>PUP.Optional.Goobzo.SID.A</vendor><action>success</action><hash>44c8fc081873a591b0726316d3328080</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\Temp\HYD2D58.tmp.1438548408\HTA\install.1438548408.zip</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>b95350b4d3b890a637d90567d62ff907</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\Temp\HYD2D58.tmp.1438548408\HTA\3rdparty\OCSetupHlp.dll</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>23e960a46d1e59dd0d0369038283649c</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\Temp\HYD9EEE.tmp.1438548438\HTA\install.1438548438.zip</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>d537f113167538fee12f7fedd92cbd43</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\Temp\HYD9EEE.tmp.1438548438\HTA\3rdparty\OCSetupHlp.dll</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>bd4fad578704db5b5cb42448ab5a36ca</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\Temp\Temp2_SimCity BuildIt Hack 2015 Downloader.zip\SimCity BuildIt Hack 2015 Downloader__3687_i1563219805_il571912.exe</path><vendor>PUP.Optional.Installcore</vendor><action>success</action><hash>23e928dc29622115496e0b6f38cd38c8</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\Temp\237201511735\WindApp Uninstall.exe</path><vendor>PUP.Optional.Nosibay.A</vendor><action>success</action><hash>ac60699beba0d66064da95e44fb6966a</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\Temp\237201511747\Selection Tools Uninstall.exe</path><vendor>PUP.Optional.Nosibay.A</vendor><action>success</action><hash>9d6fbe466f1cd26497a7c1b8fe075ca4</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\Temp\237201511823\Bubble Dock Uninstall.exe</path><vendor>PUP.Optional.Nosibay.A</vendor><action>success</action><hash>56b60cf8adde3ff7ac925c1da06517e9</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\Temp\comh.124277\globalupdate.exe</path><vendor>PUP.Optional.ModGoog</vendor><action>success</action><hash>9379867e7b10082ef03941501be6768a</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\Temp\comh.124277\globalupdateBroker.exe</path><vendor>PUP.Optional.ModGoog</vendor><action>success</action><hash>45c7e123d0bb1e18c9608011827f629e</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\Temp\comh.124277\globalupdateCrashHandler.exe</path><vendor>PUP.Optional.ModGoog</vendor><action>success</action><hash>0dffae56e4a757dfd257e4aded1416ea</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\Temp\comh.124277\globalupdateOnDemand.exe</path><vendor>PUP.Optional.ModGoog</vendor><action>success</action><hash>cd3f44c045462214b079e6abf0114ab6</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\Temp\comh.124277\goopdate.dll</path><vendor>PUP.Optional.ModGoog</vendor><action>success</action><hash>da32f80cfd8efa3c052431608e73fd03</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\Temp\comh.124277\goopdateres_en.dll</path><vendor>PUP.Optional.ModGoog</vendor><action>success</action><hash>4ac20df74c3f261069c0b8d96998de22</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\Temp\comh.124277\npglobalupdateUpdate4.dll</path><vendor>PUP.Optional.ModGoog</vendor><action>success</action><hash>60ac699b662560d689a0fa97fa07bb45</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\Temp\comh.124277\psmachine.dll</path><vendor>PUP.Optional.ModGoog</vendor><action>success</action><hash>26e655af9af1330333f64c45f60bed13</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\Temp\comh.124277\psuser.dll</path><vendor>PUP.Optional.ModGoog</vendor><action>success</action><hash>42cac440f3983501b772e4ad0df46c94</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\PCMATICPLUS_fixed\PCMATICPLUS_fixed.exe</path><vendor>PUP.Optional.PCTuner.C</vendor><action>success</action><hash>ad5f37cdbfcc2b0b6f0ed6a4d1349d63</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\Updater.exe</path><vendor>PUP.Optional.BrowserAir.C</vendor><action>success</action><hash>9a723cc8f39852e4e9fbb7c3679e42be</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bgnjggdilcdgekjihmoeplahbfajgacf_0.localstorage</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>ad5fa85c5a31ff370bcb9208828223dd</hash></file>
<file><path>C:\Windows\Temp\SM_cache_chrome.exe.cache</path><vendor>PUP.Optional.SearchModule.A</vendor><action>success</action><hash>b85457ad375483b356564856d72d956b</hash></file>
<file><path>C:\Windows\Temp\SM_cache_iexplore.exe.cache</path><vendor>PUP.Optional.SearchModule.A</vendor><action>success</action><hash>24e822e2c5c6c175228a1985f80cd030</hash></file>
<file><path>C:\Windows\System32\Tasks\GPZMERTTIY1</path><vendor>PUP.Optional.FlashBeat.A</vendor><action>success</action><hash>7993c63e29622f0780c84859a75dcc34</hash></file>
<file><path>C:\Windows\Tasks\GPZMERTTIY1.job</path><vendor>PUP.Optional.FlashBeat.A</vendor><action>success</action><hash>ae5e5aaad0bb23132a21e2bf897bc040</hash></file>
<file><path>C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\Web Tool Updater</path><vendor>PUP.Optional.WebToolRunner.A</vendor><action>success</action><hash>26e6689c662536007b00b9ea11f3f709</hash></file>
<file><path>C:\Windows\System32\Tasks\Web Tool Runner</path><vendor>PUP.Optional.WebToolRunner.A</vendor><action>success</action><hash>ab61040095f672c4a0dce6bdfb095aa6</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\Temp\LBubble Dock.txt</path><vendor>PUP.Optional.BubbleDock.A</vendor><action>success</action><hash>8c8043c11c6f54e28d64a5fe2dd79e62</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage</path><vendor>PUP.Optional.BestPriceNinja.A</vendor><action>success</action><hash>8e7e0bf98a01f73f400384244aba758b</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage-journal</path><vendor>PUP.Optional.BestPriceNinja.A</vendor><action>success</action><hash>43c9d2323c4f350162e16f39d62e4bb5</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\Temp\Bubble Dock.txt</path><vendor>PUP.Optional.BubbleDock.A</vendor><action>success</action><hash>bd4f8282414aab8b76e7affa6e96ee12</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\Temp\comh.124277\globalupdateHelper.msi</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>d23a5da7afdc0d29187d41ae20e23ec2</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\Uninstall.exe</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\VisualElementsManifest.xml</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\37.1.2006.0.manifest</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\chrome.dll</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\chrome_100_percent.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\chrome_200_percent.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\chrome_child.dll</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\chrome_elf.dll</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\d3dcompiler_46.dll</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\delegate_execute.exe</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\ffmpegsumo.dll</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\icudtl.dat</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\libegl.dll</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\libexif.dll</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\libglesv2.dll</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\metro_driver.dll</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\mksnapshot.ia32.exe.assert.manifest</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\nacl64.exe</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\nacl_irt_x86_32.nexe</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\nacl_irt_x86_64.nexe</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\pdf.dll</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\ppgooglenaclpluginchrome.dll</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\resources.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\secondarytile.png</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\dext\dext.json</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\dext\ShopBrowser.crx</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\dext\t.crx</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Installer\chrome.7z</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Installer\setup.exe</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\hi.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\am.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\ar.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\bg.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\bn.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\ca.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\cs.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\da.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\de.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\el.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\en-GB.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\en-US.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\es-419.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\es.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\et.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\fa.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\fi.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\fil.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\fr.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\gu.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\he.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\hr.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\hu.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\id.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\it.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\ja.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\kn.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\ko.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\lt.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\lv.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\ml.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\mr.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\ms.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\nb.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\nl.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\pl.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\pt-BR.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\pt-PT.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\ro.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\ru.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\sk.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\sl.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\sr.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\sv.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\sw.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\ta.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\te.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\th.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\tr.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\uk.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\vi.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\zh-CN.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\Locales\zh-TW.pak</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\pls\flash.dll</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\pls\manifest.json</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\VisualElements\logo.png</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\VisualElements\smalllogo.png</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Users\Jordan\AppData\Local\BrowserAir\Application\37.1.2006.0\VisualElements\splash-620x300.png</path><vendor>PUP.Optional.BrowserAir.A</vendor><action>success</action><hash>17f5cb391b700432188d29e48f747f81</hash></file>
<file><path>C:\Program Files\ffsecure\ffsecure.exe</path><vendor>Trojan.FFSecure.C</vendor><action>success</action><hash>ab616d975b304beb1f312ee08a79f30d</hash></file>
</items>
</mbam-log>
 
 
 
FRST
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:02-08-2015 01
Ran by Jordan (administrator) on KHALEESI (02-08-2015 15:49:40)
Running from C:\Users\Jordan\Desktop
Loaded Profiles: Jordan (Available Profiles: Jordan)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Spotify Ltd) C:\Users\Jordan\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Spotify Ltd) C:\Users\Jordan\AppData\Roaming\Spotify\Spotify.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dropbox, Inc.) C:\Users\Jordan\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Spotify Ltd) C:\Users\Jordan\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Jordan\AppData\Roaming\Spotify\Spotify.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510232 2014-01-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [285272 2013-12-30] (Waves Audio Ltd.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3777696 2014-01-16] (Dell Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [133760 2014-01-08] (Qualcomm®Atheros®)
HKU\S-1-5-21-1949905117-3184062509-4024357042-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1949905117-3184062509-4024357042-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1949905117-3184062509-4024357042-1001\...\Run: [Spotify Web Helper] => C:\Users\Jordan\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2021944 2015-05-28] (Spotify Ltd)
HKU\S-1-5-21-1949905117-3184062509-4024357042-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1949905117-3184062509-4024357042-1001\...\Run: [Spotify] => C:\Users\Jordan\AppData\Roaming\Spotify\Spotify.exe [7323192 2015-05-28] (Spotify Ltd)
HKU\S-1-5-21-1949905117-3184062509-4024357042-1001\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-1949905117-3184062509-4024357042-1001\...\Run: [Dropbox Update] => C:\Users\Jordan\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.)
Startup: C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-12-26]
ShortcutTarget: Dropbox.lnk -> C:\Users\Jordan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jordan\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jordan\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jordan\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jordan\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jordan\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jordan\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jordan\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jordan\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jordan\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jordan\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jordan\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jordan\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jordan\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jordan\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jordan\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jordan\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jordan\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jordan\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jordan\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1949905117-3184062509-4024357042-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1949905117-3184062509-4024357042-1001 -> {578021BF-F416-4DA6-AE77-E70D685723F7} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5DFDF11A-EA04-41C6-83DD-3504D6BF2AB8}: [DhcpNameServer] 172.27.1.171
Tcpip\..\Interfaces\{61E3551B-DBB2-4BE4-A63B-C1D863708E54}: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\e17p0ect.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-02-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Extension: cccc5f0db9d0431488b57e27551f9e84jetpack - C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\e17p0ect.default\Extensions\cccc5f0d-b9d0-4314-88b5-7e27551f9e84@jetpack [2015-08-01]
FF Extension: jid0jJRRRBMgoShUhb07IvnxTBAl29wjetpack - C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\e17p0ect.default\Extensions\jid0-jJRRRBMgoShUhb07IvnxTBAl29w@jetpack [2015-05-28]
 
Chrome: 
=======
CHR Profile: C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-02]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [318592 2014-01-08] (Windows ® Win 7 DDK provider) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2753720 2015-07-01] (Microsoft Corporation)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe [145288 2015-04-09] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-06-09] (Dell Inc.)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-29] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2005392 2015-02-11] (SoftThinks SAS)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3881472 2013-12-12] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-01-08] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-02] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [41200 2014-01-15] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-02 15:49 - 2015-08-02 15:50 - 00021602 _____ C:\Users\Jordan\Desktop\FRST.txt
2015-08-02 15:49 - 2015-08-02 15:49 - 00000000 ____D C:\Users\Jordan\Desktop\FRST-OlderVersion
2015-08-02 15:37 - 2015-08-02 15:29 - 00070256 _____ C:\Users\Jordan\Desktop\mbam-log-2015-08-02 (14-30-08).xml
2015-08-02 15:33 - 2015-08-02 15:33 - 00000000 ___RD C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-08-02 15:29 - 2015-08-02 15:29 - 00001042 _____ C:\Users\Jordan\Desktop\MBites.txt
2015-08-02 14:55 - 2015-07-25 06:34 - 01084928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-02 14:28 - 2015-08-02 15:35 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-02 14:27 - 2015-08-02 14:27 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-02 14:27 - 2015-08-02 14:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-02 14:26 - 2015-08-02 14:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-02 14:26 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-02 14:26 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-02 14:26 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-02 14:24 - 2015-08-02 14:24 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Jordan\Desktop\abc123.exe.exe
2015-08-02 14:21 - 2015-08-02 14:21 - 00003374 _____ C:\Users\Jordan\Desktop\JRT.txt
2015-08-02 14:08 - 2015-08-02 14:08 - 01798176 _____ (Malwarebytes Corporation) C:\Users\Jordan\Desktop\JRT.exe
2015-08-02 14:07 - 2015-08-02 14:07 - 00011220 _____ C:\Users\Jordan\Desktop\AdwCleaner[S1].txt
2015-08-02 13:56 - 2015-08-02 13:56 - 02248704 _____ C:\Users\Jordan\Desktop\AdwCleaner.exe
2015-08-02 13:53 - 2015-08-02 13:53 - 02248704 _____ C:\Users\Jordan\Downloads\AdwCleaner (1).exe
2015-08-01 12:27 - 2015-08-02 15:49 - 00000000 ____D C:\FRST
2015-08-01 12:25 - 2015-08-02 15:49 - 02169856 _____ (Farbar) C:\Users\Jordan\Desktop\FRST64.exe
2015-08-01 11:54 - 2015-08-01 11:54 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-23 15:17 - 2015-07-23 15:00 - 00000000 ____D C:\Windows\system32\%LOCALAPPDATA%
2015-07-23 01:41 - 2015-08-02 14:02 - 00001282 _____ C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome .lnk
2015-07-23 01:26 - 2015-07-23 01:26 - 00003094 _____ C:\Windows\System32\Tasks\{AE46AC0B-D7AA-46DC-8655-720A1A19DBF5}
2015-07-23 01:04 - 2015-07-23 01:04 - 00003094 _____ C:\Windows\System32\Tasks\{56AA7803-327E-4556-B658-25519F4F5F5E}
2015-07-22 16:58 - 2015-08-02 15:29 - 00000000 ____D C:\Users\Jordan\AppData\Local\PCMATICPLUS_fixed
2015-07-22 16:25 - 2015-07-22 16:25 - 05316216 _____ C:\Windows\SysWOW64\ins_smk.exe
2015-07-22 16:25 - 2015-07-22 16:25 - 00519680 _____ C:\Windows\SysWOW64\ins_U501EXE.exe
2015-07-22 16:22 - 2015-07-23 15:00 - 00000000 ____D C:\Program Files (x86)\4C4C4544-1437607326-4210-8054-C8C04F433132
2015-07-22 16:20 - 2015-07-23 13:21 - 00000010 _____ C:\Users\Public\Documents\test.txt
2015-07-22 16:18 - 2015-07-23 15:00 - 00000000 ____D C:\Program Files (x86)\4C4C4544-1437607138-4210-8054-C8C04F433132
2015-07-22 16:18 - 2015-07-23 00:53 - 00000732 _____ C:\Windows\SysWOW64\application.log
2015-07-22 16:16 - 2015-07-23 00:39 - 00200229 _____ C:\Windows\SysWOW64\debug.log
2015-07-22 16:11 - 2015-07-22 16:11 - 01010730 _____ C:\Users\Jordan\Downloads\SimCity BuildIt Hack 2015 Downloader.zip
2015-07-20 23:01 - 2015-07-20 23:01 - 00000000 ____D C:\Users\Jordan\Desktop\NEW
2015-07-20 19:06 - 2015-07-14 07:14 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-20 19:06 - 2015-07-14 07:14 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-20 19:06 - 2015-07-14 07:14 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-20 19:06 - 2015-07-14 07:13 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-16 15:27 - 2015-07-16 15:27 - 00000000 ____D C:\Users\Jordan\Downloads\The Devil in the White City by Erik Larson
2015-07-14 14:01 - 2015-07-09 12:51 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-14 14:01 - 2015-07-09 11:40 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-14 14:01 - 2015-07-09 09:03 - 03701760 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-14 14:01 - 2015-07-09 08:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-14 14:01 - 2015-07-09 08:53 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-14 14:01 - 2015-07-09 08:50 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-07-14 14:01 - 2015-07-09 08:50 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-14 14:01 - 2015-07-09 08:48 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-14 14:01 - 2015-07-09 08:46 - 02229248 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-14 14:01 - 2015-07-09 08:38 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-14 14:01 - 2015-07-09 08:37 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-14 14:01 - 2015-07-09 08:35 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-14 14:01 - 2015-07-09 08:34 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-14 14:01 - 2015-06-29 15:43 - 00026288 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-14 14:01 - 2015-06-29 08:07 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-14 14:01 - 2015-06-29 08:07 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-14 14:01 - 2015-06-29 08:07 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-14 14:01 - 2015-06-29 08:07 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-14 14:01 - 2015-06-27 22:07 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-14 14:01 - 2015-06-27 22:07 - 00178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-14 14:01 - 2015-06-27 22:06 - 01311960 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-14 14:01 - 2015-06-27 22:06 - 00332120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-14 14:01 - 2015-06-27 09:42 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-14 14:01 - 2015-06-26 20:13 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-14 14:01 - 2015-06-26 20:12 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-14 14:01 - 2015-06-26 20:12 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-14 14:01 - 2015-06-26 20:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-14 14:01 - 2015-06-26 20:08 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-14 14:01 - 2015-06-26 19:40 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-07-14 14:01 - 2015-06-26 19:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-14 14:01 - 2015-06-26 19:05 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-14 14:01 - 2015-06-26 19:00 - 00989184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-14 14:01 - 2015-06-26 18:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-07-14 14:01 - 2015-06-26 18:26 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-14 14:01 - 2015-06-26 16:21 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-14 14:01 - 2015-06-26 16:21 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-14 14:01 - 2015-06-24 19:31 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-14 14:01 - 2015-06-15 15:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-14 14:01 - 2015-06-15 15:24 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-14 14:01 - 2015-06-15 14:16 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-14 14:01 - 2015-06-15 14:09 - 03607552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-14 14:01 - 2015-06-15 13:50 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-14 14:01 - 2015-06-15 12:57 - 02460160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-14 14:01 - 2015-05-30 14:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-07-14 14:01 - 2015-05-30 12:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-07-14 14:01 - 2015-05-30 12:35 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-07-14 14:01 - 2015-05-11 11:17 - 01201664 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2015-07-14 14:01 - 2015-05-07 10:50 - 22292672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-07-14 14:01 - 2015-05-07 10:00 - 03109376 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-07-14 14:01 - 2015-05-07 09:53 - 19734960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-07-14 14:01 - 2015-05-07 09:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-07-14 14:01 - 2015-05-07 08:21 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll
2015-07-14 14:01 - 2015-05-07 08:05 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll
2015-07-14 14:01 - 2015-05-02 17:39 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-07-14 14:01 - 2015-04-29 16:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2015-07-14 14:01 - 2015-04-24 19:25 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-07-14 14:01 - 2014-11-04 12:25 - 00059712 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys
2015-07-14 14:01 - 2014-11-04 12:25 - 00051008 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys
2015-07-14 14:01 - 2014-11-03 23:55 - 00026112 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys
2015-07-14 14:01 - 2014-11-03 23:54 - 00108544 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys
2015-07-14 14:01 - 2014-11-03 23:54 - 00032256 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys
2015-07-14 14:01 - 2014-11-03 23:54 - 00030208 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys
2015-07-14 14:00 - 2015-06-15 15:39 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-14 14:00 - 2015-06-15 15:38 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-14 14:00 - 2015-06-15 15:26 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-14 14:00 - 2015-06-15 15:24 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-14 14:00 - 2015-06-15 15:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-07-14 14:00 - 2015-06-15 14:58 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-14 14:00 - 2015-06-15 14:57 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-14 14:00 - 2015-06-15 14:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-07-14 14:00 - 2015-06-15 14:55 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-14 14:00 - 2015-06-15 14:49 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-07-14 14:00 - 2015-06-15 14:41 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-07-14 14:00 - 2015-06-15 14:38 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-14 14:00 - 2015-06-15 14:36 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-14 14:00 - 2015-06-15 14:17 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-07-14 14:00 - 2015-06-15 14:16 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-14 14:00 - 2015-06-15 14:15 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-14 14:00 - 2015-06-15 14:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-14 14:00 - 2015-06-15 14:04 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-14 14:00 - 2015-06-15 14:03 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-14 14:00 - 2015-06-15 13:52 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-14 14:00 - 2015-06-15 13:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-07-14 14:00 - 2015-06-15 13:44 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-14 14:00 - 2015-06-15 13:43 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-14 14:00 - 2015-06-15 13:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-07-14 14:00 - 2015-06-15 13:41 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-14 14:00 - 2015-06-15 13:37 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-07-14 14:00 - 2015-06-15 13:32 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-07-14 14:00 - 2015-06-15 13:31 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-14 14:00 - 2015-06-15 13:30 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-14 14:00 - 2015-06-15 13:30 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-14 14:00 - 2015-06-15 13:17 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-07-14 14:00 - 2015-06-15 13:07 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-14 14:00 - 2015-06-15 13:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-14 13:59 - 2015-07-02 14:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-14 13:59 - 2015-07-02 13:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-14 13:59 - 2015-07-01 15:08 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-14 13:59 - 2015-07-01 14:14 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-14 13:59 - 2015-06-15 22:36 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-14 13:59 - 2015-06-15 22:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-14 13:59 - 2015-06-10 20:49 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-14 13:59 - 2015-06-10 09:13 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-14 13:59 - 2015-05-12 06:19 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2015-07-14 13:59 - 2015-05-11 09:34 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\fhcpl.dll
2015-07-14 13:59 - 2015-05-07 09:47 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-07-14 13:59 - 2015-05-03 08:09 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-14 13:59 - 2015-05-03 07:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-14 13:59 - 2015-05-03 07:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-07-14 13:59 - 2015-05-03 07:49 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-07-14 13:59 - 2015-05-01 16:33 - 00410739 _____ C:\Windows\system32\ApnDatabase.xml
2015-07-14 13:59 - 2015-04-28 06:13 - 00513480 _____ C:\Windows\SysWOW64\locale.nls
2015-07-14 13:59 - 2015-04-28 06:13 - 00513480 _____ C:\Windows\system32\locale.nls
2015-07-14 13:59 - 2015-04-23 08:47 - 03084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-07-14 13:59 - 2015-04-23 08:16 - 02471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-07-14 13:58 - 2015-07-02 13:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-14 13:58 - 2015-07-02 13:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-14 13:58 - 2015-07-02 13:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-14 13:58 - 2015-07-02 12:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-14 13:58 - 2015-07-02 12:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-14 13:58 - 2015-07-02 11:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-14 13:58 - 2015-05-03 08:07 - 07784448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2015-07-14 13:58 - 2015-05-03 07:57 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2015-07-08 21:44 - 2015-07-08 21:44 - 00000000 ____D C:\Program Files (x86)\Dell Update
2015-07-08 16:11 - 2015-07-08 17:05 - 00000000 ____D C:\Users\Jordan\Downloads\New Girl (2011) Season 4 -E.Rev 480p MKV x264
2015-07-06 17:22 - 2015-07-06 17:23 - 00000000 ____D C:\Users\Jordan\Downloads\The Spectacular Now
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-02 15:49 - 2015-05-24 23:34 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-02 15:47 - 2014-09-30 08:12 - 01347370 _____ C:\Windows\WindowsUpdate.log
2015-08-02 15:43 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\AppReadiness
2015-08-02 15:40 - 2014-09-30 08:37 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2015-08-02 15:38 - 2015-02-13 08:38 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\Spotify
2015-08-02 15:36 - 2014-12-25 10:57 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1949905117-3184062509-4024357042-1001
2015-08-02 15:34 - 2014-12-26 13:40 - 00000000 ___RD C:\Users\Jordan\Dropbox
2015-08-02 15:34 - 2014-12-26 13:37 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\Dropbox
2015-08-02 15:33 - 2014-12-25 10:55 - 00000000 ___RD C:\Users\Jordan\OneDrive
2015-08-02 15:32 - 2015-05-24 23:34 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-02 15:32 - 2015-02-13 08:39 - 00000000 ____D C:\Users\Jordan\AppData\Local\Spotify
2015-08-02 15:32 - 2015-01-01 19:10 - 00000000 ___RD C:\Users\Jordan\iCloudDrive
2015-08-02 15:31 - 2013-08-22 07:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-02 15:30 - 2014-03-18 02:44 - 00146798 _____ C:\Windows\PFRO.log
2015-08-02 15:30 - 2013-08-22 07:46 - 00028042 _____ C:\Windows\setupact.log
2015-08-02 15:30 - 2013-08-22 06:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-08-02 15:20 - 2013-08-22 08:20 - 00000000 ____D C:\Windows\CbsTemp
2015-08-02 15:03 - 2015-06-19 18:53 - 00000940 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1949905117-3184062509-4024357042-1001UA.job
2015-08-02 15:02 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\sru
2015-08-02 14:07 - 2015-05-28 21:39 - 00000000 ____D C:\AdwCleaner
2015-08-02 13:58 - 2015-05-24 23:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-02 13:58 - 2015-02-15 08:33 - 00001083 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-02 13:58 - 2014-12-25 10:51 - 00001007 _____ C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-02 13:47 - 2014-12-25 12:48 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\uTorrent
2015-08-02 13:47 - 2014-12-25 11:00 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B4A9D753-529E-4C99-A746-B705285B5601}
2015-08-01 11:55 - 2015-04-04 14:09 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-23 15:00 - 2015-04-04 14:09 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-23 15:00 - 2014-12-28 13:01 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-23 15:00 - 2014-12-28 13:01 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-23 15:00 - 2014-12-25 14:48 - 00000000 ____D C:\Users\Jordan\AppData\Roaming\vlc
2015-07-23 15:00 - 2014-12-25 10:52 - 00000000 ____D C:\ProgramData\Atheros
2015-07-23 15:00 - 2014-12-25 10:51 - 00000000 ___RD C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-07-23 15:00 - 2014-12-25 10:51 - 00000000 ___RD C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-23 15:00 - 2014-12-25 10:51 - 00000000 ___RD C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-07-23 15:00 - 2013-08-22 08:36 - 00000000 ___RD C:\Windows\ToastData
2015-07-23 15:00 - 2013-08-22 08:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-07-23 15:00 - 2013-08-22 08:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-23 15:00 - 2013-08-22 08:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-07-23 15:00 - 2013-08-22 08:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-07-23 15:00 - 2013-08-22 08:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-23 15:00 - 2013-08-22 08:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-07-23 15:00 - 2013-08-22 08:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-07-23 15:00 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\WinStore
2015-07-23 15:00 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\SysWOW64\WinMetadata
2015-07-23 15:00 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\Macromed
2015-07-23 15:00 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\rescache
2015-07-23 15:00 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-23 15:00 - 2013-08-22 08:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-07-23 15:00 - 2013-08-22 06:36 - 00000000 ____D C:\Windows\system32\Sysprep
2015-07-23 01:18 - 2015-05-24 23:05 - 00001795 _____ C:\Windows\SysWOW64\${LOGFILE}
2015-07-23 01:10 - 2015-05-24 20:32 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-07-23 00:51 - 2015-01-04 10:09 - 00000000 ____D C:\Users\Jordan\AppData\Local\CrashDumps
2015-07-23 00:50 - 2014-09-30 08:19 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-23 00:44 - 2013-08-22 06:25 - 00000226 _____ C:\Windows\win.ini
2015-07-23 00:42 - 2013-08-22 07:44 - 00510872 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-22 22:03 - 2015-06-19 18:53 - 00000888 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1949905117-3184062509-4024357042-1001Core.job
2015-07-22 16:18 - 2015-02-13 08:39 - 00001932 _____ C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-07-22 16:18 - 2015-01-09 07:26 - 00000000 __SHD C:\Users\Jordan\AppData\Local\EmieBrowserModeList
2015-07-22 16:18 - 2014-12-25 11:00 - 00000000 __SHD C:\Users\Jordan\AppData\Local\EmieUserList
2015-07-22 16:18 - 2014-12-25 11:00 - 00000000 __SHD C:\Users\Jordan\AppData\Local\EmieSiteList
2015-07-22 16:18 - 2014-12-25 10:51 - 00000551 _____ C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-07-22 16:18 - 2014-12-25 10:51 - 00000549 _____ C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-07-22 16:18 - 2014-03-18 02:54 - 00000551 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-07-22 16:18 - 2014-03-18 02:54 - 00000551 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-07-22 16:18 - 2014-03-18 02:54 - 00000549 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-07-22 16:18 - 2014-03-18 02:54 - 00000549 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-07-21 15:56 - 2015-02-18 06:44 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-07-20 15:58 - 2014-12-26 13:36 - 00000000 ____D C:\Users\Jordan\Desktop\Jordan
2015-07-18 21:58 - 2015-06-19 18:53 - 00003892 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1949905117-3184062509-4024357042-1001UA
2015-07-18 21:58 - 2015-06-19 18:53 - 00003512 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1949905117-3184062509-4024357042-1001Core
2015-07-18 21:42 - 2015-01-01 20:57 - 00000000 ____D C:\Program Files\PeerBlock
2015-07-15 22:44 - 2015-05-24 23:34 - 00003660 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-15 22:44 - 2014-12-25 11:01 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-14 14:23 - 2014-12-26 11:09 - 00000000 ____D C:\Windows\system32\MRT
2015-07-13 14:10 - 2015-05-06 06:27 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-13 14:10 - 2015-05-06 06:27 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-09 14:11 - 2014-03-18 02:53 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-08 21:44 - 2014-09-30 08:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-07-05 03:08 - 2014-12-26 11:03 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-03 08:43 - 2014-12-26 11:09 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2014-09-30 08:03 - 2014-09-30 08:03 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-09-30 08:25 - 2014-09-30 08:26 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-09-30 08:22 - 2014-09-30 08:23 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-09-30 08:23 - 2014-09-30 08:24 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-09-30 08:24 - 2014-09-30 08:25 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-09-30 08:21 - 2014-09-30 08:22 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
Some files in TEMP:
====================
C:\Users\Jordan\AppData\Local\Temp\cw.exe
C:\Users\Jordan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbeegnw.dll
C:\Users\Jordan\AppData\Local\Temp\dskb.exe
C:\Users\Jordan\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Jordan\AppData\Local\Temp\Uninstall.exe
C:\Users\Jordan\AppData\Local\Temp\UninstallEADM.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-02 14:56
 
==================== End of log ============================
 
 
Addition
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:02-08-2015 01
Ran by Jordan (2015-08-02 15:51:34)
Running from C:\Users\Jordan\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1949905117-3184062509-4024357042-500 - Administrator - Disabled)
Guest (S-1-5-21-1949905117-3184062509-4024357042-501 - Limited - Disabled)
Jordan (S-1-5-21-1949905117-3184062509-4024357042-1001 - Administrator - Enabled) => C:\Users\Jordan
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.8.1.70 - Dell Inc.)
Dell Customer Connect (HKLM-x32\...\{FEFDCDCF-C49C-45D0-AAF8-5345858ADEC7}) (Version: 1.2.1.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.0.7.1 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{90437913-9D4D-4D9D-B438-B8664DF851E9}) (Version: 1.7.1007.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Dropbox (HKU\S-1-5-21-1949905117-3184062509-4024357042-1001\...\Dropbox) (Version: 3.8.5 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4737.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-GB)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.314 - Qualcomm Atheros Communications)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.18 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7161 - Realtek Semiconductor Corp.)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-1949905117-3184062509-4024357042-1001\...\Spotify) (Version: 1.0.6.80.g2a801a53 - Spotify AB)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1949905117-3184062509-4024357042-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jordan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1949905117-3184062509-4024357042-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Jordan\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1949905117-3184062509-4024357042-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jordan\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1949905117-3184062509-4024357042-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jordan\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1949905117-3184062509-4024357042-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jordan\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1949905117-3184062509-4024357042-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jordan\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1949905117-3184062509-4024357042-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jordan\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1949905117-3184062509-4024357042-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jordan\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1949905117-3184062509-4024357042-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jordan\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1949905117-3184062509-4024357042-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jordan\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1949905117-3184062509-4024357042-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Jordan\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
 
==================== Restore Points =========================
 
21-07-2015 02:22:37 Windows Update
22-07-2015 16:23:20 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
23-07-2015 00:50:50 Removed PCMATICPLUS
23-07-2015 00:52:07 Removed WeatherApp
23-07-2015 00:52:46 Removed BrowseForTheCause
02-08-2015 14:15:22 JRT Pre-Junkware Removal
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0063412D-F314-4C89-B011-38B5C7232DBF} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1949905117-3184062509-4024357042-1001Core => C:\Users\Jordan\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {0DB6E679-59F3-42BC-831A-DFA65695A800} - System32\Tasks\JEQAT => C:\ProgramData\841a6e9fc7334b5aa886ffd57efc6604\841a6e9fc7334b5aa886ffd57efc6604.exe <==== ATTENTION
Task: {16E04006-8A95-4E92-A264-0486DDDCEBF4} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-01-15] (Synaptics Incorporated)
Task: {1C7177BD-9B6D-459C-AED6-23ECFCC290F3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation)
Task: {2BA803FA-0794-4502-8FFE-ED110211A286} - \Microsoft\Windows\Maintenance\Web Tool Updater No Task File <==== ATTENTION
Task: {2D5FB14D-01DB-40AA-9BAF-BFC17341E049} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-06-09] (Microsoft Corporation)
Task: {3A558C4F-5FAE-42AB-AF3D-D8D34BFBB0B0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-24] (Google Inc.)
Task: {45DB5A6E-F08D-4E15-A3BE-06CE1E74163E} - System32\Tasks\PocketCloudUpdater => C:\Program
Task: {509CF2A3-6ACD-4E42-BA54-F0A037B4DC60} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] ()
Task: {5CF11CC3-9C25-42A1-A614-924CA3E37146} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation)
Task: {665CF6FA-E32A-4AC8-BB96-8C191A06D8EA} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {69098CB5-2A74-4024-A7F8-674BD161160F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)
Task: {6A3F3A3B-D785-45ED-97E7-92A39C9A6668} - \Web Tool Runner No Task File <==== ATTENTION
Task: {6B08EB52-62CC-4D9E-AA1F-F6A839BC20A9} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] ()
Task: {9004DE40-1161-49C5-910C-3E324A8CC1AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-24] (Google Inc.)
Task: {A2B9BF5E-9E5D-4972-82C1-9CDA390C3215} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1949905117-3184062509-4024357042-1001UA => C:\Users\Jordan\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {A95BB545-A220-4327-964E-059C0C669A11} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {AA79CD23-5F2B-4F16-A5A7-CA5C001A662E} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)
Task: {BE3635F8-58F6-4006-B408-6411C387D74F} - System32\Tasks\{56AA7803-327E-4556-B658-25519F4F5F5E} => pcalua.exe -a "C:\Program Files (x86)\PC Speed Up\unins000.exe"
Task: {CC98F2E7-96AB-4051-8E73-7F34C0BE7604} - System32\Tasks\{AE46AC0B-D7AA-46DC-8655-720A1A19DBF5} => pcalua.exe -a C:\Users\Jordan\AppData\Roaming\TWV\uninstall.exe
Task: {DA236E8E-3660-46B0-98D1-0303BFEC3CD5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)
Task: {F46FD252-9E44-44A0-922C-31C6594D6D50} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe
Task: {FD9F71F6-361B-4AC5-A5DF-D97D1AE2CA7E} - System32\Tasks\Xsueeuuh => C:\ProgramData\Xsueeuuh\1.0.1.0\jnifaiit.exe <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1949905117-3184062509-4024357042-1001Core.job => C:\Users\Jordan\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1949905117-3184062509-4024357042-1001UA.job => C:\Users\Jordan\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-02-18 06:44 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-08-22 11:40 - 2013-08-22 11:40 - 00016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
2013-08-22 11:40 - 2013-08-22 11:40 - 00040240 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherServiceLib.dll
2013-08-22 11:40 - 2013-08-22 11:40 - 00046384 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherHelperLib.dll
2015-03-19 20:06 - 2015-01-27 08:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-01-08 01:00 - 2014-01-08 01:00 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-01-08 00:58 - 2014-01-08 00:58 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2014-01-08 01:03 - 2014-01-08 01:03 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-01 12:08 - 2015-07-25 01:46 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\libglesv2.dll
2015-08-01 12:08 - 2015-07-25 01:46 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\libegl.dll
2015-03-17 10:01 - 2015-05-28 23:50 - 41287224 _____ () C:\Users\Jordan\AppData\Roaming\Spotify\libcef.dll
2015-08-02 15:33 - 2015-08-02 15:33 - 00071168 _____ () c:\users\jordan\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbeegnw.dll
2015-03-04 14:45 - 2015-07-16 17:31 - 00012800 _____ () C:\Users\Jordan\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 14:45 - 2015-07-16 17:31 - 00779776 _____ () C:\Users\Jordan\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-08-01 11:49 - 2015-07-16 17:31 - 00056320 _____ () C:\Users\Jordan\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-03-04 14:45 - 2015-07-16 17:31 - 00012288 _____ () C:\Users\Jordan\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2014-09-30 08:22 - 2013-03-04 20:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 11:41 - 2013-03-05 11:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-03-17 10:01 - 2015-05-28 23:50 - 01488440 _____ () C:\Users\Jordan\AppData\Roaming\Spotify\libglesv2.dll
2015-03-17 10:01 - 2015-05-28 23:50 - 00079928 _____ () C:\Users\Jordan\AppData\Roaming\Spotify\libegl.dll
2015-03-17 10:01 - 2015-03-24 13:42 - 09305656 _____ () C:\Users\Jordan\AppData\Roaming\Spotify\pdf.dll
2014-09-30 08:26 - 2013-12-10 08:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-03-19 20:06 - 2015-01-27 07:13 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2015-02-26 09:07 - 2015-02-09 08:14 - 01905904 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2014-09-30 08:38 - 2012-11-25 23:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2015-02-26 09:07 - 2014-02-18 11:12 - 00117568 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Jordan\OneDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1949905117-3184062509-4024357042-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jordan\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{159EF089-2F53-49B5-A372-322295F944A8}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe
FirewallRules: [{A190102F-CB4B-43CE-B2F4-62572277C349}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\AetherWindowsService.exe
FirewallRules: [{FCB32439-D8FD-43ED-B2DB-AAA136C881C1}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
FirewallRules: [{5420E19A-078F-4BCF-81A6-DB57C679013E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{A2D27258-E13F-454B-86EB-BD35EAF7916E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{4EAE62EA-A756-4020-A532-27D667267B1B}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{9CD70048-C308-48FE-A8F0-D57CFD7DD919}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{49AACA8E-DC26-4CF0-B0B5-3BB71E7C415B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{90A31888-6739-4B83-8F53-715FF7B53F60}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1C3C9F0B-9C1C-4569-A1C9-E9015B478B65}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BBBD16A6-8232-4CAA-AE71-BDB0127C243C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{37569CFB-BE9A-490E-83F6-858BEB00DDF6}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{9B190ECC-B536-48ED-A634-B821D96435B9}] => (Allow) C:\Users\Jordan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{75EB8731-817F-42EB-977D-FE28041FB142}] => (Allow) C:\Users\Jordan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{427E9A68-0B4E-481D-B4C0-FBD55336C575}] => (Allow) C:\Users\Jordan\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{3AE241D6-2558-445B-8D5C-82264C9CA112}] => (Allow) C:\Users\Jordan\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{CE79EA8C-FD64-40D0-8E1A-0FCD785AC412}C:\users\jordan\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\jordan\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{894949E0-E431-4DCE-A2CB-B9678BF3B09C}C:\users\jordan\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\jordan\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{5FDDB4BA-D355-4E70-A451-993EF4B70782}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{1114AE94-C60F-4563-818A-F8E7F16DFCE3}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [TCP Query User{70416C20-9644-428F-B5EB-2C7083B7CAEB}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{E99A5AE2-B95E-4155-B7D2-3ABBD1E05F8E}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{860A6A16-0A66-4EAF-B6CB-FCE31F4C668B}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{1817ED56-1269-43BB-A07A-E53811FEF6C5}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{57FC57D3-E68F-4AF0-AB3F-F5C747E2326C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{571D3FDE-FDC6-4DCF-BFC2-91F180A92D49}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0C9D4BAD-BD4A-416C-A1AE-53DFDD43641A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [TCP Query User{286C015E-0D92-415B-854F-590A5F75E738}C:\users\jordan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jordan\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{9236C324-7C1A-4F6A-9E8A-8BA093983768}C:\users\jordan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jordan\appdata\roaming\spotify\spotify.exe
FirewallRules: [{6C520A76-3CA7-4A00-B0C2-426A416AD475}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{7023F0BF-41E0-418D-BE54-2E85A4F21774}] => (Allow) LPort=2869
FirewallRules: [{29E6AC52-230C-47EE-B14E-B31D4C570963}] => (Allow) LPort=1900
FirewallRules: [{507DB3FC-6FEE-47A9-8C00-7AB4898DF6B8}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{12CE3D7E-5E24-4671-A5AA-DFB030E30B8F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [TCP Query User{D35D5EAB-14FF-4A6C-9B9B-93D28DFDD41B}C:\users\jordan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jordan\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{0034F997-5DFB-4773-A829-1F4F3631E141}C:\users\jordan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jordan\appdata\roaming\spotify\spotify.exe
FirewallRules: [{051CF393-6C39-41B4-B856-2F7FC88BBFC4}] => (Allow) C:\Users\Jordan\AppData\Roaming\TWV\TWV.exe
FirewallRules: [{A145D217-C219-45AC-9F66-16F553284081}] => (Allow) C:\Users\Jordan\AppData\Roaming\TWV\upd.exe
FirewallRules: [{34538B20-3A0E-49BA-868B-F98BDC8597F8}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{95330137-AB75-4473-8C8E-1347C4979F06}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{7B3BC8BA-E6E6-46F1-B1A5-2F2CA618884D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/02/2015 02:22:24 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
 
Error: (08/02/2015 01:58:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary netfilter64.
 
System Error:
The system cannot find the file specified.
.
 
Error: (08/02/2015 01:54:53 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (08/01/2015 03:58:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12234
 
Error: (08/01/2015 03:58:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12234
 
Error: (08/01/2015 03:58:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/01/2015 12:10:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13265
 
Error: (08/01/2015 12:10:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13265
 
Error: (08/01/2015 12:10:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/23/2015 11:24:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iiwjljrnpc64.exe, version: 0.0.0.0, time stamp: 0x551bf9ee
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc0000374
Fault offset: 0x00000000000f0f20
Faulting process id: 0x660
Faulting application start time: 0xiiwjljrnpc64.exe0
Faulting application path: iiwjljrnpc64.exe1
Faulting module path: iiwjljrnpc64.exe2
Report Id: iiwjljrnpc64.exe3
Faulting package full name: iiwjljrnpc64.exe4
Faulting package-relative application ID: iiwjljrnpc64.exe5
 
 
System errors:
=============
Error: (08/02/2015 03:44:56 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070057: Microsoft.Office.OneNote.
 
Error: (08/02/2015 03:44:56 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070057: Microsoft.Reader.
 
Error: (08/02/2015 03:43:31 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070057: Microsoft.BingTranslator.
 
Error: (08/02/2015 03:30:10 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\system32\athihvs.dll
 
Error: (08/02/2015 03:30:10 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\system32\athihvs.dll
 
Error: (08/02/2015 03:30:07 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\system32\athihvs.dll
 
Error: (08/02/2015 03:21:02 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070057: Microsoft.Office.OneNote.
 
Error: (08/02/2015 03:20:37 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070057: Microsoft.Reader.
 
Error: (08/02/2015 03:20:37 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070057: Microsoft.BingTranslator.
 
Error: (08/02/2015 02:16:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SoftThinks Agent Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office:
=========================
Error: (08/02/2015 02:22:24 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Program Files\CCleaner\CCleaner.exe
 
Error: (08/02/2015 01:58:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary netfilter64.
 
System Error:
The system cannot find the file specified.
 
Error: (08/02/2015 01:54:53 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (08/01/2015 03:58:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12234
 
Error: (08/01/2015 03:58:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12234
 
Error: (08/01/2015 03:58:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/01/2015 12:10:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13265
 
Error: (08/01/2015 12:10:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13265
 
Error: (08/01/2015 12:10:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/23/2015 11:24:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iiwjljrnpc64.exe0.0.0.0551bf9eentdll.dll6.3.9600.17736550f4336c000037400000000000f0f2066001d0c5d962e9eb8cC:\Program Files (x86)\coupoon\iiwjljrnpc64.exeC:\Windows\SYSTEM32\ntdll.dlla6f8c4fa-31cc-11e5-828a-4cbb582c130e
 
 
CodeIntegrity:
===================================
  Date: 2015-08-02 13:59:51.514
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-02 13:59:51.358
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-02 13:59:51.217
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-02 13:59:51.045
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-02 13:59:50.748
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-01 12:40:00.131
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-01 12:39:59.770
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-23 03:05:34.434
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-23 03:05:33.819
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-23 02:08:10.038
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 23%
Total physical RAM: 8096.02 MB
Available physical RAM: 6160.21 MB
Total Virtual: 9376.02 MB
Available Virtual: 7017.47 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:921.67 GB) (Free:641.33 GB) NTFS
Drive e: (ESP) (Fixed) (Total:0.48 GB) (Free:0.46 GB) FAT32
Drive f: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.45 GB) NTFS
Drive y: (PBR Image) (Fixed) (Total:8.46 GB) (Free:0.73 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A053C26E)
 
Partition: GPT Partition Type.
 
==================== End of log ============================

 

Attached Files



#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:46 PM

Posted 02 August 2015 - 09:04 PM

Well done. Your welcome.  I am glad it is running better.  Not done yet though. :thumbup2:

The file you uploaded was a Trojan downloader. It was likely downloaded with a torrent. It disseminated a mess of garbage on her computer. Please try to convince her to heed my warnings I posted previously!
 
<<<<<<<<<<


Let's continue.
 
This next please..

FRST script:

 

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:
start
CloseProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-1949905117-3184062509-4024357042-1001 -> {578021BF-F416-4DA6-AE77-E70D685723F7} URL = 
2015-07-22 16:58 - 2015-08-02 15:29 - 00000000 ____D C:\Users\Jordan\AppData\Local\PCMATICPLUS_fixed
2015-07-22 16:58 - 2015-08-02 15:29 - 00000000 ____D C:\Users\Jordan\AppData\Local\PCMATICPLUS_fixed
2015-07-22 16:25 - 2015-07-22 16:25 - 05316216 _____ C:\Windows\SysWOW64\ins_smk.exe
2015-07-22 16:25 - 2015-07-22 16:25 - 00519680 _____ C:\Windows\SysWOW64\ins_U501EXE.exe
2015-07-22 16:22 - 2015-07-23 15:00 - 00000000 ____D C:\Program Files (x86)\4C4C4544-1437607326-4210-8054-C8C04F433132
2015-07-22 16:18 - 2015-07-23 15:00 - 00000000 ____D C:\Program Files (x86)\4C4C4544-1437607138-4210-8054-C8C04F433132
2015-07-22 16:18 - 2015-01-09 07:26 - 00000000 __SHD C:\Users\Jordan\AppData\Local\EmieBrowserModeList
2015-07-22 16:18 - 2014-12-25 11:00 - 00000000 __SHD C:\Users\Jordan\AppData\Local\EmieUserList
2015-07-22 16:18 - 2014-12-25 11:00 - 00000000 __SHD C:\Users\Jordan\AppData\Local\EmieSiteList
Task: {6A3F3A3B-D785-45ED-97E7-92A39C9A6668} - \Web Tool Runner No Task File <==== ATTENTION
Task: {FD9F71F6-361B-4AC5-A5DF-D97D1AE2CA7E} - System32\Tasks\Xsueeuuh => C:\ProgramData\Xsueeuuh\1.0.1.0\jnifaiit.exe <==== ATTENTION
Reg: reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /s
Folder:
C:\Windows\SysWOW64\number of results
EmptyTemp:
end
  • Save the file to your desktop and name it as fixlist.txt
  • Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.

Please copy and paste the log in your next reply.

<<<<<<<<<<

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

  • When the download appears, save to the Desktop.
  • On the Desktop, right-click the Zoek.exe file and select: Run as Administrator (Give it a few seconds to appear.)
  • Next, copy/paste the entire script inside the code box below to the input field of Zoek:
autoclean;
  • Now...
  • Close any open Browsers.
  • Click the Run script button, and wait. It takes a few minutes to run all the script.
  • When the tool finishes, the zoek-results.log is opened in Notepad.
  • The log is also found on the systemdrive, normally C:\
  • If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

<<<<<<<<<<

Please download the Suspicious File Packer.

C:\Windows\System32\Tasks\{AE46AC0B-D7AA-46DC-8655-720A1A19DBF5}
C:\Windows\System32\Tasks\{56AA7803-327E-4556-B658-25519F4F5F5E}
C:\Users\Jordan\Downloads\SimCity BuildIt Hack 2015 Downloader.zip
  • Unzip it to the desktop and run it.
  • Copy and paste the contents of the codebox into the Suspicious File Packer window:
  • Allow SFP to pack the files. This will generate a CAB archive on your desktop.

Please go to here.

Where it asks for the "Link to topic where this file was requested" copy and paste the contents of the codebox.
 

http://www.bleepingcomputer.com/forums/t/584867/multiple-malware-issues-companion-others/#entry3778627
  • Where it says "Browse to the file you want to submit", browse to the CAB archive that was created on your desktop.
  • The cab file will be called requested-files*.cab (the * stands for the date and hour).

Press the Send File button.


<<<<<<<<<<

ESET Online Scanner

  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

<<<<<<<<<<

Please download Farbar Service Scanner, save it to your desktop then run it.

  • Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

  • Press Scan
  • It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log in your reply.

<<<<<<<<<<

With your next post please provide:

  • Fixlog.txt
  • Zoek log
  • ESET log
  • FSS.txt
  • An update about the problems that persist

Kind regards,
thcbytes


Edited by thcbytes, 02 August 2015 - 09:32 PM.
bb code issue

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#5 Cjshoop99

Cjshoop99
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 02 August 2015 - 11:52 PM

Hey again, not much new to report as far as any issues, but posted below (also attached) are the logs. Also uploaded the file requested

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:02-08-2015 01

Ran by Jordan (2015-08-02 19:46:28) Run:1
Running from C:\Users\Jordan\Desktop
Loaded Profiles: Jordan (Available Profiles: Jordan)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CloseProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-1949905117-3184062509-4024357042-1001 -> {578021BF-F416-4DA6-AE77-E70D685723F7} URL = 
2015-07-22 16:58 - 2015-08-02 15:29 - 00000000 ____D C:\Users\Jordan\AppData\Local\PCMATICPLUS_fixed
2015-07-22 16:58 - 2015-08-02 15:29 - 00000000 ____D C:\Users\Jordan\AppData\Local\PCMATICPLUS_fixed
2015-07-22 16:25 - 2015-07-22 16:25 - 05316216 _____ C:\Windows\SysWOW64\ins_smk.exe
2015-07-22 16:25 - 2015-07-22 16:25 - 00519680 _____ C:\Windows\SysWOW64\ins_U501EXE.exe
2015-07-22 16:22 - 2015-07-23 15:00 - 00000000 ____D C:\Program Files (x86)\4C4C4544-1437607326-4210-8054-C8C04F433132
2015-07-22 16:18 - 2015-07-23 15:00 - 00000000 ____D C:\Program Files (x86)\4C4C4544-1437607138-4210-8054-C8C04F433132
2015-07-22 16:18 - 2015-01-09 07:26 - 00000000 __SHD C:\Users\Jordan\AppData\Local\EmieBrowserModeList
2015-07-22 16:18 - 2014-12-25 11:00 - 00000000 __SHD C:\Users\Jordan\AppData\Local\EmieUserList
2015-07-22 16:18 - 2014-12-25 11:00 - 00000000 __SHD C:\Users\Jordan\AppData\Local\EmieSiteList
Task: {6A3F3A3B-D785-45ED-97E7-92A39C9A6668} - \Web Tool Runner No Task File <==== ATTENTION
Task: {FD9F71F6-361B-4AC5-A5DF-D97D1AE2CA7E} - System32\Tasks\Xsueeuuh => C:\ProgramData\Xsueeuuh\1.0.1.0\jnifaiit.exe <==== ATTENTION
Reg: reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /s
Folder:
C:\Windows\SysWOW64\number of results
EmptyTemp:
end
*****************
 
Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully.
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKU\S-1-5-21-1949905117-3184062509-4024357042-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{578021BF-F416-4DA6-AE77-E70D685723F7}" => key removed successfully
HKCR\CLSID\{578021BF-F416-4DA6-AE77-E70D685723F7} => key not found. 
C:\Users\Jordan\AppData\Local\PCMATICPLUS_fixed => moved successfully.
"C:\Users\Jordan\AppData\Local\PCMATICPLUS_fixed" => File/Folder not found.
C:\Windows\SysWOW64\ins_smk.exe => moved successfully.
C:\Windows\SysWOW64\ins_U501EXE.exe => moved successfully.
C:\Program Files (x86)\4C4C4544-1437607326-4210-8054-C8C04F433132 => moved successfully.
C:\Program Files (x86)\4C4C4544-1437607138-4210-8054-C8C04F433132 => moved successfully.
C:\Users\Jordan\AppData\Local\EmieBrowserModeList => moved successfully.
C:\Users\Jordan\AppData\Local\EmieUserList => moved successfully.
C:\Users\Jordan\AppData\Local\EmieSiteList => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6A3F3A3B-D785-45ED-97E7-92A39C9A6668}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A3F3A3B-D785-45ED-97E7-92A39C9A6668}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Web Tool Runner => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{FD9F71F6-361B-4AC5-A5DF-D97D1AE2CA7E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD9F71F6-361B-4AC5-A5DF-D97D1AE2CA7E}" => key removed successfully
C:\Windows\System32\Tasks\Xsueeuuh => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Xsueeuuh" => key removed successfully
 
========= reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /s =========
 
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
    EnableVirtualization    REG_DWORD    0x1
    EnableInstallerDetection    REG_DWORD    0x1
    PromptOnSecureDesktop    REG_DWORD    0x1
    EnableLUA    REG_DWORD    0x1
    EnableSecureUIAPaths    REG_DWORD    0x1
    ConsentPromptBehaviorAdmin    REG_DWORD    0x0
    ValidateAdminCodeSignatures    REG_DWORD    0x0
    EnableUIADesktopToggle    REG_DWORD    0x0
    EnableCursorSuppression    REG_DWORD    0x1
    ConsentPromptBehaviorUser    REG_DWORD    0x3
    dontdisplaylastusername    REG_DWORD    0x0
    legalnoticecaption    REG_SZ    
    legalnoticetext    REG_SZ    
    scforceoption    REG_DWORD    0x0
    shutdownwithoutlogon    REG_DWORD    0x1
    undockwithoutlogon    REG_DWORD    0x1
    FilterAdministratorToken    REG_DWORD    0x0
    DisableCAD    REG_DWORD    0x1
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\UIPI
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard\ExceptionFormats
    CF_UNICODETEXT    REG_DWORD    0xd
    CF_DIBV5    REG_DWORD    0x11
    CF_PALETTE    REG_DWORD    0x9
    CF_BITMAP    REG_DWORD    0x2
    CF_TEXT    REG_DWORD    0x1
    CF_DIB    REG_DWORD    0x8
    CF_OEMTEXT    REG_DWORD    0x7
 
 
 
========= End of Reg: =========
 
 
========================= Folder: ========================
 
folder not found
C:\Windows\SysWOW64\number of results => moved successfully.
EmptyTemp: => 20 GB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 19:50:42 ====
 
 
 
 
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Jordan on Sun 08/02/2015 at 19:55:05.44.
Microsoft Windows 8.1 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Jordan\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
8/2/2015 7:56:52 PM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\Program Files\My Dell deleted successfully
C:\Users\Jordan\AppData\Local\softthinks deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== FireFox Fix ======================
 
ProfilePath: C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\e17p0ect.default
 
user.js not found
---- Lines Edu App removed from prefs.js ----
user_pref("extensions.Edu App.asul", "1432768515669");
user_pref("extensions.Edu App.aul", "1432768544083");
user_pref("extensions.Edu App.irl", true);
user_pref("extensions.Edu App.is", "reckfpUS");
user_pref("extensions.Edu App.ug", "8993D7B5-8740-4DAB-8C67-234D709BCA28");
---- Lines Metal Maker removed from prefs.js ----
user_pref("extensions.Metal Maker.asul", "1432533651237");
user_pref("extensions.Metal Maker.aul", "1432533642542");
user_pref("extensions.Metal Maker.irl", true);
user_pref("extensions.Metal Maker.is", "reobfpUS");
user_pref("extensions.Metal Maker.ug", "6B2FBB2B-3E2B-422D-9C00-4C27CB1C171B");
---- Lines {2395B860-45E4-42fd-96E6-50BA597C1C42} removed from prefs.js ----
user_pref("{2395B860-45E4-42fd-96E6-50BA597C1C42}.extensionFirstRun", false);
user_pref("{2395B860-45E4-42fd-96E6-50BA597C1C42}.lastExtensionVersion", "2.0.0.461");
user_pref("{2395B860-45E4-42fd-96E6-50BA597C1C42}.ScriptData_adcshTimer", "not set");
user_pref("{2395B860-45E4-42fd-96E6-50BA597C1C42}.ScriptData_install_time", "25-05-2015");
user_pref("{2395B860-45E4-42fd-96E6-50BA597C1C42}.ScriptData_installer_name", "vbates_clkmusex_.exe");
user_pref("{2395B860-45E4-42fd-96E6-50BA597C1C42}.ScriptData_nb_timer", "not set");
user_pref("{2395B860-45E4-42fd-96E6-50BA597C1C42}.ScriptData_prepop_timer", "not set");
user_pref("{2395B860-45E4-42fd-96E6-50BA597C1C42}.ScriptData_prepop_url", "not set");
user_pref("{2395B860-45E4-42fd-96E6-50BA597C1C42}.ScriptData_product_name", "shopperz");
user_pref("{2395B860-45E4-42fd-96E6-50BA597C1C42}.ScriptData_product_version", "2.0.0.461");
user_pref("{2395B860-45E4-42fd-96E6-50BA597C1C42}.ScriptData_pxl_VBATES_dailyPing", "dailyPing|||1432620045290");
user_pref("{2395B860-45E4-42fd-96E6-50BA597C1C42}.ScriptData_temp_installer_name", "vbates_clkmusex_.exe");
user_pref("{2395B860-45E4-42fd-96E6-50BA597C1C42}.ScriptData_temp_version", "2.0.0.461|||8641432533641034");
user_pref("{2395B860-45E4-42fd-96E6-50BA597C1C42}.ScriptData_toolbarID", "88fe7f20e3c047449a8aa8718b0c74d6");
user_pref("{2395B860-45E4-42fd-96E6-50BA597C1C42}.ScriptData_VBATES_executeCode", "not set");
user_pref("{2395B860-45E4-42fd-96E6-50BA597C1C42}.ScriptData_VBATES_ga_redirected", "not set");
user_pref("{2395B860-45E4-42fd-96E6-50BA597C1C42}.ScriptData_VBATES_ga_redirectedUrl", "not set");
user_pref("{2395B860-45E4-42fd-96E6-50BA597C1C42}.ScriptData_VBATES_lastUpdate", "1432533651258|||8641432533651259");
user_pref("{2395B860-45E4-42fd-96E6-50BA597C1C42}.ScriptData_VBATES_redirectURL", "not set");
user_pref("{2395B860-45E4-42fd-96E6-50BA597C1C42}.ScriptData_VBATES_referer", "not set");
user_pref("{2395B860-45E4-42fd-96E6-50BA597C1C42}.ScriptData_VBATES_status", "active");
user_pref("{2395B860-45E4-42fd-96E6-50BA597C1C42}.ScriptData_VBATES_whiteList", "not set");
user_pref("{2395B860-45E4-42fd-96E6-50BA597C1C42}.ScriptData_vbts_geo", "US|||8641432533645796");
user_pref("{2395B860-45E4-42fd-96E6-50BA597C1C42}.setdefaultsearch_2.0.0.461", false);
user_pref("{2395B860-45E4-42fd-96E6-50BA597C1C42}.setdnscatch_2.0.0.461", false);
user_pref("{2395B860-45E4-42fd-96E6-50BA597C1C42}.sethomepage_2.0.0.461", false);
user_pref("{2395B860-45E4-42fd-96E6-50BA597C1C42}.setndsvalue_2.0.0.461", false);
---- FireFox user.js and prefs.js backups ---- 
 
prefs_20150802_0805_.backup
 
==== Deleting Files \ Folders ======================
 
C:\windows\SysNative\Tasks\JEQAT deleted
C:\PROGRA~3\DivX deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\User deleted
"C:\Windows\Installer\20b10f35.msi" deleted
 
==== Firefox Extensions ======================
 
ProfilePath: C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\e17p0ect.default
- cccc5f0db9d0431488b57e27551f9e84jetpack - %ProfilePath%\extensions\cccc5f0d-b9d0-4314-88b5-7e27551f9e84@jetpack
- jid0jJRRRBMgoShUhb07IvnxTBAl29wjetpack - %ProfilePath%\extensions\jid0-jJRRRBMgoShUhb07IvnxTBAl29w@jetpack
 
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
==== Firefox Plugins ======================
 
Profilepath: C:\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\e17p0ect.default
18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013
9291708CCD967887AF94BE708B43D64D - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll - Microsoft Office 2013
 
 
==== Chromium Look ======================
 
Google Chrome Version: 44.0.2403.125
 
 
Chrome Hotword Shared Module - Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
 
==== Chromium Startpages ======================
 
C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Preferences
ts_spdy":true},"www.googleadservices.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.googleapis.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":279087},"supports_spdy":true},"www.googletagmanager.com:443":{"supports_spdy":true},"www.googletagservices.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true},"www.googletagservices.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.gstatic.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":23856},"supports_spdy":true},"www.gstatic.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.telize.com:443":{"supports_spdy":true},"www.youtube-nocookie.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":104905},"supports_spdy":true},"www.youtube.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":49463},"supports_spdy":true},"www.youtube.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"yt3.ggpht.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":101514},"supports_spdy":true}},"supports_quic":{"address":"192.168.1.14","used_quic":true},"version":3},"network_prediction_options":2},"ntp":{"app_page_names":["Apps"],"collapsed_foreign_sessions":{}},"partition":{"per_host_zoom_levels":{"2166136261":{"www.bleepingcomputer.com":-0.5778829311823857}}},"password_bubble":{"nopes":1},"plugins":{"migrated_to_pepper_flash":true,"plugins_list":[],"removed_old_component_pepper_flash_settings":true},"profile":{"avatar_bubble_tutorial_shown":2,"avatar_index":0,"content_settings":{"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{"[*.]googleads.g.doubleclick.net,*":{"setting":2},"[*.]ib.adnxs.com,*":{"setting":2},"[*.]www.westminster.ac.uk,*":{"setting":2}},"fullscreen":{"[*.]ellentube.com,*":{"setting":1},"[*.]gawker.com,*":{"setting":1},"[*.]m.mobiledia.com,*":{"setting":1},"[*.]portal.stretchinternet.com,*":{"setting":1},"[*.]skinsocial.tumblr.com,*":{"setting":1},"[*.]teamcoco.com,*":{"setting":1},"[*.]whenonearth.net,*":{"setting":1},"[*.]www.azcentral.com,*":{"setting":1},"[*.]www.cities97.com,*":{"setting":1},"[*.]www.cultofmac.com,*":{"setting":1},"[*.]www.eonline.com,*":{"setting":1},"[*.]www.imdb.com,*":{"setting":1},"[*.]www.liftable.com,*":{"setting":1},"[*.]www.loreal-paris.co.uk,*":{"setting":1},"[*.]www.netflix.com,*":{"setting":1},"[*.]www.palgraveconnect.com.ezproxy.westminster.ac.uk,*":{"setting":1},"[*.]www.today.com,*":{"setting":1},"[*.]www.usmagazine.com,*":{"setting":1},"https://[*.]vimeo.com:443,*":{"setting":1},"https://[*.]www.tumblr.com:443,*":{"setting":1},"https://[*.]www.yahoo.com:443,*":{"setting":1},"https://[*.]www.youtube.com:443,*":{"setting":1}},"geolocation":{},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{"[*.]java.com,*":{"setting":1},"[*.]trailers.apple.com,*":{"setting":1}},"popups":{"https://[*.]go.oasis.asu.edu:443,*":{"setting":1}},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"[*.]ellentube.com,*":{"fullscreen":1},"[*.]gawker.com,*":{"fullscreen":1},"[*.]googleads.g.doubleclick.net,*":{"cookies":2},"[*.]ib.adnxs.com,*":{"cookies":2},"[*.]java.com,*":{"plugins":1},"[*.]m.mobiledia.com,*":{"fullscreen":1},"[*.]portal.stretchinternet.com,*":{"fullscreen":1},"[*.]skinsocial.tumblr.com,*":{"fullscreen":1},"[*.]teamcoco.com,*":{"fullscreen":1},"[*.]trailers.apple.com,*":{"plugins":1},"[*.]whenonearth.net,*":{"fullscreen":1},"[*.]www.azcentral.com,*":{"fullscreen":1},"[*.]www.cities97.com,*":{"fullscreen":1},"[*.]www.cultofmac.com,*":{"fullscreen":1},"[*.]www.eonline.com,*":{"fullscreen":1},"[*.]www.imdb.com,*":{"fullscreen":1},"[*.]www.liftable.com,*":{"fullscreen":1},"[*.]www.loreal-paris.co.uk,*":{"fullscreen":1},"[*.]www.netflix.com,*":{"fullscreen":1},"[*.]www.palgraveconnect.com.ezproxy.westminster.ac.uk,*":{"fullscreen":1},"[*.]www.today.com,*":{"fullscreen":1},"[*.]www.usmagazine.com,*":{"fullscreen":1},"[*.]www.westminster.ac.uk,*":{"cookies":2},"http://abc.go.com:80,http://abc.go.com:80":{"geolocation":1,"last_used":{"geolocation":1421269518.466881}},"http://hlc.quia.com:80,*":{"media-stream-camera":1,"media-stream-mic":1},"http://news.moviefone.com:80,http://news.moviefone.com:80":{"geolocation":2},"http://www.greatclips.com:80,http://www.greatclips.com:80":{"geolocation":2},"http://www.mapmyride.com:80,http://www.mapmyride.com:80":{"geolocation":1,"last_used":{"geolocation":1423920767.503793}},"http://www.t-mobile.com:80,http://www.t-mobile.com:80":{"geolocation":2},"http://www.taylor-walker.co.uk:80,http://www.taylor-walker.co.uk:80":{"geolocation":1,"last_used":{"geolocation":1426361611.088979}},"https://[*.]go.oasis.asu.edu:443,*":{"popups":1},"https://[*.]vimeo.com:443,*":{"fullscreen":1},"https://[*.]www.tumblr.com:443,*":{"fullscreen":1},"https://[*.]www.yahoo.com:443,*":{"fullscreen":1},"https://[*.]www.youtube.com:443,*":{"fullscreen":1},"https://do-it.org:443,https://do-it.org:443":{"geolocation":1,"last_used":{"geolocation":1426026935.138113}},"https://plus.google.com:443,*":{"last_used":{"media-stream-camera":1426807767.720938,"media-stream-mic":1426807749.693234},"media-stream-camera":1,"media-stream-mic":1},"https://translate.google.com:443,*":{"media-stream-mic":1},"https://www.google.co.uk:443,https://www.google.co.uk:443":{"geolocation":1,"last_used":{"geolocation":1426465436.833873}},"https://www.google.com:443,https://www.google.com:443":{"geolocation":1},"https://www.itv.com:443,https://www.itv.com:443":{"geolocation":2},"https://www.walkaboutbars.co.uk:443,https://www.walkaboutbars.co.uk:443":{"geolocation":1,"last_used":{"geolocation":1421518904.514679}}},"pref_version":1},"created_by_version":"43.0.2357.134","default_content_setting_values":{"popups":1},"default_content_settings":{"popups":1},"exit_type":"Normal","exited_cleanly":true,"gaia_info_picture_url":"https://lh4.googleusercontent.com/-iALSTdkW2tE/AAAAAAAAAAI/AAAAAAAADPA/AHcPnP_1aaU/s256-c/photo.jpg","gaia_info_update_time":"13083021873016474","icon_version":3,"managed_user_id":"","managed_users":{},"migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"First user","per_host_zoom_levels":{}},"protection":{"macs":{"extensions":null}},"reverse_autologin":{"enabled":false},"safebrowsing":{"extended_reporting_enabled":true},"savefile":{"default_directory":"C:\\Users\\Jordan\\Desktop"},"search":{"suggest_enabled":false},"selectfile":{"last_directory":"C:\\Users\\Jordan\\Desktop"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13082114343418879"},"signin":{"signedin_time":"13082114615209778"},"sync":{"memory_warning_count":0,"session_sync_guid":"session_syncAZBG9AUtYRwKYEEj7AdQ6A==","shutdown_cleanly":false,"suppress_start":false},"translate_accepted_count":{"az":0,"bg":0,"cs":1,"de":1,"en":0,"es":0,"fr":0,"ko":2,"pt":1,"ru":0},"translate_blocked_languages":["en"],"translate_denied_count":{"az":1,"bg":1,"cs":0,"de":0,"en":1,"es":1,"fr":1,"ko":0,"pt":0,"ru":2},"translate_too_often_denied":true,"translate_whitelists":{}}
,"https://wallet.google.com/","https://wallet-web.sandbox.google.com/","https://www.google.com/","https://www.googleapis.com/*"],"update_url":"https://clients2.google.com/service/update2/crx","version":"0.1.2.0"},"path":"nmmhkkegccagdldgiimedpiccmgmieda\\0.1.2.0_0","preferences":{},"regular_only_preferences":{},"running":false,"state":1,"was_installed_by_default":true,"was_installed_by_oem":false},"pafkbggdmjlpgkdkcbjmhmfcdpncadgh":{"active_permissions":{"api":["alarms","gcm","identity","metricsPrivate","notifications","storage","tabs","webstorePrivate"],"explicit_host":["*://*.google.com/*","*://*.gstatic.com/*","https://*.googleapis.com/*","https://*.googleusercontent.com/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":["alarms.onAlarm","gcm.onMessage","identity.onSignInChanged","notifications.onButtonClicked","notifications.onClicked","notifications.onClosed","notifications.onPermissionLevelChanged","notifications.onShowSettings","runtime.onInstalled","runtime.onStartup","runtime.onSuspend","storage.onChanged"],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13083022928808283","location":5,"manifest":{"background":{"persistent":false,"scripts":["utility.js","cards.js","background.js"]},"description":"Integrates Google Now into Chrome.","icons":{"128":"images/icon128.png","16":"images/icon16.png","48":"images/icon48.png"},"key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhqJr32OFD/bMXW4Md7jMfd7LbwHXVc6x5bBQG5U+dloofoxrICDR20yur/40mQ8O//0sS1b8srvbab1CRlSrxoNCr9T80NAkfzx0gHyVS+p1Zow+1FzLMu9PiGwwFyN80HIB7GI/dIa0wC9K/2OrrzcHEhVH96DacTtWQqjfDVtZPjT7Xwv23dgoWcpbkRC86jMJot3dmX9xnn0KzoVc9gDOHSIkBLbkkr6Sp3LGXCCM4L0DJgxdFwaLr5WBzgC3y5x0/wwPIwN4PtIaK3BhH6njlksfnKwwIJ9iRT41V4BqbWu4mszO/7VJ3HJyw2DBpIc2grU9ZRRxrV3fRQG4wIDAQAB","manifest_version":2,"name":"Google Now","oauth2":{"auto_approve":true,"scopes":["https://www.googleapis.com/auth/gcm","https://www.googleapis.com/auth/googlenow"]},"optional_permissions":["background"],"permissions":["alarms","gcm","identity","metricsPrivate","notifications","storage","tabs","webstorePrivate","*://*.google.com/*","*://*.gstatic.com/*","https://*.googleapis.com/chromenow/v1/*","https://*.googleapis.com/gcm/*","https://*.googleusercontent.com/*"],"version":"1.2.0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\44.0.2403.125\\resources\\google_now","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false}}},"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"1AB31F4C04D7B7256F41E8C02D0EDD8B9DFDA6B428263879CA293D1BF7E44DF3"},"default_search_provider":{"keyword":"33CFF058E4061379EE6C4A799D40C54FAC7E6A71941B17E0CFCD1933925F4EDC","name":"7D5C6D893E206CB43AC9D90124207E2E2E45698393DE04EB96D38A539DD086E0","search_url":"F44D8E653C0341A465AD51AF44615DADB90A192338BDC20769BB84ECE76405F9"},"default_search_provider_data":{"template_url_data":"A5B858C06C99F79C1821D128C3D4BA81F04DFA11B1453F8720BF5B06CD02ED9B"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"ED46BF28F1048B4BD9616EE9C0C0C060F26D08645B67819B8AE99FFB369112CD","bepbmhgboaologfdajaanbcjmnhjmhfn":"4F5F546C3F3F0188540479C42458F6181A6284986C041E66B562577E3B8D06D2","eemcgdkfndhakfknompkggombfjjjeno":"BE55C5D7B086B15614E6C4774397B36841091F124ED070EECC3068E95C64FD34","ennkphjdgehloodpbhlhldgbnhmacadg":"2A82078045438D4DDFE8EF5A7C1970F1F4B2593CE243AA2F9F00CA017D878151","gfdkimpbcpahaombhbimeihdjnejgicl":"775CB7FB627866240B6F62C24441051ECF84FD7BE41DAFF67BDC782E7F0398FD","kmendfapggjehodndflmmgagdbamhnfd":"E5033621E53D4C325AE3461C0A882F8BE343154188F7892CA93EE122632B05CC","lccekmodgklaepjeofjdjpbminllajkg":"5B89674823A67B5BEDE8186DA32039D5034D85EC6C9BFC74AE85C25C04A80947","mfehgcgbbipciphmccgaenjidiccnmng":"BEA05F7766CE40105FEF7A9DCFBE0C9E5B462E064E307D20ACAEB9059A6DEDF6","mgndgikekgjfcpckkfioiadnlibdjbkf":"6AFB4CBAB9AAE2D7E1FBF275482E58C77D7092A6E835F4E65E837AF7FE55869B","mhjfbmdgcfjbbpaeojofohoefgiehjai":"41D28E9A450EB6D339A57BAAD78EF1A9E1558C6909AA15B9427442CF1FC51838","nbpagnldghgfoolbancepceaanlmhfmd":"74F89EBAFC0327D65DA5DF690ED3D6CEF16A9AC45F931D817CAB9EDE15B431E1","neajdppkdcdipfabeoofebfddakdcjhd":"85F813950B1966A43E42C7195B6863DC76233C85ADB4159B22D84A6991458C45","nkeimhogjdpnpccoofpliimaahmaaome":"6E8AC3B8E1B6E54113782D0465C38B23631C6D294B2B60D64E087A8D5CB7C1B6","nmmhkkegccagdldgiimedpiccmgmieda":"2A0129A146D4861C1F0F4534CBCC05ABDD12CE46A59F63882F509D827C4915D0","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"B2671C73E73AAD6192D1A323CE9733C31CF6BC1D4FDAACDD00A774F8AA5F2580"}},"google":{"services":{"account_id":"756D4092215241989938D8F82C806E633611F9F670C5FBCBFC37B6B604A00E23","last_username":"B77F0BF9C0677C6E76BB96DABB9F805F91193934987E656728DCB83C38BECF28","username":"0ACDB87DA6EF335035375F4815421214202A198CF4CA874EBCF2C2443CE401F4"}},"homepage":"8F6758129483E9D6F035125F0021EFEB444C482003E7F4D58B9D3AE47526ABDD","homepage_is_newtabpage":"D109156DEF71B8289FE45B9C556A8D246CB1A7AB21D9286D1F77D7A44717026A","pinned_tabs":"66FDBE1431C5709191553F3F285ECDC28C42513E43F7382001B52BD516AE75EC","prefs":{"preference_reset_time":"C5938C9709B5DE0253246A95F784C38AFD5A907C6047BA77757650E775B2E9E9"},"profile":{"reset_prompt_memento":"33F21EF6C9B8663C578E0631A703C297186FCBE7203BD02E6F78D214BF0A4154"},"safebrowsing":{"incidents_sent":"9738495FE5FA087060BBC2679163C6DB43E9606C2E165E57CA416A5DA4E69EB1"},"search_provider_overrides":"9662BA3871FA4B4A69FD92CF4EE8B64476585B7EC388CF76B5B023F76149A421","session":{"restore_on_startup":"C9FB9FAB231FE1EB77DA5C0911D1597B78673E8BB1D5AFE0E354FAB419883C0D","startup_urls":"C252079BF2EEA243DCE7DD81890E1E90549AB73C6A6C8EA5AE452F55FDD8C39C"},"software_reporter":{"prompt_reason":"267432859D9DEA1FA40B2B265485592CE3BFE0E9DAD60BA1B173B771CAA68EC6","prompt_seed":"263C8122AD2517C7DCB5618A75A241A87179A20ABEDB74D8FCFF7580C0D08E7E","prompt_version":"0ADF31D758B29E0ABACEA45F5464E416813AE63869383F11ADD7898CD3BE61F2"},"sync":{"remaining_rollback_tries":"CAB1EFD7D8E5E3003664FAD2F540DE65658D9B32952DFA8FB0D35775FE76475E"}},"super_mac":"BC7E708C5F18CD0C96E70271AAB033903DD3287A5B7C74689BFF3B870FF34617"}}
 
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Old Start Page"="http://www.google.com"
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Old Start Page"="http://www.google.com"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4 deleted successfully
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jordan\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Jordan\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Cache found
 
==== Empty Chrome Cache ======================
 
C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
No Java Cache Found
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=15 folders=13 9408935 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Jordan\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\Jordan\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on Sun 08/02/2015 at 20:08:09.80 ======================
 
 
 
 
 
ESET
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\System\SysMenu.dll.vir a variant of Win32/SpeedBit.F potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\System\SysMenu64.dll.vir a variant of Win32/SBWatchman.D potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\shopperz\krios.dll.vir a variant of Win32/Toolbar.Perion.K potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe.vir Win32/Toolbar.Iminent.G potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Umbrella\Umbrella234.exe.vir a variant of Win32/Toolbar.Iminent.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Umbrella\Umbrella234_bkp.exe.vir a variant of Win32/Toolbar.Iminent.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Umbrella\Umbrella234_upd.exe.vir a variant of Win32/Toolbar.Iminent.J potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\coupoon\iiwjljrnpc64.exe.vir a variant of Win64/Adware.Adpeak.F application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\coupoon\nfapi.dll.vir a variant of Win64/NetFilter.A potentially unsafe application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\{31557cea-28b7-420e-3155-57cea28bf3a8}\hqghumeaylnlf.exe.vir a variant of Win32/Adware.SpeedingUpMyPC.AP application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\{47b86c12-a77b-022a-47b8-86c12a77b04a}\hqghumeaylnlf.exe.vir a variant of Win32/Adware.SpeedingUpMyPC.AP application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\{76434efc-9f82-a799-7643-34efc9f83bf2}\hqghumeaylnlf.exe.vir a variant of Win32/Adware.SpeedingUpMyPC.AP application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\{90c113b9-4716-5b59-90c1-113b94714ee5}\hqghumeaylnlf.exe.vir a variant of Win32/Adware.SpeedingUpMyPC.AP application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\{b389431c-12f5-abfa-b389-9431c12f0c70}\hqghumeaylnlf.exe.vir a variant of Win32/Adware.SpeedingUpMyPC.AP application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\{d85bca65-d0b0-279f-d85b-bca65d0b2997}\hqghumeaylnlf.exe.vir a variant of Win32/Adware.SpeedingUpMyPC.AP application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\4C4C4544-1432528740-4210-8054-C8C04F433132\onso8A68.tmp.vir Win32/Adware.ConvertAd.PZ application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\4C4C4544-1432528740-4210-8054-C8C04F433132\pnso8A69.exe.vir a variant of Win32/Adware.ConvertAd.QH application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\4C4C4544-1432528740-4210-8054-C8C04F433132\rnso8A67.exe.vir Win32/Adware.ConvertAd.QC application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\4C4C4544-1432528740-4210-8054-C8C04F433132\snso8A66.tmp.vir a variant of Win32/Adware.ConvertAd.QW application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Local\4C4C4544-1432528740-4210-8054-C8C04F433132\Uninstall.exe.vir Win32/Adware.ConvertAd.PY application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Roaming\jPrWzPtqJXLGWtc3IcoWIo3Kv.exe.vir a variant of Win32/Toolbar.CrossRider.CB potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Roaming\jPrWzPtqJXLGWtc3IcoWIo3Kv.vir JS/Toolbar.Crossrider.C potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Roaming\zQ8XTlbKUmkJ.exe.vir a variant of Win32/Toolbar.CrossRider.CB potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Roaming\zQ8XTlbKUmkJ.vir JS/Toolbar.Crossrider.I potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Roaming\AnyProtectEx\swf\swfmbU.swf.vir Win32/AnyProtect.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Roaming\AnyProtectEx\swf\swfsgb.swf.vir Win32/AnyProtect.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Roaming\AnyProtectEx\swf\swfvM.swf.vir Win32/AnyProtect.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\e17p0ect.default\Extensions\minibar@go.im.xpi.vir Win32/Toolbar.Iminent.I potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\netfilter64.sys.vir a variant of Win64/NetFilter.A potentially unsafe application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{1d672de2-cd4a-47bd-a031-f1b874644e67}Gw64.sys.vir a variant of Win64/NetFilter.A potentially unsafe application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{6dd55e9a-3d06-4d70-b5e7-05fc3e0a3d66}Gw64.sys.vir a variant of Win64/NetFilter.A potentially unsafe application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{848705a5-8a27-403e-9b59-732d0608bcbc}Gw64.sys.vir a variant of Win64/NetFilter.A potentially unsafe application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{968e4bd1-22f7-4a1a-bbad-c628b03eba58}Gw64.sys.vir a variant of Win64/NetFilter.A potentially unsafe application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{971996ef-3943-49ca-8134-173a395c95cf}Gw64.sys.vir a variant of Win64/NetFilter.A potentially unsafe application cleaned by deleting - quarantined
C:\Users\Jordan\Desktop\requested-files[2015-08-02_20_17].cab a variant of Win32/Amonetize.GC.gen potentially unwanted application deleted - quarantined
C:\Users\Jordan\Downloads\ccsetup501.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Jordan\Downloads\dfsetup218.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Jordan\Downloads\SimCity BuildIt Hack 2015 Downloader.zip a variant of Win32/Amonetize.GC.gen potentially unwanted application deleted - quarantined
C:\Users\Jordan\Downloads\Unconfirmed 274277.crdownload a variant of Win32/OutBrowse.CB potentially unwanted application deleted - quarantined
C:\Users\Jordan\Downloads\uTorrent.exe a variant of Win32/OpenCandy.C potentially unsafe application cleaned by deleting - quarantined
 
 
 
 
 
Farbar Service Scanner Version: 26-07-2015
Ran by Jordan (administrator) on 02-08-2015 at 21:45:43
Running from "C:\Users\Jordan\Desktop"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****
 

 

Attached Files



#6 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:46 PM

Posted 03 August 2015 - 11:11 AM

Looking good. Nice work. :thumbup2: 
 

EmptyTemp: => 20 GB temporary data Removed.

Freed up an enormous amount of space
 
<<<<<<<<<<
 

Also uploaded the file requested

Thanks.  Here is a link if your curious to both those files you uploaded.
 
https://www.virustotal.com/file/25da9b054b8d638433f753c47ab222fef0dc5c42e0fc664c0296756c29812eac/analysis/1438548783/
https://www.virustotal.com/file/b125749a4db688749d665f90a9f2d56984fc41b4a80c06b14f85895250caba3b/analysis/1438571916/

 

Countless more malware was removed.  Your sister is lucky she didn't end up with ransomeware or a file infector.  The outcome would not have been so bright.
 
<<<<<<<<<<
 

cleaned by deleting - quarantined

Looks like you enabled cleaning with ESET, correct?
 
<<<<<<<<<<

I think your all set.
Do you have any questions?
Is there anything else your concerned about that I can help with?

<<<<<<<<<<

Please take the time to carefully review this info contained below. Its invaluable.

Answers to common security questions - Best Practices

<<<<<<<<<<

bwebb7v.jpgDownload Delfix from here and save it to your desktop.

  • Ensure Remove disinfection tools is checked.
  • Also place a checkmark next to:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click the Run button.

When the tool is finished, a log will open in notepad. Please copy and paste the log in your next reply.

Kind Regards,
thcbytes


Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#7 Cjshoop99

Cjshoop99
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 03 August 2015 - 07:34 PM

Hey again, everything seems good, except I received an error when using DelFix. DelFix still seemed to work once I pressed ok, but I'm not sure why I got the error, or if it's anything important anyway. I also noticed that the numpad doesn't seem to work (don't worry, I did make sure to hit the numlock button). I don't know if that's the result of the infection or what but just wanted to make note of it. Attached is the error and delfix log.

 

# DelFix v1.010 - Logfile created 03/08/2015 at 17:19:18
# Updated 26/04/2015 by Xplode
# Username : Jordan - KHALEESI
# Operating System : Windows 8.1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\RegBackup
Deleted : C:\zoek-results.log
Deleted : C:\Users\Jordan\Desktop\AdwCleaner.exe
Deleted : C:\Users\Jordan\Desktop\esetsmartinstaller_enu.exe
Deleted : C:\Users\Jordan\Desktop\FRST64.exe
Deleted : C:\Users\Jordan\Desktop\FSS.exe
Deleted : C:\Users\Jordan\Desktop\JRT.exe
Deleted : C:\Users\Jordan\Desktop\zoek.exe
Deleted : C:\Users\Jordan\Downloads\AdwCleaner (1).exe
Deleted : C:\Users\Jordan\Downloads\AdwCleaner.exe
Deleted : C:\Users\Jordan\Downloads\JRT.exe
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #52 [Windows Update | 07/21/2015 09:22:37]
Deleted : RP #53 [Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 | 07/22/2015 23:23:20]
Deleted : RP #54 [Removed PCMATICPLUS | 07/23/2015 07:50:50]
Deleted : RP #55 [Removed WeatherApp | 07/23/2015 07:52:07]
Deleted : RP #56 [Removed BrowseForTheCause | 07/23/2015 07:52:46]
Deleted : RP #57 [JRT Pre-Junkware Removal | 08/02/2015 21:15:22]
Deleted : RP #58 [zoek.exe restore point | 08/03/2015 02:56:33]

New restore point created !

########## - EOF - ##########

Attached Files



#8 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:46 PM

Posted 03 August 2015 - 10:01 PM

Hi again,

The error is of no concern and can be ignored. Thanks for posting it.
 

I also noticed that the numpad doesn't seem to work


Alright. I know it will sound like a stupid question but you did say this is your sisters computer. Are you sure it was working previously?  Did you try a reboot?

Try this....
  • Type cmd in the search box, right click and run cmd.exe
  • Copy and paste the following after the command prompt and press Enter
CMD /C ECHO Y|CHKDSK /R C: /R | SHUTDOWN /R /T 10
  • Please allow the system to reboot on its own and run the program. This may take a bit of time
  • When completed your system will automatically reboot
  • If any errors were detected/corrected rerun the steps
  • Report the results in your reply
<<<<<<<<<<

Then this...
  • Type cmd in the search box, right click and run cmd.exe
  • Copy and paste the following after the command prompt and press Enter
sfc /scannow
  • Be patient this takes a long time
<<<<<<<<<<

And finally this...
  • Type cmd in the search box, right click and run cmd.exe
  • Copy and paste the following after the command prompt and press Enter
type C:\Windows\Logs\CBS\CBS.log > C:\Users\Jordan\Desktop\[b]cbs.txt[/b]
  • Please ATTACH the cbs.txt on your desktop into your next reply
<<<<<<<<<<
 
 
Is it working now?

What is the make and model of that computer?
 
Kind regards,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#9 Cjshoop99

Cjshoop99
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 05 August 2015 - 01:43 AM

Ok, here are the results. I tried the chkdsk, but wasn't able to see it finish. I assume it did, as the computer was plugged in so it didn't die or anything like that. When I got home from running some errands, the computer was off. I also did the sfc scan. Attached is the cbs log. I also didn't mention (and I don't think I had noticed) before that only the numbers do not work. Symbols surrounding the numbers work fine. Also, when hitting numlock, a high pitch beep sounds, or a lower pitched beep if the last beep was the high pitch. It seems like numlock is on after a low pitch beep, as that's the only time the symbols work.

Attached Files

  • Attached File  cbs.txt   6.37MB   2 downloads


#10 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:46 PM

Posted 05 August 2015 - 09:53 AM

You didn't answer my questions. What is the make and model of the computer? Is it a notebook or desktop? How long has this problems been present? Did the sfc resolve the problem? I assume the answer is no. This is either a harware or software issue. Computer security is my strength but let me see if I can problem solve this for you. If not then I will get you more appropriate help from our site. Ok?

  • Press the windows icon
  • type in Ease of Access in the search box
  • Press enter
  • Select on screen keyboard
  • Click Options
  • Select the Numeric Keypad check box
  • Click ok

Success?

If not then please try this..

  • Windows key
  • Search box
  • Control Panel
  • Ease Of Access Center
  • Change how your keyboard works
  • Untick 'Turn On Mouse Keys'

Success?


Edited by thcbytes, 05 August 2015 - 09:54 AM.

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#11 Cjshoop99

Cjshoop99
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 06 August 2015 - 12:48 AM

Sorry about that, its a notebook. It's a Dell Inspiron 15. I talked to my sister who doesn't think it was broken before all the viruses showed up. The problem hasn't been resolved after either the sfc or chkdsk scans. Ah! Unchecking the "turn on mouse keys" did the trick. Is there anything else?



#12 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:46 PM

Posted 06 August 2015 - 07:09 AM

That's great! :thumbup2:

 

You should be good.

 

Safe surfing.

 

Kind regards,

thcbytes


Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#13 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:46 PM

Posted 24 August 2015 - 09:26 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users