Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected Chrome browser, many instances


  • This topic is locked This topic is locked
23 replies to this topic

#1 Direwolfe

Direwolfe

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 30 November 2015 - 04:02 PM

We have many users who have got some kind of infection of Chrome browser affecting both Windows 7 and Chrome OS (chromebooks).  THe condition is that search produces a series of results and then quickly refreshes to show many new results from Addonjet.com all of which lead to fake antivi or similar malware hijacks.  before or after that happens a captcha from ipv4.google.com comes up saying suspicious activity has occurred.  A tab for reimageplus.com crops up, and then many variants of malware hijacks.

Malware bytes may or may not detect anything, but often not and removals have no effect.

There is no unexpected program in Cotnrol Panel.  There is no unexpected Extension in chrome://extensions ...

 

Generally, I can fix the problem in Windows by shutting down Chrome, and renaming C:\Users\<profilename>\AppData\Google\Chrome\Default  and then reopening Chrome.  I don't know how long that fix will last, since I don't know where the original infectino came from, and it is very widespread.

Reset the profile in Chrome did not fix the problem.

ALthough Mbam doesn't find anything installed, if i use the pro version I can see many outbound requests from Chrome.exe to malicious sites.  These stop after the Default folder is renamed or removed.

Various webpages about Addonjet don't seem to address this condition.
Does anyone have some more information or experience?


Edited by Orange Blossom, 02 December 2015 - 01:08 PM.
Moved from MRL to Am I Infected - Hamluis. Moved back. ~ OB


BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:12 AM

Posted 30 November 2015 - 07:47 PM

Hello Direwolfe and Welcome to the BleepingComputer. :welcome:
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
---------------------------------------------------------------------------------------------------------
 
Please do the following.

 

 

Step 1:
 Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete or Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 2:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 3:

Please download ZHPcleaner to your desktop.

  • Double click on ZHPCleaner to run the tool.
  • If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click ZHPCleaner and select "Run as Administrator".
  • Please klick Ashampoo_Snap_20140819_13h09m50s_001__zp
  • Then press ''Repair'' button.
  • Browsers will automatically shut down.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.

Step 4:

  • Temporarily disable your Antivirus protection - if you don't know how to do that, please consult the article below.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Please download ZOEK and save it to your desktop (preferred version is the *.exe one - upper left corner).

http://hijackthis.nl/smeenk/

  • Attached to this message you will find a file called zoekscript

txt.gif  zoekscript.txt   188bytes   18 downloads

  • Download it too and save to your desktop - _it needs to be in the same location as the ZOEK tool
  • Drag zoekscript file and drop it onto ZOEK icon - this should launch the program:
  • The scan may take a while and may need a reboot.
  • Upon completion a file zoek-results should appear.
  • Attach it for my review.

Step 5:
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure the following option is checked: addition.png
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Sincerely  . :hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 Direwolfe

Direwolfe
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 01 December 2015 - 08:50 AM

# AdwCleaner v5.023 - Logfile created 01/12/2015 at 08:47:41
# Updated 30/11/2015 by Xplode
# Database : 2015-11-30.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : dwolfe - DWOLFE-CTS246
# Running from : C:\Users\dwolfe\Desktop\adwcleaner_5.023.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Value Deleted : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Description

***** [ Web browsers ] *****

[-] [C:\Users\adminlocal\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\adminlocal\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - I:\AdwCleaner\AdwCleaner[C1].txt - [1067 bytes] ##########
 



#4 Direwolfe

Direwolfe
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 01 December 2015 - 09:07 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 7 Professional x64
Ran by dwolfe (Administrator) on Tue 12/01/2015 at  8:52:54.57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 2

Successfully deleted: C:\Users\dwolfe\AppData\Roaming\Mozilla\Firefox\Profiles\ohiqb4f9.default\extensions\bingsearch.full@microsoft.com\search.xml (File)
Successfully deleted: C:\Windows\SysWOW64\REN6E2.tmp (File)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 12/01/2015 at  8:54:00.27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


Edited by Direwolfe, 01 December 2015 - 09:17 AM.


#5 Direwolfe

Direwolfe
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 01 December 2015 - 09:16 AM

~ ZHPCleaner v2015.12.1.388 by Nicolas Coolman (2015/12/01)
~ Run by dwolfe (Administrator)  (01/12/2015 09:14:04)
~ Site : http://www.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\dwolfe\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\dwolfe\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Deactivate
~ Boot Mode : Normal (Normal boot)
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (0)
~ No malicious or unnecessary items found.


---\\  Hosts file (1)
~ The hosts file is legitimate (21)


---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\  Explorer ( File, Folder) (0)
~ No malicious or unnecessary items found.


---\\  Registry ( Key, Value, Data) (11)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\Download.SwInstaller [SwInstaller Class]  =>PUP.Optional.CrossRider
DELETED key*: [X64] HKLM\SOFTWARE\Classes\Download.SwInstaller.1 [SwInstaller Class]  =>PUP.Optional.CrossRider
DELETED key*: [X64] HKLM\SOFTWARE\Classes\Download.SwInstallerAttributes [SwInstallerAttributes Class]  =>PUP.Optional.CrossRider
DELETED key*: [X64] HKLM\SOFTWARE\Classes\Download.SwInstallerAttributes.1 [SwInstallerAttributes Class]  =>PUP.Optional.CrossRider
DELETED key*: [X64] HKLM\SOFTWARE\Classes\FwsCtrl.BrowserProtection [BrowserProtection Class]  =>PUP.Optional.Eazel
DELETED key*: [X64] HKLM\SOFTWARE\Classes\FwsCtrl.BrowserProtection.1 [BrowserProtection Class]  =>PUP.Optional.Eazel
DELETED key*: [X64] HKLM\SOFTWARE\Classes\Swdir.SwInstallerCtl [SwInstallerCtl Class]  =>PUP.Optional.CrossRider
DELETED key*: [X64] HKLM\SOFTWARE\Classes\Swdir.SwInstallerCtl.1 [SwInstallerCtl Class]  =>PUP.Optional.CrossRider
DELETED key*: [X64] HKLM\SOFTWARE\Classes\Record\{C1AFD778-8023-3E59-A0E2-588515497CAF} [Infragistics.Win.UltraWinGrid.TabNavigation]  =>PUP.Optional.Abengine
DELETED key*: [X64] HKLM\SOFTWARE\Classes\Record\{CC4C7F73-ADBF-325E-A599-094D8AC1C4F9} [Infragistics.Win.UltraWinMaskedEdit.MaskedEditTabNavigation]  =>PUP.Optional.Abengine
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\074C3C132784AD44E8CCA61739DCD153 [C?\Program Files (x86)\Roxio\AudioCodecCommon 10\MSLUP80.dll]  =>PUP.Optional.CodecC


---\\  Summary of the elements found (4)






---\\  Other deletions. (9)
~ Registry Keys Tracing deleted (9)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 521
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 11


~ End of clean in 0 minutes
===================
ZHPCleaner-[R]-01122015-09_14_18.txt
ZHPCleaner-[S]-01122015-09_13_35.txt
 



#6 Direwolfe

Direwolfe
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 01 December 2015 - 09:41 AM

Zoek.exe v5.0.0.1 Updated 28-November-2015
Tool run by dwolfe on Tue 12/01/2015 at  9:25:07.31.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\dwolfe\Desktop\Bleeping\zoek.exe
Script used: C:\Users\dwolfe\Desktop\Bleeping\zoekscript.txt

==== System Restore Info ======================

12/1/2015 9:25:25 AM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\Users\dwolfe\AppData\Roaming\MPC-HC deleted successfully
C:\Users\adminlocal\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\dwolfe\AppData\Roaming\Mozilla\Firefox\Profiles\ohiqb4f9.default\prefs.js:
user_pref("browser.startup.homepage", "https://www.google.com/?gws_rd=ssl");
user_pref("browser.search.defaultenginename", "Bing ");
user_pref("browser.search.selectedEngine", "Bing ");
user_pref("keyword.URL", "http://www.bing.com/search?FORM=SL5BDF&PC=SL5B&q=");

Added to C:\Users\dwolfe\AppData\Roaming\Mozilla\Firefox\Profiles\ohiqb4f9.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\dwolfe\AppData\Roaming\Mozilla\Firefox\Profiles\ohiqb4f9.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_20151201_0935_.backup

==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\putty.exe deleted
C:\WinMTR.exe deleted
C:\PROGRA~3\{C9BA3C3E-AF1B-444E-BA3B-E3BAEF22E173} deleted
C:\PROGRA~3\Package Cache deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Users\dwolfe\AppData\Roaming\Mozilla\Firefox\Profiles\ohiqb4f9.default\extensions\bingsearch.full@microsoft.com deleted
C:\Users\dwolfe\AppData\Roaming\Mozilla\Firefox\Profiles\ohiqb4f9.default\Yahoo Inc deleted
"C:\Windows\Installer\c56815c.msi" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\dwolfe\AppData\Roaming\Mozilla\Firefox\Profiles\ohiqb4f9.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"MFVersion"="MF40.0.3 (x86 en-US)" []

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\dwolfe\AppData\Roaming\Mozilla\Firefox\Profiles\ohiqb4f9.default
B5CFBB8AC7C0069D80DBEAA72F3CE9E2    - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll -    Shockwave for Director / Shockwave for Director
F114FBA6246530B89DD1E04351E0EAC5    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll -    Shockwave Flash


==== Chromium Look ======================

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[]

Google Voice Search Hotword (Beta) - adminlocal\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Easy Auto Refresh - dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc
Google Docs Quick Create - dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bldgenmjegcnjebiongilahhcjldgmlm
Flash Master - dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cacfnookefkldifaigjdedpophfjkjeh
Chrome RDP - dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cbkkbcmdlboombapidmoeolnmdacpkch
Pushbullet - dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd
uBlock₀ - dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm
Network and Internet tools - dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ekpdpmpcgcmpaeokmclflfpadaklgpji
AudioRecorder - dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\enhfkjkjfhhdibpgjmiamdcdgmcjpplk
Speak It - dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\flkiofjljiokbnipbdgencagcmebhmib
Flash Playlist - dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gbajclanpfajnmiiihhnllgfobjbhpem
Chromium M - dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\haldlgldplgnggkjaafhelgiaglafanh
Pixlr Editor - dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\icmaknaampgiegkcjlimdiidlhopknpk
Auto Refresh - dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ifooldnmmcmlbdennkpdnlnbgbmfalko
White Noise & Background Music - dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jikjopkkmhnfbehghohhoejacideidmf
Google Drive App Launcher - dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
GCM - dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mbkbnpaepaelpfkjbhoaeeeeeofocldj
Switchboard Connectivity Diagnostics - dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mdkggkiojfaagmgdckmklejphlgkooea
Naptha - dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\molncoemjfmpgdkbdlbjmhlcgniigdnf
Read Mode - dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nagcaahojecfeopbghgihcabgiepploa
https //classroom.google.com/u/0/h - dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ndifebeddhacfbfdgbfgpfihhmihpdkm
Chromium License - dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nglgcjihmojkldimcblimgoikemiicfm
ScanQR - dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nihhbejdflkeingkkpakffdlmepaeaah
Schoology - dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pdikhgnhnnplhlnhhifpccbjhminhjol
SpeakIt - dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pgeolalilifpodheeocdmbhehgnkkbak
Secure Shell - dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pnhechapfaindjhompbnflcldabbghjo

==== Chromium Fix ======================

C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj deleted successfully
C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\chrome-extension_gbkeegbaiigmenfmjfclcdgdpimamgkj_0.localstorage deleted successfully
C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\chrome-extension_gbkeegbaiigmenfmjfclcdgdpimamgkj_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02

==== Reset Google Chrome ======================

C:\Users\adminlocal\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\adminlocal\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences was reset successfully
C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences was reset successfully
C:\Users\adminlocal\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data was reset successfully
C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data-journal was reset successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\358CA8E5BB5699C40AE9918B81151EC4 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5E8AC853-65BB-4C99-A09E-19B81851E14C} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\358CA8E5BB5699C40AE9918B81151EC4 deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\adminlocal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\dwolfe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\dwolfe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\dwolfe\AppData\Local\Mozilla\Firefox\Profiles\ohiqb4f9.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\adminlocal\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=857 folders=262 110712472 bytes)

==== Empty Temp Folders ======================

C:\Users\adminlocal\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\dwolfe\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\dwolfe\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Tue 12/01/2015 at  9:40:54.75 ======================
 



#7 Direwolfe

Direwolfe
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 01 December 2015 - 09:44 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-11-2015
Ran by dwolfe (administrator) on DWOLFE-CTS246 (01-12-2015 09:42:47)
Running from C:\Users\dwolfe\Desktop\Bleeping
Loaded Profiles: dwolfe (Available Profiles: adminlocal & dwolfe)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe
(IBM) C:\Program Files (x86)\IBM\Notes\nsd.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(IBM Corp) C:\Program Files (x86)\IBM\Notes\SUService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.VEEAMSQL2012\MSSQL\Binn\sqlservr.exe
(IBM Corp) C:\Program Files (x86)\IBM\Notes\ntmulti.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Lightspeed Systems) C:\Program Files\Lightspeed Systems\User Agent\UAService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Veeam Software AG) C:\Program Files\Veeam\Backup and Replication\Backup\VeeamDeploymentSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Veeam Software AG) C:\Program Files (x86)\Veeam\vPowerNFS\VeeamNFSSvc.exe
(Veeam Software AG) C:\Program Files (x86)\Veeam\Backup Transport\VeeamTransportSvc.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(© 2015 Microsoft Corporation) C:\Users\dwolfe\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(OLYMPUS IMAGING CORP.) C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\SymCorpUI.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\SmcGui.exe
(Veeam Software AG) C:\Program Files\Veeam\Backup and Replication\Backup\Veeam.Backup.Service.exe
(Veeam Software AG) C:\Program Files\Veeam\Backup and Replication\Backup Catalog\Veeam.Backup.CatalogDataService.exe
(Veeam Software AG) C:\Program Files\Veeam\Backup and Replication\Backup\Veeam.Backup.Manager.exe
(Veeam Software AG) C:\Program Files\Veeam\Backup and Replication\Backup\Veeam.Backup.WmiServer.exe
(Veeam Software AG) C:\Program Files\Veeam\Backup and Replication\Backup\Veeam.Backup.CloudService.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510232 2014-01-17] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-61148750-1955273331-1737835142-15962\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
HKU\S-1-5-21-61148750-1955273331-1737835142-15962\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)
HKU\S-1-5-21-61148750-1955273331-1737835142-15962\...\Run: [BingSvc] => C:\Users\dwolfe\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-61148750-1955273331-1737835142-15962\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-61148750-1955273331-1737835142-15962\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-61148750-1955273331-1737835142-15962\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Detector 3.lnk [2015-10-13]
ShortcutTarget: Device Detector 3.lnk -> C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS IMAGING CORP.)
Startup: C:\Users\dwolfe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Citrix Receiver.lnk [2015-08-18]
ShortcutTarget: Citrix Receiver.lnk -> C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.2 10.0.0.4
Tcpip\..\Interfaces\{9161C306-9F0C-40B9-9604-EAFE758281E2}: [DhcpNameServer] 10.0.0.2 10.0.0.4

Internet Explorer:
==================
HKU\S-1-5-21-61148750-1955273331-1737835142-15962\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-61148750-1955273331-1737835142-15962 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-10-20] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-10-21] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-21] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-21] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-10-20] (Microsoft Corporation)
BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\bin\IPS\IPSBHO.DLL [2014-12-19] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-21] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-21] (Oracle Corporation)
DPF: HKLM-x32 {1788C32A-D79D-4B64-A410-8C554B126889} hxxps://mail.southseneca.org/dwa9W.cab
DPF: HKLM-x32 {EB3921F9-5FEA-4F03-9B53-6DD0B0FA4F59} hxxp://10.8.0.2/DX8100WebDVRLogoin.CAB
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\dwolfe\AppData\Roaming\Mozilla\Firefox\Profiles\ohiqb4f9.default
FF NewTab: about:newtab
FF SearchEngineOrder.3: Bing
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()
FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-21] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-10-01] (Citrix Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @vmware.com/vmrc,version=5.5.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.5\Firefox\np-vmware-vmrc.dll [2014-02-11] (VMware, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin-x32: vmware.com/client-support-plugin -> C:\Program Files (x86)\VMware\Client Integration Plug-in 5.5\npVMwareClientSupportPlugin-5-5-0.dll [2014-02-02] (VMware, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-01-23] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-09-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-09-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-09-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-09-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-09-25] (Apple Inc.)

Chrome:
=======
CHR Profile: C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Easy Auto Refresh) - C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2015-10-14]
CHR Extension: (Google Slides) - C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-14]
CHR Extension: (Google Docs) - C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-14]
CHR Extension: (Google Docs Quick Create) - C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bldgenmjegcnjebiongilahhcjldgmlm [2015-10-15]
CHR Extension: (YouTube) - C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-01]
CHR Extension: (Flash Master) - C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cacfnookefkldifaigjdedpophfjkjeh [2015-10-14]
CHR Extension: (Chrome RDP) - C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cbkkbcmdlboombapidmoeolnmdacpkch [2015-11-04]
CHR Extension: (Pushbullet) - C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2015-11-25]
CHR Extension: (uBlock Origin) - C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2015-11-04]
CHR Extension: (Google Search) - C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-01]
CHR Extension: (Text To Speech with Google Drive) - C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dogdgjickfenmhihlgiedkadbbabiagm [2015-11-13]
CHR Extension: (Chrome Connectivity Diagnostics) - C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eemlkeanncmjljgehlbplemhmdmalhdc [2015-10-14]
CHR Extension: (Adobe Acrobat) - C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-11-09]
CHR Extension: (Google Calendar) - C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-14]
CHR Extension: (Network and Internet tools) - C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ekpdpmpcgcmpaeokmclflfpadaklgpji [2015-11-23]
CHR Extension: (AudioRecorder) - C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\enhfkjkjfhhdibpgjmiamdcdgmcjpplk [2015-11-03]
CHR Extension: (Google Sheets) - C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-14]
CHR Extension: (Speak It) - C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\flkiofjljiokbnipbdgencagcmebhmib [2015-11-05]
CHR Extension: (Cloud Print with Drive) - C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gbackapcmmghpcfbfpbnbomhgecnphoj [2015-10-14]
CHR Extension: (Flash Playlist) - C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gbajclanpfajnmiiihhnllgfobjbhpem [2015-11-30]
CHR Extension: (Chrome Remote Desktop) - C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-11-04]
CHR Extension: (Web Store) - C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-01]
CHR Extension: (Google Calendar (by Google)) - C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2015-10-14]
CHR Extension: (Auto Refresh) - C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ifooldnmmcmlbdennkpdnlnbgbmfalko [2015-10-14]
CHR Extension: (White Noise & Background Music) - C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jikjopkkmhnfbehghohhoejacideidmf [2015-10-30]
CHR Extension: (Chromebook Recovery Utility) - C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jndclpdbaamdhonoechobihbbiimdgai [2015-10-15]
CHR Extension: (Google Hangouts) - C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\knipolnnllmklapflnccelgolnpehhpl [2015-11-30]
CHR Extension: (IP Address and Domain Information) - C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lhgkegeccnckoiliokondpaaalbhafoa [2015-10-14]
CHR Extension: (Web Store) - C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-12-01]
CHR Extension: (Switchboard Connectivity Diagnostics) - C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mdkggkiojfaagmgdckmklejphlgkooea [2015-10-14]
CHR Extension: (File System for Windows) - C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mfhnnfciefdpolbelmfkpmhhmlkehbdf [2015-11-25]
CHR Extension: (Project Naptha) - C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\molncoemjfmpgdkbdlbjmhlcgniigdnf [2015-10-28]
CHR Extension: (Read Mode) - C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nagcaahojecfeopbghgihcabgiepploa [2015-11-10]
CHR Extension: (https://classroom.google.com/u/0/h) - C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ndifebeddhacfbfdgbfgpfihhmihpdkm [2015-10-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-01]
CHR Extension: (SpeakIt!) - C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pgeolalilifpodheeocdmbhehgnkkbak [2015-11-23]
CHR Extension: (Gmail) - C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-01]
CHR Extension: (Secure Shell) - C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pnhechapfaindjhompbnflcldabbghjo [2015-10-14]
CHR HKU\S-1-5-21-61148750-1955273331-1737835142-15962\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\dwolfe\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-12-01]
CHR HKU\S-1-5-21-61148750-1955273331-1737835142-15962\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe [69448 2015-10-14] (Google Inc.)
S3 GSService; C:\Windows\SysWOW64\GSService.exe [444640 2014-07-28] ()
R2 IBM Notes Diagnostics; C:\Program Files (x86)\IBM\Notes\nsd.exe [5164136 2013-10-15] (IBM)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-06-16] (Hewlett-Packard Company) [File not signed]
R2 LNSUSvc; C:\Program Files (x86)\IBM\Notes\SUService.exe [1654376 2013-10-15] (IBM Corp)
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-13] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MSSQL$VEEAMSQL2012; C:\Program Files\Microsoft SQL Server\MSSQL11.VEEAMSQL2012\MSSQL\Binn\sqlservr.exe [191976 2012-10-19] (Microsoft Corporation)
R2 Multi-user Cleanup Service; C:\Program Files (x86)\IBM\Notes\ntmulti.exe [38504 2013-10-15] (IBM Corp)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe [144496 2014-12-19] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\snac64.exe [394592 2014-12-19] (Symantec Corporation)
S4 SQLAgent$VEEAMSQL2012; C:\Program Files\Microsoft SQL Server\MSSQL11.VEEAMSQL2012\MSSQL\Binn\SQLAGENT.EXE [612848 2012-10-19] (Microsoft Corporation)
R2 UAService; C:\Program Files\Lightspeed Systems\User Agent\UAService.exe [718336 2013-06-28] (Lightspeed Systems) [File not signed]
R2 Veeam Backup and Replication Service; C:\Program Files\Veeam\Backup and Replication\Backup\Veeam.Backup.Service.exe [21504 2014-11-05] (Veeam Software AG) [File not signed]
R2 Veeam Backup Catalog Data Service; C:\Program Files\Veeam\Backup and Replication\Backup Catalog\Veeam.Backup.CatalogDataService.exe [53760 2014-11-05] (Veeam Software AG) [File not signed]
R2 VeeamCloudSvc; C:\Program Files\Veeam\Backup and Replication\Backup\Veeam.Backup.CloudService.exe [123904 2014-11-05] (Veeam Software AG) [File not signed]
R2 VeeamDeploymentService; C:\Program Files\Veeam\Backup and Replication\Backup\VeeamDeploymentSvc.exe [696320 2014-11-05] (Veeam Software AG) [File not signed]
R2 VeeamNFSSvc; C:\Program Files (x86)\Veeam\vPowerNFS\VeeamNFSSvc.exe [1105920 2014-11-05] (Veeam Software AG) [File not signed]
R2 VeeamTransportSvc; C:\Program Files (x86)\Veeam\Backup Transport\VeeamTransportSvc.exe [868352 2014-11-05] (Veeam Software AG) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\BASHDefs\20151113.011\BHDrvx64.sys [1665608 2015-10-25] (Symantec Corporation)
R1 ccSettings_{5A2B9522-769B-49C3-9B8E-C708A1FEF279}; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\ccSetx64.sys [162392 2014-12-19] (Symantec Corporation)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [494864 2013-09-22] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-17] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-17] (Symantec Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-10-28] (Intel Corporation)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\IPSDefs\20151130.011\IDSvia64.sys [671448 2015-07-31] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-01] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\VirusDefs\20151130.034\ENG64.SYS [138488 2015-10-27] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\VirusDefs\20151130.034\EX64.SYS [2148080 2015-10-27] (Symantec Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S4 RsFx0201; C:\Windows\System32\DRIVERS\RsFx0201.sys [336880 2012-10-19] (Microsoft Corporation)
S3 se64a; C:\Windows\System32\drivers\se64a.sys [14032 2007-05-03] (EnTech Taiwan)
S3 se64a; C:\Windows\SysWOW64\drivers\se64a.sys [14032 2007-05-03] (EnTech Taiwan)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\SRTSP64.SYS [880856 2014-12-19] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\SRTSPX64.SYS [37592 2014-12-19] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\SyDvCtrl64.sys [36952 2014-12-19] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\symefasi\0500010.01F\symefasi.sys [1611992 2015-02-13] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2015-02-13] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\Ironx64.SYS [266968 2014-12-19] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\SYMNETS.SYS [593112 2014-12-19] (Symantec Corporation)
R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [159552 2015-02-13] (Symantec Corporation)
R2 VeeamFSR; C:\Program Files (x86)\Veeam\Backup Transport\VeeamFSR.sys [114120 2014-11-05] (Veeam Software AG)
S3 VirtualDK; C:\Program Files\Veeam\Backup and Replication\Backup\vdk.sys [33224 2014-11-05] (Ken Kato)
S3 VNUSB; C:\Windows\System32\Drivers\VNUSB.sys [22528 2009-09-29] (OLYMPUS IMAGING CORP.)
S3 VNUSB; C:\Windows\SysWOW64\Drivers\VNUSB.sys [38496 2006-04-07] (OLYMPUS IMAGING CORP.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-01 09:42 - 2015-12-01 09:42 - 00000000 ____D C:\FRST
2015-12-01 09:39 - 2015-12-01 09:25 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-12-01 09:31 - 2015-12-01 09:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-01 09:25 - 2015-12-01 09:37 - 00000000 ____D C:\zoek_backup
2015-12-01 09:14 - 2015-12-01 09:14 - 00003182 _____ C:\Users\dwolfe\Desktop\ZHPCleaner.txt
2015-12-01 09:08 - 2015-12-01 09:14 - 00000000 ____D C:\Users\dwolfe\AppData\Roaming\ZHP
2015-12-01 09:08 - 2015-12-01 09:08 - 00000799 _____ C:\Users\dwolfe\Desktop\ZHPCleaner.lnk
2015-12-01 08:54 - 2015-12-01 08:54 - 00000782 _____ C:\Users\dwolfe\Desktop\JRT.txt
2015-12-01 08:34 - 2015-12-01 09:42 - 00000000 ____D C:\Users\dwolfe\Desktop\Bleeping
2015-12-01 08:30 - 2015-12-01 08:31 - 01736704 _____ C:\Users\dwolfe\Desktop\adwcleaner_5.023.exe
2015-12-01 07:47 - 2015-12-01 09:40 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-01 07:47 - 2015-12-01 07:47 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-01 07:47 - 2015-12-01 07:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-01 07:47 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-01 07:47 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-12-01 07:47 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-12-01 07:46 - 2015-12-01 07:46 - 00003402 _____ C:\Users\dwolfe\Desktop\Rkill.txt
2015-12-01 07:46 - 2015-12-01 07:46 - 00000000 ____D C:\Users\dwolfe\Desktop\rkill
2015-11-25 13:06 - 2015-09-01 22:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-11-25 13:06 - 2015-09-01 22:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-11-25 13:06 - 2015-09-01 22:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-11-25 13:06 - 2015-09-01 22:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-11-25 13:06 - 2015-09-01 21:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-11-25 13:06 - 2015-09-01 21:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-11-25 13:06 - 2015-09-01 21:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-11-25 13:06 - 2015-09-01 21:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-11-25 13:06 - 2015-09-01 20:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-11-25 13:06 - 2015-09-01 20:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-11-25 08:16 - 2015-11-25 08:16 - 01503744 _____ C:\Users\dwolfe\Desktop\December 2015.pub
2015-11-20 13:07 - 2015-11-20 13:07 - 00027495 _____ C:\Users\dwolfe\Desktop\blacklistHistory.csv
2015-11-20 11:45 - 2015-11-20 11:45 - 00000000 ____D C:\temp
2015-11-20 11:43 - 2015-11-20 11:50 - 00000000 ____D C:\Users\dwolfe\AppData\Roaming\Pelco
2015-11-20 11:43 - 2015-11-20 11:43 - 00002117 _____ C:\Users\Public\Desktop\DS ControlPoint.lnk
2015-11-20 11:43 - 2015-11-20 11:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pelco
2015-11-20 11:43 - 2015-11-20 11:43 - 00000000 ____D C:\Program Files (x86)\Pelco
2015-11-20 09:44 - 2015-11-20 09:44 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-11-20 09:44 - 2015-11-20 09:44 - 00000000 ____D C:\Windows\system32\appraiser
2015-11-20 08:21 - 2015-04-17 22:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-11-20 08:21 - 2015-04-17 21:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-11-20 08:20 - 2015-08-05 12:56 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-20 08:20 - 2015-08-05 12:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-20 08:19 - 2015-08-05 13:02 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-20 08:19 - 2015-08-05 13:02 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-20 08:19 - 2015-08-05 12:56 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-20 08:19 - 2015-08-05 12:56 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-20 08:19 - 2015-08-05 12:56 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-20 08:19 - 2015-08-05 12:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-20 08:19 - 2015-08-05 12:56 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-20 08:19 - 2015-08-05 12:56 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-20 08:19 - 2015-08-05 12:56 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-20 08:19 - 2015-08-05 12:56 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-20 08:19 - 2015-08-05 12:56 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-20 08:19 - 2015-08-05 12:56 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-20 08:19 - 2015-08-05 12:56 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-20 08:19 - 2015-08-05 12:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2015-11-20 08:19 - 2015-08-05 12:56 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-20 08:19 - 2015-08-05 12:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-20 08:19 - 2015-08-05 12:55 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-20 08:19 - 2015-08-05 12:50 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-20 08:19 - 2015-08-05 12:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-20 08:19 - 2015-08-05 12:46 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-20 08:19 - 2015-08-05 12:41 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-20 08:19 - 2015-08-05 12:41 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-20 08:19 - 2015-08-05 12:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-20 08:19 - 2015-08-05 12:41 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-20 08:19 - 2015-08-05 12:40 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-20 08:19 - 2015-08-05 12:40 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-20 08:19 - 2015-08-05 12:40 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-20 08:19 - 2015-08-05 12:40 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-20 08:19 - 2015-08-05 12:40 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-20 08:19 - 2015-08-05 12:39 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-20 08:19 - 2015-08-05 12:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-20 08:19 - 2015-08-05 12:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-20 08:19 - 2015-08-05 12:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-20 08:19 - 2015-08-05 12:30 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-20 08:19 - 2015-08-05 12:06 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-11-20 08:19 - 2015-08-05 11:38 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-20 08:19 - 2015-08-05 11:37 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-20 08:19 - 2015-08-05 11:37 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-20 08:19 - 2015-07-09 12:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-11-20 08:19 - 2015-07-09 12:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-11-20 08:19 - 2015-07-09 12:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-11-20 08:19 - 2015-07-09 12:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-11-20 08:18 - 2015-10-08 18:22 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2015-11-20 08:18 - 2015-10-08 18:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2015-11-20 08:18 - 2015-10-08 18:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2015-11-20 08:18 - 2015-10-08 18:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2015-11-20 08:18 - 2015-10-08 18:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2015-11-20 08:18 - 2015-10-08 18:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2015-11-20 08:18 - 2015-10-08 18:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2015-11-20 08:18 - 2015-10-08 18:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2015-11-20 08:18 - 2015-10-08 14:13 - 00419928 _____ C:\Windows\SysWOW64\locale.nls
2015-11-20 08:18 - 2015-10-08 13:52 - 00419928 _____ C:\Windows\system32\locale.nls
2015-11-20 08:18 - 2015-09-18 14:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-11-20 08:18 - 2015-09-18 14:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-11-20 08:18 - 2015-09-18 14:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-11-20 08:18 - 2015-09-18 14:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-11-20 08:18 - 2015-09-18 14:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-11-20 08:18 - 2015-09-18 14:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-11-20 08:18 - 2015-09-18 14:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-11-20 08:18 - 2015-07-18 08:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-11-20 08:18 - 2015-07-18 08:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-11-20 08:18 - 2015-07-18 08:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-11-20 08:18 - 2015-07-18 08:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-11-20 08:18 - 2015-07-18 08:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-11-20 08:18 - 2015-07-18 08:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-11-20 08:18 - 2015-07-18 08:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-11-20 08:18 - 2015-07-18 08:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-11-20 08:18 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-11-20 08:18 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-11-20 08:18 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-11-20 08:18 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-11-20 08:18 - 2015-07-18 08:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-11-20 08:18 - 2015-07-18 08:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-11-20 08:18 - 2015-07-18 08:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-11-20 08:18 - 2015-07-18 08:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-11-20 08:18 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-11-20 08:18 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-11-20 08:18 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-11-20 08:18 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-11-20 08:18 - 2015-07-18 08:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-11-20 08:18 - 2015-07-18 08:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-11-20 08:18 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-11-20 08:18 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-11-20 08:18 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-11-20 08:18 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-11-20 08:18 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-11-20 08:18 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-11-20 08:18 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-11-20 08:18 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-11-20 08:18 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-11-20 08:18 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-11-20 08:18 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-11-20 08:18 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-11-20 08:18 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-11-20 08:18 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-11-20 08:18 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-11-20 08:18 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-11-20 08:18 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-11-20 08:18 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-11-20 08:18 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-11-20 08:18 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-11-20 08:18 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-11-20 08:18 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-11-20 08:18 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-11-20 08:18 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-11-20 08:18 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-11-20 08:18 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-11-20 08:18 - 2015-06-03 15:16 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-11-20 08:18 - 2015-06-03 15:16 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-11-20 08:17 - 2015-10-29 12:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-11-20 08:17 - 2015-10-29 12:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-11-20 08:17 - 2015-10-29 12:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-11-20 08:17 - 2015-10-29 12:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-11-20 08:17 - 2015-10-29 12:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-11-20 08:17 - 2015-10-29 12:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-11-20 08:17 - 2015-10-29 12:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-11-20 08:16 - 2015-07-22 19:06 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-20 08:16 - 2015-07-22 19:03 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-20 08:16 - 2015-07-22 19:03 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-11-20 08:16 - 2015-07-22 19:03 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-11-20 08:16 - 2015-07-22 19:03 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-11-20 08:16 - 2015-07-22 19:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-11-20 08:16 - 2015-07-22 19:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-11-20 08:16 - 2015-07-22 19:02 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-11-20 08:16 - 2015-07-22 19:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-11-20 08:16 - 2015-07-22 19:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-11-20 08:16 - 2015-07-22 19:02 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-20 08:16 - 2015-07-22 19:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-11-20 08:16 - 2015-07-22 19:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-20 08:16 - 2015-07-22 19:02 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-20 08:16 - 2015-07-22 19:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-20 08:16 - 2015-07-22 19:02 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-20 08:16 - 2015-07-22 19:02 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-11-20 08:16 - 2015-07-22 19:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-11-20 08:16 - 2015-07-22 18:52 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-20 08:16 - 2015-07-22 18:52 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 18:52 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 18:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 18:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 12:57 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-20 08:16 - 2015-07-22 12:57 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-20 08:16 - 2015-07-22 12:54 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-20 08:16 - 2015-07-22 12:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-11-20 08:16 - 2015-07-22 12:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-11-20 08:16 - 2015-07-22 12:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-20 08:16 - 2015-07-22 12:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-20 08:16 - 2015-07-22 12:52 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-20 08:16 - 2015-07-22 12:52 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-20 08:16 - 2015-07-22 12:52 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-20 08:16 - 2015-07-22 12:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-20 08:16 - 2015-07-22 12:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-20 08:16 - 2015-07-22 12:42 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 12:42 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 11:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-11-20 08:16 - 2015-07-22 11:34 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-20 08:16 - 2015-07-22 11:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-20 08:16 - 2015-07-22 11:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 11:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 11:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-20 08:16 - 2015-07-22 11:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-20 08:15 - 2015-08-27 13:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-11-20 08:15 - 2015-08-27 13:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-11-20 08:15 - 2015-08-27 13:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-11-20 08:15 - 2015-08-27 13:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-11-20 08:15 - 2015-08-27 12:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-11-20 08:15 - 2015-08-27 12:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-11-20 08:15 - 2015-08-27 12:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-11-20 08:15 - 2015-08-27 12:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-11-20 08:15 - 2015-06-25 05:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-11-20 08:15 - 2015-06-25 05:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-11-20 08:15 - 2015-06-25 05:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-11-20 08:15 - 2015-06-25 04:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-11-20 08:11 - 2015-11-20 08:12 - 00000000 ____D C:\Users\dwolfe\Documents\2GB flash copy
2015-11-16 14:58 - 2015-11-16 14:58 - 00249646 _____ C:\Users\dwolfe\Downloads\Windows PowerShell Desired State Configuration Quick Reference for Windows Management Framework 4.0.pdf
2015-11-16 13:55 - 2015-11-16 13:54 - 00070289 _____ C:\Users\dwolfe\Downloads\wolf_in_the_city.zip
2015-11-15 07:03 - 2015-10-20 13:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-15 07:03 - 2015-10-20 13:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-15 07:03 - 2015-10-20 13:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-15 07:03 - 2015-10-20 13:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-15 07:03 - 2015-10-20 13:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-15 07:03 - 2015-10-20 13:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-15 07:03 - 2015-10-20 13:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-15 07:03 - 2015-10-20 13:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-15 07:03 - 2015-10-20 13:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-15 07:03 - 2015-10-20 13:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-15 07:03 - 2015-10-20 13:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-15 07:03 - 2015-10-20 12:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-15 07:03 - 2015-10-20 12:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-15 07:03 - 2015-10-20 12:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-15 07:03 - 2015-10-20 12:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-11-15 07:03 - 2015-10-20 12:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-15 07:02 - 2015-08-10 20:20 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-15 07:02 - 2015-08-10 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-15 07:02 - 2015-08-10 19:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-11-15 07:02 - 2015-08-10 19:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-15 07:02 - 2015-06-09 13:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-11-15 07:02 - 2015-06-09 13:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-11-15 07:00 - 2015-11-03 12:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-13 11:31 - 2015-11-13 11:31 - 00314266 _____ C:\Users\dwolfe\tonyresult2.htm
2015-11-13 11:28 - 2015-11-13 11:28 - 00314266 _____ C:\Users\dwolfe\tonyresult.htm
2015-11-06 13:07 - 2015-11-06 13:07 - 00001414 _____ C:\Users\Public\Desktop\Network WYNN Reader 5.10.lnk
2015-11-06 13:07 - 2015-11-06 13:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WYNN
2015-11-06 13:07 - 2010-01-21 10:43 - 00000309 ____N C:\Windows\FREngine.ini
2015-11-06 13:07 - 2010-01-21 10:24 - 00003681 ____N C:\Windows\nsttsSAPI4.ini
2015-11-06 13:07 - 2010-01-21 10:24 - 00003654 ____N C:\Windows\nsttsSAPI5.ini
2015-11-06 13:07 - 2010-01-21 10:24 - 00002290 ____N C:\Windows\nsttsNoSpeech.ini
2015-11-06 13:07 - 2010-01-21 10:24 - 00000106 ____N C:\Windows\wynnlang.ini
2015-11-06 13:07 - 2008-04-22 09:23 - 00000604 ____N C:\Windows\FileFinder.ini
2015-11-04 14:12 - 2015-11-04 14:12 - 00001790 _____ C:\Users\dwolfe\Desktop\KDECOUDRES - Shortcut.lnk
2015-11-04 07:57 - 2015-11-04 12:59 - 00000000 ____D C:\Users\dwolfe\AppData\Roaming\Audacity
2015-11-03 14:44 - 2015-11-03 14:44 - 00000301 _____ C:\Users\dwolfe\Desktop\High Rely Pricing.txt
2015-11-03 14:23 - 2015-11-03 14:23 - 00000000 ____D C:\Users\dwolfe\AppData\Roaming\ATI
2015-11-03 14:23 - 2015-11-03 14:23 - 00000000 ____D C:\Users\dwolfe\AppData\Local\ATI
2015-11-03 14:23 - 2015-11-03 14:23 - 00000000 ____D C:\ProgramData\ATI
2015-11-03 14:22 - 2015-11-03 14:22 - 00000000 ____D C:\Users\dwolfe\AppData\Local\Intel_Corporation
2015-11-03 14:22 - 2015-11-03 14:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-11-03 14:22 - 2015-11-03 14:22 - 00000000 ____D C:\Program Files (x86)\AMD
2015-11-03 14:20 - 2015-11-03 14:22 - 00000000 ____D C:\Program Files\AMD
2015-11-03 14:18 - 2015-11-03 14:18 - 00000000 ____D C:\AMD

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-01 09:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\inetsrv
2015-12-01 09:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2015-12-01 09:41 - 2015-09-03 13:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-01 09:41 - 2015-07-31 12:25 - 00000000 ___RD C:\Users\dwolfe\Google Drive
2015-12-01 09:40 - 2015-07-31 12:21 - 00000131 _____ C:\Users\dwolfe\Desktop\SSCSD Lotus Notes.url
2015-12-01 09:40 - 2015-02-13 11:54 - 00000120 _____ C:\Windows\system32\config\netlogon.ftl
2015-12-01 09:40 - 2015-02-13 10:43 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-01 09:40 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-01 09:39 - 2015-10-14 13:42 - 00000000 ____D C:\Users\dwolfe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2015-12-01 09:36 - 2015-02-13 10:43 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-01 09:35 - 2009-07-13 22:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-12-01 09:33 - 2015-09-15 12:14 - 00000000 ____D C:\Users\dwolfe\AppData\Roaming\DameWare Development
2015-12-01 09:06 - 2015-09-28 06:48 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-01 08:56 - 2009-07-13 23:45 - 00019344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-01 08:56 - 2009-07-13 23:45 - 00019344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-01 08:52 - 2009-07-14 00:13 - 00915030 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-01 08:52 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2015-11-30 16:36 - 2015-08-19 06:41 - 00000000 ____D C:\Users\dwolfe\AppData\Roaming\VMware
2015-11-27 14:37 - 2015-10-17 08:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-11-27 14:37 - 2015-07-31 12:25 - 00002048 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-11-27 14:37 - 2015-07-31 12:25 - 00002046 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-11-27 14:37 - 2015-07-31 12:25 - 00002036 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-11-25 14:32 - 2015-09-03 06:52 - 00000000 ____D C:\Users\dwolfe\AppData\Roaming\vlc
2015-11-25 13:29 - 2009-07-13 23:45 - 00508584 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-21 04:30 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2015-11-20 15:41 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-11-20 12:13 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2015-11-20 08:25 - 2015-02-12 15:37 - 00000000 ____D C:\Windows\system32\MRT
2015-11-20 08:21 - 2015-02-13 11:17 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-11-20 08:21 - 2015-02-13 11:15 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-17 14:10 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-11-16 14:06 - 2015-07-31 12:54 - 00135536 _____ C:\Users\dwolfe\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-15 07:02 - 2015-02-12 16:23 - 00906816 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-13 11:31 - 2015-07-31 12:21 - 00000000 ____D C:\Users\dwolfe
2015-11-11 17:37 - 2015-02-13 10:44 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-11 05:06 - 2015-09-28 06:48 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-11 05:06 - 2015-02-13 11:31 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-11 05:06 - 2015-02-13 11:31 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-10 08:26 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2015-11-09 07:34 - 2015-07-31 12:21 - 00003564 __RSH C:\Users\dwolfe\ntuser.pol
2015-11-06 13:07 - 2015-10-27 07:03 - 00000000 ____D C:\WYNNR5c
2015-11-06 13:07 - 2015-10-27 07:03 - 00000000 ____D C:\Program Files (x86)\Freedom Scientific
2015-11-06 13:06 - 2015-09-28 12:12 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-02 18:36 - 2015-02-13 10:43 - 00000000 ____D C:\Program Files (x86)\Google
2015-11-02 07:50 - 2015-07-31 13:55 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task

==================== Files in the root of some directories =======

2015-10-06 08:42 - 2015-10-19 10:24 - 0000600 _____ () C:\Users\dwolfe\AppData\Local\PUTTY.RND

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-30 00:01

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-11-2015
Ran by dwolfe (2015-12-01 09:43:02)
Running from C:\Users\dwolfe\Desktop\Bleeping
Windows 7 Professional Service Pack 1 (X64) (2015-07-31 17:14:35)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4140859853-3263414102-1790177351-500 - Administrator - Disabled)
adminlocal (S-1-5-21-4140859853-3263414102-1790177351-1000 - Administrator - Enabled) => C:\Users\adminlocal
Guest (S-1-5-21-4140859853-3263414102-1790177351-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Symantec Endpoint Protection (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Disabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1Step DVD Copy 4.5.4 (HKLM-x32\...\{1CB4ADE4-4B75-481A-BF77-EE69279DF30E}_is1) (Version: 4.5.4 - cyan soft ltd)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ADManager Plus Free Tools (HKLM-x32\...\{13405F8E-4962-435B-B10D-21BB8261B4B4}) (Version: 4.0 - Adventnet)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Avigilon Control Center Client (HKLM-x32\...\Avigilon Control Center Client) (Version: 5.2.2.24 - Avigilon)
Avigilon Control Center Client (Version: 5.2.2.24 - Avigilon) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
Chrome Remote Desktop Host (HKLM-x32\...\{CDF9E1C8-4B97-4F8B-A848-7DD0E8BEB89F}) (Version: 47.0.2526.18 - Google Inc.)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DameWare Remote Support (HKLM-x32\...\{c015ed07-37fa-42f1-81c0-e35532764ba6}) (Version: 11.2.91.0 - SolarWinds)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DS ControlPoint (HKLM-x32\...\{bc14b0a2-9d96-4a92-a73a-acee5ce9eb40}) (Version: 7.2.30 - Pelco)
ETI-Eloquence 6.1 Runtime: Brazilian Portuguese 6.1 (HKLM-x32\...\{74025B13-A3F8-41E9-A646-D8FBB6BAC2C8}) (Version:  - )
ETI-Eloquence 6.1 Runtime: Canadian French 6.1 (HKLM-x32\...\{DAFE04F2-418D-41FE-BFAE-640D5D34A604}) (Version:  - )
ETI-Eloquence 6.1 Runtime: Castilian Spanish 6.1 (HKLM-x32\...\{2648BD4B-85E3-43C0-9099-0E9575E81DE5}) (Version:  - )
ETI-Eloquence 6.1 Runtime: Common 6.1 (HKLM-x32\...\{7D426705-45F2-4946-94DF-62BE9B79398E}) (Version:  - )
ETI-Eloquence 6.1 Runtime: Mexican Spanish 6.1 (HKLM-x32\...\{7761CE09-CAFA-4EDB-946C-95E5F6C796CF}) (Version:  - )
ETI-Eloquence 6.1 Runtime: Standard Finnish 6.1 (HKLM-x32\...\{EB85AD62-8782-464A-8E90-3CAAC72275B0}) (Version:  - )
ETI-Eloquence 6.1 Runtime: Standard French 6.1 (HKLM-x32\...\{425392AE-182B-4DB1-A6FE-83C88C52754B}) (Version:  - )
ETI-Eloquence 6.1 Runtime: Standard German 6.1 (HKLM-x32\...\{AA29FDA0-28B6-45EB-B990-7AB34A39C0CC}) (Version:  - )
ETI-Eloquence 6.1 Runtime: Standard Italian 6.1 (HKLM-x32\...\{D2712860-DD67-4F04-9515-CD0C6525E5D2}) (Version:  - )
ETI-Eloquence 6.1 Runtime: UK English 6.1 (HKLM-x32\...\{91E5C3E7-4258-414D-A5D8-F4EF5D27C074}) (Version:  - )
ETI-Eloquence 6.1 Runtime: US English 6.1 (HKLM-x32\...\{0D488C67-F51C-4AC0-98D3-7B707D13C650}) (Version:  - )
Freedom Scientific Document Server (x32 Version: 10.13.452.0 - Freedom Scientific) Hidden
Freedom Scientific Elevation (x32 Version: 10.18.3120.0 - Freedom Scientific) Hidden
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\{F63650CA-7DDA-348C-8787-B0E5494463A8}) (Version: 66.41.32879 - Google, Inc.)
Google Drive (HKLM-x32\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
IBM Notes 9.0.1 (Basic) (HKLM-x32\...\{57A81E60-FAA7-463E-B9FB-C596488CBCA8}) (Version: 9.01.13287 - IBM)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 18.0 - Intel)
ISO to USB (HKLM-x32\...\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1) (Version:  - isotousb.com)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
K-Lite Codec Pack 10.9.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.9.5 - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LightScribe System Software (HKLM-x32\...\{07E49BC1-24FF-4D7A-AC74-727BE95801AF}) (Version: 1.18.16.1 - LightScribe)
Lightspeed Systems User Agent (x64) v2.01.08 (HKLM\...\{9B695038-EBC6-4833-9E7A-0925850A772C}) (Version: 2.01.08 - Lightspeed Systems)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{AB4AE7E5-E63E-458E-A9D9-B271EA2ED69B}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version:  - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.1.3000.0 - Microsoft Corporation)
Monitor Asset Manager (HKLM-x32\...\Monitor Asset Manager) (Version:  - )
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
NetApp Plug-in (Version: 8.0.0.817 - Veeam Software AG) Hidden
Network WYNN Reader 5.10 (HKLM-x32\...\{4D04800F-B9AD-4FD7-A323-6E1A0B0BA455}) (Version: 5.10 - Freedom Scientific, Inc.)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.6 - Notepad++ Team)
Olympus Digital Wave Player (HKLM-x32\...\{FB91E774-867B-4567-ACE7-8144EF036068}) (Version:  - )
Online Plug-in (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Photo Story 3 for Windows (HKLM-x32\...\{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}) (Version: 3.0.1115.11 - Microsoft Corporation)
Port Forward Network Utilities 2.0.16 (HKLM-x32\...\Port Forward Network Utilities) (Version: 2.0.16 - Portforward.com)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
RealSpeak Solo 4.0 SAPI5 for WYNN (HKLM-x32\...\{86009EDE-88EA-48BC-B2A3-7BE9A77DA61A}) (Version: 1.0.002.0 - Freedom Scientific)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7161 - Realtek Semiconductor Corp.)
Roxio Creator Business (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3.56.24 - Roxio)
SAPI 5 Components (HKLM-x32\...\{86116583-8714-4FA4-96F2-29E9BDD071D0}) (Version: 5.1.4324.0 - Freedom Scientific)
Self-service Plug-in (x32 Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden
Service Pack 1 for SQL Server 2012 (KB2674319) (64-bit) (HKLM\...\KB2674319) (Version: 11.1.3000.0 - Microsoft Corporation)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
SQL Server 2012 Common Files (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.1.3000.0 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Symantec Endpoint Protection (HKLM\...\{A5DCF955-5D4A-471D-8CB3-DCFDF5C5DEE7}) (Version: 12.1.5337.5000 - Symantec Corporation)
Veeam Backup & Replication (HKLM-x32\...\Veeam Backup & Replication) (Version: 8.0.0.817 - Veeam Software AG)
Veeam Backup & Replication (Version: 8.0.0.817 - Veeam Software AG) Hidden
Veeam Backup Catalog (Version: 8.0.0.817 - Veeam Software AG) Hidden
Veeam Explorer for Microsoft Active Directory (Version: 8.0.0.952 - Veeam Software AG) Hidden
Veeam Explorer for Microsoft Exchange (Version: 8.0.0.951 - Veeam Software AG) Hidden
Veeam Explorer for Microsoft SharePoint (Version: 8.0.0.950 - Veeam Software AG) Hidden
Veeam Explorer for Microsoft SQL Server (Version: 8.0.0.953 - Veeam Software AG) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VMware Client Integration Plug-in 5.5.0 (HKLM-x32\...\{BCD9F875-7A7A-4214-8E21-BA5DDA80397E}) (Version: 5.5.0.1587251 - VMware, Inc.)
VMware vSphere Client 5.5 (HKLM-x32\...\{4CFB0494-2E96-4631-8364-538E2AA91324}) (Version: 5.5.0.3838 - VMware, Inc.)
WinCap South Seneca (HKU\S-1-5-21-61148750-1955273331-1737835142-15962\...\ocmapps-5ff0036d@@XA 65 Controller.WinCap South Seneca) (Version: 1.0 - Delivered by Citrix)
Windows Driver Package - OLYMPUS IMAGING CORP. (VNUSB) VNUSB  (09/29/2009 2.0.0.0) (HKLM\...\75BD84FDFF77342C2A347F729669CBD84CE11B04) (Version: 09/29/2009 2.0.0.0 - OLYMPUS IMAGING CORP.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 1.12.8 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.8 - The Wireshark developer community, hxxp://www.wireshark.org)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

01-12-2015 08:52:54 JRT Pre-Junkware Removal
01-12-2015 09:25:22 zoek.exe restore point

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C123C12-F34A-44E5-A06C-7D5EB8027A40} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {38A79201-1870-4EE5-9EA1-07C2F51563DF} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {467C5483-1AB1-4E79-BB59-BA685EADB2C4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {53D01106-029E-4501-BF22-BA4CD741B9FE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {8F95A47C-AB37-459F-A9D6-5E14896FD554} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {C2AF4150-3C42-4643-872C-14EAD2724A0F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {D6291C26-791D-410B-93B0-0F3C5BFF3D3C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {EDF04AC8-5DB4-4F2A-8EDF-D0B9960C0EE2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {FCC7FBAB-53BF-4EE7-A4E6-0FE99B78F5BA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-05-15 15:26 - 2015-05-15 15:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-21 20:07 - 2014-01-21 20:07 - 08878248 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-05-15 08:55 - 2013-09-05 15:44 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-11-05 06:31 - 2014-11-05 06:31 - 02515968 _____ () C:\Program Files\Veeam\Backup and Replication\Backup\VimService.dll
2014-11-05 06:31 - 2014-11-05 06:31 - 00050688 _____ () C:\Program Files\Veeam\Backup and Replication\Backup\boost_thread-vc80-mt-1_35.dll
2014-11-05 06:31 - 2014-11-05 06:31 - 08907776 _____ () C:\Program Files\Veeam\Backup and Replication\Backup\VimService.XmlSerializers.dll
2014-01-23 07:55 - 2014-01-23 07:55 - 08878248 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-12-01 09:40 - 2015-12-01 09:40 - 00098816 _____ () C:\Users\dwolfe\AppData\Local\Temp\_MEI59642\win32api.pyd
2015-12-01 09:40 - 2015-12-01 09:40 - 00110080 _____ () C:\Users\dwolfe\AppData\Local\Temp\_MEI59642\pywintypes27.dll
2015-12-01 09:40 - 2015-12-01 09:40 - 00364544 _____ () C:\Users\dwolfe\AppData\Local\Temp\_MEI59642\pythoncom27.dll
2015-12-01 09:40 - 2015-12-01 09:40 - 00046080 _____ () C:\Users\dwolfe\AppData\Local\Temp\_MEI59642\_socket.pyd
2015-12-01 09:40 - 2015-12-01 09:40 - 01208320 _____ () C:\Users\dwolfe\AppData\Local\Temp\_MEI59642\_ssl.pyd
2015-12-01 09:40 - 2015-12-01 09:40 - 00320512 _____ () C:\Users\dwolfe\AppData\Local\Temp\_MEI59642\win32com.shell.shell.pyd
2015-12-01 09:40 - 2015-12-01 09:40 - 00776704 _____ () C:\Users\dwolfe\AppData\Local\Temp\_MEI59642\_hashlib.pyd
2015-12-01 09:40 - 2015-12-01 09:40 - 01176576 _____ () C:\Users\dwolfe\AppData\Local\Temp\_MEI59642\wx._core_.pyd
2015-12-01 09:40 - 2015-12-01 09:40 - 00806400 _____ () C:\Users\dwolfe\AppData\Local\Temp\_MEI59642\wx._gdi_.pyd
2015-12-01 09:40 - 2015-12-01 09:40 - 00816128 _____ () C:\Users\dwolfe\AppData\Local\Temp\_MEI59642\wx._windows_.pyd
2015-12-01 09:40 - 2015-12-01 09:40 - 01067008 _____ () C:\Users\dwolfe\AppData\Local\Temp\_MEI59642\wx._controls_.pyd
2015-12-01 09:40 - 2015-12-01 09:40 - 00733184 _____ () C:\Users\dwolfe\AppData\Local\Temp\_MEI59642\wx._misc_.pyd
2015-12-01 09:40 - 2015-12-01 09:40 - 00682496 _____ () C:\Users\dwolfe\AppData\Local\Temp\_MEI59642\pysqlite2._sqlite.pyd
2015-12-01 09:40 - 2015-12-01 09:40 - 00088064 _____ () C:\Users\dwolfe\AppData\Local\Temp\_MEI59642\_ctypes.pyd
2015-12-01 09:40 - 2015-12-01 09:40 - 00119808 _____ () C:\Users\dwolfe\AppData\Local\Temp\_MEI59642\win32file.pyd
2015-12-01 09:40 - 2015-12-01 09:40 - 00108544 _____ () C:\Users\dwolfe\AppData\Local\Temp\_MEI59642\win32security.pyd
2015-12-01 09:40 - 2015-12-01 09:40 - 00007168 _____ () C:\Users\dwolfe\AppData\Local\Temp\_MEI59642\hashobjs_ext.pyd
2015-12-01 09:40 - 2015-12-01 09:40 - 00017920 _____ () C:\Users\dwolfe\AppData\Local\Temp\_MEI59642\thumbnails_ext.pyd
2015-12-01 09:40 - 2015-12-01 09:40 - 00079360 _____ () C:\Users\dwolfe\AppData\Local\Temp\_MEI59642\usb_ext.pyd
2015-12-01 09:40 - 2015-12-01 09:40 - 00167936 _____ () C:\Users\dwolfe\AppData\Local\Temp\_MEI59642\win32gui.pyd
2015-12-01 09:40 - 2015-12-01 09:40 - 00018432 _____ () C:\Users\dwolfe\AppData\Local\Temp\_MEI59642\win32event.pyd
2015-12-01 09:40 - 2015-12-01 09:40 - 00128512 _____ () C:\Users\dwolfe\AppData\Local\Temp\_MEI59642\_elementtree.pyd
2015-12-01 09:40 - 2015-12-01 09:40 - 00127488 _____ () C:\Users\dwolfe\AppData\Local\Temp\_MEI59642\pyexpat.pyd
2015-12-01 09:40 - 2015-12-01 09:40 - 00013824 _____ () C:\Users\dwolfe\AppData\Local\Temp\_MEI59642\common.time34.pyd
2015-12-01 09:40 - 2015-12-01 09:40 - 00036864 _____ () C:\Users\dwolfe\AppData\Local\Temp\_MEI59642\_psutil_windows.pyd
2015-12-01 09:40 - 2015-12-01 09:40 - 00038912 _____ () C:\Users\dwolfe\AppData\Local\Temp\_MEI59642\win32inet.pyd
2015-12-01 09:40 - 2015-12-01 09:40 - 00525640 _____ () C:\Users\dwolfe\AppData\Local\Temp\_MEI59642\windows._lib_cacheinvalidation.pyd
2015-12-01 09:40 - 2015-12-01 09:40 - 00011264 _____ () C:\Users\dwolfe\AppData\Local\Temp\_MEI59642\win32crypt.pyd
2015-12-01 09:40 - 2015-12-01 09:40 - 00077312 _____ () C:\Users\dwolfe\AppData\Local\Temp\_MEI59642\wx._html2.pyd
2015-12-01 09:40 - 2015-12-01 09:40 - 00027136 _____ () C:\Users\dwolfe\AppData\Local\Temp\_MEI59642\_multiprocessing.pyd
2015-12-01 09:40 - 2015-12-01 09:40 - 00020480 _____ () C:\Users\dwolfe\AppData\Local\Temp\_MEI59642\_yappi.pyd
2015-12-01 09:40 - 2015-12-01 09:40 - 00035840 _____ () C:\Users\dwolfe\AppData\Local\Temp\_MEI59642\win32process.pyd
2015-12-01 09:40 - 2015-12-01 09:40 - 00686080 _____ () C:\Users\dwolfe\AppData\Local\Temp\_MEI59642\unicodedata.pyd
2015-12-01 09:40 - 2015-12-01 09:40 - 00123392 _____ () C:\Users\dwolfe\AppData\Local\Temp\_MEI59642\wx._wizard.pyd
2015-12-01 09:40 - 2015-12-01 09:40 - 00024064 _____ () C:\Users\dwolfe\AppData\Local\Temp\_MEI59642\win32pipe.pyd
2015-12-01 09:40 - 2015-12-01 09:40 - 00010240 _____ () C:\Users\dwolfe\AppData\Local\Temp\_MEI59642\select.pyd
2015-12-01 09:40 - 2015-12-01 09:40 - 00025600 _____ () C:\Users\dwolfe\AppData\Local\Temp\_MEI59642\win32pdh.pyd
2015-12-01 09:40 - 2015-12-01 09:40 - 00017408 _____ () C:\Users\dwolfe\AppData\Local\Temp\_MEI59642\win32profile.pyd
2015-12-01 09:40 - 2015-12-01 09:40 - 00022528 _____ () C:\Users\dwolfe\AppData\Local\Temp\_MEI59642\win32ts.pyd
2015-12-01 09:40 - 2015-12-01 09:40 - 00078848 _____ () C:\Users\dwolfe\AppData\Local\Temp\_MEI59642\wx._animate.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSettings_{5A2B9522-769B-49C3-9B8E-C708A1FEF279}.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-61148750-1955273331-1737835142-15962\Control Panel\Desktop\\Wallpaper -> C:\Users\dwolfe\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.2 - 10.0.0.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [DfsMgmt-In-TCP] => (Allow) %systemroot%\system32\dfsfrsHost.exe
FirewallRules: [ScanManagement-RCWS-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe
FirewallRules: [ScanManagement-WSD-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe
FirewallRules: [{2E0A8806-6B7E-4BD3-AC0B-DFC015EADC97}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4535CFFC-AC4C-433E-A595-977A4CBAFCBC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F967BA8D-EEEE-42D9-9538-FE785B0586E2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A2920AD1-1B6A-4A28-A259-E26BBFF9738C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5676E65E-4F29-42C8-AE62-3921D8E5A9CA}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Faulty Device Manager Devices =============

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/01/2015 09:42:02 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Suspicious.Cloud.2 in File: C:\Users\dwolfe\Desktop\Bleeping\zoek.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.

Error: (12/01/2015 09:40:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/01/2015 09:25:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DaS_21.exe, version: 2.1.0.4, time stamp: 0x540c90b2
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18939, time stamp: 0x55b02e7b
Exception code: 0xe0434352
Fault offset: 0x000000000000b16d
Faulting process id: 0xa28
Faulting application start time: 0xDaS_21.exe0
Faulting application path: DaS_21.exe1
Faulting module path: DaS_21.exe2
Report Id: DaS_21.exe3

Error: (12/01/2015 09:25:27 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: DaS_21.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentOutOfRangeException
Stack:
   at System.String.Substring(Int32, Int32)
   at DriverAndServicesOut.GetProcess.GetPathName(System.String)
   at DriverAndServicesOut.GetProcess.GetAllServices(System.String)
   at DriverAndServicesOut.Program.Main(System.String[])

Error: (12/01/2015 09:24:08 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Suspicious.Cloud.2 in File: C:\Users\dwolfe\Desktop\Bleeping\zoek.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.

Error: (12/01/2015 09:20:15 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Suspicious.Cloud.2 in File: C:\Users\dwolfe\AppData\Local\Temp\hNOhXamm.exe.part by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.

Error: (12/01/2015 09:19:55 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Suspicious.Cloud.2 in File: C:\Users\dwolfe\AppData\Local\Temp\IPugOPwB.exe.part by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.

Error: (12/01/2015 09:19:39 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Suspicious.Cloud.2 in File: C:\Users\dwolfe\Desktop\Bleeping\zoek.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.

Error: (12/01/2015 09:19:20 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Suspicious.Cloud.2 in File: C:\Users\dwolfe\Desktop\Bleeping\zoek.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.

Error: (12/01/2015 09:18:53 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Suspicious.Cloud.2 in File: C:\Users\dwolfe\AppData\Local\Temp\YeodsoeT.exe.part by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.


System errors:
=============
Error: (12/01/2015 09:35:47 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (12/01/2015 09:35:46 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (12/01/2015 09:35:46 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (12/01/2015 09:35:46 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (12/01/2015 09:35:45 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (12/01/2015 08:47:41 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WMI Performance Adapter service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (12/01/2015 08:47:41 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/01/2015 08:47:41 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/01/2015 08:47:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Symantec Endpoint Protection service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (12/01/2015 08:47:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).


CodeIntegrity:
===================================
  Date: 2015-11-23 09:15:54.823
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-17 14:08:03.248
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-17 13:35:15.931
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-13 11:29:04.933
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-13 10:54:33.274
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-04 12:20:23.511
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-02 07:52:48.225
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-02 07:39:02.550
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-23 08:15:48.465
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-22 08:29:23.614
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4790 CPU @ 3.60GHz
Percentage of memory in use: 12%
Total physical RAM: 32674.34 MB
Available physical RAM: 28680.66 MB
Total Virtual: 65346.88 MB
Available Virtual: 60898.33 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:119.24 GB) (Free:12.3 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (D) (Fixed) (Total:465.76 GB) (Free:437.25 GB) NTFS
Drive g: (Transcend) (Removable) (Total:7.47 GB) (Free:4.44 GB) FAT32
Drive i: (Staff Storage) (Network) (Total:800 GB) (Free:308.19 GB) NTFS
Drive k: () (Network) (Total:79.9 GB) (Free:45.53 GB) NTFS
Drive r: () (Network) (Total:79.9 GB) (Free:45.53 GB) NTFS
Drive s: (storage) (Network) (Total:250 GB) (Free:54.23 GB) NTFS
Drive t: () (Network) (Total:79.9 GB) (Free:45.53 GB) NTFS
Drive u: (Staff Storage) (Network) (Total:800 GB) (Free:308.19 GB) NTFS
Drive v: (vmbackup) (Network) (Total:2746.13 GB) (Free:1829.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 74005304)
Partition 1: (Active) - (Size=119.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 71DE0812)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 7.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================



#8 Direwolfe

Direwolfe
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 01 December 2015 - 03:55 PM

Renaming the ..\AppData\local\Google\Chrome\Default didn't seem to be effective in all cases.

My current response (i've done it twenty times at least) also includes running the Chrome Cleanup Tool (which repoprts no program found, and then offers to Reset browser settings which I accept); disconnect teh Chrome profile;  rename the above mentioned Default folder; .ZIP twelve (12) files with names that begin "Safe Browsing ...";  delete those twelve files.  Install MalwareBytes with free trial scan which detects a series of outbound calls from Chrome if it is open

Detection, 12/1/2015 9:02 AM, SYSTEM, DWOLFE-CTS246, Protection, Malicious Website Protection, Domain, 8.34.112.227, nan.mashfsttest.com, 50288, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 12/1/2015 9:02 AM, SYSTEM, DWOLFE-CTS246, Protection, Malicious Website Protection, Domain, 8.34.112.227, usg.spiessummarising.com, 50289, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 12/1/2015 9:02 AM, SYSTEM, DWOLFE-CTS246, Protection, Malicious Website Protection, IP, 8.34.112.227, sls.indelibleappointing.com, 50290, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 12/1/2015 9:02 AM, SYSTEM, DWOLFE-CTS246, Protection, Malicious Website Protection, Domain, 8.34.112.227, nan.mashfsttest.com, 50291, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 12/1/2015 9:02 AM, SYSTEM, DWOLFE-CTS246, Protection, Malicious Website Protection, Domain, 8.34.112.227, usg.spiessummarising.com, 50292, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 12/1/2015 9:23 AM, SYSTEM, DWOLFE-CTS246, Protection, Malicious Website Protection, Domain, 8.34.112.226, nan.mashfsttest.com, 50861, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 12/1/2015 9:23 AM, SYSTEM, DWOLFE-CTS246, Protection, Malicious Website Protection, Domain, 8.34.112.226, usg.spiessummarising.com, 50862, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 12/1/2015 9:23 AM, SYSTEM, DWOLFE-CTS246, Protection, Malicious Website Protection, IP, 8.34.112.226, sls.indelibleappointing.com, 50863, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
 

These eventually stop and pop-ups have not yet returned on any machine I fixed that way.
I am very keen to figure out how they got infected in the first place.

It seems reasonable to conclude that this was done by means of some code injected in an approved extension in Chrome.  We have not made any changes to extensions, though several are installed by the Admin Console.



#9 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:12 AM

Posted 01 December 2015 - 04:55 PM

Hi Direwolfe,

Step 1:
 FRST Script:
 Please download this attached [http://wikisend.com/download/971802/Fixlist.txt]  and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Step 2:
 Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete or Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4:
Please download ZHPcleaner to your desktop.

  • Double click on ZHPCleaner to run the tool.
  • If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click ZHPCleaner and select "Run as Administrator".
  • Please klick Ashampoo_Snap_20140819_13h09m50s_001__zp
  • Then press ''Repair'' button.
  • Browsers will automatically shut down.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.

Step 5:

  • Temporarily disable your Antivirus protection - if you don't know how to do that, please consult the article below.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Please download ZOEK and save it to your desktop (preferred version is the *.exe one - upper left corner).

http://hijackthis.nl/smeenk/

  • Attached to this message you will find a file called zoekscript

txt.gif  zoekscript.txt   188bytes   19 downloads

  • Download it too and save to your desktop - _it needs to be in the same location as the ZOEK tool
  • Drag zoekscript file and drop it onto ZOEK icon - this should launch the program:
  • The scan may take a while and may need a reboot.
  • Upon completion a file zoek-results should appear.
  • Attach it for my review.

Edited by olgun52, 01 December 2015 - 04:59 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 Direwolfe

Direwolfe
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 02 December 2015 - 08:13 AM

Fix result of Farbar Recovery Scan Tool (x64) Version:30-11-2015
Ran by dwolfe (2015-12-02 08:11:59) Run:1
Running from C:\Users\dwolfe\Desktop\Bleeping
Loaded Profiles: dwolfe (Available Profiles: adminlocal & dwolfe)
Boot Mode: Normal
==============================================

fixlist content:
*****************
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

    <head>

        <meta http-equiv="content-Type" content="text/html; charset=utf-8" />
        <title>Wikisend: free file sharing service</title>
        <link href="http://wikisend.com/css/styles.css" type="text/css" rel="stylesheet" />
        <script src="http://wikisend.com/js/jquery-1.2.1.min.js" type="text/javascript"></script>
        <script src="http://wikisend.com/js/download.js" type="text/javascript"></script><script src="http://wikisend.com/js/common.js" type="text/javascript"></script></head>

<body>

<div id="pagebgr">
<div id="topbgr">
<div id="page">

<!-- Login -->
<div id="login">
<form action="/sign-in/" method="post" id="signInForm">

<div id="close"><input name="" type="image" id="close_login" src="http://wikisend.com/images/close_win.gif" /></div>

<div id="left">

<div class="formelement">
<div class="formtitle"><label for="username">Username:</label></div><input id="username" name="username" type="text" class="inputfield" />
</div>

<div class="formelement">
<div class="formtitle"><label for="password">Password:</label></div><input id="password" name="password" type="password" class="inputfield" />
</div>
</div>
<div id="right">

<input type="image" src="http://wikisend.com/images/button_login.gif" alt="Sign in" /><br />
<a id="forgot" href="/forgot-password/">Forgot your password?</a>
<input type="hidden" name="sent" value="1" />
</div>

</form>
</div>
<!-- End Login -->

<!-- ################# HEADER ################## -->
<div id="header">
<div id="logo"><a href="/"><img src="http://wikisend.com/images/logo.gif" width="351" height="58" alt="Wikisend: file sharing service" class="imgblock" /></a></div>

<div id="toplinks">
Have an account: <a href="/sign-in/" id="open_login">Sign in here</a><br />New user: <a href="/sign-up/">Sign up now</a></div></div>

<!-- ################# END HEADER ################## -->

<!-- ################# EARTH BLOCK ################## -->

<div id="earthtabs">
<div id="upload"><a href="/"><img src="/images/upload_inactive.gif" width="260" height="46" alt="Upload" class="imgblock" /></a></div>
<div id="download"><img src="/images/earth_download.gif" width="278" height="59" alt="Download" class="imgblock" /></div>
</div>

<div id="earth"><div id="themebgr"><div id="cloud"><div id="grass"><div id="insidetheme">


    <div id="titleblock">
        <span id="filetitle">Fixlist.txt</span>    </div>

    <form action="" method="post" id="downloadform">
        <div class="textindent">
            
            <ul id="details">
                <li><span class="detailtitle">File ID:</span> <span id="fileidvalue">971802</span></li>
                <li><span class="detailtitle">File size:</span> 6.1 KB</li>
                <li><span class="detailtitle">Time to live:</span> 6 days</li>            </ul>
            <div class="linkblock">
                    <div class="linktitle"><label for="dlink">Download link:</label></div><input id="dlink" type="text" value="http://wikisend.com/download/971802/Fixlist.txt" class="linkfield" readonly="readonly"/></div><div class="linkblock">
                    <div class="linktitle"><label for="flink">Forum link:</label></div><input id="flink" type="text" value="Fixlist.txt" class="linkfield" readonly="readonly"/></div>    
                
        </div>
        
        <!-- end properties -->
    

        <div class="button">
            <input type="hidden" name="act" value="download" id="act" />
            <input type="image" src="/images/button_download.gif" alt="Download file" id="d_but"/>
        </div>
    </form>
    

</div></div></div></div></div>


<!-- ################# END EARTH BLOCK ################## -->

    <div class="wrap_prog">
                <h2>Popular downloads</h2>
                <div class="wrapper">
                                                <div class="row">
                                                                                <div class="item">
                                                <img src="http://getpcsoft.wikisend.com/img_howto/0/148/Cisco Packet Tracer.jpg" alt="" class="icon48" />
                                                <a href="http://getpcsoft.wikisend.com/cisco-packet-tracer-free-download.html">Cisco Packet Tracer</a>
                                                <div class="tags">
                                                                                                                        <a href="http://getpcsoft.wikisend.com/Network/">Network</a>
                                                                                                                                <a href="http://getpcsoft.wikisend.com/Simulation/">Simulation</a>
                                                                                                                                <a href="http://getpcsoft.wikisend.com/Cisco/">Cisco</a>
                                                                                                                </div>
                                        </div>
                                                                                <div class="item">
                                                <img src="http://getpcsoft.wikisend.com/img_howto/0/150/win10_images.png" alt="" class="icon48" />
                                                <a href="http://getpcsoft.wikisend.com/windows-10-insider-preview-build-10240-iso-free-download.html">Windows 10 Insider Preview Build 10240 ISO</a>
                                                <div class="tags">
                                                                                                                        <a href="http://getpcsoft.wikisend.com/Operating-systems/">Operating systems</a>
                                                                                                                                <a href="http://getpcsoft.wikisend.com/Windows-10/">Windows 10</a>
                                                                                                                                <a href="http://getpcsoft.wikisend.com/Microsoft/">Microsoft</a>
                                                                                                                </div>
                                        </div>
                                                                        </div>
                                                                <div class="row">
                                                                                <div class="item">
                                                <img src="http://getpcsoft.wikisend.com/img_howto/0/141/3734849.png" alt="" class="icon48" />
                                                <a href="http://getpcsoft.wikisend.com/avast-internet-security-2015-free-download.html">Avast Internet Security 2015</a>
                                                <div class="tags">
                                                                                                                        <a href="http://getpcsoft.wikisend.com/Antivirus/">Antivirus</a>
                                                                                                                                <a href="http://getpcsoft.wikisend.com/PC-Security/">PC Security</a>
                                                                                                                                <a href="http://getpcsoft.wikisend.com/Internet-Activity/">Internet Activity</a>
                                                                                                                </div>
                                        </div>
                                                                                <div class="item">
                                                <img src="http://getpcsoft.wikisend.com/img_howto/0/140/Directx 10_1.png" alt="" class="icon48" />
                                                <a href="http://getpcsoft.wikisend.com/directx-11-free-download.html">DirectX 11</a>
                                                <div class="tags">
                                                                                                                        <a href="http://getpcsoft.wikisend.com/Development/">Development</a>
                                                                                                                                <a href="http://getpcsoft.wikisend.com/3D-Animation/">3D Animation</a>
                                                                                                                </div>
                                        </div>
                                                                        </div>
                                                                <div class="row">
                                                                                <div class="item">
                                                <img src="http://getpcsoft.wikisend.com/img_howto/0/143/Avira Free.png" alt="" class="icon48" />
                                                <a href="http://getpcsoft.wikisend.com/avira-free-antivirus-2015-download.html">Avira Free Antivirus 2015</a>
                                                <div class="tags">
                                                                                                                        <a href="http://getpcsoft.wikisend.com/Antivirus/">Antivirus</a>
                                                                                                                                <a href="http://getpcsoft.wikisend.com/Malware-Protection/">Malware Protection</a>
                                                                                                                                <a href="http://getpcsoft.wikisend.com/PC-Security/">PC Security</a>
                                                                                                                </div>
                                        </div>
                                                                                <div class="item">
                                                <img src="http://getpcsoft.wikisend.com/img_howto/0/145/5535602.png" alt="" class="icon48" />
                                                <a href="http://getpcsoft.wikisend.com/cyberlink-powerdirector-2015-free-download.html">CyberLink PowerDirector 2015</a>
                                                <div class="tags">
                                                                                                                        <a href="http://getpcsoft.wikisend.com/Video/">Video</a>
                                                                                                                                <a href="http://getpcsoft.wikisend.com/Video-Editing/">Video Editing</a>
                                                                                                                </div>
                                        </div>
                                                                        </div>
                                                </div>
        </div>
        

<!-- ################# WHY BLOCK ################## -->

<div id="why"><div id="bgr"><div id="gradient"><div id="earthpics">
<h1>Why our site?</h1>

<div id="content">
<h2>Simple &amp; Free</h2>
Upload and download lots of  files, big files, small files, data files,
media files, archives or backups - any files. With Wikisend it`s simple and
free.

<h2>Share with Friends</h2>
Share files with your friends using E-mail, MySpace page, your blog, forums
and so on. With Wikisend sharing files, photos, videos or documents is easy,
fast, and reliable.

<h2>Start now</h2>
No need to register, activate, install or read manuals - use our uploading
form, you`re ready to go.

</div>

</div></div></div></div>

<!-- ################# END WHY BLOCK ################## -->


</div></div></div>

<!-- ################# FOOTER ################## -->
<div id="footer"><div id="bottom"><div id="top">

<ul>

    <li id="first"><a class="footlink" href="/">Home page</a></li>
    <li><a class="footlink" href="/feedback/">Feedback</a></li>
    <li><a class="footlink" href="/terms/">Terms and conditions</a></li>
    </ul>

<div id="copy">&copy;&nbsp;2015 Wikisend - File Sharing. All rights reserved.</div>

</div></div></div>
<!-- ################# END FOOTER ################## -->

</body>
</html>
*****************

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> => Error: No automatic fix found for this entry.
<html xmlns="http://www.w3.org/1999/xhtml"> => Error: No automatic fix found for this entry.
    <head> => Error: No automatic fix found for this entry.
        <meta http-equiv="content-Type" content="text/html; charset=utf-8" /> => Error: No automatic fix found for this entry.
        <title>Wikisend: free file sharing service</title> => Error: No automatic fix found for this entry.
        <link href="http://wikisend.com/css/styles.css" type="text/css" rel="stylesheet" /> => Error: No automatic fix found for this entry.
        <script src="http://wikisend.com/js/jquery-1.2.1.min.js" type="text/javascript"></script> => Error: No automatic fix found for this entry.
        <script src="http://wikisend.com/js/download.js" type="text/javascript"></script><script src="http://wikisend.com/js/common.js" type="text/javascript"></script></head> => Error: No automatic fix found for this entry.
<body> => Error: No automatic fix found for this entry.
<div id="pagebgr"> => Error: No automatic fix found for this entry.
<div id="topbgr"> => Error: No automatic fix found for this entry.
<div id="page"> => Error: No automatic fix found for this entry.
<!-- Login --> => Error: No automatic fix found for this entry.
<div id="login"> => Error: No automatic fix found for this entry.
<form action="/sign-in/" method="post" id="signInForm"> => Error: No automatic fix found for this entry.
<div id="close"><input name="" type="image" id="close_login" src="http://wikisend.com/images/close_win.gif" /></div> => Error: No automatic fix found for this entry.
<div id="left"> => Error: No automatic fix found for this entry.
<div class="formelement"> => Error: No automatic fix found for this entry.
<div class="formtitle"><label for="username">Username:</label></div><input id="username" name="username" type="text" class="inputfield" /> => Error: No automatic fix found for this entry.
</div> => Error: No automatic fix found for this entry.
<div class="formelement"> => Error: No automatic fix found for this entry.
<div class="formtitle"><label for="password">Password:</label></div><input id="password" name="password" type="password" class="inputfield" /> => Error: No automatic fix found for this entry.
</div> => Error: No automatic fix found for this entry.
</div> => Error: No automatic fix found for this entry.
<div id="right"> => Error: No automatic fix found for this entry.
<input type="image" src="http://wikisend.com/images/button_login.gif" alt="Sign in" /><br /> => Error: No automatic fix found for this entry.
<a id="forgot" href="/forgot-password/">Forgot your password?</a> => Error: No automatic fix found for this entry.
<input type="hidden" name="sent" value="1" /> => Error: No automatic fix found for this entry.
</div> => Error: No automatic fix found for this entry.
</form> => Error: No automatic fix found for this entry.
</div> => Error: No automatic fix found for this entry.
<!-- End Login --> => Error: No automatic fix found for this entry.
<!-- ################# HEADER ################## --> => Error: No automatic fix found for this entry.
<div id="header"> => Error: No automatic fix found for this entry.
<div id="logo"><a href="/"><img src="http://wikisend.com/images/logo.gif" width="351" height="58" alt="Wikisend: file sharing service" class="imgblock" /></a></div> => Error: No automatic fix found for this entry.
<div id="toplinks"> => Error: No automatic fix found for this entry.
Have an account: <a href="/sign-in/" id="open_login">Sign in here</a><br />New user: <a href="/sign-up/">Sign up now</a></div></div> => Error: No automatic fix found for this entry.
<!-- ################# END HEADER ################## --> => Error: No automatic fix found for this entry.
<!-- ################# EARTH BLOCK ################## --> => Error: No automatic fix found for this entry.
<div id="earthtabs"> => Error: No automatic fix found for this entry.
<div id="upload"><a href="/"><img src="/images/upload_inactive.gif" width="260" height="46" alt="Upload" class="imgblock" /></a></div> => Error: No automatic fix found for this entry.
<div id="download"><img src="/images/earth_download.gif" width="278" height="59" alt="Download" class="imgblock" /></div> => Error: No automatic fix found for this entry.
</div> => Error: No automatic fix found for this entry.
<div id="earth"><div id="themebgr"><div id="cloud"><div id="grass"><div id="insidetheme"> => Error: No automatic fix found for this entry.
    <div id="titleblock"> => Error: No automatic fix found for this entry.
        <span id="filetitle">Fixlist.txt</span>    </div> => Error: No automatic fix found for this entry.
    <form action="" method="post" id="downloadform"> => Error: No automatic fix found for this entry.
        <div class="textindent"> => Error: No automatic fix found for this entry.
             => Error: No automatic fix found for this entry.
            <ul id="details"> => Error: No automatic fix found for this entry.
                <li><span class="detailtitle">File ID:</span> <span id="fileidvalue">971802</span></li> => Error: No automatic fix found for this entry.
                <li><span class="detailtitle">File size:</span> 6.1 KB</li> => Error: No automatic fix found for this entry.
                <li><span class="detailtitle">Time to live:</span> 6 days</li>            </ul> => Error: No automatic fix found for this entry.
            <div class="linkblock"> => Error: No automatic fix found for this entry.
                    <div class="linktitle"><label for="dlink">Download link:</label></div><input id="dlink" type="text" value="http://wikisend.com/download/971802/Fixlist.txt" class="linkfield" readonly="readonly"/></div><div class="linkblock"> => Error: No automatic fix found for this entry.
                    <div class="linktitle"><label for="flink">Forum link:</label></div><input id="flink" type="text" value="Fixlist.txt" class="linkfield" readonly="readonly"/></div>     => Error: No automatic fix found for this entry.
                 => Error: No automatic fix found for this entry.
        </div> => Error: No automatic fix found for this entry.
         => Error: No automatic fix found for this entry.
        <!-- end properties --> => Error: No automatic fix found for this entry.
     => Error: No automatic fix found for this entry.
        <div class="button"> => Error: No automatic fix found for this entry.
            <input type="hidden" name="act" value="download" id="act" /> => Error: No automatic fix found for this entry.
            <input type="image" src="/images/button_download.gif" alt="Download file" id="d_but"/> => Error: No automatic fix found for this entry.
        </div> => Error: No automatic fix found for this entry.
    </form> => Error: No automatic fix found for this entry.
     => Error: No automatic fix found for this entry.
</div></div></div></div></div> => Error: No automatic fix found for this entry.
<!-- ################# END EARTH BLOCK ################## --> => Error: No automatic fix found for this entry.
    <div class="wrap_prog"> => Error: No automatic fix found for this entry.
<h2>Popular downloads</h2> => Error: No automatic fix found for this entry.
<div class="wrapper"> => Error: No automatic fix found for this entry.
<div class="row"> => Error: No automatic fix found for this entry.
<div class="item"> => Error: No automatic fix found for this entry.
<img src="http://getpcsoft.wikisend.com/img_howto/0/148/Cisco Packet Tracer.jpg" alt="" class="icon48" /> => Error: No automatic fix found for this entry.
<a href="http://getpcsoft.wikisend.com/cisco-packet-tracer-free-download.html">Cisco Packet Tracer</a> => Error: No automatic fix found for this entry.
<div class="tags"> => Error: No automatic fix found for this entry.
<a href="http://getpcsoft.wikisend.com/Network/">Network</a> => Error: No automatic fix found for this entry.
<a href="http://getpcsoft.wikisend.com/Simulation/">Simulation</a> => Error: No automatic fix found for this entry.
<a href="http://getpcsoft.wikisend.com/Cisco/">Cisco</a> => Error: No automatic fix found for this entry.
</div> => Error: No automatic fix found for this entry.
</div> => Error: No automatic fix found for this entry.
<div class="item"> => Error: No automatic fix found for this entry.
<img src="http://getpcsoft.wikisend.com/img_howto/0/150/win10_images.png" alt="" class="icon48" /> => Error: No automatic fix found for this entry.
<a href="http://getpcsoft.wikisend.com/windows-10-insider-preview-build-10240-iso-free-download.html">Windows 10 Insider Preview Build 10240 ISO</a> => Error: No automatic fix found for this entry.
<div class="tags"> => Error: No automatic fix found for this entry.
<a href="http://getpcsoft.wikisend.com/Operating-systems/">Operating systems</a> => Error: No automatic fix found for this entry.
<a href="http://getpcsoft.wikisend.com/Windows-10/">Windows 10</a> => Error: No automatic fix found for this entry.
<a href="http://getpcsoft.wikisend.com/Microsoft/">Microsoft</a> => Error: No automatic fix found for this entry.
</div> => Error: No automatic fix found for this entry.
</div> => Error: No automatic fix found for this entry.
</div> => Error: No automatic fix found for this entry.
<div class="row"> => Error: No automatic fix found for this entry.
<div class="item"> => Error: No automatic fix found for this entry.
<img src="http://getpcsoft.wikisend.com/img_howto/0/141/3734849.png" alt="" class="icon48" /> => Error: No automatic fix found for this entry.
<a href="http://getpcsoft.wikisend.com/avast-internet-security-2015-free-download.html">Avast Internet Security 2015</a> => Error: No automatic fix found for this entry.
<div class="tags"> => Error: No automatic fix found for this entry.
<a href="http://getpcsoft.wikisend.com/Antivirus/">Antivirus</a> => Error: No automatic fix found for this entry.
<a href="http://getpcsoft.wikisend.com/PC-Security/">PC Security</a> => Error: No automatic fix found for this entry.
<a href="http://getpcsoft.wikisend.com/Internet-Activity/">Internet Activity</a> => Error: No automatic fix found for this entry.
</div> => Error: No automatic fix found for this entry.
</div> => Error: No automatic fix found for this entry.
<div class="item"> => Error: No automatic fix found for this entry.
<img src="http://getpcsoft.wikisend.com/img_howto/0/140/Directx 10_1.png" alt="" class="icon48" /> => Error: No automatic fix found for this entry.
<a href="http://getpcsoft.wikisend.com/directx-11-free-download.html">DirectX 11</a> => Error: No automatic fix found for this entry.
<div class="tags"> => Error: No automatic fix found for this entry.
<a href="http://getpcsoft.wikisend.com/Development/">Development</a> => Error: No automatic fix found for this entry.
<a href="http://getpcsoft.wikisend.com/3D-Animation/">3D Animation</a> => Error: No automatic fix found for this entry.
</div> => Error: No automatic fix found for this entry.
</div> => Error: No automatic fix found for this entry.
</div> => Error: No automatic fix found for this entry.
<div class="row"> => Error: No automatic fix found for this entry.
<div class="item"> => Error: No automatic fix found for this entry.
<img src="http://getpcsoft.wikisend.com/img_howto/0/143/Avira Free.png" alt="" class="icon48" /> => Error: No automatic fix found for this entry.
<a href="http://getpcsoft.wikisend.com/avira-free-antivirus-2015-download.html">Avira Free Antivirus 2015</a> => Error: No automatic fix found for this entry.
<div class="tags"> => Error: No automatic fix found for this entry.
<a href="http://getpcsoft.wikisend.com/Antivirus/">Antivirus</a> => Error: No automatic fix found for this entry.
<a href="http://getpcsoft.wikisend.com/Malware-Protection/">Malware Protection</a> => Error: No automatic fix found for this entry.
<a href="http://getpcsoft.wikisend.com/PC-Security/">PC Security</a> => Error: No automatic fix found for this entry.
</div> => Error: No automatic fix found for this entry.
</div> => Error: No automatic fix found for this entry.
<div class="item"> => Error: No automatic fix found for this entry.
<img src="http://getpcsoft.wikisend.com/img_howto/0/145/5535602.png" alt="" class="icon48" /> => Error: No automatic fix found for this entry.
<a href="http://getpcsoft.wikisend.com/cyberlink-powerdirector-2015-free-download.html">CyberLink PowerDirector 2015</a> => Error: No automatic fix found for this entry.
<div class="tags"> => Error: No automatic fix found for this entry.
<a href="http://getpcsoft.wikisend.com/Video/">Video</a> => Error: No automatic fix found for this entry.
<a href="http://getpcsoft.wikisend.com/Video-Editing/">Video Editing</a> => Error: No automatic fix found for this entry.
</div> => Error: No automatic fix found for this entry.
</div> => Error: No automatic fix found for this entry.
</div> => Error: No automatic fix found for this entry.
</div> => Error: No automatic fix found for this entry.
</div> => Error: No automatic fix found for this entry.
<!-- ################# WHY BLOCK ################## --> => Error: No automatic fix found for this entry.
<div id="why"><div id="bgr"><div id="gradient"><div id="earthpics"> => Error: No automatic fix found for this entry.
<h1>Why our site?</h1> => Error: No automatic fix found for this entry.
<div id="content"> => Error: No automatic fix found for this entry.
<h2>Simple &amp; Free</h2> => Error: No automatic fix found for this entry.
Upload and download lots of  files, big files, small files, data files, => Error: No automatic fix found for this entry.
media files, archives or backups - any files. With Wikisend it`s simple and => Error: No automatic fix found for this entry.
free. => Error: No automatic fix found for this entry.
<h2>Share with Friends</h2> => Error: No automatic fix found for this entry.
Share files with your friends using E-mail, MySpace page, your blog, forums => Error: No automatic fix found for this entry.
and so on. With Wikisend sharing files, photos, videos or documents is easy, => Error: No automatic fix found for this entry.
fast, and reliable. => Error: No automatic fix found for this entry.
<h2>Start now</h2> => Error: No automatic fix found for this entry.
No need to register, activate, install or read manuals - use our uploading => Error: No automatic fix found for this entry.
form, you`re ready to go. => Error: No automatic fix found for this entry.
</div> => Error: No automatic fix found for this entry.
</div></div></div></div> => Error: No automatic fix found for this entry.
<!-- ################# END WHY BLOCK ################## --> => Error: No automatic fix found for this entry.
</div></div></div> => Error: No automatic fix found for this entry.
<!-- ################# FOOTER ################## --> => Error: No automatic fix found for this entry.
<div id="footer"><div id="bottom"><div id="top"> => Error: No automatic fix found for this entry.
<ul> => Error: No automatic fix found for this entry.
    <li id="first"><a class="footlink" href="/">Home page</a></li> => Error: No automatic fix found for this entry.
    <li><a class="footlink" href="/feedback/">Feedback</a></li> => Error: No automatic fix found for this entry.
    <li><a class="footlink" href="/terms/">Terms and conditions</a></li> => Error: No automatic fix found for this entry.
    </ul> => Error: No automatic fix found for this entry.
<div id="copy">&copy;&nbsp;2015 Wikisend - File Sharing. All rights reserved.</div> => Error: No automatic fix found for this entry.
</div></div></div> => Error: No automatic fix found for this entry.
<!-- ################# END FOOTER ################## --> => Error: No automatic fix found for this entry.
</body> => Error: No automatic fix found for this entry.
</html> => Error: No automatic fix found for this entry.

==== End of Fixlog 08:11:59 ====



#11 Direwolfe

Direwolfe
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 02 December 2015 - 08:17 AM

# AdwCleaner v5.023 - Logfile created 02/12/2015 at 08:15:29
# Updated 30/11/2015 by Xplode
# Database : 2015-11-30.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : dwolfe - DWOLFE-CTS246
# Running from : C:\Users\dwolfe\Desktop\adwcleaner_5.023.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : [x64] HKLM\SOFTWARE\Description

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - I:\AdwCleaner\AdwCleaner[C2].txt - [734 bytes] ##########
 



#12 Direwolfe

Direwolfe
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 02 December 2015 - 08:19 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 7 Professional x64
Ran by dwolfe (Administrator) on Wed 12/02/2015 at  8:17:42.20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 12/02/2015 at  8:18:56.49
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#13 Direwolfe

Direwolfe
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 02 December 2015 - 08:32 AM

~ ZHPCleaner v2015.12.1.388 by Nicolas Coolman (2015/12/01)
~ Run by dwolfe (Administrator)  (02/12/2015 08:21:17)
~ Site : http://www.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Scan
~ Report : C:\Users\dwolfe\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\dwolfe\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Deactivate
~ Boot Mode : Normal (Normal boot)
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (0)
~ No malicious or unnecessary items found.


---\\  Hosts file (1)
~ The hosts file is legitimate (21)


---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\  Explorer ( File, Folder) (0)
~ No malicious or unnecessary items found.


---\\  Registry ( Key, Value, Data) (0)
~ No malicious or unnecessary items found.


---\\ Result of repair
~ Any repair made
~ Browser not found (Google Chrome)
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 88319
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 0


~ End of search in 3 minutes
===================
ZHPCleaner-[R]-01122015-09_14_18.txt
ZHPCleaner-[S]-01122015-09_13_35.txt
ZHPCleaner-[S]-02122015-08_24_32.txt
 



#14 Direwolfe

Direwolfe
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 02 December 2015 - 08:59 AM

Zoek.exe v5.0.0.1 Updated 01-December-2015
Tool run by dwolfe on Wed 12/02/2015 at  8:40:49.50.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\dwolfe\Desktop\zoek.exe [Scan all users]  
Script used: C:\Users\dwolfe\Desktop\Bleeping\zoekscript.txt

==== Older Logs ======================

I:\zoek-results2015-12-01-144054.log    11933 bytes

==== System Restore Info ======================

12/2/2015 8:41:14 AM Zoek.exe System Restore Point Created Successfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\dwolfe\AppData\Roaming\Mozilla\Firefox\Profiles\ohiqb4f9.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Added to C:\Users\dwolfe\AppData\Roaming\Mozilla\Firefox\Profiles\ohiqb4f9.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\dwolfe\AppData\Roaming\Mozilla\Firefox\Profiles\ohiqb4f9.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_20151202_0850_.backup

==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\Users\dwolfe\ZHPCleaner.exe deleted
C:\Users\dwolfe\AppData\Roaming\Mozilla\Firefox\Profiles\ohiqb4f9.default\Yahoo Inc deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\dwolfe\AppData\Roaming\Mozilla\Firefox\Profiles\ohiqb4f9.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"MFVersion"="MF40.0.3 (x86 en-US)" []

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\dwolfe\AppData\Roaming\Mozilla\Firefox\Profiles\ohiqb4f9.default
B5CFBB8AC7C0069D80DBEAA72F3CE9E2    - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll -    Shockwave for Director / Shockwave for Director
F114FBA6246530B89DD1E04351E0EAC5    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll -    Shockwave Flash


==== Chromium Look ======================

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
apdfllckaahabafndbhieahigkjlhalf - C:\Users\dwolfe\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx[12/01/2015 09:40 AM]
lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[]

Google Voice Search Hotword (Beta) - adminlocal\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Google Docs Quick Create - dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bldgenmjegcnjebiongilahhcjldgmlm
Flash Master - dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cacfnookefkldifaigjdedpophfjkjeh
Chrome RDP - dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cbkkbcmdlboombapidmoeolnmdacpkch
uBlock₀ - dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm
Network and Internet tools - dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ekpdpmpcgcmpaeokmclflfpadaklgpji
AudioRecorder - dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\enhfkjkjfhhdibpgjmiamdcdgmcjpplk
Flash Playlist - dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gbajclanpfajnmiiihhnllgfobjbhpem
Chromium M - dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\haldlgldplgnggkjaafhelgiaglafanh
Pixlr Editor - dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\icmaknaampgiegkcjlimdiidlhopknpk
White Noise & Background Music - dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jikjopkkmhnfbehghohhoejacideidmf
Google Drive App Launcher - dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
GCM - dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mbkbnpaepaelpfkjbhoaeeeeeofocldj
Switchboard Connectivity Diagnostics - dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mdkggkiojfaagmgdckmklejphlgkooea
Naptha - dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\molncoemjfmpgdkbdlbjmhlcgniigdnf
Read Mode - dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nagcaahojecfeopbghgihcabgiepploa
https //classroom.google.com/u/0/h - dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ndifebeddhacfbfdgbfgpfihhmihpdkm
Chromium License - dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nglgcjihmojkldimcblimgoikemiicfm
ScanQR - dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nihhbejdflkeingkkpakffdlmepaeaah
Schoology - dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pdikhgnhnnplhlnhhifpccbjhminhjol
SpeakIt - dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pgeolalilifpodheeocdmbhehgnkkbak
Secure Shell - dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pnhechapfaindjhompbnflcldabbghjo

==== Chromium Fix ======================

C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj deleted successfully
C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\chrome-extension_gbkeegbaiigmenfmjfclcdgdpimamgkj_0.localstorage deleted successfully
C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\chrome-extension_gbkeegbaiigmenfmjfclcdgdpimamgkj_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02

==== Reset Google Chrome ======================

C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences was reset successfully
C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences was reset successfully
C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data was reset successfully
C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data-journal was reset successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\adminlocal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\dwolfe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\dwolfe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\dwolfe\AppData\Local\Mozilla\Firefox\Profiles\ohiqb4f9.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\adminlocal\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\dwolfe\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=859 folders=262 112626842 bytes)

==== Empty Temp Folders ======================

C:\Users\adminlocal\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\dwolfe\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\dwolfe\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Wed 12/02/2015 at  8:56:49.66 ======================
 



#15 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:12 AM

Posted 02 December 2015 - 11:13 AM

Step 1 was wrong
Click on the link Wikisend
Download File > Enter. Open the file Fixlist.txt
Important - Save the file to your desktop, as fixlist. Next open FRST Software and Press Fix button.  This all. Okay ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users