Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC multiple iexplore.exe in taskmanager & Google Project Oreon


  • This topic is locked This topic is locked
35 replies to this topic

#1 Tramon

Tramon

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 PM

Posted 27 May 2016 - 03:10 AM

My PC has multiple iexplore.exe in taskmanager.
and my Google keeps opening up random tabs like "Project Oreon"
that also justt started opening up in internet explore.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Katie (administrator) on TRAY-PC (27-05-2016 03:50:38)
Running from C:\Users\Katie\Desktop\FRST
Loaded Profiles: Katie (Available Profiles: Katie & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Lexmark International, Inc.) C:\Windows\System32\spool\drivers\x64\3\lxdnserv.exe
( ) C:\Windows\System32\lxdncoms.exe
() C:\Users\Katie\AppData\Local\MediaFire Desktop\MFUsnMonitorService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\SCE\Common\File System Driver\bin\pfs_mounter.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows\WER\wermgr.exe
() C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\AppService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Enstone) C:\Program Files (x86)\ControlConsoleAPI\CCAPIConsoleManager.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [wermgr] => C:\ProgramData\Microsoft\Windows\WER\wermgr.exe [6786560 2015-01-09] (Microsoft Corporation)
HKLM-x32\...\Run: [FonePaw iPhone Data RecoveryAppService] => C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\AppService.exe [81512 2015-12-24] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKU\S-1-5-21-1457218534-3710924171-3785597336-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3586848 2016-02-17] (Nota Inc.)
HKU\S-1-5-21-1457218534-3710924171-3785597336-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [1MediaFireIconError] -> {5EE8C634-CDC0-453D-9731-DF0B19F4E807} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon3_f1d81.dll [2014-10-14] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [1MediaFireIconReadOnly] -> {7995D0FC-769B-4197-AEC0-991921CB99E1} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon5_f1d81.dll [2014-10-14] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [1MediaFireIconSynched] -> {9A3B79CB-D899-40B5-8DBC-20447F1ADC8F} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon_f1d81.dll [2014-10-14] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [1MediaFireIconSyncing] -> {C4D81971-6B13-4173-AB21-F83AD20CCC04} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon2_f1d81.dll [2014-10-14] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [MediaFireIconLock] -> {759F3E92-F4E8-4953-8315-238B8B17E0F3} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon4_f1d81.dll [2014-10-14] (TODO: <Company name>)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{3AA98D0F-4606-46EC-BE43-C8E4B1C60A0E}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1457218534-3710924171-3785597336-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1457218534-3710924171-3785597336-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1457218534-3710924171-3785597336-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
SearchScopes: HKLM -> DefaultScope {17A243BE-2BE0-45DF-9B6D-0A08DB2DFDC8} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {17A243BE-2BE0-45DF-9B6D-0A08DB2DFDC8} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> DefaultScope {1121E8DD-2FFB-45E4-929B-D6D3A9BC98B7} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {1121E8DD-2FFB-45E4-929B-D6D3A9BC98B7} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-1457218534-3710924171-3785597336-1001 -> DefaultScope {1121E8DD-2FFB-45E4-929B-D6D3A9BC98B7} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS412US413
SearchScopes: HKU\S-1-5-21-1457218534-3710924171-3785597336-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1457218534-3710924171-3785597336-1001 -> {1121E8DD-2FFB-45E4-929B-D6D3A9BC98B7} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS412US413
SearchScopes: HKU\S-1-5-21-1457218534-3710924171-3785597336-1001 -> {4CA5AAAA-2E46-4566-A4BB-579E00F4292E} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
BHO-x32: Lexmark Toolbar -> {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -> C:\Program Files\Lexmark Toolbar\toolband.dll [2007-12-01] ()
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-03-11] (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-03-11] (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-19] (<TOSHIBA>)
Toolbar: HKLM-x32 - Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll [2007-12-01] ()
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\K53ZUh3K.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-07-22] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-10-01] (Citrix Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-03-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-03-11] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-07-22] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1457218534-3710924171-3785597336-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Katie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]

Chrome:
=======
CHR StartupUrls: Default -> "hxxps://www.google.com/?gws_rd=ssl"
CHR Profile: C:\Users\Katie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-17]
CHR Extension: (Google Docs) - C:\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-18]
CHR Extension: (Google Drive) - C:\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-18]
CHR Extension: (YouTube) - C:\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-18]
CHR Extension: (Google Sheets) - C:\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-17]
CHR Extension: (Avira Browser Safety) - C:\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-05-12]
CHR Extension: (Google Docs Offline) - C:\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Gmail) - C:\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-18]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 HcwDevCentralService; C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDevCentralService.exe [399120 2014-08-20] (Hauppauge Computer Works, Inc.)
R2 lxdnCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe [29184 2009-04-28] (Lexmark International, Inc.)
R2 lxdn_device; C:\windows\system32\lxdncoms.exe [1044648 2008-02-27] ( )
R2 lxdn_device; C:\windows\SysWOW64\lxdncoms.exe [594600 2008-02-27] ( )
R2 MF NTFS Monitor; C:\Users\Katie\AppData\Local\MediaFire Desktop\MFUsnMonitorService.exe [456504 2014-10-14] ()
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [126392 2009-08-24] (Symantec Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [105448 2014-08-28] (Razer Inc.)
R2 SCEFSMounter; C:\Program Files (x86)\SCE\Common\File System Driver\bin\pfs_mounter.exe [79872 2012-06-20] (Sony Computer Entertainment Inc.) [File not signed]
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 hcwE5bda; C:\Windows\System32\drivers\hcwE5bda.sys [969048 2014-04-29] (Hauppauge Computer Work, Inc.)
R2 mfmonitor; C:\Windows\System32\DRIVERS\mfmonitor_x64.sys [20696 2014-10-14] (Windows ® Win 7 DDK provider)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R1 pfs_dokan; C:\Windows\System32\DRIVERS\pfs_dokan.sys [56496 2012-06-20] (Sony Computer Entertainment Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-03-18] ()
R3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)
S3 X86BDA; C:\Windows\System32\DRIVERS\OEMDrv.sys [268416 2011-06-08] ( )
S3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-26 17:17 - 2016-05-26 16:55 - 00497699 _____ C:\Users\Katie\Desktop\Zombies BO2 Disection V2 .zip
2016-05-26 17:17 - 2016-03-18 18:03 - 00000000 ____D C:\Users\Katie\Desktop\Stroudify v2
2016-05-26 17:03 - 2016-05-26 17:04 - 15880122 _____ (iMCS Productions ) C:\Users\Katie\Downloads\setup-gscstudio-160215.exe
2016-05-26 17:00 - 2016-05-26 17:00 - 01044167 _____ C:\Users\Katie\Downloads\Stroudify v2.rar
2016-05-26 16:55 - 2016-05-26 16:55 - 00497699 _____ C:\Users\Katie\Downloads\Zombies BO2 Disection V2 .zip
2016-05-26 16:39 - 2016-05-26 16:39 - 00325402 _____ C:\Users\Katie\Downloads\★ oCmKs_4_LiFes Private Patch ★.rar
2016-05-26 15:08 - 2016-05-26 15:08 - 10315747 _____ C:\Users\Katie\Downloads\Paradox v2 Zombies & Multiplayer.rar
2016-05-26 14:59 - 2016-05-26 14:59 - 00000016 _____ C:\Users\Katie\Downloads\vsh.tmp
2016-05-26 13:53 - 2016-05-26 13:53 - 06513888 _____ (Tim Kosse) C:\Users\Katie\Downloads\FileZilla_3.17.0.1_win64-setup.exe
2016-05-26 04:03 - 2016-05-22 23:09 - 00000000 ____D C:\Users\Katie\Desktop\Mw2 Azza SPRX Menu
2016-05-26 03:59 - 2016-05-26 04:00 - 03328312 _____ C:\Users\Katie\Downloads\Mw2 Azza SPRX Menu.rar
2016-05-26 03:32 - 2016-05-26 03:32 - 00000000 ____D C:\Users\Katie\Desktop\ParadoxV2
2016-05-26 03:30 - 2016-05-26 03:31 - 18666430 _____ C:\Users\Katie\Downloads\ParadoxV2.zip
2016-05-25 18:41 - 2016-05-25 18:41 - 00515388 _____ C:\Users\Katie\Downloads\Syndicate.zip
2016-05-20 20:17 - 2016-05-20 20:17 - 00021509 _____ C:\ComboFix.txt
2016-05-12 14:21 - 2016-05-12 14:21 - 05995712 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-27 03:50 - 2016-01-05 17:33 - 00000000 ____D C:\Users\Katie\Desktop\FRST
2016-05-27 03:50 - 2016-01-04 17:02 - 00000000 ____D C:\FRST
2016-05-27 03:37 - 2016-03-17 17:37 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-27 03:20 - 2013-01-02 20:07 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-05-27 02:12 - 2014-09-15 22:15 - 00000000 ____D C:\Users\Katie\AppData\Roaming\Skype
2016-05-26 19:46 - 2015-12-18 18:02 - 00000000 ____D C:\Users\Katie\Desktop\1.20 Batllefield 4 RTM v3 By Devious NGU
2016-05-26 19:46 - 2015-11-25 22:13 - 00000000 ____D C:\Users\Katie\Desktop\Black Ops 3 Zombies Tool By CodJumper
2016-05-26 19:46 - 2015-11-23 11:20 - 00000000 ____D C:\Users\Katie\Desktop\Dro's nonhost menu 1.03
2016-05-26 19:46 - 2015-11-23 11:15 - 00000000 ____D C:\Users\Katie\Desktop\Black Ops 3 Zombies Tool - Kizza09
2016-05-26 19:46 - 2015-07-07 09:30 - 00000000 ____D C:\Users\Katie\Desktop\CoD Launcher Unknauwn Series v1.5.0
2016-05-26 19:46 - 2015-06-26 06:08 - 00000000 ____D C:\Users\Katie\Desktop\NGHTModz All cod
2016-05-26 19:46 - 2015-06-20 14:12 - 00000000 ____D C:\Users\Katie\Desktop\COD'S offsets
2016-05-26 19:46 - 2015-05-17 17:33 - 00000000 ____D C:\Users\Katie\Desktop\GSC_Injector_BO2
2016-05-26 19:37 - 2016-03-17 17:37 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-26 17:27 - 2014-09-18 17:30 - 00000000 ____D C:\Users\Katie\AppData\Roaming\FileZilla
2016-05-26 17:04 - 2015-05-09 15:23 - 00001361 _____ C:\Users\Public\Desktop\Black Ops 2 - GSC Studio.lnk
2016-05-26 17:04 - 2014-10-13 22:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black Ops 2 - GSC Studio
2016-05-26 16:52 - 2015-07-17 11:25 - 00000000 ____D C:\Users\Katie\Desktop\bleep i Bought
2016-05-26 14:10 - 2015-11-05 20:24 - 00002068 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2016-05-26 14:10 - 2014-09-18 17:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2016-05-26 14:10 - 2014-09-18 17:29 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2016-05-26 13:34 - 2009-07-14 01:13 - 00783464 _____ C:\windows\system32\PerfStringBackup.INI
2016-05-26 13:34 - 2009-07-13 23:20 - 00000000 ____D C:\windows\inf
2016-05-24 12:28 - 2015-06-10 17:46 - 00000000 ____D C:\ProgramData\Nimoru
2016-05-23 15:08 - 2009-07-14 00:45 - 00015792 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-23 15:08 - 2009-07-14 00:45 - 00015792 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-23 14:58 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-05-20 20:17 - 2016-03-20 14:00 - 00000000 ____D C:\Qoobox
2016-05-20 20:14 - 2009-07-13 22:34 - 00000215 _____ C:\windows\system.ini
2016-05-20 20:00 - 2016-03-20 13:50 - 05659526 ____R (Swearware) C:\Users\Katie\Desktop\ComboFix.exe
2016-05-17 01:40 - 2014-09-15 20:04 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-17 01:38 - 2014-12-18 18:58 - 00001077 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-17 01:38 - 2014-09-15 20:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-17 01:38 - 2014-09-15 20:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-12 21:19 - 2016-03-17 17:41 - 00002166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-12 21:19 - 2016-03-17 17:41 - 00002154 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-12 14:22 - 2013-01-02 20:07 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-05-12 14:21 - 2013-01-02 20:07 - 00797376 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-05-12 14:21 - 2013-01-02 20:07 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-12 13:49 - 2014-09-15 19:16 - 00000000 ____D C:\windows\system32\MRT
2016-05-12 13:12 - 2014-09-15 19:16 - 139319312 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-05-10 19:32 - 2016-03-17 17:37 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 19:32 - 2016-03-17 17:37 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-04-27 00:27 - 2011-01-25 11:39 - 00000000 ____D C:\Users\Katie\AppData\Local\CrashDumps

==================== Files in the root of some directories =======

2015-07-06 13:34 - 2015-07-06 13:34 - 0000132 _____ () C:\Users\Katie\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-06-29 16:38 - 2015-07-16 13:20 - 0000096 _____ () C:\Users\Katie\AppData\Roaming\Camdata.ini
2015-06-29 16:38 - 2015-07-16 13:20 - 0000408 _____ () C:\Users\Katie\AppData\Roaming\CamLayout.ini
2015-06-29 16:38 - 2015-07-16 13:20 - 0000408 _____ () C:\Users\Katie\AppData\Roaming\CamShapes.ini
2015-06-29 16:38 - 2015-07-16 13:20 - 0004536 _____ () C:\Users\Katie\AppData\Roaming\CamStudio.cfg
2015-12-28 07:49 - 2009-06-10 17:23 - 0000181 _____ () C:\Users\Katie\AppData\Roaming\clientmon.exe.config
2015-06-29 16:26 - 2015-07-16 13:20 - 0000096 _____ () C:\Users\Katie\AppData\Roaming\version2.xml
2012-11-04 10:30 - 2012-12-21 11:25 - 0000656 _____ () C:\Users\Katie\AppData\Roaming\wklnhst.dat
2014-10-19 19:48 - 2015-06-03 17:30 - 0001456 _____ () C:\Users\Katie\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-09-15 22:29 - 2016-01-05 17:30 - 0000059 _____ () C:\Users\Katie\AppData\Local\UserProducts.xml
2013-02-05 09:05 - 2013-02-05 09:05 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\Katie\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-22 00:13

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Katie (2016-05-27 03:52:14)
Running from C:\Users\Katie\Desktop\FRST
Windows 7 Home Premium Service Pack 1 (X64) (2011-01-02 18:26:05)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1457218534-3710924171-3785597336-500 - Administrator - Disabled)
Guest (S-1-5-21-1457218534-3710924171-3785597336-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-1457218534-3710924171-3785597336-1002 - Limited - Enabled)
Katie (S-1-5-21-1457218534-3710924171-3785597336-1001 - Administrator - Enabled) => C:\Users\Katie

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

.NET Reflector Desktop (HKLM-x32\...\{3450CBDE-2AE7-4FB8-93E3-37995ADE4F13}) (Version: 8.5.0.179 - Red Gate Software Ltd)
µTorrent (HKU\S-1-5-21-1457218534-3710924171-3785597336-1001\...\uTorrent) (Version: 3.4.5.41865 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.7.1.418 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Reader 9.3 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.0 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.27 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{5792CD64-61B4-C448-0D22-3C51DD73AB2A}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Black Ops 2 - GSC Studio (HKLM-x32\...\{909C0DF9-6BBE-42BD-8FB2-0ADEBA3459B6}_is1) (Version: 16.2.15.0 - iMCS Productions)
Black Ops II [1.19] Real Time Editor Made By EaZyMoDzHD version 4.6 (HKLM-x32\...\{D08EFCFD-7BE8-4830-AE84-5CF471846A03}_is1) (Version: 4.6 - x-X-MaDsK-X-x)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bruteforce Save Data (HKLM-x32\...\Bruteforce Save Data) (Version: - )
Build Tools - amd64 (Version: 12.0.30723 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.30723 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden
ccc-core-static (x32 Version: 2010.0315.1050.17562 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.111.0.64 - Conexant)
ControlConsole API version 2.60 (HKLM-x32\...\{E6C0F5ED-B5EA-451D-8CB1-57902AA188DE}_is1) (Version: 2.60 - Enstone)
DotNetBar for Windows Forms (HKLM-x32\...\{316FC9F6-6343-42AC-BC26-6337C9CD1A8E}) (Version: 10.0.0.3 - DevComponents)
Entity Framework 6.1.1 Tools for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
FileZilla Client 3.17.0.1 (HKLM-x32\...\FileZilla Client) (Version: 3.17.0.1 - Tim Kosse)
FonePaw iPhone Data Recovery 2.2.0 (HKLM-x32\...\{77B09C3A-839E-4ea7-81BA-E5864F6BF388}_is1) (Version: 2.2.0 - FonePaw)
Fushicai VIDEO DVR (HKLM-x32\...\{989BAFE8-E777-43D7-9749-9810E0E9FF48}) (Version: 2013.5.6 - Fushicai)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
GTA Online - Recovery Tool (HKLM-x32\...\{98DEAB74-5359-489A-B954-EE178BFCC9CF}_is1) (Version: 3.62 - iMCS Productions)
Gyazo 3.2.1 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
Hauppauge Capture (HKLM-x32\...\Hauppauge Capture) (Version: 1.0.32248 - Hauppauge Computer Works)
Hauppauge Device Central (HKLM-x32\...\Hauppauge Device Central) (Version: 1.3.32231 - Hauppauge Computer Works, Inc.)
Horizon v2.8.1.1 (HKLM-x32\...\d4cfeebc-b821-40b7-9f81-d366b1466f03_is1) (Version: 2.8.1.1 - Daring Development Inc.)
HxD Hex Editor versión 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Lexmark 2600 Series (HKLM\...\Lexmark 2600 Series) (Version: - Lexmark International, Inc.)
Lexmark Fax Solutions (HKLM\...\Lexmark Fax Solutions) (Version: - )
Lexmark Toolbar (HKLM-x32\...\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}) (Version: 3.0.25.0 - )
Lexmark Tools for Office (HKLM-x32\...\{10812DE7-2E57-4740-B226-6B3BE34AF9D7}) (Version: 1.24.0.0 - )
LocalESPC (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MediaFire Desktop (HKLM-x32\...\MediaFire Desktop 1.3.22.10579) (Version: 1.3.22.10579 - MediaFire)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2010 - English (HKLM-x32\...\{90140011-0061-0409-0000-0000000FF1CE}) (Version: 14.0.6114.5002 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1457218534-3710924171-3785597336-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio Express 2013 for Windows Desktop - ENU with Update 3 (HKLM-x32\...\{1ef771b4-b774-439e-a015-23dec292d9a4}) (Version: 12.0.30723.0 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft Xbox 360 SDK 2.0.20871.2 (HKLM-x32\...\Microsoft Xbox 360 SDK) (Version: - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
Online Plug-in (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Prerequisites for SSDT (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Python Tools Redirection Template (x32 Version: 1.0 - Microsoft Corporation) Hidden
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 5.0.89.0 - Razer Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
SCE File System Driver v1.8.0.17 (HKLM\...\{6B1CA4D0-D27C-4893-A2A0-82FE0335BC0D}) (Version: 1.8.0.17 - Sony Computer Entertainment Inc.)
SCE ProDG Debugger Documentation for PlayStation®3 v420.1.0 (HKLM-x32\...\{D7BF9F65-76E8-44BA-948A-875863CF3144}) (Version: 4.20.1 - Sony Computer Entertainment Ltd. / SN Systems Ltd.)
SCE ProDG Debugger for PlayStation®3 v420.1.0 (HKLM-x32\...\{6C8B2A8A-50E7-4D9F-80E7-94CBD6148FBB}) (Version: 4.20.1 - Sony Computer Entertainment Ltd. / SN Systems Ltd.)
SCE ProDG Target Manager Documentation for PlayStation®3 v420.1.0 (HKLM-x32\...\{6DDB0863-803D-4814-A39F-E395A5D4EE34}) (Version: 4.20.1 - Sony Computer Entertainment Ltd. / SN Systems Ltd.)
SCE ProDG Target Manager for PlayStation®3 v420.1.0 (HKLM-x32\...\{149E5890-9C43-4E68-92A3-5516705D1CAD}) (Version: 4.20.1 - Sony Computer Entertainment Ltd. / SN Systems Ltd.)
Self-service Plug-in (x32 Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
SN Systems SN Launcher v1.0.7.1 (HKLM-x32\...\{C72CA33A-AA67-4CB8-BD94-E2ABDED81173}) (Version: 1.0.7.1 - Sony Computer Entertainment Ltd. / SN Systems Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1210 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
SynciOS Data Transfer version 1.2.4 (HKLM-x32\...\{6C4BB520-3416-4D67-B7EA-A9FF6662345F}_is1) (Version: 1.2.4 - Anvsoft, Inc.)
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
TinyTake by MangoApps (HKLM-x32\...\{cbb7c584-20c0-4426-9921-ac1cc52ff54d}) (Version: 4.0.1 - MangoApps)
TinyTake by MangoApps (x32 Version: 4.0.1 - MangoApps) Hidden
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.0 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.10 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.07.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}) (Version: 2.00.06 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.3.198 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.10 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.38 - Toshiba)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\{073B89C3-BA88-41B5-965F-B35A88EAE838}) (Version: 2.00.03 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.3.64 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
TypeScript Power Tool (x32 Version: 1.0.3.1 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.3.1 - Microsoft Corporation) Hidden
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Visual Studio 2013 Update 3 (KB2829760) (HKLM-x32\...\{86438e3d-7f83-4dd2-94aa-047e7c3974cb}) (Version: 12.0.30723 - Microsoft Corporation)
VS Update core components (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D8C32E2-973B-4085-AA92-6015A68E52FB} - System32\Tasks\XboxStatTask => C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
Task: {79103BBE-F865-48AC-BF26-B3C3F1E5EA85} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-17] (Google Inc.)
Task: {8F3659C5-C54A-403B-8B1B-B9CFF31594D8} - System32\Tasks\TinyTakeUpgrade => C:\Users\Katie\AppData\Local\MangoApps\TinyTake by MangoApps\TinyTake.exe [2015-10-13] (MangoApps Inc.)
Task: {AEEB94BF-A7BB-499C-9867-6622778D60A2} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-12] (Adobe Systems Incorporated)
Task: {C15A7AD9-C80F-44F9-994E-FAB3F86BBFF1} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-02-17] ()
Task: {E0B1E112-2427-4D51-97C2-20F4E7CA10CD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-17] (Google Inc.)
Task: {FA31A74F-CD68-4B62-8B06-AF3587C0A668} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-02-17] ()
Task: {FA82F0A1-3E4F-49D0-B5A0-D752F8EB15E1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Katie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Online File Converter.lnk -> C:\Program Files (x86)\Office-Converter.com\Office-Converter.com\OfficeLink.exe () -> hxxp://www.office-converter.com/

==================== Loaded Modules (Whitelisted) ==============

2011-01-06 21:33 - 2007-11-01 10:33 - 00045568 _____ () C:\windows\System32\LXF3PMON.DLL
2011-01-06 21:33 - 2007-08-27 13:44 - 00053248 _____ () C:\windows\System32\LXF3OEM.DLL
2011-01-06 21:33 - 2007-11-01 10:26 - 00081408 _____ () C:\Program Files (x86)\Lexmark Fax Solutions\ipcmt64.dll
2011-01-06 21:33 - 2007-11-01 10:33 - 00003584 _____ () C:\windows\System32\LXF3PMRC.DLL
2011-01-06 21:28 - 2009-08-13 13:06 - 00177152 _____ () C:\windows\system32\spool\PRTPROCS\x64\lxdndrpp.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-05-09 03:22 - 2016-05-09 03:22 - 00052912 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2010-07-15 00:44 - 2010-07-15 00:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2014-05-12 05:49 - 2014-05-12 05:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-11-04 19:27 - 2014-10-14 19:31 - 00456504 _____ () C:\Users\Katie\AppData\Local\MediaFire Desktop\MFUsnMonitorService.exe
2016-03-01 17:02 - 2015-12-24 11:38 - 00081512 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\AppService.exe
2012-06-14 22:11 - 2012-06-14 22:11 - 00325968 _____ () C:\ProgramData\Microsoft\Windows\WER\lua5.1.dll
2016-03-01 17:02 - 2015-11-16 11:10 - 00887808 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\Framework.dll
2016-03-01 17:02 - 2011-03-24 11:25 - 09843200 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\QtWebKit4.dll
2016-03-01 17:02 - 2011-03-24 10:06 - 00232960 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\phonon4.dll
2016-03-01 17:02 - 2011-03-24 09:56 - 07981056 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\QtGui4.dll
2016-03-01 17:02 - 2011-03-24 09:42 - 02145792 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\QtCore4.dll
2016-03-01 17:02 - 2011-03-24 10:06 - 02530816 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\QtXmlPatterns4.dll
2016-03-01 17:02 - 2011-03-24 09:43 - 00934912 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\QtNetwork4.dll
2016-03-01 17:02 - 2011-03-24 09:42 - 00334848 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\QtXml4.dll
2016-03-01 17:02 - 2014-09-12 04:11 - 00013824 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\Utility.dll
2016-03-01 17:02 - 2015-06-24 06:53 - 02825216 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\IosDevice.dll
2016-03-01 17:02 - 2014-09-15 02:51 - 00987136 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\libxml2.dll
2016-03-01 17:02 - 2014-09-15 02:51 - 00077824 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\zlib1.dll
2016-03-01 17:02 - 2014-09-12 04:11 - 00562072 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\SQLite3.dll
2016-03-01 17:02 - 2011-03-24 11:37 - 00025600 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\imageformats\qgif4.dll
2016-03-01 17:02 - 2011-03-24 11:37 - 00027648 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\imageformats\qico4.dll
2016-03-01 17:02 - 2011-03-24 11:37 - 00119808 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\imageformats\qjpeg4.dll
2016-03-01 17:02 - 2011-03-24 11:37 - 00220672 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\imageformats\qmng4.dll
2016-03-01 17:02 - 2011-03-24 11:37 - 00278528 _____ () C:\Program Files (x86)\FonePaw\FonePaw iPhone Data Recovery\imageformats\qtiff4.dll
2016-05-12 21:19 - 2016-05-11 07:48 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libglesv2.dll
2016-05-12 21:19 - 2016-05-11 07:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Katie\MediaFire:mf_x [104]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-03-20 14:13 - 2016-03-20 14:13 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1457218534-3710924171-3785597336-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Katie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Hauppauge Device Properties.lnk => C:\windows\pss\Hauppauge Device Properties.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Katie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Catch seeing.lnk => C:\windows\pss\Catch seeing.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Katie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dried grain.lnk => C:\windows\pss\Dried grain.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Katie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Hauppauge Device Central Tray Tool.lnk => C:\windows\pss\Hauppauge Device Central Tray Tool.lnk.Startup
MSCONFIG\startupreg: (default) =>
MSCONFIG\startupreg: 00TCrdMain => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CitrixReceiver => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: FaxCenterServer => "C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe" /s
MSCONFIG\startupreg: lxdnamon => "C:\Program Files (x86)\Lexmark 2600 Series\lxdnamon.exe"
MSCONFIG\startupreg: lxdnmon.exe => "C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe"
MSCONFIG\startupreg: MediaFire Tray => C:\Users\Katie\AppData\Local\MediaFire Desktop\mf_watch.exe
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
MSCONFIG\startupreg: Redirector => "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
MSCONFIG\startupreg: SmoothView => C:\Program Files\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: TinyTake by MangoApps => "C:\Users\Katie\AppData\Local\MangoApps\TinyTake by MangoApps\TinyTake by MangoApps.exe" NOTOPENCONTEXTMENU
MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
MSCONFIG\startupreg: TosNC => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosReelTimeMonitor => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
MSCONFIG\startupreg: TPwrMain => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E3C5DC80-AF19-4330-8E8E-DDEE3B9D077C}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{7BCC394E-1FEE-4460-998F-DE49A2D5CD6F}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{6ED4FF11-BFED-40B8-A4D8-C80EBFC437BD}] => (Allow) svchost.exe
FirewallRules: [{291B2A92-BD3D-408F-96BF-8D1AE0F3413A}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{3625B477-BB20-4FE3-8C0F-11F6F69F51A8}] => (Allow) C:\Windows\SysWOW64\lxdncoms.exe
FirewallRules: [{A3ED8FC7-E02C-473B-8E9D-99E13DF8EAC1}] => (Allow) C:\Windows\SysWOW64\lxdncoms.exe
FirewallRules: [{EF536F5E-BACF-4492-96CB-2C30B827E0CA}] => (Allow) C:\Windows\System32\lxdncoms.exe
FirewallRules: [{4CB7E5D2-B93D-4201-AB34-B458B7A38A9E}] => (Allow) C:\Windows\System32\lxdncoms.exe
FirewallRules: [{2D344AC9-8B19-446C-A2B3-8A585E9CD20C}] => (Allow) C:\Program Files (x86)\Lexmark 2600 Series\lxdnamon.exe
FirewallRules: [{0E8D575A-0B0D-4CD2-A504-566038C0996E}] => (Allow) C:\Program Files (x86)\Lexmark 2600 Series\lxdnamon.exe
FirewallRules: [{D3DDED30-42BA-4525-8356-DA521B5FFEE8}] => (Allow) C:\Program Files (x86)\Lexmark 2600 Series\frun.exe
FirewallRules: [{26134A36-F292-4825-AE86-463D76BF06BD}] => (Allow) C:\Program Files (x86)\Lexmark 2600 Series\frun.exe
FirewallRules: [{0A771F07-2D7E-4277-BE04-990081D881A0}] => (Allow) C:\Program Files (x86)\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe
FirewallRules: [{D6A45B89-945E-4C17-9AC8-4D959959A8C5}] => (Allow) C:\Program Files (x86)\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe
FirewallRules: [{A6B9BD2B-2B2C-4A05-9A4F-E93C856F3B96}] => (Allow) C:\Program Files (x86)\Lexmark Fax Solutions\FaxCtr.exe
FirewallRules: [{E8A31737-FA12-4E9E-972A-704706A9E663}] => (Allow) C:\Program Files (x86)\Lexmark Fax Solutions\FaxCtr.exe
FirewallRules: [{9A7B6E2B-0205-4DA8-AD3B-36AD7BA6C6A5}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdnpswx.exe
FirewallRules: [{AFBEE689-141C-4187-BDFB-07B5710F114E}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdnpswx.exe
FirewallRules: [{3ABE7A85-4554-4221-8DA4-A36577159CFC}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdntime.exe
FirewallRules: [{A94AA319-5279-470F-B01A-6D3575DD9648}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdntime.exe
FirewallRules: [{0C5DF82B-39C4-491E-971A-AC2727965814}] => (Allow) C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe
FirewallRules: [{CC984914-DBDD-48AE-94A3-A1BF5DE4166B}] => (Allow) C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe
FirewallRules: [{C21B48B1-A24A-46FB-8D0C-4FDBE1556A79}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdnjswx.exe
FirewallRules: [{0D4A9D6E-936D-453A-A83B-CEBC61384DA3}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdnjswx.exe
FirewallRules: [TCP Query User{5A5DC374-2DF9-4C8F-B2B0-3D1F80B91321}C:\program files (x86)\lexmark 2600 series\lxdnmon.exe] => (Block) C:\program files (x86)\lexmark 2600 series\lxdnmon.exe
FirewallRules: [UDP Query User{7CB16811-69BF-42E1-B31F-F8D037BCCB55}C:\program files (x86)\lexmark 2600 series\lxdnmon.exe] => (Block) C:\program files (x86)\lexmark 2600 series\lxdnmon.exe
FirewallRules: [TCP Query User{E79E1942-24A7-447D-8B5B-8DDFD310CEC7}C:\program files (x86)\lexmark 2600 series\lxdnlscn.exe] => (Block) C:\program files (x86)\lexmark 2600 series\lxdnlscn.exe
FirewallRules: [UDP Query User{82C1CD81-B4D5-41BB-B720-C20250B0638C}C:\program files (x86)\lexmark 2600 series\lxdnlscn.exe] => (Block) C:\program files (x86)\lexmark 2600 series\lxdnlscn.exe
FirewallRules: [TCP Query User{FDC3248F-9223-44BC-9F70-E61C787E77CE}C:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe] => (Block) C:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe
FirewallRules: [UDP Query User{A56C1271-6F99-4CBB-A4F1-934A7D4A3BE0}C:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe] => (Block) C:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe
FirewallRules: [{80425D29-7843-495A-B298-6EDAC7B834E2}] => (Allow) LPort=10255
FirewallRules: [TCP Query User{4B32F952-2795-4F99-995C-58574A6A1460}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [UDP Query User{E0FF8030-F080-4F05-BDCA-19FBDD783CFD}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [{35FF89E6-9256-44D5-AE96-B81AE5A2035A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{31D539E3-D6A1-418A-B918-878B35BCD963}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E8B88830-6608-40AA-A047-C6C24936C98F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{181CE50F-5B62-4251-953F-DC0DBCBC9CAC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2BC407D7-6B6F-418C-87DC-8734068B0E8A}] => (Allow) C:\Users\Katie\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{BEF41C8C-C4AC-4524-8E03-F925B6FA312B}] => (Allow) C:\Users\Katie\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{23161862-232D-4F3A-A8FD-391AF57072E1}] => (Allow) C:\Users\Katie\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3429C2FF-BCFD-48E7-9141-A2AE38CA30DF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{92A8827B-452C-4E10-80AE-6923CC847346}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9E4E3A3B-97C5-48F5-AC7A-A0D338443B75}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{51529387-5A19-4062-A75F-0F7C53CF12B8}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{4D8CAA01-614B-4952-828D-38DC53EB565D}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [{50458D70-A9D2-4B5C-B810-EA67AE4C38A7}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\WDExpress.exe
FirewallRules: [{77E128AF-44FE-479A-9077-A11418E9FA2F}] => (Allow) C:\Program Files (x86)\SN Systems\PS3\bin\ps3tmserver.exe
FirewallRules: [TCP Query User{2E4E33FB-4A16-4AF1-B489-D0B03DADEC38}C:\users\katie\desktop\rgh stu\call of duty tools\call of duty tools\mw3\mw3 recovery.exe] => (Allow) C:\users\katie\desktop\rgh stu\call of duty tools\call of duty tools\mw3\mw3 recovery.exe
FirewallRules: [UDP Query User{2959B825-6CDE-4185-A084-2B6B54910531}C:\users\katie\desktop\rgh stu\call of duty tools\call of duty tools\mw3\mw3 recovery.exe] => (Allow) C:\users\katie\desktop\rgh stu\call of duty tools\call of duty tools\mw3\mw3 recovery.exe
FirewallRules: [{E5104867-F6FF-4F02-89AB-533795B8EE2C}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{3CF6EC15-873F-46FE-BDFB-FF8BB70C8EE6}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{D39192CB-63F6-4C43-A363-750127BBE19C}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{2FF096B2-126B-46CC-ABB7-76DFC9A7FD2C}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [TCP Query User{B4D1A5D1-3B5B-4A96-AAAF-36C0E6EFD900}C:\program files (x86)\filezilla ftp client\filezilla.exe] => (Allow) C:\program files (x86)\filezilla ftp client\filezilla.exe
FirewallRules: [UDP Query User{D7E55F8C-DE49-4F53-BA93-1E5524117133}C:\program files (x86)\filezilla ftp client\filezilla.exe] => (Allow) C:\program files (x86)\filezilla ftp client\filezilla.exe
FirewallRules: [TCP Query User{C59880A0-5B1E-43E5-A04F-41C77198D8EF}C:\program files (x86)\cain\cain.exe] => (Allow) C:\program files (x86)\cain\cain.exe
FirewallRules: [UDP Query User{25CAE5F1-FC90-4B23-9FEC-2AE24AF31E4B}C:\program files (x86)\cain\cain.exe] => (Allow) C:\program files (x86)\cain\cain.exe
FirewallRules: [TCP Query User{4D96BCB5-816C-4947-9B73-9CE0E624B8FD}C:\program files (x86)\filezilla ftp client\filezilla.exe] => (Allow) C:\program files (x86)\filezilla ftp client\filezilla.exe
FirewallRules: [UDP Query User{60DB825D-0CB3-43C7-9B28-66C6DE6CF40E}C:\program files (x86)\filezilla ftp client\filezilla.exe] => (Allow) C:\program files (x86)\filezilla ftp client\filezilla.exe
FirewallRules: [TCP Query User{156A326D-DD35-4D61-969E-D11CF3668505}C:\users\katie\appdata\roaming\utorrent\updates\3.4.3_40298.exe] => (Block) C:\users\katie\appdata\roaming\utorrent\updates\3.4.3_40298.exe
FirewallRules: [UDP Query User{3979443B-674A-446C-BE81-242F5ADC57FB}C:\users\katie\appdata\roaming\utorrent\updates\3.4.3_40298.exe] => (Block) C:\users\katie\appdata\roaming\utorrent\updates\3.4.3_40298.exe
FirewallRules: [{7184CD01-649F-4114-9D2C-C472982F289A}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{05CA5249-55FB-4C80-B7A6-DE7EA0B0223A}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{204BDB66-E07A-4A59-89B9-7367F124752E}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{7B3D5D0D-D413-4B95-B723-7C6B488AEE82}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{A9D8B6DA-8F40-4185-B1B0-2669956D1265}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{413F07B9-F1A3-4CF0-83BB-7F9EC6C96A4A}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{0C8E01F6-7927-4A3A-AAD7-99C54A825CFF}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{DB03482C-7B9F-4493-A1A5-D78BAAD382E1}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{2199E61E-FB99-4859-A06D-8DBADECD47CC}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{C05D16C2-FA85-4A4E-BB91-F9A3CBD9C36D}] => (Allow) C:\Nexon\Library\combatarms\appdata\NMService.exe
FirewallRules: [{F1A46C68-6C99-4E98-9CA4-76EBC244741F}] => (Allow) C:\Nexon\Library\combatarms\appdata\NMService.exe
FirewallRules: [TCP Query User{EA53E928-CF13-432F-B3A5-C952B3CE397F}C:\nexon\library\combatarms\appdata\engine.exe] => (Block) C:\nexon\library\combatarms\appdata\engine.exe
FirewallRules: [UDP Query User{DBE407C6-79D2-459B-9369-C1AE614AB89A}C:\nexon\library\combatarms\appdata\engine.exe] => (Block) C:\nexon\library\combatarms\appdata\engine.exe
FirewallRules: [{4FC0B706-3CF3-4157-B029-0FA8BAF15BBF}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{F2869024-32F1-477F-8876-0046106A810C}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{90AECA7F-BA81-4995-BB60-D5608D490EA0}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{047C16FE-6C9A-40D9-8652-EF50E2292FF8}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{72C17992-2202-40C1-A4F3-427FE43D444F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{DB4BB1DF-74F5-4552-B86C-C4F58464F29A}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{98256275-98E1-4643-B79F-64744AC4BBFD}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{056DD16B-36D6-4701-B6F4-31CB58E92A43}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{0EAC3A5B-E2B6-49F2-9C09-80DEA9273340}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{31F0A181-B28A-4A8B-AD94-268FBD2AB1AA}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{648802F8-F4AA-41CC-B6CB-9737DAE76E22}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{CC04B9FA-3B79-4B85-9519-5AFEE16B5E13}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{C5E9BD42-258F-4F5B-A649-EF598F759EF1}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{694399C7-BA46-41EA-92D8-BD6D4D9AB4DE}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{F071B72D-CF77-49D3-83B7-1D61BD31FDF2}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{7E351461-561E-4528-8511-95B8AD5971C2}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{1F7B0DF8-5B94-48F1-B538-454D22058FB7}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{D13560D9-1E34-44C0-9437-4B5A464F3B87}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{6A78D5C8-0258-4AF5-9766-12C6FCD5BB65}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{AF8CCC71-63A2-4E31-A3DC-5986206722B6}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{541494E9-71D3-426F-9260-6979A221A36A}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{00E31A7B-636D-4992-9D2F-48180AB5C31C}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{6C64DA19-D3A8-4D1C-8E32-BFDF88CB7C87}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{66C3B4F9-CC7A-4AD1-A1DF-B9C84BA10634}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{B3DCE602-088F-4E40-9F55-F662C16E1420}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{547AE5BC-19F3-4D9B-88C9-6E71A9F9E4BA}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{5B9DCCDE-364A-468E-8375-DA24EB7CC492}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{BB663E23-AFCF-41B2-9971-9181E35FF5F5}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{BD8E5A7E-97DA-421C-92E0-40089B2C6762}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{701B21BF-81AC-4102-A4E8-E3F6A0F488EB}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{4EDD58BD-F944-4EE3-992E-5D21928DB550}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{C2A22FA2-4A80-4F76-9455-A41B38BC22BC}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{34C547FF-50EA-4418-95D6-359700D579EE}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{EC420CF8-ECD4-47F2-A912-23929AE127DE}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{B87BFE0A-F939-43A7-A423-B6BB998D3733}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{9B81668E-D38E-4DE2-BB87-CADFA832D613}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{78835C0B-6CE1-45CC-9855-40F6855DF81B}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{BDE3678E-7802-438D-B2E1-8A145B49AF81}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{685156E0-A5D8-4E2C-8CFD-8E5B4770742D}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{BAF21F14-E357-40DB-A2A2-62C51E407F57}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{A7C6A18E-E47F-4497-9A26-362F893BD428}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{00348741-8CA7-4D99-9381-7381782E5E3A}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{F8D01D3C-5435-4479-AAC3-94577AEC9CF7}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{AC5C6890-0C0F-40FF-BA45-16F88B1802AD}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{0236D00E-DB35-4C1C-890C-34F053D49B86}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{3CA3E64C-2D2C-41F3-A327-E63E43D40A01}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{4A62AEB1-EE88-486D-BB43-80719B3AB40D}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{4972ECEF-1746-40E3-ADB0-DE3401F97EC0}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{C62AB5EF-23E3-448D-B98F-BED6AE161016}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{431D4B63-80A5-4FDB-A7B7-E9754981554A}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{8F82BB31-F63E-4218-95A8-7EDCCE9F7A92}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{9BEADF31-6332-4AC0-AFB5-2C36EDBF93B0}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{B7709219-2B7A-4D8D-81C4-1012445AE78C}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{D300A4D7-0A0F-40EA-B5BF-57DA67ECC9E1}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{4074ADBB-F39C-4ED4-82A1-A612E451ADD0}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{0EBB6AB2-6762-4194-BF9D-D4913D4E153C}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{B2FE17C1-3717-4648-9030-E17286816633}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{2143AA94-77E7-42BA-A273-ED068AC91528}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [TCP Query User{A27B0BBC-2C6C-4635-85FA-E36B29CF97CD}C:\users\katie\downloads\raga.exe] => (Allow) C:\users\katie\downloads\raga.exe
FirewallRules: [UDP Query User{01A67314-D2B6-4373-A311-04217441FB7D}C:\users\katie\downloads\raga.exe] => (Allow) C:\users\katie\downloads\raga.exe
FirewallRules: [TCP Query User{E2165FB7-1BFD-41FB-A5CE-824FC3177BE4}C:\users\katie\downloads\ogar-windows-9bec584.exe] => (Block) C:\users\katie\downloads\ogar-windows-9bec584.exe
FirewallRules: [UDP Query User{6D842B84-B109-4BAB-92E3-51A1F4D658EA}C:\users\katie\downloads\ogar-windows-9bec584.exe] => (Block) C:\users\katie\downloads\ogar-windows-9bec584.exe
FirewallRules: [TCP Query User{B5B15C0B-0379-43DA-8038-F9B26F20083B}C:\users\katie\desktop\ogar-windows-9bec584.exe] => (Allow) C:\users\katie\desktop\ogar-windows-9bec584.exe
FirewallRules: [UDP Query User{2B640019-FE4F-4930-A95F-6141E9C4BD41}C:\users\katie\desktop\ogar-windows-9bec584.exe] => (Allow) C:\users\katie\desktop\ogar-windows-9bec584.exe
FirewallRules: [{41B428A8-AC93-4BA9-96B4-D00D9470E56B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{919AC7CF-30B5-44F3-93AF-D14BB65BE5CC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1591DF6F-5AA1-4012-B235-C8EED0045CC7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{113FC8DE-0022-40B8-82B9-3A4A0E528F57}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{59FDD7B8-0A91-48CA-888D-E26AFD1F5A65}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{3835AEC6-EBA7-4F99-B992-4F92E2788090}C:\program files (x86)\cheat engine 6.4\cheatengine-x86_64.exe] => (Allow) C:\program files (x86)\cheat engine 6.4\cheatengine-x86_64.exe
FirewallRules: [UDP Query User{7DD57EA4-2706-4C7B-B0C9-3B250CD367CB}C:\program files (x86)\cheat engine 6.4\cheatengine-x86_64.exe] => (Allow) C:\program files (x86)\cheat engine 6.4\cheatengine-x86_64.exe
FirewallRules: [{E1BD9824-1AD3-4F10-9A6C-58F4AAEF55F4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

23-05-2016 13:52:55 Windows Update
23-05-2016 14:54:03 Windows Update
24-05-2016 10:46:48 Windows Update
24-05-2016 11:25:29 Windows Update
25-05-2016 12:54:25 Windows Update
25-05-2016 13:29:25 Windows Update
26-05-2016 03:02:41 Windows Update
26-05-2016 14:02:15 Windows Update
27-05-2016 03:03:57 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/27/2016 03:06:06 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Click-to-Run 2010 - Update 'Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (05/27/2016 03:06:04 AM) (Source: Office Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070005
15.0.169.500

Error: (05/26/2016 09:01:04 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0061-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.

Error: (05/26/2016 02:06:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program uninstall.exe version 3.14.1.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1370

Start Time: 01d1b777c98ef78b

Termination Time: 10

Application Path: C:\Program Files (x86)\FileZilla FTP Client\uninstall.exe

Report Id:

Error: (05/26/2016 01:30:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 32033650

Error: (05/26/2016 01:30:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 32033650

Error: (05/26/2016 01:30:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/26/2016 04:37:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9188

Error: (05/26/2016 04:37:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9188

Error: (05/26/2016 04:37:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (05/27/2016 03:06:12 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition.

Error: (05/27/2016 03:06:04 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Office Software Protection Platform service terminated with the following error:
%%5

Error: (05/26/2016 03:04:27 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition.

Error: (05/26/2016 03:04:20 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Office Software Protection Platform service terminated with the following error:
%%5

Error: (05/25/2016 12:57:10 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition.

Error: (05/25/2016 12:57:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Office Software Protection Platform service terminated with the following error:
%%5

Error: (05/24/2016 10:50:24 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition.

Error: (05/24/2016 10:50:17 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Office Software Protection Platform service terminated with the following error:
%%5

Error: (05/23/2016 03:01:57 PM) (Source: WMPNetworkSvc) (EventID: 14324) (User: )
Description: WMPNetworkSvc0x80004002

Error: (05/23/2016 02:31:18 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.


CodeIntegrity:
===================================
Date: 2016-03-20 14:12:45.652
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-03-20 14:12:45.246
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-03-18 18:43:40.741
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\TrueSight.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-03-18 18:43:40.308
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\TrueSight.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-10 14:07:50.173
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\TrueSight.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-10 14:07:49.736
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\TrueSight.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-07 17:59:35.182
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\TrueSight.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-07 17:59:34.776
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\TrueSight.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-06 17:09:26.389
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\TrueSight.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-06 17:09:25.890
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\TrueSight.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD V120 Processor
Percentage of memory in use: 33%
Total physical RAM: 3834.9 MB
Available physical RAM: 2554.51 MB
Total Virtual: 7667.98 MB
Available Virtual: 5586.96 MB

==================== Drives ================================

Drive c: (TI105846W0F) (Fixed) (Total:222.42 GB) (Free:40.37 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 95EA1705)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=222.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9 GB) - (Type=17)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 29 May 2016 - 01:50 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,014 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:54 PM

Posted 29 May 2016 - 09:44 AM

Greetings Tramon and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me a bit of time to review your logs and I will be posting back a little later today.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,014 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:54 PM

Posted 29 May 2016 - 02:09 PM

Greetings and thank you for your patience. We are going to do quite a bit in this first post.

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have evidence of P2P downloads. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format and check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it to your Desktop as fixlist.txt. If FRST.exe is not on your Deskptop please move it to that location. (<<<Important)
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1457218534-3710924171-3785597336-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin HKU\S-1-5-21-1457218534-3710924171-3785597336-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Katie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
2016-05-24 12:28 - 2015-06-10 17:46 - 00000000 ____D C:\ProgramData\Nimoru
AlternateDataStreams: C:\Users\Katie\MediaFire:mf_x [104]
FirewallRules: [{204BDB66-E07A-4A59-89B9-7367F124752E}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{7B3D5D0D-D413-4B95-B723-7C6B488AEE82}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{A9D8B6DA-8F40-4185-B1B0-2669956D1265}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{413F07B9-F1A3-4CF0-83BB-7F9EC6C96A4A}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{0C8E01F6-7927-4A3A-AAD7-99C54A825CFF}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{DB03482C-7B9F-4493-A1A5-D78BAAD382E1}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{2199E61E-FB99-4859-A06D-8DBADECD47CC}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{4FC0B706-3CF3-4157-B029-0FA8BAF15BBF}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{F2869024-32F1-477F-8876-0046106A810C}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{90AECA7F-BA81-4995-BB60-D5608D490EA0}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{047C16FE-6C9A-40D9-8652-EF50E2292FF8}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{72C17992-2202-40C1-A4F3-427FE43D444F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{DB4BB1DF-74F5-4552-B86C-C4F58464F29A}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{98256275-98E1-4643-B79F-64744AC4BBFD}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{056DD16B-36D6-4701-B6F4-31CB58E92A43}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{0EAC3A5B-E2B6-49F2-9C09-80DEA9273340}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{31F0A181-B28A-4A8B-AD94-268FBD2AB1AA}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{648802F8-F4AA-41CC-B6CB-9737DAE76E22}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{CC04B9FA-3B79-4B85-9519-5AFEE16B5E13}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{C5E9BD42-258F-4F5B-A649-EF598F759EF1}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{694399C7-BA46-41EA-92D8-BD6D4D9AB4DE}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{F071B72D-CF77-49D3-83B7-1D61BD31FDF2}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{7E351461-561E-4528-8511-95B8AD5971C2}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{1F7B0DF8-5B94-48F1-B538-454D22058FB7}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{D13560D9-1E34-44C0-9437-4B5A464F3B87}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{6A78D5C8-0258-4AF5-9766-12C6FCD5BB65}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{AF8CCC71-63A2-4E31-A3DC-5986206722B6}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{541494E9-71D3-426F-9260-6979A221A36A}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{00E31A7B-636D-4992-9D2F-48180AB5C31C}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{6C64DA19-D3A8-4D1C-8E32-BFDF88CB7C87}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{66C3B4F9-CC7A-4AD1-A1DF-B9C84BA10634}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{B3DCE602-088F-4E40-9F55-F662C16E1420}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{547AE5BC-19F3-4D9B-88C9-6E71A9F9E4BA}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{5B9DCCDE-364A-468E-8375-DA24EB7CC492}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{BB663E23-AFCF-41B2-9971-9181E35FF5F5}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{BD8E5A7E-97DA-421C-92E0-40089B2C6762}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{701B21BF-81AC-4102-A4E8-E3F6A0F488EB}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{4EDD58BD-F944-4EE3-992E-5D21928DB550}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{C2A22FA2-4A80-4F76-9455-A41B38BC22BC}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{34C547FF-50EA-4418-95D6-359700D579EE}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{EC420CF8-ECD4-47F2-A912-23929AE127DE}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{B87BFE0A-F939-43A7-A423-B6BB998D3733}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{9B81668E-D38E-4DE2-BB87-CADFA832D613}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{78835C0B-6CE1-45CC-9855-40F6855DF81B}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{BDE3678E-7802-438D-B2E1-8A145B49AF81}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{685156E0-A5D8-4E2C-8CFD-8E5B4770742D}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{BAF21F14-E357-40DB-A2A2-62C51E407F57}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{A7C6A18E-E47F-4497-9A26-362F893BD428}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{00348741-8CA7-4D99-9381-7381782E5E3A}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{F8D01D3C-5435-4479-AAC3-94577AEC9CF7}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{AC5C6890-0C0F-40FF-BA45-16F88B1802AD}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{0236D00E-DB35-4C1C-890C-34F053D49B86}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{3CA3E64C-2D2C-41F3-A327-E63E43D40A01}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{4A62AEB1-EE88-486D-BB43-80719B3AB40D}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{4972ECEF-1746-40E3-ADB0-DE3401F97EC0}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{C62AB5EF-23E3-448D-B98F-BED6AE161016}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{431D4B63-80A5-4FDB-A7B7-E9754981554A}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{8F82BB31-F63E-4218-95A8-7EDCCE9F7A92}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{9BEADF31-6332-4AC0-AFB5-2C36EDBF93B0}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{B7709219-2B7A-4D8D-81C4-1012445AE78C}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{D300A4D7-0A0F-40EA-B5BF-57DA67ECC9E1}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{4074ADBB-F39C-4ED4-82A1-A612E451ADD0}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{0EBB6AB2-6762-4194-BF9D-D4913D4E153C}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{B2FE17C1-3717-4648-9030-E17286816633}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{2143AA94-77E7-42BA-A273-ED068AC91528}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
CMD: type "C:\ComboFix.txt"
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Launching Chrome Without Plugins or Extensions

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type in chrome --incognito and press Enter
  • Check the browser behavior
===================================================

Virustotal Online Virus Scanner

--------------------
  • Please go to Virustotal
  • Select Choose File
  • Navigate to the following file (if multiple files then one at a time), double click on it so the file name is populated, then click Scan it!
  • IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.

C:\Users\Katie\Downloads\vsh.tmp

  • Once completed, highlight the information in the address bar and copy then paste the link in your reply
virustotal.jpg

===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a MTB.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Internet Explorer?
  • Fixlog
  • AdwCleaner log
  • Junkware log
  • Chrome Incognito behavior?
  • Virustotal link
  • MTB log
  • System Summary Information
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Tramon

Tramon
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 PM

Posted 29 May 2016 - 04:03 PM

  • Internet Explorer? looking good so far. 

_______________________

  • Fixlog    

    Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
    Ran by Katie (2016-05-29 14:43:59) Run:3
    Running from C:\Users\Katie\Desktop\FRST
    Loaded Profiles: Katie (Available Profiles: Katie & Guest)
    Boot Mode: Normal
    ==============================================
     
    fixlist content:
    *****************
    CreateRestorePoint:
    CloseProcesses:
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-1457218534-3710924171-3785597336-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    FF Plugin HKU\S-1-5-21-1457218534-3710924171-3785597336-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Katie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    2016-05-24 12:28 - 2015-06-10 17:46 - 00000000 ____D C:\ProgramData\Nimoru
    AlternateDataStreams: C:\Users\Katie\MediaFire:mf_x [104]
    FirewallRules: [{204BDB66-E07A-4A59-89B9-7367F124752E}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{7B3D5D0D-D413-4B95-B723-7C6B488AEE82}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{A9D8B6DA-8F40-4185-B1B0-2669956D1265}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{413F07B9-F1A3-4CF0-83BB-7F9EC6C96A4A}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{0C8E01F6-7927-4A3A-AAD7-99C54A825CFF}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{DB03482C-7B9F-4493-A1A5-D78BAAD382E1}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{2199E61E-FB99-4859-A06D-8DBADECD47CC}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{4FC0B706-3CF3-4157-B029-0FA8BAF15BBF}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{F2869024-32F1-477F-8876-0046106A810C}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{90AECA7F-BA81-4995-BB60-D5608D490EA0}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{047C16FE-6C9A-40D9-8652-EF50E2292FF8}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{72C17992-2202-40C1-A4F3-427FE43D444F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{DB4BB1DF-74F5-4552-B86C-C4F58464F29A}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{98256275-98E1-4643-B79F-64744AC4BBFD}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{056DD16B-36D6-4701-B6F4-31CB58E92A43}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{0EAC3A5B-E2B6-49F2-9C09-80DEA9273340}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{31F0A181-B28A-4A8B-AD94-268FBD2AB1AA}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{648802F8-F4AA-41CC-B6CB-9737DAE76E22}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{CC04B9FA-3B79-4B85-9519-5AFEE16B5E13}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{C5E9BD42-258F-4F5B-A649-EF598F759EF1}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{694399C7-BA46-41EA-92D8-BD6D4D9AB4DE}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{F071B72D-CF77-49D3-83B7-1D61BD31FDF2}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{7E351461-561E-4528-8511-95B8AD5971C2}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{1F7B0DF8-5B94-48F1-B538-454D22058FB7}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{D13560D9-1E34-44C0-9437-4B5A464F3B87}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{6A78D5C8-0258-4AF5-9766-12C6FCD5BB65}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{AF8CCC71-63A2-4E31-A3DC-5986206722B6}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{541494E9-71D3-426F-9260-6979A221A36A}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{00E31A7B-636D-4992-9D2F-48180AB5C31C}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{6C64DA19-D3A8-4D1C-8E32-BFDF88CB7C87}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{66C3B4F9-CC7A-4AD1-A1DF-B9C84BA10634}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{B3DCE602-088F-4E40-9F55-F662C16E1420}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{547AE5BC-19F3-4D9B-88C9-6E71A9F9E4BA}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{5B9DCCDE-364A-468E-8375-DA24EB7CC492}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{BB663E23-AFCF-41B2-9971-9181E35FF5F5}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{BD8E5A7E-97DA-421C-92E0-40089B2C6762}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{701B21BF-81AC-4102-A4E8-E3F6A0F488EB}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{4EDD58BD-F944-4EE3-992E-5D21928DB550}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{C2A22FA2-4A80-4F76-9455-A41B38BC22BC}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{34C547FF-50EA-4418-95D6-359700D579EE}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{EC420CF8-ECD4-47F2-A912-23929AE127DE}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{B87BFE0A-F939-43A7-A423-B6BB998D3733}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{9B81668E-D38E-4DE2-BB87-CADFA832D613}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{78835C0B-6CE1-45CC-9855-40F6855DF81B}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{BDE3678E-7802-438D-B2E1-8A145B49AF81}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{685156E0-A5D8-4E2C-8CFD-8E5B4770742D}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{BAF21F14-E357-40DB-A2A2-62C51E407F57}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{A7C6A18E-E47F-4497-9A26-362F893BD428}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{00348741-8CA7-4D99-9381-7381782E5E3A}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{F8D01D3C-5435-4479-AAC3-94577AEC9CF7}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{AC5C6890-0C0F-40FF-BA45-16F88B1802AD}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{0236D00E-DB35-4C1C-890C-34F053D49B86}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{3CA3E64C-2D2C-41F3-A327-E63E43D40A01}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{4A62AEB1-EE88-486D-BB43-80719B3AB40D}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{4972ECEF-1746-40E3-ADB0-DE3401F97EC0}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{C62AB5EF-23E3-448D-B98F-BED6AE161016}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{431D4B63-80A5-4FDB-A7B7-E9754981554A}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{8F82BB31-F63E-4218-95A8-7EDCCE9F7A92}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{9BEADF31-6332-4AC0-AFB5-2C36EDBF93B0}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{B7709219-2B7A-4D8D-81C4-1012445AE78C}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{D300A4D7-0A0F-40EA-B5BF-57DA67ECC9E1}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{4074ADBB-F39C-4ED4-82A1-A612E451ADD0}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{0EBB6AB2-6762-4194-BF9D-D4913D4E153C}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{B2FE17C1-3717-4648-9030-E17286816633}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    FirewallRules: [{2143AA94-77E7-42BA-A273-ED068AC91528}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    CMD: type "C:\ComboFix.txt"
     
    *****************
     
    Restore point was successfully created.
    Processes closed successfully.
    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    "HKU\S-1-5-21-1457218534-3710924171-3785597336-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
    HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
    HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
    "HKU\S-1-5-21-1457218534-3710924171-3785597336-1001\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0" => key removed successfully
    C:\Users\Katie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll => not found.
    AppMgmt => service removed successfully
    C:\ProgramData\Nimoru => moved successfully
    "C:\Users\Katie\MediaFire" => ":mf_x" ADS not found.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{204BDB66-E07A-4A59-89B9-7367F124752E} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7B3D5D0D-D413-4B95-B723-7C6B488AEE82} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A9D8B6DA-8F40-4185-B1B0-2669956D1265} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{413F07B9-F1A3-4CF0-83BB-7F9EC6C96A4A} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0C8E01F6-7927-4A3A-AAD7-99C54A825CFF} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DB03482C-7B9F-4493-A1A5-D78BAAD382E1} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2199E61E-FB99-4859-A06D-8DBADECD47CC} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4FC0B706-3CF3-4157-B029-0FA8BAF15BBF} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F2869024-32F1-477F-8876-0046106A810C} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{90AECA7F-BA81-4995-BB60-D5608D490EA0} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{047C16FE-6C9A-40D9-8652-EF50E2292FF8} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{72C17992-2202-40C1-A4F3-427FE43D444F} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DB4BB1DF-74F5-4552-B86C-C4F58464F29A} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{98256275-98E1-4643-B79F-64744AC4BBFD} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{056DD16B-36D6-4701-B6F4-31CB58E92A43} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0EAC3A5B-E2B6-49F2-9C09-80DEA9273340} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{31F0A181-B28A-4A8B-AD94-268FBD2AB1AA} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{648802F8-F4AA-41CC-B6CB-9737DAE76E22} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CC04B9FA-3B79-4B85-9519-5AFEE16B5E13} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C5E9BD42-258F-4F5B-A649-EF598F759EF1} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{694399C7-BA46-41EA-92D8-BD6D4D9AB4DE} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F071B72D-CF77-49D3-83B7-1D61BD31FDF2} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7E351461-561E-4528-8511-95B8AD5971C2} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1F7B0DF8-5B94-48F1-B538-454D22058FB7} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D13560D9-1E34-44C0-9437-4B5A464F3B87} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6A78D5C8-0258-4AF5-9766-12C6FCD5BB65} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AF8CCC71-63A2-4E31-A3DC-5986206722B6} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{541494E9-71D3-426F-9260-6979A221A36A} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{00E31A7B-636D-4992-9D2F-48180AB5C31C} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6C64DA19-D3A8-4D1C-8E32-BFDF88CB7C87} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{66C3B4F9-CC7A-4AD1-A1DF-B9C84BA10634} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B3DCE602-088F-4E40-9F55-F662C16E1420} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{547AE5BC-19F3-4D9B-88C9-6E71A9F9E4BA} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5B9DCCDE-364A-468E-8375-DA24EB7CC492} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BB663E23-AFCF-41B2-9971-9181E35FF5F5} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BD8E5A7E-97DA-421C-92E0-40089B2C6762} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{701B21BF-81AC-4102-A4E8-E3F6A0F488EB} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4EDD58BD-F944-4EE3-992E-5D21928DB550} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C2A22FA2-4A80-4F76-9455-A41B38BC22BC} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{34C547FF-50EA-4418-95D6-359700D579EE} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EC420CF8-ECD4-47F2-A912-23929AE127DE} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B87BFE0A-F939-43A7-A423-B6BB998D3733} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9B81668E-D38E-4DE2-BB87-CADFA832D613} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{78835C0B-6CE1-45CC-9855-40F6855DF81B} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BDE3678E-7802-438D-B2E1-8A145B49AF81} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{685156E0-A5D8-4E2C-8CFD-8E5B4770742D} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BAF21F14-E357-40DB-A2A2-62C51E407F57} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A7C6A18E-E47F-4497-9A26-362F893BD428} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{00348741-8CA7-4D99-9381-7381782E5E3A} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F8D01D3C-5435-4479-AAC3-94577AEC9CF7} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AC5C6890-0C0F-40FF-BA45-16F88B1802AD} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0236D00E-DB35-4C1C-890C-34F053D49B86} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3CA3E64C-2D2C-41F3-A327-E63E43D40A01} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4A62AEB1-EE88-486D-BB43-80719B3AB40D} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4972ECEF-1746-40E3-ADB0-DE3401F97EC0} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C62AB5EF-23E3-448D-B98F-BED6AE161016} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{431D4B63-80A5-4FDB-A7B7-E9754981554A} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8F82BB31-F63E-4218-95A8-7EDCCE9F7A92} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9BEADF31-6332-4AC0-AFB5-2C36EDBF93B0} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B7709219-2B7A-4D8D-81C4-1012445AE78C} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D300A4D7-0A0F-40EA-B5BF-57DA67ECC9E1} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4074ADBB-F39C-4ED4-82A1-A612E451ADD0} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0EBB6AB2-6762-4194-BF9D-D4913D4E153C} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B2FE17C1-3717-4648-9030-E17286816633} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2143AA94-77E7-42BA-A273-ED068AC91528} => value removed successfully
     
    =========  type "C:\ComboFix.txt" =========
     
    ComboFix 16-05-18.01 - Katie 05/20/2016  20:04:28.2.1 - x64
    Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3835.2908 [GMT -4:00]
    Running from: c:\users\Katie\Desktop\ComboFix.exe
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((   Files Created from 2016-04-21 to 2016-05-21  )))))))))))))))))))))))))))))))
    .
    .
    2016-05-21 00:14 . 2016-05-21 00:14 -------- d-----w- c:\users\Public\AppData\Local\temp
    2016-05-21 00:14 . 2016-05-21 00:14 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2016-05-21 00:14 . 2016-05-21 00:14 -------- d-----w- c:\users\Default\AppData\Local\temp
    2016-05-20 23:09 . 2016-05-17 22:56 11898512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C8F841C5-0170-4030-8A17-1BE14C66060E}\mpengine.dll
    2016-05-17 07:11 . 2016-05-17 07:11 79064 ----a-w- c:\windows\system32\drivers\uuaukrsx.sys
    2016-05-12 18:21 . 2016-05-12 18:21 5995712 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2016-05-17 05:40 . 2014-09-16 00:04 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2016-05-12 18:21 . 2013-01-03 00:07 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2016-05-12 18:21 . 2013-01-03 00:07 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2016-05-12 17:12 . 2014-09-15 23:16 139319312 ----a-w- c:\windows\system32\MRT.exe
    2016-04-21 19:05 . 2011-01-02 18:40 453288 ------w- c:\windows\system32\MpSigStub.exe
    2016-03-18 22:51 . 2016-01-05 22:07 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2016-03-11 15:24 . 2016-01-05 22:50 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2016-03-10 18:09 . 2014-09-16 00:04 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
    2016-03-10 18:08 . 2014-09-16 00:04 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2016-03-10 18:08 . 2014-09-16 00:03 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown 
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2014-05-05 22:15 223432 ----a-w- c:\users\Katie\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2014-05-05 22:15 223432 ----a-w- c:\users\Katie\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2014-05-05 22:15 223432 ----a-w- c:\users\Katie\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Gyazo"="c:\program files (x86)\Gyazo\GyStation.exe" [2016-02-17 3586848]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2014-07-22 2694040]
    "wermgr"="c:\programdata\Microsoft\Windows\WER\wermgr.exe" [2015-01-09 6786560]
    "FonePaw iPhone Data RecoveryAppService"="c:\program files (x86)\FonePaw\FonePaw iPhone Data Recovery\AppService.exe" [2015-12-24 81512]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-01-29 594992]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 MF NTFS Monitor;MediaFire NTFS Monitor;c:\users\Katie\AppData\Local\MEDIAF~1\MFUSNM~1.EXE;c:\users\Katie\AppData\Local\MEDIAF~1\MFUSNM~1.EXE [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 HcwDevCentralService;HcwDevCentralService;c:\progra~2\HAUPPA~1\DEVICE~1\HCWDEV~1.EXE;c:\progra~2\HAUPPA~1\DEVICE~1\HCWDEV~1.EXE [x]
    R3 hcwE5bda;Hauppauge Siena Video Capture;c:\windows\system32\drivers\hcwE5bda.sys;c:\windows\SYSNATIVE\drivers\hcwE5bda.sys [x]
    R3 LeapFrog-USBLAN;LeapFrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys;c:\windows\SYSNATIVE\DRIVERS\btblan.sys [x]
    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
    R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
    R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 VsEtwService120;Visual Studio ETW Event Collection Service;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 X86BDA;OEM Capture;c:\windows\system32\DRIVERS\OEMDrv.sys;c:\windows\SYSNATIVE\DRIVERS\OEMDrv.sys [x]
    R3 XSplit_Dummy;XSplit  Stream  Audio  Renderer;c:\windows\system32\drivers\xspltspk.sys;c:\windows\SYSNATIVE\drivers\xspltspk.sys [x]
    S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
    S1 pfs_dokan;pfs_dokan;c:\windows\system32\DRIVERS\pfs_dokan.sys;c:\windows\SYSNATIVE\DRIVERS\pfs_dokan.sys [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
    S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe;c:\windows\SYSNATIVE\lxdncoms.exe [x]
    S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\lxdnserv.exe [x]
    S2 mfmonitor;mfmonitor;c:\windows\system32\DRIVERS\mfmonitor_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mfmonitor_x64.sys [x]
    S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [x]
    S2 RzKLService;RzKLService;c:\program files (x86)\Razer\Razer Cortex\RzKLService.exe;c:\program files (x86)\Razer\Razer Cortex\RzKLService.exe [x]
    S2 SCEFSMounter;SCE File System Driver;c:\program files (x86)\SCE\Common\File System Driver\bin\pfs_mounter.exe;c:\program files (x86)\SCE\Common\File System Driver\bin\pfs_mounter.exe [x]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
    S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
    S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys;c:\windows\SYSNATIVE\DRIVERS\FwLnk.sys [x]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
    S3 ScpVBus;Scp Virtual Bus Driver;c:\windows\system32\DRIVERS\ScpVBus.sys;c:\windows\SYSNATIVE\DRIVERS\ScpVBus.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
    S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys;c:\windows\SYSNATIVE\DRIVERS\vcsvad.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2016-05-13 01:14 1186968 ----a-w- c:\program files (x86)\Google\Chrome\Application\50.0.2661.102\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2016-05-20 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-03 18:22]
    .
    2016-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-03-17 21:36]
    .
    2016-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-03-17 21:36]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2014-05-05 22:15 262344 ----a-w- c:\users\Katie\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2014-05-05 22:15 262344 ----a-w- c:\users\Katie\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2014-05-05 22:15 262344 ----a-w- c:\users\Katie\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconError]
    @="{5EE8C634-CDC0-453D-9731-DF0B19F4E807}"
    [HKEY_CLASSES_ROOT\CLSID\{5EE8C634-CDC0-453D-9731-DF0B19F4E807}]
    2014-10-14 22:19 89600 ----a-w- c:\program files (x86)\MediaFire Desktop\MediaFireIcon3_f1d81.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconReadOnly]
    @="{7995D0FC-769B-4197-AEC0-991921CB99E1}"
    [HKEY_CLASSES_ROOT\CLSID\{7995D0FC-769B-4197-AEC0-991921CB99E1}]
    2014-10-14 22:19 89088 ----a-w- c:\program files (x86)\MediaFire Desktop\MediaFireIcon5_f1d81.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconSynched]
    @="{9A3B79CB-D899-40B5-8DBC-20447F1ADC8F}"
    [HKEY_CLASSES_ROOT\CLSID\{9A3B79CB-D899-40B5-8DBC-20447F1ADC8F}]
    2014-10-14 22:19 84992 ----a-w- c:\program files (x86)\MediaFire Desktop\MediaFireIcon_f1d81.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaFireIconSyncing]
    @="{C4D81971-6B13-4173-AB21-F83AD20CCC04}"
    [HKEY_CLASSES_ROOT\CLSID\{C4D81971-6B13-4173-AB21-F83AD20CCC04}]
    2014-10-14 22:19 86528 ----a-w- c:\program files (x86)\MediaFire Desktop\MediaFireIcon2_f1d81.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MediaFireIconLock]
    @="{759F3E92-F4E8-4953-8315-238B8B17E0F3}"
    [HKEY_CLASSES_ROOT\CLSID\{759F3E92-F4E8-4953-8315-238B8B17E0F3}]
    2014-10-14 22:19 84992 ----a-w- c:\program files (x86)\MediaFire Desktop\MediaFireIcon4_f1d81.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [BU]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-12-09 170256]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    mDefault_Search_URL = about:blank
    mDefault_Page_URL = about:blank
    mStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    mSearch Page = about:blank
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.1.254
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    AddRemove-{1ef771b4-b774-439e-a015-23dec292d9a4} - c:\programdata\Package Cache\{1ef771b4-b774-439e-a015-23dec292d9a4}\wdexpress_full.exe
    AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
    AddRemove-{7dbba119-718a-4f68-b33e-454dc8aa5faf} - c:\programdata\Package Cache\{7dbba119-718a-4f68-b33e-454dc8aa5faf}\VS12-KB2932965.exe
    AddRemove-{86438e3d-7f83-4dd2-94aa-047e7c3974cb} - c:\programdata\Package Cache\{86438e3d-7f83-4dd2-94aa-047e7c3974cb}\VS2013.3.exe
    AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
    AddRemove-{cbb7c584-20c0-4426-9921-ac1cc52ff54d} - c:\programdata\Package Cache\{cbb7c584-20c0-4426-9921-ac1cc52ff54d}\TinyTakeSetup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
    "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_242_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_242_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_242_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_242_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.21"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2016-05-20  20:17:46
    ComboFix-quarantined-files.txt  2016-05-21 00:17
    ComboFix2.txt  2016-03-20 18:18
    .
    Pre-Run: 43,546,755,072 bytes free
    Post-Run: 44,383,887,360 bytes free
    .
    - - End Of File - - B7200ADC12F7AFE44BEE545E3AF341A7
    5B5E648D12FCADC244C1EC30318E1EB9
     
    ========= End of CMD: =========
     
     
     
    The system needed a reboot.
     
    ==== End of Fixlog 14:44:41 ====

 

_______________________

  • AdwCleaner log

    # AdwCleaner v5.028 - Logfile created 05/01/2016 at 16:57:57
    # Updated 04/01/2016 by Xplode
    # Database : 2016-01-04.2 [Server]
    # Operating system : Windows 7 Home Premium Service Pack 1 (x64)
    # Username : Katie - TRAY-PC
    # Running from : C:\Users\Katie\Desktop\adwcleaner_5.028.exe
    # Option : Cleaning
     
    ***** [ Services ] *****
     
     
    ***** [ Folders ] *****
     
    [-] Folder Deleted : C:\Program Files (x86)\FlashBeat
    [-] Folder Deleted : C:\Program Files (x86)\app_setup
    [-] Folder Deleted : C:\Program Files (x86)\Priceless
    [-] Folder Deleted : C:\ProgramData\Partner
    [-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cain
    [-] Folder Deleted : C:\Users\Guest\AppData\Local\AskToolbar
    [-] Folder Deleted : C:\Users\Katie\AppData\Local\AskToolbar
    [-] Folder Deleted : C:\Users\Katie\AppData\Roaming\pccustubinstaller
     
    ***** [ Files ] *****
     
    [-] File Deleted : C:\windows\SysNative\roboot64.exe
     
    ***** [ DLLs ] *****
     
     
    ***** [ Shortcuts ] *****
     
     
    ***** [ Scheduled tasks ] *****
     
    [-] Task Deleted : GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__333732343537363139302d3437415a556c2a3223346c41
     
    ***** [ Registry ] *****
     
    [-] Key Deleted : HKLM\SOFTWARE\Classes\pc-mechanic
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
    [-] Key Deleted : HKCU\Software\cain
    [-] Key Deleted : HKLM\SOFTWARE\Uniblue
    [-] Key Deleted : HKLM\SOFTWARE\WinPrograms
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A23B547D-36B0-4B85-B68A-AADF6C9A723B}_is1
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5C6EDA57-C397-4C14-ADA1-8DD2BF7127AE}
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\shopathome.com
     
    ***** [ Web browsers ] *****
     
    [-] [C:\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : safesear.ch
    [-] [C:\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
    [-] [C:\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
    [-] [C:\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : buenosearch.com
    [-] [C:\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : astromenda.com
    [-] [C:\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : websearch
    [-] [C:\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.conduit.com
    [-] [C:\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.dosearches.com
    [-] [C:\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : isearch.babylon.com
    [-] [C:\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : cmclajginlihohopoeofghddnhpplhom
     
    *************************
     
    :: "Tracing" keys removed
    :: Winsock settings cleared
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3494 bytes] ##########
    # AdwCleaner v5.118 - Logfile created 29/05/2016 at 14:58:15
    # Updated 23/05/2016 by Xplode
    # Database : 2016-05-29.1 [Server]
    # Operating system : Windows 7 Home Premium Service Pack 1 (X64)
    # Username : Katie - TRAY-PC
    # Running from : C:\Users\Katie\Desktop\adwcleaner_5.118.exe
    # Option : Clean
     
    ***** [ Services ] *****
     
     
    ***** [ Folders ] *****
     
    [-] Folder Deleted : C:\Program Files (x86)\Popcorn Time
    [-] Folder Deleted : C:\Users\Katie\AppData\Local\VirtualStore\Program Files (x86)\Popcorn Time
     
    ***** [ Files ] *****
     
    [-] File Deleted : C:\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
    [-] File Deleted : C:\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
     
    ***** [ DLLs ] *****
     
     
    ***** [ WMI ] *****
     
     
    ***** [ Shortcuts ] *****
     
     
    ***** [ Scheduled tasks ] *****
     
     
    ***** [ Registry ] *****
     
    [-] Key Deleted : HKCU\Software\Classes\TypeLib\{006AD7B2-968A-11DE-88C9-5BDE55D89593}
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\akamaihd.net
     
    ***** [ Web browsers ] *****
     
    [-] [C:\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
    [-] [C:\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
     
    *************************
     
    :: "Tracing" keys deleted
    :: Winsock settings cleared
     
    *************************
     
    C:\AdwCleaner\AdwCleaner[C1].txt - [5143 bytes] - [05/01/2016 17:57:57]
    C:\AdwCleaner\AdwCleaner[S1].txt - [4953 bytes] - [05/01/2016 17:50:41]
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5289 bytes] ##########
     



    ____________________
  • Junkware log

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.6 (04.25.2016)
    Operating System: Windows 7 Home Premium x64 
    Ran by Katie (Administrator) on Sun 05/29/2016 at 15:11:24.07
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     
     
    File System: 16 
     
    Successfully deleted: C:\Users\Katie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0B5KD9O4 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Katie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C92S4UFR (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Katie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DMA9RSWF (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Katie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DXWF4XVN (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Katie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NK3KVR0S (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Katie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VD0J5XU9 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Katie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XEM0HCVY (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Katie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XPGM2EQ4 (Temporary Internet Files Folder) 
    Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0B5KD9O4 (Temporary Internet Files Folder) 
    Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C92S4UFR (Temporary Internet Files Folder) 
    Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DMA9RSWF (Temporary Internet Files Folder) 
    Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DXWF4XVN (Temporary Internet Files Folder) 
    Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NK3KVR0S (Temporary Internet Files Folder) 
    Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VD0J5XU9 (Temporary Internet Files Folder) 
    Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XEM0HCVY (Temporary Internet Files Folder) 
    Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XPGM2EQ4 (Temporary Internet Files Folder) 
     
     
     
    Registry: 0 
     
     
     
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 05/29/2016 at 15:15:47.44
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     

    ______________________________
  • Chrome Incognito behavior? ummm it was good
    ________
     
  • Virustotal link

    https://www.virustotal.com/en/file/7672cdf1a39bb4e0006eb09820f0eb3789523e49c35ca086dfe9bdfc3bd60f82/analysis/1464553741/
    ____________
  • MTB log

    MiniToolBox by Farbar  Version: 07-02-2016 01
    Ran by Katie (administrator) on 29-05-2016 at 15:31:48
    Running from "C:\Users\Katie\Desktop"
    Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
    Model: Satellite C655D Manufacturer: TOSHIBA
    Boot Mode: Normal
    ***************************************************************************
     
    ========================= Flush DNS: ===================================
     
    Windows IP Configuration
     
    Successfully flushed the DNS Resolver Cache.
     
    ========================= IE Proxy Settings: ============================== 
     
    Proxy is not enabled.
    No Proxy Server is set.
     
    "Reset IE Proxy Settings": IE Proxy Settings were reset.
     
    ========================= FF Proxy Settings: ============================== 
     
     
    "Reset FF Proxy Settings": Firefox Proxy settings were reset.
     
    ========================= Hosts content: =================================
    127.0.0.1       localhost
    ========================= IP Configuration: ================================
     
    Atheros AR9285 Wireless Network Adapter = Wireless Network Connection (Connected)
    Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.20) = Local Area Connection (Media disconnected)
    Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
    TAP-Win32 Adapter V9 = Local Area Connection 3 (Media disconnected)
     
     
    # ----------------------------------
    # IPv4 Configuration
    # ----------------------------------
    pushd interface ipv4
     
    reset
    set global icmpredirects=enabled
    add address name="Local Area Connection 2" address=169.254.233.1 mask=255.255.255.0
     
     
    popd
    # End of IPv4 configuration
     
     
     
    Windows IP Configuration
     
       Host Name . . . . . . . . . . . . : Tray-PC
       Primary Dns Suffix  . . . . . . . : 
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : att.net
     
    Ethernet adapter Local Area Connection 3:
     
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : TAP-Win32 Adapter V9
       Physical Address. . . . . . . . . : 00-FF-8E-31-90-65
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
     
    Wireless LAN adapter Wireless Network Connection 2:
     
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
       Physical Address. . . . . . . . . : 1A-65-9D-B9-01-E7
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
     
    Ethernet adapter Local Area Connection:
     
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.20)
       Physical Address. . . . . . . . . : 00-26-6C-98-BC-64
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
     
    Wireless LAN adapter Wireless Network Connection:
     
       Connection-specific DNS Suffix  . : att.net
       Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter
       Physical Address. . . . . . . . . : 1C-65-9D-B9-01-E7
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       IPv6 Address. . . . . . . . . . . : 2602:306:cd00:d3e0:ec2c:6ed:47d3:3561(Preferred) 
       Temporary IPv6 Address. . . . . . : 2602:306:cd00:d3e0:6512:abd2:97c8:2a5f(Preferred) 
       Link-local IPv6 Address . . . . . : fe80::ec2c:6ed:47d3:3561%10(Preferred) 
       IPv4 Address. . . . . . . . . . . : 192.168.1.73(Preferred) 
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Lease Obtained. . . . . . . . . . : Sunday, May 29, 2016 3:01:07 PM
       Lease Expires . . . . . . . . . . : Monday, May 30, 2016 3:01:06 PM
       Default Gateway . . . . . . . . . : fe80::96cc:b9ff:fee2:e980%10
                                           192.168.1.254
       DHCP Server . . . . . . . . . . . : 192.168.1.254
       DHCPv6 IAID . . . . . . . . . . . : 186410397
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-82-71-EA-1C-65-9D-B9-01-E7
       DNS Servers . . . . . . . . . . . : 192.168.1.254
       NetBIOS over Tcpip. . . . . . . . : Enabled
     
    Tunnel adapter isatap.cfl.rr.com:
     
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
     
    Tunnel adapter Local Area Connection* 9:
     
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
     
    Tunnel adapter isatap.att.net:
     
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : att.net
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
     
    Tunnel adapter isatap.{28183868-15F8-43FE-8C09-19CCD820C910}:
     
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
     
    Tunnel adapter isatap.{8E319065-4455-47DB-B3A6-E6418BFE0B1E}:
     
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
     
    Tunnel adapter isatap.{E3A9C44E-84C3-4D40-81F5-51F483C4DD14}:
     
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
    Server:  dsldevice.att.net
    Address:  192.168.1.254
     
    Name:    google.com
    Addresses:  2607:f8b0:4002:c07::66
     173.194.219.102
     173.194.219.101
     173.194.219.113
     173.194.219.139
     173.194.219.138
     173.194.219.100
     
     
    Pinging google.com [2607:f8b0:4002:c07::71] with 32 bytes of data:
    Reply from 2607:f8b0:4002:c07::71: time=122ms 
    Reply from 2607:f8b0:4002:c07::71: time=116ms 
     
    Ping statistics for 2607:f8b0:4002:c07::71:
        Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 116ms, Maximum = 122ms, Average = 119ms
    Server:  dsldevice.att.net
    Address:  192.168.1.254
     
    Name:    yahoo.com
    Addresses:  2001:4998:58:c02::a9
     2001:4998:44:204::a7
     2001:4998:c:a06::2:4008
     98.138.253.109
     98.139.183.24
     206.190.36.45
     
     
    Pinging yahoo.com [2001:4998:c:a06::2:4008] with 32 bytes of data:
    Reply from 2001:4998:c:a06::2:4008: time=171ms 
    Reply from 2001:4998:c:a06::2:4008: time=178ms 
     
    Ping statistics for 2001:4998:c:a06::2:4008:
        Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 171ms, Maximum = 178ms, Average = 174ms
     
    Pinging 127.0.0.1 with 32 bytes of data:
    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
     
    Ping statistics for 127.0.0.1:
        Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 0ms, Maximum = 0ms, Average = 0ms
    ===========================================================================
    Interface List
     17...00 ff 8e 31 90 65 ......TAP-Win32 Adapter V9
     13...1a 65 9d b9 01 e7 ......Microsoft Virtual WiFi Miniport Adapter
     11...00 26 6c 98 bc 64 ......Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.20)
     10...1c 65 9d b9 01 e7 ......Atheros AR9285 Wireless Network Adapter
      1...........................Software Loopback Interface 1
     12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
     18...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
     24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
     23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
     21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
     39...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
    ===========================================================================
     
    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination        Netmask          Gateway       Interface  Metric
              0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.73     25
            127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
            127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
      127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
          192.168.1.0    255.255.255.0         On-link      192.168.1.73    281
         192.168.1.73  255.255.255.255         On-link      192.168.1.73    281
        192.168.1.255  255.255.255.255         On-link      192.168.1.73    281
            224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
            224.0.0.0        240.0.0.0         On-link      192.168.1.73    281
      255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      255.255.255.255  255.255.255.255         On-link      192.168.1.73    281
    ===========================================================================
    Persistent Routes:
      None
     
    IPv6 Route Table
    ===========================================================================
    Active Routes:
     If Metric Network Destination      Gateway
     10    281 ::/0                     fe80::96cc:b9ff:fee2:e980
      1    306 ::1/128                  On-link
     10     33 2602:306:cd00:d3e0::/64  On-link
     10    281 2602:306:cd00:d3e0:6512:abd2:97c8:2a5f/128
                                        On-link
     10    281 2602:306:cd00:d3e0:ec2c:6ed:47d3:3561/128
                                        On-link
     10    281 fe80::/64                On-link
     10    281 fe80::ec2c:6ed:47d3:3561/128
                                        On-link
      1    306 ff00::/8                 On-link
     10    281 ff00::/8                 On-link
    ===========================================================================
    Persistent Routes:
      None
    ========================= Winsock entries =====================================
     
    Catalog5 01 C:\windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
    Catalog5 02 C:\windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
    Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
    Catalog5 04 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
    Catalog5 05 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog5 06 C:\windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
    Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128] (Apple Inc.)
    Catalog9 01 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 02 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 03 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 04 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 05 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 06 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 07 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 08 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 09 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 10 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
    x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
    x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
    x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
    x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
    x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [133392] (Apple Inc.)
    x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
     
    **** End of log ****
     
    ______________
  • System Summary Information

    tried to upload but kept saying Error You aren't permitted to upload this kind of file

    ___
  • Update on computer 
    seems to be ok


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,014 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:54 PM

Posted 29 May 2016 - 05:34 PM

Thank you,

Relaunch Chrome normally and check the behavior. Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
c:\windows\system32\drivers\uuaukrsx.sys
C:\Users\Katie\Downloads\vsh.tmp
emptytemp:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Emsisoft Emergency Kit Scan

--------------------
  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double-click icon then click Install
  • A Window should open highlighting Start Emergency Kit Scanner
  • Double click that icon and allow the program to load
  • Click Yes to run an online update
  • Once the update is completed select Settings under Scan
  • Uncheck Join the Emsisoft Anti-Malware Network
  • Click Scan at the top
  • Click Yes to detect Potentially Unwanted Programs
  • Click Malware Scan
  • Once completed click View Report
  • Save the file to your Desktop using the default file name
  • Click Quarantine selected (all should be selected by default)
  • Copy and paste the report in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon then click Run
  • Press any key to launch the program
  • Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • When completed a Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Are both Chrome and Internet Explorer working properly?
  • Fixlog
  • Emsisoft report
  • Security Check log
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Tramon

Tramon
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 PM

Posted 29 May 2016 - 09:01 PM

  • Are both Chrome and Internet Explorer working properly?

    well just now a tab had opened, so i dont think its gone yet, sir

    -----------------
  • Fixlog

    Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
    Ran by Katie (2016-05-29 19:57:40) Run:4
    Running from C:\Users\Katie\Desktop\FRST
    Loaded Profiles: Katie (Available Profiles: Katie & Guest)
    Boot Mode: Normal
    ==============================================
     
    fixlist content:
    *****************
    c:\windows\system32\drivers\uuaukrsx.sys
    C:\Users\Katie\Downloads\vsh.tmp
    emptytemp:
    *****************
     
    "c:\windows\system32\drivers\uuaukrsx.sys" => not found.
    C:\Users\Katie\Downloads\vsh.tmp => moved successfully
    EmptyTemp: => 1.7 GB temporary data Removed.
     
     
    The system needed a reboot.
     
    ==== End of Fixlog 19:58:16 ====

    --------------------------
  • Emsisoft report

    Emsisoft Emergency Kit - Version 11.0
    Last update: 5/29/2016 8:09:32 PM
    User account: TRAY-PC\Katie
     
    Scan settings:
     
    Scan type: Malware Scan
    Objects: Rootkits, Memory, Traces, Files
     
    Detect PUPs: On
    Scan archives: Off
    ADS Scan: On
    File extension filter: Off
    Advanced caching: On
    Direct disk access: Off
     
    Scan start: 5/29/2016 8:10:39 PM
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
    Key: HKEY_USERS\S-1-5-21-1457218534-3710924171-3785597336-1001_CLASSES\WOW6432NODE\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326} detected: Application.Toolbar (A)
    C:\Users\Katie\AppData\Local\Microsoft\Windows\{60B3D9DD-B07F-4118-8557-27D2CC9807E9}\Defender.exe detected: Gen:Variant.Kazy.788155 (B)
    C:\Users\Katie\AppData\Roaming\Rar\Call of Duty Editor V1.6\Call of Duty Editor V1.6.exe detected: Gen:Variant.Kazy.413414 (B)
    C:\Users\Katie\Desktop\Everything to e3\PS3DumpPatcher.exe detected: Trojan.Generic.14862224 (B)
    C:\Users\Katie\Desktop\GSC_Injector_BO2\GSC_Injector_BO2.exe detected: Gen:Variant.Zusy.163830 (B)
    C:\Users\Katie\Desktop\PC Folder\NEW NOTPAds STUFF\GSC_Injector_BO2 [CCAPI 2.6 - ALL DEX]\GSC_Injector_BO2.exe detected: Gen:Variant.Zusy.163830 (B)
    C:\Users\Katie\Desktop\RTM Menus Source\MW3 Light Tool\MW3 Light Tool.exe detected: Trojan.Generic.14619761 (B)
     
    Scanned 80005
    Found 9
     
    Scan end: 5/29/2016 8:27:34 PM
    Scan time: 0:16:55
     

    ------------------------
  • Security Check log

     Results of screen317's Security Check version 1.014 --- 12/23/15  
     Windows 7 Service Pack 1 x64 (UAC is enabled)  
     Internet Explorer 11  
    ``````````````Antivirus/Firewall Check:`````````````` 
     Windows Security Center service is not running! This report may not be accurate! 
     Windows Firewall Enabled!  
     WMI entry may not exist for antivirus; attempting automatic update. 
    `````````Anti-malware/Other Utilities Check:````````` 
     Java 8 Update 73  
     Visual Studio Extensions for Windows Library for JavaScript 
     Java version 32-bit out of Date! 
     Adobe Flash Player 21.0.0.242  
     Adobe Reader 9 Adobe Reader out of Date! 
     Google Chrome (50.0.2661.102) 
     Google Chrome (50.0.2661.94) 
     Google Chrome (SetupMetrics.pma..) 
    ````````Process Check: objlist.exe by Laurent````````  
     Norton ccSvcHst.exe 
    `````````````````System Health check````````````````` 
     Total Fragmentation on Drive C: 0% 
    ````````````````````End of Log`````````````````````` 
     

    ---------------------------------
  • Update on computer behavior
  • it seems to be running faster than it was at first. 


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,014 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:54 PM

Posted 29 May 2016 - 09:11 PM

Did the tab open in both browsers or just one?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Tramon

Tramon
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 PM

Posted 29 May 2016 - 09:12 PM

just chrome



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,014 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:54 PM

Posted 29 May 2016 - 09:19 PM

OK, please launch Chrome without Plugins or Extensions again and see if it runs properly.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Tramon

Tramon
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 PM

Posted 29 May 2016 - 09:50 PM

it did it again but it had re opened up google with the Plugins and Extensions.
its like as if i wasn't on google at all and it had just opened up by it self



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,014 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:54 PM

Posted 29 May 2016 - 09:58 PM

Do you mean the Chrome browser is launching itself?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Tramon

Tramon
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 PM

Posted 29 May 2016 - 10:22 PM

umm yeh thats what just happened



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,014 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:54 PM

Posted 29 May 2016 - 10:32 PM

I would like you to reset Chrome. Please do this.

===================================================

Resetting Google Chrome to Original Defaults

--------------------
  • Launch Chrome then review this page before following these steps to review what changes will take place
  • In the address bar type chrome://settings and press Enter
  • Click Show advanced settings... located at the bottom of the page
  • Under the Reset settings section click Reset settings
  • Uncheck Help make Google Chrome better by reporting the current settings if you don' t want to provide that information
  • Click Reset
  • Restart Chrome and check the performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,014 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:54 PM

Posted 29 May 2016 - 10:54 PM

I am logging off for the evening but will check your reply first thing in the morning.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Tramon

Tramon
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 PM

Posted 29 May 2016 - 11:12 PM

alrighty  
and its still popping up.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users