Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Getting background ads and internet blocked from AV/malware sites


  • This topic is locked This topic is locked
6 replies to this topic

#1 tbauer81

tbauer81

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:00 AM

Posted 20 July 2016 - 01:13 AM

I originally posted this in the wrong section as my browsing had lead me away, so reposting here in the proper forum.  I seem to have a file called problem.exe and some other tasks running that are causing advertisements to run without any popups, just as background noise coming through the speakers.  Additionally , it is preventing me from accessing any website related to anti-virus or malware information.  When I attempt to go on this website to download the Farbar recovery scan tool it says "The page cannot be displayed because an internal server error has occurred.  Thanks in advance for any help and support.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-07-2016
Ran by T B (administrator) on TB-PC (20-07-2016 01:35:04)
Running from C:\Users\T B\Desktop
Loaded Profiles: T B & postgres (Available Profiles: T B & postgres)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\ProgramData\Logic Handler\set.exe
(weakley) C:\Windows\taggart.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\ProgramData\CloudPrinter\CloudPrinter.exe
(tortora) C:\Windows\honcho.exe
() C:\ProgramData\Holdtam\Holdtam.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.0\bin\postgres.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(windows) C:\Program Files (x86)\flagship\poinsettia.exe
() C:\Program Files (x86)\flagship\pebbled.exe
() C:\Program Files (x86)\keebler\gadd.exe
() C:\Program Files (x86)\lims\problemo.exe
(Hammer & Chisel, Inc.) C:\Users\T B\AppData\Local\Discord\app-0.0.292\Discord.exe
() C:\ProgramData\Holdtam\Tranbam.exe
(Hammer & Chisel, Inc.) C:\Users\T B\AppData\Local\Discord\app-0.0.292\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\T B\AppData\Local\Discord\app-0.0.292\Discord.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome334.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15818872 2016-04-28] (Logitech Inc.)
HKLM\...\Run: [autoauto] => C:\Program Files (x86)\flagship\poinsettia.exe [28672 2016-07-20] (windows)
HKLM\...\Run: [cutoauto] => C:\Program Files (x86)\flagship\pebbled.exe [41203 2016-07-20] ()
HKLM\...\Run: [expands.exeproblemo.exe] => C:\Program Files (x86)\flagship\poinsettia.exe [28672 2016-07-20] (windows)
HKLM\...\Run: [toys] => C:\Program Files (x86)\flagship\poinsettia.exe [28672 2016-07-20] (windows)
HKLM\...\Run: [interpee] => C:\Program Files (x86)\lims\problemo.exe [9216 2016-07-20] ()
HKLM-x32\...\Run: [autoauto] => C:\Program Files (x86)\flagship\poinsettia.exe [28672 2016-07-20] (windows)
HKLM-x32\...\Run: [cutoauto] => C:\Program Files (x86)\flagship\pebbled.exe [41203 2016-07-20] ()
HKLM-x32\...\Run: [toys] => C:\Program Files (x86)\flagship\poinsettia.exe [28672 2016-07-20] (windows)
HKLM-x32\...\Run: [interpee] => C:\Program Files (x86)\lims\problemo.exe [9216 2016-07-20] ()
HKU\S-1-5-21-1052316088-3023028506-1941122972-1001\...\Run: [rutoauto] => C:\Program Files (x86)\flagship\poinsettia.exe [28672 2016-07-20] (windows)
HKU\S-1-5-21-1052316088-3023028506-1941122972-1001\...\Run: [dutoauto] => C:\Program Files (x86)\flagship\pebbled.exe [41203 2016-07-20] ()
HKU\S-1-5-21-1052316088-3023028506-1941122972-1001\...\Run: [toys] => C:\Program Files (x86)\flagship\poinsettia.exe [28672 2016-07-20] (windows)
HKU\S-1-5-21-1052316088-3023028506-1941122972-1001\...\Run: [interpee] => C:\Program Files (x86)\lims\problemo.exe [9216 2016-07-20] ()
HKU\S-1-5-21-1052316088-3023028506-1941122972-1001\...\Run: [taxies] => C:\Program Files (x86)\flagship\poinsettia.exe [28672 2016-07-20] (windows)
HKU\S-1-5-21-1052316088-3023028506-1941122972-1001\...\Run: [toolmaking] => C:\Program Files (x86)\lims\problemo.exe [9216 2016-07-20] ()
HKU\S-1-5-21-1052316088-3023028506-1941122972-1001\...\Run: [gadd] => C:\Program Files (x86)\keebler\gadd.exe [40264 2016-07-20] ()
HKU\S-1-5-21-1052316088-3023028506-1941122972-1001\...\Run: [jarosz] => C:\Program Files (x86)\keebler\expands.exe [10752 2016-07-20] (marbling)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-10-13] (Microsoft Corporation)
AppInit_DLLs: C:\ProgramData\Holdtam\Tristough.dll => C:\ProgramData\Holdtam\Tristough.dll [363008 2016-07-20] ()
AppInit_DLLs-x32: C:\ProgramData\Holdtam\Rancof.dll => C:\ProgramData\Holdtam\Rancof.dll [257536 2016-07-20] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-06-28]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.334\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\T B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ok47643784.lnk [2016-07-20]
ShortcutTarget: ok47643784.lnk -> C:\Program Files (x86)\flagship\poinsettia.exe (windows)
Startup: C:\Users\T B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ok47643784willinger.lnk [2016-07-20]
ShortcutTarget: ok47643784willinger.lnk -> C:\Program Files (x86)\lims\problemo.exe ()
Startup: C:\Users\T B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\willinger.lnk [2016-07-20]
ShortcutTarget: willinger.lnk -> C:\Program Files (x86)\flagship\poinsettia.exe (windows)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 1 <======= ATTENTION (Restriction - ProxySettings)
ProxyEnable: [HKLM] => Proxy is enabled.
ProxyEnable: [HKLM-x32] => Proxy is enabled.
ProxyServer: [HKLM] => http=127.0.0.1:8877;https=127.0.0.1:8877
ProxyServer: [HKLM-x32] => http=127.0.0.1:8877;https=127.0.0.1:8877
AutoConfigURL: [HKLM] => http=127.0.0.1:8877;https=127.0.0.1:8877
ProxyEnable: [S-1-5-21-1052316088-3023028506-1941122972-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-1052316088-3023028506-1941122972-1001] => http=127.0.0.1:8877;https=127.0.0.1:8877
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{16769E2F-E089-4AF3-9A44-02B6D8F89CFF}: [DhcpNameServer] 192.168.1.1
ManualProxies: 1http=127.0.0.1:8877;https=127.0.0.1:8877
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1052316088-3023028506-1941122972-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1052316088-3023028506-1941122972-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBVRmzv2pJwNObb5I2Gl0KYX7VPj-wMCIHGlT9cBX_5mMcQk9HNz-jxhVCjTy9POtnTy_9WQtaI-7jJ2I5-EqUPjWRUH9ytdI-3Qk8wbeP3Tu6q71CMfQ4MidrGThVzdKNKI5PXCCRFRB3mOw9nkVEfFDDT9_e5VsKiHJCAsTl5EoVK4rBmz7HBBA,,&q={searchTerms}
HKU\S-1-5-21-1052316088-3023028506-1941122972-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBVRmzv2pJwNObb5I2Gl0KYX7VPj-wMCIHGlT9cBX_5mMcQk9HNz-jxhVCjTy9POtnTy_9WQtaI-7jJ2I5-EqUPjWRUE5dGN1cRIluMjkQ25mEPvyMk3B-Ai7wcUQE05IIKB5zRIVZMkxm8_Xrh-m7i6gVtDDgvXjoDwt8LhskcEb-ITL47a1DfSQ,,
HKU\S-1-5-21-1052316088-3023028506-1941122972-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBVRmzv2pJwNObb5I2Gl0KYX7VPj-wMCIHGlT9cBX_5mMcQk9HNz-jxhVCjTy9POtnTy_9WQtaI-7jJ2I5-EqUPjWRUH9ytdI-3Qk8wbeP3Tu6q71CMfQ4MidrGThVzdKNKI5PXCCRFRB3mOw9nkVEfFDDT9_e5VsKiHJCAsTl5EoVK4rBmz7HBBA,,&q={searchTerms}
HKU\S-1-5-21-1052316088-3023028506-1941122972-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBVRmzv2pJwNObb5I2Gl0KYX7VPj-wMCIHGlT9cBX_5mMcQk9HNz-jxhVCjTy9POtnTy_9WQtaI-7jJ2I5-EqUPjWRUH9ytdI-3Qk8wbeP3Tu6q71CMfQ4MidrGThVzdKNKI5PXCCRFRB3mOw9nkVEfFDDT9_e5VsKiHJCAsTl5EoVK4rBmz7HBBA,,&q={searchTerms}
HKU\S-1-5-21-1052316088-3023028506-1941122972-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBVRmzv2pJwNObb5I2Gl0KYX7VPj-wMCIHGlT9cBX_5mMcQk9HNz-jxhVCjTy9POtnTy_9WQtaI-7jJ2I5-EqUPjWRUE5dGN1cRIluMjkQ25mEPvyMk3B-Ai7wcUQE05IIKB5zRIVZMkxm8_Xrh-m7i6gVtDDgvXjoDwt8LhskcEb-ITL47a1DfSQ,,
HKU\S-1-5-21-1052316088-3023028506-1941122972-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBVRmzv2pJwNObb5I2Gl0KYX7VPj-wMCIHGlT9cBX_5mMcQk9HNz-jxhVCjTy9POtnTy_9WQtaI-7jJ2I5-EqUPjWRUH9ytdI-3Qk8wbeP3Tu6q71CMfQ4MidrGThVzdKNKI5PXCCRFRB3mOw9nkVEfFDDT9_e5VsKiHJCAsTl5EoVK4rBmz7HBBA,,&q={searchTerms}
HKU\S-1-5-21-1052316088-3023028506-1941122972-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBVRmzv2pJwNObb5I2Gl0KYX7VPj-wMCIHGlT9cBX_5mMcQk9HNz-jxhVCjTy9POtnTy_9WQtaI-7jJ2I5-EqUPjWRUH9ytdI-3Qk8wbeP3Tu6q71CMfQ4MidrGThVzdKNKI5PXCCRFRB3mOw9nkVEfFDDT9_e5VsKiHJCAsTl5EoVK4rBmz7HBBA,,&q={searchTerms}
HKU\S-1-5-21-1052316088-3023028506-1941122972-1003\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBVRmzv2pJwNObb5I2Gl0KYX7VPj-wMCIHGlT9cBX_5mMcQk9HNz-jxhVCjTy9POtnTy_9WQtaI-7jJ2I5-EqUPjWRUH9ytdI-3Qk8wbeP3Tu6q71CMfQ4MidrGThVzdKNKI5PXCCRFRB3mOw9nkVEfFDDT9_e5VsKiHJCAsTl5EoVK4rBmz7HBBA,,&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = 
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBVRmzv2pJwNObb5I2Gl0KYX7VPj-wMCIHGlT9cBX_5mMcQk9HNz-jxhVCjTy9POtnTy_9WQtaI-7jJ2I5-EqUPjWRUH9ytdI-3Qk8wbeP3Tu6q71CMfQ4MidrGThVzdKNKI5PXCCRFRB3mOw9nkVEfFDDT9_e5VsKiHJCAsTl5EoVK4rBmz7HBBA,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1052316088-3023028506-1941122972-1001 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBVRmzv2pJwNObb5I2Gl0KYX7VPj-wMCIHGlT9cBX_5mMcQk9HNz-jxhVCjTy9POtnTy_9WQtaI-7jJ2I5-EqUPjWRUH9ytdI-3Qk8wbeP3Tu6q71CMfQ4MidrGThVzdKNKI5PXCCRFRB3mOw9nkVEfFDDT9_e5VsKiHJCAsTl5EoVK4rBmz7HBBA,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1052316088-3023028506-1941122972-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBVRmzv2pJwNObb5I2Gl0KYX7VPj-wMCIHGlT9cBX_5mMcQk9HNz-jxhVCjTy9POtnTy_9WQtaI-7jJ2I5-EqUPjWRUH9ytdI-3Qk8wbeP3Tu6q71CMfQ4MidrGThVzdKNKI5PXCCRFRB3mOw9nkVEfFDDT9_e5VsKiHJCAsTl5EoVK4rBmz7HBBA,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1052316088-3023028506-1941122972-1003 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBVRmzv2pJwNObb5I2Gl0KYX7VPj-wMCIHGlT9cBX_5mMcQk9HNz-jxhVCjTy9POtnTy_9WQtaI-7jJ2I5-EqUPjWRUH9ytdI-3Qk8wbeP3Tu6q71CMfQ4MidrGThVzdKNKI5PXCCRFRB3mOw9nkVEfFDDT9_e5VsKiHJCAsTl5EoVK4rBmz7HBBA,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1052316088-3023028506-1941122972-1003 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBVRmzv2pJwNObb5I2Gl0KYX7VPj-wMCIHGlT9cBX_5mMcQk9HNz-jxhVCjTy9POtnTy_9WQtaI-7jJ2I5-EqUPjWRUH9ytdI-3Qk8wbeP3Tu6q71CMfQ4MidrGThVzdKNKI5PXCCRFRB3mOw9nkVEfFDDT9_e5VsKiHJCAsTl5EoVK4rBmz7HBBA,,&q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-11-01] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-01] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-11-01] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-01] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-06-10] ()
FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-01] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-06-10] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://bleephomepage.com/"
CHR DefaultSearchURL: Default -> hxxp://feed.bazzsearch.com/?fext=true&publisherid=51206&publisher=defaultbazz&st=ed&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Bazz Search
CHR Profile: C:\Users\T B\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\T B\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-20]
CHR Extension: (Google Docs) - C:\Users\T B\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\T B\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\T B\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\T B\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-29]
CHR Extension: (Adblock for Youtube™) - C:\Users\T B\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2016-03-04]
CHR Extension: (Google Search) - C:\Users\T B\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\T B\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-20]
CHR Extension: (Google Docs Offline) - C:\Users\T B\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\T B\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-07-12]
CHR Extension: (Momentum) - C:\Users\T B\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2016-07-06]
CHR Extension: (Skype) - C:\Users\T B\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-05-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\T B\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Bazz Search) - C:\Users\T B\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinhfkamckbogjgmbmdkdebbbpnmlaef [2016-07-20]
CHR Extension: (Gmail) - C:\Users\T B\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-11-16] (Advanced Micro Devices, Inc.) [File not signed]
R2 backlh; C:\ProgramData\Logic Handler\set.exe [2089472 2016-05-15] () [File not signed]
U2 brattle; C:\Windows\taggart.exe [7680 2016-07-20] (weakley) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 CloudPrinter; C:\ProgramData\\CloudPrinter\\CloudPrinter.exe [681984 2016-07-20] () [File not signed]
U2 exhibited; C:\Windows\honcho.exe [8192 2016-07-20] (tortora) [File not signed]
R2 Holdtam; C:\ProgramData\\Holdtam\\Holdtam.exe [681984 2016-07-20] () [File not signed]
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-04-28] (Logitech Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.334\McCHSvc.exe [293128 2016-05-31] (McAfee, Inc.)
R2 postgresql-x64-9.0; C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe [111104 2012-09-21] (PostgreSQL Global Development Group) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe" [X]
S2 MBAMService; "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe" [X]
S2 PCSUService; C:\Program Files (x86)\PC Speed Up\PCSUService.exe [X]
S2 SCService; "C:\Program Files (x86)\PC Speed Up\SpeedCheckerService.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [85160 2016-04-18] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-18] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [31936 2015-10-18] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-10-18] (VMware, Inc.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-20 01:35 - 2016-07-20 01:36 - 00022663 _____ C:\Users\T B\Desktop\FRST.txt
2016-07-20 01:35 - 2016-07-20 01:35 - 00000000 ____D C:\FRST
2016-07-20 01:34 - 2016-07-20 01:34 - 02391552 _____ (Farbar) C:\Users\T B\Desktop\FRST64.exe
2016-07-20 01:18 - 2016-07-20 01:24 - 00263312 _____ C:\Windows\ntbtlog.txt
2016-07-20 01:14 - 2016-07-20 01:14 - 00000000 ___HD C:\$GetCurrent
2016-07-20 01:10 - 2016-07-20 01:14 - 00000000 ____D C:\Windows10Upgrade
2016-07-20 01:10 - 2016-07-20 01:10 - 00000694 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Upgrade Assistant.lnk
2016-07-20 01:10 - 2016-07-20 01:10 - 00000682 _____ C:\Users\T B\Desktop\Windows 10 Upgrade Assistant.lnk
2016-07-20 01:09 - 2016-07-20 01:09 - 05792848 _____ (Microsoft Corporation) C:\Users\T B\Downloads\Windows10Upgrade9194.exe
2016-07-20 01:02 - 2016-07-20 01:02 - 00388608 _____ (Trend Micro Inc.) C:\Users\T B\Downloads\HijackThis.exe
2016-07-20 00:41 - 2016-07-20 00:41 - 22851472 _____ (Malwarebytes ) C:\Users\T B\Downloads\mbam-setup-2.2.1.1043.exe
2016-07-20 00:29 - 2016-07-20 01:36 - 00003624 _____ C:\Windows\System32\Tasks\110066710
2016-07-20 00:29 - 2016-07-20 01:35 - 00004348 _____ C:\Windows\System32\Tasks\b18101489
2016-07-20 00:29 - 2016-07-20 01:17 - 00003712 _____ C:\Windows\System32\Tasks\dc00A0GGiTkFzcFzCxXqdE-ni-2016-07-20-ni-17657-ni-1
2016-07-20 00:29 - 2016-07-20 00:47 - 00003636 _____ C:\Windows\System32\Tasks\dD8115817581158175
2016-07-20 00:29 - 2016-07-20 00:29 - 00000001 _____ C:\Users\T B\AppData\Local\setupsuccessful.txt
2016-07-20 00:28 - 2016-07-20 01:36 - 00003798 _____ C:\Windows\System32\Tasks\210066710
2016-07-20 00:28 - 2016-07-20 01:35 - 00004356 _____ C:\Windows\System32\Tasks\a18101489
2016-07-20 00:28 - 2016-07-20 00:57 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-20 00:28 - 2016-07-20 00:56 - 00003886 _____ C:\Windows\System32\Tasks\ab00A0GGiTkFzcFzCxXqdE-ni-2016-07-20-ni-17657-ni-1
2016-07-20 00:28 - 2016-07-20 00:47 - 00003806 _____ C:\Windows\System32\Tasks\a8115817581158175
2016-07-20 00:28 - 2016-07-20 00:45 - 00000336 _____ C:\Windows\Tasks\PC SpeedUp Service Deactivator.job
2016-07-20 00:28 - 2016-07-20 00:34 - 00000000 ____D C:\Program Files (x86)\PC Speed Up
2016-07-20 00:28 - 2016-07-20 00:29 - 00000000 ____D C:\Program Files (x86)\flagship
2016-07-20 00:28 - 2016-07-20 00:29 - 00000000 ____D C:\a
2016-07-20 00:28 - 2016-07-20 00:29 - 00000000 _____ C:\Users\T B\AppData\Local\stxtname.txt
2016-07-20 00:28 - 2016-07-20 00:28 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-07-20 00:28 - 2016-07-20 00:28 - 00002716 _____ C:\Windows\System32\Tasks\PC SpeedUp Service Deactivator
2016-07-20 00:28 - 2016-07-20 00:28 - 00002397 _____ C:\Windows\SysWOW64\findit.xml
2016-07-20 00:28 - 2016-07-20 00:28 - 00000055 _____ C:\Windows\key.ini
2016-07-20 00:28 - 2016-07-20 00:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Up
2016-07-20 00:28 - 2016-07-20 00:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-07-20 00:28 - 2016-07-20 00:28 - 00000000 ____D C:\ProgramData\Holdtams
2016-07-20 00:28 - 2016-07-20 00:28 - 00000000 ____D C:\Program Files (x86)\quadrennial
2016-07-20 00:28 - 2016-07-20 00:28 - 00000000 ____D C:\Program Files (x86)\mailers
2016-07-20 00:28 - 2016-07-20 00:28 - 00000000 ____D C:\Program Files (x86)\lims
2016-07-20 00:28 - 2016-07-20 00:28 - 00000000 ____D C:\Program Files (x86)\keebler
2016-07-20 00:28 - 2016-07-20 00:28 - 00000000 ____D C:\Program Files (x86)\InternetPlus
2016-07-20 00:28 - 2016-07-20 00:28 - 00000000 _____ C:\Users\T B\AppData\Local\tr5b.txt
2016-07-20 00:28 - 2016-07-20 00:28 - 00000000 _____ C:\Users\T B\AppData\Local\run.txt
2016-07-20 00:27 - 2016-07-20 01:27 - 00000000 ____D C:\ProgramData\Holdtam
2016-07-20 00:27 - 2016-07-20 01:26 - 00000268 _____ C:\Windows\Tasks\System HealerStartUp.job
2016-07-20 00:27 - 2016-07-20 00:45 - 00000268 _____ C:\Windows\Tasks\System HealerPeriod.job
2016-07-20 00:27 - 2016-07-20 00:27 - 19397312 _____ (Adobe Systems Incorporated) C:\Users\T B\AppData\Local\install_flash_player_21_active_x.exe
2016-07-20 00:27 - 2016-07-20 00:27 - 07102976 _____ C:\Users\T B\AppData\Roaming\agent.dat
2016-07-20 00:27 - 2016-07-20 00:27 - 02279413 _____ C:\Users\T B\AppData\Roaming\Rankin.bin
2016-07-20 00:27 - 2016-07-20 00:27 - 01880276 _____ C:\Users\T B\AppData\Roaming\Dripcof.tst
2016-07-20 00:27 - 2016-07-20 00:27 - 01021267 _____ C:\Users\T B\AppData\Local\setupone.exe
2016-07-20 00:27 - 2016-07-20 00:27 - 00848437 _____ C:\Users\T B\AppData\Roaming\Goldovetouch.bin
2016-07-20 00:27 - 2016-07-20 00:27 - 00126464 _____ C:\Users\T B\AppData\Roaming\noah.dat
2016-07-20 00:27 - 2016-07-20 00:27 - 00126464 _____ C:\Users\T B\AppData\Roaming\lobby.dat
2016-07-20 00:27 - 2016-07-20 00:27 - 00072710 _____ C:\Users\T B\AppData\Roaming\Voltcof.tst
2016-07-20 00:27 - 2016-07-20 00:27 - 00070320 _____ C:\Users\T B\AppData\Roaming\Config.xml
2016-07-20 00:27 - 2016-07-20 00:27 - 00054272 _____ C:\Users\T B\AppData\Roaming\ApplicationHosting.dat
2016-07-20 00:27 - 2016-07-20 00:27 - 00018432 _____ C:\Users\T B\AppData\Roaming\Main.dat
2016-07-20 00:27 - 2016-07-20 00:27 - 00005568 _____ C:\Users\T B\AppData\Roaming\md.xml
2016-07-20 00:27 - 2016-07-20 00:27 - 00002538 _____ C:\Windows\System32\Tasks\System HealerStartUp
2016-07-20 00:27 - 2016-07-20 00:27 - 00000000 ____D C:\ProgramData\Logic Handler
2016-07-20 00:27 - 2016-07-20 00:27 - 00000000 ____D C:\ProgramData\fa88993f-5d33-0
2016-07-20 00:27 - 2016-07-20 00:27 - 00000000 ____D C:\ProgramData\CloudPrinter
2016-07-20 00:27 - 2016-07-20 00:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-07-20 00:27 - 2016-07-20 00:27 - 00000000 _____ C:\Users\T B\AppData\Local\aatxtname.txt
2016-07-20 00:27 - 2016-07-20 00:26 - 00681984 _____ C:\Users\T B\AppData\Roaming\Voltcof.exe
2016-07-20 00:27 - 2016-07-20 00:26 - 00681984 _____ C:\Users\T B\AppData\Roaming\Dripcof.exe
2016-07-20 00:26 - 2016-07-20 00:29 - 00000000 ____D C:\Program Files (x86)\SystemHealer
2016-07-20 00:26 - 2016-07-20 00:26 - 00129024 _____ C:\Users\T B\AppData\Roaming\Installer.dat
2016-07-20 00:26 - 2016-07-20 00:26 - 00018432 _____ C:\Users\T B\AppData\Roaming\InstallationConfiguration.xml
2016-07-20 00:26 - 2016-07-20 00:26 - 00000000 ____D C:\Users\T B\AppData\Roaming\System Healer
2016-07-20 00:26 - 2016-07-20 00:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
2016-07-20 00:26 - 2016-07-20 00:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\LuckyBrowse
2016-07-20 00:26 - 2016-07-20 00:26 - 00000000 ____D C:\ProgramData\LuckyBrowse
2016-07-20 00:26 - 2016-07-20 00:26 - 00000000 ____D C:\ProgramData\fa88993f-2e21-1
2016-07-20 00:26 - 2016-07-20 00:26 - 00000000 ____D C:\Program Files (x86)\LuckyBrowse
2016-07-20 00:25 - 2016-07-20 00:25 - 00061440 _____ ( ) C:\Users\T B\Downloads\popflagparser.exe
2016-07-20 00:05 - 2016-07-20 00:05 - 00041203 _____ C:\Windows\hd.exe
2016-07-20 00:05 - 2016-07-20 00:05 - 00028672 _____ (windows) C:\Windows\lambert.exe
2016-07-20 00:05 - 2016-07-20 00:05 - 00008192 _____ (tortora) C:\Windows\honcho.exe
2016-07-20 00:05 - 2016-07-20 00:05 - 00007680 _____ (weakley) C:\Windows\taggart.exe
2016-07-20 00:05 - 2016-07-20 00:05 - 00006656 _____ C:\Windows\dll.dll
2016-07-15 22:23 - 2016-07-15 22:23 - 00001163 _____ C:\Users\T B\Downloads\Good's Gina Trigers.gtp
2016-07-15 22:21 - 2016-07-15 22:21 - 22376840 _____ C:\Users\T B\Downloads\ALLMAPS_2016-07-10.zip
2016-07-15 22:18 - 2016-07-15 22:18 - 00001041 _____ C:\Users\T B\Desktop\MacroQuest2 - Shortcut.lnk
2016-07-15 22:17 - 2016-07-16 00:09 - 00000000 ____D C:\Users\T B\Desktop\Release
2016-07-13 08:10 - 2016-06-25 20:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-07-13 08:10 - 2016-06-25 20:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-07-13 08:10 - 2016-06-25 20:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-07-13 08:10 - 2016-06-25 20:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-07-13 08:10 - 2016-06-25 20:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2016-07-13 08:10 - 2016-06-25 15:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-07-13 08:10 - 2016-06-25 15:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-07-13 08:10 - 2016-06-25 15:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-07-13 08:10 - 2016-06-25 15:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2016-07-13 08:10 - 2016-06-25 15:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2016-07-13 08:10 - 2016-06-14 11:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-07-13 08:10 - 2016-06-11 02:57 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-07-13 08:10 - 2016-06-11 00:48 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-07-13 08:10 - 2016-06-10 17:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-07-13 08:10 - 2016-06-10 17:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-07-13 08:10 - 2016-06-10 17:20 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-07-13 08:10 - 2016-06-10 17:19 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-07-13 08:10 - 2016-06-10 17:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-07-13 08:10 - 2016-06-10 17:18 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-07-13 08:10 - 2016-06-10 17:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-07-13 08:10 - 2016-06-10 17:17 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-07-13 08:10 - 2016-06-10 17:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-07-13 08:10 - 2016-06-10 17:08 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-07-13 08:10 - 2016-06-10 17:05 - 25814016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-07-13 08:10 - 2016-06-10 17:04 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-07-13 08:10 - 2016-06-10 17:03 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-07-13 08:10 - 2016-06-10 17:03 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-07-13 08:10 - 2016-06-10 17:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-07-13 08:10 - 2016-06-10 17:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-07-13 08:10 - 2016-06-10 16:53 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-07-13 08:10 - 2016-06-10 16:50 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-07-13 08:10 - 2016-06-10 16:49 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-07-13 08:10 - 2016-06-10 16:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-07-13 08:10 - 2016-06-10 16:38 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-07-13 08:10 - 2016-06-10 16:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-07-13 08:10 - 2016-06-10 16:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-07-13 08:10 - 2016-06-10 16:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-07-13 08:10 - 2016-06-10 16:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-07-13 08:10 - 2016-06-10 16:15 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-07-13 08:10 - 2016-06-10 16:13 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-07-13 08:10 - 2016-06-10 16:12 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-07-13 08:10 - 2016-06-10 16:11 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-07-13 08:10 - 2016-06-10 16:10 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-07-13 08:10 - 2016-06-10 15:45 - 15409664 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-07-13 08:10 - 2016-06-10 15:44 - 02869248 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-07-13 08:10 - 2016-06-10 15:30 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-07-13 08:10 - 2016-06-10 15:21 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-07-13 08:10 - 2016-06-10 15:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-07-13 08:10 - 2016-06-10 14:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-07-13 08:10 - 2016-06-10 14:53 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-07-13 08:10 - 2016-06-10 14:53 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-07-13 08:10 - 2016-06-10 14:53 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-07-13 08:10 - 2016-06-10 14:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-07-13 08:10 - 2016-06-10 14:47 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-07-13 08:10 - 2016-06-10 14:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-07-13 08:10 - 2016-06-10 14:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-07-13 08:10 - 2016-06-10 14:42 - 20348928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-07-13 08:10 - 2016-06-10 14:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-07-13 08:10 - 2016-06-10 14:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-07-13 08:10 - 2016-06-10 14:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-07-13 08:10 - 2016-06-10 14:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-07-13 08:10 - 2016-06-10 14:32 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-07-13 08:10 - 2016-06-10 14:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-07-13 08:10 - 2016-06-10 14:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-07-13 08:10 - 2016-06-10 14:24 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-07-13 08:10 - 2016-06-10 14:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-07-13 08:10 - 2016-06-10 14:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-07-13 08:10 - 2016-06-10 14:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-07-13 08:10 - 2016-06-10 14:14 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-07-13 08:10 - 2016-06-10 14:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-07-13 08:10 - 2016-06-10 14:10 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-07-13 08:10 - 2016-06-10 14:09 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-07-13 08:10 - 2016-06-10 14:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-07-13 08:10 - 2016-06-10 13:58 - 13806080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-07-13 08:10 - 2016-06-10 13:45 - 02392576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-07-13 08:10 - 2016-06-10 13:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-07-13 08:10 - 2016-06-10 13:41 - 01315840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-07-12 15:48 - 2016-07-12 15:48 - 00004284 _____ C:\Users\T B\Desktop\auglist.txt
2016-07-07 20:49 - 2016-07-07 20:49 - 00000000 ____D C:\ProgramData\Age of Empires 3
2016-07-04 11:07 - 2016-07-07 20:49 - 00000000 ____D C:\Users\T B\Documents\My Games
2016-07-04 11:06 - 2016-07-07 20:49 - 00000000 ____D C:\Users\T B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-07-04 11:06 - 2016-07-04 11:06 - 00000000 ____D C:\Users\T B\AppData\Roaming\Microsoft Games
2016-07-04 00:31 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2016-07-04 00:31 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2016-07-04 00:31 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2016-07-04 00:31 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2016-07-04 00:31 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2016-07-04 00:31 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2016-07-04 00:29 - 2015-07-18 09:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-07-04 00:29 - 2015-07-18 09:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-07-04 00:29 - 2015-07-18 09:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-07-04 00:29 - 2015-07-18 09:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-07-04 00:29 - 2015-07-18 09:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-07-04 00:29 - 2015-07-18 09:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-07-04 00:29 - 2015-07-18 09:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-07-04 00:29 - 2015-07-18 09:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-07-04 00:29 - 2015-07-18 09:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-07-04 00:29 - 2015-07-18 09:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-07-04 00:29 - 2015-07-18 09:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-07-04 00:29 - 2015-07-18 09:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-07-04 00:29 - 2015-07-18 09:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-07-04 00:29 - 2015-07-18 09:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-07-04 00:29 - 2015-07-18 09:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-07-04 00:29 - 2015-07-18 09:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-07-04 00:29 - 2015-07-18 09:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-07-04 00:29 - 2015-07-18 09:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-07-04 00:29 - 2015-07-18 09:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-07-04 00:29 - 2015-07-18 09:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-07-04 00:29 - 2015-07-18 09:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-07-04 00:29 - 2015-07-18 09:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-07-04 00:29 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-07-04 00:29 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-07-04 00:29 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-07-04 00:29 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-07-04 00:29 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-07-04 00:29 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-07-04 00:29 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-07-04 00:29 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-07-04 00:29 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-07-04 00:29 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-07-04 00:29 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-07-04 00:29 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-07-04 00:29 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-07-04 00:29 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-07-04 00:29 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-07-04 00:29 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-07-04 00:29 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2016-07-04 00:29 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-07-04 00:29 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-07-04 00:29 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-07-04 00:29 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-07-04 00:29 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2016-07-04 00:29 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-07-04 00:29 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-07-04 00:29 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-07-04 00:29 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-07-03 23:39 - 2016-07-03 23:39 - 00000222 _____ C:\Users\T B\Desktop\Rise of Nations Extended Edition.url
2016-07-03 23:39 - 2016-07-03 23:39 - 00000222 _____ C:\Users\T B\Desktop\Age of Mythology Extended Edition.url
2016-07-03 23:39 - 2016-07-03 23:39 - 00000222 _____ C:\Users\T B\Desktop\Age of Empires III Complete Collection.url
2016-07-03 23:39 - 2016-07-03 23:39 - 00000222 _____ C:\Users\T B\Desktop\Age of Empires II HD Edition.url
2016-07-03 23:39 - 2016-07-03 23:39 - 00000000 ____D C:\Users\T B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-07-03 23:29 - 2016-07-03 23:29 - 00000000 ____D C:\Users\T B\AppData\Local\Steam
2016-07-03 23:28 - 2016-07-16 12:55 - 00000000 ____D C:\Program Files (x86)\Steam
2016-07-03 23:28 - 2016-07-03 23:28 - 00000967 _____ C:\Users\Public\Desktop\Steam.lnk
2016-07-03 23:28 - 2016-07-03 23:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-07-03 23:27 - 2016-07-03 23:27 - 01444992 _____ C:\Users\T B\Downloads\SteamSetup.exe
2016-07-02 21:22 - 2016-07-02 21:22 - 00000000 ____D C:\Users\T B\AppData\Roaming\Sony Online Entertainment
2016-07-01 21:16 - 2016-07-01 21:16 - 14534227 _____ C:\Users\T B\Desktop\SWProxy-windows.zip
2016-06-28 16:06 - 2016-06-28 16:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-06-24 16:46 - 2016-06-24 16:46 - 00007168 _____ C:\Users\T B\AppData\Local\cap.exe
2016-06-24 16:45 - 2016-06-24 16:45 - 00007168 _____ C:\Users\T B\AppData\Local\cap4.exe
2016-06-23 17:55 - 2016-06-23 17:55 - 00007680 _____ C:\Users\T B\AppData\Local\tinstall4.exe
2016-06-23 17:55 - 2016-06-23 17:55 - 00007680 _____ C:\Users\T B\AppData\Local\tinstall.exe
2016-06-23 17:50 - 2016-06-23 17:50 - 00005632 _____ C:\Users\T B\AppData\Local\ddnow4.exe
2016-06-23 17:50 - 2016-06-23 17:50 - 00005120 _____ C:\Users\T B\AppData\Local\ddnow.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-20 01:26 - 2013-10-01 13:17 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-20 01:25 - 2015-12-06 19:55 - 00000000 ____D C:\ProgramData\VMware
2016-07-20 01:25 - 2013-10-01 13:17 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-20 01:25 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-20 01:18 - 2009-07-14 00:45 - 00010240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-20 01:18 - 2009-07-14 00:45 - 00010240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-20 01:14 - 2009-07-14 01:13 - 00786702 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-20 01:14 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-07-20 00:29 - 2016-01-02 19:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-07-20 00:29 - 2013-10-02 14:02 - 00000000 ____D C:\Users\T B\AppData\Roaming\Mozilla
2016-07-20 00:29 - 2013-10-01 13:18 - 00002201 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-07-20 00:29 - 2013-10-01 12:29 - 00001405 _____ C:\Users\T B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-07-20 00:27 - 2016-04-23 18:11 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-20 00:27 - 2016-04-23 18:11 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-19 20:28 - 2013-10-01 13:16 - 00000000 ____D C:\Users\T B\AppData\Local\Deployment
2016-07-19 18:10 - 2015-08-26 14:49 - 00000917 _____ C:\Users\T B\Desktop\eqts.txt
2016-07-19 00:57 - 2013-10-08 18:36 - 00000000 ____D C:\Users\T B\AppData\Local\Spotify
2016-07-19 00:27 - 2013-10-08 18:35 - 00000000 ____D C:\Users\T B\AppData\Roaming\Spotify
2016-07-18 13:19 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2016-07-18 02:29 - 2015-06-06 03:39 - 00000000 ____D C:\Users\T B\AppData\Roaming\TS3Client
2016-07-13 22:16 - 2014-07-07 16:04 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-07-13 14:05 - 2013-10-02 14:09 - 00000000 ____D C:\Users\postgres
2016-07-13 14:05 - 2009-07-14 00:45 - 00406648 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-12 23:36 - 2016-03-03 20:11 - 00000000 ____D C:\Users\T B\AppData\Roaming\discord
2016-07-11 22:18 - 2016-03-03 20:12 - 00002151 _____ C:\Users\T B\Desktop\Discord.lnk
2016-07-11 22:18 - 2016-03-03 20:12 - 00000000 ____D C:\Users\T B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-07-11 22:18 - 2016-03-03 20:11 - 00000000 ____D C:\Users\T B\AppData\Local\Discord
2016-07-04 00:30 - 2016-06-01 19:46 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-30 10:48 - 2013-10-02 22:36 - 00000000 ____D C:\Users\T B\AppData\Roaming\Skype
2016-06-29 21:56 - 2009-07-14 01:08 - 00032552 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-06-28 16:06 - 2016-01-05 18:21 - 00001964 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-06-28 16:06 - 2015-11-10 17:21 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-06-20 14:40 - 2013-10-02 14:02 - 00000000 ____D C:\Program Files (x86)\CarbonPoker
 
==================== Files in the root of some directories =======
 
2016-07-20 00:27 - 2016-07-20 00:27 - 7102976 _____ () C:\Users\T B\AppData\Roaming\agent.dat
2016-07-20 00:27 - 2016-07-20 00:27 - 0054272 _____ () C:\Users\T B\AppData\Roaming\ApplicationHosting.dat
2016-07-20 00:27 - 2016-07-20 00:27 - 0070320 _____ () C:\Users\T B\AppData\Roaming\Config.xml
2016-07-20 00:27 - 2016-07-20 00:26 - 0681984 _____ () C:\Users\T B\AppData\Roaming\Dripcof.exe
2016-07-20 00:27 - 2016-07-20 00:27 - 1880276 _____ () C:\Users\T B\AppData\Roaming\Dripcof.tst
2016-07-20 00:27 - 2016-07-20 00:27 - 0848437 _____ () C:\Users\T B\AppData\Roaming\Goldovetouch.bin
2016-07-20 00:26 - 2016-07-20 00:26 - 0018432 _____ () C:\Users\T B\AppData\Roaming\InstallationConfiguration.xml
2016-07-20 00:26 - 2016-07-20 00:26 - 0129024 _____ () C:\Users\T B\AppData\Roaming\Installer.dat
2016-07-20 00:27 - 2016-07-20 00:27 - 0126464 _____ () C:\Users\T B\AppData\Roaming\lobby.dat
2016-07-20 00:27 - 2016-07-20 00:27 - 0018432 _____ () C:\Users\T B\AppData\Roaming\Main.dat
2016-07-20 00:27 - 2016-07-20 00:27 - 0005568 _____ () C:\Users\T B\AppData\Roaming\md.xml
2016-07-20 00:27 - 2016-07-20 00:27 - 0126464 _____ () C:\Users\T B\AppData\Roaming\noah.dat
2016-07-20 00:27 - 2016-07-20 00:27 - 2279413 _____ () C:\Users\T B\AppData\Roaming\Rankin.bin
2016-07-20 00:27 - 2016-07-20 00:27 - 0032038 _____ () C:\Users\T B\AppData\Roaming\uninstall_temp.ico
2016-07-20 00:27 - 2016-07-20 00:26 - 0681984 _____ () C:\Users\T B\AppData\Roaming\Voltcof.exe
2016-07-20 00:27 - 2016-07-20 00:27 - 0072710 _____ () C:\Users\T B\AppData\Roaming\Voltcof.tst
2016-07-20 00:27 - 2016-07-20 00:27 - 0000000 _____ () C:\Users\T B\AppData\Local\aatxtname.txt
2016-06-24 16:46 - 2016-06-24 16:46 - 0007168 _____ () C:\Users\T B\AppData\Local\cap.exe
2016-06-24 16:45 - 2016-06-24 16:45 - 0007168 _____ () C:\Users\T B\AppData\Local\cap4.exe
2016-06-23 17:50 - 2016-06-23 17:50 - 0005120 _____ () C:\Users\T B\AppData\Local\ddnow.exe
2016-06-23 17:50 - 2016-06-23 17:50 - 0005632 _____ () C:\Users\T B\AppData\Local\ddnow4.exe
2016-07-20 00:27 - 2016-07-20 00:27 - 19397312 _____ (Adobe Systems Incorporated) C:\Users\T B\AppData\Local\install_flash_player_21_active_x.exe
2016-03-18 01:00 - 2016-03-18 01:00 - 0000000 _____ () C:\Users\T B\AppData\Local\ok223.txt
2016-07-20 00:28 - 2016-07-20 00:28 - 0000000 _____ () C:\Users\T B\AppData\Local\run.txt
2016-07-20 00:27 - 2016-07-20 00:27 - 1021267 _____ () C:\Users\T B\AppData\Local\setupone.exe
2016-07-20 00:29 - 2016-07-20 00:29 - 0000001 _____ () C:\Users\T B\AppData\Local\setupsuccessful.txt
2016-07-20 00:28 - 2016-07-20 00:29 - 0000000 _____ () C:\Users\T B\AppData\Local\stxtname.txt
2016-06-23 17:55 - 2016-06-23 17:55 - 0007680 _____ () C:\Users\T B\AppData\Local\tinstall.exe
2016-06-23 17:55 - 2016-06-23 17:55 - 0007680 _____ () C:\Users\T B\AppData\Local\tinstall4.exe
2016-07-20 00:28 - 2016-07-20 00:28 - 0000000 _____ () C:\Users\T B\AppData\Local\tr5b.txt
2013-10-02 14:04 - 2013-10-02 14:04 - 0004905 _____ () C:\ProgramData\flwjycbm.bab
 
Some files in TEMP:
====================
C:\Users\T B\AppData\Local\Temp\DFM1h1XoMj.exe
C:\Users\T B\AppData\Local\Temp\javasysmo1022198986569353396.dll
C:\Users\T B\AppData\Local\Temp\javasysmo1088943011349232997.dll
C:\Users\T B\AppData\Local\Temp\javasysmo1146562282363191814.dll
C:\Users\T B\AppData\Local\Temp\javasysmo1152297213342451014.dll
C:\Users\T B\AppData\Local\Temp\javasysmo1215428358950082521.dll
C:\Users\T B\AppData\Local\Temp\javasysmo1223189945024103819.dll
C:\Users\T B\AppData\Local\Temp\javasysmo1231802628093736719.dll
C:\Users\T B\AppData\Local\Temp\javasysmo124765003280216536.dll
C:\Users\T B\AppData\Local\Temp\javasysmo1283640848714843409.dll
C:\Users\T B\AppData\Local\Temp\javasysmo1299959356106965770.dll
C:\Users\T B\AppData\Local\Temp\javasysmo1300812449591346293.dll
C:\Users\T B\AppData\Local\Temp\javasysmo1309228865577364066.dll
C:\Users\T B\AppData\Local\Temp\javasysmo136126245494232349.dll
C:\Users\T B\AppData\Local\Temp\javasysmo1370547800348580435.dll
C:\Users\T B\AppData\Local\Temp\javasysmo1378774020632574412.dll
C:\Users\T B\AppData\Local\Temp\javasysmo1402572314278322778.dll
C:\Users\T B\AppData\Local\Temp\javasysmo1406211934341388707.dll
C:\Users\T B\AppData\Local\Temp\javasysmo1409059633323809984.dll
C:\Users\T B\AppData\Local\Temp\javasysmo1413447911534137276.dll
C:\Users\T B\AppData\Local\Temp\javasysmo1473055143011079332.dll
C:\Users\T B\AppData\Local\Temp\javasysmo1490291975286941875.dll
C:\Users\T B\AppData\Local\Temp\javasysmo1494204578704482916.dll
C:\Users\T B\AppData\Local\Temp\javasysmo1512360111526883422.dll
C:\Users\T B\AppData\Local\Temp\javasysmo1575101645771626436.dll
C:\Users\T B\AppData\Local\Temp\javasysmo1575470986632986771.dll
C:\Users\T B\AppData\Local\Temp\javasysmo1579450691367301154.dll
C:\Users\T B\AppData\Local\Temp\javasysmo1600914135789953480.dll
C:\Users\T B\AppData\Local\Temp\javasysmo1638159383198493198.dll
C:\Users\T B\AppData\Local\Temp\javasysmo1654487708622173760.dll
C:\Users\T B\AppData\Local\Temp\javasysmo1677517832631066569.dll
C:\Users\T B\AppData\Local\Temp\javasysmo1693708699292768696.dll
C:\Users\T B\AppData\Local\Temp\javasysmo1703852144211057458.dll
C:\Users\T B\AppData\Local\Temp\javasysmo1730321848214569828.dll
C:\Users\T B\AppData\Local\Temp\javasysmo1762115416540936497.dll
C:\Users\T B\AppData\Local\Temp\javasysmo1788944889551405017.dll
C:\Users\T B\AppData\Local\Temp\javasysmo1795336763294245832.dll
C:\Users\T B\AppData\Local\Temp\javasysmo1808407899396516806.dll
C:\Users\T B\AppData\Local\Temp\javasysmo1837240324741046680.dll
C:\Users\T B\AppData\Local\Temp\javasysmo1870839875364561280.dll
C:\Users\T B\AppData\Local\Temp\javasysmo202094109788282565.dll
C:\Users\T B\AppData\Local\Temp\javasysmo2022387409720255186.dll
C:\Users\T B\AppData\Local\Temp\javasysmo2030258057732001616.dll
C:\Users\T B\AppData\Local\Temp\javasysmo2054072798594537983.dll
C:\Users\T B\AppData\Local\Temp\javasysmo2071597511258689131.dll
C:\Users\T B\AppData\Local\Temp\javasysmo2098982030191229835.dll
C:\Users\T B\AppData\Local\Temp\javasysmo2105494356990092886.dll
C:\Users\T B\AppData\Local\Temp\javasysmo2109098574620530689.dll
C:\Users\T B\AppData\Local\Temp\javasysmo2168962735995621888.dll
C:\Users\T B\AppData\Local\Temp\javasysmo2197100434811352717.dll
C:\Users\T B\AppData\Local\Temp\javasysmo2250859368538091136.dll
C:\Users\T B\AppData\Local\Temp\javasysmo225262713113948570.dll
C:\Users\T B\AppData\Local\Temp\javasysmo2292064659599690588.dll
C:\Users\T B\AppData\Local\Temp\javasysmo2309207361143446171.dll
C:\Users\T B\AppData\Local\Temp\javasysmo2338423560448599534.dll
C:\Users\T B\AppData\Local\Temp\javasysmo2340337961545732558.dll
C:\Users\T B\AppData\Local\Temp\javasysmo2346673372778188594.dll
C:\Users\T B\AppData\Local\Temp\javasysmo2361150547317274864.dll
C:\Users\T B\AppData\Local\Temp\javasysmo2366715436708321968.dll
C:\Users\T B\AppData\Local\Temp\javasysmo2370235087792044375.dll
C:\Users\T B\AppData\Local\Temp\javasysmo2375479393026569860.dll
C:\Users\T B\AppData\Local\Temp\javasysmo2378387245725157791.dll
C:\Users\T B\AppData\Local\Temp\javasysmo2379913332496143567.dll
C:\Users\T B\AppData\Local\Temp\javasysmo2441277135066619167.dll
C:\Users\T B\AppData\Local\Temp\javasysmo2455582129636344307.dll
C:\Users\T B\AppData\Local\Temp\javasysmo2489032326183266652.dll
C:\Users\T B\AppData\Local\Temp\javasysmo2527799725217412077.dll
C:\Users\T B\AppData\Local\Temp\javasysmo2548951823919154700.dll
C:\Users\T B\AppData\Local\Temp\javasysmo2559746813320370320.dll
C:\Users\T B\AppData\Local\Temp\javasysmo2584958814564765851.dll
C:\Users\T B\AppData\Local\Temp\javasysmo2585920301600285650.dll
C:\Users\T B\AppData\Local\Temp\javasysmo2609926723394202682.dll
C:\Users\T B\AppData\Local\Temp\javasysmo2700926328441854240.dll
C:\Users\T B\AppData\Local\Temp\javasysmo2745541173732154865.dll
C:\Users\T B\AppData\Local\Temp\javasysmo2785804909544423970.dll
C:\Users\T B\AppData\Local\Temp\javasysmo2811336029037276512.dll
C:\Users\T B\AppData\Local\Temp\javasysmo28589434852101679.dll
C:\Users\T B\AppData\Local\Temp\javasysmo2877369646909002943.dll
C:\Users\T B\AppData\Local\Temp\javasysmo2907904537425969154.dll
C:\Users\T B\AppData\Local\Temp\javasysmo2912895787227703067.dll
C:\Users\T B\AppData\Local\Temp\javasysmo2932171849987591269.dll
C:\Users\T B\AppData\Local\Temp\javasysmo2988919954471945944.dll
C:\Users\T B\AppData\Local\Temp\javasysmo3000475095935889482.dll
C:\Users\T B\AppData\Local\Temp\javasysmo3018562461397869015.dll
C:\Users\T B\AppData\Local\Temp\javasysmo3094775578396993368.dll
C:\Users\T B\AppData\Local\Temp\javasysmo3126062473285292264.dll
C:\Users\T B\AppData\Local\Temp\javasysmo3167704950438010214.dll
C:\Users\T B\AppData\Local\Temp\javasysmo3213946101535829805.dll
C:\Users\T B\AppData\Local\Temp\javasysmo3228311264323393164.dll
C:\Users\T B\AppData\Local\Temp\javasysmo3283332935612055141.dll
C:\Users\T B\AppData\Local\Temp\javasysmo3287845562440809208.dll
C:\Users\T B\AppData\Local\Temp\javasysmo3315745677203327474.dll
C:\Users\T B\AppData\Local\Temp\javasysmo3332163598510036709.dll
C:\Users\T B\AppData\Local\Temp\javasysmo3349645109437729168.dll
C:\Users\T B\AppData\Local\Temp\javasysmo3387096160866463465.dll
C:\Users\T B\AppData\Local\Temp\javasysmo3433440718889296903.dll
C:\Users\T B\AppData\Local\Temp\javasysmo345779341697107575.dll
C:\Users\T B\AppData\Local\Temp\javasysmo3459211882552585180.dll
C:\Users\T B\AppData\Local\Temp\javasysmo3485146896484450810.dll
C:\Users\T B\AppData\Local\Temp\javasysmo3508447683880057508.dll
C:\Users\T B\AppData\Local\Temp\javasysmo3558541509058433857.dll
C:\Users\T B\AppData\Local\Temp\javasysmo3649930596703983017.dll
C:\Users\T B\AppData\Local\Temp\javasysmo3677528876704308255.dll
C:\Users\T B\AppData\Local\Temp\javasysmo3686923811833443474.dll
C:\Users\T B\AppData\Local\Temp\javasysmo3693787288483943928.dll
C:\Users\T B\AppData\Local\Temp\javasysmo3700150156008145634.dll
C:\Users\T B\AppData\Local\Temp\javasysmo3706400010743543357.dll
C:\Users\T B\AppData\Local\Temp\javasysmo3707261764634271531.dll
C:\Users\T B\AppData\Local\Temp\javasysmo370979323487771338.dll
C:\Users\T B\AppData\Local\Temp\javasysmo3711286579718390468.dll
C:\Users\T B\AppData\Local\Temp\javasysmo3780884096896708163.dll
C:\Users\T B\AppData\Local\Temp\javasysmo3793890292781949478.dll
C:\Users\T B\AppData\Local\Temp\javasysmo3806583573829276702.dll
C:\Users\T B\AppData\Local\Temp\javasysmo3874828309674269242.dll
C:\Users\T B\AppData\Local\Temp\javasysmo3884020444200133606.dll
C:\Users\T B\AppData\Local\Temp\javasysmo3917336755254316005.dll
C:\Users\T B\AppData\Local\Temp\javasysmo3965004275957010191.dll
C:\Users\T B\AppData\Local\Temp\javasysmo3975251058938353245.dll
C:\Users\T B\AppData\Local\Temp\javasysmo3988193952662956554.dll
C:\Users\T B\AppData\Local\Temp\javasysmo4026374378146152334.dll
C:\Users\T B\AppData\Local\Temp\javasysmo406907350130409470.dll
C:\Users\T B\AppData\Local\Temp\javasysmo4078378761758492569.dll
C:\Users\T B\AppData\Local\Temp\javasysmo4109773302523459390.dll
C:\Users\T B\AppData\Local\Temp\javasysmo4110769475046057910.dll
C:\Users\T B\AppData\Local\Temp\javasysmo4156457118171372148.dll
C:\Users\T B\AppData\Local\Temp\javasysmo4167780736715628081.dll
C:\Users\T B\AppData\Local\Temp\javasysmo4216401972628205248.dll
C:\Users\T B\AppData\Local\Temp\javasysmo4252002241548355658.dll
C:\Users\T B\AppData\Local\Temp\javasysmo430038084777385277.dll
C:\Users\T B\AppData\Local\Temp\javasysmo4375658007315082994.dll
C:\Users\T B\AppData\Local\Temp\javasysmo4453554140732334674.dll
C:\Users\T B\AppData\Local\Temp\javasysmo4461935372060380354.dll
C:\Users\T B\AppData\Local\Temp\javasysmo4478063629345082787.dll
C:\Users\T B\AppData\Local\Temp\javasysmo4481314517036216489.dll
C:\Users\T B\AppData\Local\Temp\javasysmo4506244776555202234.dll
C:\Users\T B\AppData\Local\Temp\javasysmo4539236745314265526.dll
C:\Users\T B\AppData\Local\Temp\javasysmo4593431204208972591.dll
C:\Users\T B\AppData\Local\Temp\javasysmo4628644743157511886.dll
C:\Users\T B\AppData\Local\Temp\javasysmo4638568430818822899.dll
C:\Users\T B\AppData\Local\Temp\javasysmo4664305368041922487.dll
C:\Users\T B\AppData\Local\Temp\javasysmo4695940694916443519.dll
C:\Users\T B\AppData\Local\Temp\javasysmo4705534473100585569.dll
C:\Users\T B\AppData\Local\Temp\javasysmo4713596893129130361.dll
C:\Users\T B\AppData\Local\Temp\javasysmo472846579507007126.dll
C:\Users\T B\AppData\Local\Temp\javasysmo4751663072868325989.dll
C:\Users\T B\AppData\Local\Temp\javasysmo4757136283690354064.dll
C:\Users\T B\AppData\Local\Temp\javasysmo4758394299150647606.dll
C:\Users\T B\AppData\Local\Temp\javasysmo4780516338784722466.dll
C:\Users\T B\AppData\Local\Temp\javasysmo4805968070476258736.dll
C:\Users\T B\AppData\Local\Temp\javasysmo4824650487325155669.dll
C:\Users\T B\AppData\Local\Temp\javasysmo4857974592762321872.dll
C:\Users\T B\AppData\Local\Temp\javasysmo4867362104389650387.dll
C:\Users\T B\AppData\Local\Temp\javasysmo4884549387046863170.dll
C:\Users\T B\AppData\Local\Temp\javasysmo4941525398489395679.dll
C:\Users\T B\AppData\Local\Temp\javasysmo5028536482132642269.dll
C:\Users\T B\AppData\Local\Temp\javasysmo5040774703485367038.dll
C:\Users\T B\AppData\Local\Temp\javasysmo5049037756012606274.dll
C:\Users\T B\AppData\Local\Temp\javasysmo5058867514862970976.dll
C:\Users\T B\AppData\Local\Temp\javasysmo5064768520725093394.dll
C:\Users\T B\AppData\Local\Temp\javasysmo5082631654554753709.dll
C:\Users\T B\AppData\Local\Temp\javasysmo512540736313072750.dll
C:\Users\T B\AppData\Local\Temp\javasysmo5137369554423885138.dll
C:\Users\T B\AppData\Local\Temp\javasysmo5181541262382087995.dll
C:\Users\T B\AppData\Local\Temp\javasysmo520550296952902061.dll
C:\Users\T B\AppData\Local\Temp\javasysmo5248443794496259088.dll
C:\Users\T B\AppData\Local\Temp\javasysmo5259562646142476016.dll
C:\Users\T B\AppData\Local\Temp\javasysmo5287091621352000410.dll
C:\Users\T B\AppData\Local\Temp\javasysmo5310754550794008920.dll
C:\Users\T B\AppData\Local\Temp\javasysmo5325838354845934692.dll
C:\Users\T B\AppData\Local\Temp\javasysmo5357851951479472081.dll
C:\Users\T B\AppData\Local\Temp\javasysmo5363785776383784408.dll
C:\Users\T B\AppData\Local\Temp\javasysmo5366187834175228892.dll
C:\Users\T B\AppData\Local\Temp\javasysmo5367833132876346715.dll
C:\Users\T B\AppData\Local\Temp\javasysmo5460623127431570525.dll
C:\Users\T B\AppData\Local\Temp\javasysmo5511626714738326894.dll
C:\Users\T B\AppData\Local\Temp\javasysmo5586401372160061139.dll
C:\Users\T B\AppData\Local\Temp\javasysmo5594274901967867832.dll
C:\Users\T B\AppData\Local\Temp\javasysmo5603707162505714231.dll
C:\Users\T B\AppData\Local\Temp\javasysmo5640252234419122073.dll
C:\Users\T B\AppData\Local\Temp\javasysmo5730536977475738154.dll
C:\Users\T B\AppData\Local\Temp\javasysmo5807732903691931059.dll
C:\Users\T B\AppData\Local\Temp\javasysmo5831362822324450657.dll
C:\Users\T B\AppData\Local\Temp\javasysmo5842305061385601327.dll
C:\Users\T B\AppData\Local\Temp\javasysmo5843601996599410579.dll
C:\Users\T B\AppData\Local\Temp\javasysmo5856780729363602962.dll
C:\Users\T B\AppData\Local\Temp\javasysmo5875748192144273645.dll
C:\Users\T B\AppData\Local\Temp\javasysmo5879842952507474521.dll
C:\Users\T B\AppData\Local\Temp\javasysmo5891299110651602269.dll
C:\Users\T B\AppData\Local\Temp\javasysmo5897711590136972802.dll
C:\Users\T B\AppData\Local\Temp\javasysmo5898440640262826516.dll
C:\Users\T B\AppData\Local\Temp\javasysmo5900328425526154969.dll
C:\Users\T B\AppData\Local\Temp\javasysmo5901383963068256389.dll
C:\Users\T B\AppData\Local\Temp\javasysmo5926901793950905016.dll
C:\Users\T B\AppData\Local\Temp\javasysmo5957624085646710582.dll
C:\Users\T B\AppData\Local\Temp\javasysmo5997589158341139184.dll
C:\Users\T B\AppData\Local\Temp\javasysmo6028614209215649129.dll
C:\Users\T B\AppData\Local\Temp\javasysmo6211211308395615204.dll
C:\Users\T B\AppData\Local\Temp\javasysmo628774376285486950.dll
C:\Users\T B\AppData\Local\Temp\javasysmo6315279097388226561.dll
C:\Users\T B\AppData\Local\Temp\javasysmo6329958422113229955.dll
C:\Users\T B\AppData\Local\Temp\javasysmo6337372675148686192.dll
C:\Users\T B\AppData\Local\Temp\javasysmo6379026349530956036.dll
C:\Users\T B\AppData\Local\Temp\javasysmo6400982939634117419.dll
C:\Users\T B\AppData\Local\Temp\javasysmo643445823756304333.dll
C:\Users\T B\AppData\Local\Temp\javasysmo6464773679966815002.dll
C:\Users\T B\AppData\Local\Temp\javasysmo6473735666684467248.dll
C:\Users\T B\AppData\Local\Temp\javasysmo6510835684612778065.dll
C:\Users\T B\AppData\Local\Temp\javasysmo6598655074638924039.dll
C:\Users\T B\AppData\Local\Temp\javasysmo6598974610477761496.dll
C:\Users\T B\AppData\Local\Temp\javasysmo6727153534530580928.dll
C:\Users\T B\AppData\Local\Temp\javasysmo6732658238136732290.dll
C:\Users\T B\AppData\Local\Temp\javasysmo6745890325375017598.dll
C:\Users\T B\AppData\Local\Temp\javasysmo6754831994322310251.dll
C:\Users\T B\AppData\Local\Temp\javasysmo677303195660589028.dll
C:\Users\T B\AppData\Local\Temp\javasysmo6792512953153890322.dll
C:\Users\T B\AppData\Local\Temp\javasysmo6793704548423091998.dll
C:\Users\T B\AppData\Local\Temp\javasysmo6809265518520651896.dll
C:\Users\T B\AppData\Local\Temp\javasysmo6814480132692672597.dll
C:\Users\T B\AppData\Local\Temp\javasysmo6838647057665139484.dll
C:\Users\T B\AppData\Local\Temp\javasysmo6852756200989300361.dll
C:\Users\T B\AppData\Local\Temp\javasysmo686137831360343228.dll
C:\Users\T B\AppData\Local\Temp\javasysmo6880048337767441129.dll
C:\Users\T B\AppData\Local\Temp\javasysmo6888407364528799234.dll
C:\Users\T B\AppData\Local\Temp\javasysmo6928559561756443477.dll
C:\Users\T B\AppData\Local\Temp\javasysmo6942865034687863225.dll
C:\Users\T B\AppData\Local\Temp\javasysmo6954619401039352701.dll
C:\Users\T B\AppData\Local\Temp\javasysmo6973270172608439067.dll
C:\Users\T B\AppData\Local\Temp\javasysmo6979454998534455179.dll
C:\Users\T B\AppData\Local\Temp\javasysmo6985791550548224732.dll
C:\Users\T B\AppData\Local\Temp\javasysmo6989786959041006017.dll
C:\Users\T B\AppData\Local\Temp\javasysmo701263859076660170.dll
C:\Users\T B\AppData\Local\Temp\javasysmo7058963335501562396.dll
C:\Users\T B\AppData\Local\Temp\javasysmo708429069338848873.dll
C:\Users\T B\AppData\Local\Temp\javasysmo7088353478887246705.dll
C:\Users\T B\AppData\Local\Temp\javasysmo710337019971921129.dll
C:\Users\T B\AppData\Local\Temp\javasysmo7103876144891585457.dll
C:\Users\T B\AppData\Local\Temp\javasysmo7167077123332538184.dll
C:\Users\T B\AppData\Local\Temp\javasysmo7208911292985227601.dll
C:\Users\T B\AppData\Local\Temp\javasysmo7209303856512317786.dll
C:\Users\T B\AppData\Local\Temp\javasysmo7248857741487804752.dll
C:\Users\T B\AppData\Local\Temp\javasysmo7282325332676222354.dll
C:\Users\T B\AppData\Local\Temp\javasysmo7289587673532243641.dll
C:\Users\T B\AppData\Local\Temp\javasysmo731878525113542831.dll
C:\Users\T B\AppData\Local\Temp\javasysmo7327513025228892018.dll
C:\Users\T B\AppData\Local\Temp\javasysmo7343992961991274016.dll
C:\Users\T B\AppData\Local\Temp\javasysmo7424762595662639912.dll
C:\Users\T B\AppData\Local\Temp\javasysmo7438369948384361761.dll
C:\Users\T B\AppData\Local\Temp\javasysmo7464947882529270215.dll
C:\Users\T B\AppData\Local\Temp\javasysmo7493516222906478411.dll
C:\Users\T B\AppData\Local\Temp\javasysmo7529439534733478518.dll
C:\Users\T B\AppData\Local\Temp\javasysmo7580019138861890608.dll
C:\Users\T B\AppData\Local\Temp\javasysmo7626284541121514376.dll
C:\Users\T B\AppData\Local\Temp\javasysmo7661972790092037943.dll
C:\Users\T B\AppData\Local\Temp\javasysmo7767815586359237164.dll
C:\Users\T B\AppData\Local\Temp\javasysmo7820470712069381250.dll
C:\Users\T B\AppData\Local\Temp\javasysmo7838455598368869762.dll
C:\Users\T B\AppData\Local\Temp\javasysmo7849175848358833617.dll
C:\Users\T B\AppData\Local\Temp\javasysmo7866386906834043964.dll
C:\Users\T B\AppData\Local\Temp\javasysmo7952300924801789230.dll
C:\Users\T B\AppData\Local\Temp\javasysmo7966067337130491014.dll
C:\Users\T B\AppData\Local\Temp\javasysmo7984994465338095995.dll
C:\Users\T B\AppData\Local\Temp\javasysmo7986214192204608729.dll
C:\Users\T B\AppData\Local\Temp\javasysmo7987068872552571968.dll
C:\Users\T B\AppData\Local\Temp\javasysmo8010591550550478221.dll
C:\Users\T B\AppData\Local\Temp\javasysmo8022419675016068281.dll
C:\Users\T B\AppData\Local\Temp\javasysmo8077262764697873673.dll
C:\Users\T B\AppData\Local\Temp\javasysmo8098090213865316551.dll
C:\Users\T B\AppData\Local\Temp\javasysmo8106819634717578013.dll
C:\Users\T B\AppData\Local\Temp\javasysmo8130826834832156279.dll
C:\Users\T B\AppData\Local\Temp\javasysmo8140895102182757041.dll
C:\Users\T B\AppData\Local\Temp\javasysmo822722905047109569.dll
C:\Users\T B\AppData\Local\Temp\javasysmo8241032504561651641.dll
C:\Users\T B\AppData\Local\Temp\javasysmo8280480039935464077.dll
C:\Users\T B\AppData\Local\Temp\javasysmo8368798192534569045.dll
C:\Users\T B\AppData\Local\Temp\javasysmo8414223186276332281.dll
C:\Users\T B\AppData\Local\Temp\javasysmo8438369659805617673.dll
C:\Users\T B\AppData\Local\Temp\javasysmo847741863082907358.dll
C:\Users\T B\AppData\Local\Temp\javasysmo8492275201564573907.dll
C:\Users\T B\AppData\Local\Temp\javasysmo850062991534958485.dll
C:\Users\T B\AppData\Local\Temp\javasysmo8515266697854569552.dll
C:\Users\T B\AppData\Local\Temp\javasysmo8547482430050499399.dll
C:\Users\T B\AppData\Local\Temp\javasysmo8570167768442311210.dll
C:\Users\T B\AppData\Local\Temp\javasysmo8581237417938303121.dll
C:\Users\T B\AppData\Local\Temp\javasysmo8651208532220581515.dll
C:\Users\T B\AppData\Local\Temp\javasysmo8707580627820529851.dll
C:\Users\T B\AppData\Local\Temp\javasysmo8749665904142257666.dll
C:\Users\T B\AppData\Local\Temp\javasysmo8765874171473400556.dll
C:\Users\T B\AppData\Local\Temp\javasysmo8777768668363275600.dll
C:\Users\T B\AppData\Local\Temp\javasysmo8803500625038794658.dll
C:\Users\T B\AppData\Local\Temp\javasysmo8804670069623088087.dll
C:\Users\T B\AppData\Local\Temp\javasysmo885467812259028012.dll
C:\Users\T B\AppData\Local\Temp\javasysmo8928309674093829856.dll
C:\Users\T B\AppData\Local\Temp\javasysmo8969175231494276771.dll
C:\Users\T B\AppData\Local\Temp\javasysmo8979690549311748929.dll
C:\Users\T B\AppData\Local\Temp\javasysmo8981251634301383571.dll
C:\Users\T B\AppData\Local\Temp\javasysmo8986451531142674957.dll
C:\Users\T B\AppData\Local\Temp\javasysmo901306435437766735.dll
C:\Users\T B\AppData\Local\Temp\javasysmo9081183603676898245.dll
C:\Users\T B\AppData\Local\Temp\javasysmo9082980006892211847.dll
C:\Users\T B\AppData\Local\Temp\javasysmo9100306717025108577.dll
C:\Users\T B\AppData\Local\Temp\javasysmo9122416644021757090.dll
C:\Users\T B\AppData\Local\Temp\javasysmo9190618075451374038.dll
C:\Users\T B\AppData\Local\Temp\javasysmo9205186590056203770.dll
C:\Users\T B\AppData\Local\Temp\javasysmo9211505544872367498.dll
C:\Users\T B\AppData\Local\Temp\javasysmo927106423513073256.dll
C:\Users\T B\AppData\Local\Temp\javasysmo930218759844749411.dll
C:\Users\T B\AppData\Local\Temp\javasysmo957799004543609410.dll
C:\Users\T B\AppData\Local\Temp\javasysmo961607305694527043.dll
C:\Users\T B\AppData\Local\Temp\javasysmo965991603831732449.dll
C:\Users\T B\AppData\Local\Temp\javasysmo989873218413817501.dll
C:\Users\T B\AppData\Local\Temp\javasysmo998518597238540764.dll
C:\Users\T B\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\T B\AppData\Local\Temp\kZDTNUQNpb.exe
C:\Users\T B\AppData\Local\Temp\Mg1sDfIcAZ.exe
C:\Users\T B\AppData\Local\Temp\sdf6EB2.exe
C:\Users\T B\AppData\Local\Temp\sdf6F10.exe
C:\Users\T B\AppData\Local\Temp\SkypeSetup.exe
C:\Users\T B\AppData\Local\Temp\t51X6ApVCR.exe
C:\Users\T B\AppData\Local\Temp\Uninstaller-3572.exe
C:\Users\T B\AppData\Local\Temp\Uninstaller-3956.exe
C:\Users\T B\AppData\Local\Temp\urcFRaNKQl.exe
C:\Users\T B\AppData\Local\Temp\VsZfFWBkDs.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-07-18 13:11
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 tbauer81

tbauer81
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:00 AM

Posted 20 July 2016 - 09:15 AM

Additionally...I know the link I clicked which had the .exe download that caused this issue, if that helps



#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:00 AM

Posted 20 July 2016 - 03:30 PM

Hello
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  • I will be analyzing your log. I will get back to you with instructions.




1.
Please uninstall the following programs
SafeFinder
System Healer
PC Speed Up
InternetPlus

2.
Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.




3.
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will start to update its database...please wait until complete.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a report (AdwCleaner[SX].txt) will open in Notepad (where the largest value of X represents the most recent report).
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 tbauer81

tbauer81
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:00 AM

Posted 20 July 2016 - 07:58 PM

Thanks for the help,,I ran the fixlist.txt and pasted the log below, going to attempt to get Adwcleaner to install and run and will reply if it is still not allowing me to access malware cleaner related websites

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 18-07-2016
Ran by T B (2016-07-20 20:50:54) Run:1
Running from C:\Users\T B\Desktop
Loaded Profiles: T B & postgres (Available Profiles: T B & postgres)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKLM\...\Run: [autoauto] => C:\Program Files (x86)\flagship\poinsettia.exe [28672 2016-07-20] (windows)
HKLM\...\Run: [cutoauto] => C:\Program Files (x86)\flagship\pebbled.exe [41203 2016-07-20] ()
HKLM\...\Run: [expands.exeproblemo.exe] => C:\Program Files (x86)\flagship\poinsettia.exe [28672 2016-07-20] (windows)
HKLM\...\Run: [toys] => C:\Program Files (x86)\flagship\poinsettia.exe [28672 2016-07-20] (windows)
HKLM\...\Run: [interpee] => C:\Program Files (x86)\lims\problemo.exe [9216 2016-07-20] ()
HKLM-x32\...\Run: [autoauto] => C:\Program Files (x86)\flagship\poinsettia.exe [28672 2016-07-20] (windows)
HKLM-x32\...\Run: [cutoauto] => C:\Program Files (x86)\flagship\pebbled.exe [41203 2016-07-20] ()
HKLM-x32\...\Run: [toys] => C:\Program Files (x86)\flagship\poinsettia.exe [28672 2016-07-20] (windows)
HKLM-x32\...\Run: [interpee] => C:\Program Files (x86)\lims\problemo.exe [9216 2016-07-20] ()
HKU\S-1-5-21-1052316088-3023028506-1941122972-1001\...\Run: [rutoauto] => C:\Program Files (x86)\flagship\poinsettia.exe [28672 2016-07-20] (windows)
HKU\S-1-5-21-1052316088-3023028506-1941122972-1001\...\Run: [dutoauto] => C:\Program Files (x86)\flagship\pebbled.exe [41203 2016-07-20] ()
HKU\S-1-5-21-1052316088-3023028506-1941122972-1001\...\Run: [toys] => C:\Program Files (x86)\flagship\poinsettia.exe [28672 2016-07-20] (windows)
HKU\S-1-5-21-1052316088-3023028506-1941122972-1001\...\Run: [interpee] => C:\Program Files (x86)\lims\problemo.exe [9216 2016-07-20] ()
HKU\S-1-5-21-1052316088-3023028506-1941122972-1001\...\Run: [taxies] => C:\Program Files (x86)\flagship\poinsettia.exe [28672 2016-07-20] (windows)
HKU\S-1-5-21-1052316088-3023028506-1941122972-1001\...\Run: [toolmaking] => C:\Program Files (x86)\lims\problemo.exe [9216 2016-07-20] ()
HKU\S-1-5-21-1052316088-3023028506-1941122972-1001\...\Run: [gadd] => C:\Program Files (x86)\keebler\gadd.exe [40264 2016-07-20] ()
HKU\S-1-5-21-1052316088-3023028506-1941122972-1001\...\Run: [jarosz] => C:\Program Files (x86)\keebler\expands.exe [10752 2016-07-20] (marbling)
AppInit_DLLs: C:\ProgramData\Holdtam\Tristough.dll => C:\ProgramData\Holdtam\Tristough.dll [363008 2016-07-20] ()
AppInit_DLLs-x32: C:\ProgramData\Holdtam\Rancof.dll => C:\ProgramData\Holdtam\Rancof.dll [257536 2016-07-20] ()
Startup: C:\Users\T B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ok47643784.lnk [2016-07-20]
ShortcutTarget: ok47643784.lnk -> C:\Program Files (x86)\flagship\poinsettia.exe (windows)
Startup: C:\Users\T B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ok47643784willinger.lnk [2016-07-20]
ShortcutTarget: ok47643784willinger.lnk -> C:\Program Files (x86)\lims\problemo.exe ()
Startup: C:\Users\T B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\willinger.lnk [2016-07-20]
ShortcutTarget: willinger.lnk -> C:\Program Files (x86)\flagship\poinsettia.exe (windows)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 1 <======= ATTENTION (Restriction - ProxySettings)
ProxyEnable: [HKLM] => Proxy is enabled.
ProxyEnable: [HKLM-x32] => Proxy is enabled.
ProxyServer: [HKLM] => http=127.0.0.1:8877;https=127.0.0.1:8877
ProxyServer: [HKLM-x32] => http=127.0.0.1:8877;https=127.0.0.1:8877
AutoConfigURL: [HKLM] => http=127.0.0.1:8877;https=127.0.0.1:8877
ProxyEnable: [S-1-5-21-1052316088-3023028506-1941122972-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-1052316088-3023028506-1941122972-1001] => http=127.0.0.1:8877;https=127.0.0.1:8877
Hosts: 0.0.0.1 mssplus.mcafee.com
ManualProxies: 1http=127.0.0.1:8877;https=127.0.0.1:8877
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1052316088-3023028506-1941122972-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1052316088-3023028506-1941122972-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBVRmzv2pJwNObb5I2Gl0KYX7VPj-wMCIHGlT9cBX_5mMcQk9HNz-jxhVCjTy9POtnTy_9WQtaI-7jJ2I5-EqUPjWRUH9ytdI-3Qk8wbeP3Tu6q71CMfQ4MidrGThVzdKNKI5PXCCRFRB3mOw9nkVEfFDDT9_e5VsKiHJCAsTl5EoVK4rBmz7HBBA,,&q={searchTerms}
HKU\S-1-5-21-1052316088-3023028506-1941122972-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBVRmzv2pJwNObb5I2Gl0KYX7VPj-wMCIHGlT9cBX_5mMcQk9HNz-jxhVCjTy9POtnTy_9WQtaI-7jJ2I5-EqUPjWRUE5dGN1cRIluMjkQ25mEPvyMk3B-Ai7wcUQE05IIKB5zRIVZMkxm8_Xrh-m7i6gVtDDgvXjoDwt8LhskcEb-ITL47a1DfSQ,,
HKU\S-1-5-21-1052316088-3023028506-1941122972-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBVRmzv2pJwNObb5I2Gl0KYX7VPj-wMCIHGlT9cBX_5mMcQk9HNz-jxhVCjTy9POtnTy_9WQtaI-7jJ2I5-EqUPjWRUH9ytdI-3Qk8wbeP3Tu6q71CMfQ4MidrGThVzdKNKI5PXCCRFRB3mOw9nkVEfFDDT9_e5VsKiHJCAsTl5EoVK4rBmz7HBBA,,&q={searchTerms}
HKU\S-1-5-21-1052316088-3023028506-1941122972-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBVRmzv2pJwNObb5I2Gl0KYX7VPj-wMCIHGlT9cBX_5mMcQk9HNz-jxhVCjTy9POtnTy_9WQtaI-7jJ2I5-EqUPjWRUH9ytdI-3Qk8wbeP3Tu6q71CMfQ4MidrGThVzdKNKI5PXCCRFRB3mOw9nkVEfFDDT9_e5VsKiHJCAsTl5EoVK4rBmz7HBBA,,&q={searchTerms}
HKU\S-1-5-21-1052316088-3023028506-1941122972-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBVRmzv2pJwNObb5I2Gl0KYX7VPj-wMCIHGlT9cBX_5mMcQk9HNz-jxhVCjTy9POtnTy_9WQtaI-7jJ2I5-EqUPjWRUE5dGN1cRIluMjkQ25mEPvyMk3B-Ai7wcUQE05IIKB5zRIVZMkxm8_Xrh-m7i6gVtDDgvXjoDwt8LhskcEb-ITL47a1DfSQ,,
HKU\S-1-5-21-1052316088-3023028506-1941122972-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBVRmzv2pJwNObb5I2Gl0KYX7VPj-wMCIHGlT9cBX_5mMcQk9HNz-jxhVCjTy9POtnTy_9WQtaI-7jJ2I5-EqUPjWRUH9ytdI-3Qk8wbeP3Tu6q71CMfQ4MidrGThVzdKNKI5PXCCRFRB3mOw9nkVEfFDDT9_e5VsKiHJCAsTl5EoVK4rBmz7HBBA,,&q={searchTerms}
HKU\S-1-5-21-1052316088-3023028506-1941122972-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBVRmzv2pJwNObb5I2Gl0KYX7VPj-wMCIHGlT9cBX_5mMcQk9HNz-jxhVCjTy9POtnTy_9WQtaI-7jJ2I5-EqUPjWRUH9ytdI-3Qk8wbeP3Tu6q71CMfQ4MidrGThVzdKNKI5PXCCRFRB3mOw9nkVEfFDDT9_e5VsKiHJCAsTl5EoVK4rBmz7HBBA,,&q={searchTerms}
HKU\S-1-5-21-1052316088-3023028506-1941122972-1003\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBVRmzv2pJwNObb5I2Gl0KYX7VPj-wMCIHGlT9cBX_5mMcQk9HNz-jxhVCjTy9POtnTy_9WQtaI-7jJ2I5-EqUPjWRUH9ytdI-3Qk8wbeP3Tu6q71CMfQ4MidrGThVzdKNKI5PXCCRFRB3mOw9nkVEfFDDT9_e5VsKiHJCAsTl5EoVK4rBmz7HBBA,,&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = 
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBVRmzv2pJwNObb5I2Gl0KYX7VPj-wMCIHGlT9cBX_5mMcQk9HNz-jxhVCjTy9POtnTy_9WQtaI-7jJ2I5-EqUPjWRUH9ytdI-3Qk8wbeP3Tu6q71CMfQ4MidrGThVzdKNKI5PXCCRFRB3mOw9nkVEfFDDT9_e5VsKiHJCAsTl5EoVK4rBmz7HBBA,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1052316088-3023028506-1941122972-1001 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBVRmzv2pJwNObb5I2Gl0KYX7VPj-wMCIHGlT9cBX_5mMcQk9HNz-jxhVCjTy9POtnTy_9WQtaI-7jJ2I5-EqUPjWRUH9ytdI-3Qk8wbeP3Tu6q71CMfQ4MidrGThVzdKNKI5PXCCRFRB3mOw9nkVEfFDDT9_e5VsKiHJCAsTl5EoVK4rBmz7HBBA,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1052316088-3023028506-1941122972-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBVRmzv2pJwNObb5I2Gl0KYX7VPj-wMCIHGlT9cBX_5mMcQk9HNz-jxhVCjTy9POtnTy_9WQtaI-7jJ2I5-EqUPjWRUH9ytdI-3Qk8wbeP3Tu6q71CMfQ4MidrGThVzdKNKI5PXCCRFRB3mOw9nkVEfFDDT9_e5VsKiHJCAsTl5EoVK4rBmz7HBBA,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1052316088-3023028506-1941122972-1003 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBVRmzv2pJwNObb5I2Gl0KYX7VPj-wMCIHGlT9cBX_5mMcQk9HNz-jxhVCjTy9POtnTy_9WQtaI-7jJ2I5-EqUPjWRUH9ytdI-3Qk8wbeP3Tu6q71CMfQ4MidrGThVzdKNKI5PXCCRFRB3mOw9nkVEfFDDT9_e5VsKiHJCAsTl5EoVK4rBmz7HBBA,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1052316088-3023028506-1941122972-1003 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBVRmzv2pJwNObb5I2Gl0KYX7VPj-wMCIHGlT9cBX_5mMcQk9HNz-jxhVCjTy9POtnTy_9WQtaI-7jJ2I5-EqUPjWRUH9ytdI-3Qk8wbeP3Tu6q71CMfQ4MidrGThVzdKNKI5PXCCRFRB3mOw9nkVEfFDDT9_e5VsKiHJCAsTl5EoVK4rBmz7HBBA,,&q={searchTerms}
CHR Extension: (Bazz Search) - C:\Users\T B\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinhfkamckbogjgmbmdkdebbbpnmlaef [2016-07-20]
C:\Users\T B\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinhfkamckbogjgmbmdkdebbbpnmlaef
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\T B\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-07-12]
C:\Users\T B\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
CHR StartupUrls: Default -> "hxxp://bleephomepage.com/"
CHR DefaultSearchURL: Default -> hxxp://feed.bazzsearch.com/?fext=true&publisherid=51206&publisher=defaultbazz&st=ed&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Bazz Search
R2 backlh; C:\ProgramData\Logic Handler\set.exe [2089472 2016-05-15] () [File not signed]
U2 brattle; C:\Windows\taggart.exe [7680 2016-07-20] (weakley) [File not signed]
R2 CloudPrinter; C:\ProgramData\\CloudPrinter\\CloudPrinter.exe [681984 2016-07-20] () [File not signed]
U2 exhibited; C:\Windows\honcho.exe [8192 2016-07-20] (tortora) [File not signed]
R2 Holdtam; C:\ProgramData\\Holdtam\\Holdtam.exe [681984 2016-07-20] () [File not signed]
S4 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe" [X]
S2 MBAMService; "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe" [X]
S2 PCSUService; C:\Program Files (x86)\PC Speed Up\PCSUService.exe [X]
S2 SCService; "C:\Program Files (x86)\PC Speed Up\SpeedCheckerService.exe" [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2016-07-20 00:28 - 2016-07-20 00:28 - 0000000 _____ () C:\Users\T B\AppData\Local\run.txt
2016-07-20 00:27 - 2016-07-20 00:27 - 1021267 _____ () C:\Users\T B\AppData\Local\setupone.exe
2016-07-20 00:29 - 2016-07-20 00:29 - 0000001 _____ () C:\Users\T B\AppData\Local\setupsuccessful.txt
2016-07-20 00:28 - 2016-07-20 00:29 - 0000000 _____ () C:\Users\T B\AppData\Local\stxtname.txt
2016-07-20 00:28 - 2016-07-20 00:28 - 0000000 _____ () C:\Users\T B\AppData\Local\tr5b.txt
Task: {0AEA6585-C1CE-4E82-B8E5-6635F28A07F3} - System32\Tasks\a18101489 => C:\Program Files (x86)\flagship\poinsettia.exe [2016-07-20] (windows)
Task: {20B0B83A-88A8-4934-B410-13BE55612FC4} - \{0D0A0D47-780F-7E08-7D11-7E0A0C08110A} -> No File <==== ATTENTION
Task: {303F6141-3C93-4A5B-915C-3D4FFA21B600} - System32\Tasks\ab00A0GGiTkFzcFzCxXqdE-ni-2016-07-20-ni-17657-ni-1 => C:\Program Files (x86)\flagship\poinsettia.exe [2016-07-20] (windows)
Task: {3493111F-E074-48D1-B0B6-21139116A212} - \System Healer Task -> No File <==== ATTENTION
Task: {39A6ADDD-0B57-409F-8C70-DE529C47FF87} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {3F4C8589-B0A2-41EE-BFB3-FB64A1DEA41C} - System32\Tasks\dD8115817581158175 => C:\Program Files (x86)\lims\problemo.exe [2016-07-20] ()
Task: {46F3A25A-29D2-4B72-9338-3656B33691C9} - System32\Tasks\b18101489 => C:\Program Files (x86)\keebler\expands.exe [2016-07-20] (marbling)
Task: {47F8D9E9-ACF2-4053-ACCF-F7F2F2E895F3} - System32\Tasks\PC SpeedUp Service Deactivator => C:\Program Files (x86)\PC Speed Up\PCSUSD.exe <==== ATTENTION
Task: {4D16AAE3-2DCA-4730-96A0-66284163F102} - \System HealerPeriod -> No File <==== ATTENTION
Task: {557151A5-86A6-42AC-B896-672D2056F9AF} - \LuckyBrowse -> No File <==== ATTENTION
Task: {56BB1D7E-E5D5-498D-A8AE-73B5B83451B1} - System32\Tasks\210066710 => C:\Program Files (x86)\keebler\expands.exe [2016-07-20] (marbling) <==== ATTENTION
Task: {7A1E967A-57B1-435C-872D-A5781B331CB8} - \SystemHealer Run Delay -> No File <==== ATTENTION
Task: {7D640596-5C51-4258-AED2-21C7B60D48F5} - \SystemHealer Monitor -> No File <==== ATTENTION
Task: {8667781A-B9B8-4330-8BA6-1FE7CC0CB6DA} - \Adobe Acrobat Update Task -> No File <==== ATTENTION
Task: {9F759807-4873-4772-B7D5-611F337F5267} - System32\Tasks\System HealerStartUp => C:\Program Files (x86)\SystemHealer\SystemHealer.exe <==== ATTENTION
Task: {A2CA3703-8F66-439F-B8B6-12A9CF945CBE} - System32\Tasks\110066710 => C:\Program Files (x86)\keebler\expands.exe [2016-07-20] (marbling) <==== ATTENTION
Task: {D1D851E6-EAE9-4613-93B0-42E28517B17A} - System32\Tasks\a8115817581158175 => C:\Program Files (x86)\lims\problemo.exe [2016-07-20] ()
Task: {D8B44A40-BB75-48E6-9571-C2E31B59187C} - System32\Tasks\dc00A0GGiTkFzcFzCxXqdE-ni-2016-07-20-ni-17657-ni-1 => C:\Program Files (x86)\flagship\poinsettia.exe [2016-07-20] (windows)
Task: {F4EF587F-711A-4B83-BAE6-945D81E61032} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: C:\Windows\Tasks\PC SpeedUp Service Deactivator.job => C:\Program Files (x86)\PC Speed Up\PCSUSD.exe <==== ATTENTION
Task: C:\Windows\Tasks\System HealerPeriod.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe <==== ATTENTION
Task: C:\Windows\Tasks\System HealerStartUp.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe <==== ATTENTION
FirewallRules: [{AB15EDE4-2155-4AF6-B66D-F1624AE93F26}] => (Allow) C:\Program Files (x86)\LuckyBrowse\app\LuckyBrowse.exe
FirewallRules: [{30E7440F-CF90-40F4-A86D-4C6CF1C50F5B}] => (Allow) C:\Program Files (x86)\LuckyBrowse\app\LuckyBrowse.exe
FirewallRules: [{983EB39A-B3D7-4347-9E33-96E1D500D609}] => (Allow) C:\Users\T B\AppData\Local\ddnowyes.exe
FirewallRules: [{53214BE5-4351-471A-B8F7-265CFB6C2BB9}] => (Allow) C:\Users\T B\AppData\Local\68673659.exe
FirewallRules: [{5BE1EF16-82E3-4B17-AC37-098AB3D232AD}] => (Allow) C:\Users\T B\AppData\Local\tinstall.exe
FirewallRules: [{8244B352-C505-4B5E-9E1B-43EF57106731}] => (Allow) C:\Users\T B\AppData\Local\cap.exe
FirewallRules: [{5B962F45-F838-4A79-92B9-7AEA0B12F459}] => (Allow) C:\Users\T B\AppData\Local\ddnow.exe
FirewallRules: [{5BB56B72-DB13-449F-B539-F8E172B05B2C}] => (Allow) C:\Program Files (x86)\flagship\poinsettia.exe
FirewallRules: [{3CF91D43-F52D-4025-AA9E-34C9292AEE73}] => (Allow) C:\Program Files (x86)\flagship\pebbled.exe
FirewallRules: [{9A2FE159-B628-46EA-AF5C-92AA3365F033}] => (Allow) C:\Program Files (x86)\keebler\expands.exe
FirewallRules: [{4F8CFA03-D4B8-4CB0-B3FA-D9DEB8F19257}] => (Allow) C:\Program Files (x86)\lims\problemo.exe
FirewallRules: [{E8AC9170-CFA7-490A-B15B-CAA251339C84}] => (Allow) C:\Windows\honcho.exe
2016-07-20 00:27 - 2016-05-15 18:04 - 02089472 _____ () C:\ProgramData\Logic Handler\set.exe
2016-07-20 00:27 - 2016-07-20 00:26 - 00681984 _____ () C:\ProgramData\CloudPrinter\CloudPrinter.exe
2016-07-20 00:05 - 2016-07-20 00:05 - 00006656 _____ () C:\Windows\dll.dll
2016-07-20 00:27 - 2016-07-20 00:26 - 00681984 _____ () C:\ProgramData\Holdtam\Holdtam.exe
2016-07-20 00:05 - 2016-07-20 00:05 - 00015872 _____ () C:\Program Files (x86)\flagship\lib.dll
2016-07-20 00:05 - 2016-07-20 00:05 - 00313344 _____ () C:\Program Files (x86)\flagship\common.dll
2016-07-20 00:05 - 2016-07-20 00:05 - 00041203 _____ () C:\Program Files (x86)\flagship\pebbled.exe
2016-07-20 00:05 - 2016-07-20 00:05 - 00040264 _____ () C:\Program Files (x86)\keebler\gadd.exe
2016-07-20 00:05 - 2016-07-20 00:05 - 00009216 _____ () C:\Program Files (x86)\lims\problemo.exe
2016-07-20 00:05 - 2016-07-20 00:05 - 00004608 _____ () C:\Program Files (x86)\lims\settings.dll
2016-07-20 00:05 - 2016-07-20 00:05 - 00313344 _____ () C:\Program Files (x86)\lims\common.dll
2016-07-20 00:27 - 2016-07-20 00:27 - 00027136 _____ () C:\ProgramData\Holdtam\Tranbam.exe
2016-07-20 01:26 - 2016-07-20 01:26 - 00011264 _____ () C:\Users\T B\AppData\Local\Temp\nsfFA.tmp\System.dll
2016-07-20 01:28 - 2016-07-20 01:28 - 00140800 _____ () \\?\C:\Users\T B\AppData\Local\Temp\9BD1.tmp.node
Emptytemp:
Hosts:
 
 
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\autoauto => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\cutoauto => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\expands.exeproblemo.exe => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\toys => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\interpee => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\autoauto => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\cutoauto => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\toys => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\interpee => value removed successfully
HKU\S-1-5-21-1052316088-3023028506-1941122972-1001\Software\Microsoft\Windows\CurrentVersion\Run\\rutoauto => value removed successfully
HKU\S-1-5-21-1052316088-3023028506-1941122972-1001\Software\Microsoft\Windows\CurrentVersion\Run\\dutoauto => value removed successfully
HKU\S-1-5-21-1052316088-3023028506-1941122972-1001\Software\Microsoft\Windows\CurrentVersion\Run\\toys => value removed successfully
HKU\S-1-5-21-1052316088-3023028506-1941122972-1001\Software\Microsoft\Windows\CurrentVersion\Run\\interpee => value removed successfully
HKU\S-1-5-21-1052316088-3023028506-1941122972-1001\Software\Microsoft\Windows\CurrentVersion\Run\\taxies => value removed successfully
HKU\S-1-5-21-1052316088-3023028506-1941122972-1001\Software\Microsoft\Windows\CurrentVersion\Run\\toolmaking => value removed successfully
HKU\S-1-5-21-1052316088-3023028506-1941122972-1001\Software\Microsoft\Windows\CurrentVersion\Run\\gadd => value removed successfully
HKU\S-1-5-21-1052316088-3023028506-1941122972-1001\Software\Microsoft\Windows\CurrentVersion\Run\\jarosz => value removed successfully
"C:\ProgramData\Holdtam\Tristough.dll" => Value data not found.
"C:\ProgramData\Holdtam\Rancof.dll" => Value data not found.
C:\Users\T B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ok47643784.lnk => moved successfully
C:\Program Files (x86)\flagship\poinsettia.exe => moved successfully
C:\Users\T B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ok47643784willinger.lnk => moved successfully
C:\Program Files (x86)\lims\problemo.exe => moved successfully
C:\Users\T B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\willinger.lnk => moved successfully
C:\Program Files (x86)\flagship\poinsettia.exe => not found.
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value not found.
HKU\S-1-5-21-1052316088-3023028506-1941122972-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\S-1-5-21-1052316088-3023028506-1941122972-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1052316088-3023028506-1941122972-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-1052316088-3023028506-1941122972-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-1052316088-3023028506-1941122972-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-1052316088-3023028506-1941122972-1001\Software\Microsoft\Internet Explorer\Main\\Search Bar => value removed successfully
HKU\S-1-5-21-1052316088-3023028506-1941122972-1001\Software\Microsoft\Internet Explorer\Main\\SearchAssistant => value removed successfully
HKU\S-1-5-21-1052316088-3023028506-1941122972-1003\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-1052316088-3023028506-1941122972-1003\Software\Microsoft\Internet Explorer\Main\\Search Bar => value removed successfully
HKU\S-1-5-21-1052316088-3023028506-1941122972-1003\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-1052316088-3023028506-1941122972-1003\Software\Microsoft\Internet Explorer\Main\\SearchAssistant => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch" => key removed successfully
HKCR\Wow6432Node\CLSID\ielnksrch => key not found. 
HKU\S-1-5-21-1052316088-3023028506-1941122972-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1052316088-3023028506-1941122972-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}" => key removed successfully
HKCR\CLSID\{ielnksrch} => key not found. 
HKU\S-1-5-21-1052316088-3023028506-1941122972-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1052316088-3023028506-1941122972-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}" => key removed successfully
HKCR\CLSID\{ielnksrch} => key not found. 
C:\Users\T B\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinhfkamckbogjgmbmdkdebbbpnmlaef => moved successfully
"C:\Users\T B\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinhfkamckbogjgmbmdkdebbbpnmlaef" => not found.
C:\Users\T B\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio => moved successfully
"C:\Users\T B\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio" => not found.
Chrome StartupUrls => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
backlh => Service stopped successfully.
backlh => service removed successfully
brattle => service removed successfully
CloudPrinter => Service stopped successfully.
CloudPrinter => service removed successfully
exhibited => service removed successfully
Holdtam => service not found.
MBAMScheduler => service removed successfully
MBAMService => service removed successfully
PCSUService => service removed successfully
SCService => service removed successfully
Synth3dVsc => service removed successfully
tsusbhub => service removed successfully
VGPU => service removed successfully
C:\Users\T B\AppData\Local\run.txt => moved successfully
C:\Users\T B\AppData\Local\setupone.exe => moved successfully
C:\Users\T B\AppData\Local\setupsuccessful.txt => moved successfully
C:\Users\T B\AppData\Local\stxtname.txt => moved successfully
C:\Users\T B\AppData\Local\tr5b.txt => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0AEA6585-C1CE-4E82-B8E5-6635F28A07F3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AEA6585-C1CE-4E82-B8E5-6635F28A07F3}" => key removed successfully
C:\Windows\System32\Tasks\a18101489 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\a18101489" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{20B0B83A-88A8-4934-B410-13BE55612FC4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20B0B83A-88A8-4934-B410-13BE55612FC4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0D0A0D47-780F-7E08-7D11-7E0A0C08110A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{303F6141-3C93-4A5B-915C-3D4FFA21B600}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{303F6141-3C93-4A5B-915C-3D4FFA21B600}" => key removed successfully
C:\Windows\System32\Tasks\ab00A0GGiTkFzcFzCxXqdE-ni-2016-07-20-ni-17657-ni-1 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ab00A0GGiTkFzcFzCxXqdE-ni-2016-07-20-ni-17657-ni-1" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3493111F-E074-48D1-B0B6-21139116A212}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3493111F-E074-48D1-B0B6-21139116A212}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System Healer Task" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{39A6ADDD-0B57-409F-8C70-DE529C47FF87}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39A6ADDD-0B57-409F-8C70-DE529C47FF87}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3F4C8589-B0A2-41EE-BFB3-FB64A1DEA41C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F4C8589-B0A2-41EE-BFB3-FB64A1DEA41C}" => key removed successfully
C:\Windows\System32\Tasks\dD8115817581158175 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\dD8115817581158175" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{46F3A25A-29D2-4B72-9338-3656B33691C9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46F3A25A-29D2-4B72-9338-3656B33691C9}" => key removed successfully
C:\Windows\System32\Tasks\b18101489 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\b18101489" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{47F8D9E9-ACF2-4053-ACCF-F7F2F2E895F3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47F8D9E9-ACF2-4053-ACCF-F7F2F2E895F3}" => key removed successfully
C:\Windows\System32\Tasks\PC SpeedUp Service Deactivator => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC SpeedUp Service Deactivator" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D16AAE3-2DCA-4730-96A0-66284163F102}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D16AAE3-2DCA-4730-96A0-66284163F102}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System HealerPeriod" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{557151A5-86A6-42AC-B896-672D2056F9AF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{557151A5-86A6-42AC-B896-672D2056F9AF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LuckyBrowse" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{56BB1D7E-E5D5-498D-A8AE-73B5B83451B1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56BB1D7E-E5D5-498D-A8AE-73B5B83451B1}" => key removed successfully
C:\Windows\System32\Tasks\210066710 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\210066710" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7A1E967A-57B1-435C-872D-A5781B331CB8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A1E967A-57B1-435C-872D-A5781B331CB8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemHealer Run Delay" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7D640596-5C51-4258-AED2-21C7B60D48F5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D640596-5C51-4258-AED2-21C7B60D48F5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemHealer Monitor" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8667781A-B9B8-4330-8BA6-1FE7CC0CB6DA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8667781A-B9B8-4330-8BA6-1FE7CC0CB6DA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9F759807-4873-4772-B7D5-611F337F5267}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F759807-4873-4772-B7D5-611F337F5267}" => key removed successfully
C:\Windows\System32\Tasks\System HealerStartUp => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System HealerStartUp" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A2CA3703-8F66-439F-B8B6-12A9CF945CBE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2CA3703-8F66-439F-B8B6-12A9CF945CBE}" => key removed successfully
C:\Windows\System32\Tasks\110066710 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\110066710" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D1D851E6-EAE9-4613-93B0-42E28517B17A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1D851E6-EAE9-4613-93B0-42E28517B17A}" => key removed successfully
C:\Windows\System32\Tasks\a8115817581158175 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\a8115817581158175" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D8B44A40-BB75-48E6-9571-C2E31B59187C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8B44A40-BB75-48E6-9571-C2E31B59187C}" => key removed successfully
C:\Windows\System32\Tasks\dc00A0GGiTkFzcFzCxXqdE-ni-2016-07-20-ni-17657-ni-1 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\dc00A0GGiTkFzcFzCxXqdE-ni-2016-07-20-ni-17657-ni-1" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F4EF587F-711A-4B83-BAE6-945D81E61032}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4EF587F-711A-4B83-BAE6-945D81E61032}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => key removed successfully
C:\Windows\Tasks\PC SpeedUp Service Deactivator.job => moved successfully
C:\Windows\Tasks\System HealerPeriod.job => moved successfully
C:\Windows\Tasks\System HealerStartUp.job => moved successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AB15EDE4-2155-4AF6-B66D-F1624AE93F26} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{30E7440F-CF90-40F4-A86D-4C6CF1C50F5B} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{983EB39A-B3D7-4347-9E33-96E1D500D609} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{53214BE5-4351-471A-B8F7-265CFB6C2BB9} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5BE1EF16-82E3-4B17-AC37-098AB3D232AD} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8244B352-C505-4B5E-9E1B-43EF57106731} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5B962F45-F838-4A79-92B9-7AEA0B12F459} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5BB56B72-DB13-449F-B539-F8E172B05B2C} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3CF91D43-F52D-4025-AA9E-34C9292AEE73} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9A2FE159-B628-46EA-AF5C-92AA3365F033} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4F8CFA03-D4B8-4CB0-B3FA-D9DEB8F19257} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E8AC9170-CFA7-490A-B15B-CAA251339C84} => value removed successfully
C:\ProgramData\Logic Handler\set.exe => moved successfully
C:\ProgramData\CloudPrinter\CloudPrinter.exe => moved successfully
C:\Windows\dll.dll => moved successfully
"C:\ProgramData\Holdtam\Holdtam.exe" => not found.
C:\Program Files (x86)\flagship\lib.dll => moved successfully
C:\Program Files (x86)\flagship\common.dll => moved successfully
Could not move "C:\Program Files (x86)\flagship\pebbled.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\keebler\gadd.exe" => Scheduled to move on reboot.
"C:\Program Files (x86)\lims\problemo.exe" => not found.
C:\Program Files (x86)\lims\settings.dll => moved successfully
C:\Program Files (x86)\lims\common.dll => moved successfully
C:\ProgramData\Holdtam\Tranbam.exe => moved successfully
C:\Users\T B\AppData\Local\Temp\nsfFA.tmp\System.dll => moved successfully
C:\Users\T B\AppData\Local\Temp\9BD1.tmp.node => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 67109896 B
Java, Flash, Steam htmlcache => 72696570 B
Windows/system/drivers => 795330863 B
Edge => 0 B
Chrome => 39456134 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 43292162 B
systemprofile32 => 66356 B
LocalService => 132244 B
NetworkService => 150814 B
T B => 1148799324 B
postgres => 0 B
 
RecycleBin => 0 B
EmptyTemp: => 2 GB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-07-20 20:54:55)
 
C:\Program Files (x86)\flagship\pebbled.exe => Is moved successfully
C:\Program Files (x86)\keebler\gadd.exe => Is moved successfully
 
==== End of Fixlog 20:54:56 ====


#5 tbauer81

tbauer81
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:00 AM

Posted 20 July 2016 - 08:09 PM

And here is the ADWcleaner log file, I kept that pc disconnected from network while I ran it, just in case it would attempt to remove or block it from running or updating, can connect to network and try again if you advise it, will await further instruction.

 

# AdwCleaner v5.201 - Logfile created 20/07/2016 at 21:02:06
# Updated 30/06/2016 by ToolsLib
# Database : 2016-06-30.2 [Local]
# Operating system : Windows 7 Ultimate Service Pack 1 (X64)
# Username : T B - TB-PC
# Running from : C:\Users\T B\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\ProgramData\LuckyBrowse
[-] Folder Deleted : C:\ProgramData\CloudPrinter
[-] Folder Deleted : C:\ProgramData\Logic Handler
[-] Folder Deleted : C:\ProgramData\fa88993f-2e21-1
[-] Folder Deleted : C:\ProgramData\fa88993f-5d33-0
[#] Folder Deleted : C:\ProgramData\Application Data\LuckyBrowse
[#] Folder Deleted : C:\ProgramData\Application Data\CloudPrinter
[#] Folder Deleted : C:\ProgramData\Application Data\Logic Handler
[#] Folder Deleted : C:\ProgramData\Application Data\fa88993f-2e21-1
[#] Folder Deleted : C:\ProgramData\Application Data\fa88993f-5d33-0
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pc speed up
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
[#] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Up
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\LuckyBrowse
[-] Folder Deleted : C:\Program Files (x86)\LuckyBrowse
[-] Folder Deleted : C:\Program Files (x86)\pc speed up
[-] Folder Deleted : C:\Program Files (x86)\SystemHealer
[#] Folder Deleted : C:\Program Files (x86)\PC Speed Up
[-] Folder Deleted : C:\Users\T B\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp
[-] Folder Deleted : C:\Users\T B\AppData\Roaming\System Healer
 
***** [ Files ] *****
 
[-] File Deleted : C:\END
[-] File Deleted : C:\Windows\SysWOW64\findit.xml
[-] File Deleted : C:\Users\T B\AppData\Local\cap.exe
[-] File Deleted : C:\Users\T B\AppData\Local\cap4.exe
[-] File Deleted : C:\Users\T B\AppData\Local\ddnow.exe
[-] File Deleted : C:\Users\T B\AppData\Local\ddnow4.exe
[-] File Deleted : C:\Users\T B\AppData\Local\tinstall.exe
[-] File Deleted : C:\Users\T B\AppData\Local\tinstall4.exe
 
***** [ DLLs ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [SpeedCheckerService.exe]
[-] Value Deleted : HKCU\Environment [SNF]
[-] Value Deleted : HKCU\Environment [SNP]
[-] Key Deleted : HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting
[#] Value Deleted : HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION [SpeedCheckerService.exe]
[-] Key Deleted : HKLM\SOFTWARE\Classes\PCSU.Registry
[-] Key Deleted : HKLM\SOFTWARE\Classes\PCSU.Registry.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\PCSU.SysUtils
[-] Key Deleted : HKLM\SOFTWARE\Classes\PCSU.SysUtils.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C42038D-817A-472C-8C2A-EF46F1DA576D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{873C7DA8-195D-4D5A-B830-C5E2831901EA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3157E247-2784-4028-BF0F-52D6DDC70E1B}
[-] Key Deleted : HKCU\Software\Speedchecker Limited
[-] Key Deleted : HKCU\Software\System Healer
[-] Key Deleted : HKCU\Software\INSTALLPATH\STATUS
[-] Key Deleted : HKLM\SOFTWARE\LuckyBrowse
[-] Key Deleted : HKLM\SOFTWARE\Speedchecker Limited
[-] Key Deleted : HKLM\SOFTWARE\SrpnFiles
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Key Deleted : [x64] HKLM\SOFTWARE\Speedchecker Limited
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SCService
 
***** [ Web browsers ] *****
 
[-] [C:\Users\T B\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bopakagnckmlgajfccecajhnimjiiedh
[-] [C:\Users\T B\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : pinhfkamckbogjgmbmdkdebbbpnmlaef
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [4420 bytes] - [20/07/2016 21:02:06]
C:\AdwCleaner\AdwCleaner[S1].txt - [4622 bytes] - [20/07/2016 21:00:25]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4566 bytes] ##########


#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:00 AM

Posted 24 July 2016 - 11:42 AM

Lets run one more tools for any leftovers. After running this tool go ahead and go back on the network and see how the computer runs.

 

ESET Online Scanner

  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:00 AM

Posted 01 August 2016 - 06:19 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users