Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92789 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

search.ask.com will not go away [Solved]


  • This topic is locked This topic is locked
19 replies to this topic

#1 teeps

teeps

    Authentic Member

  • Authentic Member
  • PipPip
  • 170 posts

Posted 20 August 2014 - 10:42 PM

Windows 8.1

HP Pavilion Touchsmart 15 Sleekbook

 

This one is driving me nuts.  I've been cleaning up this computer and everything seemed to go smoothly, but I just can't get rid of the search.ask.com tabs when I start up Chrome.  I've used Malwarebytes, AdwCleaner, and HitmanPro to no avail.  I've manually gone into Chrome's settings and removed the start pages, cleared the cache, removed the ask search engines and it still won't go away.  I've even deleted the user profile for Chrome. I don't see the Ask toolbar in the uninstall programs area, nor anything produced by Ask or Mindspark.  I've tried running the antimalwares in Safe Mode and that didn't work either.  I'm completely fresh out of ideas.

 

The computer also seems to be acting a little strange in terms of trying to install software.  Some will install without a hitch.  Others will get stuck at some point and not install at all, even when waiting for several hours.  That seems to coincide with a loss of network connection at times, but not always.  It feels like there is a proxy in the way or possibly issues with LSP but nothing is indicated by HijackThis or LSPFix.  I've also run TDSSKiller and it found nothing.

 

Thanks in advance for your help.

  

OTL logfile created on: 8/20/2014 11:04:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Schela\Desktop\_TeepsToolBox
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.47 Gb Total Physical Memory | 3.57 Gb Available Physical Memory | 65.20% Memory free
6.35 Gb Paging File | 4.61 Gb Available in Paging File | 72.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 673.39 Gb Total Space | 598.89 Gb Free Space | 88.94% Space Free | Partition Type: NTFS
Drive D: | 24.14 Gb Total Space | 2.88 Gb Free Space | 11.92% Space Free | Partition Type: NTFS
 
Computer Name: SEGANDER | User Name: Schela | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Schela\Desktop\_TeepsToolBox\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\nis.exe (Symantec Corporation)
PRC - C:\Windows\SysWOW64\WWAHost.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe (IObit)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Norton Zone\Engine\1.0.15.12\NZ.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe (IVT Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IEEtwCollectorService) -- C:\WINDOWS\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (ClickToRunSvc) -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (workfolderssvc) -- C:\Windows\SysNative\workfolderssvc.dll (Microsoft Corporation)
SRV:64bit: - (WdNisSvc) -- C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (lfsvc) -- C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation)
SRV:64bit: - (AppXSvc) -- C:\Windows\SysNative\AppXDeploymentServer.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppReadiness) -- C:\Windows\SysNative\AppReadiness.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (w3logsvc) -- C:\Windows\SysNative\inetsrv\w3logsvc.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (WEPHOSTSVC) -- C:\Windows\SysNative\wephostsvc.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicguestinterface) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (smphost) -- C:\Windows\SysNative\smphost.dll (Microsoft Corporation)
SRV:64bit: - (ScDeviceEnum) -- C:\Windows\SysNative\ScDeviceEnum.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (NcbService) -- C:\Windows\SysNative\ncbservice.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (lxea_device) -- C:\Windows\SysNative\lxeacoms.exe ( )
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe (Symantec Corporation)
SRV - (LiveUpdateSvc) -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (IObit)
SRV - (lfsvc) -- C:\Windows\SysWOW64\GeofenceMonitorService.dll (Microsoft Corporation)
SRV - (AdvancedSystemCareService7) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe (IObit)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (w3logsvc) -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (NZ) -- C:\Program Files (x86)\Norton Zone\Engine\1.0.15.12\NZ.exe (Symantec Corporation)
SRV - (PrintNotify) -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (smphost) -- C:\Windows\SysWOW64\smphost.dll (Microsoft Corporation)
SRV - (HPConnectedRemote) -- C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe (Hewlett-Packard)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (BlueSoleilCS) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe (IVT Corporation)
SRV - (BsHelpCS) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe (IVT Corporation)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (hitmanpro37) -- C:\Windows\SysNative\drivers\hitmanpro37.sys ()
DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys (IObit)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (WdNisDrv) -- C:\Windows\SysNative\drivers\WdNisDrv.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (Wof) -- C:\WINDOWS\SysNative\drivers\wof.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1505000.013\symefa64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1505000.013\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (ReFS) -- C:\WINDOWS\SysNative\drivers\refs.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1505000.013\symnets.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1505000.013\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\drivers\BthLEEnum.sys (Microsoft Corporation)
DRV:64bit: - (rtbth) -- C:\Windows\SysNative\drivers\rtbth.sys (Ralink Technology, Corp.)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (intelpep) -- C:\Windows\SysNative\drivers\intelpep.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (SymELAM) -- C:\Windows\SysNative\drivers\NISx64\1505000.013\symelam.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1505000.013\symds64.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1505000.013\ironx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1505000.013\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SerCx2) -- C:\Windows\SysNative\drivers\SerCx2.sys (Microsoft Corporation)
DRV:64bit: - (stornvme) -- C:\Windows\SysNative\drivers\stornvme.sys (Microsoft Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\WINDOWS\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (LSI_SAS3) -- C:\Windows\SysNative\drivers\lsi_sas3.sys (LSI Corporation)
DRV:64bit: - (ADP80XX) -- C:\Windows\SysNative\drivers\adp80xx.sys (PMC-Sierra)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (UEFI) -- C:\Windows\SysNative\drivers\uefi.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (ahcache) -- C:\Windows\SysNative\drivers\ahcache.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc63.sys (Microsoft Corporation)
DRV:64bit: - (NdisVirtualBus) -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (bcmfn2) -- C:\Windows\SysNative\drivers\bcmfn2.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (iaStorAV) -- C:\Windows\SysNative\drivers\iaStorAV.sys (Intel Corporation)
DRV:64bit: - (iaLPSSi_GPIO) -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys (Intel Corporation)
DRV:64bit: - (iaLPSSi_I2C) -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys (Intel Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (btUrbFilterDrv) -- C:\Windows\SysNative\drivers\IvtUrbBtFlt.sys (Ralink Corporation)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (WirelessButtonDriver) -- C:\Windows\SysNative\drivers\WirelessButtonDriver64.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (SmbDrvI) -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys (Synaptics Incorporated)
DRV:64bit: - (SmbDrv) -- C:\Windows\SysNative\drivers\Smb_driver_AMDASF.sys (Synaptics Incorporated)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW86.sys (Advanced Micro Devices)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\drivers\Rt630x64.sys (Realtek                                            )
DRV:64bit: - (BthL2caScoIfSrv) -- C:\Windows\SysNative\drivers\BtL2caScoIf.sys (Ralink Corporation)
DRV:64bit: - (RSP2STOR) -- C:\Windows\SysNative\drivers\RtsP2Stor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (BtAudioBusSrv) -- C:\Windows\SysNative\drivers\BtAudioBus.sys (IVT Corporation)
DRV:64bit: - (AODDriver4.2) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (mr7910) -- C:\Windows\SysNative\drivers\mr7910.sys (Mars Semiconductor Corp.)
DRV - (IDSVia64) -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\IPSDefs\20140819.001\IDSviA64.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20140819.001\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20140819.001\eng64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\BASHDefs\20140801.001\BHDrvx64.sys (Symantec Corporation)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.22searche...4-03-04&hpa=yes
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.22searche...4-03-04&hpa=yes
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{BAFD705B-98D4-429C-8AA5-8D2C1511B397}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...=5.5&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=21.4.0.13
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BAFD705B-98D4-429C-8AA5-8D2C1511B397}: "URL" = http://www.amazon.co...s={searchTerms}
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...=5.5&ar=msnhome
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=21.4.0.13
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...=5.5&ar=msnhome
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=21.4.0.13
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...=5.5&ar=msnhome
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=21.4.0.13
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...=5.5&ar=msnhome
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=21.4.0.13
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1610046111-1447223094-1531952853-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1610046111-1447223094-1531952853-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1610046111-1447223094-1531952853-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKU\S-1-5-21-1610046111-1447223094-1531952853-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKU\S-1-5-21-1610046111-1447223094-1531952853-1002\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1610046111-1447223094-1531952853-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1610046111-1447223094-1531952853-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1610046111-1447223094-1531952853-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\BearSharePlugin: C:\Program Files (x86)\BearShare Applications\BearShare\npBearSharePlugin.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn\ [2014/08/20 22:26:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\IPSFF [2014/05/08 10:42:02 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: YouTube = C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Norton Identity Safe = C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif\1.0.5_0\
CHR - Extension: Norton Security Toolbar = C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.6.17_0\
CHR - Extension: Google Wallet = C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/08/22 08:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\coieplg.dll (Symantec Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\coieplg.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BtTray] C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe (IVT Corporation)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1610046111-1447223094-1531952853-1002..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1610046111-1447223094-1531952853-1002..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1610046111-1447223094-1531952853-1002..\Run: [SkyDrive] C:\Users\Schela\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\Schela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-1610046111-1447223094-1531952853-1002\Software\Policies\Microsoft\Internet Explorer\Main present
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B67F192-BD66-4610-BEDF-67D7F301253A}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\WINDOWS\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\WINDOWS\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\WINDOWS\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\WINDOWS\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\WINDOWS\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\WINDOWS\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\WINDOWS\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\WINDOWS\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\WINDOWS\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\WINDOWS\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\WINDOWS\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\WINDOWS\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\WINDOWS\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) -  File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: lfsvc - C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation)
NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\WINDOWS\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/08/20 23:01:58 | 000,000,000 | ---D | C] -- C:\Users\Schela\AppData\Local\ElevatedDiagnostics
[2014/08/19 20:14:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
[2014/08/19 20:14:19 | 000,000,000 | ---D | C] -- C:\Users\Schela\AppData\Local\Anvisoft
[2014/08/19 20:14:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anvisoft
[2014/08/19 14:59:48 | 000,688,992 | ---- | C] (Swearware) -- C:\Users\Schela\Desktop\dds.com
[2014/08/19 10:14:36 | 000,000,000 | ---D | C] -- C:\Users\Schela\Desktop\_TeepsToolBox
[2014/08/19 08:35:38 | 000,000,000 | ---D | C] -- C:\8a8281279c159cbeb30c37
[2014/08/19 08:13:02 | 000,000,000 | ---D | C] -- C:\Users\Schela\AppData\Roaming\Oracle
[2014/08/19 08:07:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/08/19 08:07:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2014/08/19 08:04:05 | 000,000,000 | ---D | C] -- C:\Users\Schela\SecurityScans
[2014/08/19 07:59:05 | 000,128,288 | ---- | C] (IObit) -- C:\WINDOWS\SysNative\IObitSmartDefragExtension.dll
[2014/08/19 07:59:05 | 000,034,080 | ---- | C] (IObit) -- C:\WINDOWS\SysNative\SmartDefragBootTime.exe
[2014/08/19 07:59:00 | 000,128,288 | ---- | C] (IObit) -- C:\WINDOWS\SysNative\IObitSmartDefragExtension.dll20140819075905.dll
[2014/08/19 07:58:59 | 000,021,184 | ---- | C] (IObit) -- C:\WINDOWS\SysNative\drivers\SmartDefragDriver.sys
[2014/08/19 07:58:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3
[2014/08/19 07:38:08 | 000,027,456 | ---- | C] (IObit) -- C:\WINDOWS\SysNative\RegistryDefragBootTime.exe
[2014/08/19 07:33:14 | 000,000,000 | ---D | C] -- C:\Users\Schela\AppData\Roaming\ProductData
[2014/08/19 07:32:02 | 000,000,000 | ---D | C] -- C:\ProgramData\ProductData
[2014/08/19 07:31:57 | 000,000,000 | ---D | C] -- C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
[2014/08/19 07:31:54 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2014/08/19 07:31:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7
[2014/08/19 07:31:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2014/08/19 07:31:19 | 000,000,000 | ---D | C] -- C:\Users\Schela\AppData\Roaming\IObit
[2014/08/19 07:30:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2014/08/19 07:30:06 | 001,070,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MSCOMCTL.OCX
[2014/08/19 07:30:06 | 000,129,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MSSTDFMT.DLL
[2014/08/19 07:30:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2014/08/19 07:30:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2014/08/18 22:55:43 | 001,273,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rpcrt4.dll
[2014/08/18 22:36:54 | 000,517,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxgi.dll
[2014/08/18 22:36:53 | 002,133,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmcore.dll
[2014/08/18 22:36:34 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxtmsft.dll
[2014/08/18 22:36:32 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9diag.dll
[2014/08/18 22:36:32 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxtrans.dll
[2014/08/18 22:36:32 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mshtmled.dll
[2014/08/18 22:36:30 | 005,824,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2014/08/18 22:36:29 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll
[2014/08/18 22:36:21 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll
[2014/08/18 22:36:17 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mshtmled.dll
[2014/08/18 22:35:48 | 002,087,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl
[2014/08/18 22:35:44 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2014/08/18 22:35:41 | 002,001,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl
[2014/08/18 22:35:39 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\JavaScriptCollectionAgent.dll
[2014/08/18 22:35:38 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript9diag.dll
[2014/08/18 22:35:38 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\JavaScriptCollectionAgent.dll
[2014/08/18 22:35:37 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MshtmlDac.dll
[2014/08/18 22:35:37 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MshtmlDac.dll
[2014/08/18 22:35:34 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll
[2014/08/18 22:35:34 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll
[2014/08/18 19:17:29 | 002,140,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfcore.dll
[2014/08/18 19:17:27 | 002,125,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d9.dll
[2014/08/18 19:17:15 | 002,144,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfcore.dll
[2014/08/18 19:17:14 | 001,025,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\localspl.dll
[2014/08/18 19:17:14 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vpnike.dll
[2014/08/18 19:17:13 | 001,726,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntdll.dll
[2014/08/18 19:17:13 | 000,721,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fveapi.dll
[2014/08/18 19:17:12 | 002,844,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\actxprxy.dll
[2014/08/18 19:17:11 | 000,301,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\framedynos.dll
[2014/08/18 19:17:11 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SkyDriveShell.dll
[2014/08/18 19:17:08 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SkyDriveShell.dll
[2014/08/18 19:16:55 | 000,271,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dhcpcore6.dll
[2014/08/18 19:16:53 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\framedynos.dll
[2014/08/18 19:16:43 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dhcpcore6.dll
[2014/08/18 19:15:00 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ncobjapi.dll
[2014/08/18 19:14:17 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\framedyn.dll
[2014/08/18 19:14:17 | 000,118,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winbici.dll
[2014/08/18 19:13:50 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ncobjapi.dll
[2014/08/18 19:13:20 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Robocopy.exe
[2014/08/18 19:13:10 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Robocopy.exe
[2014/08/18 19:13:03 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dhcpcsvc6.dll
[2014/08/18 19:13:02 | 000,207,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\framedyn.dll
[2014/08/18 19:13:01 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\BulkOperationHost.exe
[2014/08/18 19:12:29 | 000,997,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\reseteng.dll
[2014/08/18 19:07:18 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\TsWpfWrp.exe
[2014/08/18 19:07:18 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TsWpfWrp.exe
[2014/08/18 19:06:46 | 003,118,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Wpc.dll
[2014/08/18 19:06:46 | 003,048,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WpcMon.exe
[2014/08/18 19:06:46 | 002,861,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WpcWebSync.dll
[2014/08/18 19:06:45 | 002,344,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Wpc.dll
[2014/08/18 19:06:23 | 004,756,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SyncEngine.dll
[2014/08/18 19:06:22 | 001,120,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SkyDrive.exe
[2014/08/18 19:06:20 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SkyDriveTelemetry.dll
[2014/08/18 19:05:54 | 016,871,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.dll
[2014/08/18 19:05:52 | 012,711,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
[2014/08/18 19:05:49 | 000,440,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\usbport.sys
[2014/08/18 19:05:49 | 000,216,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rsaenh.dll
[2014/08/18 19:05:48 | 000,467,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBHUB3.SYS
[2014/08/18 19:05:48 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WUDFHost.exe
[2014/08/18 19:05:48 | 000,209,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WUDFPlatform.dll
[2014/08/18 19:05:47 | 000,423,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\hal.dll
[2014/08/18 19:05:47 | 000,323,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DaOtpCredentialProvider.dll
[2014/08/18 19:05:46 | 000,270,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\DaOtpCredentialProvider.dll
[2014/08/18 19:05:46 | 000,027,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\usbd.sys
[2014/08/18 19:05:13 | 000,697,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aepdu.dll
[2014/08/18 19:05:13 | 000,527,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aeinv.dll
[2014/08/18 19:05:05 | 000,623,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MDMAgent.exe
[2014/08/18 19:04:54 | 000,918,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MrmCoreR.dll
[2014/08/18 19:04:40 | 002,642,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll
[2014/08/18 19:04:39 | 002,790,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msi.dll
[2014/08/18 19:04:39 | 002,318,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll
[2014/08/18 19:04:39 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msihnd.dll
[2014/08/18 19:04:39 | 000,114,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\consent.exe
[2014/08/18 19:04:38 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msihnd.dll
[2014/08/18 17:02:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/08/18 16:29:47 | 000,000,000 | ---D | C] -- C:\Users\Schela\AppData\Local\Diagnostics
[2014/08/18 16:25:53 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/08/18 16:15:47 | 000,000,000 | ---D | C] -- C:\ProgramData\2F25
[2014/08/18 16:05:46 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\WINDOWS\SysWow64\sqlite3.dll
[2014/08/18 16:04:59 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/08/18 15:39:30 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2014/08/18 15:39:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/08/18 15:39:18 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbamchameleon.sys
[2014/08/18 15:39:18 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mwac.sys
[2014/08/18 15:39:18 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys
[2014/08/18 15:39:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/08/18 15:39:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/08/18 15:39:03 | 000,000,000 | ---D | C] -- C:\Users\Schela\AppData\Local\Programs
[2014/08/18 15:35:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/08/18 15:35:46 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/07/30 08:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Schela\AppData\Local\EmieUserList
[2014/07/30 08:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Schela\AppData\Local\EmieSiteList
[2014/07/27 14:22:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2014/07/23 19:27:58 | 000,704,480 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2014/07/23 19:27:58 | 000,105,440 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2014/07/23 19:15:46 | 000,000,000 | --SD | C] -- C:\WINDOWS\SysNative\CompatTel
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/08/20 23:01:01 | 000,000,276 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{25EFDC87-1555-461A-A837-57794B8C6804}.job
[2014/08/20 22:31:32 | 000,000,950 | ---- | M] () -- C:\WINDOWS\SysWow64\bscs.ini
[2014/08/20 22:31:09 | 000,912,828 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014/08/20 22:31:09 | 000,199,104 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014/08/20 22:31:09 | 000,006,428 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014/08/20 22:28:28 | 000,003,619 | ---- | M] () -- C:\WINDOWS\SysWow64\LOCALSERVICE.INI
[2014/08/20 22:28:28 | 000,000,043 | ---- | M] () -- C:\WINDOWS\SysWow64\LOCALDEVICE.INI
[2014/08/20 22:28:12 | 000,002,163 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/08/20 22:25:05 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/08/19 22:45:27 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/08/19 22:45:26 | 404,549,631 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/19 22:43:42 | 000,000,912 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/19 22:09:00 | 000,000,916 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/19 21:41:08 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\ASC7_SkipUac_Schela.job
[2014/08/19 21:31:27 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2014/08/19 20:58:51 | 000,032,512 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\hitmanpro37.sys
[2014/08/19 20:57:15 | 000,000,318 | ---- | M] () -- C:\WINDOWS\SysNative\.crusader
[2014/08/19 20:28:35 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\HPCeeScheduleForSchela.job
[2014/08/19 14:59:57 | 000,688,992 | ---- | M] (Swearware) -- C:\Users\Schela\Desktop\dds.com
[2014/08/19 08:23:40 | 000,000,000 | ---- | M] () -- C:\asc_rdflag
[2014/08/19 07:58:59 | 000,001,158 | ---- | M] () -- C:\Users\Public\Desktop\Smart Defrag 3.lnk
[2014/08/19 07:38:24 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
[2014/08/19 07:30:07 | 000,001,055 | ---- | M] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2014/08/19 01:07:16 | 003,005,357 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\NISx64\1505000.013\Cat.DB
[2014/08/18 19:03:34 | 000,233,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfps.dll
[2014/08/18 17:12:04 | 000,428,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\FWPKCLNT.SYS
[2014/08/18 17:08:10 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieetwcollector.exe
[2014/08/18 17:08:09 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieetwproxystub.dll
[2014/08/18 17:08:09 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieetwcollectorres.dll
[2014/08/18 17:08:08 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieUnatt.exe
[2014/08/18 17:08:06 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iesetup.dll
[2014/08/18 17:08:06 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iernonce.dll
[2014/08/18 17:07:59 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msrating.dll
[2014/08/18 16:55:42 | 000,002,521 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2014/08/18 16:53:18 | 000,040,105 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\NISx64\1505000.013\VT20140701.003
[2014/08/18 15:39:22 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/08/18 15:35:47 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/08/06 17:38:18 | 000,697,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aepdu.dll
[2014/08/02 00:44:01 | 000,527,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aeinv.dll
[2014/08/01 22:11:49 | 000,918,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MrmCoreR.dll
[2014/08/01 19:17:43 | 000,704,480 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2014/08/01 19:17:43 | 000,105,440 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2014/07/31 16:03:44 | 000,000,172 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\NISx64\1505000.013\isolate.ini
[2014/07/30 08:53:26 | 000,000,735 | ---- | M] () -- C:\Users\Schela\Desktop\Start - Shortcut.lnk
[2014/07/30 08:50:03 | 000,001,668 | ---- | M] () -- C:\Users\Schela\Desktop\IMG_3566 - Shortcut.lnk
[2014/07/25 08:28:27 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll
[2014/07/25 08:25:45 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MshtmlDac.dll
[2014/07/25 07:59:28 | 000,758,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9diag.dll
[2014/07/25 07:40:12 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxtmsft.dll
[2014/07/25 07:30:32 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MshtmlDac.dll
[2014/07/25 07:28:15 | 005,824,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2014/07/25 07:28:05 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\JavaScriptCollectionAgent.dll
[2014/07/25 07:17:26 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mshtmled.dll
[2014/07/25 07:10:53 | 000,292,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxtrans.dll
[2014/07/25 07:08:47 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript9diag.dll
[2014/07/25 06:47:50 | 000,631,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll
[2014/07/25 06:43:16 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\JavaScriptCollectionAgent.dll
[2014/07/25 06:42:31 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2014/07/25 06:39:29 | 002,087,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl
[2014/07/25 06:34:04 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mshtmled.dll
[2014/07/25 06:07:49 | 002,001,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl
[2014/07/25 05:17:47 | 000,846,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll
[2014/07/25 05:09:19 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll
[2014/07/23 19:26:44 | 000,485,720 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2014/07/23 00:13:10 | 000,030,068 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\NISx64\1505000.013\symvtcer.dat
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/08/20 23:01:01 | 000,000,276 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{25EFDC87-1555-461A-A837-57794B8C6804}.job
[2014/08/19 20:58:51 | 000,032,512 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\hitmanpro37.sys
[2014/08/19 08:23:40 | 000,000,000 | ---- | C] () -- C:\asc_rdflag
[2014/08/19 07:58:59 | 000,001,158 | ---- | C] () -- C:\Users\Public\Desktop\Smart Defrag 3.lnk
[2014/08/19 07:31:54 | 000,000,262 | ---- | C] () -- C:\WINDOWS\tasks\ASC7_SkipUac_Schela.job
[2014/08/19 07:31:53 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
[2014/08/19 07:30:07 | 000,001,055 | ---- | C] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2014/08/18 19:12:20 | 000,050,745 | ---- | C] () -- C:\WINDOWS\SysNative\srms.dat
[2014/08/18 16:51:37 | 000,000,318 | ---- | C] () -- C:\WINDOWS\SysNative\.crusader
[2014/08/18 15:39:22 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/08/18 15:35:47 | 000,000,834 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/07/30 08:50:03 | 000,001,668 | ---- | C] () -- C:\Users\Schela\Desktop\IMG_3566 - Shortcut.lnk
[2014/05/30 10:03:09 | 000,000,109 | ---- | C] () -- C:\WINDOWS\SysWow64\REMOTEDEVICE.INI
[2014/05/30 08:50:10 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2014/03/17 19:48:29 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2013/11/20 19:59:02 | 000,930,400 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2013/11/20 19:55:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2013/10/24 14:44:56 | 000,000,141 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2013/09/26 22:02:38 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsvl.dat
[2013/09/26 22:02:38 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsva.dat
[2013/09/26 22:02:36 | 000,003,917 | ---- | C] () -- C:\WINDOWS\SysWow64\atipblag.dat
[2013/09/26 22:02:18 | 000,995,342 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_as32.exe
[2013/09/26 22:02:18 | 000,798,734 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_ld32.exe
[2013/09/26 22:02:12 | 000,123,392 | ---- | C] () -- C:\WINDOWS\SysWow64\amdhdl32.dll
[2013/08/22 10:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 10:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 09:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 02:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/21 22:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013/08/21 18:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/21 18:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2013/05/10 11:49:34 | 000,003,619 | ---- | C] () -- C:\WINDOWS\SysWow64\LOCALSERVICE.INI
[2013/05/10 11:49:34 | 000,000,043 | ---- | C] () -- C:\WINDOWS\SysWow64\LOCALDEVICE.INI
[2012/09/26 11:53:56 | 000,000,950 | ---- | C] () -- C:\WINDOWS\SysWow64\bscs.ini
[2012/09/19 20:36:54 | 000,057,096 | ---- | C] () -- C:\WINDOWS\SysWow64\BSWMPPlugin.dll
[2012/09/19 20:36:54 | 000,018,696 | ---- | C] () -- C:\WINDOWS\SysWow64\SCChangeMonitor.dll
[2012/09/19 20:36:52 | 000,093,544 | ---- | C] () -- C:\WINDOWS\SysWow64\BSVoIPComm.dll
[2012/09/19 20:36:52 | 000,089,352 | ---- | C] () -- C:\WINDOWS\SysWow64\BsVistaCommon.dll
[2012/09/19 20:36:48 | 000,097,640 | ---- | C] () -- C:\WINDOWS\SysWow64\BSSkypeAgent.dll
[2012/09/19 20:36:48 | 000,026,888 | ---- | C] () -- C:\WINDOWS\SysWow64\BsTrace.dll
[2012/09/19 20:36:46 | 000,352,008 | ---- | C] () -- C:\WINDOWS\SysWow64\BsExtendFunc.dll
[2012/09/19 20:36:46 | 000,070,408 | ---- | C] () -- C:\WINDOWS\SysWow64\BsProfileFunc.dll
 
========== ZeroAccess Check ==========
 
[2013/12/01 22:11:17 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/04/06 11:31:39 | 021,268,952 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/04/06 10:22:20 | 018,755,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 04:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/21 21:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 04:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/08/19 13:14:17 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2014/08/19 13:14:17 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
[2014/08/19 07:58:55 | 000,000,000 | ---D | M] -- C:\Users\Schela\AppData\Roaming\IObit
[2014/02/08 11:22:38 | 000,000,000 | ---D | M] -- C:\Users\Schela\AppData\Roaming\MusicNet
[2014/08/19 08:13:02 | 000,000,000 | ---D | M] -- C:\Users\Schela\AppData\Roaming\Oracle
[2014/08/19 07:33:14 | 000,000,000 | ---D | M] -- C:\Users\Schela\AppData\Roaming\ProductData
[2013/10/24 14:45:16 | 000,000,000 | ---D | M] -- C:\Users\Schela\AppData\Roaming\Synaptics
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< %temp%\smtmp\*.* /s > >
 
< MD5 for: EXPLORER.ADML  >
[2013/09/29 22:48:10 | 000,003,671 | ---- | M] () MD5=007B16AEF3E958080573CDB80648167D -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.3.9600.16384_en-us_13bedf9d3e4c78d1\Explorer.adml
[2013/09/29 22:48:10 | 000,003,671 | ---- | M] () MD5=007B16AEF3E958080573CDB80648167D -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.3.9600.17031_en-us_13f1d1e13e26c343\Explorer.adml
 
< MD5 for: EXPLORER.ADMX  >
[2013/06/18 09:57:40 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\WinSxS\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.3.9600.16384_none_067909bec4cce684\Explorer.admx
[2013/06/18 09:57:40 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\WinSxS\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.3.9600.17031_none_06abfc02c4a730f6\Explorer.admx
 
< MD5 for: EXPLORER.EXE  >
[2014/03/04 06:16:50 | 002,088,160 | ---- | M] (Microsoft Corporation) MD5=119E091B5386379BC5AA598BE9440C75 -- C:\Windows\SysWOW64\explorer.exe
[2014/03/04 06:16:50 | 002,088,160 | ---- | M] (Microsoft Corporation) MD5=119E091B5386379BC5AA598BE9440C75 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17039_none_4d02a60381e74c58\explorer.exe
[2014/07/23 22:40:57 | 000,015,546 | ---- | M] () MD5=347EFF7EC89C3EB4F72F2408E1C4E16D -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17031_none_4cfaa3b381ee81a0\explorer.exe
[2014/03/05 21:47:53 | 000,133,444 | ---- | M] () MD5=3DDF61E1B538A1205612192A61CC2376 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16408_none_42cd898b4d6ef82e\explorer.exe
[2014/07/23 22:40:48 | 000,238,918 | ---- | M] () MD5=5177BB4FECDDB9CDBCF10EF65916968D -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16441_none_4ceff22781f6788c\explorer.exe
[2014/07/23 21:32:23 | 000,169,957 | ---- | M] () MD5=6D919C26DCB567396CD2E119B8E4310E -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17031_none_42a5f9614d8dbfa5\explorer.exe
[2014/03/04 07:25:49 | 002,373,784 | ---- | M] (Microsoft Corporation) MD5=81394C91B7B5A7C799E249AE82491F13 -- C:\Windows\explorer.exe
[2014/03/04 07:25:49 | 002,373,784 | ---- | M] (Microsoft Corporation) MD5=81394C91B7B5A7C799E249AE82491F13 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17039_none_42adfbb14d868a5d\explorer.exe
[2014/03/06 08:08:34 | 000,127,825 | ---- | M] () MD5=983D8A3EB94B05A199D3744C0F0C475F -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16408_none_4d2233dd81cfba29\explorer.exe
[2014/07/23 21:32:19 | 000,283,735 | ---- | M] () MD5=FA98C5D746E7C9E0912E88AC44FF9926 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16441_none_429b47d54d95b691\explorer.exe
 
< MD5 for: EXPLORER.EXE.MUI  >
[2014/07/23 21:32:08 | 000,000,301 | ---- | M] () MD5=2A78ECDAEDFBF9BB7C6BBF26D3BC0082 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.3.9600.16384_en-us_f6b0e7284798d168\explorer.exe.mui
[2014/07/23 22:40:28 | 000,000,301 | ---- | M] () MD5=2A78ECDAEDFBF9BB7C6BBF26D3BC0082 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.3.9600.16384_en-us_0105917a7bf99363\explorer.exe.mui
[2014/02/22 09:48:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=EAA2163ED6F75566478EFB01FDD6316A -- C:\Windows\en-US\explorer.exe.mui
[2014/02/22 09:48:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=EAA2163ED6F75566478EFB01FDD6316A -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2014/02/22 09:48:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=EAA2163ED6F75566478EFB01FDD6316A -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.3.9600.17031_en-us_f6e3d96c47731bda\explorer.exe.mui
[2014/02/22 09:48:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=EAA2163ED6F75566478EFB01FDD6316A -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.3.9600.17031_en-us_013883be7bd3ddd5\explorer.exe.mui
 
< MD5 for: EXPLORER.EXE-03C49D11.PF  >
[2014/08/20 22:26:46 | 000,321,286 | ---- | M] () MD5=AB2578ED5CB72BD35AB0E630121FA3CD -- C:\Windows\Prefetch\EXPLORER.EXE-03C49D11.pf
 
< MD5 for: IEXPLORE.BAT  >
[2014/04/06 00:13:18 | 000,031,401 | ---- | M] () MD5=335DFF8F23E5EC02B5426362F0F8509B -- C:\Users\Schela\AppData\Local\Temp\jrt\iexplore.bat
 
< MD5 for: IEXPLORE.EXE  >
[2014/05/12 07:24:30 | 000,750,392 | ---- | M] (MalwareBytes) MD5=09882E8EDD1144E6EF1AF6D1F98305EE -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\iexplore.exe
[2014/07/23 21:34:31 | 000,006,025 | ---- | M] () MD5=2F389725D6F208D4C461DC8E981CFF63 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.0.9600.17037_none_9c96ea4690a6d345\iexplore.exe
[2014/07/23 21:34:29 | 000,005,937 | ---- | M] () MD5=34F7D576039C53E1C11EB8C094B0D6F8 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.0.9600.17031_none_9c9772f690a6397f\iexplore.exe
[2014/07/23 21:34:27 | 000,009,251 | ---- | M] () MD5=51D49B0B7FFF1ACBE4DFE6407064A3D9 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.0.9600.16521_none_9c60612a90cfaeb6\iexplore.exe
[2014/07/25 10:31:54 | 000,812,176 | ---- | M] (Microsoft Corporation) MD5=771E149F97AA6679DEF79F0953414435 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2014/07/25 10:31:54 | 000,812,176 | ---- | M] (Microsoft Corporation) MD5=771E149F97AA6679DEF79F0953414435 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.0.9600.17239_none_a6d5c730c5180064\iexplore.exe
[2014/07/23 21:34:25 | 000,012,357 | ---- | M] () MD5=981EE2CB47F67AD613AD875167F9C0C9 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.0.9600.16384_none_9c7bbe6690ba5bc1\iexplore.exe
[2014/07/23 22:41:42 | 000,005,949 | ---- | M] () MD5=9C5324BCDFBF66DD7A3D91674F3753A3 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.0.9600.17037_none_a6eb9498c5079540\iexplore.exe
[2014/07/23 22:41:34 | 000,011,191 | ---- | M] () MD5=B58AE1F698073A25AE6692CCCC70D074 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.0.9600.16384_none_a6d068b8c51b1dbc\iexplore.exe
[2014/07/23 22:41:37 | 000,009,124 | ---- | M] () MD5=B72D7811DE6E5FDDE61D26DBB2EA91A5 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.0.9600.16521_none_a6b50b7cc53070b1\iexplore.exe
[2014/07/23 22:41:39 | 000,005,964 | ---- | M] () MD5=DAFB62985D4B47DE8E824154A7C220AE -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.0.9600.17031_none_a6ec1d48c506fb7a\iexplore.exe
[2014/07/25 11:35:00 | 000,810,128 | ---- | M] (Microsoft Corporation) MD5=E8F1154367F708BD9E5BFD6A2112B4D3 -- C:\Program Files\Internet Explorer\iexplore.exe
[2014/07/25 11:35:00 | 000,810,128 | ---- | M] (Microsoft Corporation) MD5=E8F1154367F708BD9E5BFD6A2112B4D3 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.0.9600.17239_none_9c811cde90b73e69\iexplore.exe
[2014/08/19 13:01:41 | 000,003,431 | ---- | M] () MD5=F59E92D1EAEDDB2D8B6257BBF147A450 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.0.9600.17207_none_a6d2f3e2c51a811d\iexplore.exe
[2014/08/19 12:37:45 | 000,003,438 | ---- | M] () MD5=FF26F4219F00EBC3009431019D2C5FA3 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.0.9600.17207_none_9c7e499090b9bf22\iexplore.exe
 
< MD5 for: IEXPLORE.EXE.MUI  >
[2013/09/29 22:48:12 | 000,005,120 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2013/09/29 22:48:12 | 000,005,120 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2013/09/29 22:48:12 | 000,005,120 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.0.9600.16384_en-us_962853ddc8679ca8\iexplore.exe.mui
[2013/09/29 22:48:12 | 000,005,120 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.0.9600.16384_en-us_a07cfe2ffcc85ea3\iexplore.exe.mui
 
< MD5 for: IEXPLORE.EXE-7A9337F2.PF  >
[2014/08/20 23:01:08 | 000,140,104 | ---- | M] () MD5=289F8C47A8828DCB4F308A2858CC9B8D -- C:\Windows\Prefetch\IEXPLORE.EXE-7A9337F2.pf
 
< MD5 for: IEXPLORE.EXE-F4FB5D2F.PF  >
[2014/08/20 23:01:09 | 000,111,126 | ---- | M] () MD5=BBB0D2F5B9BA16C2693771D1019699B0 -- C:\Windows\Prefetch\IEXPLORE.EXE-F4FB5D2F.pf
 
< MD5 for: IEXPLORE.VISUALELEMENTSMANIFEST.XML  >
[2013/06/18 09:48:46 | 000,000,340 | ---- | M] () MD5=2C776DCD91132FCC6A8C066DD529B307 -- C:\Program Files\Internet Explorer\iexplore.VisualElementsManifest.xml
[2013/06/18 09:48:46 | 000,000,340 | ---- | M] () MD5=2C776DCD91132FCC6A8C066DD529B307 -- C:\Windows\WinSxS\amd64_microsoft-windows-immersivebrowser_31bf3856ad364e35_11.0.9600.16384_none_c673d0d2f4ca87f4\iexplore.VisualElementsManifest.xml
 
< MD5 for: SERVICES  >
[2013/08/22 10:04:54 | 000,003,777 | ---- | M] () MD5=5EE2D65841D1985E8C1BC68B2EB4357B -- C:\Windows\WinSxS\amd64_microsoft-windows-w..ucture-other-minwin_31bf3856ad364e35_6.3.9600.16384_none_25fdfd813908f8a6\services
[2014/08/19 21:45:43 | 000,093,563 | ---- | M] () MD5=F76D0E329C7D68FCA389AFD229DE5565 -- C:\Users\Schela\AppData\Roaming\Microsoft\MMC\services
 
< MD5 for: SERVICES.DAT  >
[2014/04/05 23:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Users\Schela\AppData\Local\Temp\jrt\services.dat
 
< MD5 for: SERVICES.EXE  >
[2014/03/28 10:58:34 | 000,407,016 | ---- | M] (Microsoft Corporation) MD5=067CB90C277DB4A737D5DEABA3055972 -- C:\WINDOWS\SysNative\services.exe
[2014/03/28 10:58:34 | 000,407,016 | ---- | M] (Microsoft Corporation) MD5=067CB90C277DB4A737D5DEABA3055972 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.3.9600.17084_none_2fd708ffd09a6815\services.exe
[2014/07/23 21:58:05 | 000,082,895 | ---- | M] () MD5=892D1838D0C77D4734F7E21F064CD06C -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.3.9600.16384_none_2fd72579d09a45e9\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2013/09/29 22:47:46 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=0626E9CF9F010A5E5D5A8E200A59DDDC -- C:\WINDOWS\SysNative\en-US\services.exe.mui
[2013/09/29 22:47:46 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=0626E9CF9F010A5E5D5A8E200A59DDDC -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.3.9600.16384_en-us_5abba721f9ec3435\services.exe.mui
 
< MD5 for: SERVICES.JS  >
[2014/07/17 08:46:27 | 000,080,582 | ---- | M] () MD5=AECD77C1CA2061B0AD1811B84BBF8193 -- C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.2.313_x64__8wekyb3d8bbwe\Common\js\services.js
[2014/07/17 08:46:27 | 000,080,582 | ---- | M] () MD5=AECD77C1CA2061B0AD1811B84BBF8193 -- C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.2.315_x64__8wekyb3d8bbwe\Common\js\services.js
[2014/07/17 08:45:32 | 000,080,582 | ---- | M] () MD5=AECD77C1CA2061B0AD1811B84BBF8193 -- C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.2.309_x64__8wekyb3d8bbwe\Common\js\services.js
[2014/07/17 08:46:27 | 000,080,582 | ---- | M] () MD5=AECD77C1CA2061B0AD1811B84BBF8193 -- C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.2.317_x64__8wekyb3d8bbwe\Common\js\services.js
[2014/07/17 08:46:27 | 000,080,582 | ---- | M] () MD5=AECD77C1CA2061B0AD1811B84BBF8193 -- C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.2.309_x64__8wekyb3d8bbwe\Common\js\services.js
[2014/07/17 08:46:40 | 000,080,582 | ---- | M] () MD5=AECD77C1CA2061B0AD1811B84BBF8193 -- C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.2.309_x64__8wekyb3d8bbwe\Common\js\services.js
[2014/04/01 20:35:41 | 000,079,602 | ---- | M] () MD5=FBC5971A250CA4BCA6BBEEF76C85B639 -- C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.2.258_x64__8wekyb3d8bbwe\Common\js\services.js
 
< MD5 for: SERVICES.LNK  >
[2013/08/22 01:54:57 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2013/08/22 01:54:57 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2013/08/22 01:54:57 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.3.9600.16384_none_c02242af19b1eb57\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2013/06/18 09:51:33 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\WINDOWS\SysNative\wbem\services.mof
[2013/06/18 09:51:33 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.3.9600.16384_none_c01e2072a140077e\services.mof
 
< MD5 for: SERVICES.MSC  >
[2013/09/29 22:47:49 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\WINDOWS\SysNative\en-US\services.msc
[2013/06/18 09:47:53 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\WINDOWS\SysNative\services.msc
[2013/09/29 22:47:49 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysWOW64\en-US\services.msc
[2013/06/18 07:23:54 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysWOW64\services.msc
[2013/09/29 22:47:49 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.3.9600.16384_en-us_94fd770dd055ce28\services.msc
[2013/06/18 09:47:53 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.3.9600.16384_none_c02242af19b1eb57\services.msc
[2013/06/18 07:23:54 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\wow64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.3.9600.16384_none_ca76ed014e12ad52\services.msc
[2013/09/29 22:47:49 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.3.9600.16384_en-us_38dedb8a17f85cf2\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2013/08/22 01:45:36 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\WINDOWS\SysNative\wdi\perftrack\Services.ptxml
[2013/08/22 01:45:36 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.3.9600.16384_none_c01e2072a140077e\Services.ptxml
 
< MD5 for: WINLOGON.ADML  >
[2013/09/29 23:18:27 | 000,002,631 | ---- | M] () MD5=3FC16D999444A213C04297050F42DA07 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.3.9600.16384_en-us_85c27192b0d9003d\WinLogon.adml
 
< MD5 for: WINLOGON.ADMX  >
[2013/08/22 09:57:15 | 000,001,101 | ---- | M] () MD5=513B8C31BC439F0A37EA44D540F98916 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.3.9600.16384_none_6bcbbccd4d39421a\WinLogon.admx
 
< MD5 for: WINLOGON.EXE  >
[2014/05/12 07:24:30 | 000,750,392 | ---- | M] (MalwareBytes) MD5=09882E8EDD1144E6EF1AF6D1F98305EE -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
[2014/02/22 04:45:48 | 000,562,176 | ---- | M] (Microsoft Corporation) MD5=306EB21E5B480AE9065EA55AC8C35936 -- C:\WINDOWS\SysNative\winlogon.exe
[2014/02/22 04:45:48 | 000,562,176 | ---- | M] (Microsoft Corporation) MD5=306EB21E5B480AE9065EA55AC8C35936 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.3.9600.17031_none_60b45365a8c2ccdb\winlogon.exe
[2014/07/23 22:23:00 | 000,089,459 | ---- | M] () MD5=E40DC8DF924E02F04F3620DBAC1ACE31 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.3.9600.16384_none_60816121a8e88269\winlogon.exe
 
< MD5 for: WINLOGON.EXE.MUI  >
[2013/09/29 22:48:02 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=E1EA8FA8EDA1C8E5BFF41FCECE119841 -- C:\WINDOWS\SysNative\en-US\winlogon.exe.mui
[2013/09/29 22:48:02 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=E1EA8FA8EDA1C8E5BFF41FCECE119841 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.3.9600.16384_en-us_bbb6f195d80d78ae\winlogon.exe.mui
 
< MD5 for: WINLOGON.EXE-0D9AB72B.PF  >
[2014/08/19 22:49:16 | 000,030,470 | ---- | M] () MD5=637EA5BE8C4E79B4D0FABEE0B9F04D21 -- C:\Windows\Prefetch\WINLOGON.EXE-0D9AB72B.pf
 
< MD5 for: WINLOGON.MFL  >
[2013/09/29 22:48:02 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\WINDOWS\SysNative\wbem\en-US\winlogon.mfl
[2013/09/29 22:48:02 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.3.9600.16384_en-us_19794360f345d243\winlogon.mfl
 
< MD5 for: WINLOGON.MOF  >
[2013/08/22 01:45:12 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\WINDOWS\SysNative\wbem\winlogon.mof
[2013/08/22 01:45:12 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.3.9600.16384_none_70f729db49dee3dc\winlogon.mof
 
< %SYSTEMDRIVE%\*.* >
[2014/08/19 08:23:40 | 000,000,000 | ---- | M] () -- C:\asc_rdflag
[2012/07/25 22:44:30 | 000,398,156 | RHS- | M] () -- C:\bootmgr
[2013/06/18 07:18:29 | 000,000,001 | -HS- | M] () -- C:\BOOTNXT
[2012/08/03 18:21:37 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2014/08/19 22:45:26 | 404,549,631 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/19 22:45:27 | 939,524,096 | -HS- | M] () -- C:\pagefile.sys
[2014/08/19 22:45:27 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/08/19 08:03:30 | 000,237,546 | ---- | M] () -- C:\TDSSKiller.3.0.0.40_19.08.2014_08.02.33_log.txt
 
< %systemroot%\Fonts\*.com >
[2013/11/20 19:44:37 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2013/11/20 19:44:37 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2013/11/20 19:44:37 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2013/11/20 19:44:37 | 000,043,318 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2013/08/22 10:35:03 | 000,000,065 | ---- | M] () -- C:\WINDOWS\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.exe >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.jpg >
 
< %systemroot%\*.png >
 
< %systemroot%\*.scr >
[2012/07/28 05:54:00 | 000,321,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2013/08/22 10:34:52 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C has no label.
 Volume Serial Number is 8C53-1E93
 Directory of C:\
08/22/2013  09:45 AM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
08/22/2013  09:45 AM    <JUNCTION>     Application Data [C:\ProgramData]
08/22/2013  09:45 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
08/22/2013  09:45 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
08/22/2013  09:45 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
08/22/2013  09:45 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
08/22/2013  09:45 AM    <SYMLINKD>     All Users [C:\ProgramData]
08/22/2013  09:45 AM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
08/22/2013  09:45 AM    <JUNCTION>     Application Data [C:\ProgramData]
08/22/2013  09:45 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
08/22/2013  09:45 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
08/22/2013  09:45 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
08/22/2013  09:45 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
08/22/2013  09:45 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
08/22/2013  09:45 AM    <JUNCTION>     Cookies [C:\Users\Default\AppData\Local\Microsoft\Windows\INetCookies]
08/22/2013  09:45 AM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
08/22/2013  09:45 AM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
08/22/2013  09:45 AM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
08/22/2013  09:45 AM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/22/2013  09:45 AM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
08/22/2013  09:45 AM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
08/22/2013  09:45 AM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
08/22/2013  09:45 AM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
08/22/2013  09:45 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
08/22/2013  09:45 AM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
08/22/2013  09:45 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local\Microsoft\Windows
08/22/2013  09:45 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
08/22/2013  09:45 AM    <JUNCTION>     My Music [C:\Users\Default\Music]
08/22/2013  09:45 AM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
08/22/2013  09:45 AM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Default.migrated\Documents
07/26/2012  02:22 AM    <JUNCTION>     My Music [C:\Users\Default\Music]
07/26/2012  02:22 AM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
07/26/2012  02:22 AM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
08/22/2013  09:45 AM    <JUNCTION>     My Music [C:\Users\Public\Music]
08/22/2013  09:45 AM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
08/22/2013  09:45 AM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Schela
11/20/2013  08:09 PM    <JUNCTION>     Application Data [C:\Users\Schela\AppData\Roaming]
11/20/2013  08:09 PM    <JUNCTION>     Cookies [C:\Users\Schela\AppData\Local\Microsoft\Windows\INetCookies]
11/20/2013  08:09 PM    <JUNCTION>     Local Settings [C:\Users\Schela\AppData\Local]
11/20/2013  08:09 PM    <JUNCTION>     My Documents [C:\Users\Schela\Documents]
11/20/2013  08:09 PM    <JUNCTION>     NetHood [C:\Users\Schela\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
11/20/2013  08:09 PM    <JUNCTION>     PrintHood [C:\Users\Schela\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
11/20/2013  08:09 PM    <JUNCTION>     Recent [C:\Users\Schela\AppData\Roaming\Microsoft\Windows\Recent]
11/20/2013  08:09 PM    <JUNCTION>     SendTo [C:\Users\Schela\AppData\Roaming\Microsoft\Windows\SendTo]
11/20/2013  08:09 PM    <JUNCTION>     Start Menu [C:\Users\Schela\AppData\Roaming\Microsoft\Windows\Start Menu]
11/20/2013  08:09 PM    <JUNCTION>     Templates [C:\Users\Schela\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Schela\AppData\Local
11/20/2013  08:09 PM    <JUNCTION>     Application Data [C:\Users\Schela\AppData\Local]
11/20/2013  08:09 PM    <JUNCTION>     History [C:\Users\Schela\AppData\Local\Microsoft\Windows\History]
11/20/2013  08:09 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Schela\AppData\Local\Microsoft\Windows\INetCache]
               0 File(s)              0 bytes
 Directory of C:\Users\Schela\AppData\Local\Microsoft\Windows
11/20/2013  08:09 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Schela\AppData\Local\Microsoft\Windows\INetCache]
               0 File(s)              0 bytes
 Directory of C:\Users\Schela\AppData\Local\Microsoft\Windows\INetCache
08/19/2014  10:01 PM    <JUNCTION>     Content.IE5 [C:\Users\Schela\AppData\Local\Microsoft\Windows\INetCache\IE\]
               0 File(s)              0 bytes
 Directory of C:\Users\Schela\AppData\Local\Microsoft\Windows\INetCache\Low
08/20/2014  11:00 PM    <JUNCTION>     Content.IE5 [C:\Users\Schela\AppData\Local\Microsoft\Windows\INetCache\Low\IE\]
               0 File(s)              0 bytes
 Directory of C:\Users\Schela\Documents
11/20/2013  08:09 PM    <JUNCTION>     My Music [C:\Users\Schela\Music]
11/20/2013  08:09 PM    <JUNCTION>     My Pictures [C:\Users\Schela\Pictures]
11/20/2013  08:09 PM    <JUNCTION>     My Videos [C:\Users\Schela\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Schela\SkyDrive
11/08/2013  03:34 PM               (0) .lock
11/25/2013  02:26 PM          (16,501) 2013 Christmas letter.docx
12/29/2013  12:42 PM          (22,730) address for family and friends 2.docx
12/29/2013  12:35 PM          (22,705) address for family and friends 3.docx
12/17/2013  09:05 PM          (20,177) address for family and friends 4.docx
11/24/2013  02:39 PM          (41,133) address for family and friends.docx
04/16/2014  03:18 PM          (47,508) Mayville State Disposition Document.docx
               7 File(s)        170,754 bytes
 Directory of C:\Users\Schela\SkyDrive\Documents
12/29/2013  12:38 PM          (45,618) address name 4-2.docx
01/20/2014  01:51 PM       (1,744,333) Beach Shoes.docx
12/10/2013  11:33 AM          (12,319) QVC letter.docx
01/13/2014  05:34 PM          (13,198) Taco Chili.docx
               4 File(s)      1,815,468 bytes
 Directory of C:\Users\Schela\SkyDrive\Pictures
11/04/2013  12:49 PM       (1,782,282) IMG_3009.JPG
11/04/2013  12:49 PM         (674,783) IMG_3025.JPG
11/04/2013  12:48 PM         (966,100) IMG_3063.JPG
11/04/2013  12:59 PM       (1,389,041) IMG_3275.JPG
11/04/2013  12:59 PM       (1,199,156) IMG_3276.JPG
11/04/2013  12:59 PM       (1,424,403) IMG_3277.JPG
11/04/2013  01:02 PM       (1,274,499) IMG_3278.JPG
11/04/2013  01:00 PM       (1,389,866) IMG_3279.JPG
11/04/2013  01:00 PM       (1,322,602) IMG_3280.JPG
11/04/2013  01:00 PM       (1,623,511) IMG_3281.JPG
11/04/2013  01:01 PM       (1,741,529) IMG_3282.JPG
11/04/2013  01:00 PM       (1,445,243) IMG_3284.JPG
11/04/2013  01:00 PM       (1,288,624) IMG_3287.JPG
11/04/2013  12:59 PM       (1,258,892) IMG_3292.JPG
11/04/2013  01:00 PM       (1,302,025) IMG_3294.JPG
11/04/2013  01:01 PM       (1,157,516) IMG_3296.JPG
11/04/2013  01:00 PM         (799,059) IMG_3299.JPG
11/04/2013  01:01 PM         (860,379) IMG_3303.JPG
11/04/2013  01:02 PM       (1,151,133) IMG_3305.JPG
11/04/2013  01:00 PM       (1,335,563) IMG_3307.JPG
11/04/2013  01:02 PM       (1,584,039) IMG_3308.JPG
11/04/2013  01:01 PM         (812,211) IMG_3310.JPG
11/04/2013  01:01 PM       (1,192,522) IMG_3311.JPG
11/04/2013  01:01 PM       (1,403,508) IMG_3314.JPG
11/04/2013  01:02 PM       (1,415,950) IMG_3315.JPG
11/04/2013  01:02 PM       (1,288,770) IMG_3316.JPG
              26 File(s)     33,083,206 bytes
 Directory of C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache
11/26/2013  06:30 PM    <JUNCTION>     Content.IE5 [C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache
11/26/2013  06:30 PM    <JUNCTION>     Content.IE5 [C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\]
               0 File(s)              0 bytes
     Total Files Listed:
              37 File(s)     35,069,428 bytes
              57 Dir(s)  642,892,689,408 bytes free
 
< %systemroot%\System32\config\*.sav >
 
< %PROGRAMFILES%\bak. /s >
 
< %systemroot%\system32\bak. /s >
 
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
 
< %systemroot%\system32\config\systemprofile\*.dat /x >
 
< %systemroot%\*.config >
 
< %systemroot%\system32\*.db >
 
< %PROGRAMFILES%\Internet Explorer\*.dat >
 
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2013/10/24 14:53:07 | 000,000,223 | -HS- | M] () -- C:\Users\Schela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
[2013/08/22 10:35:52 | 000,000,148 | -HS- | M] () -- C:\Users\Schela\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
 
< %USERPROFILE%\Desktop\*.exe >
 
< %PROGRAMFILES%\Common Files\*.* >
 
< %systemroot%\*.src >
 
< %systemroot%\install\*.* >
 
< %systemroot%\system32\DLL\*.* >
 
< %systemroot%\system32\HelpFiles\*.* >
 
< %systemroot%\system32\rundll\*.* >
 
< %systemroot%\winn32\*.* >
 
< %systemroot%\Java\*.* >
 
< %systemroot%\system32\test\*.* >
 
< %systemroot%\system32\Rundll32\*.* >
 
< %systemroot%\AppPatch\Custom\*.* >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
<  >
[2013/08/22 09:45:54 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2013/11/25 21:45:49 | 000,000,912 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2013/11/25 21:45:52 | 000,000,916 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2014/05/04 20:58:55 | 000,000,354 | ---- | C] () -- C:\WINDOWS\Tasks\HPCeeScheduleForSchela.job
[2014/08/19 07:31:54 | 000,000,262 | ---- | C] () -- C:\WINDOWS\Tasks\ASC7_SkipUac_Schela.job
[2014/08/20 23:01:01 | 000,000,276 | -H-- | C] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{25EFDC87-1555-461A-A837-57794B8C6804}.job
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 233 bytes -> C:\Users\Schela\SkyDrive.old:ms-properties
@Alternate Data Stream - 216 bytes -> C:\Users\Schela\SkyDrive:ms-properties
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34
 
< End of report >
 
 
===========================================================================================
EXTRAS
===========================================================================================

OTL Extras logfile created on: 8/20/2014 11:04:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Schela\Desktop\_TeepsToolBox
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.47 Gb Total Physical Memory | 3.57 Gb Available Physical Memory | 65.20% Memory free
6.35 Gb Paging File | 4.61 Gb Available in Paging File | 72.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 673.39 Gb Total Space | 598.89 Gb Free Space | 88.94% Space Free | Partition Type: NTFS
Drive D: | 24.14 Gb Total Space | 2.88 Gb Free Space | 11.92% Space Free | Partition Type: NTFS
 
Computer Name: SEGANDER | User Name: Schela | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1610046111-1447223094-1531952853-1002\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" =  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03E69664-CD8D-407B-9990-51002A0BA2C4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{063253CD-551D-4E09-9382-45FEB68D5C3E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{06BDC521-597D-4225-AAD2-78945CA34500}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{0E41CD8B-36FA-497C-8CAB-69A5B2E49176}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{176875B3-4902-49CB-B095-2FB5D2FDB434}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe | 
"{199EAAD2-B8E2-4E66-A419-4D66CCD524AE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1A5CEB9F-FFD6-49B5-8A02-B9C401EC6576}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1F5DEF5F-6505-43A0-9CC2-F345F9DF0312}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{27FA0CF6-940D-4582-8864-EA98841C0822}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{75AAB844-2333-4136-BC6B-2DFDDCA302B1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{78388225-2B69-48A4-B984-AF36658532A1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{87220FE5-DBD6-40E8-9401-7735D189CE14}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{91481B9D-3617-4267-BBF2-1FE91765055D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{93668136-66BE-4202-AD77-53EA36A5857E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{97961918-9731-4B1B-B68C-CBDFA0ED925A}" = lport=53000 | protocol=6 | dir=in | name=hpconnectedremoteservice.exe | 
"{E1FCE1DC-20A8-46A4-B264-8AE68C58A7AE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FFDE0FE1-4932-4E34-BD5C-8D4B3B078AF5}" = lport=52000 | protocol=6 | dir=in | name=hpconnectedremoteuser.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0062EAC0-691B-4A49-98AE-16306F9E898A}" = dir=out | name=hp registration | 
"{05D684EC-4642-4D3E-9F2E-5FBFF6A0EF9B}" = dir=out | name=@{microsoft.bingfinance_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{0BA37E63-74C9-43CD-95E3-D9677A6B1128}" = dir=out | name=wordament | 
"{108C3B8A-EB1A-4152-B989-C2F4232A9292}" = dir=in | name=taptiles | 
"{13D34A9F-CDD0-4A5D-8DE7-3A4765B81BEC}" = protocol=17 | dir=in | app=c:\program files (x86)\ralink corporation\ralink bluetooth stack\bluesoleilcs.exe | 
"{14B95A67-A427-46BE-8AAD-28C442D6D2EC}" = dir=out | name=@{microsoft.bingsports_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{15F2184D-BA62-4C1E-8582-7DE3FAD58DDA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{248035D1-9E6A-4FE7-AC22-134B3458A56A}" = protocol=6 | dir=in | app=c:\program files (x86)\ralink corporation\ralink bluetooth stack\bluesoleilcs.exe | 
"{281C3FD6-CC47-432D-80F3-8C2BD26237E0}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{2991E58F-3BFC-45BE-9D18-23152F67A962}" = dir=out | name=kindle | 
"{2AD89508-CFFA-4B6F-8481-0260F540ED9F}" = dir=in | name=microsoft mahjong | 
"{35514EA6-8AF8-4C49-9D7E-CAC554BEE0AE}" = dir=out | name=windows_ie_ac_001 | 
"{37F4CD06-E48D-4357-AD9F-1F243FE1B6C6}" = dir=out | name=check point vpn | 
"{396FF633-A38C-440D-B4E3-261A30278AD9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3B104E8D-6E06-4CFF-8249-F9EEF81C0110}" = dir=in | name=check point vpn | 
"{3B1B4E5F-ADCA-4FFA-9730-E403CE1492F1}" = dir=out | name=@{microsoft.zunemusic_2.2.931.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | 
"{3BC1A00E-D094-40F3-B8D0-1461ECEF0592}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | 
"{3E941229-35DA-45BE-A025-7204EDB8D047}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.2.313_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} | 
"{3E9B6628-A3F0-4F63-A13A-290F6D6D0B1A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{40A836AD-2488-42FF-8B04-7BB2BCC7CE3F}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.2.315_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} | 
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn | 
"{46E11E70-C9D5-41A5-A803-CC462BA81062}" = dir=out | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{49006FAE-A21D-4104-92F8-BC1244D2F71F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{4B00C80F-B4F4-45BC-B73C-DA9C300B2354}" = dir=out | name=savings center featured offers | 
"{4D59B4BA-CC25-47EF-902D-AFC4DA7BB9E5}" = dir=out | name=juniper networks junos pulse | 
"{4E8F31FF-E43F-4037-AA27-C1AD5E0A6310}" = dir=out | name=fresh paint | 
"{4EA08223-BF0B-436B-ABC7-A9743015B309}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{5248CB6A-2419-496D-9770-BC6BD356EE35}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{54C5AC38-8593-463E-AC72-AA0D3A81DE1E}" = dir=out | name=@{microsoft.bingsports_3.0.2.317_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} | 
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect | 
"{58987C1F-4A9C-4901-8D8F-82523AD658C6}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | 
"{598069BF-B828-4EF5-BAE5-343A725D1B5D}" = dir=out | name=@{microsoft.bingweather_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{59859313-583A-4DD8-B844-B44FAAC44D9F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{5BDBB96A-D9B0-4F4D-B242-E297730E0A7F}" = dir=out | name=f5 vpn | 
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect | 
"{6C72CC10-80C8-493A-BE1C-476AF6FD6457}" = dir=out | name=taptiles | 
"{75639835-8745-4AFC-A0A4-7BA5973F3606}" = dir=out | name=@{microsoft.bingmaps_1.6.1821.2624_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{76D5F2C1-51AF-4E3A-858F-20194F26A25B}" = dir=out | name=ebay | 
"{7B4E4662-2B55-407A-B7BE-7FA4F160D6BF}" = dir=in | name=@{ad2f1837.gettingstartedwithwindows8_1.5.3.1_neutral__v10z8vjag6ke6?ms-resource://ad2f1837.gettingstartedwithwindows8/resources/id_app_title} | 
"{7BE82F42-1413-4D85-99BE-38DDF502AF0E}" = dir=out | name=netflix | 
"{7C4473F8-E3E1-42A0-AD37-3ED646672F04}" = dir=out | name=pinterest lite | 
"{7D8FA692-1758-44F8-BAB2-4987D0C30E35}" = dir=out | name=lucky pin | 
"{7DCF1C55-85C2-4B6B-BD7A-F1FCC6CAD03E}" = protocol=6 | dir=out | app=system | 
"{7F7B82D6-E614-4EB8-8718-61FFE05CC930}" = dir=out | name=hp connected photo | 
"{7FB4F4A6-7AB1-4E72-991D-ECEA1CD97FC0}" = dir=in | name=sonicwall mobile connect | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{81DB0584-84FB-41FB-B957-01AE310E46FB}" = protocol=17 | dir=in | app=c:\program files (x86)\ralink corporation\ralink bluetooth stack\bluesoleilcs.exe | 
"{821CA4EA-F2CD-41C8-81F4-C2D8E4987798}" = dir=out | name=@{microsoft.bingtravel_3.0.2.309_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} | 
"{8252053E-175E-436D-873F-BEDB0F7049AF}" = dir=in | name=hp+ | 
"{82FD9C04-D3D5-4993-BFCB-498A31AE317B}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{845D3347-D11E-4968-831D-BFEE31B69334}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{87E904B9-701A-4A7F-AA16-61321CD17053}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{89AB972B-A13E-4CFF-9C54-7417B8147ADC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8B596299-0D06-4521-B280-1644175CBE76}" = dir=out | name=hp+ | 
"{94F5C7D0-4FB0-4EAB-A947-A6C63AAE978E}" = dir=out | name=skype | 
"{95CC05AB-7DA4-4102-9069-24509B5485ED}" = dir=in | name=hp connected photo | 
"{9706E06D-EEC0-45D0-AA66-473C466E84E7}" = dir=out | name=@{microsoft.bingweather_3.0.2.309_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/brandedapptitle} | 
"{973B3B0A-EE27-494F-AB0C-548A1FD8040D}" = dir=out | name=@{microsoft.zunemusic_1.5.177.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | 
"{999C0480-14C4-4BB8-B9CB-3EA1E70DCE7F}" = dir=out | name=windows_ie_ac_001 | 
"{9BB78F1A-44A1-4F80-A183-25083CC6E7CC}" = dir=in | name=skype | 
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{A38CA61F-CB6F-431F-86A2-B58805245A76}" = dir=in | name=juniper networks junos pulse | 
"{A7D7DD66-15C1-4058-AFC6-EE8DD03C5F33}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe | 
"{AB3E4BA7-A2D7-421B-AED7-DC9BBB651390}" = dir=in | app=c:\windows\system32\lxeacoms.exe | 
"{ADB41F6D-9E4B-4CA7-BEF9-991772392348}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AFB086A1-C96D-4E55-A312-D10F153E5421}" = protocol=6 | dir=in | app=c:\program files (x86)\ralink corporation\ralink bluetooth stack\bluesoleilcs.exe | 
"{B330756B-DF59-4FC9-8FC4-77D14E319D70}" = dir=out | name=microsoft mahjong | 
"{B535FEEA-6C74-4EFA-AD1D-2CB39D513C7B}" = dir=out | name=@{microsoft.xboxlivegames_1.3.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{BD86163F-5912-4F0E-B2B8-0BAF2EC95BCE}" = dir=in | name=f5 vpn | 
"{BDCB3FC8-C02F-4519-BD46-6BDF941ADCA6}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{C466B5CA-AE02-4620-A1CF-D598240709E4}" = dir=in | name=microsoft solitaire collection | 
"{C8AA64D5-D2A1-45F6-A03E-1CE62703E15B}" = dir=out | name=@{microsoft.bingnews_3.0.2.309_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} | 
"{CA0419A1-4465-4CCE-92B5-F9C051C470AC}" = dir=out | name=microsoft solitaire collection | 
"{CC0E2D8F-A3FB-4C74-88D1-B4758D2AFDA0}" = dir=out | name=the weather channel | 
"{CCEB51F9-F798-4291-9125-75B2C842BDB0}" = dir=out | name=@{microsoft.bingfinance_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} | 
"{CCEBB7C4-5A1A-4349-8367-66735399E072}" = dir=out | name=@{ad2f1837.gettingstartedwithwindows8_1.5.3.1_neutral__v10z8vjag6ke6?ms-resource://ad2f1837.gettingstartedwithwindows8/resources/id_app_title} | 
"{CDC1B3CF-4C36-4550-8BC5-A5D3FB0BA974}" = dir=out | name=google search | 
"{D42ABAA0-E45C-42F3-BED9-FA0AB853B0C0}" = dir=out | name=@{microsoft.zunevideo_1.5.177.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | 
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn | 
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn | 
"{E0703ECC-59B7-462C-99E0-E83E4F59AA96}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | 
"{E3186F3E-7BF2-4F47-9792-646DF3D96061}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{E5DDFA50-58F7-43BE-8AF2-C9773EC3B752}" = dir=out | name=@{microsoft.bingtravel_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{E945F49E-30E2-481C-981B-943696E8A3DD}" = dir=out | name=windows_ie_ac_001 | 
"{E95C661B-49B8-4E5A-B070-6110EB76C213}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E964E775-C8E3-4C97-9471-A51D72001C5B}" = dir=out | name=@{microsoft.bingmaps_2.1.2922.2139_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{EB164D55-342C-488D-B60B-755C9E51DD75}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{EB3F5A73-1B6F-4FC5-A7E8-EECD12FFE9E9}" = dir=out | name=hp games | 
"{EBEAA32D-232A-4AA5-B21A-F1B846B93B2A}" = dir=out | name=@{microsoft.zunevideo_2.6.215.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | 
"{EC148E68-9285-4B41-B0C3-FD718469BA0D}" = dir=out | name=@{microsoft.bingnews_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn | 
"{F430B916-0E1D-40BD-81D0-D954634CF008}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F436DBD8-D5F3-4341-B35D-E11948F103B6}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{F4505C67-E830-4EA8-A2F3-A104C92D82F6}" = dir=out | name=iheartradio | 
"{F5490DD4-4683-4452-BA88-8CD614F49843}" = dir=out | name=norton studio | 
"{F5CF261C-3CCA-41EA-9150-C787B203CF15}" = dir=in | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{F619740D-2968-4FCE-A05C-04B8FB805E95}" = dir=out | name=sonicwall mobile connect | 
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client | 
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client | 
"{F9F27293-40B7-4042-BA65-12C01F163972}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector10\pdr10.exe | 
"{FC971CCF-7B26-4928-8EAD-9426EAD4CD33}" = dir=in | name=savings center featured offers | 
"{FF1A398A-3116-4AD6-852E-6D302D58FFF5}" = protocol=17 | dir=in | name=hpconnectedremoteservice.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{43119C0E-4282-467C-A56E-FC05FAB06CFB}" = Update for Microsoft en-us Dictionary
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C8C095E-1E4E-AB24-E0BC-A5B473A4C5F7}" = AMD Fuel
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{54AC7877-2774-05AF-64AA-BC422CAF27FF}" = AMD Accelerated Video Transcoding
"{6821D775-9303-46DD-977A-2D97CA18B054}" = HP 3D DriveGuard
"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{81E20D41-C277-4526-934D-F2380AF91B78}" = iCloud
"{8FE9C1D4-F5E4-B855-1D79-FF5D11F54A19}" = AMD Catalyst Install Manager
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95DF815D-BE2D-9118-F549-39794C5869CF}" = Ralink Bluetooth Stack64
"{B8BA155B-1E75-405F-9CB4-8A99615D09DC}" = iTunes
"{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}" = HP Registration Service
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E2CBE8B3-A792-53B0-B8E3-707189165EC6}" = ccc-utility64
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"CCleaner" = CCleaner
"O365HomePremRetail - en-us" = Microsoft Office 365 - en-us
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{026424CC-5C4B-D369-F255-D6FE9A9A96C8}" = CCC Help Spanish
"{0298BF32-2DAE-0EDA-4343-23899864FDAB}" = CCC Help Japanese
"{07B3F50F-C065-6DC4-CCEF-883F1EB708D2}" = CCC Help Danish
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0C57987A-A03A-4B95-A309-D23F78F406CA}" = HP Utility Center
"{0DCCD5F4-29E7-4AA0-8C1D-F8E1503B91F4}" = Catalyst Control Center - Branding
"{0FF68208-0D48-2735-8F79-CE317D9CAB5B}" = CCC Help Korean
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{1839351A-5B7D-1A5E-FF91-19F46D8423BB}" = CCC Help Swedish
"{19327C54-F8E2-141B-3B98-B262AE2821EC}" = CCC Help German
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2D416A80-0BB1-4D8B-B770-7BE8F53D5937}" = Windows Live UX Platform Language Pack
"{2E9CD258-5B15-A2D8-0F29-AAEE1533C113}" = AMD VISION Engine Control Center
"{2FC67152-D640-97CB-CA8E-2FA3632B7562}" = CCC Help Italian
"{30B2D1D8-0A07-4B71-9553-0710C5D31E35}" = HP Wireless Button Driver
"{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}" = Movie Maker
"{418C5829-2CE1-F2FB-3AB5-64F445F8A5E7}" = CCC Help Thai
"{42F69B89-7829-6D14-77AA-701212881589}" = CCC Help English
"{44613B7A-527C-4E89-91FC-E611FA62806A}" = HP Documentation
"{46316411-80D8-4F68-8118-696E05FCE199}" = Windows Live Essentials
"{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector
"{4C8C0045-268A-8EF7-6998-495857C2FD32}" = CCC Help Chinese Standard
"{4D06D195-3BE4-DB64-9E40-CE82CA078B8C}" = CCC Help Hungarian
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{521D3E35-6FE4-44C0-FB8A-06297EA8A0DB}" = CCC Help Portuguese
"{528AB81B-D65A-4AB0-A2B6-82B51A087D01}" = HP Recovery Manager
"{59F8C5AA-91BD-423D-BF05-09A80F39898F}" = HP CoolSense
"{5CC4C963-F772-4766-BFF2-DE551E205EE9}" = Photo Common
"{60A1253C-2D51-4166-95C2-52E9CF4F8D64}" = Photo Gallery
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72AEF569-297D-71CA-9574-6E7668FA3491}" = CCC Help Finnish
"{76EACA59-8D5D-5418-C580-6A81DC6FFF8E}" = Catalyst Control Center Localization All
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7CDCF659-826F-A580-613E-38E094F36924}" = CCC Help Russian
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E5BDCFB-8171-A1A0-A961-8C398E0A3DBF}" = CCC Help Dutch
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT3290 802.11bgn Wi-Fi Adapter
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{90BC8432-37E1-94B1-D355-2E27EDC8AB5A}" = CCC Help Czech
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9C35EDE5-4B0F-45E7-A438-314BA889948E}" = HP MyRoom
"{A1C4472D-7419-1B25-C556-E545911B00EE}" = CCC Help Greek
"{A266CED6-99FF-D75C-CC0B-04E0EC7D17ED}" = CCC Help Polish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ACC94646-023A-C241-6760-C1E321756FEA}" = Catalyst Control Center Graphics Previews Common
"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"{B186453E-8B8F-B362-A1F8-289156EC61A3}" = CCC Help Turkish
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{D9DAD0FF-495A-472B-9F10-BAE430A26682}" = Apple Application Support
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5823036-6F09-4D0A-B05C-E2BAA129288A}" = HP Quick Launch
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F243A34B-AB7F-4065-B770-B85B767C247C}" = HP Connected Remote
"{F3CAD8E0-E5AD-7607-8084-928C96778B42}" = CCC Help Norwegian
"{F9A3AC4D-D219-90DC-A48E-DC6311C4F240}" = CCC Help French
"{FA2F4C7A-546C-384F-5E7A-525D769DF29A}" = Catalyst Control Center InstallProxy
"{FAF4BB02-DEC5-3D10-0EB2-0FB06D4995D7}" = CCC Help Chinese Traditional
"{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}" = Energy Star
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced SystemCare 7_is1" = Advanced SystemCare 7
"BearShare" = BearShare
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector
"InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"IObit Surfing Protection_is1" = Surfing Protection
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"NIS" = Norton Internet Security
"NZ" = Norton Zone
"Smart Defrag 3_is1" = Smart Defrag 3
"SpywareBlaster_is1" = SpywareBlaster 5.0
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1610046111-1447223094-1531952853-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"OneDriveSetup.exe" = Microsoft OneDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 8/21/2014 12:22:38 AM | Computer Name = segander | Source = Software Protection Platform Service | ID = 16385
Description = Failed to schedule Software Protection service for re-start at 2114-07-28T04:22:38Z.
 Error Code: 0x80040154.
 
Error - 8/21/2014 12:23:08 AM | Computer Name = segander | Source = Software Protection Platform Service | ID = 16385
Description = Failed to schedule Software Protection service for re-start at 2114-07-28T04:23:08Z.
 Error Code: 0x80040154.
 
Error - 8/21/2014 12:23:38 AM | Computer Name = segander | Source = Software Protection Platform Service | ID = 16385
Description = Failed to schedule Software Protection service for re-start at 2114-07-28T04:23:38Z.
 Error Code: 0x80040154.
 
Error - 8/21/2014 12:24:08 AM | Computer Name = segander | Source = Software Protection Platform Service | ID = 16385
Description = Failed to schedule Software Protection service for re-start at 2114-07-28T04:24:08Z.
 Error Code: 0x80040154.
 
Error - 8/21/2014 12:24:38 AM | Computer Name = segander | Source = Software Protection Platform Service | ID = 16385
Description = Failed to schedule Software Protection service for re-start at 2114-07-28T04:24:38Z.
 Error Code: 0x80040154.
 
Error - 8/21/2014 12:25:08 AM | Computer Name = segander | Source = Software Protection Platform Service | ID = 16385
Description = Failed to schedule Software Protection service for re-start at 2114-07-28T04:25:08Z.
 Error Code: 0x80040154.
 
Error - 8/21/2014 12:25:38 AM | Computer Name = segander | Source = Software Protection Platform Service | ID = 16385
Description = Failed to schedule Software Protection service for re-start at 2114-07-28T04:25:38Z.
 Error Code: 0x80040154.
 
Error - 8/21/2014 12:26:08 AM | Computer Name = segander | Source = Software Protection Platform Service | ID = 16385
Description = Failed to schedule Software Protection service for re-start at 2114-07-28T04:26:08Z.
 Error Code: 0x80040154.
 
Error - 8/21/2014 12:26:38 AM | Computer Name = segander | Source = Software Protection Platform Service | ID = 16385
Description = Failed to schedule Software Protection service for re-start at 2114-07-28T04:26:38Z.
 Error Code: 0x80040154.
 
Error - 8/21/2014 12:27:08 AM | Computer Name = segander | Source = Software Protection Platform Service | ID = 16385
Description = Failed to schedule Software Protection service for re-start at 2114-07-28T04:27:08Z.
 Error Code: 0x80040154.
 
[ System Events ]
Error - 8/19/2014 11:48:13 PM | Computer Name = segander | Source = Service Control Manager | ID = 7023
Description = The IKE and AuthIP IPsec Keying Modules service terminated with the
 following error:   %%13876
 
Error - 8/19/2014 11:48:13 PM | Computer Name = segander | Source = Service Control Manager | ID = 7023
Description = The IKE and AuthIP IPsec Keying Modules service terminated with the
 following error:   %%13876
 
Error - 8/19/2014 11:48:13 PM | Computer Name = segander | Source = Service Control Manager | ID = 7023
Description = The IPsec Policy Agent service terminated with the following error:
   %%10044
 
Error - 8/19/2014 11:48:13 PM | Computer Name = segander | Source = Service Control Manager | ID = 7023
Description = The IKE and AuthIP IPsec Keying Modules service terminated with the
 following error:   %%13876
 
Error - 8/19/2014 11:48:13 PM | Computer Name = segander | Source = Service Control Manager | ID = 7023
Description = The IKE and AuthIP IPsec Keying Modules service terminated with the
 following error:   %%13876
 
Error - 8/19/2014 11:48:13 PM | Computer Name = segander | Source = Service Control Manager | ID = 7023
Description = The IKE and AuthIP IPsec Keying Modules service terminated with the
 following error:   %%13876
 
Error - 8/19/2014 11:48:13 PM | Computer Name = segander | Source = Service Control Manager | ID = 7023
Description = The IKE and AuthIP IPsec Keying Modules service terminated with the
 following error:   %%13876
 
Error - 8/19/2014 11:48:13 PM | Computer Name = segander | Source = Service Control Manager | ID = 7023
Description = The IKE and AuthIP IPsec Keying Modules service terminated with the
 following error:   %%13876
 
Error - 8/19/2014 11:48:13 PM | Computer Name = segander | Source = Service Control Manager | ID = 7023
Description = The IKE and AuthIP IPsec Keying Modules service terminated with the
 following error:   %%13876
 
Error - 8/19/2014 11:48:13 PM | Computer Name = segander | Source = Service Control Manager | ID = 7023
Description = The IKE and AuthIP IPsec Keying Modules service terminated with the
 following error:   %%13876
 
 
< End of report >
 
 

 

 

 


"Come now, and let us reason together,"
Says the LORD,
"Though your sins are as scarlet,
They will be as white as snow;
Though they are red like crimson,
They will be like wool.
(Isaiah 1:18)

    Advertisements

Register to Remove


#2 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 21 August 2014 - 01:16 PM

Hello teeps, welcome to WhatTheTech's Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that.  xsmile.png.pagespeed.ic.CwSpBGGvqN.png
 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
  • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation & providing the best set of instructions for you.
  • Please backup important documents before proceeding with my instructions.
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before you run anything.
  • Topics are locked if no response is made after 5 days. Please inform me if you will require additional time to complete my instructions.
     

======================================================
 

I've used Malwarebytes

Did Malwarebytes detect anything? If so, please include the log in your next reply. 
 

[...] and HitmanPro to no avail.

HitmanPro has a reputation for causing unbootable computers. I would recommend you stay clear of the software. 
 

It feels like there is a proxy in the way or possibly issues with LSP but nothing is indicated by HijackThis or LSPFix.

Both HijackThis and LSPFix are outdated, and do not support Windows 8.1. 
 
Please run the following diagnostic scans so I can ascertain the state of your computer.
 
STEP 1

xlK5Hdb.png.pagespeed.ce.J4MzrrPAEo.png Farbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x64) and save the file to your desktop.
  • Right-Click FRST64.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your desktop. Copy the contents of both logs and paste in your next reply. 
     

STEP 2
aA7bkRO.png.pagespeed.ce.OIlgGSNBU0.png aswMBR

  • Please download aswMBR and save the file to your desktop
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click aswMBR.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Click Yes when prompted to download avast! virus definitions. Wait until AVAST engine defs: ### appears appears. 
  • If you are prompted to enable the use of "Virtualization Technology", click Yes.
  • Click the AV Scan: drop down box and click C:\.
  • Click Scan
  • Upon completion, you will see Scan finished successfully. Click Save log. Save the log to your Desktop. 
  • Copy the contents of the log and paste in your next reply.

Note: Do NOT click Fix or FixMBR.
Note: A file (MBR.dat) will be created on your desktop. Do NOT click or delete it.
 
======================================================
 
STEP 3
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • FRST.txt
  • Addition.txt
  • aswMBR log
  • MBAM log (if applicable) 

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#3 teeps

teeps

    Authentic Member

  • Authentic Member
  • PipPip
  • 170 posts

Posted 21 August 2014 - 08:15 PM

Thanks for taking up my issue.  And thanks for the advice on HitmanPro.  I'll avoid it in the future.  I'm including the most recent MalwareBytes scan at the bottom.  The aswMBR scan did not complete.  I've tried 3 times now.  I decided to save a log at the point at which it gets stuck.  I'll let it go for a while but it has been spinning upwards of 1.5 hours.  Hopefully the logs I've got below are sufficient to detect the issue(s).

 

====================================================
====================================================
====================================================
FRST
====================================================
====================================================
====================================================
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-08-2014
Ran by Schela (administrator) on SEGANDER on 21-08-2014 14:45:56
Running from C:\Users\Schela\Desktop\_TeepsToolBox
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
( ) C:\Windows\System32\lxeacoms.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Zone\Engine\1.0.15.12\NZ.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\nis.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\nis.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-20] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-10-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [371976 2012-09-19] (IVT Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-07-23] (Hewlett-Packard)
HKU\S-1-5-21-1610046111-1447223094-1531952853-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1610046111-1447223094-1531952853-1002\...\Run: [SkyDrive] => C:\Users\Schela\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [251040 2014-08-18] (Microsoft Corporation)
HKU\S-1-5-21-1610046111-1447223094-1531952853-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
Startup: C:\Users\Schela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: 1NZOverlayExcluded -> {32427327-aea5-4bef-811a-b1bd00daf4b4} => C:\Program Files (x86)\Norton Zone\Engine64\1.0.15.13\NZOvrlay.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: 1NZOverlayPending -> {2cfec48b-08ec-4361-8575-7c0da17ab7a5} => C:\Program Files (x86)\Norton Zone\Engine64\1.0.15.13\NZOvrlay.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: 1NZOverlaySynced -> {a9e700bc-92b0-403e-96b3-b87b06ff9d3a} => C:\Program Files (x86)\Norton Zone\Engine64\1.0.15.13\NZOvrlay.dll (Symantec Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.22searche...4-03-04&hpa=yes
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.22searche...4-03-04&hpa=yes
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...=5.5&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=21.4.0.13
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchURL = http://home.microsof...search.asp?p=%s
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = http://ie.search.msn...st/srchcust.htm
SearchScopes: HKLM - {BAFD705B-98D4-429C-8AA5-8D2C1511B397} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 - {BAFD705B-98D4-429C-8AA5-8D2C1511B397} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 134.129.243.173 134.129.111.111 134.129.201.29
 
FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: BearSharePlugin -> C:\Program Files (x86)\BearShare Applications\BearShare\npBearSharePlugin.dll No File
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn [2014-08-20]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\IPSFF [2014-05-08]
 
Chrome: 
=======
CHR HomePage: 
CHR StartupUrls: "hxxp://www.search.ask.com/?o=APN10641A&gct=hp&d=2-1123&v=n11465-252&t=4", "hxxp://www.search.ask.com/?o=APN10641A&gct=hp&d=2-1123&v=a13337-252&t=4"
CHR Extension: (Google Docs) - C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-19]
CHR Extension: (Google Drive) - C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-19]
CHR Extension: (YouTube) - C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-19]
CHR Extension: (Google Search) - C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-19]
CHR Extension: (Norton Identity Safe) - C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-19]
CHR Extension: (Norton Security Toolbar) - C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-08-19]
CHR Extension: (Google Wallet) - C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-19]
CHR Extension: (Gmail) - C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-19]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\Exts\Chrome.crx [2014-08-18]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881952 2014-01-14] (IObit)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-10-18] (Advanced Micro Devices, Inc.) [File not signed]
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1612552 2012-09-26] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [146184 2012-09-19] (IVT Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356912 2014-07-19] (Microsoft Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit)
R2 lxea_device; C:\Windows\system32\lxeacoms.exe [1052328 2010-04-14] ( )
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe [276376 2014-07-31] (Symantec Corporation)
R2 NZ; C:\Program Files (x86)\Norton Zone\Engine\1.0.15.12\NZ.exe [143856 2013-10-11] (Symantec Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-11-20] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-22] (Advanced Micro Devices)
R3 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\BASHDefs\20140801.001\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthAvrcpTg; 
U4 BthHFEnum; 
U4 bthhfhid; 
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48608 2012-10-02] (Ralink Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1505000.013\ccSetx64.sys [162392 2014-02-24] (Symantec Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-11] (Symantec Corporation)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [32512 2014-08-19] ()
R3 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\IPSDefs\20140820.001\IDSvia64.sys [525016 2014-08-19] (Symantec Corporation)
S3 mr7910; C:\Windows\system32\DRIVERS\mr7910.sys [55808 2007-03-16] (Mars Semiconductor Corp.)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20140821.002\ENG64.SYS [129752 2014-08-21] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20140821.002\EX64.SYS [2137304 2014-08-21] (Symantec Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [272016 2012-07-17] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1505000.013\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1505000.013\SRTSPX64.SYS [36952 2013-10-30] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1505000.013\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1505000.013\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1505000.013\SymELAM.sys [23568 2013-10-30] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-05-05] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1505000.013\Ironx64.SYS [264280 2013-10-30] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1505000.013\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S1 ccSet_NZ; \SystemRoot\system32\drivers\NZx64\01000F0.00C\ccSetx64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-21 14:39 - 2014-08-21 14:45 - 00000000 ____D () C:\FRST
2014-08-20 23:01 - 2014-08-20 23:01 - 00000276 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{25EFDC87-1555-461A-A837-57794B8C6804}.job
2014-08-19 22:34 - 2014-08-19 22:35 - 00002702 _____ () C:\Users\Schela\Desktop\Rkill.txt
2014-08-19 22:00 - 2014-08-19 22:00 - 00448512 _____ (OldTimer Tools) C:\Users\Schela\Downloads\TFC.exe
2014-08-19 21:57 - 2014-08-19 21:57 - 01016261 _____ (Thisisu) C:\Users\Schela\Downloads\JRT (1).exe
2014-08-19 20:58 - 2014-08-19 22:45 - 00002416 _____ () C:\WINDOWS\PFRO.log
2014-08-19 20:58 - 2014-08-19 20:58 - 00032512 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2014-08-19 20:42 - 2014-08-19 20:42 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Schela\Downloads\SpyHunter-Installer.exe
2014-08-19 20:42 - 2014-08-19 20:42 - 00707664 _____ (iS3, Inc.) C:\Users\Schela\Downloads\SZSetup_AID10121_AV.exe
2014-08-19 20:14 - 2014-08-19 20:58 - 00000000 ____D () C:\Program Files (x86)\Anvisoft
2014-08-19 20:14 - 2014-08-19 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2014-08-19 20:14 - 2014-08-19 20:14 - 00000000 ____D () C:\Users\Schela\AppData\Local\Anvisoft
2014-08-19 20:13 - 2014-08-19 20:14 - 10039608 _____ () C:\Users\Schela\Downloads\astsetup.exe
2014-08-19 20:12 - 2014-08-19 20:13 - 08806944 _____ (Anvisoft) C:\Users\Schela\Downloads\brtsetup.exe
2014-08-19 15:10 - 2014-08-19 15:10 - 00688992 _____ (Swearware) C:\Users\Schela\Downloads\dds.com
2014-08-19 14:59 - 2014-08-19 14:59 - 00688992 _____ (Swearware) C:\Users\Schela\Desktop\dds.com
2014-08-19 14:52 - 2014-08-19 15:05 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Schela\Downloads\spybot-2.4.exe
2014-08-19 13:14 - 2014-08-19 13:14 - 00000000 ____D () C:\Users\Default\AppData\Roaming\IObit
2014-08-19 13:14 - 2014-08-19 13:14 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\IObit
2014-08-19 10:14 - 2014-08-21 14:45 - 00000000 ____D () C:\Users\Schela\Desktop\_TeepsToolBox
2014-08-19 10:02 - 2014-08-19 10:02 - 01016261 _____ (Thisisu) C:\Users\Schela\Downloads\JRT.exe
2014-08-19 08:35 - 2014-08-19 08:35 - 00000000 ____D () C:\8a8281279c159cbeb30c37
2014-08-19 08:23 - 2014-08-19 08:23 - 87654400 _____ () C:\WINDOWS\system32\config\SOFTWARE.iodefrag.bak
2014-08-19 08:23 - 2014-08-19 08:23 - 00327680 _____ () C:\WINDOWS\system32\config\DEFAULT.iodefrag.bak
2014-08-19 08:23 - 2014-08-19 08:23 - 00065536 _____ () C:\WINDOWS\system32\config\SAM.iodefrag.bak
2014-08-19 08:23 - 2014-08-19 08:23 - 00032768 _____ () C:\WINDOWS\system32\config\SECURITY.iodefrag.bak
2014-08-19 08:23 - 2014-08-19 08:23 - 00000000 _____ () C:\asc_rdflag
2014-08-19 08:13 - 2014-08-19 08:13 - 00000000 ____D () C:\Users\Schela\AppData\Roaming\Oracle
2014-08-19 08:07 - 2014-08-19 08:07 - 00000000 ____D () C:\ProgramData\Sun
2014-08-19 08:07 - 2014-08-19 08:07 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-19 08:05 - 2014-08-19 08:05 - 00918440 _____ (Oracle Corporation) C:\Users\Schela\Downloads\chromeinstall-7u67.exe
2014-08-19 08:04 - 2014-08-19 08:10 - 00000000 ____D () C:\Users\Schela\SecurityScans
2014-08-19 07:59 - 2014-08-19 07:59 - 00003168 _____ () C:\WINDOWS\System32\Tasks\SmartDefrag3_Startup
2014-08-19 07:59 - 2014-08-19 07:59 - 00003166 _____ () C:\WINDOWS\System32\Tasks\SmartDefrag3_Update
2014-08-19 07:59 - 2014-06-04 15:17 - 00128288 _____ (IObit) C:\WINDOWS\system32\IObitSmartDefragExtension.dll20140819075905.dll
2014-08-19 07:59 - 2014-06-04 15:17 - 00128288 _____ (IObit) C:\WINDOWS\system32\IObitSmartDefragExtension.dll
2014-08-19 07:59 - 2014-06-04 15:17 - 00034080 _____ (IObit) C:\WINDOWS\system32\SmartDefragBootTime.exe
2014-08-19 07:58 - 2014-08-19 07:58 - 00001158 _____ () C:\Users\Public\Desktop\Smart Defrag 3.lnk
2014-08-19 07:58 - 2014-08-19 07:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3
2014-08-19 07:58 - 2014-06-04 15:17 - 00021184 _____ (IObit) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
2014-08-19 07:38 - 2014-02-17 13:41 - 00027456 _____ (IObit) C:\WINDOWS\system32\RegistryDefragBootTime.exe
2014-08-19 07:35 - 2014-08-19 07:35 - 86683648 _____ () C:\WINDOWS\system32\config\SOFTWARE.iobit
2014-08-19 07:35 - 2014-08-19 07:35 - 00327680 _____ () C:\WINDOWS\system32\config\DEFAULT.iobit
2014-08-19 07:35 - 2014-08-19 07:35 - 00065536 _____ () C:\WINDOWS\system32\config\SAM.iobit
2014-08-19 07:35 - 2014-08-19 07:35 - 00032768 _____ () C:\WINDOWS\system32\config\SECURITY.iobit
2014-08-19 07:33 - 2014-08-19 07:33 - 00000000 ____D () C:\Users\Schela\AppData\Roaming\ProductData
2014-08-19 07:32 - 2014-08-19 07:32 - 00000000 ____D () C:\ProgramData\ProductData
2014-08-19 07:31 - 2014-08-19 21:41 - 00000262 _____ () C:\WINDOWS\Tasks\ASC7_SkipUac_Schela.job
2014-08-19 07:31 - 2014-08-19 07:58 - 00000000 ____D () C:\Users\Schela\AppData\Roaming\IObit
2014-08-19 07:31 - 2014-08-19 07:58 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-08-19 07:31 - 2014-08-19 07:38 - 00002185 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2014-08-19 07:31 - 2014-08-19 07:33 - 00000000 ____D () C:\ProgramData\IObit
2014-08-19 07:31 - 2014-08-19 07:31 - 00002364 _____ () C:\WINDOWS\System32\Tasks\ASC7_SkipUac_Schela
2014-08-19 07:31 - 2014-08-19 07:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7
2014-08-19 07:31 - 2014-08-19 07:31 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-08-19 07:30 - 2014-08-19 07:30 - 00001055 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2014-08-19 07:30 - 2014-08-19 07:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2014-08-19 07:30 - 2014-08-19 07:30 - 00000000 ____D () C:\ProgramData\Licenses
2014-08-19 07:30 - 2014-08-19 07:30 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-08-19 07:30 - 2011-11-04 05:13 - 01070352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCOMCTL.OCX
2014-08-19 07:30 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSSTDFMT.DLL
2014-08-18 22:55 - 2014-06-19 20:48 - 01273184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2014-08-18 22:55 - 2014-06-19 18:52 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2014-08-18 22:36 - 2014-07-25 09:52 - 23645696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-08-18 22:36 - 2014-07-25 08:51 - 17524224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-08-18 22:36 - 2014-07-25 07:59 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-08-18 22:36 - 2014-07-25 07:40 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-08-18 22:36 - 2014-07-25 07:28 - 05824512 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-08-18 22:36 - 2014-07-25 07:17 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-08-18 22:36 - 2014-07-25 07:10 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-08-18 22:36 - 2014-07-25 06:52 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-08-18 22:36 - 2014-07-25 06:47 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-08-18 22:36 - 2014-07-25 06:34 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-08-18 22:36 - 2014-07-25 06:29 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-08-18 22:36 - 2014-07-25 06:23 - 13547008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-08-18 22:36 - 2014-07-25 06:13 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-08-18 22:36 - 2014-07-25 05:17 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-08-18 22:36 - 2014-06-12 20:15 - 00517528 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-08-18 22:36 - 2014-06-12 20:14 - 01557848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-08-18 22:36 - 2014-06-12 19:10 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-08-18 22:36 - 2014-06-06 06:34 - 02133504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-08-18 22:35 - 2014-07-25 08:28 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-08-18 22:35 - 2014-07-25 08:25 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-08-18 22:35 - 2014-07-25 08:25 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-08-18 22:35 - 2014-07-25 07:34 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-08-18 22:35 - 2014-07-25 07:30 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-08-18 22:35 - 2014-07-25 07:28 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-08-18 22:35 - 2014-07-25 07:21 - 02184704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-08-18 22:35 - 2014-07-25 07:08 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-08-18 22:35 - 2014-07-25 07:06 - 04204032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-08-18 22:35 - 2014-07-25 06:43 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-08-18 22:35 - 2014-07-25 06:43 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 22:35 - 2014-07-25 06:42 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-08-18 22:35 - 2014-07-25 06:39 - 02087936 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-08-18 22:35 - 2014-07-25 06:09 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-08-18 22:35 - 2014-07-25 06:07 - 02001920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-08-18 22:35 - 2014-07-25 06:03 - 11772928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-08-18 22:35 - 2014-07-25 05:52 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-08-18 22:35 - 2014-07-25 05:26 - 01431040 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-08-18 22:35 - 2014-07-25 05:09 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-08-18 22:35 - 2014-07-25 05:05 - 01792512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-08-18 22:35 - 2014-07-25 05:00 - 01169920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-08-18 19:17 - 2014-05-13 00:07 - 02844160 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-08-18 19:17 - 2014-05-12 23:26 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-08-18 19:17 - 2014-05-12 22:31 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-08-18 19:17 - 2014-05-03 06:29 - 01726224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-08-18 19:17 - 2014-05-03 04:20 - 01473080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-08-18 19:17 - 2014-05-03 00:08 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll
2014-08-18 19:17 - 2014-05-01 00:44 - 01025536 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-08-18 19:17 - 2014-04-30 01:41 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-08-18 19:17 - 2014-04-29 23:23 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2014-08-18 19:17 - 2014-04-29 22:46 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2014-08-18 19:17 - 2014-04-29 22:42 - 00403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2014-08-18 19:17 - 2014-04-28 17:40 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2014-08-18 19:17 - 2014-04-26 17:03 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-08-18 19:17 - 2014-04-26 15:14 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-08-18 19:17 - 2014-04-14 04:37 - 02125344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2014-08-18 19:17 - 2014-04-14 03:08 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2014-08-18 19:16 - 2014-05-02 23:37 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedynos.dll
2014-08-18 19:16 - 2014-04-30 01:41 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2014-08-18 19:16 - 2014-04-29 23:23 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2014-08-18 19:16 - 2014-04-29 23:14 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2014-08-18 19:16 - 2014-04-29 22:46 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2014-08-18 19:16 - 2014-04-26 11:39 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2014-08-18 19:15 - 2014-05-03 00:19 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncobjapi.dll
2014-08-18 19:14 - 2014-05-12 23:41 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-08-18 19:14 - 2014-05-03 00:07 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll
2014-08-18 19:13 - 2014-05-13 02:01 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe
2014-08-18 19:13 - 2014-05-12 22:59 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-08-18 19:13 - 2014-05-02 23:46 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncobjapi.dll
2014-08-18 19:13 - 2014-05-02 23:37 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedyn.dll
2014-08-18 19:13 - 2014-04-30 01:41 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2014-08-18 19:13 - 2014-04-30 00:45 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2014-08-18 19:13 - 2014-04-29 23:48 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2014-08-18 19:13 - 2014-04-29 23:24 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2014-08-18 19:13 - 2014-04-29 23:23 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2014-08-18 19:13 - 2014-04-29 22:59 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2014-08-18 19:13 - 2014-04-09 01:11 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2014-08-18 19:13 - 2014-04-09 00:20 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2014-08-18 19:12 - 2014-05-03 00:36 - 00997888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-08-18 19:12 - 2014-05-02 18:26 - 00050745 _____ () C:\WINDOWS\system32\srms.dat
2014-08-18 19:12 - 2014-04-30 01:43 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
2014-08-18 19:12 - 2014-04-29 22:46 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2014-08-18 19:12 - 2014-04-29 22:45 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2014-08-18 19:12 - 2014-04-14 00:18 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
2014-08-18 19:07 - 2014-06-09 17:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-08-18 19:07 - 2014-06-09 17:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-08-18 19:07 - 2014-05-31 01:27 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-08-18 19:06 - 2014-07-15 13:16 - 03048880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2014-08-18 19:06 - 2014-07-15 03:29 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2014-08-18 19:06 - 2014-07-15 03:22 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2014-08-18 19:06 - 2014-07-15 03:03 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2014-08-18 19:06 - 2014-07-09 23:16 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-08-18 19:06 - 2014-07-09 23:03 - 04756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-08-18 19:06 - 2014-07-09 22:33 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-08-18 19:05 - 2014-08-06 17:38 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-08-18 19:05 - 2014-08-02 00:44 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-08-18 19:05 - 2014-07-11 23:17 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-08-18 19:05 - 2014-06-05 09:13 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-08-18 19:05 - 2014-06-05 08:14 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-08-18 19:05 - 2014-06-01 21:10 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-08-18 19:05 - 2014-05-31 05:07 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-08-18 19:05 - 2014-05-31 05:07 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2014-08-18 19:05 - 2014-05-31 05:07 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-08-18 19:05 - 2014-05-31 05:07 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2014-08-18 19:05 - 2014-05-31 05:07 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2014-08-18 19:05 - 2014-05-31 01:30 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2014-08-18 19:05 - 2014-05-31 01:27 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys
2014-08-18 19:05 - 2014-05-31 01:26 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys
2014-08-18 19:05 - 2014-05-30 23:01 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe
2014-08-18 19:05 - 2014-05-30 23:01 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2014-08-18 19:05 - 2014-05-30 23:01 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll
2014-08-18 19:05 - 2014-05-27 10:53 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-08-18 19:05 - 2014-05-27 04:56 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll
2014-08-18 19:05 - 2014-05-27 04:53 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll
2014-08-18 19:05 - 2014-05-16 23:59 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-08-18 19:05 - 2014-05-16 23:13 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-08-18 19:04 - 2014-08-01 22:11 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-08-18 19:04 - 2014-06-04 04:27 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-08-18 19:04 - 2014-06-04 00:31 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-08-18 19:04 - 2014-06-04 00:22 - 02790912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-08-18 19:04 - 2014-06-03 23:43 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-08-18 19:04 - 2014-06-03 23:38 - 03304448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-08-18 19:04 - 2014-06-03 21:15 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-08-18 19:04 - 2014-06-03 21:14 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-08-18 17:02 - 2014-08-18 17:02 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security
2014-08-18 17:02 - 2014-08-18 17:02 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-18 16:58 - 2014-08-18 16:59 - 02347384 _____ (ESET) C:\Users\Schela\Downloads\esetsmartinstaller_enu.exe
2014-08-18 16:54 - 2014-08-20 22:46 - 01249509 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-18 16:51 - 2014-08-19 20:57 - 00000318 _____ () C:\WINDOWS\system32\.crusader
2014-08-18 16:30 - 2014-08-19 22:43 - 00004978 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for SEGANDER-Schela segander
2014-08-18 16:25 - 2014-08-18 16:51 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-18 16:15 - 2014-08-19 20:29 - 00018432 ___SH () C:\Users\Schela\Desktop\Thumbs.db
2014-08-18 16:15 - 2014-08-18 16:15 - 00000000 ____D () C:\ProgramData\2F25
2014-08-18 16:05 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-08-18 16:04 - 2014-08-19 22:44 - 00000000 ____D () C:\AdwCleaner
2014-08-18 15:39 - 2014-08-21 14:29 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-18 15:39 - 2014-08-18 15:39 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-18 15:39 - 2014-08-18 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-18 15:39 - 2014-08-18 15:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-18 15:39 - 2014-08-18 15:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-18 15:39 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-18 15:39 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-08-18 15:39 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-08-18 15:35 - 2014-08-18 15:35 - 00000834 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-18 15:35 - 2014-08-18 15:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-18 15:35 - 2014-08-18 15:35 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-30 08:50 - 2014-07-30 08:50 - 00001668 _____ () C:\Users\Schela\Desktop\IMG_3566 - Shortcut.lnk
2014-07-30 08:39 - 2014-07-30 08:39 - 00000000 __SHD () C:\Users\Schela\AppData\Local\EmieUserList
2014-07-30 08:39 - 2014-07-30 08:39 - 00000000 __SHD () C:\Users\Schela\AppData\Local\EmieSiteList
2014-07-27 14:22 - 2014-08-19 19:37 - 00000000 ____D () C:\WINDOWS\pss
2014-07-27 14:17 - 2014-07-27 14:17 - 01529152 _____ (LogMeIn, Inc.) C:\Users\Schela\Downloads\Support-LogMeInRescue (2).exe
2014-07-27 14:06 - 2014-07-27 14:06 - 01529152 _____ (LogMeIn, Inc.) C:\Users\Schela\Downloads\Support-LogMeInRescue.exe
2014-07-27 14:06 - 2014-07-27 14:06 - 01529152 _____ (LogMeIn, Inc.) C:\Users\Schela\Downloads\Support-LogMeInRescue (1).exe
2014-07-23 19:27 - 2014-08-01 19:17 - 00704480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-07-23 19:27 - 2014-08-01 19:17 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-23 19:15 - 2014-08-19 08:21 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-23 08:46 - 2014-04-13 22:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-21 14:45 - 2014-08-21 14:39 - 00000000 ____D () C:\FRST
2014-08-21 14:45 - 2014-08-19 10:14 - 00000000 ____D () C:\Users\Schela\Desktop\_TeepsToolBox
2014-08-21 14:30 - 2012-09-26 11:53 - 00000950 _____ () C:\WINDOWS\SysWOW64\bscs.ini
2014-08-21 14:29 - 2014-08-18 15:39 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-21 14:27 - 2014-07-16 09:22 - 00000000 __RDO () C:\Users\Schela\SkyDrive
2014-08-21 14:27 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-08-21 14:27 - 2013-05-10 11:49 - 00003617 _____ () C:\WINDOWS\SysWOW64\LOCALSERVICE.INI
2014-08-21 14:27 - 2013-05-10 11:49 - 00000043 _____ () C:\WINDOWS\SysWOW64\LOCALDEVICE.INI
2014-08-20 23:01 - 2014-08-20 23:01 - 00000276 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{25EFDC87-1555-461A-A837-57794B8C6804}.job
2014-08-20 23:01 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-08-20 22:46 - 2014-08-18 16:54 - 01249509 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-20 22:31 - 2013-09-29 23:04 - 00006428 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-20 22:28 - 2013-11-25 21:47 - 00002163 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-19 22:45 - 2014-08-19 20:58 - 00002416 _____ () C:\WINDOWS\PFRO.log
2014-08-19 22:45 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-19 22:44 - 2014-08-18 16:04 - 00000000 ____D () C:\AdwCleaner
2014-08-19 22:43 - 2014-08-18 16:30 - 00004978 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for SEGANDER-Schela segander
2014-08-19 22:43 - 2013-11-25 21:45 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-19 22:40 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-08-19 22:35 - 2014-08-19 22:34 - 00002702 _____ () C:\Users\Schela\Desktop\Rkill.txt
2014-08-19 22:09 - 2013-11-25 21:45 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-19 22:03 - 2013-10-24 14:56 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1610046111-1447223094-1531952853-1002
2014-08-19 22:00 - 2014-08-19 22:00 - 00448512 _____ (OldTimer Tools) C:\Users\Schela\Downloads\TFC.exe
2014-08-19 21:57 - 2014-08-19 21:57 - 01016261 _____ (Thisisu) C:\Users\Schela\Downloads\JRT (1).exe
2014-08-19 21:41 - 2014-08-19 07:31 - 00000262 _____ () C:\WINDOWS\Tasks\ASC7_SkipUac_Schela.job
2014-08-19 21:40 - 2013-10-24 14:49 - 00000000 ____D () C:\Users\Schela\AppData\Local\Hewlett-Packard
2014-08-19 21:09 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2014-08-19 20:58 - 2014-08-19 20:58 - 00032512 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2014-08-19 20:58 - 2014-08-19 20:14 - 00000000 ____D () C:\Program Files (x86)\Anvisoft
2014-08-19 20:57 - 2014-08-18 16:51 - 00000318 _____ () C:\WINDOWS\system32\.crusader
2014-08-19 20:55 - 2013-05-10 11:50 - 00000000 ____D () C:\Program Files (x86)\HP Games
2014-08-19 20:54 - 2014-08-19 20:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2014-08-19 20:42 - 2014-08-19 20:42 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Schela\Downloads\SpyHunter-Installer.exe
2014-08-19 20:42 - 2014-08-19 20:42 - 00707664 _____ (iS3, Inc.) C:\Users\Schela\Downloads\SZSetup_AID10121_AV.exe
2014-08-19 20:29 - 2014-08-18 16:15 - 00018432 ___SH () C:\Users\Schela\Desktop\Thumbs.db
2014-08-19 20:28 - 2014-05-04 20:58 - 00000354 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForSchela.job
2014-08-19 20:14 - 2014-08-19 20:14 - 00000000 ____D () C:\Users\Schela\AppData\Local\Anvisoft
2014-08-19 20:14 - 2014-08-19 20:13 - 10039608 _____ () C:\Users\Schela\Downloads\astsetup.exe
2014-08-19 20:13 - 2014-08-19 20:12 - 08806944 _____ (Anvisoft) C:\Users\Schela\Downloads\brtsetup.exe
2014-08-19 20:10 - 2013-10-24 14:48 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{25EFDC87-1555-461A-A837-57794B8C6804}
2014-08-19 20:08 - 2013-12-15 16:01 - 00003172 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForSchela
2014-08-19 19:37 - 2014-07-27 14:22 - 00000000 ____D () C:\WINDOWS\pss
2014-08-19 15:10 - 2014-08-19 15:10 - 00688992 _____ (Swearware) C:\Users\Schela\Downloads\dds.com
2014-08-19 15:05 - 2014-08-19 14:52 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Schela\Downloads\spybot-2.4.exe
2014-08-19 14:59 - 2014-08-19 14:59 - 00688992 _____ (Swearware) C:\Users\Schela\Desktop\dds.com
2014-08-19 13:14 - 2014-08-19 13:14 - 00000000 ____D () C:\Users\Default\AppData\Roaming\IObit
2014-08-19 13:14 - 2014-08-19 13:14 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\IObit
2014-08-19 12:32 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-08-19 10:02 - 2014-08-19 10:02 - 01016261 _____ (Thisisu) C:\Users\Schela\Downloads\JRT.exe
2014-08-19 08:35 - 2014-08-19 08:35 - 00000000 ____D () C:\8a8281279c159cbeb30c37
2014-08-19 08:35 - 2013-10-25 16:27 - 99218768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-19 08:35 - 2013-10-25 16:27 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-19 08:23 - 2014-08-19 08:23 - 87654400 _____ () C:\WINDOWS\system32\config\SOFTWARE.iodefrag.bak
2014-08-19 08:23 - 2014-08-19 08:23 - 00327680 _____ () C:\WINDOWS\system32\config\DEFAULT.iodefrag.bak
2014-08-19 08:23 - 2014-08-19 08:23 - 00065536 _____ () C:\WINDOWS\system32\config\SAM.iodefrag.bak
2014-08-19 08:23 - 2014-08-19 08:23 - 00032768 _____ () C:\WINDOWS\system32\config\SECURITY.iodefrag.bak
2014-08-19 08:23 - 2014-08-19 08:23 - 00000000 _____ () C:\asc_rdflag
2014-08-19 08:21 - 2014-07-23 19:15 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-08-19 08:20 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-08-19 08:20 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-08-19 08:20 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-08-19 08:20 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-08-19 08:20 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-08-19 08:13 - 2014-08-19 08:13 - 00000000 ____D () C:\Users\Schela\AppData\Roaming\Oracle
2014-08-19 08:10 - 2014-08-19 08:04 - 00000000 ____D () C:\Users\Schela\SecurityScans
2014-08-19 08:07 - 2014-08-19 08:07 - 00000000 ____D () C:\ProgramData\Sun
2014-08-19 08:07 - 2014-08-19 08:07 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-19 08:05 - 2014-08-19 08:05 - 00918440 _____ (Oracle Corporation) C:\Users\Schela\Downloads\chromeinstall-7u67.exe
2014-08-19 08:04 - 2013-11-20 20:09 - 00000000 ____D () C:\Users\Schela
2014-08-19 07:59 - 2014-08-19 07:59 - 00003168 _____ () C:\WINDOWS\System32\Tasks\SmartDefrag3_Startup
2014-08-19 07:59 - 2014-08-19 07:59 - 00003166 _____ () C:\WINDOWS\System32\Tasks\SmartDefrag3_Update
2014-08-19 07:58 - 2014-08-19 07:58 - 00001158 _____ () C:\Users\Public\Desktop\Smart Defrag 3.lnk
2014-08-19 07:58 - 2014-08-19 07:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3
2014-08-19 07:58 - 2014-08-19 07:31 - 00000000 ____D () C:\Users\Schela\AppData\Roaming\IObit
2014-08-19 07:58 - 2014-08-19 07:31 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-08-19 07:38 - 2014-08-19 07:31 - 00002185 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2014-08-19 07:37 - 2013-11-20 19:51 - 00000000 ___DC () C:\WINDOWS\Panther
2014-08-19 07:35 - 2014-08-19 07:35 - 86683648 _____ () C:\WINDOWS\system32\config\SOFTWARE.iobit
2014-08-19 07:35 - 2014-08-19 07:35 - 00327680 _____ () C:\WINDOWS\system32\config\DEFAULT.iobit
2014-08-19 07:35 - 2014-08-19 07:35 - 00065536 _____ () C:\WINDOWS\system32\config\SAM.iobit
2014-08-19 07:35 - 2014-08-19 07:35 - 00032768 _____ () C:\WINDOWS\system32\config\SECURITY.iobit
2014-08-19 07:33 - 2014-08-19 07:33 - 00000000 ____D () C:\Users\Schela\AppData\Roaming\ProductData
2014-08-19 07:33 - 2014-08-19 07:31 - 00000000 ____D () C:\ProgramData\IObit
2014-08-19 07:32 - 2014-08-19 07:32 - 00000000 ____D () C:\ProgramData\ProductData
2014-08-19 07:32 - 2013-10-24 16:39 - 00000000 ____D () C:\Users\Schela\AppData\Roaming\Apple Computer
2014-08-19 07:31 - 2014-08-19 07:31 - 00002364 _____ () C:\WINDOWS\System32\Tasks\ASC7_SkipUac_Schela
2014-08-19 07:31 - 2014-08-19 07:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7
2014-08-19 07:31 - 2014-08-19 07:31 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-08-19 07:31 - 2012-12-01 16:46 - 00000000 ____D () C:\ProgramData\Temp
2014-08-19 07:30 - 2014-08-19 07:30 - 00001055 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2014-08-19 07:30 - 2014-08-19 07:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2014-08-19 07:30 - 2014-08-19 07:30 - 00000000 ____D () C:\ProgramData\Licenses
2014-08-19 07:30 - 2014-08-19 07:30 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-08-19 01:15 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-08-19 01:13 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-08-18 23:44 - 2013-05-10 11:50 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-18 23:44 - 2013-05-10 11:50 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-08-18 23:43 - 2013-05-10 11:50 - 00000000 ____D () C:\ProgramData\WildTangent
2014-08-18 19:03 - 2014-04-23 12:48 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-08-18 17:12 - 2014-07-17 08:35 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-08-18 17:08 - 2014-06-11 15:59 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-08-18 17:08 - 2014-04-23 12:48 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-08-18 17:08 - 2014-04-23 12:48 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-08-18 17:08 - 2014-04-23 12:48 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-08-18 17:08 - 2014-04-23 12:48 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-08-18 17:08 - 2014-04-23 12:48 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-08-18 17:08 - 2014-04-23 12:48 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-08-18 17:07 - 2014-05-30 08:50 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-08-18 17:07 - 2014-04-23 13:07 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-08-18 17:02 - 2014-08-18 17:02 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security
2014-08-18 17:02 - 2014-08-18 17:02 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-18 16:59 - 2014-08-18 16:58 - 02347384 _____ (ESET) C:\Users\Schela\Downloads\esetsmartinstaller_enu.exe
2014-08-18 16:55 - 2014-05-08 10:39 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-08-18 16:55 - 2013-05-10 12:28 - 00003234 _____ () C:\WINDOWS\System32\Tasks\Norton WSC Integration
2014-08-18 16:55 - 2013-05-10 12:28 - 00002521 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-08-18 16:55 - 2013-05-10 12:26 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NISx64
2014-08-18 16:55 - 2012-07-26 03:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-08-18 16:51 - 2014-08-18 16:25 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-18 16:48 - 2013-11-07 22:04 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-18 16:18 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-08-18 16:15 - 2014-08-18 16:15 - 00000000 ____D () C:\ProgramData\2F25
2014-08-18 16:07 - 2013-08-22 10:43 - 00000000 ____D () C:\WINDOWS\DigitalLocker
2014-08-18 15:39 - 2014-08-18 15:39 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-18 15:39 - 2014-08-18 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-18 15:39 - 2014-08-18 15:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-18 15:39 - 2014-08-18 15:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-18 15:37 - 2013-11-04 00:15 - 00000000 ____D () C:\Users\Schela\AppData\Local\CrashDumps
2014-08-18 15:35 - 2014-08-18 15:35 - 00000834 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-18 15:35 - 2014-08-18 15:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-18 15:35 - 2014-08-18 15:35 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-06 17:38 - 2014-08-18 19:05 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-08-02 00:44 - 2014-08-18 19:05 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-08-01 22:11 - 2014-08-18 19:04 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-08-01 19:17 - 2014-07-23 19:27 - 00704480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-08-01 19:17 - 2014-07-23 19:27 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-30 08:53 - 2013-11-06 14:26 - 00000735 _____ () C:\Users\Schela\Desktop\Start - Shortcut.lnk
2014-07-30 08:50 - 2014-07-30 08:50 - 00001668 _____ () C:\Users\Schela\Desktop\IMG_3566 - Shortcut.lnk
2014-07-30 08:39 - 2014-07-30 08:39 - 00000000 __SHD () C:\Users\Schela\AppData\Local\EmieUserList
2014-07-30 08:39 - 2014-07-30 08:39 - 00000000 __SHD () C:\Users\Schela\AppData\Local\EmieSiteList
2014-07-27 14:17 - 2014-07-27 14:17 - 01529152 _____ (LogMeIn, Inc.) C:\Users\Schela\Downloads\Support-LogMeInRescue (2).exe
2014-07-27 14:17 - 2013-11-06 16:10 - 00000000 ____D () C:\Users\Schela\AppData\Local\LogMeIn Rescue Applet
2014-07-27 14:06 - 2014-07-27 14:06 - 01529152 _____ (LogMeIn, Inc.) C:\Users\Schela\Downloads\Support-LogMeInRescue.exe
2014-07-27 14:06 - 2014-07-27 14:06 - 01529152 _____ (LogMeIn, Inc.) C:\Users\Schela\Downloads\Support-LogMeInRescue (1).exe
2014-07-27 13:43 - 2013-10-26 13:57 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2014-07-27 13:43 - 2013-10-26 13:57 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-07-27 13:40 - 2013-11-14 14:04 - 00188116 _____ () C:\ProgramData\lxeaJSW.log
2014-07-25 09:52 - 2014-08-18 22:36 - 23645696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-25 09:16 - 2013-10-24 14:43 - 00000000 ____D () C:\Users\Schela\AppData\Local\Packages
2014-07-25 08:51 - 2014-08-18 22:36 - 17524224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-25 08:28 - 2014-08-18 22:35 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-07-25 08:25 - 2014-08-18 22:35 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-25 08:25 - 2014-08-18 22:35 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-07-25 07:59 - 2014-08-18 22:36 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-07-25 07:40 - 2014-08-18 22:36 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-25 07:34 - 2014-08-18 22:35 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-07-25 07:30 - 2014-08-18 22:35 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-07-25 07:28 - 2014-08-18 22:36 - 05824512 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-25 07:28 - 2014-08-18 22:35 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-07-25 07:21 - 2014-08-18 22:35 - 02184704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-25 07:17 - 2014-08-18 22:36 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-25 07:10 - 2014-08-18 22:36 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-25 07:08 - 2014-08-18 22:35 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-07-25 07:06 - 2014-08-18 22:35 - 04204032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-25 06:52 - 2014-08-18 22:36 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-25 06:47 - 2014-08-18 22:36 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-25 06:43 - 2014-08-18 22:35 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-25 06:43 - 2014-08-18 22:35 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 06:42 - 2014-08-18 22:35 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-25 06:39 - 2014-08-18 22:35 - 02087936 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-25 06:34 - 2014-08-18 22:36 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-25 06:29 - 2014-08-18 22:36 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-25 06:23 - 2014-08-18 22:36 - 13547008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-25 06:13 - 2014-08-18 22:36 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-25 06:09 - 2014-08-18 22:35 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-25 06:07 - 2014-08-18 22:35 - 02001920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-25 06:03 - 2014-08-18 22:35 - 11772928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-25 05:52 - 2014-08-18 22:35 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-25 05:26 - 2014-08-18 22:35 - 01431040 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-25 05:17 - 2014-08-18 22:36 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-25 05:09 - 2014-08-18 22:35 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-25 05:05 - 2014-08-18 22:35 - 01792512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-25 05:00 - 2014-08-18 22:35 - 01169920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-23 22:49 - 2013-11-06 13:42 - 00002922 _____ () C:\ProgramData\lxeascan.log
2014-07-23 22:16 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\tracing
2014-07-23 19:26 - 2013-08-22 09:44 - 00485720 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-23 19:16 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-07-23 19:16 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-07-23 19:16 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-23 19:16 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-07-23 19:16 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-23 19:16 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\inetsrv
2014-07-23 19:16 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\inetsrv
2014-07-23 19:16 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-07-23 19:16 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-07-23 19:16 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2014-07-23 19:15 - 2013-09-29 22:51 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-23 19:15 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-23 19:14 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2014-07-23 08:45 - 2014-02-08 11:07 - 00000000 ____D () C:\Users\Schela\AppData\Local\BearShare
 
Some content of TEMP:
====================
C:\Users\Schela\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-19 21:17
 
==================== End Of Log ============================
 
 
 
====================================================
====================================================
====================================================
ADDITION
====================================================
====================================================
====================================================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2014
Ran by Schela at 2014-08-21 14:47:01
Running from C:\Users\Schela\Desktop\_TeepsToolBox
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Disabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
Advanced SystemCare 7 (HKLM-x32\...\Advanced SystemCare 7_is1) (Version: 7.3.0 - IObit)
AMD Accelerated Video Transcoding (Version: 12.5.100.21018 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1016.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{8FE9C1D4-F5E4-B855-1D79-FF5D11F54A19}) (Version: 8.0.891.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2012.1018.717.11181 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2012.1018.717.11181 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BearShare (HKLM-x32\...\BearShare) (Version: 12.0.0.134600 - Musiclab, LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1018.717.11181 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1018.717.11181 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1018.717.11181 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1018.0716.11181 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1018.0716.11181 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1018.0716.11181 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1018.0716.11181 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1018.0716.11181 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1018.0716.11181 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1018.0716.11181 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1018.0716.11181 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1018.0716.11181 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1018.0716.11181 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1018.0716.11181 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1018.0716.11181 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1018.0716.11181 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1018.0716.11181 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1018.0716.11181 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1018.0716.11181 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1018.0716.11181 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1018.0716.11181 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1018.0716.11181 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1018.0716.11181 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1018.0716.11181 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1018.0716.11181 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1018.717.11181 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2.3317 - CyberLink Corp.)
CyberLink PhotoDirector (x32 Version: 2.0.2.3317 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2606 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.3.2606 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.7.4528 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.7.4528 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.5.5811 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.5.5811 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{6821D775-9303-46DD-977A-2D97CA18B054}) (Version: 4.2.8.1 - Hewlett-Packard Company)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1218 - Hewlett-Packard)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{44613B7A-527C-4E89-91FC-E611FA62806A}) (Version: 1.1.0.0 - Hewlett-Packard)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Postscript Converter (Version: 3.1.3591 - Hewlett-Packard) Hidden
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 8.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.8 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4631.1004 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.5.0.19 - Symantec Corporation)
Norton Zone (HKLM-x32\...\NZ) (Version: 1.0.15.13 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4631.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4631.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4631.1004 - Microsoft Corporation) Hidden
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Ralink Bluetooth Stack64 (HKLM\...\{95DF815D-BE2D-9118-F549-39794C5869CF}) (Version: 9.0.725.0 - Ralink Corporation)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.37.0 - Mediatek)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29031 - Realtek Semiconductor Corp.)
Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3_is1) (Version: 3.2 - IObit)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.1.3 - Synaptics Incorporated)
Update for Microsoft en-us Dictionary (Version: 16.1.1068.1 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1610046111-1447223094-1531952853-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Schela\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
20-08-2014 01:56:39 Checkpoint by HitmanPro
21-08-2014 03:37:34 OTL Restore Point - 8/20/2014 10:37:31 PM
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {022DD0E8-6E9A-495E-9B9D-3DFCD250D8CB} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-10-26] (Synaptics Incorporated)
Task: {03CB8B2C-8499-4736-8937-19C90AC3E815} - System32\Tasks\Microsoft Office 15 Sync Maintenance for SEGANDER-Schela segander => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-07-16] (Microsoft Corporation)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1FB43590-07D7-4480-ABC4-618C90D92648} - System32\Tasks\Norton Zone\Norton Error Processor => C:\Program Files (x86)\Norton Zone\Engine\1.0.15.13\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {22067AD7-759F-4F60-97D9-C45155F9C42A} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-07-16] (Microsoft Corporation)
Task: {245A0E0C-3CF6-4EAE-8C83-569B60B8C0DC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-25] (Google Inc.)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {323C2453-E2B3-4EEE-9C1B-E9B0C2FA4A8E} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3DCAC38B-1650-4A47-9577-2C4A1EB133A6} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-06-19] (Microsoft Corporation)
Task: {4308EBD1-E401-4BDF-96BD-81820D7E1234} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {52665C5D-85B2-4A1E-87E8-3A66A986CFEC} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {567DAC28-3521-463A-B807-FF8ADBE0967D} - System32\Tasks\HPCeeScheduleForSchela => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7A86882C-F3EA-4021-B34D-4E5EF084D955} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {7B79DF41-BC39-4D2B-B26F-B8372362217F} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-10-12] (CyberLink)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CB52E70-731F-4D4F-8CEB-85D5406A2E0B} - System32\Tasks\SmartDefrag3_Update => C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe [2014-07-03] (IObit)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {94A3A16C-C916-40A2-AD3C-E7274BE0EBF5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {9652C5FA-981E-4610-AAF1-C523E76F6584} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {966F8794-A78D-4209-8342-A9AE0160D888} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {9ECF7603-2CF4-4316-9DFA-E0B6B7D4941C} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-06-07] (Hewlett-Packard Development Company, L.P.)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {B5D49BD9-E0BE-4E5B-A18B-1D2DA4F1E636} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {B80A300E-BA7C-44E3-B55D-9B9E3F0F9E1B} - System32\Tasks\Norton Zone\Norton Error Analyzer => C:\Program Files (x86)\Norton Zone\Engine\1.0.15.13\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {B8E2481C-E070-4D65-9384-CE36C1698181} - System32\Tasks\ASC7_SkipUac_Schela => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2014-07-24] (IObit)
Task: {C8323EC1-591A-4842-B474-ED4E5E2222E3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-25] (Google Inc.)
Task: {C864ACA8-31EB-4ED1-954F-6AB8FE11F827} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {C93D0A91-4544-4C09-8E90-8E6B0B41566E} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {CBCF9500-0178-42F0-861A-B13BC4873DEB} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {CEFACCC7-D22A-4F82-B655-B80DC5E44020} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\WSCStub.exe [2014-07-31] (Symantec Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {D939B463-9F3A-44B5-B50C-F176655043EE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D9BEA76C-189D-4355-8260-07EC9FD002A4} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DB4B657D-C447-4B55-9C95-A1A3673624C8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-08-19] (Microsoft Corporation)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EE8A54CD-E56A-427D-8B85-A49D40F955FE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {F20E51EF-91D2-4070-A3A0-5A7036F09518} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {F3286625-7BF1-49FE-AFFD-B948A58E0071} - System32\Tasks\SmartDefrag3_Startup => C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe [2014-07-02] (IObit)
Task: {FF9D8C53-1104-4308-9CA8-72D512F356F8} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1610046111-1447223094-1531952853-1002 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: C:\WINDOWS\Tasks\ASC7_SkipUac_Schela.job => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForSchela.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{25EFDC87-1555-461A-A837-57794B8C6804}.job => C:\WINDOWS\system32\msfeedssync.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-10-18 09:28 - 2012-10-18 09:28 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-07-16 08:41 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-09-19 20:37 - 2012-09-19 20:37 - 00017160 _____ () C:\Windows\system32\BsHelpCSps.dll
2012-10-12 20:22 - 2012-10-12 20:22 - 00120224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2012-10-12 20:22 - 2012-10-12 20:22 - 00048544 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-10-12 20:22 - 2012-10-12 20:22 - 00180224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2012-09-19 20:37 - 2012-09-19 20:37 - 00029960 _____ () C:\Windows\system32\BsTrace.dll
2014-03-19 17:11 - 2014-07-16 08:44 - 08892072 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-09-19 20:37 - 2012-09-19 20:37 - 00363784 _____ () C:\Windows\system32\BsExtendFunc.dll
2012-09-19 20:37 - 2012-09-19 20:37 - 00062216 _____ () C:\Windows\system32\BlueSoleilCSps.dll
2014-08-18 23:04 - 2014-08-18 23:04 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\ErrorReporting.dll
2014-08-19 07:31 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\sqlite3.dll
2012-09-19 20:37 - 2012-09-19 20:37 - 00029960 _____ () C:\Windows\SYSTEM32\BsTrace.dll
2012-09-19 20:37 - 2012-09-19 20:37 - 00029960 _____ () C:\WINDOWS\SYSTEM32\BsTrace.dll
2012-09-19 20:37 - 2012-09-19 20:37 - 00062216 _____ () C:\Windows\SYSTEM32\BlueSoleilCSps.dll
2012-09-19 20:37 - 2012-09-19 20:37 - 00017160 _____ () C:\Windows\SYSTEM32\BsHelpCSps.dll
2012-09-24 16:27 - 2012-09-24 16:27 - 00335176 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll
2012-05-02 19:28 - 2012-05-02 19:28 - 00012800 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\AMP\IVTAMPRL.dll
2013-09-14 04:51 - 2013-09-14 04:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 04:50 - 2013-09-14 04:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2014-01-20 16:17 - 2014-01-20 16:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 16:16 - 2014-01-20 16:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\Users\Schela\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Schela\SkyDrive.old:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "Online Vault"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "NCPluginUpdater"
HKLM\...\StartupApproved\Run32: => "ToolbarTray"
HKCU\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKCU\...\StartupApproved\Run: => "ApplePhotoStreams"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/21/2014 02:47:08 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2114-07-28T19:47:08Z. Error Code: 0x80040154.
 
Error: (08/21/2014 02:46:38 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2114-07-28T19:46:38Z. Error Code: 0x80040154.
 
Error: (08/21/2014 02:46:08 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2114-07-28T19:46:08Z. Error Code: 0x80040154.
 
Error: (08/21/2014 02:45:38 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2114-07-28T19:45:38Z. Error Code: 0x80040154.
 
Error: (08/21/2014 02:45:08 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2114-07-28T19:45:08Z. Error Code: 0x80040154.
 
Error: (08/21/2014 02:44:38 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2114-07-28T19:44:38Z. Error Code: 0x80040154.
 
Error: (08/21/2014 02:44:08 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2114-07-28T19:44:08Z. Error Code: 0x80040154.
 
Error: (08/21/2014 02:43:38 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2114-07-28T19:43:38Z. Error Code: 0x80040154.
 
Error: (08/21/2014 02:43:08 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2114-07-28T19:43:08Z. Error Code: 0x80040154.
 
Error: (08/21/2014 02:42:38 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2114-07-28T19:42:38Z. Error Code: 0x80040154.
 
 
System errors:
=============
Error: (08/21/2014 02:28:08 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service terminated with the following error: 
%%13876
 
Error: (08/21/2014 02:28:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service terminated with the following error: 
%%13876
 
Error: (08/21/2014 02:28:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service terminated with the following error: 
%%13876
 
Error: (08/21/2014 02:28:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service terminated with the following error: 
%%13876
 
Error: (08/21/2014 02:27:59 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service terminated with the following error: 
%%13876
 
Error: (08/21/2014 02:27:54 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service terminated with the following error: 
%%13876
 
Error: (08/21/2014 02:27:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service terminated with the following error: 
%%13876
 
Error: (08/21/2014 02:27:47 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service terminated with the following error: 
%%13876
 
Error: (08/21/2014 02:27:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service terminated with the following error: 
%%13876
 
Error: (08/21/2014 02:27:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service terminated with the following error: 
%%13876
 
 
Microsoft Office Sessions:
=========================
Error: (08/21/2014 02:47:08 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542114-07-28T19:47:08Z
 
Error: (08/21/2014 02:46:38 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542114-07-28T19:46:38Z
 
Error: (08/21/2014 02:46:08 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542114-07-28T19:46:08Z
 
Error: (08/21/2014 02:45:38 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542114-07-28T19:45:38Z
 
Error: (08/21/2014 02:45:08 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542114-07-28T19:45:08Z
 
Error: (08/21/2014 02:44:38 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542114-07-28T19:44:38Z
 
Error: (08/21/2014 02:44:08 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542114-07-28T19:44:08Z
 
Error: (08/21/2014 02:43:38 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542114-07-28T19:43:38Z
 
Error: (08/21/2014 02:43:08 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542114-07-28T19:43:08Z
 
Error: (08/21/2014 02:42:38 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542114-07-28T19:42:38Z
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-07-30 08:30:03.040
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Music Toolbar\Datamngr\x64\apcrtldr.dll that did not meet the Windows signing level requirements.
 
  Date: 2014-07-30 08:30:02.868
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Music Toolbar\Datamngr\apcrtldr.dll that did not meet the Windows signing level requirements.
 
  Date: 2014-07-27 15:04:05.651
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Music Toolbar\Datamngr\x64\apcrtldr.dll that did not meet the Windows signing level requirements.
 
  Date: 2014-07-27 15:04:05.463
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Music Toolbar\Datamngr\apcrtldr.dll that did not meet the Windows signing level requirements.
 
  Date: 2014-07-27 14:38:46.676
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Music Toolbar\Datamngr\x64\apcrtldr.dll that did not meet the Windows signing level requirements.
 
  Date: 2014-07-27 14:38:46.489
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Music Toolbar\Datamngr\apcrtldr.dll that did not meet the Windows signing level requirements.
 
  Date: 2014-07-27 14:32:30.898
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Music Toolbar\Datamngr\x64\apcrtldr.dll that did not meet the Windows signing level requirements.
 
  Date: 2014-07-27 14:32:30.679
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Music Toolbar\Datamngr\apcrtldr.dll that did not meet the Windows signing level requirements.
 
  Date: 2014-07-27 14:30:18.351
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Music Toolbar\Datamngr\x64\apcrtldr.dll that did not meet the Windows signing level requirements.
 
  Date: 2014-07-27 14:30:18.180
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Music Toolbar\Datamngr\apcrtldr.dll that did not meet the Windows signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD A8-4555M APU with Radeon™ HD Graphics 
Percentage of memory in use: 32%
Total physical RAM: 5602.26 MB
Available physical RAM: 3808.55 MB
Total Pagefile: 6498.26 MB
Available Pagefile: 4779.46 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:673.39 GB) (Free:598.86 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:24.14 GB) (Free:2.88 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 0A1E55B0)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 
 
 
 
 
 
 
 
 
====================================================
====================================================
====================================================
aswMBR
====================================================
====================================================
====================================================
 
aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-08-21 19:38:20
-----------------------------
19:38:20.180    OS Version: Windows x64 6.2.9200 
19:38:20.180    Number of processors: 4 586 0x1001
19:38:20.180    ComputerName: SEGANDER  UserName: Schela
19:38:25.509    Initialize success
19:38:25.806    VM: initialized successfully
19:38:25.837    VM: Amd CPU BiosDisabled 
19:38:27.978    VM: supported disk I/O storport.sys
19:39:24.976    AVAST engine defs: 14082100
19:40:22.946    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002b
19:40:22.946    Disk 0 Vendor: TOSHIBA_MQ01ABD075 AX001C Size: 715404MB BusType: 11
19:40:23.118    Disk 0 MBR read successfully
19:40:23.118    Disk 0 MBR scan
19:40:23.133    Disk 0 unknown MBR code
19:40:23.133    Disk 0 Partition 1 00     EE          GPT            715404 MB offset 1
19:40:23.290    Disk 0 scanning C:\WINDOWS\system32\drivers
19:40:39.317    Service scanning
19:40:44.881    Service BHDrvx64 C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\BASHDefs\20140801.001\BHDrvx64.sys **LOCKED** 5
19:40:54.945    Service IDSVia64 C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\IPSDefs\20140821.001\IDSvia64.sys **LOCKED** 5
19:41:00.415    Service NAVENG C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20140821.008\ENG64.SYS **LOCKED** 5
19:41:00.743    Service NAVEX15 C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20140821.008\EX64.SYS **LOCKED** 5
19:41:26.505    Modules scanning
19:41:26.505    Disk 0 trace - called modules:
19:41:26.536    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys amdxata.sys storport.sys hal.dll amdsata.sys 
19:41:26.552    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe001c084d060]
19:41:26.552    3 CLASSPNP.SYS[fffff80133a0b27b] -> nt!IofCallDriver -> [0xffffe001c084eb20]
19:41:26.568    5 hpdskflt.sys[fffff801339a2379] -> nt!IofCallDriver -> [0xffffe001bf329b30]
19:41:26.583    7 amdxata.sys[fffff801331596b4] -> nt!IofCallDriver -> \Device\0000002b[0xffffe001c071c7f0]
19:41:29.678    AVAST engine scan C:\
21:05:08.453    Disk 0 MBR has been saved successfully to "C:\Users\Schela\Desktop\_TeepsToolBox\MBR.dat"
21:05:08.469    The log file has been saved successfully to "C:\Users\Schela\Desktop\_TeepsToolBox\aswMBR.txt"
 
 
====================================================
====================================================
====================================================
MALWAREBYTES
====================================================
====================================================
====================================================
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/19/2014
Scan Time: 8:42:27 AM
Logfile: malwarebytes-20140819.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.08.18.09
Rootkit Database: v2014.08.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Schela
 
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 300649
Time Elapsed: 7 min, 11 sec
 
Memory: Disabled
Startup: Enabled
Filesystem: Disabled
Archives: Disabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 85
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\adapter, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\components, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\COMPONENTS\abstractbutton, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\COMPONENTS\ABSTRACTBUTTON\background, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\COMPONENTS\alert, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\COMPONENTS\alert\background, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\COMPONENTS\embedhtml, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\COMPONENTS\EMBEDHTML\background, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\COMPONENTS\EMBEDHTML\html, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\COMPONENTS\EMBEDHTML\js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\COMPONENTS\embedscript, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\COMPONENTS\EMBEDSCRIPT\background, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\COMPONENTS\EMBEDSCRIPT\html, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\COMPONENTS\EMBEDSCRIPT\js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\COMPONENTS\flare, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\COMPONENTS\flare\background, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\COMPONENTS\flare\icons, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\COMPONENTS\generic, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\COMPONENTS\generic\background, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\COMPONENTS\link, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\COMPONENTS\link\background, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\COMPONENTS\menu, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\COMPONENTS\menu\background, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\COMPONENTS\menu\css, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\COMPONENTS\menu\html, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\COMPONENTS\menu\images, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\COMPONENTS\menu\js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\COMPONENTS\rss, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\COMPONENTS\rss\background, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\COMPONENTS\thirdparty, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\COMPONENTS\THIRDPARTY\background, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\COMPONENTS\uninstall, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\COMPONENTS\UNINSTALL\background, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\COMPONENTS\weather, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\COMPONENTS\weather\background, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\widget-api, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\WIDGET-API\widgets, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\WIDGET-API\widgets\common, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\WIDGET-API\widgets\radio, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\WIDGET-API\widgets\radio\css, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\WIDGET-API\widgets\radio\js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\WIDGET-API\widgets\rss, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\WIDGET-API\widgets\rss\js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\WIDGET-API\widgets\test, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\WIDGET-API\widgets\topapps, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\WIDGET-API\widgets\topapps\css, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\WIDGET-API\widgets\topapps\js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\WIDGET-API\widgets\weather, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\WIDGET-API\widgets\weather\css, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\WIDGET-API\widgets\weather\js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\components, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\COMPONENTS\api, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\COMPONENTS\api\background, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\COMPONENTS\api\window, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\COMPONENTS\defaultSearch, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\COMPONENTS\DEFAULTSEARCH\background, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\COMPONENTS\DEFAULTSEARCH\foreground, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\COMPONENTS\moviereviews, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\COMPONENTS\MOVIEREVIEWS\background, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\COMPONENTS\MOVIEREVIEWS\css, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\COMPONENTS\MOVIEREVIEWS\html, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\COMPONENTS\MOVIEREVIEWS\js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\COMPONENTS\radio, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\COMPONENTS\radio\background, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\COMPONENTS\radio\css, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\COMPONENTS\radio\foreground, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\COMPONENTS\radio\radioWrapper, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\COMPONENTS\search, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\COMPONENTS\search\background, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\COMPONENTS\search\html, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\COMPONENTS\supertab, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\COMPONENTS\supertab\css, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\COMPONENTS\supertab\html, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\COMPONENTS\supertab\js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\icons, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\images, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\native, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\native\libs, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\shared, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\_metadata, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
 
Files: 199
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dhhjmlmdpcpiojiffodbldlkgcnaeogp_0.localstorage, Quarantined, [ed24f7d12a51d5619d2d768814eea759], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dhhjmlmdpcpiojiffodbldlkgcnaeogp_0.localstorage-journal, Quarantined, [e72ab90f5e1d979f785215e99171d927], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\buildVars.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\config.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\contentScript.css, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\contentScript.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\extension_toolbar_api.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\initWidgetWindow.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\manifest.json, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\options.html, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\spent.css, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\spent.html, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\spent.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\superFrame.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\toolbar.html, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\toolbar.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\toolbarUI.css, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\toolbarUI.html, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\toolbarUI.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\adapter\adapterUtil.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\adapter\widget-adapter.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\components\abstractbutton\background\abstractButton.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\components\alert\background\alertButton.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\components\embedhtml\background\embedHtmlWidget.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\components\embedhtml\html\embedHtmlTemplate.html, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\components\embedhtml\html\innerEmbedHtmlTemplate.html, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\components\embedhtml\js\embedHtmlUI.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\components\embedscript\background\embedScriptWidget.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\components\embedscript\html\embedScriptTemplate.html, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\components\embedscript\html\innerEmbedScriptTemplate.html, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\components\embedscript\js\embedScriptUI.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\components\flare\background\FlareWidget.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\components\flare\icons\Icon_Flare_blue.png, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\components\flare\icons\Icon_Flare_pink.png, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\components\flare\icons\Thumbs.db, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\components\generic\background\GenericWidget.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\components\link\background\linkButton.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\components\menu\README.txt, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\components\menu\background\menuButton.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\components\menu\css\menuframe.css, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\components\menu\html\menuframe.html, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\components\menu\images\right_arrow.png, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\components\menu\images\right_arrow_white.png, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\components\menu\js\jquery-1.7.1.min.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\components\menu\js\menuframe.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\components\menu\js\query-string.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\components\menu\js\underscore-1.3.1.min.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\components\rss\background\RssWidget.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\components\thirdparty\background\thirdPartyWidget.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\components\uninstall\background\uninstallButton.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\components\weather\background\weatherButton.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\js\blacklistService.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\js\common.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\js\dynamic.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\js\enableDetect.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\js\eventListening.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\js\global.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\js\jquery-1.7.1.min.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\js\list-interaction.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\js\messageEventListener.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\js\navRedirector.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\js\paramReplacer.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\js\PartnerId.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\js\set.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\js\underscore-1.3.1.min.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\js\underscore-1.5.2.min.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\js\unifiedLogging.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\widget-api\widget-context-1.0.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\widget-api\widgets\common\common.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\widget-api\widgets\common\eventListening.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\widget-api\widgets\common\jquery-1.7.1.min.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\widget-api\widgets\common\list-interaction.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\widget-api\widgets\common\set.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\widget-api\widgets\common\underscore-1.3.1.min.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\widget-api\widgets\radio\radio-widget.html, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\widget-api\widgets\radio\css\radio-widget.css, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\widget-api\widgets\radio\js\radio-custom.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\widget-api\widgets\radio\js\radio-parser.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\widget-api\widgets\radio\js\radio-widget-ui.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\widget-api\widgets\radio\js\radio-widget.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\widget-api\widgets\rss\rssWidget.html, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\widget-api\widgets\rss\js\rss-widget-custom.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\widget-api\widgets\rss\js\rss-widget-parse.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\widget-api\widgets\rss\js\rss-widget.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\widget-api\widgets\test\invalid.json, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\widget-api\widgets\test\jquery.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\widget-api\widgets\test\qunit.css, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\widget-api\widgets\test\qunit.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\widget-api\widgets\test\resource.json, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\widget-api\widgets\test\resource.xml, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\widget-api\widgets\test\testWidget.html, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\widget-api\widgets\test\testWidget.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\widget-api\widgets\topapps\widget.html, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\widget-api\widgets\topapps\css\widget.css, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\widget-api\widgets\topapps\js\nanigans-topapps-feed.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\widget-api\widgets\topapps\js\topapps-config.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\widget-api\widgets\topapps\js\widget.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\widget-api\widgets\weather\weatherButton.html, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\widget-api\widgets\weather\css\weatherButton.css, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\common\widget-api\widgets\weather\js\weather.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\components\api\background\ApiBasedWidget.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\components\api\background\widget-api-impl.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\components\api\window\hiddenWidgetWindow.html, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\components\api\window\hiddenWidgetWindow.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\components\api\window\hiddenWidgetWindowInit.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\components\api\window\widgetWindow.html, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\components\api\window\widgetWindow.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\components\defaultSearch\background\updateSearch.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\components\defaultSearch\background\updateSearchPromptBg.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\components\defaultSearch\foreground\07_buttons2.png, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\components\defaultSearch\foreground\08_buttons2.png, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\components\defaultSearch\foreground\defaultSearchModal.html, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\components\defaultSearch\foreground\defaultSearchModalInjector.css, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\components\defaultSearch\foreground\defaultSearchModalInjector.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\components\defaultSearch\foreground\tvf_btn_ok.png, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\components\defaultSearch\foreground\tvf_btn_ok2.png, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\components\defaultSearch\foreground\tvf_restart_alert_icon.png, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\components\defaultSearch\foreground\tvf_restart_icon.png, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\components\defaultSearch\foreground\updateSearchPromptFg.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\components\moviereviews\background\MovieReviewsWidget.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\components\moviereviews\css\movieReviews.css, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\components\moviereviews\html\movieReviews.html, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\components\moviereviews\js\movieReviews.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\components\radio\background\RadioWidget.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\components\radio\css\toolbar-item.css, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\components\radio\foreground\button.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\components\radio\radioWrapper\radioWrapper.html, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\components\radio\radioWrapper\radioWrapper.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\components\search\background\searchBox.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\components\search\html\searchSuggestions.css, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\components\search\html\searchSuggestions.html, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\components\search\html\searchSuggestions.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\components\search\html\searchSuggestionsInit.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\components\supertab\css\supertab.css, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\components\supertab\html\supertab.html, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\components\supertab\js\newtabfork.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\components\supertab\js\reporting.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\components\supertab\js\srchsugg.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\components\supertab\js\supertab.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\components\supertab\js\unifiedLogging.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\components\supertab\js\__utm.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\icons\arrowSprite.png, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\icons\icon128.png, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\icons\icon16.png, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\icons\icon19disabled.png, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\icons\icon19on.png, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\icons\icon48.png, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\icons\tb_icon_search_disappearing_ask.png, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\images\222098089.png, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\images\222124472.png, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\images\222124475.png, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\images\222124500.png, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\images\222124501.png, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\images\222124502.png, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\images\222124516.png, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\images\down_arrow.png, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\images\IDR_PRODUCT_LOGO_16.png, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\images\IDR_WEBSTORE_ICON.png, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\images\magnifying_glass.png, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\images\RadioPlayerSprite.png, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\images\search_button.png, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\images\tvf_icon_guide.png, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\images\tvf_logo.png, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\images\wrench.png, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\js\chromeUtils.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\js\exeManager.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\js\exePackageManager.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\js\focusManager.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\js\globalBlacklistManager.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\js\messaging.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\js\mutation_summary-min.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\js\mutation_summary.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\js\newTabInfo.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\js\newTabInitialize.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\js\options.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\js\readLocalStorage.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\js\reservespacefortoolbar.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\js\reservespaceifenabled.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\js\scriptInjector.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\js\searchContext.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\js\settingsOverrides.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\js\toolbarCookieParser.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\js\toolbarPreinit.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\js\underscore-1.3.1.min.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\js\URILoaderContentScript.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\js\Widget.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\js\widgetFactory.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\js\widgetWindowManager.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\native\ce.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\native\ss.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\native\libs\jquery-1.7.1.min.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\native\libs\jquery-1.9.1.min.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\shared\HttpURL.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\shared\rsvp-latest.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\shared\unifiedLogging.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\shared\universalConsole.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\shared\utils.js, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.MindSpark.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\10.82.4.29790_0\_metadata\verified_contents.json, Quarantined, [a26febdd403b68cee1c5c7fbf80a18e8], 
PUP.Optional.ASK.A, C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ "http://www.search.as...=n11465-252&t=4", "http://www.search.ask.com/?o=APN10641A&gct=hp&d=2-1123&v=a13337-252&t=4" ],), Replaced,[ae638c3c94e762d420708e7914f1639d]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

"Come now, and let us reason together,"
Says the LORD,
"Though your sins are as scarlet,
They will be as white as snow;
Though they are red like crimson,
They will be like wool.
(Isaiah 1:18)

#4 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 21 August 2014 - 08:39 PM

Hi teeps,

Don't worry about aswMBR - what you did was the right thing to do.

I'm heading off now, so will return with further instructions for you tomorrow. In the meantime, please answer the question above and do the following:

xnWhGEI3.png.pagespeed.ic.cDN7g2AqT7.png VirusTotal Upload
  • Please go to VirusTotal.com.
  • Click Choose File and locate the following file:
    • C:\Users\Schela\Desktop\_TeepsToolBox\MBR.dat
  • Click Scan it!.
  • If you receive the following notification: File already analysed click Reanalyse.
  • Once the file has been analyzed, copy the page URL at the top of the window and paste in your next reply. 
 

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#5 teeps

teeps

    Authentic Member

  • Authentic Member
  • PipPip
  • 170 posts

Posted 21 August 2014 - 09:24 PM

Looks like the MBR came back clean:

https://www.virustot...sis/1408677507/

 

You said to answer "the question above" in addition to the VirusTotal scan.  I didn't see any question in your post.  I'm guessing that is an inadvertent cut and paste? Have a great night.


"Come now, and let us reason together,"
Says the LORD,
"Though your sins are as scarlet,
They will be as white as snow;
Though they are red like crimson,
They will be like wool.
(Isaiah 1:18)

#6 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 22 August 2014 - 06:32 AM

Hello teeps, 
 

Looks like the MBR came back clean:
https://www.virustot...sis/1408677507/

Indeed it does. 
 
From your aswMBR log, "Disk 0 unknown MBR code" can either indicate an infected MBR or OEM (Original Equipment Manufacturer) MBR. Yours is the later, which is perfectly fine. 
 

You said to answer "the question above" in addition to the VirusTotal scan.  I didn't see any question in your post.  I'm guessing that is an inadvertent cut and paste? Have a great night.

Yes, you are absolutely right. Sorry about that.
 
Before we proceed, I must ask - Are you the owner of this computer? Or does it belong to a University?


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#7 teeps

teeps

    Authentic Member

  • Authentic Member
  • PipPip
  • 170 posts

Posted 22 August 2014 - 08:49 AM

It belongs to a neighbor.  It's a personal computer that she uses for student advising of college students but I don't believe she is employed by the university.  I work at a university so you may see some campus network stuff on there since that is where some of my time is spent.

 

BTW.. the aswMBR scan finally finished and didn't have any additional lines than what the previously posted log had.


"Come now, and let us reason together,"
Says the LORD,
"Though your sins are as scarlet,
They will be as white as snow;
Though they are red like crimson,
They will be like wool.
(Isaiah 1:18)

#8 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 22 August 2014 - 09:08 AM

OK, no problem. Thank you for checking aswMBR.
 
Lets begin. Please start by considering the following warning. 
 

xgoGMWSt.gif.pagespeed.ic.T3xMEQZT0d.pngP2P WARNING

------------------------------

I see you have peer-to-peer (P2P) file sharing software installed on your computer (BearShare). I advise you avoid P2P file sharing programmes; they are a security risk which can make your computer susceptible to malware. File sharing networks are thoroughly infected and infested with malware -wormsbackdoor TrojansIRCBots, and rootkits propagate via P2P file sharing networks, gaming, and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. The best way to reduce the risk of infection is to avoid these types of web sites and not use P2P applications.

Risks of File-Sharing Technology
P2P Software User Advisories
More malware is traveling on P2P networks these days

Instructions on removing the software can be found in STEP 1. If you would prefer not to, please ensure you do not use the programme during this process. 

 
Please confirm your Anti-Virus and Firewall (Norton Internet Security) are currently enabled. 
 
I can see you have thrown a lot of security software at this computer. I wouldn't advise doing this. Some of the "security" software you've installed are, at the very least, questionable. IObit Advanced SystemCare is a good example. Programmes that purport to optimization are snake oil at best, and should be avoided. 
 
STEP 1
x6JO0hXH.png.pagespeed.ic.PEMzZKYEz_.png Revo Uninstaller

  • Please download and install Revo Uninstaller Free.
  • Double-click Revo Uninstaller to run the programme. 
  • From the list of programmes, locate the following, or anything similar and carry out the steps below one at a time.
    • Advanced SystemCare 7
    • BearShare
    • Smart Defrag 3
    • Surfing Protection 
  • Double-click the programme. 
  • When prompted if you want to uninstall click Yes.
  • Ensure the Moderate option is selected and click Next.
  • The programme will run. If prompted again click Yes.
  • Once the built-in uninstaller is finished click Next.
  • Once the programme has searched for leftovers click Next.
  • Check items in bold only in the list and click Delete. You may have to expand folders by clicking the "+" mark.
  • When prompted click Yes, followed by Next.
  • Click Select all, followed by Delete.
  • When prompted click Yes, followed by Next.
  • Once done click Finish.
     

(!) Your logs indicate you are running tools from the following location (Running from C:\Users\Schela\Desktop\_TeepsToolBox). All tools must be downloaded directly to and run from your Desktop, and not a folder located on your Desktop. Please navigate to the folder mentioned, right-click FRST64.exe and click Cut. Navigate back to your Desktop, right-click your Desktop and click Paste.
 
STEP 2
xlK5Hdb.png.pagespeed.ce.J4MzrrPAEo.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
    ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
    ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
    ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
    ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
    ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.22searche...4-03-04&hpa=yes
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.22searche...4-03-04&hpa=yes
    CHR StartupUrls: "hxxp://www.search.ask.com/?o=APN10641A&gct=hp&d=2-1123&v=n11465-252&t=4", "hxxp://www.search.ask.com/?o=APN10641A&gct=hp&d=2-1123&v=a13337-252&t=4"
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    2014-08-19 20:42 - 2014-08-19 20:42 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Schela\Downloads\SpyHunter-Installer.exe
    FF Plugin HKCU: BearSharePlugin -> C:\Program Files (x86)\BearShare Applications\BearShare\npBearSharePlugin.dll No File
    AlternateDataStreams: C:\ProgramData\Temp:5C321E34
    Folder: C:\8a8281279c159cbeb30c37
    Folder: C:\ProgramData\2F25
    Folder: C:\Users\Schela\SecurityScans
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset all
    Hosts:
    EmptyTemp:
    end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
  • Open SpywareBlaster. You may see a notice indicating protection is partially enabled. If so, please click the relevant button to enable all protection.
     

======================================================

STEP 3
16x16xpfNZP4A.png.pagespeed.ic.bp5cRl1pJ Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Is Norton Internet Security enabled?
  • Did the programmes uninstall OK in Revo?
  • Fixlog.txt
  • Did you check SpywareBlaster?

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#9 teeps

teeps

    Authentic Member

  • Authentic Member
  • PipPip
  • 170 posts

Posted 22 August 2014 - 04:10 PM

Thanks for the info on Advance System Care and Smart Defrag.  I've been using these for years and I "thought" they were doing good, but I guess I never objectively tested them.  My intentions were to make sure that my temp files were cleared, the registry was cleaned, etc.  ASC seemed like a good one stop shop to maintain those things.  Would you say that CCleaner suffices for those types of tasks?  I also thought it was good that a defragging tool would keep of with keeping my drive defragged while the system was idle rather than scheduling the windows defrag tool on a regular basis.  What do you recommend there, or is defragging not that important?

 

I do see that chrome has lost the search.ask.com tabs on start up.  That's great to see.  Why didn't AdwCleaner and MalwareBytes work for this?  Normally those work pretty well.

 

Back to the tasks at hand:

1) Norton Security is enabled.

2) All but BearShare was uninstalled with Revo.  BearShare did not show up in the list in Revo.  It also did not show in the windows program list.

3) I did check and enable the protection in SpywareBlaster.

4) Here is the fix log

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-08-2014
Ran by Schela at 2014-08-22 16:48:10 Run:1
Running from C:\Users\Schela\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.22searche...4-03-04&hpa=yes
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.22searche...4-03-04&hpa=yes
CHR StartupUrls: "hxxp://www.search.ask.com/?o=APN10641A&gct=hp&d=2-1123&v=n11465-252&t=4", "hxxp://www.search.ask.com/?o=APN10641A&gct=hp&d=2-1123&v=a13337-252&t=4"
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2014-08-19 20:42 - 2014-08-19 20:42 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Schela\Downloads\SpyHunter-Installer.exe
FF Plugin HKCU: BearSharePlugin -> C:\Program Files (x86)\BearShare Applications\BearShare\npBearSharePlugin.dll No File
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
Folder: C:\8a8281279c159cbeb30c37
Folder: C:\ProgramData\2F25
Folder: C:\Users\Schela\SecurityScans
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
Hosts:
EmptyTemp:
end
*****************
 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
"HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
"HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
"HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}" => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}" => Key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
Chrome StartupUrls deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
C:\Users\Schela\Downloads\SpyHunter-Installer.exe => Moved successfully.
"HKCU\Software\MozillaPlugins\BearSharePlugin" => Key deleted successfully.
C:\Program Files (x86)\BearShare Applications\BearShare\npBearSharePlugin.dll not found.
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.
 
========================= Folder: C:\8a8281279c159cbeb30c37 ========================
 
2014-08-19 08:35 - 2014-08-19 08:35 - 0000788 ____H () C:\8a8281279c159cbeb30c37\$shtdwn$.req
2014-07-31 23:52 - 2014-07-31 23:52 - 6759537 _____ () C:\8a8281279c159cbeb30c37\mrt.exe._p
2014-07-31 23:39 - 2014-07-31 23:39 - 0091328 _____ (Microsoft Corporation) C:\8a8281279c159cbeb30c37\mrtstub.exe
 
====== End of Folder: ======
 
 
========================= Folder: C:\ProgramData\2F25 ========================
 
2014-08-18 16:15 - 2014-02-08 11:24 - 0004265 _____ () C:\ProgramData\2F25\{AD7D6639-0057-46E2-8CD2-04C3557D8C51}.swf
 
====== End of Folder: ======
 
 
========================= Folder: C:\Users\Schela\SecurityScans ========================
 
2014-08-19 08:10 - 2014-08-19 08:10 - 0061800 _____ () C:\Users\Schela\SecurityScans\WORKGROUP - SEGANDER (8-19-2014 8-10 AM).mbsa
2014-08-19 08:04 - 2014-08-19 08:11 - 0000000 ____D () C:\Users\Schela\SecurityScans\Config
2014-08-19 08:10 - 2014-08-19 08:10 - 0000388 _____ () C:\Users\Schela\SecurityScans\Config\CurrScanSet.cfg
2014-08-19 08:04 - 2014-08-19 08:04 - 0000520 _____ () C:\Users\Schela\SecurityScans\Config\mru.cfg
 
====== End of Folder: ======
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset all =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 439.2 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====

"Come now, and let us reason together,"
Says the LORD,
"Though your sins are as scarlet,
They will be as white as snow;
Though they are red like crimson,
They will be like wool.
(Isaiah 1:18)

#10 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 22 August 2014 - 04:38 PM

Hi teeps,

I am currently posting from my phone. I won't be able to provide the next set of instructions for you until tomorrow morning, but I can comment on some of the questions you've asked now.

I advise you avoid registry cleaners as well. See the article below for information.
http://www.bleepingc...s/#entry2853053
Microsoft has officially stated that they do not recommend registry cleaners either.

CCleaner is a handy temp file cleaner. I use it myself. However, I do not use the built-in registry cleaner for the reasons mentioned in the article above.

Smart Defrag is another piece of software from IObit; a company I personally avoid. I can provide a list of recommended defrag software at the end if you're interested. Or, if you would prefer to stick with the IObit software, that's OK; we can reinstall it.

No software can detect or remove 100% of infections. Perhaps neither software have the key responsible for the Ask tab in their database. You will see the key if you take a look through your Fixlog.txt.

We can manually remove BearShare from your computer, so don't worry about that.

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!

    Advertisements

Register to Remove


#11 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 22 August 2014 - 09:31 PM

Hi teeps, 
 
Before proceeding with STEP 1, please delete your current copy of AdwCleaner (right-click AdwCleaner.exe and click Delete). This is to ensure you have the latest version. 
 
STEP 1
BY4dvz9.png.pagespeed.ce.cpqHQmQDB6.png AdwCleaner
  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.
-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 

STEP 2
xE3feWj5.png.pagespeed.ic.JE3sJIzHrn.png Junkware Removal Tool (JRT)
  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Note: If you unchecked any items in AdwCleaner, please backup the associated folders/files before running JRT.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     
STEP 3
YjhLJro.png.pagespeed.ce.__mK8JaB4j.png SystemLook
  • Please download SystemLook (x64) and save the file to your Desktop.
  • Right-Click SystemLook_x64.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Copy the entire contents of the codebox below and paste into the textfield.
    :filefind
    *Music Toolbar*
    *Datamngr*
    *apcrtldr*
    *BearShare*
    *Musiclab*
    
    :folderfind
    *Music Toolbar*
    *Datamngr*
    *apcrtldr*
    *BearShare*
    *Musislab*
    
    :regfind
    Music Toolbar
    Datamngr
    apcrtldr
    BearShare
    MusicLab
  • Click the xJi0XpU4.png.pagespeed.ic.rkYoTeR5E5.png button to start the scan.
  • Upon completion, a log (SystemLook.txt) will open. Copy the contents of the log and paste in your next reply.
  • Click the xOCFv7xc.png.pagespeed.ic.8zW6PCGeOh.png button. 
     
STEP 4
xnWhGEI3.png.pagespeed.ic.cDN7g2AqT7.png VirusTotal Upload
  • Please go to VirusTotal.com.
  • Click Choose File and locate the following file:
    • C:\ProgramData\2F25\{AD7D6639-0057-46E2-8CD2-04C3557D8C51}.swf
  • Click Scan it!.
  • If you receive the following notification: File already analysed click Reanalyse.
  • Once the file has been analyzed, copy the page URL at the top of the window and paste in your next reply. 
     
======================================================

STEP 5
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.
  • AdwCleaner[S0].txt
  • JRT.txt
  • SystemLook
  • VirusTotal Results

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#12 teeps

teeps

    Authentic Member

  • Authentic Member
  • PipPip
  • 170 posts

Posted 23 August 2014 - 12:55 PM

Alright.  I updated my AdwCleaner and did all the steps requested.  Here is the VirusTotal for the swf.

https://www.virustot...sis/1408805178/

 

Things are feeling more normal now.  I had tried running JRT before and it would hang on the WGET step.  That was the network related issue I was talking about in my initial post.  This time is was able to run with no issues. I'm not noticing any other issues at this point.

 

My only remaining question is what you prefer for a defrag tool.

 

Following are the logs: 

 

# AdwCleaner v3.308 - Report created 23/08/2014 at 09:10:36
# Updated 20/08/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Schela - SEGANDER
# Running from : C:\Users\Schela\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17239
 
 
-\\ Google Chrome v36.0.1985.143
 
[ File : C:\Users\Schela\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Extension] : mkfokfffehpeedafpekjeddnmnjhmcmk
 
*************************
 
AdwCleaner[R0].txt - [13150 octets] - [18/08/2014 16:05:01]
AdwCleaner[R1].txt - [12942 octets] - [18/08/2014 16:16:25]
AdwCleaner[R2].txt - [1441 octets] - [19/08/2014 08:17:47]
AdwCleaner[R3].txt - [1465 octets] - [19/08/2014 09:35:07]
AdwCleaner[R4].txt - [1525 octets] - [19/08/2014 09:52:49]
AdwCleaner[R5].txt - [1473 octets] - [19/08/2014 19:40:45]
AdwCleaner[R6].txt - [1593 octets] - [19/08/2014 22:02:44]
AdwCleaner[R7].txt - [1653 octets] - [19/08/2014 22:44:16]
AdwCleaner[R8].txt - [1960 octets] - [23/08/2014 09:09:59]
AdwCleaner[S0].txt - [11291 octets] - [18/08/2014 16:18:39]
AdwCleaner[S1].txt - [1512 octets] - [19/08/2014 08:19:04]
AdwCleaner[S2].txt - [1538 octets] - [19/08/2014 09:54:46]
AdwCleaner[S3].txt - [1342 octets] - [19/08/2014 19:56:37]
AdwCleaner[S4].txt - [1718 octets] - [19/08/2014 22:44:32]
AdwCleaner[S5].txt - [1885 octets] - [23/08/2014 09:10:36]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1945 octets] ##########
 
 
 
 
 
 
 
 
 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by Schela on Sat 08/23/2014 at  9:17:28.67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{BAFD705B-98D4-429C-8AA5-8D2C1511B397}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 08/23/2014 at  9:27:03.72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
 
 
 
 
 
 
SystemLook 30.07.11 by jpshortstuff
Log created at 09:42 on 23/08/2014 by Schela
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "*Music Toolbar*"
No files found.
 
Searching for "*Datamngr*"
C:\Users\Schela\AppData\Local\Temp\jrt\datamngr_del.reg --a---- 386 bytes [14:17 23/08/2014] [03:41 22/08/2013] 95F42A3D43416D3BB978F174C83F494C
 
Searching for "*apcrtldr*"
No files found.
 
Searching for "*BearShare*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe.vir --a---- 31154176 bytes [16:07 08/02/2014] [12:47 19/11/2013] 3F795C004680CF73F12F774516751EAD
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BearShare Applications\BearShare\npBearSharePlugin.dll.vir --a---- 305152 bytes [16:07 08/02/2014] [12:38 19/11/2013] 2CEC721C2C698E3C40C600F74CBBCA1B
 
Searching for "*Musiclab*"
No files found.
 
========== folderfind ==========
 
Searching for "*Music Toolbar*"
No folders found.
 
Searching for "*Datamngr*"
No folders found.
 
Searching for "*apcrtldr*"
No folders found.
 
Searching for "*BearShare*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BearShare Applications d------ [21:18 18/08/2014]
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BearShare Applications\BearShare d------ [21:18 18/08/2014]
C:\Users\Schela\AppData\Local\BearShare d------ [16:07 08/02/2014]
C:\Users\Schela\AppData\LocalLow\bearsharemusicboxtoolbar181 d------ [16:06 08/02/2014]
C:\Users\Schela\Music\BearShare d------ [16:22 08/02/2014]
 
Searching for "*Musislab*"
No folders found.
 
========== regfind ==========
 
Searching for "Music Toolbar"
No data found.
 
Searching for "Datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4603BD00-7E08-4CC3-90D9-F5BC1EAA9A4E}]
"AppPath"="C:\PROGRA~2\MUSICT~1\Datamngr\SRTOOL~1\IE"
 
Searching for "apcrtldr"
No data found.
 
Searching for "BearShare"
[HKEY_CURRENT_USER\Software\BearShare]
[HKEY_CURRENT_USER\Software\BearShare\General]
"AppData"="C:\Users\Schela\AppData\Local\BearShare"
[HKEY_CURRENT_USER\Software\BearShare\General]
"StatisticsFileName"="C:\Users\Schela\AppData\Local\BearShare\Statistics.xml"
[HKEY_CURRENT_USER\Software\BearShare\General]
"CreativesFileName"="C:\Users\Schela\AppData\Local\BearShare\Creatives.xml"
[HKEY_CURRENT_USER\Software\BearShare\General]
"DownloadDir"="C:\Users\Schela\Music\BearShare"
[HKEY_CURRENT_USER\Software\BearShare\Player]
"PlayerUrl"=""
[HKEY_CURRENT_USER\Software\BearShare\Player]
"LocalPath"="C:\Users\Schela\AppData\Local\BearShare\Player.swf"
[HKEY_CURRENT_USER\Software\BearShare\Preferences]
"IMHistoryFolderPath"="C:\Users\Schela\Documents\BearShare"
[HKEY_CURRENT_USER\Software\BearShare\Preferences]
"IMPictureFolderPath"="C:\Users\Schela\AppData\Local\BearShare\IMPictures\"
[HKEY_CURRENT_USER\Software\BearShare\Preferences\CDSupport]
"CDDBHostName"="www.bearshare.com"
[HKEY_CURRENT_USER\Software\BearShare\Preferences\CDSupport]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.AIF\OpenWithList\BearShare.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.AIFC\OpenWithList\BearShare.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.AIFF\OpenWithList\BearShare.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ASF\OpenWithList\BearShare.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.AU\OpenWithList\BearShare.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.avi\OpenWithList\BearShare.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.CDA\OpenWithList\BearShare.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.divx\OpenWithList\BearShare.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.IVF\OpenWithList\BearShare.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.M1V\OpenWithList\BearShare.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.MID\OpenWithList\BearShare.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.MIDI\OpenWithList\BearShare.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.MOD\OpenWithList\BearShare.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.MP2\OpenWithList\BearShare.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.MP2V\OpenWithList\BearShare.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mp4\OpenWithList\BearShare.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mpa\OpenWithList\BearShare.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.MPE\OpenWithList\BearShare.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.MPEG\OpenWithList\BearShare.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.MPG\OpenWithList\BearShare.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.MPV2\OpenWithList\BearShare.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.qt\OpenWithList\BearShare.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.RMI\OpenWithList\BearShare.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.SND\OpenWithList\BearShare.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.vob\OpenWithList\BearShare.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.wav\OpenWithList\BearShare.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.wm\OpenWithList\BearShare.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.WMD\OpenWithList\BearShare.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.wmv\OpenWithList\BearShare.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.WMX\OpenWithList\BearShare.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BearShare.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\BearShareSetup-r1123-w-bi.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioCD\shell\PlayWithBearShare]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioCD\shell\PlayWithBearShare]
@="Play CD with BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BearShare]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BearShare.file]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BearShare.file]
@="BearShare media file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BearShare.file\shell\play]
@="Play with BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{87E8D7F8-7052-42A2-B48B-674C1F700A0B}\1.0\0\win64]
@="C:\Program Files (x86)\BearShare Applications\BearShare\Launcher_x64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\BearShare.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{87E8D7F8-7052-42A2-B48B-674C1F700A0B}\1.0\0\win64]
@="C:\Program Files (x86)\BearShare Applications\BearShare\Launcher_x64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSMediaPlayerOnArrival]
"DefaultIcon"="C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe, 0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSMediaPlayerOnArrival]
"Provider"="BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSMediaPlayerOnArrival]
"ProgID"="BearShare.LauncherEventHandler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSPlayCDAudioOnArrival]
"DefaultIcon"=""C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe",0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSPlayCDAudioOnArrival]
"Provider"="BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSPlayCDAudioOnArrival]
"InvokeProgID"="BearShare.AudioCD"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSRipCDAudioOnArrival]
"DefaultIcon"=""C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe",0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSRipCDAudioOnArrival]
"Provider"="BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSRipCDAudioOnArrival]
"InvokeProgID"="BearShare.AudioCD"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSShowCDAudioOnArrival]
"DefaultIcon"="C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSShowCDAudioOnArrival]
"Provider"="BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSShowCDAudioOnArrival]
"InvokeProgID"="BearShare.AudioCD"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSShowVolumeOnArrival]
"DefaultIcon"="C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSShowVolumeOnArrival]
"Provider"="BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSShowVolumeOnArrival]
"InvokeProgID"="BearShare.Device"
[HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications]
"BearShare"="SOFTWARE\BearShare\Capabilities"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare]
"home"="C:\Program Files (x86)\BearShare Applications\BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities]
"ApplicationDescription"="BearShare Music"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".asf"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".wm"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".wmx"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".wmd"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".wma"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".cda"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".wav"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".mp3"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".midi"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".mid"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".rmi"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".aiff"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".aif"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".aifc"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".au"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".snd"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".wmv"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".avi"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".mpeg"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".mpg"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".mpe"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".m1v"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".mp2"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".mpv2"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".mp2v"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".mpa"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".torrent"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".ape"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".m4e"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".ivf"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".qt"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".mod"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".vob"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".wv"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".divx"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".ram"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".rm"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".rmvb"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".mkv"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".mka"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".aac"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".m4a"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".flv"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\Capabilities\FileAssociations]
".mp4"="BearShare.file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\General]
"RemoteSkin"="C:\Program Files (x86)\BearShare Applications\BearShare\Skins\RemoteSkin.wmz"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\General]
"SettingsXML"="C:\Program Files (x86)\BearShare Applications\BearShare\Skins\settings.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\General]
"Skin"="C:\Program Files (x86)\BearShare Applications\BearShare\Skins\default.skn"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\General]
"SkinImagesFolder"="C:\Program Files (x86)\BearShare Applications\BearShare\Skins\Images\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\General]
"SkinXML"="C:\Program Files (x86)\BearShare Applications\BearShare\Skins\default.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare\General]
"DistScript"="C:\Program Files (x86)\BearShare Applications\BearShare\Copy_Folder.bat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSMediaPlayerOnArrival]
"DefaultIcon"="C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe, 0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSMediaPlayerOnArrival]
"Provider"="BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSMediaPlayerOnArrival]
"ProgID"="BearShare.LauncherEventHandler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSPlayCDAudioOnArrival]
"DefaultIcon"=""C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe",0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSPlayCDAudioOnArrival]
"Provider"="BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSPlayCDAudioOnArrival]
"InvokeProgID"="BearShare.AudioCD"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSRipCDAudioOnArrival]
"DefaultIcon"=""C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe",0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSRipCDAudioOnArrival]
"Provider"="BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSRipCDAudioOnArrival]
"InvokeProgID"="BearShare.AudioCD"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSShowCDAudioOnArrival]
"DefaultIcon"="C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSShowCDAudioOnArrival]
"Provider"="BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSShowCDAudioOnArrival]
"InvokeProgID"="BearShare.AudioCD"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSShowVolumeOnArrival]
"DefaultIcon"="C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSShowVolumeOnArrival]
"Provider"="BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSShowVolumeOnArrival]
"InvokeProgID"="BearShare.Device"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BearShare]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BearShare]
"DisplayName"="BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BearShare]
"InstallLocation"="C:\Program Files (x86)\BearShare Applications\BearShare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BearShare]
"DisplayIcon"="C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\BearShare.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{87E8D7F8-7052-42A2-B48B-674C1F700A0B}\1.0\0\win64]
@="C:\Program Files (x86)\BearShare Applications\BearShare\Launcher_x64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\RegisteredApplications]
"BearShare"="SOFTWARE\BearShare\Capabilities"
[HKEY_USERS\S-1-5-21-1610046111-1447223094-1531952853-1002\Software\BearShare]
[HKEY_USERS\S-1-5-21-1610046111-1447223094-1531952853-1002\Software\BearShare\General]
"AppData"="C:\Users\Schela\AppData\Local\BearShare"
[HKEY_USERS\S-1-5-21-1610046111-1447223094-1531952853-1002\Software\BearShare\General]
"StatisticsFileName"="C:\Users\Schela\AppData\Local\BearShare\Statistics.xml"
[HKEY_USERS\S-1-5-21-1610046111-1447223094-1531952853-1002\Software\BearShare\General]
"CreativesFileName"="C:\Users\Schela\AppData\Local\BearShare\Creatives.xml"
[HKEY_USERS\S-1-5-21-1610046111-1447223094-1531952853-1002\Software\BearShare\General]
"DownloadDir"="C:\Users\Schela\Music\BearShare"
[HKEY_USERS\S-1-5-21-1610046111-1447223094-1531952853-1002\Software\BearShare\Player]
"PlayerUrl"=""
[HKEY_USERS\S-1-5-21-1610046111-1447223094-1531952853-1002\Software\BearShare\Player]
"LocalPath"="C:\Users\Schela\AppData\Local\BearShare\Player.swf"
[HKEY_USERS\S-1-5-21-1610046111-1447223094-1531952853-1002\Software\BearShare\Preferences]
"IMHistoryFolderPath"="C:\Users\Schela\Documents\BearShare"
[HKEY_USERS\S-1-5-21-1610046111-1447223094-1531952853-1002\Software\BearShare\Preferences]
"IMPictureFolderPath"="C:\Users\Schela\AppData\Local\BearShare\IMPictures\"
[HKEY_USERS\S-1-5-21-1610046111-1447223094-1531952853-1002\Software\BearShare\Preferences\CDSupport]
"CDDBHostName"="www.bearshare.com"
[HKEY_USERS\S-1-5-21-1610046111-1447223094-1531952853-1002\Software\BearShare\Preferences\CDSupport]
 
Searching for "MusicLab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BearShare]
"Publisher"="Musiclab, LLC"
 
-= EOF =-

"Come now, and let us reason together,"
Says the LORD,
"Though your sins are as scarlet,
They will be as white as snow;
Though they are red like crimson,
They will be like wool.
(Isaiah 1:18)

#13 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 24 August 2014 - 09:18 AM

Hi teeps, 
 

Things are feeling more normal now. I'm not noticing any other issues at this point.

Good. Lets completely remove the BearShare programme, and check for any remnants.  
 

My only remaining question is what you prefer for a defrag tool.

I will provide a list of suggestions after the following steps have been completed. 

STEP 1
xMgeHyNE.png.pagespeed.ic.49_rDPUa_4.png Batch File

  • Press the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    @echo off
    rd /s /q "C:\Users\Schela\AppData\Local\BearShare"
    rd /s /q "C:\Users\Schela\AppData\LocalLow\bearsharemusicboxtoolbar181"
    rd /s /q "C:\Users\Schela\Music\BearShare"
    del %0
  • Click Format. Ensure Wordwrap is unchecked
  • Click FileSave As and name the file batchfile.bat
  • Select All Files as the Save as type.
  • Save the file to your Desktop
  • Locate batchfile.bat xlmRDSkT.png.pagespeed.ic.UByFR5z3ld.jpg (W8/7/Vista) or xtDIfEhH.png.pagespeed.ic.hUvF_Da3dc.png (XP) on your DesktopRight-click the icon and click xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator.
     

STEP 2
xAFZxnZc.jpg.pagespeed.ic.8db6OVtjOI.png DelFix

  • Please download DelFix and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
    • Create registry backup
  • Click the Run button.
     

STEP 3
xGIRjHjL.png.pagespeed.ic.UlTFY2Ulbn.jpg Reg Fix 

  • Press the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    Windows Registry Editor Version 5.00
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4603BD00-7E08-4CC3-90D9-F5BC1EAA9A4E}]
    [-HKEY_CURRENT_USER\Software\BearShare]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.AIF\OpenWithList\BearShare.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.AIFC\OpenWithList\BearShare.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.AIFF\OpenWithList\BearShare.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ASF\OpenWithList\BearShare.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.AU\OpenWithList\BearShare.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.avi\OpenWithList\BearShare.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.CDA\OpenWithList\BearShare.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.divx\OpenWithList\BearShare.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.IVF\OpenWithList\BearShare.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.M1V\OpenWithList\BearShare.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.MID\OpenWithList\BearShare.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.MIDI\OpenWithList\BearShare.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.MOD\OpenWithList\BearShare.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.MP2\OpenWithList\BearShare.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.MP2V\OpenWithList\BearShare.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mp4\OpenWithList\BearShare.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mpa\OpenWithList\BearShare.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.MPE\OpenWithList\BearShare.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.MPEG\OpenWithList\BearShare.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.MPG\OpenWithList\BearShare.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.MPV2\OpenWithList\BearShare.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.qt\OpenWithList\BearShare.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.RMI\OpenWithList\BearShare.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.SND\OpenWithList\BearShare.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.vob\OpenWithList\BearShare.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.wav\OpenWithList\BearShare.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.wm\OpenWithList\BearShare.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.WMD\OpenWithList\BearShare.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.wmv\OpenWithList\BearShare.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.WMX\OpenWithList\BearShare.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BearShare.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\BearShareSetup-r1123-w-bi.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioCD\shell\PlayWithBearShare]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BearShare]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BearShare.file]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{87E8D7F8-7052-42A2-B48B-674C1F700A0B}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\BearShare.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{87E8D7F8-7052-42A2-B48B-674C1F700A0B}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSMediaPlayerOnArrival]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSPlayCDAudioOnArrival]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSRipCDAudioOnArrival]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSShowCDAudioOnArrival]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSShowVolumeOnArrival]
    [HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications]
    "BearShare"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BearShare]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSMediaPlayerOnArrival]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSPlayCDAudioOnArrival]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\BSShowVolumeOnArrival]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BearShare]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\BearShare.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{87E8D7F8-7052-42A2-B48B-674C1F700A0B}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\RegisteredApplications]
    "BearShare"=-
    [-HKEY_USERS\S-1-5-21-1610046111-1447223094-1531952853-1002\Software\BearShare]
  • Click Format. Ensure Wordwrap is unchecked
  • Click FileSave As and name the file regfix.reg.
  • Select All Files as the Save as type.
  • Save the file to your Desktop
  • Locate regfix.reg xGIRjHjL.png.pagespeed.ic.UlTFY2Ulbn.jpg on your Desktop. Right-click the file and click Merge with the Registry
  • Accept any prompts. 
  • Reboot your computer for the changes to take effect.
     

STEP 4
xGfiJrQ9.png.pagespeed.ic.HjgFxjvw2Z.jpg Malwarebytes Anti-Malware (MBAM)

  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

STEP 5
GzlsbnV.png.pagespeed.ce.SLxxSJVib_.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Hide advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your Desktop, naming it something unique such as MyEsetScan.
  • Push the Back button.
  • Place a checkmark next to xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 6
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Did the bat file/reg fix run successfully?
  • MBAM log
  • ESET log

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#14 teeps

teeps

    Authentic Member

  • Authentic Member
  • PipPip
  • 170 posts

Posted 24 August 2014 - 04:00 PM

OK.  The batch file and the registry stuff ran well.  Rebooted as requested.

Here is the MalwareBytes and eSet logs:

 

==========================================================================

==========================================================================

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/24/2014
Scan Time: 1:14:59 PM
Logfile: malwarebytes-20140824.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.08.24.04
Rootkit Database: v2014.08.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Schela
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 314093
Time Elapsed: 20 min, 20 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 

==========================================================================

==========================================================================

 

 

 

 

 

 

 

==========================================================================

==========================================================================

ESET LOG

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\BearShare Applications\BearShare\Uninstall.exe.vir a variant of Win32/BearShare.A potentially unwanted application
C:\Users\Schela\Desktop\_TeepsToolBox\ccsetup416.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Schela\Desktop\_TeepsToolBox\smart-defrag-setup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application
 
 

==========================================================================

==========================================================================

 

"Come now, and let us reason together,"
Says the LORD,
"Though your sins are as scarlet,
They will be as white as snow;
Though they are red like crimson,
They will be like wool.
(Isaiah 1:18)

#15 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 24 August 2014 - 04:27 PM

Hello, 
 
Those logs look good. The last two files identified by ESET are installers that bundle additional software. They pose no harm, but can be deleted. Navigate to their folder, right-click and click Delete
 
Regarding a defrag tool, I recommend you take a look at 2Jjs9Hv.png Defraggler
 
From your logs I can see you are currently using MSCONFIG as a startup manager. I do not advise this. MSCONFIG is a system troubleshooting utility, designed to diagnose various issues such as slow boot ups. Using the tool as a startup manager means it cannot be used as diagnostic tool. Furthermore, there is a known issue where changes left permanently in MSCONFIG are irreversible using the tool. For these reasons, I recommend you look at one of the following (free) tools to use as a startup manager.

WinPatrol in particular may be confusing at first. I suggest reading the documentation on either programme should you choose to install one. Reverse any changes made in MSCONFIG to your startup programmes before using either programme. 
 

STEP 1
xCXrghb6.png.pagespeed.ic.GoiQhwxA2B.png Update Outdated Software

Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below.

STEP 2
xEtQetiM.png.pagespeed.ic.6601abWTTy.jpg Remove Outdated Software

  • Press the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programmes, right-click and click Uninstall one at a time.
    • Adobe Shockwave Player 11.6 
  • Follow the prompts and reboot if necessary.
     

STEP 3
oxliOQk.png.pagespeed.ce.C25V2YBM3k.png Security Check

  • Please download SecurityCheck and save the file to your Desktop.
  • Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
  • A log (checkup.txt) will automatically open on your Desktop.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 4
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • checkup.txt
  • How is your computer performing? Any outstanding issues?

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users