Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Lots of pop ups, redirects, and adware links on websites [Solved]

Started by Louie C , May 13 2015 10:34 AM

  • This topic is locked This topic is locked

#16
Louie C
Posted 28 May 2015 - 09:42 AM

Louie C

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Not only is it stubborn, but it is sneaky too!

Fix result of Farbar Recovery Scan Tool (x64) Version: 25-05-2015
Ran by Jamie_2 at 2015-05-28 11:09:45 Run:3
Running from C:\Users\Jamie_2\Desktop
Loaded Profiles: Jamie_2 (Available Profiles: Jamie & Connor & Jamie_2 & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
HKLM\...\Policies\Explorer: [HideSCAHealth] 1

CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-05-09]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-09]

EmptyTemp:
*****************

Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => value Removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => key Removed successfully
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key Removed successfully
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
EmptyTemp: => Removed 37.9 MB temporary data.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-05-28 11:12:57)<=

"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx" => Could not move
"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Could not move

==== End of Fixlog 11:12:58 ====

 

 

 

Shortcut:

 

Users shortcut scan result (x64) Version: 25-05-2015
Ran by Jamie_2 at 2015-05-28 11:40:37
Running from C:\Users\Jamie_2\Desktop
Boot Mode: Normal
==================== shortcuts =============================

(shortcuts.)



Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camera.lnk -> C:\Windows\Camera\Camera.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileManager.lnk -> C:\Windows\FileManager\FileManager.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gateway Games.lnk -> C:\Users\Jamie_2\AppData\Local\Pokki\Engine\pokki.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotosApp.lnk -> C:\Windows\FileManager\PhotosApp.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spotify.lnk -> C:\Program Files (x86)\Spotify\SpotifyLauncher.exe (Spotify Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Store.lnk -> C:\Windows\WinStore\WinStore.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle\SoftwareWatcher bundle.lnk -> C:\Program Files (x86)\sweetpacks bundle uninstaller\uninstaller.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\About QuickTime.lnk -> C:\Windows\Installer\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}\RichText.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime Player.lnk -> C:\Windows\Installer\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}\QTPlayer.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1\OpenOffice Base.lnk -> C:\Program Files (x86)\OpenOffice 4\program\sbase.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1\OpenOffice Calc.lnk -> C:\Program Files (x86)\OpenOffice 4\program\scalc.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1\OpenOffice Draw.lnk -> C:\Program Files (x86)\OpenOffice 4\program\sdraw.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1\OpenOffice Impress.lnk -> C:\Program Files (x86)\OpenOffice 4\program\simpress.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1\OpenOffice Math.lnk -> C:\Program Files (x86)\OpenOffice 4\program\smath.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1\OpenOffice Writer.lnk -> C:\Program Files (x86)\OpenOffice 4\program\swriter.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1\OpenOffice.lnk -> C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero ControlCenter.lnk -> C:\Windows\Installer\{ABC88553-8770-4B97-B43E-5A90647A5B63}\ScControlCenterSta_FC2653898C5047A6A872CAF6433C43A8.exe (Acresso Software Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 12\Nero BackItUp.lnk -> C:\Windows\Installer\{DA2D3078-A58C-45E8-8EE0-18B8BE6B34F7}\BackItUp._6DE631547FD24BC5962A4E5F07A1BE20.exe (Acresso Software Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 12\Nero RescueAgent.lnk -> C:\Windows\Installer\{A2D43081-CF7B-4637-A9F3-E2651AA5C4A8}\NeroRescueAgent.ex_2882597C6E684EBDA23F3CF2CA0CBC30.exe (Acresso Software Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Access 2013.lnk -> C:\Windows\Installer\{91150000-0015-0000-0000-0000000FF1CE}\accicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Office 2013 Language Preferences.lnk -> C:\Windows\Installer\{91150000-0015-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Office 2013 Upload Center.lnk -> C:\Windows\Installer\{91150000-0015-0000-0000-0000000FF1CE}\msouc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware Notifications.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\About iTunes.lnk -> C:\Program Files\iTunes\iTunes.Resources\en.lproj\About iTunes.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel® Rapid Storage Technology.lnk -> C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorUI.exe (Intel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\iCloud Photos.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\ShellStreamsShortcut.exe (Apple Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\iCloud.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe (Apple Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gateway\Gateway Recovery Management.lnk -> C:\Program Files\Gateway\Gateway Recovery Management\eRecoveryUI.exe (Acer Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gateway\Gateway User's Manual.lnk -> C:\OEM\Preload\Autorun\GUI\Gateway User's Manual\00\LaunchPDF.exe (Acer)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gateway\Hotkey Utility.lnk -> C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe (Acer Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gateway\Identity Card.lnk -> C:\Program Files (x86)\Gateway\Identity Card\IDCard.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gateway\Live Updater.lnk -> C:\Program Files (x86)\Gateway\Live Updater\updater.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 12\CyberLink PowerDVD 12.lnk -> C:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLP.exe (CyberLink Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative\Creative Software AutoUpdate.lnk -> C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe (Creative Technology Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative\Sound Blaster Cinema\Sound Blaster Cinema.lnk -> C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe (Creative Technology Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software\Avast Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\avastui.exe (Avast Software s.r.o.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon 1Button App\Amazon.lnk -> C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonTaskbarApp.exe (Amazon)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\abDocs.lnk -> C:\Program Files (x86)\Acer\abDocs\abDocs.exe (acer)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\abMedia.lnk -> C:\Program Files (x86)\Acer\abMedia\abMedia.exe (Acer Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\abPhoto.lnk -> C:\Program Files (x86)\Acer\abPhoto\abPhoto.exe (Acer Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Acer Portal.lnk -> C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe (Acer)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\Users\Connor\Links\Desktop.lnk -> C:\Users\Connor\Desktop ()
Shortcut: C:\Users\Connor\Links\Downloads.lnk -> C:\Users\Connor\Downloads ()
Shortcut: C:\Users\Connor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Connor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft.lnk -> C:\Users\Connor\Downloads\Minecraft.exe ()
Shortcut: C:\Users\Connor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Connor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows.Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
Shortcut: C:\Users\Connor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Connor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Connor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Connor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Connor\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (No File)
Shortcut: C:\Users\Connor\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Connor\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Acer Media.lnk -> C:\Program Files (x86)\Acer\Acer Media\AcerMedia.exe (No File)
Shortcut: C:\Users\Connor\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Acer Photo.lnk -> C:\Program Files (x86)\Acer\Acer Photo\AcerPhoto.exe (No File)
Shortcut: C:\Users\Connor\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Amazon.lnk -> C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonTaskbarApp.exe (Amazon)
Shortcut: C:\Users\Connor\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (No File)
Shortcut: C:\Users\Connor\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Connor\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Connor\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Connor\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Connor\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Connor\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Connor\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Connor\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Connor\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Connor\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Connor\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk -> C:\Users\Jamie_2\Documents ()
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk -> C:\Users\Jamie_2\Pictures ()
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows.Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk -> C:\Users\Guest\Documents ()
Shortcut: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk -> C:\Users\Guest\Pictures ()
Shortcut: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows.Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
Shortcut: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (No File)
Shortcut: C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Acer Media.lnk -> C:\Program Files (x86)\Acer\Acer Media\AcerMedia.exe (No File)
Shortcut: C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Acer Photo.lnk -> C:\Program Files (x86)\Acer\Acer Photo\AcerPhoto.exe (No File)
Shortcut: C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Amazon.lnk -> C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonTaskbarApp.exe (Amazon)
Shortcut: C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gateway Games.lnk -> C:\Users\Guest\AppData\Local\Pokki\Engine\pokki.exe (No File)
Shortcut: C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (No File)
Shortcut: C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Guest\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Guest\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Guest\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Guest\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Guest\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Guest\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Guest\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Guest\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Guest\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Jamie\Links\Desktop.lnk -> C:\Users\Jamie\Desktop ()
Shortcut: C:\Users\Jamie\Links\Downloads.lnk -> C:\Users\Jamie\Downloads ()
Shortcut: C:\Users\Jamie\Links\Isaac Hayes - The Look Of Love (Long Version).mp3.lnk -> C:\Users\Jamie\Downloads\Isaac Hayes - The Look Of Love (Long Version).mp3 (No File)
Shortcut: C:\Users\Jamie\Links\Mobile Uploads.lnk -> C:\Users\Jamie\Mobile Uploads ()
Shortcut: C:\Users\Jamie\Desktop\125px-Flag_of_Delaware.svg.png - Shortcut.lnk -> C:\Users\Jamie\Downloads\Chapter 10\125px-Flag_of_Delaware.svg.png (No File)
Shortcut: C:\Users\Jamie\Desktop\Shortcut to SecureDownloadManager.exe.lnk -> C:\Users\Jamie\AppData\Roaming\Microsoft\Installer\{E040B65B-8683-4228-8C33-D44A141E40EA}\_80D807FC3A72E5B428F1ED.exe ()
Shortcut: C:\Users\Jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft.lnk -> C:\Users\Jamie\Downloads\Minecraft.exe ()
Shortcut: C:\Users\Jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk -> C:\Users\Jamie\AppData\Local\Pokki\Engine\pokki.exe (No File)
Shortcut: C:\Users\Jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows.Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
Shortcut: C:\Users\Jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Jamie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (No File)
Shortcut: C:\Users\Jamie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Jamie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (No File)
Shortcut: C:\Users\Jamie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Jamie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Jamie\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Jamie\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Jamie\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Jamie\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Jamie\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Jamie\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Jamie\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Jamie\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Jamie\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Jamie_2\Desktop\FRST64 - Shortcut.lnk -> C:\Users\Jamie_2\Desktop\FRST64.exe (Farbar)
Shortcut: C:\Users\Jamie_2\Desktop\VirtualDJ 8.lnk -> C:\Program Files (x86)\VirtualDJ\virtualdj8.exe (Atomix Productions)
Shortcut: C:\Users\Jamie_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk -> C:\Users\Jamie_2\Documents ()
Shortcut: C:\Users\Jamie_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gateway Games.lnk -> C:\Users\Jamie_2\AppData\Local\Pokki\Engine\HostAppService.exe (No File)
Shortcut: C:\Users\Jamie_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Jamie_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk -> C:\Users\Jamie_2\AppData\Local\Pokki\Engine\HostAppService.exe (No File)
Shortcut: C:\Users\Jamie_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk -> C:\Users\Jamie_2\Pictures ()
Shortcut: C:\Users\Jamie_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Setup QuickStart.lnk -> C:\Users\Jamie_2\Documents\VirtualDJ\VirtualDJ 8 - Getting Started.pdf ()
Shortcut: C:\Users\Jamie_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\User Guide.lnk -> C:\Users\Jamie_2\Documents\VirtualDJ\VirtualDJ 8 - User Guide.pdf ()
Shortcut: C:\Users\Jamie_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\VirtualDJ 8.lnk -> C:\Program Files (x86)\VirtualDJ\virtualdj8.exe (Atomix Productions)
Shortcut: C:\Users\Jamie_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Jamie_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows.Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
Shortcut: C:\Users\Jamie_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (No File)
Shortcut: C:\Users\Jamie_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Jamie_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Jamie_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Jamie_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Jamie_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Jamie_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Amazon.lnk -> C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonTaskbarApp.exe (Amazon)
Shortcut: C:\Users\Jamie_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Jamie_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Jamie_2\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Jamie_2\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Jamie_2\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Jamie_2\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Jamie_2\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Jamie_2\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Jamie_2\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Jamie_2\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Jamie_2\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\abDocs.lnk -> C:\Program Files (x86)\Acer\abDocs\abDocs.exe (acer)
Shortcut: C:\Users\Public\Desktop\abMedia.lnk -> C:\Program Files (x86)\Acer\abMedia\abMedia.exe (Acer Incorporated)
Shortcut: C:\Users\Public\Desktop\abPhoto.lnk -> C:\Program Files (x86)\Acer\abPhoto\abPhoto.exe (Acer Incorporated)
Shortcut: C:\Users\Public\Desktop\Acer Portal.lnk -> C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe (Acer)
Shortcut: C:\Users\Public\Desktop\Avast Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\avastui.exe (Avast Software s.r.o.)
Shortcut: C:\Users\Public\Desktop\CyberLink PowerDVD 12.lnk -> C:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLP.exe (CyberLink Corp.)
Shortcut: C:\Users\Public\Desktop\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
Shortcut: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk -> C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
Shortcut: C:\Users\Public\Desktop\QuickTime Player.lnk -> C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe (Apple Inc.)


ShortcutWithArgument: C:\Users\Public\Desktop\Buy Online.lnk -> C:\Program Files\Accessory Store\StartURL.exe () -> hxxp://go.gateway.com/?id=16756&model=ZX4665G


ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - acer.lnk -> C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe (WildTangent) -> /src gamesmenu /dp acerdt
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Uninstall QuickTime.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /i {3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E} /qf
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel® HD Graphics Control Panel.lnk -> C:\Windows\System32\GfxUIEx.exe (Intel Corporation) -> Metro
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Calendar.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> calendar
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Contacts.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> contacts
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Find My iPhone.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> find
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Mail.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> mail
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Notes.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> notes
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Reminders.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> reminders
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Polar Bowler.lnk -> C:\Program Files (x86)\WildTangent Games\Games\PolarBowler(CLASSIC)\Polar-WT.exe (WildTangent, Inc.) -> /launchgc /src gamesmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Polar Golfer.lnk -> C:\Program Files (x86)\WildTangent Games\Games\PolarGolfer\golf-WT.exe (WildTangent, Inc.) -> /launchgc /src gamesmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Run N Gun Football.lnk -> C:\Program Files (x86)\WildTangent Games\Games\RunNGunFootball\WTGame-WT.exe (WildTangent, Inc.) -> /launchgc /src gamesmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\WildTangent Games App - acer.lnk -> C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe (WildTangent) -> /src gamesmenu /dp acerdt
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Acer Remote Files.lnk -> C:\Program Files\Acer\Remote Files\RemoteFilesService.exe (Acer Incorporated) -> --open-shell --check-update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{f244afb6-a31c-4254-82f2-e89a2cfa9c24}\PlayTasks\0\Luxor Evolved.lnk -> C:\Program Files (x86)\WildGames\Luxor Evolved\luxor_ev_x86-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexplorer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{ea4a3b3f-276d-4220-b3a1-0f55551291f3}\PlayTasks\0\Run N Gun Football.lnk -> C:\Program Files (x86)\WildTangent Games\Games\RunNGunFootball\WTGame-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexplorer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{d75be608-ef6d-4189-b804-9ea3b2094046}\PlayTasks\0\Cradle Of Egypt Collector's Edition.lnk -> C:\Program Files (x86)\WildGames\Cradle Of Egypt Collectors Edition\cradleofegyptcollectorsedition-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexplorer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{d58eecb0-0816-11de-8c30-0800200c9a66}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\WildTangent Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=d58eecb0-0816-11de-8c30-0800200c9a66 /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{c3c636e0-1b04-11de-8c30-0800200c9a66}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\WildTangent Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=c3c636e0-1b04-11de-8c30-0800200c9a66 /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{9fbd6a31-c1d2-4269-a69a-fb9d00766ebc}\PlayTasks\0\Trinklit Supreme.lnk -> C:\Program Files (x86)\WildGames\Trinklit Supreme\trinklitsupreme-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexplorer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{977b5905-4d14-47f1-bbbf-7b92f596695d}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\WildTangent Games\Game Explorer Categories - main\provider.exe (WildTangent) -> /id=977b5905-4d14-47f1-bbbf-7b92f596695d /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{951226E3-26FC-40BC-8085-3677B1128F59}\PlayTasks\0\Polar Bowler.lnk -> C:\Program Files (x86)\WildTangent Games\Games\PolarBowler(CLASSIC)\Polar-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexplorer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{74e6d22f-cb18-4829-9d0a-ed768ab6d91e}\PlayTasks\0\Peggle Nights.lnk -> C:\Program Files (x86)\WildGames\Peggle Nights\pegglenights-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexplorer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{7364bdbb-1a13-4f43-b6fc-8decae898f9c}\PlayTasks\0\The Chronicles of Emerland Solitaire.lnk -> C:\Program Files (x86)\WildGames\The Chronicles of Emerland Solitaire\solitaire-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexplorer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{5efc38bb-2dab-4442-8e97-38975fa121af}\PlayTasks\0\Magic Academy.lnk -> C:\Program Files (x86)\WildGames\Magic Academy\Magic Academy-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexplorer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{5ae0d760-ddcf-4247-85df-eacefd518e86}\PlayTasks\0\Plants vs. Zombies - Game of the Year.lnk -> C:\Program Files (x86)\WildGames\Plants vs Zombies - Game of the Year\plantsvszombies-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexplorer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{3eda1e54-8889-41f5-a649-5a306789b7ef}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\WildTangent Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=3eda1e54-8889-41f5-a649-5a306789b7ef /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{2698CE7D-5E0F-45A5-B451-557D8A56C3B9}\PlayTasks\0\Polar Golfer.lnk -> C:\Program Files (x86)\WildTangent Games\Games\PolarGolfer\golf-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexplorer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{26352374-af55-4b53-b07b-6b0288ed97df}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\WildTangent Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=26352374-af55-4b53-b07b-6b0288ed97df /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{1447c6c0-8a7b-4b3f-a3b2-cbc9cb3ff16d}\PlayTasks\0\Aloha TriPeaks.lnk -> C:\Program Files (x86)\WildGames\Aloha TriPeaks\alohatripeaks-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexplorer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{11df15ff-f066-4c33-ac85-8738689543f5}\PlayTasks\0\Governor of Poker 2 Premium Edition.lnk -> C:\Program Files (x86)\WildGames\Governor of Poker 2 Premium Edition\GovernorofPoker2_PE_WildTangent_v1.5-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexplorer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{000d96f5-8034-4b74-a429-b6f0b04c75f4}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\WildTangent Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=000d96f5-8034-4b74-a429-b6f0b04c75f4 /src gameexploreroem
ShortcutWithArgument: C:\Users\Connor\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Connor\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\Connor\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Connor\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\Connor\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\Connor\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\Connor\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Connor\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Connor\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> /e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
ShortcutWithArgument: C:\Users\Connor\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Connor\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> /e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Guest\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\Guest\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Guest\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\Guest\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\Guest\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\Guest\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Guest\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Guest\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> /e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
ShortcutWithArgument: C:\Users\Guest\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Guest\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Jamie\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Jamie\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\Jamie\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Jamie\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\Jamie\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\Jamie\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\Jamie\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Jamie\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Jamie\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> /e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
ShortcutWithArgument: C:\Users\Jamie\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Jamie\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Jamie\AppData\Local\Microsoft\Windows\GameExplorer\{d58eecb0-0816-11de-8c30-0800200c9a66}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\WildTangent Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=d58eecb0-0816-11de-8c30-0800200c9a66 /src gameexploreroem
ShortcutWithArgument: C:\Users\Jamie\AppData\Local\Microsoft\Windows\GameExplorer\{5ae0d760-ddcf-4247-85df-eacefd518e86}\PlayTasks\0\Plants vs. Zombies - Game of the Year.lnk -> C:\Program Files (x86)\WildGames\Plants vs Zombies - Game of the Year\plantsvszombies-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexplorer
ShortcutWithArgument: C:\Users\Jamie\AppData\Local\Microsoft\Windows\GameExplorer\{000d96f5-8034-4b74-a429-b6f0b04c75f4}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\WildTangent Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=000d96f5-8034-4b74-a429-b6f0b04c75f4 /src gameexploreroem
ShortcutWithArgument: C:\Users\Jamie_2\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Jamie_2\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\Jamie_2\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Jamie_2\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\Jamie_2\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\Jamie_2\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\Jamie_2\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Jamie_2\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Jamie_2\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> /e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
ShortcutWithArgument: C:\Users\Jamie_2\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Jamie_2\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Public\Desktop\Acer Remote Files.lnk -> C:\Program Files\Acer\Remote Files\RemoteFilesService.exe (Acer Incorporated) -> --open-shell --check-update
ShortcutWithArgument: C:\Users\Public\Desktop\Intel® HD Graphics Control Panel.lnk -> C:\Windows\System32\GfxUIEx.exe (Intel Corporation) -> Desktop
ShortcutWithArgument: C:\Users\Public\Desktop\WildTangent Games App - acer.lnk -> C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe (WildTangent) -> /src desktop /dp acerdt


InternetURL: C:\Users\Connor\Favorites\Bing.url -> hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\Connor\Favorites\Gateway\Gateway.url -> hxxp://www.gateway.com/
InternetURL: C:\Users\Connor\Favorites\Gateway\WildTangent Games.url -> hxxp://rdr.wildtangent.com/default/gateway/iefav.aspx
InternetURL: C:\Users\Default\Favorites\Gateway\Gateway.url -> hxxp://www.gateway.com/
InternetURL: C:\Users\Default\Favorites\Gateway\WildTangent Games.url -> hxxp://rdr.wildtangent.com/default/gateway/iefav.aspx
InternetURL: C:\Users\Guest\Favorites\Bing.url -> hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\Guest\Favorites\Gateway\Gateway.url -> hxxp://www.gateway.com/
InternetURL: C:\Users\Guest\Favorites\Gateway\WildTangent Games.url -> hxxp://rdr.wildtangent.com/default/gateway/iefav.aspx
InternetURL: C:\Users\Jamie\Favorites\Bing.url -> hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\Jamie\Favorites\Links\Gateway Accessory Store.url -> hxxp://go.gateway.com/?id=16759&model=ZX4665G
InternetURL: C:\Users\Jamie\Favorites\Gateway\eBay.url -> hxxp://rover.ebay.com/rover/1/711-66992-17054-2/4
InternetURL: C:\Users\Jamie\Favorites\Gateway\Gateway.url -> hxxp://www.gateway.com/
InternetURL: C:\Users\Jamie\Favorites\Gateway\WildTangent Games.url -> hxxp://rdr.wildtangent.com/default/gateway/iefav.aspx
InternetURL: C:\Users\Jamie\Desktop\Mail.URL -> hxxp://mail.yahoo.com/?.partner=sbc
InternetURL: C:\Users\Jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Unturned.url -> steam://rungameid/304930
InternetURL: C:\Users\Jamie_2\Favorites\Bing.url -> hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\Jamie_2\Favorites\Gateway\Gateway.url -> hxxp://www.gateway.com/
InternetURL: C:\Users\Jamie_2\Favorites\Gateway\WildTangent Games.url -> hxxp://rdr.wildtangent.com/default/gateway/iefav.aspx
InternetURL: C:\Users\Jamie_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Unturned.url -> steam://rungameid/304930

==================== End of log =============================
 

 


  • 0

Advertisements

#17
Louie C
Posted 28 May 2015 - 10:43 AM

Louie C

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Whoops, looks like I forgot the the regular FRST log!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-05-2015
Ran by Jamie_2 (administrator) on PC on 28-05-2015 11:37:50
Running from C:\Users\Jamie_2\Desktop
Loaded Profiles: Jamie_2 (Available Profiles: Jamie & Connor & Jamie_2 & Guest)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13651672 2013-09-03] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2013-08-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [66304 2015-05-06] (Acer Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [92928 2015-05-06] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-25] (Qualcomm®Atheros®)
HKU\S-1-5-21-3151930542-3110385303-2721579357-1003\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2574080 2015-05-06] (Acer)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-09] (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.c...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKU\S-1-5-21-3151930542-3110385303-2721579357-1003\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.c...q={searchTerms}
HKU\S-1-5-21-3151930542-3110385303-2721579357-1003\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-3151930542-3110385303-2721579357-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3151930542-3110385303-2721579357-1003 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3151930542-3110385303-2721579357-1003 -> {2885A96B-EBC2-47AB-AEBC-A2129EE460D9} URL =
SearchScopes: HKU\S-1-5-21-3151930542-3110385303-2721579357-1003 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.c...q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-09] (Avast Software s.r.o.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-09] (Avast Software s.r.o.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Jamie_2\AppData\Roaming\Mozilla\Firefox\Profiles\figbnj9s.default
FF DefaultSearchEngine.US: Google (avast)
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll [2014-04-15] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-31] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll [2015-03-03] ()
FF Plugin HKU\S-1-5-21-3151930542-3110385303-2721579357-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jamie_2\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-02-24] (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Jamie_2\AppData\Roaming\Mozilla\Firefox\Profiles\figbnj9s.default\searchplugins\google-avast.xml [2015-05-09]
FF Extension: 123647d5da434344bfe2fc093bdf8f5e - C:\Users\Jamie_2\AppData\Roaming\Mozilla\Firefox\Profiles\figbnj9s.default\Extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e} [2015-05-17]
FF Extension: Adblock Plus - C:\Users\Jamie_2\AppData\Roaming\Mozilla\Firefox\Profiles\figbnj9s.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-29]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-09]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows ® Win 7 DDK provider) []
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-09] (Avast Software s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2839296 2015-05-05] (Acer Incorporated)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-04] (Microsoft Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373824 2015-05-15] (WildTangent)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) []
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-09] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-09] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-09] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-09] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-09] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-09] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-09] ()
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3855872 2013-09-11] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-25] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-07-21] (LogMeIn Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-27] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R2 RtkIOAC60; C:\Windows\system32\DRIVERS\RtkIOAC60.sys [29912 2013-07-19] (Realtek semiconductor corp)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) []
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-27 13:06 - 2015-05-27 13:06 - 00001046 _____ () C:\Users\Jamie_2\Desktop\MBAM.txt
2015-05-27 11:11 - 2015-05-28 00:42 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3151930542-3110385303-2721579357-1003
2015-05-26 13:09 - 2015-05-26 13:09 - 02223104 _____ () C:\Users\Jamie_2\Downloads\AdwCleaner.exe
2015-05-26 13:08 - 2015-05-26 13:08 - 02946703 _____ (Thisisu) C:\Users\Jamie_2\Downloads\JRT(1).exe
2015-05-26 12:38 - 2015-05-26 13:07 - 00002792 _____ () C:\Users\Jamie_2\Desktop\JRT.txt
2015-05-26 12:35 - 2015-05-26 12:35 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-PC-Windows-8.1-(64-bit).dat
2015-05-26 12:35 - 2015-05-26 12:35 - 00000000 ____D () C:\RegBackup
2015-05-26 12:34 - 2015-05-26 12:34 - 02946703 _____ (Thisisu) C:\Users\Jamie_2\Downloads\JRT.exe
2015-05-26 12:01 - 2015-05-26 12:01 - 00000914 _____ () C:\Users\Jamie_2\Desktop\FRST64 - Shortcut.lnk
2015-05-26 11:35 - 2015-05-26 11:42 - 00000246 _____ () C:\Users\Jamie_2\Desktop\Search.txt
2015-05-22 10:13 - 2015-05-22 10:14 - 00050522 _____ () C:\Users\Jamie_2\Desktop\Addition.txt
2015-05-22 10:09 - 2015-05-28 11:37 - 00015366 _____ () C:\Users\Jamie_2\Desktop\FRST.txt
2015-05-20 10:38 - 2015-05-20 10:38 - 01124544 _____ (Adobe Systems Incorporated) C:\Users\Jamie_2\Desktop\flashplayer17au_ga_install.exe
2015-05-18 23:51 - 2015-05-18 23:51 - 00001182 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-18 23:51 - 2015-05-18 23:51 - 00001170 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-18 23:51 - 2015-05-18 23:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-17 02:17 - 2015-05-17 02:17 - 00013524 _____ () C:\Windows\SysWOW64\cfg
2015-05-14 20:53 - 2015-05-19 00:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-14 04:02 - 2015-05-14 04:02 - 00551734 _____ () C:\Users\Jamie_2\Desktop\gtgresponse.txt
2015-05-14 02:53 - 2015-05-14 02:53 - 00051674 _____ () C:\Users\Jamie_2\Documents\Untitled 1.odt
2015-05-14 02:47 - 2015-05-14 02:47 - 00000000 ____D () C:\Users\Jamie_2\AppData\Roaming\OpenOffice
2015-05-14 01:04 - 2015-05-26 11:32 - 00000000 ____D () C:\Users\Jamie_2\Desktop\FRST-OlderVersion
2015-05-13 12:23 - 2015-05-13 12:23 - 00000000 ____D () C:\Windows\pss
2015-05-13 12:06 - 2015-04-24 17:32 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 12:06 - 2015-03-04 19:09 - 01429504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 11:35 - 2015-05-13 11:35 - 00002004 _____ () C:\Users\Public\Desktop\abMedia.lnk
2015-05-13 11:32 - 2015-05-13 11:32 - 00002008 _____ () C:\Users\Public\Desktop\abPhoto.lnk
2015-05-13 03:00 - 2015-04-30 16:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 03:00 - 2015-04-30 16:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 02:46 - 2015-05-26 11:32 - 02108928 _____ (Farbar) C:\Users\Jamie_2\Desktop\FRST64.exe
2015-05-13 02:31 - 2015-05-13 02:31 - 02102784 _____ (Farbar) C:\Users\Jamie_2\Downloads\FRST64(1).exe
2015-05-13 02:24 - 2015-05-28 11:37 - 00000000 ____D () C:\FRST
2015-05-13 02:15 - 2015-05-13 02:15 - 02102784 _____ (Farbar) C:\Users\Jamie_2\Downloads\FRST64.exe
2015-05-13 00:58 - 2015-05-13 00:58 - 00003334 _____ () C:\Windows\System32\Tasks\AcerCloud
2015-05-13 00:58 - 2015-05-13 00:58 - 00002031 _____ () C:\Users\Public\Desktop\Acer Portal.lnk
2015-05-12 16:41 - 2015-05-12 16:41 - 00001972 _____ () C:\Users\Public\Desktop\abDocs.lnk
2015-05-12 16:21 - 2015-04-21 13:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 16:21 - 2015-04-21 12:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 16:21 - 2015-04-21 12:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-12 16:21 - 2015-04-21 11:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 16:21 - 2015-04-21 11:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-12 16:20 - 2015-04-21 12:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 16:20 - 2015-04-21 12:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 16:20 - 2015-04-21 12:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 16:20 - 2015-04-21 12:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 16:20 - 2015-04-21 12:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 16:20 - 2015-04-21 12:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-05-12 16:20 - 2015-04-21 12:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-12 16:20 - 2015-04-21 12:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-12 16:20 - 2015-04-21 12:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 16:20 - 2015-04-21 12:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-05-12 16:20 - 2015-04-21 12:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 16:20 - 2015-04-21 12:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-12 16:20 - 2015-04-21 11:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-05-12 16:20 - 2015-04-21 11:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-12 16:20 - 2015-04-21 11:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-05-12 16:20 - 2015-04-21 11:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 16:20 - 2015-04-21 11:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 16:20 - 2015-04-21 11:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 16:20 - 2015-04-21 11:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 16:20 - 2015-04-21 11:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-12 16:20 - 2015-04-21 11:37 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-05-12 16:20 - 2015-04-21 11:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-12 16:20 - 2015-04-21 11:32 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-05-12 16:20 - 2015-04-21 11:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-12 16:20 - 2015-04-21 11:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-05-12 16:20 - 2015-04-21 11:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 16:20 - 2015-04-21 11:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-12 16:20 - 2015-04-21 11:26 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-12 16:20 - 2015-04-21 11:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-12 16:20 - 2015-04-21 11:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 16:20 - 2015-04-21 11:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-12 16:20 - 2015-04-21 11:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-12 16:20 - 2015-04-21 10:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-12 16:20 - 2015-04-21 10:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-12 16:14 - 2015-04-09 20:34 - 02256896 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-12 16:14 - 2015-04-09 20:11 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-05-12 16:14 - 2015-03-17 13:26 - 00467776 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-05-12 16:14 - 2015-03-08 22:02 - 00057856 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthhfenum.sys
2015-05-12 16:12 - 2015-04-30 19:05 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 16:12 - 2015-04-30 18:48 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 16:12 - 2015-03-19 21:56 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-05-12 16:12 - 2015-03-03 21:32 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2015-05-12 16:12 - 2015-03-03 21:12 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-12 16:12 - 2015-01-29 20:53 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-05-12 16:12 - 2014-11-14 02:58 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsDatabase.dll
2015-05-12 16:05 - 2015-04-13 18:48 - 04180480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 16:05 - 2015-04-09 21:00 - 01996800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 16:05 - 2015-04-09 20:50 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 16:05 - 2015-04-09 20:26 - 01560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-12 16:05 - 2015-04-08 18:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 16:05 - 2015-04-02 20:35 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2015-05-12 16:05 - 2015-04-02 20:14 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2015-05-12 16:05 - 2015-04-01 18:22 - 02985984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2015-05-12 16:05 - 2015-04-01 18:20 - 04417536 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2015-05-12 16:05 - 2015-03-31 23:45 - 01491456 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2015-05-12 16:05 - 2015-03-31 22:31 - 01207296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2015-05-12 16:05 - 2015-03-30 01:47 - 00561928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-12 16:05 - 2015-03-26 23:27 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 16:05 - 2015-03-26 22:50 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-12 16:05 - 2015-03-26 22:48 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 16:05 - 2015-03-13 00:03 - 00239424 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-05-12 16:05 - 2015-03-13 00:03 - 00154432 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2015-05-12 16:05 - 2015-03-12 22:02 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2015-05-12 16:05 - 2015-03-12 21:11 - 02162176 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2015-05-12 16:05 - 2015-03-12 20:39 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2015-05-12 16:05 - 2015-03-12 20:29 - 00410017 _____ () C:\Windows\system32\ApnDatabase.xml
2015-05-12 16:05 - 2015-03-10 21:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-12 16:05 - 2015-03-10 21:09 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-12 16:05 - 2015-03-05 23:08 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-12 16:05 - 2015-03-05 22:47 - 01696256 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2015-05-12 16:05 - 2015-03-05 22:43 - 01969664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-12 16:05 - 2015-02-17 19:19 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-05-12 13:36 - 2015-05-12 13:36 - 00000000 ____D () C:\ProgramData\a44ab4100001cfa
2015-05-12 13:32 - 2015-05-12 13:32 - 00000000 ____D () C:\ProgramData\COMODO
2015-05-12 13:26 - 2015-05-12 13:26 - 00000000 ____D () C:\Users\Jamie_2\Documents\Java
2015-05-09 16:29 - 2015-05-12 13:34 - 00000000 ____D () C:\Users\Jamie_2\AppData\Roaming\Dropbox
2015-05-09 16:19 - 2015-05-09 16:19 - 00000000 ____D () C:\Users\Jamie_2\AppData\Roaming\AVAST Software
2015-05-09 16:16 - 2015-05-09 16:16 - 00001945 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-05-09 16:16 - 2015-05-09 16:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-05-09 16:15 - 2015-05-14 11:28 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-05-09 16:14 - 2015-05-09 16:14 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-05-09 16:14 - 2015-05-09 16:14 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-05-09 16:14 - 2015-05-09 16:14 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-05-09 16:14 - 2015-05-09 16:14 - 00272248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-05-09 16:14 - 2015-05-09 16:14 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-05-09 16:14 - 2015-05-09 16:14 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-05-09 16:14 - 2015-05-09 16:14 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-05-09 16:14 - 2015-05-09 16:14 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-05-09 16:14 - 2015-05-09 16:14 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-05-09 16:14 - 2015-05-09 16:14 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-05-09 16:13 - 2015-05-09 16:13 - 00000000 ____D () C:\Program Files\AVAST Software
2015-05-09 16:12 - 2015-05-09 16:12 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-05-09 16:01 - 2015-05-09 16:10 - 05481336 _____ (Avast Software s.r.o.) C:\Users\Jamie_2\Downloads\avast_free_antivirus_setup_online_cnet.exe
2015-05-06 20:46 - 2015-05-06 20:46 - 00796072 _____ (Program ) C:\Users\Jamie_2\Downloads\adobe_flash_setup (1).exe
2015-05-06 18:01 - 2015-05-06 18:01 - 00000000 ____D () C:\ProgramData\PopCap Games
2015-05-06 17:38 - 2015-05-06 17:59 - 00000000 ____D () C:\Users\Jamie_2\AppData\Roaming\Magic Academy
2015-05-02 12:13 - 2015-05-02 12:13 - 00969584 _____ (ROBLOX Corporation) C:\Users\Jamie_2\Downloads\RobloxPlayerLauncher (1).exe
2015-04-30 10:32 - 2015-04-30 10:32 - 00003206 _____ () C:\Windows\System32\Tasks\{823E1466-B77B-428D-9F59-CCE8898088E0}
2015-04-30 10:22 - 2015-04-30 10:23 - 00262364 _____ () C:\Users\Jamie_2\Downloads\Kano - I'm Ready.mp3.part
2015-04-29 10:18 - 2015-04-29 10:18 - 00000000 ____D () C:\Users\Jamie_2\Downloads\The Best Strawberry Cake Ever- _ Oh So Shabby By Debbie_files

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-28 11:28 - 2013-12-21 04:36 - 01126351 _____ () C:\Windows\WindowsUpdate.log
2015-05-28 11:27 - 2014-07-02 10:29 - 00000000 ____D () C:\Users\Jamie_2
2015-05-28 11:27 - 2013-08-22 10:46 - 00036083 _____ () C:\Windows\setupact.log
2015-05-28 11:27 - 2013-08-22 10:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-28 11:19 - 2015-02-18 17:52 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C740ECAC-4510-47DD-9925-F4FB514ADAE3}
2015-05-28 11:09 - 2015-04-07 17:45 - 00000000 ____D () C:\Users\Jamie_2\AppData\Local\CrashDumps
2015-05-28 11:05 - 2014-03-16 12:28 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-28 11:02 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru
2015-05-28 00:19 - 2013-10-24 00:55 - 00000000 ____D () C:\ProgramData\Norton
2015-05-28 00:19 - 2013-10-24 00:39 - 00921282 _____ () C:\Windows\PFRO.log
2015-05-27 20:45 - 2015-03-03 17:34 - 00000000 ____D () C:\Users\Jamie_2\AppData\Roaming\.minecraft
2015-05-27 11:09 - 2014-08-12 04:25 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-26 23:54 - 2014-03-17 12:13 - 00000000 ____D () C:\AdwCleaner
2015-05-26 13:28 - 2014-04-18 14:21 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-05-26 12:20 - 2014-04-10 14:40 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-05-26 12:19 - 2013-08-22 09:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-05-26 12:03 - 2013-08-22 11:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-05-26 12:03 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-05-25 10:39 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-05-24 14:14 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\Offline Web Pages
2015-05-20 08:04 - 2014-08-12 03:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-20 08:04 - 2014-08-12 03:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-20 08:04 - 2014-03-17 02:30 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-19 21:59 - 2013-08-22 11:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-05-19 21:58 - 2015-04-04 11:17 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-19 21:58 - 2015-04-04 11:17 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-15 17:24 - 2013-10-24 00:46 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2015-05-15 15:38 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-14 13:01 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\rescache
2015-05-14 11:16 - 2014-07-02 10:29 - 00000000 ____D () C:\Users\Jamie_2\AppData\Local\Google
2015-05-14 11:16 - 2014-04-21 16:56 - 00000000 ____D () C:\Program Files (x86)\Google
2015-05-14 00:49 - 2013-08-22 11:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-05-14 00:49 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-05-13 12:00 - 2013-12-21 05:13 - 00000000 ____D () C:\Program Files (x86)\Amazon
2015-05-13 11:41 - 2013-08-22 09:25 - 00000194 _____ () C:\Windows\win.ini
2015-05-13 11:35 - 2013-12-21 05:17 - 00000000 ____D () C:\Program Files (x86)\Acer
2015-05-13 11:35 - 2013-12-21 05:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-05-13 11:33 - 2014-07-02 10:31 - 00000000 ____D () C:\Users\Jamie_2\AppData\Local\clear.fi
2015-05-13 11:25 - 2013-08-22 10:44 - 00381824 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-13 11:21 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2015-05-13 11:21 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-13 02:57 - 2014-03-18 13:55 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 02:39 - 2014-03-18 13:55 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 02:35 - 2014-06-30 16:22 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-13 02:31 - 2014-07-02 23:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 02:29 - 2014-07-02 23:56 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 02:29 - 2014-07-02 23:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 02:22 - 2013-08-22 15:11 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 00:58 - 2014-08-26 19:20 - 00000000 ____D () C:\Users\Jamie_2\AppData\Local\AOP SDK
2015-05-12 16:39 - 2013-10-24 01:32 - 00000000 ___HD () C:\OEM
2015-05-12 04:04 - 2014-08-26 19:26 - 00002286 _____ () C:\Users\Jamie_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-05-09 19:43 - 2013-10-24 00:47 - 00865408 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-09 16:41 - 2015-04-25 20:37 - 00000000 ____D () C:\Program Files (x86)\TrimModule
2015-05-09 08:35 - 2013-10-24 00:46 - 00000000 ____D () C:\ProgramData\WildTangent
2015-05-09 08:34 - 2013-10-24 00:46 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-05-05 13:59 - 2015-03-19 14:56 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-05 13:59 - 2015-03-19 14:56 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-05 11:00 - 2014-05-07 23:42 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2015-05-04 16:05 - 2013-08-22 11:37 - 00003223 _____ () C:\Windows\DtcInstall.log
2015-05-04 15:57 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ToastData
2015-05-04 15:57 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-04 15:57 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-04 15:57 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-05-04 15:57 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-04 15:57 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-04 15:57 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-05-04 15:57 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-04 15:57 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-04 15:57 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-05-04 15:57 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\SysWOW64\sppui
2015-05-04 15:57 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\SysWOW64\setup
2015-05-04 15:57 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\SysWOW64\Com
2015-05-04 15:57 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\MediaViewer
2015-05-04 15:57 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\FileManager
2015-05-04 15:57 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\Camera
2015-05-04 15:57 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2015-05-04 15:57 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-05-04 15:57 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform
2015-05-04 15:57 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-05-04 15:57 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2015-05-04 15:57 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\servicing
2015-05-04 15:56 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
2015-05-04 15:56 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns
2015-05-04 15:56 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sppui
2015-05-04 15:56 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\setup
2015-05-04 15:56 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\Com
2015-05-04 15:56 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\IME
2015-05-04 15:56 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-05-04 15:56 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\Sysprep
2015-05-04 15:56 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\oobe
2015-05-04 15:55 - 2013-08-22 11:36 - 00000000 ___SD () C:\Windows\system32\dsc
2015-05-04 15:55 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\SystemResetPlatform
2015-05-04 15:55 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\migwiz
2015-05-04 15:55 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\Dism
2015-05-04 15:54 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2015-05-04 15:54 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-05-04 15:54 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Multimedia Platform
2015-05-04 15:53 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\WindowsPowerShell

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-24 14:26

==================== End of log ============================


  • 0

#18
Biscuithd
Posted 28 May 2015 - 01:50 PM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

A few more things and then run Combofix. Let me know how the machine runs after and post appropriate logs.

 

FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire content of the codebox below and paste into the Notepad document:
    startSearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.c...q={searchTerms}

SearchScopes: HKU\S-1-5-21-3151930542-3110385303-2721579357-1003 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.c...q={searchTerms}

SearchScopes: HKU\S-1-5-21-3151930542-3110385303-2721579357-1003 -> {2885A96B-EBC2-47AB-AEBC-A2129EE460D9} URL =

SearchScopes: HKU\S-1-5-21-3151930542-3110385303-2721579357-1003 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.c...q={searchTerms}

EmptyTemp:



end
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

 

51a5bf3d99e8a-ComboFixlogo16.png Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!

Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.



  • Right-click on 51a5bf3d99e8a-ComboFixlogo16.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the disclaimer and agree if prompted to install Recovery Console.
  • Do not take any actions while ComboFix goes through your System - it may cause it to stall!
  • This scan may take some time!
  • When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.
icon_idea.gif If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
icon_idea.gif If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.

 


  • 0

#19
Louie C
Posted 28 May 2015 - 10:45 PM

Louie C

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Hello. I wasn't able to download Combofix because it does not support Windows 8.1. I do have the fixlist if that helps.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 25-05-2015
Ran by Jamie_2 at 2015-05-29 00:25:25 Run:4
Running from C:\Users\Jamie_2\Desktop
Loaded Profiles: Jamie_2 (Available Profiles: Jamie & Connor & Jamie_2 & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
startSearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.c...q={searchTerms}

SearchScopes: HKU\S-1-5-21-3151930542-3110385303-2721579357-1003 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.c...q={searchTerms}

SearchScopes: HKU\S-1-5-21-3151930542-3110385303-2721579357-1003 -> {2885A96B-EBC2-47AB-AEBC-A2129EE460D9} URL =

SearchScopes: HKU\S-1-5-21-3151930542-3110385303-2721579357-1003 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.c...q={searchTerms}

EmptyTemp:


*****************

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\start{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found.
HKCR\Wow6432Node\CLSID\start{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found.
HKU\S-1-5-21-3151930542-3110385303-2721579357-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully
"HKU\S-1-5-21-3151930542-3110385303-2721579357-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2885A96B-EBC2-47AB-AEBC-A2129EE460D9}" => key Removed successfully
HKCR\CLSID\{2885A96B-EBC2-47AB-AEBC-A2129EE460D9} => key not found.
"HKU\S-1-5-21-3151930542-3110385303-2721579357-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => key Removed successfully
HKCR\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found.
EmptyTemp: => Removed 289.6 MB temporary data.


The system needed a reboot.

==== End of Fixlog 00:26:02 ====


  • 0

#20
Biscuithd
Posted 01 June 2015 - 06:36 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

FRST.gif Fix with Farbar Recovery Scan Tool

 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.
 

  • Copy the entire content of the codebox below and paste into the Notepad document:

FF ProfilePath: C:\Users\Jamie_2\AppData\Roaming\Mozilla\Firefox\Profiles\figbnj9s.default

EmptyTemp:
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
 

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

 

51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.


  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;
process;
services-list;
systemspecs;
startupall;
skipfix-iedefaults;
firefoxlook;
chromelook;
filesrcm;
installedprogs;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)


Post its content into your next reply.


  • 0

#21
Louie C
Posted 02 June 2015 - 11:18 PM

Louie C

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Sorry about the delay. I thought I had posted a response to your last post, but I guess it didn't go through. Here are the logs.

 

Fixlog

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Jamie_2 at 2015-06-03 00:52:23 Run:5
Running from C:\Users\Jamie_2\Desktop
Loaded Profiles: Jamie_2 (Available Profiles: Jamie & Connor & Jamie_2 & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
FF ProfilePath: C:\Users\Jamie_2\AppData\Roaming\Mozilla\Firefox\Profiles\figbnj9s.default

EmptyTemp:
*****************

FF ProfilePath: C:\Users\Jamie_2\AppData\Roaming\Mozilla\Firefox\Profiles\figbnj9s.default => Should not be moved.
EmptyTemp: => Removed 624.4 MB temporary data.


The system needed a reboot.

==== End of Fixlog 00:52:54 ====

 

 

 

 

Zoek Results

 

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Jamie_2 on Wed 06/03/2015 at  0:59:16.30.
Microsoft Windows 8.1 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Jamie_2\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2015-06-01-130640.log    27427 bytes

==== System Restore Info ======================

6/3/2015 1:04:36 AM Zoek.exe System Restore Point Created Successfully.

==== Installed Programs ======================

abDocs  
abDocs Office AddIn  
abMedia  
abPhoto  
Acer Portal  
Acer Remote Files  
Adobe Flash Player 17 NPAPI  
Adobe Shockwave Player 12.1  
Aloha TriPeaks  
AOP Framework  
Apple Application Support (32-bit)  
Apple Application Support (64-bit)  
Apple Mobile Device Support  
Apple Software Update  
Avast Free Antivirus  
Bonjour  
Cradle Of Egypt Collector's Edition  
CyberLink PowerDVD 12  
Definition Update for Microsoft Office 2013 (KB2986209) 32-Bit Edition  
eBay Worldwide  
Game Channels  
Gateway Recovery Management  
Google Update Helper  
Governor of Poker 2 Premium Edition  
Hotkey Utility  
iCloud  
Identity Card  
Intel® Management Engine Components  
Intel® Processor Graphics  
Intel® Rapid Storage Technology  
Intelr Trusted Connect Service Client  
Itibiti RTC  
iTunes  
Java 8 Update 40  
Java Auto Updater  
Live Updater  
Luxor Evolved  
Magic Academy  
Malwarebytes Anti-Malware version 2.1.6.1022  
Microsoft Access 2013  
Microsoft Access MUI (English) 2013  
Microsoft Access Setup Metadata MUI (English) 2013  
Microsoft Office 64-bit Components 2013  
Microsoft Office OSM MUI (English) 2013  
Microsoft Office Proofing (English) 2013  
Microsoft Office Proofing Tools 2013 - English  
Microsoft Office Proofing Tools 2013 - Espa¤ol  
Microsoft Office Shared 64-bit MUI (English) 2013  
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013  
Microsoft Office Shared MUI (English) 2013  
Microsoft Office Shared Setup Metadata MUI (English) 2013  
Microsoft Silverlight  
Microsoft Visual C++ 2005 Redistributable  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161  
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219  
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219  
Microsoft Visual Studio 2005 Tools for Office Runtime  
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)  
More Games from WildTangent Games  
Mozilla Firefox 38.0.5 (x86 en-US)  
Mozilla Maintenance Service  
Nero BackItUp  
Nero BackItUp 12 Essentials OEM.a01  
Nero BackItUp Help (CHM)  
Nero ControlCenter  
Nero ControlCenter Help (CHM)  
Nero Core Components  
Nero Launcher  
Nero RescueAgent  
Nero RescueAgent Help (CHM)  
Nero Update  
Office Addin  
OpenOffice 4.0.1  
Outils de v‚rification linguistique 2013 de Microsoft Officeÿ- Fran‡ais  
Peggle Nights  
Plants vs. Zombies - Game of the Year  
Polar Bowler  
Polar Golfer  
Prerequisite installer  
Qualcomm Atheros Bluetooth Suite (64)  
Qualcomm Atheros WLAN and Bluetooth Client Installation Program  
QuickTime 7  
Realtek Card Reader  
Realtek Ethernet Controller Driver  
Realtek High Definition Audio Driver  
Run N Gun Football  
Secure Download Manager  
Security Update for Microsoft Excel 2013 (KB2986216) 32-Bit Edition  
Security Update for Microsoft Office 2013 (KB2880502) 32-Bit Edition  
Security Update for Microsoft Office 2013 (KB2975808) 32-Bit Edition  
Security Update for Skype for Business 2015 (KB3039779) 32-Bit Edition  
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition  
Sound Blaster Cinema  
Spotify  
swMSM  
The Chronicles of Emerland Solitaire  
Trinklit Supreme  
Unity Web Player  
Update for Microsoft Access 2013 (KB2965276) 32-Bit Edition  
Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition  
Update for Microsoft Office 2013 (KB2768012) 32-Bit Edition  
Update for Microsoft Office 2013 (KB2837654) 32-Bit Edition  
Update for Microsoft Office 2013 (KB2880487) 32-Bit Edition  
Update for Microsoft Office 2013 (KB2881001) 32-Bit Edition  
Update for Microsoft Office 2013 (KB2881017) 32-Bit Edition  
Update for Microsoft Office 2013 (KB2883036) 32-Bit Edition  
Update for Microsoft Office 2013 (KB2899522) 32-Bit Edition  
Update for Microsoft Office 2013 (KB2956152) 32-Bit Edition  
Update for Microsoft Office 2013 (KB2956164) 32-Bit Edition  
Update for Microsoft Office 2013 (KB2965253) 32-Bit Edition  
Update for Microsoft Office 2013 (KB2965259) 32-Bit Edition  
Update for Microsoft Office 2013 (KB2965269) 32-Bit Edition  
Update for Microsoft Office 2013 (KB2965277) 32-Bit Edition  
Update for Microsoft Office 2013 (KB2975869) 32-Bit Edition  
Update for Microsoft Office 2013 (KB2986156) 32-Bit Edition  
Update for Microsoft Office 2013 (KB2986171) 32-Bit Edition  
Update for Microsoft OneDrive for Business (KB2986244) 32-Bit Edition  
Update for Microsoft OneNote 2013 (KB2975901) 32-Bit Edition  
Update for Microsoft Outlook 2013 (KB3039799) 32-Bit Edition  
Update for Microsoft Project 2013 (KB2986246) 32-Bit Edition  
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition  
Update Installer for WildTangent Games App  
VirtualDJ 8  
Visual Studio 2005 Tools for Office Second Edition Runtime  
Visual Studio Tools for the Office system 3.0 Runtime  
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)  
WinRAR 5.01 (32-bit)  

==== Running Processes ======================

C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Users\Jamie_2\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Services(whitelist) ======================
Powered by E Dev

R2 - [Apple Mobile Device Service] - Apple Mobile Device Service - c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe
R2 - [AtherosSvc] - AtherosSvc - c:\program files (x86)\qualcomm atheros\bluetooth suite\adminservice.exe
R2 - [Bonjour Service] - Bonjour Service - c:\program files\bonjour\mdnsresponder.exe
R2 - [CCDMonitorService] - CCDMonitorService - c:\program files (x86)\acer\aop framework\ccdmonitorservice.exe
R2 - [GamesAppIntegrationService] - GamesAppIntegrationService - c:\program files (x86)\wildtangent games\app\gamesappintegrationservice.exe
R2 - [IAStorDataMgrSvc] - Intel® Rapid Storage Technology - c:\program files\intel\intel® rapid storage technology\iastordatamgrsvc.exe
R2 - [Intel® Capability Licensing Service Interface] - Intel® Capability Licensing Service Interface - c:\program files\intel\icls client\heciserver.exe
R2 - [jhi_service] - Intel® Dynamic Application Loader Host Interface Service - c:\program files (x86)\intel\intel® management engine components\dal\jhi_service.exe
R2 - [LMS] - Intel® Management and Security Application Local Management Service - c:\program files (x86)\intel\intel® management engine components\lms\lms.exe
R2 - [NAUpdate] - Nero Update - c:\program files (x86)\nero\update\nasvc.exe
R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
R3 - [ICCS] - Intel® Integrated Clock Controller Service - Intel® ICCS - c:\program files (x86)\intel\intel® integrated clock controller service\iccproxy.exe
R3 - [iPod Service] - iPod Service - c:\program files\ipod\bin\ipodservice.exe
R3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
S2 - [MBAMService] - MBAMService - c:\program files (x86)\malwarebytes anti-malware\mbamservice.exe
S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [cphs] - Intel® Content Protection HECI Service - c:\windows\syswow64\intelcphecisvc.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
S3 - [GamesAppService] - GamesAppService - c:\program files (x86)\wildtangent games\app\gamesappservice.exe
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
S3 - [Intel® Capability Licensing Service TCP IP Interface] - Intel® Capability Licensing Service TCP IP Interface - c:\program files\intel\icls client\socketheciserver.exe
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe
S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [ose] - Office  Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe
S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
S3 - [WdNisSvc] - Windows Defender Network Inspection Service - c:\program files\windows defender\nissrv.exe
S3 - [WinDefend] - Windows Defender Service - c:\program files\windows defender\msmpeng.exe
S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
S3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe

==== System Specs ======================

Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 3974 MB
CPU Info: Intel® Celeron® CPU 1017U @ 1.60GHz
CPU Speed: 1624.8 MHz
Sound Card: Speakers (Realtek High Definiti |
Display Adapters: Intel® HD Graphics
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1600 X 900 - 32 bit
Network: Network Present
Network Adapters: Bluetooth Device (Personal Area Network) | Microsoft Wi-Fi Direct Virtual Adapter | Qualcomm Atheros AR956x Wireless Network Adapter | Realtek PCIe GBE Family Controller
CD / DVD Drives: 1x (D: | ) D: MATSHITADVD-RAM UJ8E2Q
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 8 Button Wheel Mouse Present
Hard Disks: C:  449.2GB
Hard Disks - Free: C:  385.5GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE |  | ACRSYS - 1072009
Time Zone: Eastern Standard Time
Motherboard *: Gateway ZX4665G
Country: United States
Language: ENU

==== System Specs (Software) ======================

Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)
Anti-Spyware: avast! Antivirus disabled (Outdated)
Default Browser: Firefox    38.0.5
Internet Explorer Version: 11.0.9600.17801
Mozilla Firefox version: 38.0.5 (x86 en-US)
Sun Java version: 1.8.0_40 (32-bit)
Sun Java version: 1.8.0_40 (64-bit)
Flash Player version: 17.0.0.169
Shockwave Player version: 12.1.1r151

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2015-06-03 03:57:11    0A34066D56D57C0DA73BFFC1E4169FF2    85    ----a-w-    C:\Windows\wininit.ini
2015-05-26 16:35:10    CA2A8AF1DBAD0F31F9B33A2827DFBC16    207    ----a-w-    C:\Windows\tweaking.com-regbackup-PC-Windows-8.1-(64-bit).dat
2015-05-09 20:14:32    2169B4B1EFAA3453A4DA732F1F94C1E1    43112    ----a-w-    C:\Windows\avastSS.scr
====== C:\Users\Jamie_2\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2015-05-12 20:14:36    95B0179BDA907252025DEEA183699FB3    467776    -c--a-w-    C:\Windows\Sysnative\drivers\USBHUB3.SYS
2015-05-12 20:14:36    272A62B660A48AEF366F8A1836CED19F    57856    -c--a-w-    C:\Windows\Sysnative\drivers\bthhfenum.sys
2015-05-12 20:12:30    FE14D249D39368CA62D8DA6BC94AC694    80384    ----a-w-    C:\Windows\Sysnative\drivers\ahcache.sys
2015-05-12 20:05:19    C61EAF8E1E4B2F62BA4FDF457440B2C6    316416    ----a-w-    C:\Windows\Sysnative\drivers\udfs.sys
2015-05-12 20:05:12    5E5AB950693F2C6D6ACBEE3A74697ED7    561928    ----a-w-    C:\Windows\Sysnative\drivers\cng.sys
2015-05-12 20:05:10    C54B6B2170BF628FD42F799A66956D75    239424    -c--a-w-    C:\Windows\Sysnative\drivers\sdbus.sys
2015-05-12 20:05:10    95E295FD19F80B3AD33629B5AEFEC9C7    154432    -c--a-w-    C:\Windows\Sysnative\drivers\dumpsd.sys
2015-05-09 20:14:52    6E53278ECCFFBC2ACC2A5006745ED4BB    137288    ----a-w-    C:\Windows\Sysnative\drivers\aswStm.sys
2015-05-09 20:14:51    B1368BE5F6BA529E0886F4DA2361BD2D    442264    ----a-w-    C:\Windows\Sysnative\drivers\aswSP.sys
2015-05-09 20:14:51    91782404718C6352C26B3242BAC3F0F1    272248    ----a-w-    C:\Windows\Sysnative\drivers\aswVmm.sys
2015-05-09 20:14:51    07E32DFCA422A2920482D762D01957EC    65736    ----a-w-    C:\Windows\Sysnative\drivers\aswRvrt.sys
2015-05-09 20:14:50    300CB8E510855189CAD0B72FFB5590CB    89944    ----a-w-    C:\Windows\Sysnative\drivers\aswMonFlt.sys
2015-05-09 20:14:49    B5B4C90E9F52DA8586F1E5461AD90A5D    29168    ----a-w-    C:\Windows\Sysnative\drivers\aswHwid.sys
2015-05-09 20:14:49    6D37D8DB30D086739507C5F6E542656A    93528    ----a-w-    C:\Windows\Sysnative\drivers\aswRdr2.sys
2015-05-09 20:14:47    3B4AC2DBFC86F7247C1FF1FAF2860530    1047320    ----a-w-    C:\Windows\Sysnative\drivers\aswSnx.sys
====== C:\Windows\Tasks ======
2015-06-02 16:29:41    --------    d-----w-    C:\Windows\Sysnative\Tasks\Safer-Networking
2015-05-27 15:11:49    123DA921E397A7E25373857338781F2B    3598    ----a-w-    C:\Windows\Sysnative\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3151930542-3110385303-2721579357-1003
2015-05-13 04:58:53    6B09FDCDD867B468D6D2D1F038B27F0F    3334    ----a-w-    C:\Windows\Sysnative\Tasks\AcerCloud
2015-05-09 20:15:14    D4B196E492916E897B3808C785E49BE2    4182    ----a-w-    C:\Windows\Sysnative\Tasks\avast! Emergency Update
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2015-05-19 03:51:45    --------    d-----w-    C:\PROGRA~2\Mozilla Maintenance Service
======= C: =====
====== C:\Users\Jamie_2\AppData\Roaming ======
2015-06-02 16:32:34    --------    d-----w-    C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Programs
2015-06-02 08:26:48    --------    d-----w-    C:\Users\Jamie_2\AppData\Local\GWX
2015-05-25 02:54:02    --------    d-----w-    C:\Users\Jamie_2\AppData\Local\Diagnostics
2015-05-22 21:01:27    --------    d-----w-    C:\Users\Jamie_2\AppData\Locallow\Adobe
2015-05-14 06:47:40    --------    d-----w-    C:\Users\Jamie_2\AppData\Roaming\OpenOffice
2015-05-13 16:56:00    --------    d-----w-    C:\Users\Jamie_2\AppData\Local\ElevatedDiagnostics
2015-05-09 20:29:26    --------    d-----w-    C:\Users\Jamie_2\AppData\Roaming\Dropbox
2015-05-06 21:38:02    --------    d-----w-    C:\Users\Jamie_2\AppData\Roaming\Magic Academy
2015-05-04 20:05:32    --------    d-----w-    C:\Users\Jamie_2\AppData\Roaming\Identities
====== C:\Users\Jamie_2 ======
2015-06-03 04:52:01    724E29F3D1925E871424841A82A71207    2108928    ----a-w-    C:\Users\Jamie_2\Desktop\FRST64.exe
2015-05-26 17:09:53    5B73E70C3FD8EBFC6F284001C615749C    2223104    ----a-w-    C:\Users\Jamie_2\Downloads\AdwCleaner.exe
2015-05-26 17:08:02    50EAD703054DE1EE868955773C63634F    2946703    ----a-w-    C:\Users\Jamie_2\Downloads\JRT(1).exe
2015-05-26 16:34:47    50EAD703054DE1EE868955773C63634F    2946703    ----a-w-    C:\Users\Jamie_2\Downloads\JRT.exe
2015-05-20 14:38:22    5475C526E9B48B6BA8D8AE580701BDBB    1124544    ----a-w-    C:\Users\Jamie_2\Desktop\flashplayer17au_ga_install.exe
2015-05-12 17:36:54    --------    d-----w-    C:\ProgramData\a44ab4100001cfa
2015-05-12 17:32:56    --------    d-----w-    C:\ProgramData\COMODO
2015-05-06 22:01:29    --------    d-----w-    C:\ProgramData\PopCap Games

====== C: exe-files ==
2015-05-31 20:28:49    5536397713AAF37832E013B5C83DB48C    39063672    ----a-w-    C:\Program Files (x86)\VirtualDJ\virtualdj8.exe
=== C: other files ==

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-3151930542-3110385303-2721579357-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"AcerPortal"="C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sound Blaster Cinema"="C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe /r"
"UpdReg"="C:\Windows\UpdReg.EXE"
"BacKGround Agent"="C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
"abDocsDllLoader"="C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AcerPortal"="C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe startup"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"="C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MBCfg64"="C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"IAStorIcon"="C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe 60"
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"="C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [04/14/2015 01:05 PM]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\AcerCloud" [C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe]
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\ALU" [C:\Program Files (x86)\Gateway\Live Updater\updater.exe]
"C:\Windows\SysNative\tasks\ALUAgent" [C:\Program Files (x86)\Gateway\Live Updater\liveupdater_agent.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\Hotkey Utility" ["C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe"]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{023B8FB3-A0BF-4F7C-98CB-6CCEF7AEF655}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{C740ECAC-4510-47DD-9925-F4FB514ADAE3}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\Recovery Management\Notification" [C:\Program Files\Gateway\Gateway Recovery Management\Notification\Notification.exe]

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Connor\AppData\Roaming\Mozilla\Firefox\Profiles\jfbl7a0a.default
user_pref("browser.search.defaultenginename", "Google");

ProfilePath: C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\sazu858k.default
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");

ProfilePath: C:\Users\Jamie_2\AppData\Roaming\Mozilla\Firefox\Profiles\figbnj9s.default
user_pref("browser.search.defaultenginename.US", "Google (avast)");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [05/09/2015 04:14 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Connor\AppData\Roaming\Mozilla\Firefox\Profiles\jfbl7a0a.default
- Undetermined - %ProfilePath%\extensions\staged

ProfilePath: C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\sazu858k.default
- Website Discovery Pro - %ProfilePath%\extensions\[email protected]
- Undetermined - %ProfilePath%\extensions\staged
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

ProfilePath: C:\Users\Jamie_2\AppData\Roaming\Mozilla\Firefox\Profiles\figbnj9s.default
- Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
- 123647d5da434344bfe2fc093bdf8f5e - %ProfilePath%\extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e}
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Jamie_2\AppData\Roaming\Mozilla\Firefox\Profiles\figbnj9s.default
E37EAD09D28AE19D8A39B6A95F47513A    - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll -    Shockwave for Director / Shockwave for Director
9AE02005247DA91AB1743F5208DBEF76    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll -    Shockwave Flash
F0F5F4BF2305E593E438C76DA61C8A9F    - C:\Users\Jamie_2\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll -    Unity Player


==== Chromium Look ======================


Google Docs - Connor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Connor\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Connor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Connor\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Norton Identity Protection - Connor\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Google Wallet - Connor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Connor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Docs - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Norton Identity Protection - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Google Wallet - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Docs - Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Norton Security Toolbar - Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Google Wallet - Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Old Start Page"="http://www.google.com"
"Start Page"="https://www.google.c...trackid=sp-006"
"Search Page"="https://www.google.c...={searchTerms}"
"Search Bar"="https://www.google.c...trackid=sp-006"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
"Start Page"="https://www.google.c...trackid=sp-006"
"Search Page"="https://www.google.c...={searchTerms}"
"Search Bar"="https://www.google.c...trackid=sp-006"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
"Start Page"="https://www.google.c...trackid=sp-006"
"Search Page"="https://www.google.c...={searchTerms}"
"Search Bar"="https://www.google.c...trackid=sp-006"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/...ox&FORM=IE8SRC"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on Wed 06/03/2015 at  1:11:44.62 ======================
 

 

 


  • 0

#22
Biscuithd
Posted 03 June 2015 - 07:49 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

51a612a8b27e2-Zoek.png Scan with ZOEK

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
     
createsrpoint;
Itibiti RTC ;u
chrdefaults;
iedefaults'
FFdefaults;
fakechrprofiles;delete
shortcutfix;
autoclean;
resethosts;
emptyalltemp;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

 

Next,

 

I still see remnants of Norton in there . Most of the uninstall utilities for AVs are notorious for leaving bits behind.

This tool should help your remove it:

Download AppRemover and run it.

Click Next >>
appremover1.jpg

Ensure Remove Security Application is collected and click Next >>
appremover2.jpg

AppRemover will scan all the security applications on your PC
appremover3.jpg

Select Any <<Avira>> entries from the applications offered and click Next >> twice.
appremover4.jpg

Follow any further on-screen instructions. If asked to reboot, please do so.

 

Please download Rkill by Grinler and save it to your desktop.

  • Link 1
  • Link 2
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.
  • When the scan is done Notepad will open with rKill log. Please copy and past that in your reply.

Do not reboot your machine. We may need to run tools again before a restart.

  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
  • Enable free trial of Malwarebytes Anti-Malware Premium
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.

 

Posting the Malwarebytes log.

 

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.

 


  • 0

#23
Louie C
Posted 04 June 2015 - 12:23 AM

Louie C

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

I ran AppRemover, and the only things it found were MBAM, and Avast. :headscratch:

 

Zoek:

 

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Jamie_2 on Wed 06/03/2015 at 11:18:56.00.
Microsoft Windows 8.1 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Jamie_2\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2015-06-01-130640.log    27427 bytes
C:\zoek-results2015-06-03-051144.log    27650 bytes

==== System Restore Info ======================

6/3/2015 11:22:58 AM Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright © 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host
 
127.0.0.1       localhost

==== Empty Folders Check ======================

C:\PROGRA~2\Lavasoft deleted successfully
C:\PROGRA~2\TrimModule deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\Users\Guest\AppData\Roaming\Apple Computer deleted successfully
C:\Users\Jamie\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\Guest\AppData\Local\VirtualStore deleted successfully
C:\Users\Jamie\AppData\Local\Plarium deleted successfully
C:\Users\Jamie\AppData\Local\VirtualStore deleted successfully
C:\Users\Jamie_2\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3151930542-3110385303-2721579357-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0FA702F6-FA57-42F5-8ECD-E67EE8A7DD76} deleted successfully
HKEY_USERS\S-1-5-21-3151930542-3110385303-2721579357-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44C83050-F122-44FA-A456-B19F87102581} deleted successfully
HKEY_USERS\S-1-5-21-3151930542-3110385303-2721579357-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{489EE33B-3117-49D0-9F84-67A37D58F892} deleted successfully
HKEY_USERS\S-1-5-21-3151930542-3110385303-2721579357-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{563A3A04-D7A7-4781-ABF4-F4ED1D31BD0B} deleted successfully
HKEY_USERS\S-1-5-21-3151930542-3110385303-2721579357-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56560F40-C17E-4038-A3BC-1DE5B6486E1A} deleted successfully
HKEY_USERS\S-1-5-21-3151930542-3110385303-2721579357-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{94B66FD7-ECB2-43B0-8271-16540750D33E} deleted successfully
HKEY_USERS\S-1-5-21-3151930542-3110385303-2721579357-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B8CCB15F-6FAE-4652-9C89-87B1546A2E53} deleted successfully
HKEY_USERS\S-1-5-21-3151930542-3110385303-2721579357-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E1DBA532-A33E-44B3-8375-7C8185A038C5} deleted successfully
HKEY_USERS\S-1-5-21-3151930542-3110385303-2721579357-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEB621AC-C1DD-44AA-B06A-9ECEE5135D76} deleted successfully
HKEY_USERS\S-1-5-21-3151930542-3110385303-2721579357-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F44FD539-0A44-4F2C-97DE-E431EF4176D2} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Connor\AppData\Roaming\Mozilla\Firefox\Profiles\jfbl7a0a.default\prefs.js:
user_pref("browser.search.defaultenginename", "Google");

Added to C:\Users\Connor\AppData\Roaming\Mozilla\Firefox\Profiles\jfbl7a0a.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\sazu858k.default\prefs.js:
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.useDBForOrder", "false");

Added to C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\sazu858k.default\prefs.js:

Deleted from C:\Users\Jamie_2\AppData\Roaming\Mozilla\Firefox\Profiles\figbnj9s.default\prefs.js:
user_pref("browser.search.defaultenginename.US", "Google (avast)");

Added to C:\Users\Jamie_2\AppData\Roaming\Mozilla\Firefox\Profiles\figbnj9s.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Connor\AppData\Roaming\Mozilla\Firefox\Profiles\jfbl7a0a.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_20150603_1156_.backup

ProfilePath: C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\sazu858k.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_20150603_1156_.backup

ProfilePath: C:\Users\Jamie_2\AppData\Roaming\Mozilla\Firefox\Profiles\figbnj9s.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_20150603_1156_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Lavasoft not found
C:\PROGRA~2\TrimModule not found
C:\Users\Public\Pokki deleted
C:\Users\Jamie\AppData\Roaming\WB.CFG deleted
C:\Users\Default\AppData\Local\Pokki deleted
C:\Users\Guest\AppData\Local\adawarebp deleted
C:\Users\Jamie\AppData\Local\nsf2CAB.tmp deleted
C:\Users\Jamie\AppData\Local\adawarebp deleted
C:\Users\Jamie_2\Downloads\avast_free_antivirus_setup_online_cnet.exe deleted
C:\Windows\wininit.ini deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\Users\Connor\AppData\Roaming\Mozilla\Firefox\Profiles\jfbl7a0a.default\extensions\staged deleted
C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\sazu858k.default\extensions\staged deleted
C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\sazu858k.default\extensions\[email protected] deleted
"C:\Windows\Installer\bb382.msi" deleted
"C:\Windows\Installer\3ea69eae.msi" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Connor\AppData\Roaming\Mozilla\Firefox\Profiles\jfbl7a0a.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Jamie_2\AppData\Roaming\Mozilla\Firefox\Profiles\figbnj9s.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [05/09/2015 04:14 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\sazu858k.default
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

ProfilePath: C:\Users\Jamie_2\AppData\Roaming\Mozilla\Firefox\Profiles\figbnj9s.default
- Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
- 123647d5da434344bfe2fc093bdf8f5e - %ProfilePath%\extensions\{123647d5-da43-4344-bfe2-fc093bdf8f5e}
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Jamie_2\AppData\Roaming\Mozilla\Firefox\Profiles\figbnj9s.default
E37EAD09D28AE19D8A39B6A95F47513A    - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll -    Shockwave for Director / Shockwave for Director
9AE02005247DA91AB1743F5208DBEF76    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll -    Shockwave Flash
F0F5F4BF2305E593E438C76DA61C8A9F    - C:\Users\Jamie_2\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll -    Unity Player


==== Chromium Look ======================


Norton Identity Protection - Connor\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Norton Identity Protection - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Google Voice Search Hotword (Beta) - Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Norton Security Toolbar - Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk

==== Chromium Fix ======================

C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully
C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.kusham00.kusham.net_0.localstorage deleted successfully
C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.kusham00.kusham.net_0.localstorage-journal deleted successfully
C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage deleted successfully
C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Old Start Page"="http://www.google.com"
"Start Page"="https://www.google.c...trackid=sp-006"
"Search Page"="https://www.google.c...={searchTerms}"
"Search Bar"="https://www.google.c...trackid=sp-006"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
"Start Page"="https://www.google.c...trackid=sp-006"
"Search Page"="https://www.google.c...={searchTerms}"
"Search Bar"="https://www.google.c...trackid=sp-006"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
"Start Page"="https://www.google.c...trackid=sp-006"
"Search Page"="https://www.google.c...={searchTerms}"
"Search Bar"="https://www.google.c...trackid=sp-006"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft..../?LinkId=54896"
"Search Bar"="http://go.microsoft..../?LinkId=54896"
"Old Start Page"="https://www.google.c...trackid=sp-006"
"Start Page"="https://www.google.c...trackid=sp-006"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft..../?LinkId=54896"
"Search Bar"="http://go.microsoft..../?LinkId=54896"
"Default_Page_URL"="http://go.microsoft..../?LinkId=69157"
"Start Page"="http://go.microsoft..../?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft..../?LinkId=54896"
"Search Bar"="http://go.microsoft..../?LinkId=54896"
"Default_Page_URL"="http://go.microsoft..../?LinkId=69157"
"Start Page"="http://go.microsoft..../?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.co...={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/...ox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Preferences.bak was reset successfully
C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Preferences.copy was reset successfully
C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences.copy was reset successfully
C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Jamie\Desktop\125px-Flag_of_Delaware.svg.png - Shortcut.lnk - C:\Users\Jamie_2\Downloads\Chapter 10\125px-Flag_of_Delaware.svg.png
C:\Users\Jamie\Desktop\Shortcut to SecureDownloadManager.exe.lnk - C:\Users\Jamie\AppData\Roaming\Microsoft\Installer\{E040B65B-8683-4228-8C33-D44A141E40EA}\_80D807FC3A72E5B428F1ED.exe
C:\Users\Jamie_2\Desktop\FRST64(2) - Shortcut.lnk - C:\Users\Jamie_2\Downloads\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion\FRST64(1).exe
C:\Users\Jamie_2\Desktop\VirtualDJ 8.lnk - C:\Program Files (x86)\VirtualDJ\virtualdj8.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\abDocs.lnk - C:\Program Files (x86)\Acer\abDocs\abDocs.exe
C:\Users\Public\Desktop\abMedia.lnk - C:\Program Files (x86)\Acer\abMedia\abMedia.exe
C:\Users\Public\Desktop\abPhoto.lnk - C:\Program Files (x86)\Acer\abPhoto\abPhoto.exe
C:\Users\Public\Desktop\Acer Portal.lnk - C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
C:\Users\Public\Desktop\Acer Remote Files.lnk - C:\Program Files (x86)\Acer\Remote Files\RemoteFilesService.exe --open-shell --check-update
C:\Users\Public\Desktop\Avast Free Antivirus.lnk - C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Public\Desktop\Buy Online.lnk - C:\Program Files (x86)\Accessory Store\StartUrl.exe http://go.gateway.co...6&model=ZX4665G
C:\Users\Public\Desktop\CyberLink PowerDVD 12.lnk - C:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLP.exe
C:\Users\Public\Desktop\Help and Support.lnk -  
C:\Users\Public\Desktop\Intel® HD Graphics Control Panel.lnk - C:\Windows\system32\GfxUIEx.exe Desktop
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk - C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
C:\Users\Public\Desktop\QuickTime Player.lnk - C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe
C:\Users\Public\Desktop\WildTangent Games App - acer.lnk - C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe /src desktop /dp acerdt

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\abDocs.lnk - C:\Program Files (x86)\Acer\abDocs\abDocs.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\abMedia.lnk - C:\Program Files (x86)\Acer\abMedia\abMedia.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\abPhoto.lnk - C:\Program Files (x86)\Acer\abPhoto\abPhoto.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Acer Portal.lnk - C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software\Avast Free Antivirus.lnk - C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Polar Bowler.lnk - C:\Program Files (x86)\WildTangent Games\Games\PolarBowler(CLASSIC)\Polar-WT.exe /launchgc /src gamesmenu
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Polar Golfer.lnk - C:\Program Files (x86)\WildTangent Games\Games\PolarGolfer\golf-WT.exe /launchgc /src gamesmenu
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Run N Gun Football.lnk - C:\Program Files (x86)\WildTangent Games\Games\RunNGunFootball\WTGame-WT.exe /launchgc /src gamesmenu
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Calendar.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe calendar
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Contacts.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe contacts
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Find My iPhone.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe find
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\iCloud Photos.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\ShellStreamsShortcut.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\iCloud.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Mail.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe mail
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Notes.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe notes
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Reminders.lnk - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe reminders
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\About iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.Resources\en.lproj\About iTunes.rtf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_40\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre1.8.0_40\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_40\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware Notifications.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Access 2013.lnk - C:\Windows\Installer\{91150000-0015-0000-0000-0000000FF1CE}\accicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\Silverlight.Configuration.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\About QuickTime.lnk - C:\Windows\Installer\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}\RichText.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime Player.lnk - C:\Windows\Installer\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}\QTPlayer.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Uninstall QuickTime.lnk - C:\Windows\SysWOW64\msiexec.exe /i {3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E} /qf

==== shortcuts in Quick Launch ======================

C:\Users\Connor\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Connor\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Connor\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Connor\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Connor\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Acer Media.lnk - C:\Program Files (x86)\Acer\Acer Media\AcerMedia.exe
C:\Users\Connor\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Acer Photo.lnk - C:\Program Files (x86)\Acer\Acer Photo\AcerPhoto.exe
C:\Users\Connor\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Amazon.lnk - C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonTaskbarApp.exe
C:\Users\Connor\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -  
C:\Users\Connor\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Connor\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Connor\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Acer Media.lnk - C:\Program Files (x86)\Acer\Acer Media\AcerMedia.exe
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Acer Photo.lnk - C:\Program Files (x86)\Acer\Acer Photo\AcerPhoto.exe
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Amazon.lnk - C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonTaskbarApp.exe
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -  
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gateway Games.lnk - C:\Users\Jamie_2\AppData\Local\Pokki\Engine\pokki.exe  /OPEN9a4324f00d4f0f3e5795bc8a599c0551ac01936f
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Jamie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --remote-debugging-port=9223
C:\Users\Jamie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Jamie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Jamie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Jamie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -  
C:\Users\Jamie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --remote-debugging-port=9223
C:\Users\Jamie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Jamie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Jamie_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Jamie_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Jamie_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Jamie_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Amazon.lnk - C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonTaskbarApp.exe
C:\Users\Jamie_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -  
C:\Users\Jamie_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Jamie_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==== shortcuts After Repair ======================

C:\Users\Public\Desktop\Buy Online.lnk - C:\Program Files (x86)\Accessory Store\StartUrl.exe
C:\Users\Jamie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Jamie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\203E62EEA6789D84098513925E9B9999 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE26E302-876A-48D9-9058-3129E5B99999} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\203E62EEA6789D84098513925E9B9999 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4 deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jamie_2\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Jamie_2\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Connor\AppData\Local\Mozilla\Firefox\Profiles\jfbl7a0a.default\Cache will be emptied at reboot
C:\Users\Jamie\AppData\Local\Mozilla\Firefox\Profiles\sazu858k.default\cache2 emptied successfully
C:\Users\Jamie_2\AppData\Local\Mozilla\Firefox\Profiles\figbnj9s.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1510 folders=110 283036054 bytes)

==== Empty Temp Folders ======================

C:\Users\Connor\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Guest\AppData\Local\Temp emptied successfully
C:\Users\Jamie\AppData\Local\Temp emptied successfully
C:\Users\Jamie_2\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Jamie_2\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Wed 06/03/2015 at 12:12:56.13 ======================
 

 

 

Rkill:

 

Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingc...opic308364.html

Program started at: 06/03/2015 12:21:08 PM in x64 mode.
Windows Version: Windows 8.1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Users\Jamie_2\AppData\Local\Temp\RarSFX0\appRemoverCore.exe (PID: 2892) [T-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

   
  127.0.0.1       localhost

Program finished at: 06/03/2015 12:22:20 PM
Execution time: 0 hours(s), 1 minute(s), and 12 seconds(s)
 

 

MBAM:

 

Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 6/3/2015 12:24:49 PM, SYSTEM, PC, Manual, Rootkit Database, 2015.5.31.1, 2015.6.2.1,
Update, 6/3/2015 12:24:54 PM, SYSTEM, PC, Manual, Malware Database, 2015.6.2.1, 2015.6.3.4,
Scan, 6/3/2015 1:12:34 PM, SYSTEM, PC, Manual, Start:6/3/2015 12:25:07 PM, Duration:47 min 26 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,

(end)

 

 

 

 

 

 


  • 0

#24
Biscuithd
Posted 04 June 2015 - 05:43 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

How is the machine working now? Any improvement?


  • 0

#25
Louie C
Posted 04 June 2015 - 09:37 AM

Louie C

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

I'm still getting the ads and redirects. Every now and then MBAM picks up something from PC Optimizer, but I can't find anything in the control panel that may be associated with it. Also, the ads that keep popping up, or the new tabs that open say "powered by Portal." I can't find anything related to Portal either.

 

 

Edit: I did some looking around on Google about Portal, and found out that I had an extension on Firefox that I had no idea I had. It didn't even have a title, just some randomly generated letters and numbers. I removed that, and the ads seem to be gone. I hope that isn't false hope.


Edited by Louie C, 04 June 2015 - 09:59 AM.

  • 0

Advertisements

#26
Biscuithd
Posted 04 June 2015 - 11:49 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

That sounds like good news! Use the machine for a little bit and let me know. :)


  • 0

#27
Louie C
Posted 04 June 2015 - 10:00 PM

Louie C

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Just got home from work a while ago, but after surfing for a little bit, everything seems fine. Thank you so much for your help :thumbsup: I really would like to pay it forward and return to Geek U and finish what I started, but my schedule is too full now. Someday though. Cheers mate!


  • 0

#28
Biscuithd
Posted 08 June 2015 - 07:11 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

I'm glad to hear that the issue is resolved.

 

I'll keep the topic open for a few days in case you need me or a question occurs to you.

 

OK, let's remove my tools and hopefully that goes without incident.

 

51a5ce45263de-delfix.png Clean with DelFix
 
Please download DelFix by Xplode and save it to your desktop.
 
  • Right-click on 51a5ce45263de-delfix.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Ensure that Remove disinfection tools, Purge system restore and Reset system settings are checked.
  • Push Run.
  • When finished, it will display a notepad report.
 
Include it for my review.

 

Preventing Re-Infection

An ounce of prevention is better than a pound of cure, so, I have listed some tips for you to stay safe on the internet in the future.

WARNING!: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java. Have a look at this article.

I would recommend that you completely uninstall Java unless you need it to run an important software. In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you still want to keep Java

  • Click the Start button
  • Click Control Panel
  • Double Click Java - Looks like a coffee cup. You may have to switch to Classical View on the upper left of the Control Panel to see it.
  • Click the Update tab
  • Click Update Now
  • Allow any updates to be downloaded and installed
  • Warning!: Make sure to uncheck Optional offer box when downloading Java or you will install an adware on your computer.

Adobe products have to always be updated, because they also are being used to infect your computer.

  • If you want to update Adobe Flash Player, visit this site.
  • If you want to update Adobe Reader, visit this site.
  • Warning!: Make sure to uncheck Optional offer box when downloading Adobe products or you will install an adware on your computer.

Turning on Automatic Updates is a crucial security measure. Keeping them out-of-date is like begging to get your system infected.

  • Click Start > Control Panel > System and Security > Windows Update
  • Under Windows Update click Turn automatic updating on or off
  • Make sure that your settings are set so that you will receive updates automatically and click OK.

FileHippo is one of programs that can check for out-of-date programs on your computer. You can get it here

Recommendations for security programs

  • Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is totally free but for real-time protection you will have to pay a small one-time fee.
  • WinPatrol as a robust security monitor, will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes a snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

For some good tips about how to prevent infection in the future, visit this site.


  • 0

#29
Biscuithd
Posted 15 June 2015 - 06:03 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP