Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Suspicious Network Activity (Can't remove)

This is a discussion on Suspicious Network Activity (Can't remove) within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. Hi, I just recently noticed a lot of chrome.exe network activity in my resource monitor and it's bogging down my


Closed Thread
 
Thread Tools Search this Thread
Old 04-20-2016, 11:29 AM   #1
Registered Member
 
Join Date: Apr 2016
Posts: 12
OS: Windows 7 SP 1



Hi, I just recently noticed a lot of chrome.exe network activity in my resource monitor and it's bogging down my network. I have many MANY chrome.exe "images" associated with addresses like deploy.static.akamaitechnologies.com and amazonaws.com. Also I will see random activity appear under facebook and linkedin when I am not visiting those sites, as well as other random addresses I don't recognize. and they will even show up in my anti-malware program images (in network activity). I have tried installing firefox and they followed me there too. I have tried running anti-malwarebytes, Zone Alarm Pro, Avast anti virus. I have also tried putting manual exclusions in inbound and outbound ports in windows firewall but that didn't work either. I am at a loss for what to do. Please help...

Here is my DDS.txt (attached is attach.txt):

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.17609 BrowserJavaVersion: 11.71.2
Run by Mike at 13:13:22 on 2016-04-20
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8094.5776 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Pro Firewall *Disabled* {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\system32\taskeng.exe
C:\Windows\DAODx.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Users\Mike\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\perfmon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
mStart Page = about:blank
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll
uRun: [Octoshape Streaming Services] "C:\Users\Mike\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
dRun: [ZoneAlarm Windows 10 Upgrader] "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STEELS~1.LNK - C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
uPolicies-Explorer: NoViewOnDrive = dword:0
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: DisableLocalMachineRun = dword:0
uPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
uPolicies-Explorer: DisableCurrentUserRun = dword:0
uPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoFile = dword:0
uPolicies-Explorer: HideClock = dword:0
uPolicies-Explorer: NoDevMgrUpdate = dword:0
uPolicies-Explorer: NoDFSTab = dword:0
uPolicies-Explorer: NoWindowsUpdate = dword:0
uPolicies-Explorer: NoEncryptOnMove = dword:0
uPolicies-Explorer: NoRunasInstallPrompt = dword:0
uPolicies-Explorer: NoResolveTrack = dword:0
uPolicies-Explorer: NoStartMenuSubFolders = dword:0
uPolicies-System: NoDispAppearancePage = dword:0
uPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{D092CF56-193B-4BE6-B809-83560844BF47} : DHCPNameServer = 75.75.76.76 75.75.75.75
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\hrr0vgk3.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Mike\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - plugin: C:\Users\Mike\AppData\Roaming\raidcall\plugins\nprcplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-9-14 82560]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-9-14 42624]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2016-1-8 1433216]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2016-1-8 1773696]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2016-4-20 1514464]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2016-4-20 1136608]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-2-22 1593632]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-6-15 410768]
R2 ZAPrivacyService;ZoneAlarm Privacy Service;C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [2015-10-19 96272]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2012-2-21 130536]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2012-2-21 396776]
R3 hidkmdf;Filter Driver Service for HID-KMDF Interface layer;C:\Windows\System32\drivers\hidkmdf.sys [2016-1-14 25648]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2016-4-20 27008]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2016-4-20 192216]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2016-4-20 64896]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-9-14 726160]
R3 ssdevfactory;SteelSeries Device Factory Service;C:\Windows\System32\drivers\ssdevfactory.sys [2015-9-29 32792]
R3 sshid;SteelSeries HID Service;C:\Windows\System32\drivers\sshid.sys [2016-1-14 51392]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-9-14 58536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-5 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-5 125112]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-7-9 327296]
S3 DFX11_1;DFX Audio Enhancer 11.1;C:\Windows\System32\drivers\dfx11_1x64.sys [2012-12-13 28008]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2015-5-27 13824]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-9-16 19456]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8187B.sys [2010-3-31 450048]
S3 rzdaendpt;Razer DeathAdder end point;C:\Windows\System32\drivers\rzdaendpt.sys [2015-8-13 43720]
S3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2015-8-13 201432]
S3 rzvkeyboard;Razer Virtual Keyboard Driver;C:\Windows\System32\drivers\rzvkeyboard.sys [2015-8-13 44232]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-6-20 42184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-9-16 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-9-16 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-9-16 1255736]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .ini: inifile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .inf: inffile=C:\Windows\SysWow64\NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2016-04-20 18:08:43 97551 ----a-w- C:\ProgramData\1461175681.bdinstall.bin
2016-04-20 18:08:01 37823 ----a-w- C:\ProgramData\1461175679.bdinstall.bin
2016-04-20 17:25:26 -------- d-----w- C:\Program Files (x86)\CheckPoint
2016-04-20 17:25:00 -------- d-----w- C:\ProgramData\CheckPoint
2016-04-20 17:14:56 -------- d-----w- C:\Users\Mike\AppData\Local\Macromedia
2016-04-20 07:08:26 229101 ----a-w- C:\ProgramData\1461135813.bdinstall.bin
2016-04-20 07:07:43 261056 ----a-w- C:\Windows\System32\drivers\avchv.sys
2016-04-20 07:00:46 45408 ----a-w- C:\ProgramData\1461135622.bdinstall.bin
2016-04-20 06:45:39 -------- d-----w- C:\Program Files\Common Files\AV
2016-04-20 06:45:39 -------- d-----w- C:\Program Files (x86)\Common Files\AV
2016-04-20 05:29:45 192216 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2016-04-20 05:29:00 64896 ----a-w- C:\Windows\System32\drivers\mwac.sys
2016-04-20 05:29:00 27008 ----a-w- C:\Windows\System32\drivers\mbam.sys
2016-04-20 05:29:00 140672 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2016-04-20 05:28:59 -------- d-----w- C:\ProgramData\Malwarebytes
2016-04-20 05:28:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-19 15:17:36 11686560 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{51FD56BA-2587-41CD-8D6E-E4E92B55723A}\mpengine.dll
2016-04-12 21:10:59 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2016-04-08 05:45:06 5934784 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2016-03-24 08:21:26 462304 ----a-w- C:\Windows\System32\drivers\vsdatant.sys
.
==================== Find3M ====================
.
2016-04-08 05:45:10 797376 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2016-04-08 05:45:10 142528 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2016-04-06 15:18:38 453280 ------w- C:\Windows\System32\MpSigStub.exe
2016-04-04 18:14:06 38120 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2016-04-04 18:02:17 1169408 ----a-w- C:\Windows\System32\aeinv.dll
2016-04-02 13:08:13 1386496 ----a-w- C:\Windows\System32\appraiser.dll
2016-03-29 17:53:59 3216896 ----a-w- C:\Windows\System32\win32k.sys
2016-03-23 14:02:01 215040 ----a-w- C:\Windows\System32\aepic.dll
2016-03-17 23:04:04 706280 ----a-w- C:\Windows\System32\winload.efi
2016-03-17 23:04:04 5551336 ----a-w- C:\Windows\System32\ntoskrnl.exe
2016-03-17 23:04:03 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2016-03-17 23:04:03 154344 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2016-03-17 23:01:15 631176 ----a-w- C:\Windows\System32\winresume.efi
2016-03-17 23:01:02 1732864 ----a-w- C:\Windows\System32\ntdll.dll
2016-03-17 22:58:51 362496 ----a-w- C:\Windows\System32\wow64win.dll
2016-03-17 22:58:51 243712 ----a-w- C:\Windows\System32\wow64.dll
2016-03-17 22:58:51 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2016-03-17 22:58:32 215552 ----a-w- C:\Windows\System32\winsrv.dll
2016-03-17 22:58:26 210432 ----a-w- C:\Windows\System32\wdigest.dll
2016-03-17 22:58:14 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2016-03-17 22:58:05 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2016-03-17 22:58:05 135680 ----a-w- C:\Windows\System32\sspicli.dll
2016-03-17 22:58:04 503808 ----a-w- C:\Windows\System32\srcore.dll
2016-03-17 22:58:04 50176 ----a-w- C:\Windows\System32\srclient.dll
2016-03-17 22:57:31 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2016-03-17 22:57:26 28160 ----a-w- C:\Windows\System32\secur32.dll
2016-03-17 22:57:24 344064 ----a-w- C:\Windows\System32\schannel.dll
2016-03-17 22:57:21 190464 ----a-w- C:\Windows\System32\rpchttp.dll
2016-03-17 22:57:21 1212928 ----a-w- C:\Windows\System32\rpcrt4.dll
2016-03-17 22:56:24 2084864 ----a-w- C:\Windows\System32\ole32.dll
2016-03-17 22:56:19 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2016-03-17 22:54:55 312320 ----a-w- C:\Windows\System32\ncrypt.dll
2016-03-17 22:54:51 316416 ----a-w- C:\Windows\System32\msv1_0.dll
2016-03-17 22:54:47 60416 ----a-w- C:\Windows\System32\msobjs.dll
2016-03-17 22:54:27 146432 ----a-w- C:\Windows\System32\msaudite.dll
2016-03-17 22:53:23 1464320 ----a-w- C:\Windows\System32\lsasrv.dll
2016-03-17 22:53:15 731136 ----a-w- C:\Windows\System32\kerberos.dll
2016-03-17 22:53:15 419840 ----a-w- C:\Windows\System32\KernelBase.dll
2016-03-17 22:36:28 3998952 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2016-03-17 22:36:28 3943144 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2016-03-17 22:33:29 1314112 ----a-w- C:\Windows\SysWow64\ntdll.dll
2016-03-17 22:31:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2016-03-17 22:31:09 666112 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2016-03-17 22:31:09 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2016-03-17 22:31:09 275456 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2016-03-17 22:30:43 171520 ----a-w- C:\Windows\SysWow64\wdigest.dll
2016-03-17 22:30:35 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2016-03-17 22:30:00 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2016-03-17 22:29:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2016-03-17 22:29:24 251392 ----a-w- C:\Windows\SysWow64\schannel.dll
2016-03-17 22:29:22 141312 ----a-w- C:\Windows\SysWow64\rpchttp.dll
2016-03-17 22:28:21 1414144 ----a-w- C:\Windows\SysWow64\ole32.dll
2016-03-17 22:27:53 223232 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2016-03-17 22:27:50 260608 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2016-03-17 22:27:46 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2016-03-17 22:27:31 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2016-03-17 22:26:26 553984 ----a-w- C:\Windows\SysWow64\kerberos.dll
2016-03-17 22:25:00 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2016-03-17 21:53:08 148480 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2016-03-17 21:52:51 62464 ----a-w- C:\Windows\System32\drivers\appid.sys
2016-03-17 21:52:48 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2016-03-17 21:51:25 64000 ----a-w- C:\Windows\System32\auditpol.exe
2016-03-17 21:44:54 338432 ----a-w- C:\Windows\System32\conhost.exe
2016-03-17 21:43:20 296960 ----a-w- C:\Windows\System32\rstrui.exe
2016-03-17 21:41:01 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2016-03-17 21:38:06 159744 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2016-03-17 21:37:14 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2016-03-17 21:37:11 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2016-03-17 21:35:42 30720 ----a-w- C:\Windows\System32\lsass.exe
2016-03-17 21:35:33 112640 ----a-w- C:\Windows\System32\smss.exe
2016-03-17 21:30:55 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2016-03-17 21:30:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2016-03-17 21:30:52 2048 ----a-w- C:\Windows\SysWow64\user.exe
2016-03-17 21:29:13 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2016-03-17 21:29:00 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2016-03-17 21:29:00 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-17 21:29:00 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2016-03-17 21:29:00 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2016-03-17 18:04:39 698368 ----a-w- C:\Windows\System32\generaltel.dll
2016-03-17 18:04:39 499200 ----a-w- C:\Windows\System32\devinv.dll
2016-03-17 18:04:39 279040 ----a-w- C:\Windows\System32\invagent.dll
2016-03-17 18:04:38 76800 ----a-w- C:\Windows\System32\acmigration.dll
2016-03-16 18:50:06 156672 ----a-w- C:\Windows\System32\mtxoci.dll
2016-03-16 18:28:15 111616 ----a-w- C:\Windows\SysWow64\mtxoci.dll
2016-03-16 18:28:12 176128 ----a-w- C:\Windows\SysWow64\msorcl32.dll
2016-03-16 00:16:10 760320 ----a-w- C:\Windows\System32\samsrv.dll
2016-03-16 00:16:10 106496 ----a-w- C:\Windows\System32\samlib.dll
2016-03-15 23:53:30 60416 ----a-w- C:\Windows\SysWow64\samlib.dll
2016-03-11 18:57:00 2048 ----a-w- C:\Windows\System32\tzres.dll
2016-03-11 18:35:16 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2016-03-06 18:53:26 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2016-03-06 18:53:25 1885696 ----a-w- C:\Windows\System32\msxml3.dll
2016-03-06 18:38:52 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2016-03-06 18:38:52 1240576 ----a-w- C:\Windows\SysWow64\msxml3.dll
2016-02-12 18:52:23 98816 ----a-w- C:\Windows\System32\wudriver.dll
2016-02-12 18:52:23 3169792 ----a-w- C:\Windows\System32\wucltux.dll
2016-02-12 18:52:23 192512 ----a-w- C:\Windows\System32\wuwebv.dll
2016-02-12 18:44:43 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
2016-02-12 18:39:55 174080 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2016-02-12 18:18:22 37888 ----a-w- C:\Windows\System32\wuapp.exe
.
============= FINISH: 13:15:25.60 ===============
Attached Files
File Type: txt attach.txt (9.8 KB, 311 views)
rballhills is offline  
Sponsored Links
Advertisement
 
Old 04-21-2016, 12:11 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

**Note - Please do NOT upgrade your OS to Windows 10 until your machine is clean, and we have uninstalled all our removal tools. Thanks.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-22-2016, 03:07 PM   #3
Registered Member
 
Join Date: Apr 2016
Posts: 12
OS: Windows 7 SP 1



Unfortunately neither of these tools work. Both of them are unresponsive. For example, basically alternating between "not responding" and responding. The same thing happened the other day when I tried them too. I have tried multiple times to run them with no luck.
rballhills is offline  
Sponsored Links
Advertisement
 
Old 04-22-2016, 03:48 PM   #4
Registered Member
 
Join Date: Apr 2016
Posts: 12
OS: Windows 7 SP 1



I was able to get adware cleaner to work in safe mode, then farbar worked in normal mode. Results:

# AdwCleaner v5.112 - Logfile created 22/04/2016 at 17:36:23
# Updated 17/04/2016 by Xplode
# Database : 2016-04-19.5 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (X64)
# Username : Mike - MIKE-PC
# Running from : C:\Users\Mike\Downloads\AdwCleaner.exe
# Option : Clean
# Support : ToolsLib - Forum: Ask for help or share your experience.

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
[-] Folder Deleted : C:\Program Files (x86)\eSupport.com
[-] Folder Deleted : C:\Program Files (x86)\Exploremedia
[-] Folder Deleted : C:\ProgramData\Browser
[-] Folder Deleted : C:\ProgramData\QuickSet
[-] Folder Deleted : C:\ProgramData\27c2e76900002ecc
[-] Folder Deleted : C:\ProgramData\afbdab86b0102325
[-] Folder Deleted : C:\ProgramData\IcioConveRter
[-] Folder Deleted : C:\ProgramData\ReemoveTheAdApp
[-] Folder Deleted : C:\ProgramData\Service1291
[-] Folder Deleted : C:\ProgramData\{fc55e294-369e-4fa4-fc55-5e2943698a50}
[#] Folder Deleted : C:\ProgramData\Application Data\Browser
[#] Folder Deleted : C:\ProgramData\Application Data\QuickSet
[#] Folder Deleted : C:\ProgramData\Application Data\27c2e76900002ecc
[#] Folder Deleted : C:\ProgramData\Application Data\afbdab86b0102325
[#] Folder Deleted : C:\ProgramData\Application Data\IcioConveRter
[#] Folder Deleted : C:\ProgramData\Application Data\ReemoveTheAdApp
[#] Folder Deleted : C:\ProgramData\Application Data\Service1291
[#] Folder Deleted : C:\ProgramData\Application Data\{fc55e294-369e-4fa4-fc55-5e2943698a50}
[-] Folder Deleted : C:\Users\Mike\AppData\Local\eSupport.com
[-] Folder Deleted : C:\Users\Mike\AppData\Local\NativeMessaging
[-] Folder Deleted : C:\Users\Mike\AppData\Local\YSearchUtil
[-] Folder Deleted : C:\Users\Mike\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip
[-] Folder Deleted : C:\Users\Mike\AppData\Local\VirtualStore\Program Files (x86)\Save
[-] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil

***** [ Files ] *****

[-] File Deleted : C:\Users\Mike\AppData\Roaming\aps.uninstall.scan.results

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : DSite

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B33BD6CF-BF4C-4CF0-AC84-B2974BC14ABD}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{79F768ED-0B12-42EF-8257-36751A0ECF3A}]
[-] Key Deleted : HKCU\Software\Browser
[-] Key Deleted : HKCU\Software\BRS
[-] Key Deleted : HKCU\Software\eSupport.com
[-] Key Deleted : HKCU\Software\Microsoft\Tinstalls
[-] Key Deleted : HKCU\Software\tinydm.com
[-] Key Deleted : HKCU\Software\WEBAPP
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\V-bates
[-] Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
[-] Key Deleted : HKLM\SOFTWARE\NpApp
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CA41BB14-E67B-1653-C57B-5CA99418A866}
[-] Key Deleted : HKU\.DEFAULT\Software\Browser
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKU\S-1-5-19\Software\Browser
[-] Key Deleted : HKU\S-1-5-19\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKU\S-1-5-20\Software\Browser
[-] Key Deleted : HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\DailyWiki
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\MovieDea
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\Note-up
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\Super Optimizer
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\SushiLeadsApplication
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\Tiny download manager

***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [4858 bytes] - [22/04/2016 17:36:23]
C:\AdwCleaner\AdwCleaner[R0].txt - [3888 bytes] - [13/02/2014 15:05:59]
C:\AdwCleaner\AdwCleaner[S0].txt - [3736 bytes] - [13/02/2014 15:07:28]
C:\AdwCleaner\AdwCleaner[S1].txt - [7172 bytes] - [20/04/2016 01:10:35]
C:\AdwCleaner\AdwCleaner[S2].txt - [5568 bytes] - [22/04/2016 17:02:04]
C:\AdwCleaner\AdwCleaner[S3].txt - [5713 bytes] - [22/04/2016 17:35:21]
C:\AdwCleaner\AdwCleaner[S4].txt - [2642 bytes] - [22/04/2016 17:36:00]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5369 bytes] ##########


-------------

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016
Ran by Mike (administrator) on MIKE-PC (22-04-2016 17:39:38)
Running from C:\Users\Mike\Downloads
Loaded Profiles: Mike (Available Profiles: Mike)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\Windows\DAODx.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Octoshape ApS) C:\Users\Mike\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6827664 2012-08-07] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [134480 2016-03-24] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Run: [Octoshape Streaming Services] => C:\Users\Mike\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [500016 2014-08-01] (Octoshape ApS)
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\MountPoints2: {53227794-1e44-11e3-bded-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
HKU\S-1-5-18\...\Run: [ZoneAlarm Windows 10 Upgrader] => "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{D092CF56-193B-4BE6-B809-83560844BF47}: [DhcpNameServer] 75.75.76.76 75.75.75.75

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-3441241592-2075412865-1579379357-1000 -> DefaultScope {11973489-744C-483C-849E-342A8F5E14DA} URL = hxxp://www.bing.com/search?FORM=U007DF&PC=U007&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3441241592-2075412865-1579379357-1000 -> {0F9B4062-D874-4171-9F28-7523372FA286} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-3441241592-2075412865-1579379357-1000 -> {11973489-744C-483C-849E-342A8F5E14DA} URL = hxxp://www.bing.com/search?FORM=U007DF&PC=U007&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3441241592-2075412865-1579379357-1000 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKU\S-1-5-21-3441241592-2075412865-1579379357-1000 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-21] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-21] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\hrr0vgk3.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-27] (NVIDIA Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Mike\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-21] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-02-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3441241592-2075412865-1579379357-1000: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Mike\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1503240-0-npoctoshape.dll [2015-03-24] (Octoshape ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Mike\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2016-03-03] (Octoshape ApS)

Chrome:
=======
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-21]
CHR Extension: (YouTube) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-21]
CHR Extension: (AdBlock) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-04-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-21]
CHR Extension: (Gmail) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-21]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [epanfjkfahimkgomnigadpkobaefekcd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3746584 2016-03-24] (Check Point Software Technologies Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2015-10-19] (Check Point Software Technologies, Ltd.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 DFX11_1; C:\Windows\System32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows (R) Win 7 DDK provider)
S3 DrvAgent64; C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [13824 2015-05-27] (Phoenix Technologies) [File not signed]
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-22] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
S3 RTL8187B; C:\Windows\System32\DRIVERS\rtl8187B.sys [450048 2010-03-31] (Realtek Semiconductor Corporation )
S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [43720 2015-08-13] (Razer Inc)
S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc)
R3 ssdevfactory; C:\Windows\System32\DRIVERS\ssdevfactory.sys [32792 2015-09-29] (SteelSeries ApS)
R3 sshid; C:\Windows\System32\DRIVERS\sshid.sys [51392 2016-01-14] (SteelSeries ApS)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-20] (Anchorfree Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [462304 2016-03-24] (Check Point Software Technologies Ltd.)
S1 ESEADriver2; \??\C:\Users\Mike\AppData\Local\Temp\ESEADriver2.sys [X]
S3 HWiNFO32; \??\C:\Users\Mike\AppData\Local\Temp\HWiNFO64A.SYS [X]
S3 npf; \??\C:\Users\Mike\AppData\Local\Temp\HouseCall\tmase\nmap\npf\x64\npf.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
U0 SR; no ImagePath
U2 srservice; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-22 17:40 - 2016-04-22 17:40 - 00005472 _____ C:\Users\Mike\Desktop\AdwCleaner[C1].txt
2016-04-22 17:39 - 2016-04-22 17:40 - 00025444 _____ C:\Users\Mike\Downloads\FRST.txt
2016-04-22 17:04 - 2016-04-22 17:39 - 00000000 ____D C:\FRST
2016-04-22 17:03 - 2016-04-22 17:04 - 02375680 _____ (Farbar) C:\Users\Mike\Downloads\FRST64.exe
2016-04-22 17:00 - 2016-04-22 17:01 - 03683904 _____ C:\Users\Mike\Downloads\AdwCleaner.exe
2016-04-22 15:46 - 2016-04-22 15:46 - 00000088 _____ C:\Users\Mike\Desktop\HWiNFO64.INI
2016-04-21 15:13 - 2016-04-21 15:13 - 00002271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-21 15:13 - 2016-04-21 15:13 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-21 15:12 - 2016-04-22 17:37 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-21 15:12 - 2016-04-21 15:12 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d19c0a1747ac60.job
2016-04-21 15:11 - 2016-04-21 15:11 - 00987728 _____ (Google Inc.) C:\Users\Mike\Downloads\ChromeSetup(1).exe
2016-04-21 14:46 - 2016-04-22 17:32 - 00185856 _____ C:\Windows\ntbtlog.txt
2016-04-21 14:42 - 2016-04-21 14:42 - 00020086 _____ C:\Users\Mike\Documents\bookmarks_4_21_16.html
2016-04-20 13:13 - 2016-04-20 13:13 - 00688992 ____R (Swearware) C:\Users\Mike\Downloads\dds.scr
2016-04-20 13:08 - 2016-04-20 13:08 - 00097551 _____ C:\ProgramData\1461175681.bdinstall.bin
2016-04-20 13:08 - 2016-04-20 13:08 - 00037823 _____ C:\ProgramData\1461175679.bdinstall.bin
2016-04-20 12:27 - 2016-04-20 12:27 - 00426013 _____ C:\Windows\system32\Drivers\vsconfig.xml
2016-04-20 12:26 - 2016-04-20 12:26 - 00000762 _____ C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2016-04-20 12:26 - 2016-04-20 12:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2016-04-20 12:25 - 2016-04-20 12:26 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2016-04-20 12:25 - 2016-04-20 12:25 - 00000000 ____D C:\ProgramData\CheckPoint
2016-04-20 12:23 - 2016-04-20 12:23 - 03412984 _____ (Check Point Software Technologies Ltd.) C:\Users\Mike\Downloads\zapSetupWeb_141_057_000.exe
2016-04-20 12:20 - 2016-04-20 12:20 - 00003170 _____ C:\Windows\System32\Tasks\{2DC5CE99-DC57-4577-A50F-7E2693533001}
2016-04-20 12:16 - 2016-04-20 12:16 - 01372984 _____ C:\Users\Mike\Downloads\FreeFirewall_Setup_v1.0.8.48858_573.exe
2016-04-20 12:14 - 2016-04-20 12:14 - 00000000 ____D C:\Users\Mike\AppData\Local\Macromedia
2016-04-20 12:09 - 2016-04-20 12:16 - 00000000 ____D C:\Users\Mike\AppData\Local\Mozilla
2016-04-20 12:09 - 2016-04-20 12:09 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-04-20 12:09 - 2016-04-20 12:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-20 12:09 - 2016-04-20 12:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-20 12:08 - 2016-04-20 12:08 - 00242144 _____ C:\Users\Mike\Downloads\Firefox Setup Stub 45.0.2.exe
2016-04-20 02:08 - 2016-04-20 02:08 - 00229101 _____ C:\ProgramData\1461135813.bdinstall.bin
2016-04-20 02:07 - 2012-11-02 13:17 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2016-04-20 02:00 - 2016-04-20 02:00 - 10606640 _____ C:\Users\Mike\Downloads\Antivirus_Free_Edition_x64.exe
2016-04-20 02:00 - 2016-04-20 02:00 - 00196944 _____ C:\Users\Mike\Downloads\Antivirus_Free_Edition.exe
2016-04-20 02:00 - 2016-04-20 02:00 - 00045408 _____ C:\ProgramData\1461135622.bdinstall.bin
2016-04-20 01:45 - 2016-04-20 12:28 - 00000000 ____D C:\Program Files\Common Files\AV
2016-04-20 01:45 - 2016-04-20 01:45 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-04-20 01:40 - 2016-04-20 01:41 - 05066104 _____ (AVAST Software) C:\Users\Mike\Downloads\avast_free_antivirus_setup_online.exe
2016-04-20 01:28 - 2016-04-20 01:35 - 48750920 _____ C:\Users\Mike\Downloads\BDPUARLauncher.exe
2016-04-20 00:29 - 2016-04-22 17:38 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-20 00:29 - 2016-04-20 00:29 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-20 00:29 - 2016-04-20 00:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-20 00:29 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-04-20 00:29 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-04-20 00:29 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-04-20 00:28 - 2016-04-20 00:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-20 00:28 - 2016-04-20 00:28 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-20 00:24 - 2016-04-20 00:25 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Mike\Downloads\mbam-clean-2.1.1.1001.exe
2016-04-20 00:18 - 2016-04-20 00:19 - 22851472 _____ (Malwarebytes ) C:\Users\Mike\Downloads\mbam-setup-2.2.1.1043.exe
2016-04-12 16:11 - 2016-03-17 18:04 - 05551336 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-04-12 16:11 - 2016-03-17 18:04 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-04-12 16:11 - 2016-03-17 18:04 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-04-12 16:11 - 2016-03-17 18:04 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-04-12 16:11 - 2016-03-17 18:01 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-04-12 16:11 - 2016-03-17 18:01 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-04-12 16:11 - 2016-03-17 17:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-04-12 16:11 - 2016-03-17 17:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-04-12 16:11 - 2016-03-17 17:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-04-12 16:11 - 2016-03-17 17:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-04-12 16:11 - 2016-03-17 17:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-04-12 16:11 - 2016-03-17 17:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-04-12 16:11 - 2016-03-17 17:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-04-12 16:11 - 2016-03-17 17:57 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-04-12 16:11 - 2016-03-17 17:57 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-04-12 16:11 - 2016-03-17 17:57 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-04-12 16:11 - 2016-03-17 17:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-12 16:11 - 2016-03-17 17:54 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-04-12 16:11 - 2016-03-17 17:54 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-04-12 16:11 - 2016-03-17 17:53 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-04-12 16:11 - 2016-03-17 17:53 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-04-12 16:11 - 2016-03-17 17:53 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-12 16:11 - 2016-03-17 17:53 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-04-12 16:11 - 2016-03-17 17:50 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-04-12 16:11 - 2016-03-17 17:50 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-04-12 16:11 - 2016-03-17 17:36 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-04-12 16:11 - 2016-03-17 17:36 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-04-12 16:11 - 2016-03-17 17:33 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-04-12 16:11 - 2016-03-17 17:31 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-04-12 16:11 - 2016-03-17 17:31 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-04-12 16:11 - 2016-03-17 17:31 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-04-12 16:11 - 2016-03-17 17:29 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-04-12 16:11 - 2016-03-17 17:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-04-12 16:11 - 2016-03-17 17:27 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-04-12 16:11 - 2016-03-17 17:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-04-12 16:11 - 2016-03-17 17:24 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-04-12 16:11 - 2016-03-17 17:24 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-04-12 16:11 - 2016-03-17 16:44 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-04-12 16:11 - 2016-03-17 16:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-04-12 16:11 - 2016-03-17 16:37 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-04-12 16:11 - 2016-03-17 16:35 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-04-12 16:11 - 2016-03-16 13:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-04-12 16:11 - 2016-03-16 13:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-04-12 16:11 - 2016-03-16 13:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-04-12 16:11 - 2016-03-06 13:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-12 16:11 - 2016-03-06 13:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-04-12 16:11 - 2016-03-06 13:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-04-12 16:11 - 2016-03-06 13:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-04-12 16:11 - 2016-02-02 13:57 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-04-12 16:10 - 2016-04-04 13:14 - 00038120 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-04-12 16:10 - 2016-04-04 13:02 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-04-12 16:10 - 2016-04-02 08:08 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-04-12 16:10 - 2016-03-29 12:53 - 03216896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-04-12 16:10 - 2016-03-23 09:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-04-12 16:10 - 2016-03-17 17:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-04-12 16:10 - 2016-03-17 17:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-04-12 16:10 - 2016-03-17 17:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-04-12 16:10 - 2016-03-17 17:57 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-04-12 16:10 - 2016-03-17 17:57 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-04-12 16:10 - 2016-03-17 17:56 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-04-12 16:10 - 2016-03-17 17:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-04-12 16:10 - 2016-03-17 17:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-04-12 16:10 - 2016-03-17 17:50 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-04-12 16:10 - 2016-03-17 17:50 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-04-12 16:10 - 2016-03-17 17:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-04-12 16:10 - 2016-03-17 17:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-04-12 16:10 - 2016-03-17 17:50 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-04-12 16:10 - 2016-03-17 17:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-04-12 16:10 - 2016-03-17 17:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-04-12 16:10 - 2016-03-17 17:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 17:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 17:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 17:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 17:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 17:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 17:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 17:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 17:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 17:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 17:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 17:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 17:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 17:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 17:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 17:31 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-04-12 16:10 - 2016-03-17 17:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-04-12 16:10 - 2016-03-17 17:30 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-04-12 16:10 - 2016-03-17 17:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-04-12 16:10 - 2016-03-17 17:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-04-12 16:10 - 2016-03-17 17:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-04-12 16:10 - 2016-03-17 17:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-04-12 16:10 - 2016-03-17 17:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-04-12 16:10 - 2016-03-17 17:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-04-12 16:10 - 2016-03-17 17:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-04-12 16:10 - 2016-03-17 17:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-04-12 16:10 - 2016-03-17 17:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-04-12 16:10 - 2016-03-17 17:24 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-04-12 16:10 - 2016-03-17 17:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-04-12 16:10 - 2016-03-17 17:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 17:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 17:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 17:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 17:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 17:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 17:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 17:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 17:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 17:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 17:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 17:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 17:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 16:53 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-04-12 16:10 - 2016-03-17 16:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-04-12 16:10 - 2016-03-17 16:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-04-12 16:10 - 2016-03-17 16:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-04-12 16:10 - 2016-03-17 16:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-04-12 16:10 - 2016-03-17 16:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-04-12 16:10 - 2016-03-17 16:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-04-12 16:10 - 2016-03-17 16:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-04-12 16:10 - 2016-03-17 16:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-04-12 16:10 - 2016-03-17 16:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-04-12 16:10 - 2016-03-17 16:30 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-04-12 16:10 - 2016-03-17 16:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-04-12 16:10 - 2016-03-17 16:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-04-12 16:10 - 2016-03-17 16:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 16:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 16:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 16:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-04-12 16:10 - 2016-03-17 13:04 - 00698368 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-04-12 16:10 - 2016-03-17 13:04 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-04-12 16:10 - 2016-03-17 13:04 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-04-12 16:10 - 2016-03-17 13:04 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-04-12 16:10 - 2016-03-15 19:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-12 16:10 - 2016-03-15 19:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-12 16:10 - 2016-03-15 18:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-04-12 16:10 - 2016-03-11 13:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-04-12 16:10 - 2016-03-11 13:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-04-12 16:10 - 2016-02-05 13:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-04-12 16:10 - 2016-02-05 13:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-04-12 16:10 - 2016-02-05 12:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2016-04-12 16:10 - 2016-01-20 19:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-04-12 16:10 - 2015-06-03 15:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-04-11 07:35 - 2016-04-11 07:35 - 00150919 _____ C:\Users\Mike\Downloads\Directions to 3M (2).pdf
2016-04-11 07:34 - 2016-04-11 07:34 - 00150919 _____ C:\Users\Mike\Downloads\Directions to 3M (1).pdf
2016-04-10 10:27 - 2016-04-10 10:27 - 00551914 _____ C:\Users\Mike\Downloads\SQLQueryAnalyzer.zip
2016-04-08 00:45 - 2016-04-08 00:45 - 05934784 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-04-06 12:51 - 2016-04-06 12:51 - 00150919 _____ C:\Users\Mike\Downloads\Directions to 3M.pdf
2016-04-05 16:45 - 2016-04-05 16:45 - 00229701 _____ C:\Users\Mike\Downloads\Certified Manufacturers List.pdf
2016-04-05 16:45 - 2016-04-05 16:45 - 00229701 _____ C:\Users\Mike\Desktop\ignitionInterlockProviders.pdf
2016-04-04 09:56 - 2016-04-04 09:56 - 00000029 _____ C:\Users\Mike\Desktop\drugtestconf#.txt
2016-04-04 08:05 - 2016-04-04 08:05 - 00000000 _____ C:\Users\Mike\Desktop\New Text Document (2).txt
2016-04-03 16:08 - 2016-04-03 16:08 - 00061507 _____ C:\Users\Mike\Downloads\Drug Testing Release and Consent Form (2).pdf
2016-04-02 21:56 - 2016-04-02 21:56 - 00061507 _____ C:\Users\Mike\Downloads\Drug Testing Release and Consent Form (1).pdf
2016-04-02 21:00 - 2016-04-02 21:00 - 00061507 _____ C:\Users\Mike\Downloads\Drug Testing Release and Consent Form.pdf
2016-03-30 18:32 - 2016-03-30 18:32 - 00001071 _____ C:\Users\Mike\Desktop\Project 64.lnk
2016-03-24 03:21 - 2016-03-24 03:21 - 00462304 _____ (Check Point Software Technologies Ltd.) C:\Windows\system32\Drivers\vsdatant.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-22 17:37 - 2015-10-03 12:27 - 00000340 ____H C:\Windows\Tasks\OARTNJEAIARHXJUU.job
2016-04-22 17:37 - 2013-09-14 01:27 - 00000000 ____D C:\ProgramData\NVIDIA
2016-04-22 17:37 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-22 17:36 - 2014-02-13 15:05 - 00000000 ____D C:\AdwCleaner
2016-04-22 17:30 - 2013-12-27 01:31 - 00007610 _____ C:\Users\Mike\AppData\Local\Resmon.ResmonCfg
2016-04-22 17:18 - 2009-07-13 23:45 - 00031280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-22 17:18 - 2009-07-13 23:45 - 00031280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-22 16:56 - 2013-09-14 01:51 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2016-04-22 16:53 - 2014-08-25 21:24 - 00000000 ____D C:\Users\Mike\AppData\Local\Battle.net
2016-04-22 16:53 - 2014-08-25 21:23 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-04-22 16:45 - 2013-11-01 22:03 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-22 15:07 - 2013-09-21 00:57 - 00000000 ____D C:\Users\Mike\AppData\Local\CrashDumps
2016-04-22 14:42 - 2013-09-14 03:31 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Skype
2016-04-22 04:00 - 2014-07-06 07:21 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-21 18:12 - 2014-12-14 13:52 - 00000000 ____D C:\Users\Mike\AppData\Roaming\TS3Client
2016-04-21 18:00 - 2014-12-14 13:51 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2016-04-21 15:13 - 2013-09-14 00:47 - 00000000 ____D C:\Users\Mike\AppData\Local\Google
2016-04-21 15:12 - 2013-09-14 00:47 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-21 11:57 - 2014-10-23 05:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-21 11:57 - 2013-09-16 20:33 - 00000000 ____D C:\ProgramData\Oracle
2016-04-21 11:57 - 2013-09-16 20:32 - 00000000 ____D C:\Program Files (x86)\Java
2016-04-21 11:56 - 2015-10-05 12:45 - 00000000 ____D C:\Users\Mike\.oracle_jre_usage
2016-04-21 11:56 - 2014-10-23 05:34 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-04-20 12:27 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-04-20 12:10 - 2015-02-22 11:23 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Mozilla
2016-04-20 02:06 - 2015-06-13 22:28 - 00000000 ____D C:\Users\Mike\AppData\Roaming\QuickScan
2016-04-20 02:02 - 2015-10-04 17:17 - 00000000 ____D C:\ProgramData\AVAST Software
2016-04-20 00:58 - 2014-01-30 15:42 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-04-20 00:55 - 2014-05-27 07:43 - 00000000 ____D C:\Users\Mike\AppData\LocalLow\Company
2016-04-13 04:07 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-04-13 03:35 - 2009-07-14 00:13 - 00785942 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-13 03:29 - 2009-07-13 23:45 - 00411152 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-13 03:27 - 2014-12-10 04:20 - 00000000 ____D C:\Windows\system32\appraiser
2016-04-13 03:09 - 2013-09-16 20:57 - 00000000 ____D C:\Windows\system32\MRT
2016-04-13 03:03 - 2013-09-16 20:56 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-12 05:23 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2016-04-08 00:45 - 2013-11-01 22:03 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-08 00:45 - 2013-11-01 22:03 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-08 00:45 - 2013-11-01 22:03 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-06 10:18 - 2010-11-20 22:27 - 00453280 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-04-06 01:08 - 2014-01-13 15:56 - 00000000 ____D C:\Program Files (x86)\Project64 2.1
2016-03-31 02:16 - 2014-01-21 13:37 - 00000000 ____D C:\Users\Mike\AppData\Local\Blizzard Entertainment
2016-03-24 18:15 - 2014-02-12 23:57 - 00000000 ____D C:\Users\Mike\AppData\Local\ElevatedDiagnostics
2016-03-24 03:00 - 2015-04-04 03:01 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-03-24 03:00 - 2015-04-04 03:01 - 00000000 ___SD C:\Windows\system32\GWX

==================== Files in the root of some directories =======

2008-06-08 11:50 - 2013-12-27 01:14 - 0047285 _____ () C:\Program Files (x86)\changelog.txt
2006-06-22 19:56 - 2013-12-27 01:14 - 0015402 _____ () C:\Program Files (x86)\copying.txt
2012-02-26 18:14 - 2013-12-27 01:09 - 0028410 _____ () C:\Program Files (x86)\Jnes.chm
2012-02-23 13:55 - 2013-12-27 01:09 - 0480311 _____ () C:\Program Files (x86)\Jnes.cht
2008-06-08 11:51 - 2013-12-27 01:14 - 0036781 _____ () C:\Program Files (x86)\readme.html
2008-05-27 18:37 - 2013-12-27 01:14 - 0033631 _____ () C:\Program Files (x86)\schemadb.xsd
2008-05-26 19:24 - 2013-12-27 01:14 - 0033617 _____ () C:\Program Files (x86)\schemaromset.xsd
2015-10-03 15:06 - 2015-10-03 15:06 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2014-05-27 09:30 - 2014-12-22 01:05 - 0000229 _____ () C:\Users\Mike\AppData\Roaming\WB.CFG
2015-10-03 15:24 - 2015-10-03 15:24 - 0186164 _____ () C:\Users\Mike\AppData\Local\ars.cache
2015-10-03 15:24 - 2015-10-03 15:24 - 0390973 _____ () C:\Users\Mike\AppData\Local\census.cache
2014-11-11 18:15 - 2014-12-17 01:05 - 0000001 _____ () C:\Users\Mike\AppData\Local\DSI.DAT
2015-09-03 11:49 - 2015-09-03 11:49 - 0000036 _____ () C:\Users\Mike\AppData\Local\housecall.guid.cache
2013-12-27 01:31 - 2016-04-22 17:30 - 0007610 _____ () C:\Users\Mike\AppData\Local\Resmon.ResmonCfg
2015-09-03 12:40 - 2015-09-03 12:40 - 0231802 _____ () C:\ProgramData\1441302003.bdinstall.bin
2016-04-20 02:00 - 2016-04-20 02:00 - 0045408 _____ () C:\ProgramData\1461135622.bdinstall.bin
2016-04-20 02:08 - 2016-04-20 02:08 - 0229101 _____ () C:\ProgramData\1461135813.bdinstall.bin
2016-04-20 13:08 - 2016-04-20 13:08 - 0037823 _____ () C:\ProgramData\1461175679.bdinstall.bin
2016-04-20 13:08 - 2016-04-20 13:08 - 0097551 _____ () C:\ProgramData\1461175681.bdinstall.bin
2015-10-03 14:58 - 2015-10-03 14:58 - 0001654 _____ () C:\ProgramData\tempimage.bmp

Some files in TEMP:
====================
C:\Users\Mike\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Mike\AppData\Local\Temp\libeay32.dll
C:\Users\Mike\AppData\Local\Temp\msvcr120.dll
C:\Users\Mike\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-18 07:44

==================== End of FRST.txt ============================
rballhills is offline  
Old 04-22-2016, 03:50 PM   #5
Registered Member
 
Join Date: Apr 2016
Posts: 12
OS: Windows 7 SP 1



double post.
rballhills is offline  
Old 04-22-2016, 08:14 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello rballhills. It appears you didn't attach the second FRST log, Addition.txt, to your last reply.

I need to see it before we can proceed.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-23-2016, 10:35 AM   #7
Registered Member
 
Join Date: Apr 2016
Posts: 12
OS: Windows 7 SP 1



Sorry, I have attached it now.
Attached Files
File Type: txt Addition.txt (35.5 KB, 30 views)
rballhills is offline  
Old 04-23-2016, 01:37 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, rballhills.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Back up your files - Windows Help

Also, if you haven't done so already, create a system repair disc. It's really easy and quick.

How To Create a Windows 7 System Repair Disc [Easy]

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    Task: {15494BEF-2A36-4922-B0E7-77F9320D892E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-04-20] (AVAST Software)
    Task: {82AFDD22-DF97-43F0-BE68-3C1BC2374BFF} - \Mext Guard FBE8818C-5B13-48C2-A93E-AD731167DBF2 -> No File <==== ATTENTION
    Task: {835C2580-3AC4-47F0-A82E-BBDE25A97012} - System32\Tasks\OARTNJEAIARHXJUU => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
    Task: {E7616EB1-CF73-4E3C-9F2C-83592B605A7E} - System32\Tasks\Tsirosnoba => C:\ProgramData\Tsirosnoba\1.0.6.1\mueuiooi.exe
    Task: {F5128951-B2DB-48AC-A175-9ADD165B6FF2} - System32\Tasks\HWiNFO => C:\Users\Mike\AppData\Local\Temp\7zO073005F1\HWiNFO64.exe <==== ATTENTION
    Task: {F65358B5-E7CB-42B2-BC36-FDC074CEB21A} - System32\Tasks\{2DC5CE99-DC57-4577-A50F-7E2693533001} => pcalua.exe -a C:\Users\Mike\Downloads\FreeFirewall_Setup_v1.0.8.48858_573.exe -d C:\Users\Mike\Downloads
    Task: C:\Windows\Tasks\OARTNJEAIARHXJUU.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
    C:\ProgramData\Service1291
    C:\ProgramData\Tsirosnoba
    C:\Users\Mike\Downloads\FreeFirewall_Setup_v1.0.8.48858_573.exe
    C:\Program Files\Common Files\AV\avast! Antivirus
    AlternateDataStreams: C:\ProgramData\TEMP:3C6F4669 [136]
    AlternateDataStreams: C:\Users\Mike\Downloads\Firefox Setup Stub 45.0.2.exe:BDU [0]
    AlternateDataStreams: C:\Users\Mike\Downloads\FreeFirewall_Setup_v1.0.8.48858_573.exe:BDU [0]
    AlternateDataStreams: C:\Users\Mike\Downloads\iCloudSetup.exe:BDU [0]
    AlternateDataStreams: C:\Users\Mike\Downloads\wsainstall.exe:BDU [0]
    AlternateDataStreams: C:\Users\Mike\Downloads\zapSetupWeb_141_057_000.exe:BDU [0]
    HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
    HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
    HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
    HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION
    HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
    HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION
    HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
    HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION
    HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
    HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
    HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
    HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
    HKLM\...\Policies\Explorer: [NoFile] 0
    HKLM\...\Policies\Explorer: [HideClock] 0
    HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
    HKLM\...\Policies\Explorer: [NoSetFolders] 0
    HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
    HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
    HKLM\...\Policies\Explorer: [NoDFSTab] 0
    HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKLM\...\Policies\Explorer: [NoLogoff] 0
    HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKLM\...\Policies\Explorer: [NoResolveSearch] 0
    HKLM\...\Policies\Explorer: [NoSaveSettings] 0
    HKLM\...\Policies\Explorer: [NoHardwareTab] 0
    HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
    HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
    HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
    HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
    HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
    HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
    HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
    HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
    HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
    HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
    HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
    HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
    HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
    HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\system: [NoDispAppearancePage] 0
    HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\system: [NoDispBackgroundPage] 0
    HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\system: [NoDispSettingsPage] 0
    HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoViewOnDrive] 0
    HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
    HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoViewContextMenu] 0
    HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoShellSearchButton] 0
    HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoFind] 0
    HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoFile] 0
    HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [HideClock] 0
    HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
    HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoSetFolders] 0
    HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoSetTaskbar] 0
    HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoDeletePrinter] 0
    HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoDFSTab] 0
    HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoLogoff] 0
    HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoResolveSearch] 0
    HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoSaveSettings] 0
    HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoHardwareTab] 0
    HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\MountPoints2: {53227794-1e44-11e3-bded-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
    HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
    HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
    HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
    HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
    HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
    HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
    HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
    HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
    HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
    SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL =
    SearchScopes: HKLM-x32 -> DefaultScope value is missing
    SearchScopes: HKU\S-1-5-21-3441241592-2075412865-1579379357-1000 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
    SearchScopes: HKU\S-1-5-21-3441241592-2075412865-1579379357-1000 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL =
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [epanfjkfahimkgomnigadpkobaefekcd] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
    S1 ESEADriver2; \??\C:\Users\Mike\AppData\Local\Temp\ESEADriver2.sys [X]
    S3 HWiNFO32; \??\C:\Users\Mike\AppData\Local\Temp\HWiNFO64A.SYS [X]
    S3 npf; \??\C:\Users\Mike\AppData\Local\Temp\HouseCall\tmase\nmap\npf\x64\npf.sys [X]
    C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
    Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk" /f
    Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\avgnt" /f
    Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Avira SystrayStartTrigger" /f
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-24-2016, 10:52 AM   #9
Registered Member
 
Join Date: Apr 2016
Posts: 12
OS: Windows 7 SP 1



Fix result of Farbar Recovery Scan Tool (x64) Version:18-04-2016
Ran by Mike (2016-04-24 12:53:46) Run:1
Running from C:\Users\Mike\Downloads
Loaded Profiles: Mike (Available Profiles: Mike)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
Task: {15494BEF-2A36-4922-B0E7-77F9320D892E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-04-20] (AVAST Software)
Task: {82AFDD22-DF97-43F0-BE68-3C1BC2374BFF} - \Mext Guard FBE8818C-5B13-48C2-A93E-AD731167DBF2 -> No File <==== ATTENTION
Task: {835C2580-3AC4-47F0-A82E-BBDE25A97012} - System32\Tasks\OARTNJEAIARHXJUU => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
Task: {E7616EB1-CF73-4E3C-9F2C-83592B605A7E} - System32\Tasks\Tsirosnoba => C:\ProgramData\Tsirosnoba\1.0.6.1\mueuiooi.exe
Task: {F5128951-B2DB-48AC-A175-9ADD165B6FF2} - System32\Tasks\HWiNFO => C:\Users\Mike\AppData\Local\Temp\7zO073005F1\HWiNFO64.exe <==== ATTENTION
Task: {F65358B5-E7CB-42B2-BC36-FDC074CEB21A} - System32\Tasks\{2DC5CE99-DC57-4577-A50F-7E2693533001} => pcalua.exe -a C:\Users\Mike\Downloads\FreeFirewall_Setup_v1.0.8.48858_573.exe -d C:\Users\Mike\Downloads
Task: C:\Windows\Tasks\OARTNJEAIARHXJUU.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
C:\ProgramData\Service1291
C:\ProgramData\Tsirosnoba
C:\Users\Mike\Downloads\FreeFirewall_Setup_v1.0.8.48858_573.exe
C:\Program Files\Common Files\AV\avast! Antivirus
AlternateDataStreams: C:\ProgramData\TEMP:3C6F4669 [136]
AlternateDataStreams: C:\Users\Mike\Downloads\Firefox Setup Stub 45.0.2.exe:BDU [0]
AlternateDataStreams: C:\Users\Mike\Downloads\FreeFirewall_Setup_v1.0.8.48858_573.exe:BDU [0]
AlternateDataStreams: C:\Users\Mike\Downloads\iCloudSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Mike\Downloads\wsainstall.exe:BDU [0]
AlternateDataStreams: C:\Users\Mike\Downloads\zapSetupWeb_141_057_000.exe:BDU [0]
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\...\MountPoints2: {53227794-1e44-11e3-bded-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-3441241592-2075412865-1579379357-1000 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKU\S-1-5-21-3441241592-2075412865-1579379357-1000 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [epanfjkfahimkgomnigadpkobaefekcd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
S1 ESEADriver2; \??\C:\Users\Mike\AppData\Local\Temp\ESEADriver2.sys [X]
S3 HWiNFO32; \??\C:\Users\Mike\AppData\Local\Temp\HWiNFO64A.SYS [X]
S3 npf; \??\C:\Users\Mike\AppData\Local\Temp\HouseCall\tmase\nmap\npf\x64\npf.sys [X]
C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\avgnt" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Avira SystrayStartTrigger" /f
EmptyTemp:
end
*****************

Restore point was successfully created.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{15494BEF-2A36-4922-B0E7-77F9320D892E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15494BEF-2A36-4922-B0E7-77F9320D892E}" => key removed successfully
C:\Windows\System32\Tasks\AVAST Software\Avast settings backup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Avast settings backup" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{82AFDD22-DF97-43F0-BE68-3C1BC2374BFF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82AFDD22-DF97-43F0-BE68-3C1BC2374BFF}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mext Guard FBE8818C-5B13-48C2-A93E-AD731167DBF2 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{835C2580-3AC4-47F0-A82E-BBDE25A97012}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{835C2580-3AC4-47F0-A82E-BBDE25A97012}" => key removed successfully
C:\Windows\System32\Tasks\OARTNJEAIARHXJUU => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OARTNJEAIARHXJUU" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{E7616EB1-CF73-4E3C-9F2C-83592B605A7E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7616EB1-CF73-4E3C-9F2C-83592B605A7E}" => key removed successfully
C:\Windows\System32\Tasks\Tsirosnoba => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Tsirosnoba" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F5128951-B2DB-48AC-A175-9ADD165B6FF2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5128951-B2DB-48AC-A175-9ADD165B6FF2}" => key removed successfully
C:\Windows\System32\Tasks\HWiNFO => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HWiNFO" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F65358B5-E7CB-42B2-BC36-FDC074CEB21A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F65358B5-E7CB-42B2-BC36-FDC074CEB21A}" => key removed successfully
C:\Windows\System32\Tasks\{2DC5CE99-DC57-4577-A50F-7E2693533001} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2DC5CE99-DC57-4577-A50F-7E2693533001}" => key removed successfully
C:\Windows\Tasks\OARTNJEAIARHXJUU.job => moved successfully
"C:\ProgramData\Service1291" => not found.
"C:\ProgramData\Tsirosnoba" => not found.
C:\Users\Mike\Downloads\FreeFirewall_Setup_v1.0.8.48858_573.exe => moved successfully
C:\Program Files\Common Files\AV\avast! Antivirus => moved successfully
C:\ProgramData\TEMP => ":3C6F4669" ADS removed successfully.
C:\Users\Mike\Downloads\Firefox Setup Stub 45.0.2.exe => ":BDU" ADS removed successfully.
"C:\Users\Mike\Downloads\FreeFirewall_Setup_v1.0.8.48858_573.exe" => ":BDU" ADS not found.
C:\Users\Mike\Downloads\iCloudSetup.exe => ":BDU" ADS removed successfully.
C:\Users\Mike\Downloads\wsainstall.exe => ":BDU" ADS removed successfully.
C:\Users\Mike\Downloads\zapSetupWeb_141_057_000.exe => ":BDU" ADS removed successfully.
"HKU\.DEFAULT\Software\Classes\exefile" => key removed successfully
"HKU\.DEFAULT\Software\Classes\.exe" => key removed successfully
HKU\.DEFAULT\Software\Classes\exefile => key not found.
"HKU\S-1-5-19\Software\Classes\exefile" => key removed successfully
"HKU\S-1-5-19\Software\Classes\.exe" => key removed successfully
HKU\S-1-5-19\Software\Classes\exefile => key not found.
"HKU\S-1-5-20\Software\Classes\exefile" => key removed successfully
"HKU\S-1-5-20\Software\Classes\.exe" => key removed successfully
HKU\S-1-5-20\Software\Classes\exefile => key not found.
"HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\Software\Classes\exefile" => key removed successfully
"HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\Software\Classes\.exe" => key removed successfully
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\Software\Classes\exefile => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispBackgroundPage => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispBackgroundPage => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value removed successfully
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => value removed successfully
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispBackgroundPage => value removed successfully
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => value removed successfully
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => value removed successfully
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => value removed successfully
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => value removed successfully
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => value removed successfully
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => value removed successfully
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value removed successfully
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => value removed successfully
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => value removed successfully
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => value removed successfully
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value removed successfully
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value removed successfully
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value removed successfully
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => value removed successfully
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => value removed successfully
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value removed successfully
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => value removed successfully
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => value removed successfully
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value removed successfully
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => value removed successfully
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value removed successfully
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => value removed successfully
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => value removed successfully
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value removed successfully
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => value removed successfully
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => value removed successfully
HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value removed successfully
"HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53227794-1e44-11e3-bded-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{53227794-1e44-11e3-bded-806e6f6e6963} => key not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispBackgroundPage => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => key removed successfully
HKCR\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}" => key removed successfully
HKCR\CLSID\{31090377-0740-419E-BEFC-A56E50500D5B} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => key removed successfully
HKCR\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} => key not found.
"HKU\S-1-5-21-3441241592-2075412865-1579379357-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}" => key removed successfully
HKCR\CLSID\{31090377-0740-419E-BEFC-A56E50500D5B} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaffhmecfaelkngcbnfdkcckmillnoki" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\epanfjkfahimkgomnigadpkobaefekcd" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => key removed successfully
ESEADriver2 => service removed successfully
HWiNFO32 => service removed successfully
npf => service removed successfully
C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup => moved successfully

========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\avgnt" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Avira SystrayStartTrigger" /f =========

The operation completed successfully.



========= End of Reg: =========

EmptyTemp: => 744.4 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 12:55:01 ====
rballhills is offline  
Old 04-24-2016, 12:36 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, rballhills. How is the machine behaving? Still having suspicious Chrome activity?

Is ZoneAlarm running as an antivirus on your machine? I only see the firewall part running.

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Double-click ComboFix.exe and follow the prompts to run it.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

Note: If you get an 'Illegal operation attempted on a Registry key which has been marked for deletion' error message, please open Task Manager and 'End Process' on explorer.exe

Next, go File > New Task(Run...) and type explorer then press 'Enter'.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-24-2016, 02:33 PM   #11
Registered Member
 
Join Date: Apr 2016
Posts: 12
OS: Windows 7 SP 1



As far as chrome activity, I am not sure what to make of it. For example, I will load a a few chrome windows then pull up resource monitor and I will see around 50 chrome.exe images running, with several variously named amazonaws images and akamaitechnologies. I have heard conflicting reports on the credibility of these images so I can't tell if they are malicious or not. After a few minutes of having the chrome windows open this network activity disappears and I am only left with a few chrome.exe images in my resource monitor. Overall behavior of my machine is fine and appears normal.

Also, I am only running ZA firewall, not the antivirus. I tried to disable it on load at startup for combofix but it won't let me. I ran combofix once and it restarted my computer and produced a log but I forgot to save it and I couldn't find it. I noticed a lot deletions under chrome for things ending in random strings similar to what I have seen in previous reports I posted. So I ran combo fix a 2nd time and this time it did not restart my PC, and I don't see any deletions listed:

ComboFix 16-04-22.01 - Mike 04/24/2016 16:04:21.2.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8094.6709 [GMT -5:00]
Running from: c:\users\Mike\Desktop\ComboFix.exe
FW: ZoneAlarm Pro Firewall *Enabled* {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2016-03-24 to 2016-04-24 )))))))))))))))))))))))))))))))
.
.
2016-04-24 21:18 . 2016-04-24 21:18 -------- d-----w- c:\users\Guest\AppData\Local\temp
2016-04-24 21:18 . 2016-04-24 21:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-04-24 21:18 . 2016-04-24 21:18 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2016-04-24 21:18 . 2016-04-24 21:18 -------- d-----w- c:\users\admin\AppData\Local\temp
2016-04-24 21:16 . 2016-04-24 21:16 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32927CEE-7014-460A-89A5-594F67320688}\offreg.2932.dll
2016-04-22 23:01 . 2016-04-22 23:01 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32927CEE-7014-460A-89A5-594F67320688}\offreg.3972.dll
2016-04-22 22:04 . 2016-04-24 17:56 -------- d-----w- C:\FRST
2016-04-22 18:21 . 2016-03-17 01:45 11686560 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32927CEE-7014-460A-89A5-594F67320688}\mpengine.dll
2016-04-21 16:57 . 2016-04-21 16:57 -------- d-----w- c:\program files (x86)\Common Files\Java
2016-04-20 17:25 . 2016-04-20 17:26 -------- d-----w- c:\program files (x86)\CheckPoint
2016-04-20 17:25 . 2016-04-20 17:25 -------- d-----w- c:\programdata\CheckPoint
2016-04-20 17:14 . 2016-04-20 17:14 -------- d-----w- c:\users\Mike\AppData\Local\Macromedia
2016-04-20 17:09 . 2016-04-20 17:16 -------- d-----w- c:\users\Mike\AppData\Local\Mozilla
2016-04-20 17:09 . 2016-04-20 17:09 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2016-04-20 07:07 . 2012-11-02 18:17 261056 ----a-w- c:\windows\system32\drivers\avchv.sys
2016-04-20 06:45 . 2016-04-24 17:54 -------- d-----w- c:\program files\Common Files\AV
2016-04-20 06:45 . 2016-04-20 06:45 -------- d-----w- c:\program files (x86)\Common Files\AV
2016-04-20 05:29 . 2016-04-24 21:02 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-04-20 05:29 . 2016-03-10 19:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-04-20 05:29 . 2016-03-10 19:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-04-20 05:29 . 2016-03-10 19:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-04-20 05:28 . 2016-04-20 05:29 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-04-20 05:28 . 2016-04-20 05:28 -------- d-----w- c:\programdata\Malwarebytes
2016-04-12 21:10 . 2016-03-17 22:58 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2016-04-08 05:45 . 2016-04-08 05:45 5934784 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-04-21 16:56 . 2014-10-23 10:34 97856 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2016-04-13 08:03 . 2013-09-17 01:56 135176864 ----a-w- c:\windows\system32\MRT.exe
2016-04-08 05:45 . 2013-11-02 03:03 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-04-08 05:45 . 2013-11-02 03:03 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-04-06 15:18 . 2010-11-21 03:27 453280 ------w- c:\windows\system32\MpSigStub.exe
2016-03-24 08:21 . 2016-03-24 08:21 462304 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2016-03-17 22:24 . 2016-04-12 21:10 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-02-12 18:52 . 2016-03-09 11:20 3169792 ----a-w- c:\windows\system32\wucltux.dll
2016-02-12 18:52 . 2016-03-09 11:20 98816 ----a-w- c:\windows\system32\wudriver.dll
2016-02-12 18:52 . 2016-03-09 11:20 192512 ----a-w- c:\windows\system32\wuwebv.dll
2016-02-12 18:44 . 2016-03-09 11:20 91136 ----a-w- c:\windows\system32\WinSetupUI.dll
2016-02-12 18:39 . 2016-03-09 11:20 174080 ----a-w- c:\windows\SysWow64\wuwebv.dll
2016-02-12 18:22 . 2016-03-09 11:20 2610688 ----a-w- c:\windows\system32\wuaueng.dll
2016-02-12 18:19 . 2016-03-09 11:20 709120 ----a-w- c:\windows\system32\wuapi.dll
2016-02-12 18:18 . 2016-03-09 11:20 140288 ----a-w- c:\windows\system32\wuauclt.exe
2016-02-12 18:18 . 2016-03-09 11:20 37888 ----a-w- c:\windows\system32\wuapp.exe
2016-02-12 18:18 . 2016-03-09 11:20 36864 ----a-w- c:\windows\system32\wups.dll
2016-02-12 18:18 . 2016-03-09 11:20 37888 ----a-w- c:\windows\system32\wups2.dll
2016-02-12 18:18 . 2016-03-09 11:20 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2016-02-12 18:06 . 2016-03-09 11:20 573440 ----a-w- c:\windows\SysWow64\wuapi.dll
2016-02-12 18:05 . 2016-03-09 11:20 93696 ----a-w- c:\windows\SysWow64\wudriver.dll
2016-02-12 18:05 . 2016-03-09 11:20 30208 ----a-w- c:\windows\SysWow64\wups.dll
2016-02-12 18:05 . 2016-03-09 11:20 35328 ----a-w- c:\windows\SysWow64\wuapp.exe
2016-02-09 09:57 . 2016-03-09 11:20 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2016-02-09 09:57 . 2016-03-09 11:20 14634496 ----a-w- c:\windows\system32\wmp.dll
2016-02-09 09:56 . 2016-03-09 11:20 5120 ----a-w- c:\windows\system32\msdxm.ocx
2016-02-09 09:56 . 2016-03-09 11:20 5120 ----a-w- c:\windows\system32\dxmasf.dll
2016-02-09 09:55 . 2016-03-09 11:20 30720 ----a-w- c:\windows\system32\seclogon.dll
2016-02-09 09:54 . 2016-03-09 11:20 9728 ----a-w- c:\windows\system32\spwmp.dll
2016-02-09 09:51 . 2016-03-09 11:20 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2016-02-09 09:13 . 2016-03-09 11:20 4096 ----a-w- c:\windows\SysWow64\msdxm.ocx
2016-02-09 09:13 . 2016-03-09 11:20 4096 ----a-w- c:\windows\SysWow64\dxmasf.dll
2016-02-09 09:13 . 2016-03-09 11:20 8192 ----a-w- c:\windows\SysWow64\spwmp.dll
2016-02-05 18:54 . 2016-03-09 11:20 41472 ----a-w- c:\windows\system32\lpk.dll
2016-02-05 18:54 . 2016-03-09 11:20 100864 ----a-w- c:\windows\system32\fontsub.dll
2016-02-05 18:53 . 2016-03-09 11:20 14336 ----a-w- c:\windows\system32\dciman32.dll
2016-02-05 18:53 . 2016-03-09 11:20 46080 ----a-w- c:\windows\system32\atmlib.dll
2016-02-05 18:50 . 2016-03-09 11:20 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2016-02-05 18:44 . 2016-03-09 11:20 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2016-02-05 18:42 . 2016-03-09 11:20 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2016-02-05 17:48 . 2016-03-09 11:20 372736 ----a-w- c:\windows\system32\atmfd.dll
2016-02-05 17:43 . 2016-03-09 11:20 299520 ----a-w- c:\windows\SysWow64\atmfd.dll
2016-02-05 17:43 . 2016-03-09 11:20 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2016-02-05 01:19 . 2016-03-09 11:20 381440 ----a-w- c:\windows\system32\mfds.dll
2016-02-04 18:41 . 2016-03-09 11:20 296448 ----a-w- c:\windows\SysWow64\mfds.dll
2016-02-03 18:58 . 2016-03-09 11:20 862208 ----a-w- c:\windows\system32\oleaut32.dll
2016-02-03 18:52 . 2016-03-09 11:20 84992 ----a-w- c:\windows\system32\asycfilt.dll
2016-02-03 18:49 . 2016-03-09 11:20 572416 ----a-w- c:\windows\SysWow64\oleaut32.dll
2016-02-03 18:43 . 2016-03-09 11:20 67584 ----a-w- c:\windows\SysWow64\asycfilt.dll
2016-02-03 18:07 . 2016-03-09 11:20 91648 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS
2015-10-03 20:06 . 2015-10-03 20:06 10395072 ----a-w- c:\program files (x86)\Common Files\wruninstall.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Octoshape Streaming Services"="c:\users\Mike\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2014-08-01 500016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2015-12-14 1085656]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2016-03-24 134480]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-04-01 596504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux7"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 DFX11_1;DFX Audio Enhancer 11.1;c:\windows\system32\drivers\dfx11_1x64.sys;c:\windows\SYSNATIVE\drivers\dfx11_1x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187B.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8187B.sys [x]
R3 rzdaendpt;Razer DeathAdder end point;c:\windows\system32\DRIVERS\rzdaendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzdaendpt.sys [x]
R3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
R3 rzvkeyboard;Razer Virtual Keyboard Driver;c:\windows\system32\DRIVERS\rzvkeyboard.sys;c:\windows\SYSNATIVE\DRIVERS\rzvkeyboard.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe;c:\program files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 hidkmdf;Filter Driver Service for HID-KMDF Interface layer;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 ssdevfactory;SteelSeries Device Factory Service;c:\windows\system32\DRIVERS\ssdevfactory.sys;c:\windows\SYSNATIVE\DRIVERS\ssdevfactory.sys [x]
S3 sshid;SteelSeries HID Service;c:\windows\system32\DRIVERS\sshid.sys;c:\windows\SYSNATIVE\DRIVERS\sshid.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-04-21 20:12 1186968 ----a-w- c:\program files (x86)\Google\Chrome\Application\50.0.2661.87\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-04-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-02 05:45]
.
2016-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-04-21 20:12]
.
2016-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d19c0a1747ac60.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-04-21 20:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-08-07 6827664]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.yahoo.com/?fr=yset_ie_sy...ype=orcl_hpset
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\hrr0vgk3.default\
.
.
------- File Associations -------
.
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.21"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-04-24 16:20:49
ComboFix-quarantined-files.txt 2016-04-24 21:20
ComboFix2.txt 2016-04-24 20:55
.
Pre-Run: 144,127,971,328 bytes free
Post-Run: 144,043,032,576 bytes free
.
- - End Of File - - 2A7F9BA88B148508DA4E2EC0A69517AF
A36C5E4F47E84449FF07ED3517B43A31
rballhills is offline  
Old 04-24-2016, 08:10 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, rballhills.

Quote:
Also, I am only running ZA firewall, not the antivirus
Why? This is an open invitation for infection.

It can take as little as eight seconds to infect an unprotected computer.

Please enable ZoneAlarm antivirus and keep it enabled.

------------------------------------------------------

It also appears your Windows 7 User Account Control UAC has been disabled. Sometimes, malware disables it, sometimes the end user does.

Please read this

Before you go any further, protect this system and re-enable that feature. Click Start > Control Panel > User Accounts > Change User Account Control settings and set it back to Always Notify.

------------------------------------------------------

CCleaner

We do not recommend the use of registry cleaners, or the registry cleaner feature of CCleaner. Our colleague miekiemoes has an excellent writeup here

------------------------------------------------------

I need to see the first ComboFix log.

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

C:\Qoobox\ComboFix2.txt

A text file should open. Please copy/paste the contents of that file in your next reply.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-24-2016, 09:07 PM   #13
Registered Member
 
Join Date: Apr 2016
Posts: 12
OS: Windows 7 SP 1



Ok, I installed the ZA antivirus as well, and it is running. Also, is there a way that I can re-enable adblock without uninstalling and reinstalling chrome? I think combofix removed it and I can't seem to re-enable it. Here is the original combofix you asked for:

ComboFix 16-04-22.01 - Mike 04/24/2016 15:36:34.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8094.6104 [GMT -5:00]
Running from: c:\users\Mike\Desktop\ComboFix.exe
FW: ZoneAlarm Pro Firewall *Disabled* {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1441302003.bdinstall.bin
c:\programdata\1461135622.bdinstall.bin
c:\programdata\1461135813.bdinstall.bin
c:\programdata\1461175679.bdinstall.bin
c:\programdata\1461175681.bdinstall.bin
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\ar\messages.json
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\bg\messages.json
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\ca\messages.json
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\cs\messages.json
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\da\messages.json
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\de\messages.json
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\el\messages.json
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\en\messages.json
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\es\messages.json
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\fi\messages.json
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\fr\messages.json
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\gu\messages.json
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\he\messages.json
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\hr\messages.json
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\hu\messages.json
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\id\messages.json
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\it\messages.json
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\ja\messages.json
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\ko\messages.json
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\nb\messages.json
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\nl\messages.json
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\pl\messages.json
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\pt_BR\messages.json
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\pt_PT\messages.json
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\ro\messages.json
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\ru\messages.json
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\sk\messages.json
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\sl\messages.json
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\sr\messages.json
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\sv\messages.json
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\tr\messages.json
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\uk\messages.json
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\vi\messages.json
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\zh_CN\messages.json
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\zh_TW\messages.json
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_metadata\computed_hashes.json
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_metadata\verified_contents.json
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\adblock_safari_beforeload.js
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\adblock_safari_contentblocking.js
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\adblock_start_chrome.js
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\adblock_start_common.js
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\background.js
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\bandaids.js
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\button\popup.css
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\button\popup.html
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\button\popup.js
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\CHANGELOG.txt
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\checkupdates.js
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\datacollection.js
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\filtering\declarativewebrequest.js
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\filtering\domainset.js
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\filtering\filternormalizer.js
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\filtering\filteroptions.js
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\filtering\filterset.js
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\filtering\filtertypes.js
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\filtering\myfilters.js
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\functions.js
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\gab_question.js
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\idlehandler.js
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\delete.gif
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\dropbox1.png
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\dropbox2.png
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\dropbox3.png
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\facebook-sprite.png
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\gplus-sprite.png
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon128.png
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon16.png
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon16_grayscale.png
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\[email protected]
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon19-grayscale.png
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon19-whitelisted.png
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon19.png
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon24.png
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon32.png
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon38-grayscale.png
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon38-whitelisted.png
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon38.png
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon48.png
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\loader.gif
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\logo.png
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\search\check.png
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\search\magnifying_glass.png
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\search\search-engine-card_no-shadow.png
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\search\search-engine-icons.png
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\search\search-omnibox-card_no-shadow.png
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\search\search_engine_select_arrow.png
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\twitter-sprite.png
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\images\ui-bg_flat_55_999999_40x100.png
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\images\ui-bg_flat_75_aaaaaa_40x100.png
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\images\ui-bg_glass_45_0078ae_1x400.png
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\images\ui-bg_glass_55_f8da4e_1x400.png
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\images\ui-bg_glass_75_79c9ec_1x400.png
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\images\ui-bg_gloss-wave_50_38cfff_500x100.png
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\images\ui-bg_gloss-wave_75_2191c0_500x100.png
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\images\ui-bg_inset-hard_100_fcfdfd_1x100.png
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\images\ui-icons_056b93_256x240.png
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\images\ui-icons_d8e7f3_256x240.png
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\jquery-ui.custom.css
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\override-page.css
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\jquery-ui.custom.min.js
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\jquery.cookie.js
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\jquery.min.js
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\LICENSE
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\manifest.json
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\notificationoverlay.js
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\bug-report.html
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\bug-report.js
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\customize.html
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\customize.js
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\filters.html
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\filters.js
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\general.html
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\general.js
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\index.html
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\index.js
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\options.css
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\support.html
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\support.js
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\pages\adreport.html
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\pages\adreport.js
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\pages\resourceblock.css
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\pages\resourceblock.html
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\pages\resourceblock.js
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\pages\subscribe.css
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\pages\subscribe.html
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\pages\subscribe.js
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\port.js
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\punycode.min.js
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\README.markdown
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\stats.js
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\survey.js
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\translators.json
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\uiscripts\blacklisting\blacklistui.js
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\uiscripts\blacklisting\clickwatcher.js
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\uiscripts\blacklisting\elementchain.js
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\uiscripts\blacklisting\overlay.js
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\uiscripts\blacklisting\rightclick_hook.js
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\uiscripts\load_jquery_ui.js
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\uiscripts\send_content_to_back.js
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\uiscripts\top_open_blacklist_ui.js
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\uiscripts\top_open_whitelist_ui.js
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\ytchannel.js
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage-journal
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\windows\msdownld.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
((((((((((((((((((((((((( Files Created from 2016-03-24 to 2016-04-24 )))))))))))))))))))))))))))))))
.
.
2016-04-24 17:56 . 2016-04-24 17:56 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2016-04-22 23:01 . 2016-04-22 23:01 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32927CEE-7014-460A-89A5-594F67320688}\offreg.3972.dll
2016-04-22 22:04 . 2016-04-24 17:56 -------- d-----w- C:\FRST
2016-04-22 18:21 . 2016-03-17 01:45 11686560 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32927CEE-7014-460A-89A5-594F67320688}\mpengine.dll
2016-04-21 16:57 . 2016-04-21 16:57 -------- d-----w- c:\program files (x86)\Common Files\Java
2016-04-20 17:25 . 2016-04-20 17:26 -------- d-----w- c:\program files (x86)\CheckPoint
2016-04-20 17:25 . 2016-04-20 17:25 -------- d-----w- c:\programdata\CheckPoint
2016-04-20 17:14 . 2016-04-20 17:14 -------- d-----w- c:\users\Mike\AppData\Local\Macromedia
2016-04-20 17:09 . 2016-04-20 17:16 -------- d-----w- c:\users\Mike\AppData\Local\Mozilla
2016-04-20 17:09 . 2016-04-20 17:09 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2016-04-20 07:07 . 2012-11-02 18:17 261056 ----a-w- c:\windows\system32\drivers\avchv.sys
2016-04-20 06:45 . 2016-04-24 17:54 -------- d-----w- c:\program files\Common Files\AV
2016-04-20 06:45 . 2016-04-20 06:45 -------- d-----w- c:\program files (x86)\Common Files\AV
2016-04-20 05:29 . 2016-04-24 18:10 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-04-20 05:29 . 2016-03-10 19:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-04-20 05:29 . 2016-03-10 19:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-04-20 05:29 . 2016-03-10 19:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-04-20 05:28 . 2016-04-20 05:29 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-04-20 05:28 . 2016-04-20 05:28 -------- d-----w- c:\programdata\Malwarebytes
2016-04-12 21:10 . 2016-03-17 22:58 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2016-04-08 05:45 . 2016-04-08 05:45 5934784 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-04-21 16:56 . 2014-10-23 10:34 97856 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2016-04-13 08:03 . 2013-09-17 01:56 135176864 ----a-w- c:\windows\system32\MRT.exe
2016-04-08 05:45 . 2013-11-02 03:03 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-04-08 05:45 . 2013-11-02 03:03 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-04-06 15:18 . 2010-11-21 03:27 453280 ------w- c:\windows\system32\MpSigStub.exe
2016-03-24 08:21 . 2016-03-24 08:21 462304 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2016-03-17 22:24 . 2016-04-12 21:10 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-02-12 18:52 . 2016-03-09 11:20 3169792 ----a-w- c:\windows\system32\wucltux.dll
2016-02-12 18:52 . 2016-03-09 11:20 98816 ----a-w- c:\windows\system32\wudriver.dll
2016-02-12 18:52 . 2016-03-09 11:20 192512 ----a-w- c:\windows\system32\wuwebv.dll
2016-02-12 18:44 . 2016-03-09 11:20 91136 ----a-w- c:\windows\system32\WinSetupUI.dll
2016-02-12 18:39 . 2016-03-09 11:20 174080 ----a-w- c:\windows\SysWow64\wuwebv.dll
2016-02-12 18:22 . 2016-03-09 11:20 2610688 ----a-w- c:\windows\system32\wuaueng.dll
2016-02-12 18:19 . 2016-03-09 11:20 709120 ----a-w- c:\windows\system32\wuapi.dll
2016-02-12 18:18 . 2016-03-09 11:20 140288 ----a-w- c:\windows\system32\wuauclt.exe
2016-02-12 18:18 . 2016-03-09 11:20 37888 ----a-w- c:\windows\system32\wuapp.exe
2016-02-12 18:18 . 2016-03-09 11:20 36864 ----a-w- c:\windows\system32\wups.dll
2016-02-12 18:18 . 2016-03-09 11:20 37888 ----a-w- c:\windows\system32\wups2.dll
2016-02-12 18:18 . 2016-03-09 11:20 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2016-02-12 18:06 . 2016-03-09 11:20 573440 ----a-w- c:\windows\SysWow64\wuapi.dll
2016-02-12 18:05 . 2016-03-09 11:20 93696 ----a-w- c:\windows\SysWow64\wudriver.dll
2016-02-12 18:05 . 2016-03-09 11:20 30208 ----a-w- c:\windows\SysWow64\wups.dll
2016-02-12 18:05 . 2016-03-09 11:20 35328 ----a-w- c:\windows\SysWow64\wuapp.exe
2016-02-09 09:57 . 2016-03-09 11:20 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2016-02-09 09:57 . 2016-03-09 11:20 14634496 ----a-w- c:\windows\system32\wmp.dll
2016-02-09 09:56 . 2016-03-09 11:20 5120 ----a-w- c:\windows\system32\msdxm.ocx
2016-02-09 09:56 . 2016-03-09 11:20 5120 ----a-w- c:\windows\system32\dxmasf.dll
2016-02-09 09:55 . 2016-03-09 11:20 30720 ----a-w- c:\windows\system32\seclogon.dll
2016-02-09 09:54 . 2016-03-09 11:20 9728 ----a-w- c:\windows\system32\spwmp.dll
2016-02-09 09:51 . 2016-03-09 11:20 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2016-02-09 09:13 . 2016-03-09 11:20 4096 ----a-w- c:\windows\SysWow64\msdxm.ocx
2016-02-09 09:13 . 2016-03-09 11:20 4096 ----a-w- c:\windows\SysWow64\dxmasf.dll
2016-02-09 09:13 . 2016-03-09 11:20 8192 ----a-w- c:\windows\SysWow64\spwmp.dll
2016-02-05 18:54 . 2016-03-09 11:20 41472 ----a-w- c:\windows\system32\lpk.dll
2016-02-05 18:54 . 2016-03-09 11:20 100864 ----a-w- c:\windows\system32\fontsub.dll
2016-02-05 18:53 . 2016-03-09 11:20 14336 ----a-w- c:\windows\system32\dciman32.dll
2016-02-05 18:53 . 2016-03-09 11:20 46080 ----a-w- c:\windows\system32\atmlib.dll
2016-02-05 18:50 . 2016-03-09 11:20 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2016-02-05 18:44 . 2016-03-09 11:20 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2016-02-05 18:42 . 2016-03-09 11:20 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2016-02-05 17:48 . 2016-03-09 11:20 372736 ----a-w- c:\windows\system32\atmfd.dll
2016-02-05 17:43 . 2016-03-09 11:20 299520 ----a-w- c:\windows\SysWow64\atmfd.dll
2016-02-05 17:43 . 2016-03-09 11:20 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2016-02-05 01:19 . 2016-03-09 11:20 381440 ----a-w- c:\windows\system32\mfds.dll
2016-02-04 18:41 . 2016-03-09 11:20 296448 ----a-w- c:\windows\SysWow64\mfds.dll
2016-02-03 18:58 . 2016-03-09 11:20 862208 ----a-w- c:\windows\system32\oleaut32.dll
2016-02-03 18:52 . 2016-03-09 11:20 84992 ----a-w- c:\windows\system32\asycfilt.dll
2016-02-03 18:49 . 2016-03-09 11:20 572416 ----a-w- c:\windows\SysWow64\oleaut32.dll
2016-02-03 18:43 . 2016-03-09 11:20 67584 ----a-w- c:\windows\SysWow64\asycfilt.dll
2016-02-03 18:07 . 2016-03-09 11:20 91648 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS
2015-10-03 20:06 . 2015-10-03 20:06 10395072 ----a-w- c:\program files (x86)\Common Files\wruninstall.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Octoshape Streaming Services"="c:\users\Mike\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2014-08-01 500016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2015-12-14 1085656]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2016-03-24 134480]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-04-01 596504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux7"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe;c:\program files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [x]
R3 DFX11_1;DFX Audio Enhancer 11.1;c:\windows\system32\drivers\dfx11_1x64.sys;c:\windows\SYSNATIVE\drivers\dfx11_1x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187B.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8187B.sys [x]
R3 rzdaendpt;Razer DeathAdder end point;c:\windows\system32\DRIVERS\rzdaendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzdaendpt.sys [x]
R3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
R3 rzvkeyboard;Razer Virtual Keyboard Driver;c:\windows\system32\DRIVERS\rzvkeyboard.sys;c:\windows\SYSNATIVE\DRIVERS\rzvkeyboard.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 hidkmdf;Filter Driver Service for HID-KMDF Interface layer;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 ssdevfactory;SteelSeries Device Factory Service;c:\windows\system32\DRIVERS\ssdevfactory.sys;c:\windows\SYSNATIVE\DRIVERS\ssdevfactory.sys [x]
S3 sshid;SteelSeries HID Service;c:\windows\system32\DRIVERS\sshid.sys;c:\windows\SYSNATIVE\DRIVERS\sshid.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-04-21 20:12 1186968 ----a-w- c:\program files (x86)\Google\Chrome\Application\50.0.2661.87\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-04-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-02 05:45]
.
2016-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-04-21 20:12]
.
2016-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d19c0a1747ac60.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-04-21 20:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-08-07 6827664]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.yahoo.com/?fr=yset_ie_sy...ype=orcl_hpset
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\hrr0vgk3.default\
.
.
------- File Associations -------
.
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKU-Default-Run-ZoneAlarm Windows 10 Upgrader - c:\programdata\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.21"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\DAODx.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
.
**************************************************************************
.
Completion time: 2016-04-24 15:55:26 - machine was rebooted
ComboFix-quarantined-files.txt 2016-04-24 20:55
.
Pre-Run: 145,166,123,008 bytes free
Post-Run: 144,022,986,752 bytes free
.
- - End Of File - - C1F2EB8423FCA3237CB7FD29AA5B774B
A36C5E4F47E84449FF07ED3517B43A31
rballhills is offline  
Old 04-25-2016, 08:37 AM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, rballhills.

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

C:\Qoobox\ComboFix-quarantined-files.txt

A text file should open. Please copy/paste the contents of that file in your next reply.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-25-2016, 03:53 PM   #15
Registered Member
 
Join Date: Apr 2016
Posts: 12
OS: Windows 7 SP 1



I had to uninstall the zone alarm firewall + antivirus because it prevented me from accessing the internet. First it would only let me use google and youtube, and then it stopped working altogether and nothing I tried (including disabling the firewall) fixed it. After uninstalling it, everything works fine. Any ideas?

Here is the log you asked for:

2016-04-24 20:55:27 . 2016-04-24 20:55:27 512 ----a-w- C:\Qoobox\Quarantine\MBR_HardDisk0.mbr
2016-04-24 20:54:23 . 2016-04-24 20:54:23 377 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47}.reg.dat
2016-04-24 20:54:15 . 2016-04-24 20:54:15 228 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKU-Default-Run-ZoneAlarm Windows 10 Upgrader.reg.dat
2016-04-24 20:45:06 . 2016-04-24 20:45:06 828 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_NPF.reg.dat
2016-04-24 20:44:57 . 2016-04-24 21:16:21 5,103 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2016-04-24 20:34:44 . 2016-04-24 21:03:23 102 ----a-w- C:\Qoobox\Quarantine\catchme.log
2016-04-24 17:57:44 . 2016-04-24 20:41:50 0 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage-journal.vir
2016-04-24 17:57:44 . 2016-04-24 20:41:50 7,995,392 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage.vir
2016-04-21 20:19:38 . 2016-04-21 20:19:38 21,058 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_metadata\computed_hashes.json.vir
2016-04-21 20:19:37 . 2016-04-15 15:55:18 22,174 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_metadata\verified_contents.json.vir
2016-04-21 20:19:37 . 2016-04-21 20:19:38 40,130 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\zh_TW\messages.json.vir
2016-04-21 20:19:37 . 2016-04-21 20:19:38 59,903 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\zh_CN\messages.json.vir
2016-04-21 20:19:37 . 2016-04-21 20:19:38 65,984 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\vi\messages.json.vir
2016-04-21 20:19:37 . 2016-04-21 20:19:38 73,694 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\uk\messages.json.vir
2016-04-21 20:19:37 . 2016-04-21 20:19:38 46,483 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\tr\messages.json.vir
2016-04-21 20:19:37 . 2016-04-21 20:19:38 45,285 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\sv\messages.json.vir
2016-04-21 20:19:37 . 2016-04-21 20:19:38 52,615 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\sr\messages.json.vir
2016-04-21 20:19:37 . 2016-04-21 20:19:38 55,275 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\sl\messages.json.vir
2016-04-21 20:19:37 . 2016-04-21 20:19:38 45,945 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\sk\messages.json.vir
2016-04-21 20:19:37 . 2016-04-21 20:19:38 73,523 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\ru\messages.json.vir
2016-04-21 20:19:37 . 2016-04-21 20:19:38 45,306 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\ro\messages.json.vir
2016-04-21 20:19:37 . 2016-04-21 20:19:38 60,777 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\pt_PT\messages.json.vir
2016-04-21 20:19:37 . 2016-04-21 20:19:38 54,071 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\pt_BR\messages.json.vir
2016-04-21 20:19:37 . 2016-04-21 20:19:38 50,201 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\pl\messages.json.vir
2016-04-21 20:19:37 . 2016-04-21 20:19:38 62,056 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\nl\messages.json.vir
2016-04-21 20:19:37 . 2016-04-21 20:19:38 44,468 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\nb\messages.json.vir
2016-04-21 20:19:37 . 2016-04-21 20:19:38 40,528 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\ko\messages.json.vir
2016-04-21 20:19:37 . 2016-04-21 20:19:38 41,621 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\ja\messages.json.vir
2016-04-21 20:19:37 . 2016-04-21 20:19:38 61,060 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\it\messages.json.vir
2016-04-21 20:19:37 . 2016-04-21 20:19:38 49,906 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\id\messages.json.vir
2016-04-21 20:19:37 . 2016-04-21 20:19:38 51,073 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\hu\messages.json.vir
2016-04-21 20:19:37 . 2016-04-21 20:19:38 61,475 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\hr\messages.json.vir
2016-04-21 20:19:37 . 2016-04-21 20:19:38 33,984 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\he\messages.json.vir
2016-04-21 20:19:37 . 2016-04-21 20:19:37 54,911 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\gu\messages.json.vir
2016-04-21 20:19:37 . 2016-04-21 20:19:37 63,197 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\fr\messages.json.vir
2016-04-21 20:19:37 . 2016-04-21 20:19:37 60,782 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\fi\messages.json.vir
2016-04-21 20:19:37 . 2016-04-21 20:19:37 46,468 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\es\messages.json.vir
2016-04-21 20:19:37 . 2016-04-21 20:19:37 59,727 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\en\messages.json.vir
2016-04-21 20:19:37 . 2016-04-21 20:19:37 76,681 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\el\messages.json.vir
2016-04-21 20:19:37 . 2016-04-21 20:19:37 59,978 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\de\messages.json.vir
2016-04-21 20:19:37 . 2016-04-21 20:19:37 41,415 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\da\messages.json.vir
2016-04-21 20:19:37 . 2016-04-21 20:19:37 45,501 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\cs\messages.json.vir
2016-04-21 20:19:37 . 2016-04-21 20:19:37 56,520 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\ca\messages.json.vir
2016-04-21 20:19:37 . 2016-04-21 20:19:37 71,566 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\bg\messages.json.vir
2016-04-21 20:19:37 . 2016-04-21 20:19:37 61,810 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\ar\messages.json.vir
2016-04-21 20:19:37 . 2016-03-07 22:12:08 3,514 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\ytchannel.js.vir
2016-04-21 20:19:37 . 2016-02-12 16:35:36 6,427 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\uiscripts\top_open_whitelist_ui.js.vir
2016-04-21 20:19:37 . 2016-02-19 15:40:34 1,933 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\uiscripts\top_open_blacklist_ui.js.vir
2016-04-21 20:19:37 . 2015-06-08 21:52:48 1,566 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\uiscripts\send_content_to_back.js.vir
2016-04-21 20:19:37 . 2015-06-08 21:52:48 2,183 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\uiscripts\load_jquery_ui.js.vir
2016-04-21 20:19:37 . 2014-07-15 15:04:56 402 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\uiscripts\blacklisting\rightclick_hook.js.vir
2016-04-21 20:19:37 . 2014-08-26 16:28:28 1,095 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\uiscripts\blacklisting\overlay.js.vir
2016-04-21 20:19:37 . 2014-05-01 14:43:32 1,344 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\uiscripts\blacklisting\elementchain.js.vir
2016-04-21 20:19:37 . 2016-02-12 16:35:36 5,595 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\uiscripts\blacklisting\clickwatcher.js.vir
2016-04-21 20:19:37 . 2016-02-12 16:35:36 13,927 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\uiscripts\blacklisting\blacklistui.js.vir
2016-04-21 20:19:37 . 2016-04-15 16:02:14 17,243 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\translators.json.vir
2016-04-21 20:19:37 . 2016-02-12 16:35:36 6,713 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\survey.js.vir
2016-04-21 20:19:37 . 2016-04-12 17:18:40 8,320 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\stats.js.vir
2016-04-21 20:19:37 . 2015-06-08 21:52:46 88 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\README.markdown.vir
2016-04-21 20:19:37 . 2016-02-12 16:35:36 2,802 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\punycode.min.js.vir
2016-04-21 20:19:37 . 2016-02-12 16:35:36 16,331 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\port.js.vir
2016-04-21 20:19:37 . 2016-02-12 16:35:36 1,247 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\pages\subscribe.js.vir
2016-04-21 20:19:37 . 2016-02-12 16:35:36 526 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\pages\subscribe.html.vir
2016-04-21 20:19:37 . 2016-02-12 16:35:36 514 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\pages\subscribe.css.vir
2016-04-21 20:19:37 . 2016-03-15 16:01:40 15,618 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\pages\resourceblock.js.vir
2016-04-21 20:19:37 . 2016-02-12 16:35:36 1,960 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\pages\resourceblock.html.vir
2016-04-21 20:19:37 . 2016-02-12 16:35:36 1,112 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\pages\resourceblock.css.vir
2016-04-21 20:19:37 . 2016-02-12 16:35:36 30,663 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\pages\adreport.js.vir
2016-04-21 20:19:37 . 2016-03-15 16:01:40 17,027 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\pages\adreport.html.vir
2016-04-21 20:19:37 . 2016-02-12 16:35:36 3,524 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\support.js.vir
2016-04-21 20:19:37 . 2016-03-07 22:12:08 1,485 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\support.html.vir
2016-04-21 20:19:37 . 2016-03-15 16:01:40 13,009 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\options.css.vir
2016-04-21 20:19:37 . 2016-02-18 20:11:20 6,897 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\index.js.vir
2016-04-21 20:19:37 . 2016-03-17 21:07:46 2,585 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\index.html.vir
2016-04-21 20:19:37 . 2016-03-17 21:07:46 6,229 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\general.js.vir
2016-04-21 20:19:37 . 2016-03-17 21:07:46 3,023 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\general.html.vir
2016-04-21 20:19:37 . 2016-02-12 16:35:36 26,985 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\filters.js.vir
2016-04-21 20:19:37 . 2015-06-08 21:52:46 1,556 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\filters.html.vir
2016-04-21 20:19:37 . 2016-03-15 16:01:40 11,256 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\customize.js.vir
2016-04-21 20:19:37 . 2016-03-15 16:01:40 6,174 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\customize.html.vir
2016-04-21 20:19:37 . 2016-02-12 16:35:36 10,017 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\bug-report.js.vir
2016-04-21 20:19:37 . 2016-02-12 16:35:36 5,838 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\bug-report.html.vir
2016-04-21 20:19:37 . 2016-02-12 16:35:36 5,722 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\notificationoverlay.js.vir
2016-04-21 20:19:37 . 2016-04-21 20:19:37 2,837 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\manifest.json.vir
2016-04-21 20:19:37 . 2015-06-08 21:52:46 35,121 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\LICENSE.vir
2016-04-21 20:19:37 . 2015-06-08 21:52:46 84,245 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\jquery.min.js.vir
2016-04-21 20:19:37 . 2014-07-18 14:57:24 4,246 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\jquery.cookie.js.vir
2016-04-21 20:19:37 . 2016-02-12 16:35:36 228,077 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\jquery-ui.custom.min.js.vir
2016-04-21 20:19:37 . 2016-02-12 16:35:36 5,299 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\override-page.css.vir
2016-04-21 20:19:37 . 2016-02-12 16:35:36 20,265 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\jquery-ui.custom.css.vir
2016-04-21 20:19:37 . 2014-05-01 14:43:32 4,369 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\images\ui-icons_d8e7f3_256x240.png.vir
2016-04-21 20:19:37 . 2014-05-01 14:43:32 5,355 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\images\ui-icons_056b93_256x240.png.vir
2016-04-21 20:19:37 . 2014-05-01 14:43:32 88 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\images\ui-bg_inset-hard_100_fcfdfd_1x100.png.vir
2016-04-21 20:19:37 . 2014-05-01 14:43:32 89 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\images\ui-bg_gloss-wave_75_2191c0_500x100.png.vir
2016-04-21 20:19:37 . 2014-05-01 14:43:32 89 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\images\ui-bg_gloss-wave_50_38cfff_500x100.png.vir
2016-04-21 20:19:37 . 2014-05-01 14:43:32 132 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\images\ui-bg_glass_75_79c9ec_1x400.png.vir
2016-04-21 20:19:37 . 2014-05-01 14:43:32 131 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\images\ui-bg_glass_55_f8da4e_1x400.png.vir
2016-04-21 20:19:37 . 2014-05-01 14:43:32 136 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\images\ui-bg_glass_45_0078ae_1x400.png.vir
2016-04-21 20:19:37 . 2014-05-01 14:43:32 180 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\images\ui-bg_flat_75_aaaaaa_40x100.png.vir
2016-04-21 20:19:37 . 2014-05-01 14:43:32 180 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\images\ui-bg_flat_55_999999_40x100.png.vir
2016-04-21 20:19:37 . 2015-06-08 21:52:46 684 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\twitter-sprite.png.vir
2016-04-21 20:19:37 . 2015-06-08 21:52:46 970 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\search\search_engine_select_arrow.png.vir
2016-04-21 20:19:37 . 2015-06-08 21:52:46 2,145 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\search\search-omnibox-card_no-shadow.png.vir
2016-04-21 20:19:37 . 2015-06-08 21:52:46 4,108 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\search\search-engine-icons.png.vir
2016-04-21 20:19:37 . 2015-06-08 21:52:46 3,957 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\search\search-engine-card_no-shadow.png.vir
2016-04-21 20:19:37 . 2015-06-08 21:52:46 1,139 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\search\magnifying_glass.png.vir
2016-04-21 20:19:36 . 2015-06-08 21:52:46 160 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\search\check.png.vir
2016-04-21 20:19:36 . 2016-02-12 16:35:36 29,909 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\logo.png.vir
2016-04-21 20:19:36 . 2016-02-12 16:35:36 3,605 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\loader.gif.vir
2016-04-21 20:19:36 . 2016-04-21 20:19:37 3,124 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon48.png.vir
2016-04-21 20:19:36 . 2016-04-21 20:19:37 2,298 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon38.png.vir
2016-04-21 20:19:36 . 2016-02-12 16:35:36 2,498 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon38-whitelisted.png.vir
2016-04-21 20:19:36 . 2016-02-12 16:35:36 1,838 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon38-grayscale.png.vir
2016-04-21 20:19:36 . 2016-02-12 16:35:36 1,763 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon32.png.vir
2016-04-21 20:19:36 . 2016-02-12 16:35:36 1,305 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon24.png.vir
2016-04-21 20:19:36 . 2016-04-21 20:19:37 957 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon19.png.vir
2016-04-21 20:19:36 . 2016-02-12 16:35:36 969 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon19-whitelisted.png.vir
2016-04-21 20:19:36 . 2016-02-12 16:35:36 830 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon19-grayscale.png.vir
2016-04-21 20:19:36 . 2014-05-01 14:43:32 3,563 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\[email protected]
2016-04-21 20:19:36 . 2014-05-01 14:43:32 3,067 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon16_grayscale.png.vir
2016-04-21 20:19:36 . 2016-04-21 20:19:37 772 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon16.png.vir
2016-04-21 20:19:36 . 2016-04-21 20:19:37 11,305 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon128.png.vir
2016-04-21 20:19:36 . 2015-06-08 21:52:46 3,781 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\gplus-sprite.png.vir
2016-04-21 20:19:36 . 2015-06-08 21:52:46 252 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\facebook-sprite.png.vir
2016-04-21 20:19:36 . 2015-06-08 21:52:46 2,502 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\dropbox3.png.vir
2016-04-21 20:19:36 . 2015-06-08 21:52:46 3,885 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\dropbox2.png.vir
2016-04-21 20:19:36 . 2015-06-08 21:52:46 3,995 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\dropbox1.png.vir
2016-04-21 20:19:36 . 2014-05-01 14:43:32 848 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\delete.gif.vir
2016-04-21 20:19:36 . 2014-05-01 14:43:32 1,999 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\idlehandler.js.vir
2016-04-21 20:19:36 . 2016-02-12 16:35:36 5,766 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\gab_question.js.vir
2016-04-21 20:19:36 . 2016-02-12 16:35:36 8,963 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\functions.js.vir
2016-04-21 20:19:36 . 2016-04-12 17:18:40 39,013 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\filtering\myfilters.js.vir
2016-04-21 20:19:36 . 2016-02-12 16:35:36 10,072 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\filtering\filtertypes.js.vir
2016-04-21 20:19:36 . 2016-03-23 16:20:56 7,805 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\filtering\filterset.js.vir
2016-04-21 20:19:36 . 2016-02-12 16:35:36 1,377 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\filtering\filteroptions.js.vir
2016-04-21 20:19:36 . 2016-03-23 16:20:56 9,225 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\filtering\filternormalizer.js.vir
2016-04-21 20:19:36 . 2015-07-16 17:10:02 3,650 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\filtering\domainset.js.vir
2016-04-21 20:19:36 . 2016-02-12 16:35:36 13,004 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\filtering\declarativewebrequest.js.vir
2016-04-21 20:19:36 . 2016-02-12 16:35:36 1,230 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\datacollection.js.vir
2016-04-21 20:19:36 . 2015-06-08 21:52:46 2,809 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\checkupdates.js.vir
2016-04-21 20:19:36 . 2016-04-15 16:02:08 49,999 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\CHANGELOG.txt.vir
2016-04-21 20:19:36 . 2016-04-14 1654 9,179 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\button\popup.js.vir
2016-04-21 20:19:36 . 2016-02-12 16:35:36 3,776 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\button\popup.html.vir
2016-04-21 20:19:36 . 2015-07-24 16:43:48 2,520 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\button\popup.css.vir
2016-04-21 20:19:36 . 2016-02-12 16:35:36 9,303 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\bandaids.js.vir
2016-04-21 20:19:36 . 2016-04-15 15:43:56 61,172 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\background.js.vir
2016-04-21 20:19:36 . 2016-03-18 22:08:26 7,686 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\adblock_start_common.js.vir
2016-04-21 20:19:36 . 2016-03-18 22:08:26 4,030 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\adblock_start_chrome.js.vir
2016-04-21 20:19:36 . 2016-02-12 16:35:36 454 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\adblock_safari_contentblocking.js.vir
2016-04-21 20:19:36 . 2016-02-12 16:35:36 672 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\adblock_safari_beforeload.js.vir
2016-04-21 20:13:04 . 2016-04-24 20:41:50 88,121 ----a-w- C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Preferences.vir
2016-04-20 18:08:43 . 2016-04-20 18:08:43 97,551 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\1461175681.bdinstall.bin.vir
2016-04-20 18:08:01 . 2016-04-20 18:08:01 37,823 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\1461175679.bdinstall.bin.vir
2016-04-20 07:08:26 . 2016-04-20 07:08:26 229,101 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\1461135813.bdinstall.bin.vir
2016-04-20 07:00:46 . 2016-04-20 07:00:46 45,408 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\1461135622.bdinstall.bin.vir
2015-09-03 17:40:59 . 2015-09-03 17:40:59 231,802 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\1441302003.bdinstall.bin.vir
rballhills is offline  
Old 04-26-2016, 01:11 PM   #16
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, rballhills. You're very welcome.

We need to install another antivirus. I recommend Microsoft's Security Essentials, a good AV that is light on system resources:

Download Microsoft Security Essentials from Official Microsoft Download Center

Download, install, update, and run a full system scan.

------------------------------------------------------

Disable your antivirus and antispyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with ComboFix.

Open Notepad and copy/paste all the text in the quotebox below into Notepad:

Quote:
DeQuarantine::
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage-journal.vir
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage.vir
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Preferences.vir

Quit::
Save this Notepad file as CFScript.txt to your Desktop and then close the file.





Referring to the picture above, drag CFScript onto ComboFix

If you are prompted to update ComboFix, please choose Yes

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, DeQuarantine.txt in your next reply.

Please re-enable your antivirus before posting the log.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-27-2016, 05:15 PM   #17
Registered Member
 
Join Date: Apr 2016
Posts: 12
OS: Windows 7 SP 1



I closed the dequarantine.txt window by accident. How can I find it?
rballhills is offline  
Old 04-27-2016, 06:55 PM   #18
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

C:\DeQuarantine.txt

A text file should open. Please copy/paste the contents of that file in your next reply.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-28-2016, 12:47 AM   #19
Registered Member
 
Join Date: Apr 2016
Posts: 12
OS: Windows 7 SP 1



C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage-journal.vir -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage-journal
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage.vir -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Preferences.vir -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Preferences
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\adblock_safari_beforeload.js -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\adblock_safari_beforeload.js
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\adblock_safari_contentblocking.js -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\adblock_safari_contentblocking.js
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\adblock_start_chrome.js -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\adblock_start_chrome.js
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\adblock_start_common.js -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\adblock_start_common.js
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\background.js -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\background.js
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\bandaids.js -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\bandaids.js
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\CHANGELOG.txt -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\CHANGELOG.txt
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\checkupdates.js -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\checkupdates.js
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\datacollection.js -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\datacollection.js
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\functions.js -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\functions.js
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\gab_question.js -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\gab_question.js
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\idlehandler.js -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\idlehandler.js
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\LICENSE -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\LICENSE
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\manifest.json -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\manifest.json
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\notificationoverlay.js -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\notificationoverlay.js
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\port.js -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\port.js
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\punycode.min.js -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\punycode.min.js
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\README.markdown -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\README.markdown
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\stats.js -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\stats.js
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\survey.js -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\survey.js
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\translators.json -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\translators.json
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\ytchannel.js -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\ytchannel.js
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\button\popup.css -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\button\popup.css
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\button\popup.html -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\button\popup.html
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\button\popup.js -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\button\popup.js
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\filtering\declarativewebrequest.js -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\filtering\declarativewebrequest.js
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\filtering\domainset.js -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\filtering\domainset.js
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\filtering\filternormalizer.js -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\filtering\filternormalizer.js
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\filtering\filteroptions.js -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\filtering\filteroptions.js
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\filtering\filterset.js -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\filtering\filterset.js
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\filtering\filtertypes.js -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\filtering\filtertypes.js
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\filtering\myfilters.js -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\filtering\myfilters.js
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\delete.gif -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\delete.gif
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\dropbox1.png -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\dropbox1.png
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\dropbox2.png -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\dropbox2.png
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\dropbox3.png -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\dropbox3.png
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\facebook-sprite.png -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\facebook-sprite.png
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\gplus-sprite.png -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\gplus-sprite.png
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon128.png -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon128.png
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon16.png -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon16.png
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon16_grayscale.png -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon16_grayscale.png
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\[email protected] -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\[email protected]
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon19-grayscale.png -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon19-grayscale.png
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon19-whitelisted.png -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon19-whitelisted.png
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon19.png -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon19.png
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon24.png -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon24.png
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon32.png -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon32.png
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon38-grayscale.png -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon38-grayscale.png
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon38-whitelisted.png -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon38-whitelisted.png
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon38.png -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon38.png
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon48.png -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\icon48.png
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\loader.gif -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\loader.gif
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\logo.png -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\logo.png
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\twitter-sprite.png -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\twitter-sprite.png
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\search\check.png -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\search\check.png
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\search\magnifying_glass.png -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\search\magnifying_glass.png
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\search\search-engine-card_no-shadow.png -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\search\search-engine-card_no-shadow.png
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\search\search-engine-icons.png -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\search\search-engine-icons.png
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\search\search-omnibox-card_no-shadow.png -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\search\search-omnibox-card_no-shadow.png
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\search\search_engine_select_arrow.png -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\img\search\search_engine_select_arrow.png
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\jquery-ui.custom.min.js -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\jquery-ui.custom.min.js
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\jquery.cookie.js -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\jquery.cookie.js
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\jquery.min.js -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\jquery.min.js
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\jquery-ui.custom.css -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\jquery-ui.custom.css
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\override-page.css -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\override-page.css
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\images\ui-bg_flat_55_999999_40x100.png -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\images\ui-bg_flat_55_999999_40x100.png
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\images\ui-bg_flat_75_aaaaaa_40x100.png -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\images\ui-bg_flat_75_aaaaaa_40x100.png
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\images\ui-bg_glass_45_0078ae_1x400.png -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\images\ui-bg_glass_45_0078ae_1x400.png
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\images\ui-bg_glass_55_f8da4e_1x400.png -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\images\ui-bg_glass_55_f8da4e_1x400.png
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\images\ui-bg_glass_75_79c9ec_1x400.png -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\images\ui-bg_glass_75_79c9ec_1x400.png
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\images\ui-bg_gloss-wave_50_38cfff_500x100.png -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\images\ui-bg_gloss-wave_50_38cfff_500x100.png
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\images\ui-bg_gloss-wave_75_2191c0_500x100.png -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\images\ui-bg_gloss-wave_75_2191c0_500x100.png
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\images\ui-bg_inset-hard_100_fcfdfd_1x100.png -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\images\ui-bg_inset-hard_100_fcfdfd_1x100.png
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\images\ui-icons_056b93_256x240.png -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\images\ui-icons_056b93_256x240.png
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\images\ui-icons_d8e7f3_256x240.png -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\jquery\css\images\ui-icons_d8e7f3_256x240.png
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\bug-report.html -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\bug-report.html
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\bug-report.js -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\bug-report.js
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\customize.html -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\customize.html
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\customize.js -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\customize.js
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\filters.html -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\filters.html
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\filters.js -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\filters.js
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\general.html -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\general.html
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\general.js -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\general.js
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\index.html -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\index.html
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\index.js -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\index.js
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\options.css -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\options.css
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\support.html -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\support.html
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\support.js -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\options\support.js
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\pages\adreport.html -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\pages\adreport.html
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\pages\adreport.js -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\pages\adreport.js
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\pages\resourceblock.css -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\pages\resourceblock.css
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\pages\resourceblock.html -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\pages\resourceblock.html
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\pages\resourceblock.js -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\pages\resourceblock.js
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\pages\subscribe.css -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\pages\subscribe.css
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\pages\subscribe.html -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\pages\subscribe.html
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\pages\subscribe.js -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\pages\subscribe.js
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\uiscripts\load_jquery_ui.js -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\uiscripts\load_jquery_ui.js
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\uiscripts\send_content_to_back.js -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\uiscripts\send_content_to_back.js
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\uiscripts\top_open_blacklist_ui.js -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\uiscripts\top_open_blacklist_ui.js
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\uiscripts\top_open_whitelist_ui.js -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\uiscripts\top_open_whitelist_ui.js
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\uiscripts\blacklisting\blacklistui.js -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\uiscripts\blacklisting\blacklistui.js
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\uiscripts\blacklisting\clickwatcher.js -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\uiscripts\blacklisting\clickwatcher.js
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\uiscripts\blacklisting\elementchain.js -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\uiscripts\blacklisting\elementchain.js
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\uiscripts\blacklisting\overlay.js -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\uiscripts\blacklisting\overlay.js
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\uiscripts\blacklisting\rightclick_hook.js -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\uiscripts\blacklisting\rightclick_hook.js
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\ar\messages.json -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\ar\messages.json
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\bg\messages.json -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\bg\messages.json
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\ca\messages.json -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\ca\messages.json
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\cs\messages.json -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\cs\messages.json
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\da\messages.json -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\da\messages.json
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\de\messages.json -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\de\messages.json
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\el\messages.json -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\el\messages.json
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\en\messages.json -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\en\messages.json
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\es\messages.json -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\es\messages.json
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\fi\messages.json -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\fi\messages.json
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\fr\messages.json -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\fr\messages.json
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\gu\messages.json -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\gu\messages.json
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\he\messages.json -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\he\messages.json
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\hr\messages.json -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\hr\messages.json
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\hu\messages.json -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\hu\messages.json
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\id\messages.json -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\id\messages.json
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\it\messages.json -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\it\messages.json
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\ja\messages.json -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\ja\messages.json
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\ko\messages.json -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\ko\messages.json
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\nb\messages.json -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\nb\messages.json
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\nl\messages.json -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\nl\messages.json
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\pl\messages.json -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\pl\messages.json
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\pt_BR\messages.json -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\pt_BR\messages.json
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\pt_PT\messages.json -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\pt_PT\messages.json
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\ro\messages.json -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\ro\messages.json
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\ru\messages.json -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\ru\messages.json
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\sk\messages.json -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\sk\messages.json
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\sl\messages.json -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\sl\messages.json
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\sr\messages.json -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\sr\messages.json
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\sv\messages.json -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\sv\messages.json
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\tr\messages.json -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\tr\messages.json
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\uk\messages.json -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\uk\messages.json
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\vi\messages.json -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\vi\messages.json
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\zh_CN\messages.json -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\zh_CN\messages.json
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\zh_TW\messages.json -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_locales\zh_TW\messages.json
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_metadata\computed_hashes.json -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_metadata\computed_hashes.json
C:\Qoobox\Quarantine\C\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_metadata\verified_contents.json -> C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\_metadata\verified_contents.json
142 File(s) copied
rballhills is offline  
Old 04-28-2016, 07:41 PM   #20
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Is AdBlock working again in Chrome?
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Wireless Network wont work
Hi I have a old laptop (fujitsu Amilo m1451g) running on just newly reinstalled win xp home edition. I thought I had successfully installed all relevant drivers including intel R pro/wireless 2915abg network connection adaptor. I am getting available wireless connections in my area including my...
tsteele2005 Windows XP Support 6 11-23-2013 09:47 AM
BSOD 0x1A running Viber 3.1.1.60 on W7x64
Hello. I've installed Viber for Windows onto my stable system. Now I'm getting occasionally a BSOD 0x1A during first running hour. Now I killed the Viber app after Windows start and work ok for 3 hours. The Viber log.log file says: Product version 3.0.0.133634 The viber.exe file version is...
pieceofbrain BSOD, App Crashes And Hangs 2 09-28-2013 08:43 AM
Wireless Network drops
My family just moved last night and I have been experiencing intermittent drops of my wireless connection since. We started a new service with Time Warner cable, so we have cable internet. I tested one of the pc's in our house and it was getting a solid 9 mb/s, my pc just got 1 mb/s. About 4...
essenceofire Networking Support 90 12-04-2012 10:57 AM
Network activity problems
Hello TSF community, I always had problems with the internet of my computer, although I always attributed them to the old router. Since a few weeks I moved in a flat with a different ISP (The Cloud). I had few problems until a couple days ago. Basically, my computer is connected, and the...
Akynos Networking Support 1 10-15-2012 02:31 PM
Constant network activity, is this normal?
My home network is constantly active, I use network meter on my win 7 pc and it shows uploads and downloads every other second. If I remove my linksys e3000 router from the network and use a cable from pc to modem this activity stops. Network meter shows no activity till I do something like...
Marthos Networking Support 1 04-01-2011 12:55 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 11:25 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts