TechSpot

Computer slower than normal

By Winterblizzard
Dec 5, 2014
  1. I'd hate to admit it, but I need some help with things.
    Recently, on steam, I fell for a type phishing, which had came from a friend of mine.
    I used a program called "Zoek" from the very friend that got me fooled, which had cleared almost of all of what I thought to be spyware.
    This is after me using multiple scans from Malwarebytes, since I knew little to nothing about trying to find spyware and all this other stuff. Due to this scanning, I found a lot of items infected, so I quarantined all of them, just to be sure.
    So, after this, I noticed multiple items were running in the task manager, which I found odd, since there shouldn't be any need to this right? I found that chrome had 6 or 7 different tasks, Steam webhelper running 2 or 3 times, and some others running more than once, which put a dent in my CPU.
    I'd like to know if any of this is bad, or if I should do anything to stop them. Its really effecting how my computer runs so is there anything I can do to protect my computer from further failure?
     
  2. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================

    Chrome will open new process with every new tab open so it may be normal but if you want to get your computer checked...


    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.
     
  3. Winterblizzard

    Winterblizzard TS Rookie Topic Starter Posts: 24

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 12/6/2014
    Scan Time: 9:37:46 AM
    Logfile: Malwarebytes_scan_log.txt
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2014.12.06.05
    Rootkit Database: v2014.12.03.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 8
    CPU: x64
    File System: NTFS
    User: Cole

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 404715
    Time Elapsed: 52 min, 33 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 1
    PUP.Optional.EasyLife.A, C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage": "http://search.easylifeapp.com/",), ,[f5827be38eee71c5ad771387ab5a1ae6]

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  4. Winterblizzard

    Winterblizzard TS Rookie Topic Starter Posts: 24

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16921 BrowserJavaVersion: 10.71.2
    Run by Cole at 10:37:28 on 2014-12-06
    Microsoft Windows 8 Pro 6.2.9200.0.1252.1.1033.18.3810.1610 [GMT -5:00]
    .
    AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\system32\dwm.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhostex.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
    C:\Windows\system32\dashost.exe
    C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
    C:\Users\Cole\AppData\Local\Akamai\netsession_win.exe
    C:\Windows\System32\RuntimeBroker.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Users\Cole\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files\McAfee Security Scan\3.10.106\SSScheduler.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVAST Software\Avast\avastui.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = www.google.com
    uDefault_Page_URL = hxxp://www.google.com
    mStart Page = www.google.com
    uProxyOverride = <-loopback>;<local>
    mWinlogon: Userinit = userinit.exe,
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.10.106\McAfeeMSS_IE.dll
    BHO: Microsoft Web Test Recorder 12.0 Helper: {432dd630-7e03-4c97-9d62-b99f52df4fc2} - C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: ArcPluginIEBHO Class: {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files (x86)\Perfect World Entertainment\Arc\plugins\ArcPluginIE.dll
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    EB: Web Test Recorder 12.0: {46857999-9b7c-4895-9d22-81a4a2478868} -
    uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    uRun: [Akamai NetSession Interface] "C:\Users\Cole\AppData\Local\Akamai\netsession_win.exe"
    uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [Gameiki] C:\Program Files (x86)\Gameiki\Gameiki Mod Installer\Gameiki Mod Installer.exe Update
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    StartupFolder: C:\Users\Cole\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
    StartupFolder: C:\Users\Cole\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~2.LNK - C:\Windows\System32\RunDll32.exe
    StartupFolder: C:\Users\Cole\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\-HPDES~1.LNK -
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.10.106\SSScheduler.exe
    mPolicies-System: SoftwareSASGeneration = dword:1
    IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
    TCP: NameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{1CB6D5E7-3036-4916-913F-0D6A9B54420F} : DHCPNameServer = 209.18.47.61 209.18.47.62
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
    AppInit_DLLs= c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
    x64-mStart Page = www.google.com
    x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
    x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
    x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
    x64-mPolicies-System: SoftwareSASGeneration = dword:1
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
    x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
    x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
    x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;avast! Revert;C:\Windows\System32\Drivers\aswRvrt.sys [2014-12-5 65776]
    R0 aswVmm;avast! VM Monitor;C:\Windows\System32\Drivers\aswVmm.sys [2014-12-5 267632]
    R1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswsnx.sys [2014-12-5 1050432]
    R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswSP.sys [2014-12-5 436624]
    R1 HMD;COMODO livePCsupport Hardware Monitor Driver;C:\Windows\System32\Drivers\hmd.sys [2013-10-4 14888]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-10-18 239616]
    R2 aswHwid;avast! HardwareID;C:\Windows\System32\Drivers\aswHwid.sys [2014-12-5 29208]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2014-12-5 83280]
    R2 aswStm;aswStm;C:\Windows\System32\Drivers\aswStm.sys [2014-12-5 116728]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-12-5 50344]
    R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-3-14 2443960]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-12-1 1871160]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-12-1 969016]
    R2 RzKLService;RzKLService;C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [2014-6-25 105448]
    R2 VBoxAswDrv;VBoxAsw Support Driver;C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2014-12-5 271752]
    R3 AvastVBoxSvc;AvastVBox COM Service;C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2014-12-5 4012248]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2014-12-1 25816]
    R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\Drivers\MBAMSwissArmy.sys [2014-12-1 129752]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\Drivers\mwac.sys [2014-12-1 64216]
    R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
    S3 ArcService;Arc Service;C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [2013-5-23 88424]
    S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\Drivers\lvrs64.sys [2012-10-26 351520]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.10.106\McCHSvc.exe [2014-11-4 289256]
    S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [2013-8-22 119808]
    S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-25 117248]
    S3 VsEtwService120;Visual Studio ETW Event Collection Service;C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [2013-8-27 87136]
    S3 xusb22;Xbox 360 Wireless Receiver Driver Service 22;C:\Windows\System32\Drivers\xusb22.sys [2012-7-25 89088]
    .
    =============== File Associations ===============
    .
    FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
    .
    =============== Created Last 30 ================
    .
    2014-12-06 00:13:17 -------- d-----w- C:\Users\Cole\AppData\Roaming\Dropbox
    2014-12-06 00:10:15 -------- d-----w- C:\Windows\SysWow64\vbox
    2014-12-06 00:10:15 -------- d-----w- C:\Windows\System32\vbox
    2014-12-06 00:09:18 -------- d-----w- C:\Users\Cole\AppData\Roaming\AVAST Software
    2014-12-06 00:07:58 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2014-12-06 00:07:58 83280 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2014-12-06 00:07:58 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
    2014-12-06 00:07:58 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
    2014-12-06 00:07:58 267632 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
    2014-12-06 00:07:58 116728 ----a-w- C:\Windows\System32\drivers\aswStm.sys
    2014-12-06 00:07:58 1050432 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
    2014-12-06 00:07:47 43152 ----a-w- C:\Windows\avastSS.scr
    2014-12-06 00:05:14 -------- d-----w- C:\Program Files\AVAST Software
    2014-12-06 00:02:32 -------- d-----w- C:\ProgramData\AVAST Software
    2014-12-05 12:25:03 941720 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\NISBackup\gapaengine.dll
    2014-12-05 12:25:03 1188440 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{701A1C47-65A5-48EF-B90D-2E9336FDF693}\gapaengine.dll
    2014-12-05 12:24:24 11632448 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2C7D13A0-63C4-48E6-A6D5-0A9290BD196C}\mpengine.dll
    2014-12-05 00:12:52 -------- d-----w- C:\Program Files (x86)\Security Task Manager
    2014-12-02 01:21:07 269992 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10248.bin
    2014-12-02 00:25:04 -------- d-----w- C:\zoek_backup
    2014-12-01 20:37:09 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-12-01 20:36:50 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-12-01 20:36:50 64216 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2014-12-01 20:36:50 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-12-01 20:36:50 -------- d-----w- C:\ProgramData\Malwarebytes
    2014-12-01 20:36:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-12-01 20:29:22 -------- d-----w- C:\ProgramData\McAfee Security Scan
    2014-12-01 20:29:20 -------- d-----w- C:\Program Files\McAfee Security Scan
    2014-11-28 15:05:42 -------- d-----w- C:\Users\Cole\AppData\Local\Risk_of_Rain
    2014-11-26 22:57:07 -------- d-----w- C:\Users\Cole\AppData\Local\Game Dev Tycoon - Steam
    2014-11-16 05:00:48 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
    .
    ==================== Find3M ====================
    .
    2014-11-03 23:12:12 46136 ---ha-w- C:\Windows\System32\drivers\Hamdrv.sys
    2014-10-30 11:25:26 275080 ------w- C:\Windows\System32\MpSigStub.exe
    2014-10-19 19:26:31 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    .
    ============= FINISH: 10:41:37.65 ===============
     
  5. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    I still need Attach.txt log from DDS.
     
  6. Winterblizzard

    Winterblizzard TS Rookie Topic Starter Posts: 24

    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 8 Pro
    Boot Device: \Device\HarddiskVolume2
    Install Date: 12/2/2012 10:23:55 AM
    System Uptime: 12/6/2014 9:11:14 AM (1 hours ago)
    .
    Motherboard: Gateway | | SX2110G
    Processor: AMD E1-1200 APU with Radeon(tm) HD Graphics | P0 | 1400/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 422 GiB total, 110.792 GiB free.
    D: is FIXED (NTFS) - 0 GiB total, 0.162 GiB free.
    E: is FIXED (NTFS) - 17 GiB total, 3.911 GiB free.
    G: is Removable
    H: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP150: 12/4/2014 12:59:19 AM - Scheduled Checkpoint
    RP151: 12/5/2014 7:04:13 PM - avast! antivirus system restore point
    .
    ==== Installed Programs ======================
    .
    Tools for .Net 3.5
    Adobe Flash Player 15 Plugin
    Adobe Reader XI (11.0.09)
    Akamai NetSession Interface
    Apple Application Support
    Arc
    Avast Free Antivirus
    AzureTools.Notifications
    BattleBlock Theater
    Behaviors SDK (XAML) for Visual Studio
    Blend for Visual Studio Add-in for Adobe FXG Import
    Blend for Visual Studio SDK for .NET 4.5
    Blend for Visual Studio SDK for Silverlight 5
    Build Tools - amd64
    Build Tools - x86
    Build Tools Language Resources - amd64
    Build Tools Language Resources - x86
    Bunny Must Die! Chelsea and the 7 Devils
    Cthulhu Saves the World
    Don't Starve
    Dotfuscator and Analytics Community Edition
    Dust: An Elysian Tail
    Entity Framework Designer for Visual Studio 2012 - enu
    Floating Point
    Game Dev Tycoon
    Garry's Mod
    GCFScape 1.8.5
    GIMP 2.8.10
    Goat Simulator
    Google Chrome
    Google Update Helper
    Half-Life
    Half-Life 2
    Half-Life 2: Episode One
    Half-Life 2: Episode Two
    Half-Life 2: Lost Coast
    Half-Life: Blue Shift
    Half-Life: Opposing Force
    HP Deskjet 1000 J110 series Basic Device Software
    HP Deskjet 1000 J110 series Product Improvement Study
    HP Update
    Java 7 Update 71
    Java Auto Updater
    JavaScript Tooling
    Left 4 Dead 2
    LocalESPC Dev12
    LocalESPCui for en-us Dev12
    Logitech SetPoint 6.65
    Magicka
    Malwarebytes Anti-Malware version 2.0.4.1028
    McAfee Security Scan Plus
    Media Player Classic - Home Cinema v1.5.2.3456
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft .NET Framework 4.5 Multi-Targeting Pack
    Microsoft .NET Framework 4.5 SDK
    Microsoft .NET Framework 4.5.1 Multi-Targeting Pack
    Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU)
    Microsoft .NET Framework 4.5.1 Multi-Targeting Pack for Windows Store Apps
    Microsoft .NET Framework 4.5.1 Multi-Targeting Pack for Windows Store Apps (ENU)
    Microsoft .NET Framework 4.5.1 SDK
    Microsoft Advertising SDK for Windows 8.1 - ENU
    Microsoft Advertising Service Extension for Visual Studio
    Microsoft C++ REST SDK for Visual Studio 2013 RC
    Microsoft Expression Blend SDK for .NET 4
    Microsoft Expression Blend SDK for Silverlight 4
    Microsoft Help Viewer 2.0
    Microsoft Help Viewer 2.1
    Microsoft NuGet - Visual Studio 2013 RC
    Microsoft NuGet - Visual Studio Express 2012 for Windows Desktop
    Microsoft Office 365 - en-us
    Microsoft OneDrive
    Microsoft Portable Library Multi-Targeting Pack
    Microsoft Portable Library Multi-Targeting Pack Language Pack - enu
    Microsoft Report Viewer Add-On for Visual Studio 2013 RC
    Microsoft Silverlight
    Microsoft SQL Server 2012 Command Line Utilities
    Microsoft SQL Server 2012 Data-Tier App Framework
    Microsoft SQL Server 2012 Data-Tier App Framework (x64)
    Microsoft SQL Server 2012 Express LocalDB
    Microsoft SQL Server 2012 Management Objects
    Microsoft SQL Server 2012 Management Objects (x64)
    Microsoft SQL Server 2012 Native Client
    Microsoft SQL Server 2012 T-SQL Language Service
    Microsoft SQL Server 2012 Transact-SQL Compiler Service
    Microsoft SQL Server 2012 Transact-SQL ScriptDom
    Microsoft SQL Server Compact 4.0 SP1 x64 ENU
    Microsoft SQL Server Data Tools - enu (11.1.20828.01)
    Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01)
    Microsoft SQL Server System CLR Types
    Microsoft SQL Server System CLR Types (x64)
    Microsoft System CLR Types for SQL Server 2012
    Microsoft System CLR Types for SQL Server 2012 (x64)
    Microsoft Team Foundation Server 2013 RC Object Model (x64)
    Microsoft Team Foundation Server 2013 RC Object Model Language Pack (x64) - ENU
    Microsoft Text-to-Speech Engine 4.0 (English)
    Microsoft Visual C++ ARM Libraries
    Microsoft Visual C++ x64-arm Cross Compilers
    Microsoft Visual C++ x64-arm Cross Compilers - ENU Resources
    Microsoft Visual C++ x64-x86 Cross Compilers
    Microsoft Visual C++ x64-x86 Cross Compilers - ENU Resources
    Microsoft Visual C++ x64 Libraries
    Microsoft Visual C++ x64 Native Compilers
    Microsoft Visual C++ x64 Native Compilers - ENU Resources
    Microsoft Visual C++ x86 Libraries
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2012 32bit Compilers - ENU Resources
    Microsoft Visual C++ 2012 Core Libraries
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
    Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.60610
    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
    Microsoft Visual C++ 2012 x86-x64 Compilers
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
    Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.60610
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
    Microsoft Visual C++ 2013 RC x64 Designtime - 12.0.20827
    Microsoft Visual C++ 2013 32bit Compilers - ENU Resources
    Microsoft Visual C++ 2013 Compilers
    Microsoft Visual C++ 2013 Compilers - ENU Resources
    Microsoft Visual C++ 2013 Core Libraries
    Microsoft Visual C++ 2013 Extended Libraries
    Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.20827
    Microsoft Visual C++ 2013 x64 Debug Runtime - 12.0.20827
    Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.20827
    Microsoft Visual C++ 2013 x86-x64 Compilers
    Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.20827
    Microsoft Visual C++ 2013 x86 Debug Runtime - 12.0.20827
    Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.20827
    Microsoft Visual Studio 2012 Express Prerequisites x64 - ENU
    Microsoft Visual Studio 2012 Preparation
    Microsoft Visual Studio 2012 Shell (Minimum)
    Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
    Microsoft Visual Studio 2012 Shell (Minimum) Resources
    Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU
    Microsoft Visual Studio 2013 Devenv
    Microsoft Visual Studio 2013 IntelliTrace Core amd64
    Microsoft Visual Studio 2013 IntelliTrace Core x86
    Microsoft Visual Studio 2013 IntelliTrace Front End x86
    Microsoft Visual Studio 2013 Profiling Tools
    Microsoft Visual Studio 2013 RC Devenv Resources
    Microsoft Visual Studio 2013 RC Performance Collection Tools
    Microsoft Visual Studio 2013 RC Performance Collection Tools - ENU
    Microsoft Visual Studio 2013 RC Preparation
    Microsoft Visual Studio 2013 RC Shell (Minimum) Resources
    Microsoft Visual Studio 2013 RC Team Explorer Language Pack - ENU
    Microsoft Visual Studio 2013 Shell (Minimum)
    Microsoft Visual Studio 2013 Shell (Minimum) Interop Assemblies
    Microsoft Visual Studio 2013 VsGraphics Helper Dependencies RC
    Microsoft Visual Studio Express 2012 for Windows Desktop
    Microsoft Visual Studio Express 2012 for Windows Desktop - ENU
    Microsoft Visual Studio Premium 2013 RC
    Microsoft Visual Studio Premium 2013 RC - ENU
    Microsoft Visual Studio Professional 2013 RC
    Microsoft Visual Studio Professional 2013 RC - ENU
    Microsoft Visual Studio Team Foundation Server 2012 Object Model
    Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU
    Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
    Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU
    Microsoft Visual Studio Team Foundation Server 2013 RC Storyboarding (x64)
    Microsoft Visual Studio Team Foundation Server 2013 RC Storyboarding Language Pack (x64) - ENU
    Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
    Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources
    Microsoft Visual Studio Ultimate 2013 RC
    Microsoft Visual Studio Ultimate 2013 RC - ENU
    Microsoft Visual Studio Ultimate 2013 RC XAML UI Designer Core
    Microsoft Visual Studio Ultimate 2013 RC XAML UI Designer enu Resources
    Microsoft XNA Framework Redistributable 3.1
    Microsoft XNA Framework Redistributable 4.0 Refresh
    NVIDIA PhysX
    Office 15 Click-to-Run Extensibility Component
    Office 15 Click-to-Run Licensing Component
    Office 15 Click-to-Run Localization Component
    Origin
    Pando Media Booster
    Performance Tools for Visual Studio 2013 RC
    Poker Night 2
    Poker Night at the Inventory
    Portal
    Portal 2
    PowerISO
    PreEmptive Analytics Visual Studio Components
    Prerequisites for SSDT
    Python 3.3.1 (64-bit)
    Python 3.3.2
    Python Tools for Visual Studio 2013 (2.0 Dev 2013-09-20)
    Razer Game Booster
    Realtek High Definition Audio Driver
    Risk of Rain
    ROBLOX Player
    ROBLOX Player for Cole
    ROBLOX Studio 2013 for Cole
    Sonic Adventure DX
    Source Filmmaker
    Steam
    System Requirements Lab CYRI
    Team Explorer for Microsoft Visual Studio 2013 RC
    Team Fortress 2
    Team Fortress Classic
    Terraria
    The Binding of Isaac
    The Binding of Isaac: Rebirth
    The Escapists
    TrackMania Nations Forever
    TypeScript for Microsoft® Visual Studio® 2012 and 2013
    Unity Web Player
    Update for (KB2504637)
    Update for Japanese Microsoft IME Postal Code Dictionary
    Update for Japanese Microsoft IME Standard Dictionary
    Update for Japanese Microsoft IME Standard Extended Dictionary
    Update for Microsoft Visual Studio 2012 (KB2781514)
    VideoPad Video Editor
    Visual F# 3.1 SDK
    Visual F# 3.1 VS
    Visual Studio 2012 Update 3 (KB2707250)
    Visual Studio 2013 Prerequisites
    Visual Studio 2013 Prerequisites - ENU Language Pack
    Visual Studio Extensions for Windows Library for JavaScript
    VLC media player 2.0.7
    WCF Data Services 5.6.0 Runtime
    WCF Data Services Tools for Microsoft Visual Studio 2013
    Windows App Certification Kit Native Components
    Windows App Certification Kit x64
    Windows Azure Mobile Services SDK
    Windows Azure Mobile Services Tools for Visual Studio 2013 Preview - v1.0
    Windows Azure Shared Components for Microsoft Visual Studio 2013 - v1.0
    Windows Movie Maker 2.6
    Windows Runtime Intellisense Content - en-us
    Windows Software Development Kit
    Windows Software Development Kit DirectX x64 Remote
    Windows Software Development Kit DirectX x86 Remote
    Windows Software Development Kit for Windows Store Apps
    Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
    Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
    Windows XP Targeting with C++
    WinRAR 4.20 (32-bit)
    WinZip Registry Optimizer
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/6/2014 9:38:46 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-1563641593-1657672194-2611614249-1001-0-ntuser.dat' was corrupted and it has been recovered. Some data might have been lost.
    12/6/2014 9:13:47 AM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
    12/6/2014 9:12:58 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AvastVBox COM Service service to connect.
    12/6/2014 9:12:58 AM, Error: Service Control Manager [7000] - The AvastVBox COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/6/2014 9:12:58 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service AvastVBoxSvc with arguments "Unavailable" in order to run the server: {F319F1B8-7587-4146-AF9C-0D6D77819BF1}
    12/6/2014 9:11:22 AM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.
    12/5/2014 7:23:19 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB2267602 (Definition 1.189.1443.0).
    12/4/2014 12:55:19 AM, Error: volsnap [36] -
    12/1/2014 4:11:37 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Users\Cole\ntuser.dat' was corrupted and it has been recovered. Some data might have been lost.
    11/30/2014 3:51:15 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EFS service.
    .
    ==== End Of File ===========================
     
  7. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [​IMG] Malwarebytes Anti-Rootkit to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
    NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.
     
  8. Winterblizzard

    Winterblizzard TS Rookie Topic Starter Posts: 24

    RogueKiller V10.0.8.0 [Nov 20 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 8 (6.2.9200 ) 64 bits version
    Started in : Normal mode
    User : Cole [Administrator]
    Mode : Delete -- Date : 12/06/2014 22:02:26

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 15 ¤¤¤
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\qknfd (system32\drivers\qknfd.sys) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qknfd (system32\drivers\qknfd.sys) -> Not selected
    [PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Not selected
    [PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Not selected
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1563641593-1657672194-2611614249-1001\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Not selected
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1563641593-1657672194-2611614249-1001\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)][UNITED STATES (US)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)][UNITED STATES (US)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1CB6D5E7-3036-4916-913F-0D6A9B54420F} | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)][UNITED STATES (US)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1CB6D5E7-3036-4916-913F-0D6A9B54420F} | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)][UNITED STATES (US)] -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

    ¤¤¤ Tasks : 1 ¤¤¤
    [Suspicious.Path] \\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} -- C:\ProgramData\cis54C3.exe (--PostUninstall {15198508-521A-4D69-8E5B-B94A6CCFF805}) -> Deleted

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: WDC WD5000AAKX-22ERMA0 +++++
    --- User ---
    [MBR] a6de0d316046af047d474b690aaf920a
    [BSP] 385be197ed43c090f8eb776be34b1656 : Empty MBR Code
    Partition table:
    0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )


    ============================================
     
  9. Winterblizzard

    Winterblizzard TS Rookie Topic Starter Posts: 24

    Malwarebytes Anti-Rootkit BETA 1.08.2.1001
    www.malwarebytes.org

    Database version: v2014.12.07.03

    Windows 8 x64 NTFS
    Internet Explorer 10.0.9200.16921
    Cole :: ETHAN [administrator]

    12/6/2014 10:11:41 PM
    mbar-log-2014-12-06 (22-11-41).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 403222
    Time elapsed: 26 minute(s), 50 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)
     
  10. Winterblizzard

    Winterblizzard TS Rookie Topic Starter Posts: 24

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.08.2.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.2.9200 Windows 8 x64

    Account is Administrative

    Internet Explorer version: 10.0.9200.16921

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
    CPU speed: 1.397000 GHz
    Memory total: 3995144192, free: 2112270336

    Downloaded database version: v2014.12.07.03
    Downloaded database version: v2014.12.03.01
    Downloaded database version: v2014.12.06.01
    =======================================
    Initializing...
    ------------ Kernel report ------------
    12/06/2014 22:11:05
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kd.dll
    \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    \SystemRoot\System32\drivers\CLFS.SYS
    \SystemRoot\System32\drivers\tm.sys
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\BOOTVID.dll
    \SystemRoot\system32\CI.dll
    \SystemRoot\System32\drivers\msrpc.sys
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\System32\Drivers\acpiex.sys
    \SystemRoot\System32\Drivers\WppRecorder.sys
    \SystemRoot\System32\drivers\ACPI.sys
    \SystemRoot\System32\drivers\WMILIB.SYS
    \SystemRoot\System32\drivers\msisadrv.sys
    \SystemRoot\System32\drivers\pci.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\system32\drivers\tpm.sys
    \SystemRoot\System32\drivers\vdrvroot.sys
    \SystemRoot\system32\drivers\pdc.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\System32\drivers\spaceport.sys
    \SystemRoot\System32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\System32\drivers\storahci.sys
    \SystemRoot\System32\drivers\storport.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\System32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\DRIVERS\wfplwfs.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\System32\drivers\volsnap.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\disk.sys
    \SystemRoot\System32\drivers\CLASSPNP.SYS
    \SystemRoot\System32\Drivers\aswVmm.sys
    \SystemRoot\System32\Drivers\aswRvrt.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\drivers\cdrom.sys
    \SystemRoot\system32\drivers\aswSnx.sys
    \SystemRoot\system32\drivers\aswSP.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\BasicRender.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\System32\drivers\BasicDisplay.sys
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\aswRdr2.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\csc.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\System32\Drivers\SCDEmu.SYS
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\System32\drivers\npsvctrig.sys
    \SystemRoot\System32\drivers\mssmbios.sys
    \SystemRoot\system32\DRIVERS\hmd.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\System32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\kdnic.sys
    \SystemRoot\System32\drivers\umbus.sys
    \SystemRoot\system32\DRIVERS\atikmpag.sys
    \SystemRoot\system32\DRIVERS\atikmdag.sys
    \SystemRoot\System32\drivers\HDAudBus.sys
    \SystemRoot\System32\drivers\usbohci.sys
    \SystemRoot\System32\drivers\USBPORT.SYS
    \SystemRoot\System32\drivers\usbehci.sys
    \SystemRoot\system32\DRIVERS\Rt630x64.sys
    \SystemRoot\System32\drivers\amdppm.sys
    \SystemRoot\System32\drivers\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\System32\drivers\swenum.sys
    \SystemRoot\System32\drivers\ks.sys
    \SystemRoot\System32\drivers\rdpbus.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\System32\drivers\usbhub.sys
    \SystemRoot\System32\drivers\USBD.SYS
    \SystemRoot\system32\drivers\HdAudio.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \SystemRoot\System32\drivers\usbccgp.sys
    \SystemRoot\System32\drivers\hidusb.sys
    \SystemRoot\System32\drivers\HIDCLASS.SYS
    \SystemRoot\System32\drivers\HIDPARSE.SYS
    \SystemRoot\System32\drivers\USBSTOR.SYS
    \SystemRoot\System32\drivers\mouhid.sys
    \SystemRoot\System32\drivers\mouclass.sys
    \SystemRoot\System32\drivers\kbdhid.sys
    \SystemRoot\System32\drivers\kbdclass.sys
    \SystemRoot\System32\Drivers\dump_diskdump.sys
    \SystemRoot\System32\Drivers\dump_storahci.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\drivers\aswMonFlt.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\System32\drivers\condrv.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\drivers\aswHwid.sys
    \SystemRoot\system32\drivers\Ndu.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\mslldp.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\WUDFRd.sys
    \SystemRoot\System32\drivers\rdpvideominiport.sys
    \SystemRoot\System32\drivers\rdpdr.sys
    \SystemRoot\System32\drivers\monitor.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xfffffa80059ac060
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\00000046\
    Lower Device Object: 0xfffffa80055fc620
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8004bf5060
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\00000031\
    Lower Device Object: 0xfffffa80049b3060
    Lower Device Driver Name: \Driver\storahci\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8004bf5060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8004bf62b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8004bf5060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    DevicePointer: 0xfffffa80049b3060, DeviceName: \Device\00000031\, DriverName: \Driver\storahci\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    File "C:\Windows\System32\Drivers\vwifibus.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    This drive is a GPT Drive.
    MBR Signature: 55AA
    Disk Signature: D49E1276

    GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1 Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 1092762581
    GPT Header CurrentLba = 1 BackupLba 976773167
    GPT Header FirstUsableLba 34 LastUsableLba 976773134
    GPT Header Guid 5e9c1399-692-415d-a261-dfd4a3675bc
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 1092762581
    Backup GPT header CurrentLba = 976773167 BackupLba 1
    Backup GPT header FirstUsableLba 34 LastUsableLba 976773134
    Backup GPT header Guid 5e9c1399-692-415d-a261-dfd4a3675bc
    Backup GPT header Contains 128 partition entries starting at LBA 976773135
    Backup GPT header Partition entry size = 128

    Partition 0 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID f529e0ad-3ca5-11e2-b2cd-c8678288d8c
    FirstLBA 2048 Last LBA 821247
    Attributes 0
    Partition Name

    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 7b30be30-c697-4845-a435-28445787a736
    FirstLBA 821248 Last LBA 1435647
    Attributes 0
    Partition Name EFI

    GPT Partition 1 is bootable
    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 60574fc4-383b-4735-a96a-55bfe687b5a9
    FirstLBA 1435648 Last LBA 1697791
    Attributes 0
    Partition Name Micr

    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 37b8eda2-2710-0-80fe-806e6f6e6963
    FirstLBA 1697792 Last LBA 886924012
    Attributes 0
    Partition Name

    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID f529e0ae-3ca5-11e2-b2cd-c8678288d8c
    FirstLBA 941121536 Last LBA 976773119
    Attributes 0
    Partition Name

    Disk Size: 500107862016 bytes
    Sector size: 512 bytes

    Done!
    Physical Sector Size: 0
    Drive: 1, DevicePointer: 0xfffffa80059ac060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa80059ac970, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa80059ac060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
    DevicePointer: 0xfffffa80055fc620, DeviceName: \Device\00000046\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removal finished
     
  11. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  12. Winterblizzard

    Winterblizzard TS Rookie Topic Starter Posts: 24

    I've got the log, but its really large, and I would have to paste more than 5 or 4 replies to get the whole log in, do you want me to attach the log to a reply, or just make 5 or 4 replies?
     
  13. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Split it between several replies.
     
  14. Winterblizzard

    Winterblizzard TS Rookie Topic Starter Posts: 24

    ComboFix 14-12-04.01 - Cole 12/06/2014 23:16:30.1.2 - x64
    Microsoft Windows 8 Pro 6.2.9200.0.1252.1.1033.18.3810.2284 [GMT -5:00]
    Running from: c:\users\Cole\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\background.html
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\content.js
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\lsdb.js
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\manifest.json
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\w6Z.js
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\background.html
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\content.js
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\lsdb.js
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\manifest.json
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\SijwRs_Ahy.js
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\Aj0Iq.js
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\background.html
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\content.js
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\lsdb.js
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\manifest.json
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\background.html
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\content.js
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\lsdb.js
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\manifest.json
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\newtab.html
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\WuO0uqYBN.js
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\background.html
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\content.js
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\lsdb.js
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\manifest.json
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\YzMH2v.js
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\background.html
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\content.js
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\lsdb.js
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\manifest.json
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\w6Z.js
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\background.html
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\content.js
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\lsdb.js
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\manifest.json
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\SijwRs_Ahy.js
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\Aj0Iq.js
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\background.html
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\content.js
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\lsdb.js
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\manifest.json
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\background.html
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\content.js
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\lsdb.js
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\manifest.json
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\newtab.html
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\WuO0uqYBN.js
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\background.html
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\content.js
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\lsdb.js
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\manifest.json
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\YzMH2v.js
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\background.html
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\content.js
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\lsdb.js
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\manifest.json
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\w6Z.js
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\background.html
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\content.js
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\lsdb.js
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\manifest.json
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\SijwRs_Ahy.js
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\Aj0Iq.js
     
  15. Winterblizzard

    Winterblizzard TS Rookie Topic Starter Posts: 24

    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\background.html
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\content.js
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\lsdb.js
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\manifest.json
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\background.html
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\content.js
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\lsdb.js
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\manifest.json
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\newtab.html
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\WuO0uqYBN.js
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\background.html
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\content.js
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\lsdb.js
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\manifest.json
    c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\YzMH2v.js
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\background.html
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\content.js
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\lsdb.js
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\manifest.json
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\w6Z.js
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\background.html
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\content.js
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\lsdb.js
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\manifest.json
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\SijwRs_Ahy.js
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\Aj0Iq.js
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\background.html
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\content.js
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\lsdb.js
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\manifest.json
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\background.html
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\content.js
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\lsdb.js
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\manifest.json
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\newtab.html
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\WuO0uqYBN.js
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\background.html
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\content.js
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\lsdb.js
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\manifest.json
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\YzMH2v.js
    c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok
    c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\background.html
    c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\content.js
    c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\lsdb.js
    c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\manifest.json
    c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\w6Z.js
    c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf
    c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\background.html
    c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\content.js
    c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\lsdb.js
    c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\manifest.json
    c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\SijwRs_Ahy.js
    c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm
    c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\Aj0Iq.js
    c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\background.html
    c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\content.js
    c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\lsdb.js
    c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\manifest.json
    c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki
    c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\background.html
    c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\content.js
    c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\lsdb.js
    c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\manifest.json
    c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\newtab.html
    c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\WuO0uqYBN.js
    c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
    c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\background.html
    c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\content.js
    c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\lsdb.js
    c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\manifest.json
    c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\YzMH2v.js
    c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok
    c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\background.html
    c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\content.js
    c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\lsdb.js
    c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\manifest.json
    c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\w6Z.js
    c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf
    c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\background.html
    c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\content.js
    c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\lsdb.js
    c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\manifest.json
    c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\SijwRs_Ahy.js
    c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm
    c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\Aj0Iq.js
    c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\background.html
    c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\content.js
    c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\lsdb.js
    c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\manifest.json
    c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki
    c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\background.html
    c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\content.js
    c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\lsdb.js
    c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\manifest.json
    c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\newtab.html
    c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\WuO0uqYBN.js
    c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
    c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\background.html
    c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\content.js
    c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\lsdb.js
    c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\manifest.json
    c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\YzMH2v.js
    c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok
    c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\background.html
    c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\content.js
    c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\lsdb.js
    c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\manifest.json
    c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\w6Z.js
    c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf
    c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\background.html
    c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\content.js
    c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\lsdb.js
    c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\manifest.json
    c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\SijwRs_Ahy.js
    c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm
    c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\Aj0Iq.js
    c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\background.html
    c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\content.js
    c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\lsdb.js
    c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\manifest.json
    c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki
    c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\background.html
    c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\content.js
    c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\lsdb.js
    c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\manifest.json
    c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\newtab.html
    c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\WuO0uqYBN.js
    c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
    c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\background.html
    c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\content.js
    c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\lsdb.js
    c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\manifest.json
    c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\YzMH2v.js
    c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok
    c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\background.html
    c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\content.js
    c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\lsdb.js
    c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\manifest.json
    c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\w6Z.js
    c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf
    c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\background.html
    c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\content.js
    c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\lsdb.js
    c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\manifest.json
    c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\SijwRs_Ahy.js
    c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm
    c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\Aj0Iq.js
    c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\background.html
    c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\content.js
    c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\lsdb.js
    c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\manifest.json
    c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki
    c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\background.html
    c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\content.js
    c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\lsdb.js
    c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\manifest.json
    c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\newtab.html
    c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\WuO0uqYBN.js
    c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
    c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\background.html
    c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\content.js
    c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\lsdb.js
    c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\manifest.json
    c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\YzMH2v.js
    c:\users\Cole\AppData\Local\assembly\tmp
    c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok
    c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\background.html
    c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\content.js
    c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\lsdb.js
    c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\manifest.json
    c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\w6Z.js
    c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf
    c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\background.html
    c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\content.js
    c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\lsdb.js
    c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\manifest.json
    c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\SijwRs_Ahy.js
    c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm
    c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\Aj0Iq.js
    c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\background.html
    c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\content.js
    c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\lsdb.js
    c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\manifest.json
    c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki
    c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\background.html
    c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\content.js
    c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\lsdb.js
    c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\manifest.json
     
  16. Winterblizzard

    Winterblizzard TS Rookie Topic Starter Posts: 24

    c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\newtab.html
    c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\WuO0uqYBN.js
    c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
    c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\background.html
    c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\content.js
    c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\lsdb.js
    c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\manifest.json
    c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\YzMH2v.js
    c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok
    c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\background.html
    c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\content.js
    c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\lsdb.js
    c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\manifest.json
    c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\w6Z.js
    c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf
    c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\background.html
    c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\content.js
    c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\lsdb.js
    c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\manifest.json
    c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\SijwRs_Ahy.js
    c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm
    c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\Aj0Iq.js
    c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\background.html
    c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\content.js
    c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\lsdb.js
    c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\manifest.json
    c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki
    c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\background.html
    c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\content.js
    c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\lsdb.js
    c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\manifest.json
    c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\newtab.html
    c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\WuO0uqYBN.js
    c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
    c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\background.html
    c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\content.js
    c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\lsdb.js
    c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\manifest.json
    c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\YzMH2v.js
    c:\users\Cole\AppData\Local\Google\Chrome\User Data\Default\Preferences
    c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok
    c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\background.html
    c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\content.js
    c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\lsdb.js
    c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\manifest.json
    c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\w6Z.js
    c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf
    c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\background.html
    c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\content.js
    c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\lsdb.js
    c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\manifest.json
    c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\SijwRs_Ahy.js
    c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm
    c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\Aj0Iq.js
    c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\background.html
    c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\content.js
    c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\lsdb.js
    c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\manifest.json
    c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki
    c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\background.html
    c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\content.js
    c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\lsdb.js
    c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\manifest.json
    c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\newtab.html
    c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\WuO0uqYBN.js
    c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
    c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\background.html
    c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\content.js
    c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\lsdb.js
    c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\manifest.json
    c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\YzMH2v.js
    c:\users\Cole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk
    c:\users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\extensions\staged
    c:\users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\extensions\staged\ea-4qlz@zarqmxyo.org\bootstrap.js
    c:\users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\extensions\staged\ea-4qlz@zarqmxyo.org\chrome.manifest
    c:\users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\extensions\staged\ea-4qlz@zarqmxyo.org\content\bg.js
    c:\users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\extensions\staged\ea-4qlz@zarqmxyo.org\install.rdf
    c:\users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\extensions\staged\iyuepayg@smsya.com\bootstrap.js
    c:\users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\extensions\staged\iyuepayg@smsya.com\chrome.manifest
    c:\users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\extensions\staged\iyuepayg@smsya.com\content\bg.js
    c:\users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\extensions\staged\iyuepayg@smsya.com\install.rdf
    c:\users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\extensions\staged\neu@ejqo-.co.uk\bootstrap.js
    c:\users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\extensions\staged\neu@ejqo-.co.uk\chrome.manifest
    c:\users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\extensions\staged\neu@ejqo-.co.uk\content\bg.js
    c:\users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\extensions\staged\neu@ejqo-.co.uk\install.rdf
    c:\users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\extensions\staged\odbo@jzanm.edu\bootstrap.js
    c:\users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\extensions\staged\odbo@jzanm.edu\chrome.manifest
    c:\users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\extensions\staged\odbo@jzanm.edu\content\bg.js
    c:\users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\extensions\staged\odbo@jzanm.edu\install.rdf
    c:\users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\extensions\staged\ooacf_0uyou@iknlkhieiefzsc.com\bootstrap.js
    c:\users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\extensions\staged\ooacf_0uyou@iknlkhieiefzsc.com\chrome.manifest
    c:\users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\extensions\staged\ooacf_0uyou@iknlkhieiefzsc.com\content\bg.js
    c:\users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\extensions\staged\ooacf_0uyou@iknlkhieiefzsc.com\install.rdf
    c:\users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\extensions\staged\s-yaoa@ooaoyi-.net\bootstrap.js
    c:\users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\extensions\staged\s-yaoa@ooaoyi-.net\chrome.manifest
    c:\users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\extensions\staged\s-yaoa@ooaoyi-.net\content\bg.js
    c:\users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\extensions\staged\s-yaoa@ooaoyi-.net\install.rdf
    c:\users\Cole\AppData\Roaming\windows
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\background.html
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\content.js
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\lsdb.js
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\manifest.json
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\w6Z.js
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\background.html
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\content.js
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\lsdb.js
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\manifest.json
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\SijwRs_Ahy.js
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\Aj0Iq.js
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\background.html
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\content.js
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\lsdb.js
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\manifest.json
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\background.html
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\content.js
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\lsdb.js
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\manifest.json
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\newtab.html
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\WuO0uqYBN.js
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\background.html
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\content.js
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\lsdb.js
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\manifest.json
    c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\YzMH2v.js
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\background.html
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\content.js
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\lsdb.js
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\manifest.json
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\w6Z.js
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\background.html
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\content.js
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\lsdb.js
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\manifest.json
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\SijwRs_Ahy.js
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\Aj0Iq.js
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\background.html
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\content.js
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\lsdb.js
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\manifest.json
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\background.html
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\content.js
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\lsdb.js
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\manifest.json
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\newtab.html
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\WuO0uqYBN.js
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\background.html
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\content.js
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\lsdb.js
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\manifest.json
    c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\YzMH2v.js
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\background.html
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\content.js
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\lsdb.js
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\manifest.json
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\w6Z.js
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\background.html
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\content.js
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\lsdb.js
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\manifest.json
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\SijwRs_Ahy.js
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\Aj0Iq.js
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\background.html
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\content.js
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\lsdb.js
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\manifest.json
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\background.html
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\content.js
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\lsdb.js
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\manifest.json
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\newtab.html
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\WuO0uqYBN.js
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\background.html
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\content.js
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\lsdb.js
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\manifest.json
    c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\YzMH2v.js
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\background.html
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\content.js
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\lsdb.js
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\manifest.json
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\w6Z.js
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\background.html
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\content.js
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\lsdb.js
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\manifest.json
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\SijwRs_Ahy.js
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\Aj0Iq.js
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\background.html
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\content.js
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\lsdb.js
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\manifest.json
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\background.html
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\content.js
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\lsdb.js
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\manifest.json
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\newtab.html
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\WuO0uqYBN.js
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\background.html
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\content.js
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\lsdb.js
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\manifest.json
    c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\YzMH2v.js
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\background.html
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\content.js
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\w6Z.js
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\background.html
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\content.js
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\SijwRs_Ahy.js
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\Aj0Iq.js
     
  17. Winterblizzard

    Winterblizzard TS Rookie Topic Starter Posts: 24

    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\background.html
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\content.js
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\background.html
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\content.js
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\newtab.html
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\WuO0uqYBN.js
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\background.html
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\content.js
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\YzMH2v.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\background.html
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\content.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\w6Z.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\background.html
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\content.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\SijwRs_Ahy.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\Aj0Iq.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\background.html
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\content.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\background.html
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\content.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\newtab.html
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\WuO0uqYBN.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\background.html
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\content.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\YzMH2v.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\background.html
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\content.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\w6Z.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\background.html
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\content.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\SijwRs_Ahy.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\Aj0Iq.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\background.html
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\content.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\background.html
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\content.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\newtab.html
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\WuO0uqYBN.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\background.html
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\content.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\YzMH2v.js
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\background.html
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\content.js
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\w6Z.js
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\background.html
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\content.js
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\SijwRs_Ahy.js
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\Aj0Iq.js
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\background.html
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\content.js
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\background.html
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\content.js
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\newtab.html
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\WuO0uqYBN.js
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\background.html
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\content.js
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\YzMH2v.js
    c:\windows\msdownld.tmp
    c:\windows\SysWow64\html
    c:\windows\SysWow64\images
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-11-07 to 2014-12-07 )))))))))))))))))))))))))))))))
    .
    .
    2014-12-07 04:56 . 2014-12-07 04:56 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-12-07 03:11 . 2014-12-07 03:38 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2014-12-07 02:51 . 2014-12-07 02:51 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2014-12-07 02:51 . 2014-12-07 02:51 -------- d-----w- c:\programdata\RogueKiller
    2014-12-06 00:13 . 2014-12-06 00:13 -------- d-----w- c:\users\Cole\AppData\Roaming\Dropbox
    2014-12-06 00:10 . 2014-12-06 00:11 -------- d-----w- c:\windows\SysWow64\vbox
    2014-12-06 00:10 . 2014-12-06 00:11 -------- d-----w- c:\windows\system32\vbox
    2014-12-06 00:09 . 2014-12-06 00:09 -------- d-----w- c:\users\Cole\AppData\Roaming\AVAST Software
    2014-12-06 00:07 . 2014-12-06 00:08 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys
    2014-12-06 00:07 . 2014-12-06 00:07 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2014-12-06 00:07 . 2014-12-06 00:07 436624 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2014-12-06 00:07 . 2014-12-06 00:07 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2014-12-06 00:07 . 2014-12-06 00:07 116728 ----a-w- c:\windows\system32\drivers\aswStm.sys
    2014-12-06 00:07 . 2014-12-06 00:07 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2014-12-06 00:07 . 2014-12-06 00:07 83280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2014-12-06 00:07 . 2014-12-06 00:07 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
    2014-12-06 00:07 . 2014-12-06 00:07 364512 ----a-w- c:\windows\system32\aswBoot.exe
    2014-12-06 00:07 . 2014-12-06 00:07 43152 ----a-w- c:\windows\avastSS.scr
    2014-12-06 00:05 . 2014-12-06 00:05 -------- d-----w- c:\program files\AVAST Software
    2014-12-06 00:02 . 2014-12-06 00:05 -------- d-----w- c:\programdata\AVAST Software
    2014-12-05 12:25 . 2014-09-10 20:30 1188440 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{701A1C47-65A5-48EF-B90D-2E9336FDF693}\gapaengine.dll
    2014-12-05 12:25 . 2013-07-16 09:02 941720 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\NISBackup\gapaengine.dll
    2014-12-05 12:24 . 2014-11-17 07:08 11632448 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2C7D13A0-63C4-48E6-A6D5-0A9290BD196C}\mpengine.dll
    2014-12-05 00:12 . 2014-12-05 00:12 -------- d-----w- c:\program files (x86)\Security Task Manager
    2014-12-02 01:21 . 2014-12-06 19:20 269992 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10248.bin
    2014-12-02 00:25 . 2014-12-02 00:25 -------- d-----w- C:\zoek_backup
    2014-12-01 20:37 . 2014-12-07 03:11 135384 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-12-01 20:36 . 2014-12-07 03:10 96472 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-12-01 20:36 . 2014-12-05 00:23 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
    2014-12-01 20:36 . 2014-12-01 20:36 -------- d-----w- c:\programdata\Malwarebytes
    2014-12-01 20:36 . 2014-11-21 11:14 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-12-01 20:36 . 2014-11-21 11:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-11-28 15:05 . 2014-11-28 15:05 -------- d-----w- c:\users\Cole\AppData\Local\Risk_of_Rain
    2014-11-26 22:57 . 2014-11-29 02:28 -------- d-----w- c:\users\Cole\AppData\Local\Game Dev Tycoon - Steam
    2014-11-16 05:00 . 2014-11-16 05:00 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-11-03 23:12 . 2014-11-03 23:12 46136 ---ha-w- c:\windows\system32\drivers\Hamdrv.sys
    2014-10-30 11:25 . 2012-12-06 03:45 275080 ------w- c:\windows\system32\MpSigStub.exe
    2014-10-19 19:26 . 2014-10-19 19:26 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2014-10-07 09:06 . 2013-04-20 03:24 590536 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2014-04-14 00:55 223432 ----a-w- c:\users\Cole\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2014-04-14 00:55 223432 ----a-w- c:\users\Cole\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2014-04-14 00:55 223432 ----a-w- c:\users\Cole\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-12-02 3093624]
    "Akamai NetSession Interface"="c:\users\Cole\AppData\Local\Akamai\netsession_win.exe" [2014-10-30 4673432]
    "Steam"="c:\program files (x86)\Steam\steam.exe" [2014-11-18 1940160]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2013-01-27 337432]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
    "Gameiki"="c:\program files (x86)\Gameiki\Gameiki Mod Installer\Gameiki Mod Installer.exe" [2014-02-23 358912]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-09-26 271744]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-12-06 5226600]
    .
    c:\users\Cole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Monitor Ink Alerts - HP Deskjet 1000 J110 series Class Driver.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 1000 J110 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN2142N1H605D2;CONNECTION=USB;MONITOR=1; [2012-7-25 51712]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "EnableUIADesktopToggle"= 0 (0x0)
    "EnableCursorSuppression"= 1 (0x1)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "SoftwareSASGeneration"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    R1 qknfd;qknfd;c:\windows\system32\drivers\qknfd.sys;c:\windows\SYSNATIVE\drivers\qknfd.sys [x]
    R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
    R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    R3 ArcService;Arc Service;c:\program files (x86)\Perfect World Entertainment\Arc\ArcService.exe;c:\program files (x86)\Perfect World Entertainment\Arc\ArcService.exe [x]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
    R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
    R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [x]
    R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
    R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
    R3 VsEtwService120;Visual Studio ETW Event Collection Service;c:\program files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe;c:\program files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [x]
    R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]
    R3 xusb22;Xbox 360 Wireless Receiver Driver Service 22;c:\windows\System32\drivers\xusb22.sys;c:\windows\SYSNATIVE\drivers\xusb22.sys [x]
    S0 aswRvrt;avast! Revert; [x]
    S0 aswVmm;avast! VM Monitor; [x]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
    S1 HMD;COMODO livePCsupport Hardware Monitor Driver;c:\windows\system32\DRIVERS\hmd.sys;c:\windows\SYSNATIVE\DRIVERS\hmd.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
    S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
    S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
    S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
    S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-03-15 15:26 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
    2013-09-05 14:04 215416 ----a-w- c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-12-07 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-14 20:47]
    .
    2014-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-02 15:36]
    .
    2014-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-02 15:36]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2014-04-14 00:56 262344 ----a-w- c:\users\Cole\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2014-04-14 00:56 262344 ----a-w- c:\users\Cole\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2014-04-14 00:56 262344 ----a-w- c:\users\Cole\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2014-10-14 18:27 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2014-10-14 18:27 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2014-10-14 18:27 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2014-12-06 00:07 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2014-05-19 3100440]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = www.google.com
    mStart Page = www.google.com
    uInternet Settings,ProxyOverride = <-loopback>;<local>
    IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{5F0DB9C6-EF49-4748-A75D-FAD76538734C} - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va012]
    "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    @SACL=(02 0000)
    .
    Completion time: 2014-12-07 00:05:31
    ComboFix-quarantined-files.txt 2014-12-07 05:05
    .
    Pre-Run: 118,136,549,376 bytes free
    Post-Run: 119,830,290,432 bytes free
    .
    - - End Of File - - CC38B8A9877E34AF3C262714457E0AD7
    5FB38429D5D77768867C76DCBDB35194
     
  18. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  19. Winterblizzard

    Winterblizzard TS Rookie Topic Starter Posts: 24

    # AdwCleaner v4.104 - Report created 07/12/2014 at 13:41:12
    # Updated 05/12/2014 by Xplode
    # Database : 2014-12-03.1 [Live]
    # Operating System : Windows 8 Pro (64 bits)
    # Username : Cole - ETHAN
    # Running from : C:\Users\Cole\Desktop\adwcleaner_4.104.exe
    # Option : Clean

    ***** [ Services ] *****

    Service Deleted : qknfd

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\apn
    Folder Deleted : C:\ProgramData\Babylon
    Folder Deleted : C:\ProgramData\NCH Software
    Folder Deleted : C:\ProgramData\safesoft
    Folder Deleted : C:\ProgramData\SNT
    Folder Deleted : C:\ProgramData\DiiisecaountExtenssi
    Folder Deleted : C:\ProgramData\saifEwwebb
    Folder Deleted : C:\ProgramData\e3c2888e6ef84f2f
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Registry Optimizer
    Folder Deleted : C:\Program Files (x86)\GreenTree Applications
    Folder Deleted : C:\Program Files (x86)\Iminent
    Folder Deleted : C:\Program Files (x86)\NCH Software
    Folder Deleted : C:\Program Files (x86)\SNT
    Folder Deleted : C:\Program Files (x86)\WinZip Registry Optimizer
    Folder Deleted : C:\Program Files (x86)\DiiisecaountExtenssi
    Folder Deleted : C:\Program Files (x86)\saifEwwebb
    Folder Deleted : C:\Windows\SysWOW64\SearchProtect
    Folder Deleted : C:\Users\Administrator\AppData\Local\torch
    Folder Deleted : C:\Users\ASPNET\AppData\Local\torch
    Folder Deleted : C:\Users\Cole\AppData\Local\torch
    Folder Deleted : C:\Users\Cole\AppData\Roaming\Babylon
    Folder Deleted : C:\Users\Cole\AppData\Roaming\NCH Software
    Folder Deleted : C:\Users\Cole\AppData\Roaming\Systweak
    Folder Deleted : C:\Users\Guest\AppData\Local\torch
    Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
    File Deleted : C:\END

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKCU\Software\5fe8d88e03cea46
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-917353282
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{031B4006-CAC5-4F51-8294-A53933798B5B}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7E82846D-8C6B-4C30-82D1-2B94AAD3B0BB}
    Key Deleted : HKCU\Software\RegisteredApplicationsEx
    Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
    Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
    Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
    Key Deleted : HKLM\SOFTWARE\Babylon
    Key Deleted : HKLM\SOFTWARE\InfoAtoms
    Key Deleted : HKLM\SOFTWARE\InstallCore
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B138259A-351E-33FA-2726-8D71704F1DA9}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375

    ***** [ Browsers ] *****

    -\\ Internet Explorer v10.0.9200.16921


    -\\ Mozilla Firefox v

    [7x74npej.default\prefs.js] - Line Deleted : user_pref("extensions.enabledAddons", "webbooster@iminent.com:5.14.1.0,{972ce4c6-7e08-4474-a285-3208198ce6fd}:16.0.1");
    [7x74npej.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "WebSearch");
    [7x74npej.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "WebSearch");
    [7x74npej.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "WebSearch");
    [7x74npej.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
    [7x74npej.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
    [7x74npej.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");

    -\\ Google Chrome v33.0.1750.154

    [C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
    [C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

    -\\ Chromium v

    [C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
    [C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

    -\\ Comodo Dragon v

    [C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
    [C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

    *************************

    AdwCleaner[R0].txt - [14238 octets] - [07/12/2014 13:29:15]
    AdwCleaner[S0].txt - [14665 octets] - [07/12/2014 13:41:12]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14726 octets] ##########
     
  20. Winterblizzard

    Winterblizzard TS Rookie Topic Starter Posts: 24

    Seems to be that Junkware download page is down at this time, any other links to get it from?
     
  21. Broni

    Broni Malware Annihilator Posts: 52,892   +344

  22. Winterblizzard

    Winterblizzard TS Rookie Topic Starter Posts: 24

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.0 (11.29.2014:1)
    OS: Windows 8 Pro x64
    Ran by Cole on Sun 12/07/2014 at 14:03:06.50
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Users\Cole\AppData\Roaming\ask4expert"
    Successfully deleted: [Folder] "C:\Users\Cole\AppData\Roaming\mywordtool"
    Successfully deleted: [Folder] "C:\Program Files (x86)\ask4expert"
    Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 12/07/2014 at 14:15:49.63
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  23. Winterblizzard

    Winterblizzard TS Rookie Topic Starter Posts: 24

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-12-2014 01
    Ran by Cole (administrator) on ETHAN on 07-12-2014 14:20:34
    Running from C:\Users\Cole\Desktop
    Loaded Profile: Cole (Available profiles: Cole)
    Platform: Windows 8 Pro (X64) OS Language: English (United States)
    Internet Explorer Version 10
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (Akamai Technologies, Inc.) C:\Users\Cole\AppData\Local\Akamai\netsession_win.exe
    (Akamai Technologies, Inc.) C:\Users\Cole\AppData\Local\Akamai\netsession_win.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
    (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
    HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
    HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [337432 2013-01-27] (Power Software Ltd)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
    HKLM-x32\...\Run: [Gameiki] => C:\Program Files (x86)\Gameiki\Gameiki Mod Installer\Gameiki Mod Installer.exe [358912 2014-02-23] ()
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-12-05] (AVAST Software)
    Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
    HKU\S-1-5-21-1563641593-1657672194-2611614249-1001\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-12-02] ()
    HKU\S-1-5-21-1563641593-1657672194-2611614249-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Cole\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
    HKU\S-1-5-21-1563641593-1657672194-2611614249-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1940160 2014-11-18] (Valve Corporation)
    Startup: C:\Users\Cole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1000 J110 series Class Driver.lnk
    ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1000 J110 series Class Driver.lnk -> C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
    Startup: C:\Users\Cole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\インク警告のモニタ - HP Deskjet 1000 J110 series Class Driver.lnk
    ShortcutTarget: インク警告のモニタ - HP Deskjet 1000 J110 series Class Driver.lnk -> C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-1563641593-1657672194-2611614249-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-1563641593-1657672194-2611614249-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-1563641593-1657672194-2611614249-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x641AD6BBA1D0CD01
    HKU\S-1-5-21-1563641593-1657672194-2611614249-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US,en;q=0.5
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKLM-x32 -> DefaultScope value is missing.
    SearchScopes: HKU\S-1-5-21-1563641593-1657672194-2611614249-1001 -> {BED63B85-3095-456B-B95C-A2FA0C5BEFBB} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKU\S-1-5-21-1563641593-1657672194-2611614249-1001 -> No Name - {5F0DB9C6-EF49-4748-A75D-FAD76538734C} - No File
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

    FireFox:
    ========
    FF ProfilePath: C:\Users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
    FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1563641593-1657672194-2611614249-1001: @nsroblox.roblox.com/launcher -> C:\Users\Cole\AppData\Local\Roblox\Versions\version-a21a1def88774149\\NPRobloxProxy.dll ( ROBLOX Corporation)
    FF Plugin HKU\S-1-5-21-1563641593-1657672194-2611614249-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Cole\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF Plugin HKU\S-1-5-21-1563641593-1657672194-2611614249-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF Extension: MyWordTool - C:\Users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\Extensions\emily@wilford.biz [2014-01-18]
    FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
    FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-08-10]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-05]

    Chrome:
    =======
    CHR Profile: C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-07]
    CHR Extension: (Google Drive) - C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-07]
    CHR Extension: (YouTube) - C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-07]
    CHR Extension: (Google Search) - C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-07]
    CHR Extension: (Avast Online Security) - C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-07]
    CHR Extension: (Google Wallet) - C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
    CHR Extension: (Gmail) - C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-07]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-05]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88424 2013-05-23] (Perfect World Entertainment Inc)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-05] (AVAST Software)
    R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-05] (Avast Software)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
    S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [658432 2013-04-11] (Macrovision Europe Ltd.) [File not signed]
    S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation) [File not signed]
    S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
    S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
    S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87136 2013-08-27] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-05] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-05] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-05] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-05] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-05] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-05] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-05] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-05] ()
    S3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-11-03] (LogMeIn Inc.)
    R1 HMD; C:\Windows\system32\DRIVERS\hmd.sys [14888 2013-10-04] ()
    S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
    R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-25] (Microsoft Corporation)
    U3 TrueSight; C:\Windows\System32\Drivers\TrueSight.sys [34808 2014-12-06] ()
    R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-05] (Avast Software)
    S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-25] (Microsoft Corporation)
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
    S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-07 14:20 - 2014-12-07 14:21 - 00016566 _____ () C:\Users\Cole\Desktop\FRST.txt
    2014-12-07 14:20 - 2014-12-07 14:20 - 00000000 ____D () C:\FRST
    2014-12-07 14:18 - 2014-12-07 14:18 - 02119680 _____ (Farbar) C:\Users\Cole\Downloads\FRST64.exe
    2014-12-07 14:18 - 2014-12-07 14:18 - 02119680 _____ (Farbar) C:\Users\Cole\Desktop\FRST64.exe
    2014-12-07 14:15 - 2014-12-07 14:15 - 00000911 _____ () C:\Users\Cole\Desktop\JRT.txt
    2014-12-07 14:03 - 2014-12-07 14:03 - 00000000 ____D () C:\Windows\ERUNT
    2014-12-07 14:01 - 2014-12-07 14:01 - 01707646 _____ (Thisisu) C:\Users\Cole\Downloads\JRT.exe
    2014-12-07 14:01 - 2014-12-07 14:01 - 01707646 _____ (Thisisu) C:\Users\Cole\Desktop\JRT.exe
    2014-12-07 13:47 - 2014-12-07 13:47 - 00000197 _____ () C:\Windows\system32\2014-12-07-18-47-21.058-AvastVBoxSVC.exe-4952.log
    2014-12-07 13:29 - 2014-12-07 13:41 - 00000000 ____D () C:\AdwCleaner
    2014-12-07 13:29 - 2014-12-07 13:29 - 00000055 _____ () C:\AdwCleanerDebug.txt
    2014-12-07 13:28 - 2014-12-07 13:28 - 02153472 _____ () C:\Users\Cole\Downloads\adwcleaner_4.104.exe
    2014-12-07 13:28 - 2014-12-07 13:28 - 02153472 _____ () C:\Users\Cole\Desktop\adwcleaner_4.104.exe
    2014-12-07 00:05 - 2014-12-07 00:05 - 00091989 _____ () C:\ComboFix.txt
    2014-12-06 23:11 - 2014-12-07 00:05 - 00000000 ____D () C:\Qoobox
    2014-12-06 23:11 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
    2014-12-06 23:11 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
    2014-12-06 23:11 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2014-12-06 23:11 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2014-12-06 23:11 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2014-12-06 23:11 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
    2014-12-06 23:11 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
    2014-12-06 23:11 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
    2014-12-06 23:11 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
    2014-12-06 23:10 - 2014-12-06 23:59 - 00000000 ____D () C:\Windows\erdnt
    2014-12-06 23:04 - 2014-12-06 23:04 - 05600479 ____R (Swearware) C:\Users\Cole\Desktop\ComboFix.exe
    2014-12-06 23:04 - 2014-12-06 23:04 - 05600479 _____ (Swearware) C:\Users\Cole\Downloads\ComboFix.exe
    2014-12-06 22:11 - 2014-12-06 22:38 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-12-06 22:09 - 2014-12-06 22:38 - 00000000 ____D () C:\Users\Cole\Desktop\mbar
    2014-12-06 22:09 - 2014-12-06 22:09 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Cole\Downloads\mbar-1.08.2.1001.exe
    2014-12-06 22:09 - 2014-12-06 22:09 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Cole\Desktop\mbar-1.08.2.1001.exe
    2014-12-06 21:51 - 2014-12-06 21:51 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2014-12-06 21:51 - 2014-12-06 21:51 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-12-06 21:50 - 2014-12-06 23:10 - 00004248 _____ () C:\Users\Cole\Desktop\New Text Document.txt
    2014-12-06 21:46 - 2014-12-06 21:46 - 15196248 _____ () C:\Users\Cole\Downloads\RogueKiller.exe
    2014-12-06 21:46 - 2014-12-06 21:46 - 15196248 _____ () C:\Users\Cole\Desktop\RogueKiller.exe
    2014-12-06 10:36 - 2014-12-06 10:36 - 00688992 ____R (Swearware) C:\Users\Cole\Desktop\dds.com
    2014-12-06 10:36 - 2014-12-06 10:36 - 00688992 _____ (Swearware) C:\Users\Cole\Downloads\dds.com
    2014-12-06 10:31 - 2014-12-06 10:47 - 00000000 ____D () C:\Users\Cole\Desktop\Logsfromscanning
    2014-12-06 09:14 - 2014-12-06 09:16 - 00000197 _____ () C:\Windows\system32\2014-12-06-14-14-50.072-AvastVBoxSVC.exe-2788.log
    2014-12-05 20:08 - 2014-12-05 20:08 - 00000247 _____ () C:\Windows\system32\2014-12-06-01-08-09.028-aswFe.exe-5272.log
    2014-12-05 19:56 - 2014-12-05 20:07 - 00000247 _____ () C:\Windows\system32\2014-12-06-00-56-39.065-aswFe.exe-4880.log
    2014-12-05 19:56 - 2014-12-05 19:56 - 00000197 _____ () C:\Windows\system32\2014-12-06-00-56-31.084-AvastVBoxSVC.exe-1028.log
    2014-12-05 19:13 - 2014-12-05 19:13 - 00000000 ____D () C:\Users\Cole\AppData\Roaming\Dropbox
    2014-12-05 19:10 - 2014-12-05 19:11 - 00000000 ____D () C:\Windows\SysWOW64\vbox
    2014-12-05 19:10 - 2014-12-05 19:11 - 00000000 ____D () C:\Windows\system32\vbox
    2014-12-05 19:09 - 2014-12-05 19:09 - 00001971 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2014-12-05 19:09 - 2014-12-05 19:09 - 00000000 ____D () C:\Users\Cole\AppData\Roaming\AVAST Software
    2014-12-05 19:09 - 2014-12-05 19:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2014-12-05 19:08 - 2014-12-07 13:46 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2014-12-05 19:07 - 2014-12-05 19:08 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
    2014-12-05 19:07 - 2014-12-05 19:07 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2014-12-05 19:07 - 2014-12-05 19:07 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2014-12-05 19:07 - 2014-12-05 19:07 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2014-12-05 19:07 - 2014-12-05 19:07 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2014-12-05 19:07 - 2014-12-05 19:07 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2014-12-05 19:07 - 2014-12-05 19:07 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2014-12-05 19:07 - 2014-12-05 19:07 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
    2014-12-05 19:07 - 2014-12-05 19:07 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-12-05 19:07 - 2014-12-05 19:07 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
    2014-12-05 19:05 - 2014-12-05 19:05 - 00000000 ____D () C:\Program Files\AVAST Software
    2014-12-05 19:02 - 2014-12-05 19:05 - 00000000 ____D () C:\ProgramData\AVAST Software
    2014-12-05 19:01 - 2014-12-05 19:01 - 05006864 _____ (AVAST Software) C:\Users\Cole\Downloads\avast_free_antivirus_setup_online.exe
    2014-12-05 15:28 - 2014-05-19 21:33 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2014-12-05 15:28 - 2014-05-19 18:45 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2014-12-05 15:28 - 2014-05-19 18:45 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2014-12-05 15:28 - 2014-05-19 18:24 - 03286528 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2014-12-05 15:28 - 2014-05-19 18:24 - 01623040 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2014-12-05 15:28 - 2014-05-19 18:24 - 00773632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2014-12-05 15:28 - 2014-05-19 18:24 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
    2014-12-05 15:28 - 2014-05-19 18:24 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
    2014-12-05 15:28 - 2014-05-19 18:24 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2014-12-05 15:28 - 2014-05-14 17:43 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2014-12-05 15:28 - 2014-05-14 17:43 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2014-12-05 15:28 - 2014-05-14 17:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2014-12-05 15:28 - 2014-05-14 17:42 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2014-12-04 19:12 - 2014-12-04 19:12 - 02365840 _____ () C:\Users\Cole\Downloads\SecurityTaskManager_Setup.exe
    2014-12-04 19:12 - 2014-12-04 19:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
    2014-12-04 19:12 - 2014-12-04 19:12 - 00000000 ____D () C:\Program Files (x86)\Security Task Manager
    2014-12-04 18:25 - 2014-12-04 18:25 - 00001479 _____ () C:\Users\Cole\AppData\Local\recently-used.xbel
    2014-12-01 19:47 - 2014-12-01 19:57 - 00040590 _____ () C:\zoek-results.log
    2014-12-01 19:26 - 2014-12-01 19:22 - 01295360 _____ () C:\Users\Cole\Desktop\zoek.exe
    2014-12-01 19:25 - 2014-12-01 19:25 - 00000000 ____D () C:\zoek_backup
    2014-12-01 19:22 - 2014-12-01 19:22 - 01295360 _____ () C:\Users\Cole\Downloads\zoek.exe
    2014-12-01 15:37 - 2014-12-07 13:48 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-12-01 15:36 - 2014-12-06 22:10 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-12-01 15:36 - 2014-12-04 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-12-01 15:36 - 2014-12-04 19:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-12-01 15:36 - 2014-12-01 17:46 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-12-01 15:36 - 2014-12-01 15:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-12-01 15:36 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-12-01 15:36 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-12-01 15:28 - 2014-12-01 15:28 - 08423856 _____ (McAfee, Inc.) C:\Users\Cole\Downloads\SecurityScan_Release.exe
    2014-11-30 12:35 - 2014-11-30 12:35 - 00000219 _____ () C:\Users\Cole\Desktop\Team Fortress 2.url
    2014-11-28 15:00 - 2014-11-28 15:00 - 00000222 _____ () C:\Users\Cole\Desktop\Dust An Elysian Tail.url
    2014-11-28 10:05 - 2014-11-28 10:05 - 00000000 ____D () C:\Users\Cole\AppData\Local\Risk_of_Rain
    2014-11-26 17:57 - 2014-11-28 21:28 - 00000000 ____D () C:\Users\Cole\AppData\Local\Game Dev Tycoon - Steam
    2014-11-26 17:42 - 2014-11-26 17:42 - 00000222 _____ () C:\Users\Cole\Desktop\Game Dev Tycoon.url
    2014-11-26 15:43 - 2014-11-26 15:43 - 00000000 ____D () C:\Users\Cole\Documents\SEGA
    2014-11-26 14:34 - 2014-11-26 14:34 - 00000222 _____ () C:\Users\Cole\Desktop\The Binding of Isaac Rebirth.url
    2014-11-17 16:19 - 2014-11-17 16:19 - 00174984 _____ () C:\Users\Cole\Downloads\f81b2d4e-cc65-4c47-9575-1b5926f70107.vtf
    2014-11-17 16:19 - 2014-11-17 16:19 - 00000183 _____ () C:\Users\Cole\Downloads\f81b2d4e-cc65-4c47-9575-1b5926f70107.vmt
    2014-11-09 00:03 - 2014-11-09 00:03 - 00394446 _____ () C:\Users\Cole\Downloads\pyrovision_fix.rar

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-07 14:14 - 2012-12-02 10:42 - 00000000 ____D () C:\Users\Cole\AppData\Local\PMB Files
    2014-12-07 14:13 - 2012-12-02 10:33 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1563641593-1657672194-2611614249-1001
    2014-12-07 14:00 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\sru
    2014-12-07 13:58 - 2014-06-27 07:57 - 01222276 _____ () C:\Windows\WindowsUpdate.log
    2014-12-07 13:50 - 2012-12-02 04:49 - 00000000 ____D () C:\Program Files (x86)\Steam
    2014-12-07 13:47 - 2014-07-13 21:51 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-12-07 13:43 - 2014-06-28 16:07 - 00148806 _____ () C:\Windows\PFRO.log
    2014-12-07 13:43 - 2012-12-02 10:36 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-12-07 13:43 - 2012-07-26 02:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-12-07 13:25 - 2012-12-02 10:36 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-12-07 00:05 - 2012-07-26 00:37 - 00000000 __RHD () C:\Users\Default
    2014-12-06 23:57 - 2012-07-26 00:26 - 00000215 _____ () C:\Windows\system.ini
    2014-12-06 12:11 - 2012-12-02 06:15 - 00000000 ____D () C:\Users\Cole\AppData\Local\Razer
    2014-12-06 12:11 - 2012-12-02 06:15 - 00000000 ____D () C:\Program Files (x86)\Razer
    2014-12-05 15:32 - 2012-07-26 02:59 - 00000000 ____D () C:\Windows\CbsTemp
    2014-12-05 07:24 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
    2014-12-04 18:25 - 2014-06-16 12:08 - 00000000 ____D () C:\Users\Cole\AppData\Local\gtk-2.0
    2014-12-04 18:25 - 2014-06-16 12:04 - 00000000 ____D () C:\Users\Cole\.gimp-2.8
    2014-12-04 15:19 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\AUInstallAgent
    2014-12-01 18:24 - 2014-03-30 12:46 - 00000000 ____D () C:\ProgramData\GreenApp
    2014-12-01 16:11 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2014-12-01 16:10 - 2012-12-02 10:23 - 00000000 ____D () C:\Users\Cole
    2014-12-01 16:10 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
    2014-11-30 16:08 - 2014-07-31 12:32 - 00000000 ____D () C:\Program Files (x86)\AVS4YOU
    2014-11-30 15:56 - 2013-07-24 18:57 - 00496852 _____ () C:\Windows\system32\perfh011.dat
    2014-11-30 15:56 - 2013-07-24 18:57 - 00136170 _____ () C:\Windows\system32\perfc011.dat
    2014-11-30 15:56 - 2012-07-26 02:28 - 01486242 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-11-28 22:07 - 2014-09-26 17:16 - 00000000 ____D () C:\Users\Cole\Documents\Telltale Games
    2014-11-28 14:59 - 2013-07-02 01:30 - 00000000 ____D () C:\Users\Cole\Documents\SavedGames
    2014-11-28 09:42 - 2013-05-30 20:51 - 00000000 ____D () C:\ProgramData\Package Cache
    2014-11-27 01:13 - 2012-12-02 05:11 - 00000000 ____D () C:\Users\Cole\Documents\My Games
    2014-11-25 15:47 - 2014-07-13 21:51 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-11-16 11:11 - 2013-05-12 10:17 - 00000000 ____D () C:\Program Files\Microsoft Office 15
    2014-11-13 18:26 - 2013-03-02 18:58 - 00000000 ____D () C:\Users\Cole\AppData\Local\Akamai
    2014-11-11 23:31 - 2014-06-27 06:18 - 00000794 _____ () C:\Windows\setupact.log
    2014-11-11 10:56 - 2013-05-03 23:41 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi

    Files to move or delete:
    ====================
    C:\ProgramData\hash.dat


    Some content of TEMP:
    ====================
    C:\Users\Cole\AppData\Local\temp\Quarantine.exe
    C:\Users\Cole\AppData\Local\temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-12-04 00:00

    ==================== End Of Log ============================
     
  24. Winterblizzard

    Winterblizzard TS Rookie Topic Starter Posts: 24

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2014 01
    Ran by Cole at 2014-12-07 14:23:27
    Running from C:\Users\Cole\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Tools for .Net 3.5 (x32 Version: 3.11.50727 - Microsoft Corporation) Hidden
    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
    Akamai NetSession Interface (HKU\S-1-5-21-1563641593-1657672194-2611614249-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.5510 - Perfect World Entertainment)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
    AzureTools.Notifications (x32 Version: 2.1.10730.1601 - Microsoft Corporation) Hidden
    BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version: - The Behemoth)
    Behaviors SDK (XAML) for Visual Studio (x32 Version: 12.0.40822.30 - Microsoft Corporation) Hidden
    Blend for Visual Studio Add-in for Adobe FXG Import (x32 Version: 1.0.40218.0 - Microsoft Corporation) Hidden
    Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
    Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
    Build Tools - amd64 (Version: 12.0.20827 - Microsoft Corporation) Hidden
    Build Tools - x86 (x32 Version: 12.0.20827 - Microsoft Corporation) Hidden
    Build Tools Language Resources - amd64 (Version: 12.0.20827 - Microsoft Corporation) Hidden
    Build Tools Language Resources - x86 (x32 Version: 12.0.20827 - Microsoft Corporation) Hidden
    Bunny Must Die! Chelsea and the 7 Devils (HKLM-x32\...\Steam App 250660) (Version: - Platine Dispositif)
    Cthulhu Saves the World (HKLM-x32\...\Steam App 107310) (Version: - Zeboyd Games)
    Don't Starve (HKLM-x32\...\Steam App 219740) (Version: - Klei Entertainment)
    Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
    Dust: An Elysian Tail (HKLM-x32\...\Steam App 236090) (Version: - Humble Hearts LLC)
    Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{32136776-FE3F-453D-80DA-CDD993BDB2A3}) (Version: 11.1.20810.00 - Microsoft Corporation)
    Floating Point (HKLM-x32\...\Steam App 302380) (Version: - Suspicious Developments)
    Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version: - Greenheart Games)
    Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Team Garry)
    GCFScape 1.8.5 (HKLM\...\GCFScape_is1) (Version: - Ryan Gregg)
    GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
    Goat Simulator (HKLM-x32\...\Steam App 265930) (Version: - Coffee Stain Studios)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
    Half-Life (HKLM-x32\...\Steam App 70) (Version: - Valve)
    Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve)
    Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version: - Valve)
    Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version: - Valve)
    Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version: - Valve)
    Half-Life: Blue Shift (HKLM-x32\...\Steam App 130) (Version: - Gearbox Software)
    Half-Life: Opposing Force (HKLM-x32\...\Steam App 50) (Version: - Gearbox Software)
    HP Deskjet 1000 J110 series Basic Device Software (HKLM\...\{A3E89C5B-BB3A-433A-A878-D1310BB13EAD}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
    HP Deskjet 1000 J110 series Product Improvement Study (HKLM\...\{EEC82191-E879-4906-9D6B-D9665CF030CD}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
    HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
    Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
    JavaScript Tooling (Version: 12.0.20827 - Microsoft Corporation) Hidden
    Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
    LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
    LocalESPCui for en-us Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden
    Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
    Magicka (HKLM-x32\...\Steam App 42910) (Version: - Arrowhead Game Studios)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Media Player Classic - Home Cinema v1.5.2.3456 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.5.2.3456 - MPC-HC Team)
    Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
    Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
    Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
    Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.20827 - Microsoft Corporation)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-1563641593-1657672194-2611614249-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
    Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{A2359A7D-FB6E-414F-8EDC-15D7BD739CEC}) (Version: 11.1.2864.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{1DB1A63A-C1E2-451A-A6B8-A981F22F201E}) (Version: 11.1.2864.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
    Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
    Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
    Microsoft SQL Server Data Tools - enu (11.1.20828.01) (HKLM-x32\...\{4F2B8233-35EE-4197-8C3B-EACCBF712029}) (Version: 11.1.20828.01 - Microsoft Corporation)
    Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01) (HKLM-x32\...\{FAE0523E-08A4-4717-8E8E-6EC6F32CBE88}) (Version: 11.1.20828.01 - Microsoft Corporation)
    Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
    Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
    Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{CD5AAE18-1DF8-4D7B-8B99-9071D7D36126}) (Version: 11.1.3000.0 - Microsoft Corporation)
    Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{99AC7F47-A4E0-4706-9C65-8948775C2652}) (Version: 11.1.3000.0 - Microsoft Corporation)
    Microsoft Text-to-Speech Engine 4.0 (English) (HKLM-x32\...\MSTTS) (Version: - )
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual Studio Express 2012 for Windows Desktop - ENU (HKLM-x32\...\{55a51ce7-3c9d-4d4e-9464-c725923be253}) (Version: 11.0.50727.42 - Microsoft Corporation)
    Microsoft Visual Studio Ultimate 2013 RC (HKLM-x32\...\{7e83af8e-87aa-48fe-b2df-2c705052f6cd}) (Version: 12.0.20827.3 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
    NVIDIA PhysX (HKLM-x32\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
    Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)
    Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
    Performance Tools for Visual Studio 2013 RC (HKLM-x32\...\{307e0cce-34de-4aab-afde-1c79824f3699}) (Version: 12.0.20827.3 - Microsoft Corporation)
    Poker Night 2 (HKLM-x32\...\Steam App 234710) (Version: - Telltale Games)
    Poker Night at the Inventory (HKLM-x32\...\Steam App 31280) (Version: - Telltale Games)
    Portal (HKLM-x32\...\Steam App 400) (Version: - Valve)
    Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
    PowerISO (HKLM-x32\...\PowerISO) (Version: 5.5 - Power Software Ltd)
    PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
    Prerequisites for SSDT (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
    Python 3.3.1 (64-bit) (HKLM\...\{1b70ec9b-564c-35cf-aca9-66176666d751}) (Version: 3.3.1150 - Python Software Foundation)
    Python 3.3.2 (HKLM-x32\...\{92389de9-939e-341b-a076-1d52d7dbca71}) (Version: 3.3.2150 - Python Software Foundation)
    Python Tools for Visual Studio 2013 (2.0 Dev 2013-09-20) (HKLM-x32\...\{5E91A16F-5ED3-45EC-95DA-8C98485ED687}) (Version: 2.0.10920.00 - Microsoft Corporation)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
    Risk of Rain (HKLM-x32\...\Steam App 248820) (Version: - )
    ROBLOX Player (HKLM-x32\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
    ROBLOX Player for Cole (HKU\S-1-5-21-1563641593-1657672194-2611614249-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
    ROBLOX Studio 2013 for Cole (HKU\S-1-5-21-1563641593-1657672194-2611614249-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation)
    Sonic Adventure DX (HKLM-x32\...\Steam App 71250) (Version: - SEGA)
    Source Filmmaker (HKLM-x32\...\Steam App 1840) (Version: - Valve)
    Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
    System Requirements Lab CYRI (HKLM-x32\...\{19B0831B-0C18-4103-86E4-90FCD04CD3B9}) (Version: 6.0.12.5 - Husdawg, LLC)
    Team Explorer for Microsoft Visual Studio 2013 RC (x32 Version: 12.0.20827 - Microsoft Corporation) Hidden
    Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
    Team Fortress Classic (HKLM-x32\...\Steam App 20) (Version: - Valve)
    Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
    The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version: - Edmund McMillen and Florian Himsl)
    The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version: - Nicalis, Inc.)
    The Escapists (HKLM-x32\...\Steam App 298630) (Version: - Mouldy Toof Studios)
    TrackMania Nations Forever (HKLM-x32\...\Steam App 11020) (Version: - Nadeo)
    TypeScript for Microsoft® Visual Studio® 2012 and 2013 (x32 Version: 0.9.1.1 - Microsoft Corporation) Hidden
    Unity Web Player (HKU\S-1-5-21-1563641593-1657672194-2611614249-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
    Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
    Update for Japanese Microsoft IME Postal Code Dictionary (HKLM-x32\...\{121C874E-5797-40B2-86CE-CE6624F2711A}) (Version: 15.0.1376 - Microsoft Corporation)
    Update for Japanese Microsoft IME Standard Dictionary (HKLM-x32\...\{7DB71278-9AD7-4480-AB08-8649C5010B17}) (Version: 15.0.1215 - Microsoft Corporation)
    Update for Japanese Microsoft IME Standard Extended Dictionary (HKLM-x32\...\{78CE66A9-85AF-4BD8-8FB7-35B5F3846C00}) (Version: 15.0.1215 - Microsoft Corporation)
    VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.58 - NCH Software)
    Visual Studio 2012 Update 3 (KB2707250) (HKLM-x32\...\{29828f33-4679-462a-8c98-1c3507678922}) (Version: 11.0.60610 - Microsoft Corporation)
    VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
    WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
    WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
    Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
    WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
    WinZip Registry Optimizer (HKLM-x32\...\WinZip Registry Optimizer_is1) (Version: 1.0 - WinZip International LLC)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-1563641593-1657672194-2611614249-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Cole\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1563641593-1657672194-2611614249-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Cole\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1563641593-1657672194-2611614249-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Cole\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1563641593-1657672194-2611614249-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Cole\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1563641593-1657672194-2611614249-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Cole\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)

    ==================== Restore Points =========================

    04-12-2014 05:59:19 Scheduled Checkpoint
    06-12-2014 00:04:13 avast! antivirus system restore point
    07-12-2014 03:06:40 AfterRougeKiller

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2012-07-26 00:26 - 2014-12-06 23:56 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {011F39BE-7018-412E-9706-0E22C578C19C} - System32\Tasks\Ask4Expert\Smart PC Booster\Startup Dialog => C:\Program Files (x86)\Ask4Expert\Smart PC Booster 7\Helper.exe
    Task: {118B19F3-2AD1-4416-9932-7C5C6F2D881F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-05] (AVAST Software)
    Task: {2E531DAC-7090-4168-A849-3D445B4AE760} - System32\Tasks\HPCustParticipation HP Deskjet 1000 J110 series => C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
    Task: {4D40FEE5-DF32-4708-B36F-87650C6D623D} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-10-22] (Microsoft Corporation)
    Task: {93C44026-C910-4594-A419-357F14E19F16} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-25] (Adobe Systems Incorporated)
    Task: {96CF4EB6-C723-4363-B38A-983DC8CAAB69} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe
    Task: {B4959FC2-4C59-4FBC-827B-E77166E5765D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-02] (Google Inc.)
    Task: {D4831D3D-5823-4DC8-94ED-9EE29E504B0D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-02] (Google Inc.)
    Task: {D7725266-8354-41BC-9B42-CE2A56857C4D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-03-14 21:28 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2012-07-26 02:58 - 2012-07-26 02:53 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
    2014-12-05 19:07 - 2014-12-05 19:07 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
    2014-12-05 19:07 - 2014-12-05 19:07 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
    2014-11-16 11:09 - 2014-09-23 08:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2014-12-05 19:07 - 2014-12-05 19:07 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
    2014-12-07 13:47 - 2014-12-07 13:47 - 02905088 _____ () C:\Program Files\AVAST Software\Avast\defs\14120702\algo.dll
    2014-12-05 19:07 - 2014-12-05 19:07 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2014-03-15 10:44 - 2014-03-14 19:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
    2014-03-15 10:44 - 2014-03-14 19:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
    2014-03-15 10:44 - 2014-03-14 19:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
    2014-03-15 10:44 - 2014-03-14 19:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
    2014-03-15 10:44 - 2014-03-14 19:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
    2014-03-15 10:44 - 2014-03-14 19:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
    2014-03-15 10:44 - 2014-03-14 19:50 - 13637448 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\StartupFolder: => "LOLRecorder.lnk"
    HKLM\...\StartupApproved\StartupFolder: => "Start GeekBuddy.lnk"
    HKLM\...\StartupApproved\Run: => "RTHDVCPL"
    HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
    HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
    HKLM\...\StartupApproved\Run32: => "HP Software Update"
    HKLM\...\StartupApproved\Run32: => "APSDaemon"
    HKLM\...\StartupApproved\Run32: => "QuickTime Task"
    HKLM\...\StartupApproved\Run32: => "tvncontrol"
    HKLM\...\StartupApproved\Run32: => "Gameiki"
    HKU\S-1-5-21-1563641593-1657672194-2611614249-1001\...\StartupApproved\Run: => "Spotify Web Helper"

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-1563641593-1657672194-2611614249-500 - Administrator - Disabled)
    ASPNET (S-1-5-21-1563641593-1657672194-2611614249-1004 - Limited - Enabled)
    Cole (S-1-5-21-1563641593-1657672194-2611614249-1001 - Administrator - Enabled) => C:\Users\Cole
    Guest (S-1-5-21-1563641593-1657672194-2611614249-501 - Limited - Enabled)

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============

    Microsoft Office Sessions:
    =========================

    CodeIntegrity Errors:
    ===================================
    Date: 2014-12-06 23:50:23.367
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2013-12-06 16:31:06.992
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2013-12-06 16:23:50.768
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2013-12-06 16:22:36.119
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2013-12-05 18:20:09.672
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2013-12-05 18:06:50.778
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2013-12-05 18:04:30.151
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2013-12-04 22:15:44.170
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2013-12-04 19:55:13.315
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2013-12-04 18:16:24.719
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: AMD E1-1200 APU with Radeon(tm) HD Graphics
    Percentage of memory in use: 37%
    Total physical RAM: 3810.07 MB
    Available physical RAM: 2380.82 MB
    Total Pagefile: 4642.07 MB
    Available Pagefile: 2998.23 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.78 MB

    ==================== Drives ================================

    Drive c: (Gateway) (Fixed) (Total:422.11 GB) (Free:111.66 GB) NTFS
    Drive d: (Recovery) (Fixed) (Total:0.39 GB) (Free:0.16 GB) NTFS
    Drive e: (Push Button Reset) (Fixed) (Total:17 GB) (Free:3.91 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: D49E1276)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================
     
  25. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...