Solved Computer slower than normal

Winterblizzard · Dec 5, 2014

I'd hate to admit it, but I need some help with things.
Recently, on steam, I fell for a type phishing, which had came from a friend of mine.
I used a program called "Zoek" from the very friend that got me fooled, which had cleared almost of all of what I thought to be spyware.
This is after me using multiple scans from Malwarebytes, since I knew little to nothing about trying to find spyware and all this other stuff. Due to this scanning, I found a lot of items infected, so I quarantined all of them, just to be sure.
So, after this, I noticed multiple items were running in the task manager, which I found odd, since there shouldn't be any need to this right? I found that chrome had 6 or 7 different tasks, Steam webhelper running 2 or 3 times, and some others running more than once, which put a dent in my CPU.
I'd like to know if any of this is bad, or if I should do anything to stop them. Its really effecting how my computer runs so is there anything I can do to protect my computer from further failure?

Broni · Dec 5, 2014

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================

Chrome will open new process with every new tab open so it may be normal but if you want to get your computer checked...

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Winterblizzard · Dec 6, 2014

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/6/2014
Scan Time: 9:37:46 AM
Logfile: Malwarebytes_scan_log.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.06.05
Rootkit Database: v2014.12.03.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: Cole

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 404715
Time Elapsed: 52 min, 33 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.EasyLife.A, C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage": "http://search.easylifeapp.com/",), ,[f5827be38eee71c5ad771387ab5a1ae6]

Physical Sectors: 0
(No malicious items detected)

(end)

Winterblizzard · Dec 6, 2014

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16921 BrowserJavaVersion: 10.71.2
Run by Cole at 10:37:28 on 2014-12-06
Microsoft Windows 8 Pro 6.2.9200.0.1252.1.1033.18.3810.1610 [GMT -5:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\dwm.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhostex.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
C:\Users\Cole\AppData\Local\Akamai\netsession_win.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Cole\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\McAfee Security Scan\3.10.106\SSScheduler.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
uDefault_Page_URL = hxxp://www.google.com
mStart Page = www.google.com
uProxyOverride = <-loopback>;<local>
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.10.106\McAfeeMSS_IE.dll
BHO: Microsoft Web Test Recorder 12.0 Helper: {432dd630-7e03-4c97-9d62-b99f52df4fc2} - C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: ArcPluginIEBHO Class: {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files (x86)\Perfect World Entertainment\Arc\plugins\ArcPluginIE.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
EB: Web Test Recorder 12.0: {46857999-9b7c-4895-9d22-81a4a2478868} -
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [Akamai NetSession Interface] "C:\Users\Cole\AppData\Local\Akamai\netsession_win.exe"
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Gameiki] C:\Program Files (x86)\Gameiki\Gameiki Mod Installer\Gameiki Mod Installer.exe Update
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
StartupFolder: C:\Users\Cole\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
StartupFolder: C:\Users\Cole\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~2.LNK - C:\Windows\System32\RunDll32.exe
StartupFolder: C:\Users\Cole\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\-HPDES~1.LNK -
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.10.106\SSScheduler.exe
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{1CB6D5E7-3036-4916-913F-0D6A9B54420F} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
AppInit_DLLs= c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
x64-mStart Page = www.google.com
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-mPolicies-System: SoftwareSASGeneration = dword:1
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\Drivers\aswRvrt.sys [2014-12-5 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\Drivers\aswVmm.sys [2014-12-5 267632]
R1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswsnx.sys [2014-12-5 1050432]
R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswSP.sys [2014-12-5 436624]
R1 HMD;COMODO livePCsupport Hardware Monitor Driver;C:\Windows\System32\Drivers\hmd.sys [2013-10-4 14888]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-10-18 239616]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\Drivers\aswHwid.sys [2014-12-5 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2014-12-5 83280]
R2 aswStm;aswStm;C:\Windows\System32\Drivers\aswStm.sys [2014-12-5 116728]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-12-5 50344]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-3-14 2443960]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-12-1 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-12-1 969016]
R2 RzKLService;RzKLService;C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [2014-6-25 105448]
R2 VBoxAswDrv;VBoxAsw Support Driver;C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2014-12-5 271752]
R3 AvastVBoxSvc;AvastVBox COM Service;C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2014-12-5 4012248]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2014-12-1 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\Drivers\MBAMSwissArmy.sys [2014-12-1 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\Drivers\mwac.sys [2014-12-1 64216]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
S3 ArcService;Arc Service;C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [2013-5-23 88424]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\Drivers\lvrs64.sys [2012-10-26 351520]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.10.106\McCHSvc.exe [2014-11-4 289256]
S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [2013-8-22 119808]
S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-25 117248]
S3 VsEtwService120;Visual Studio ETW Event Collection Service;C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [2013-8-27 87136]
S3 xusb22;Xbox 360 Wireless Receiver Driver Service 22;C:\Windows\System32\Drivers\xusb22.sys [2012-7-25 89088]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-12-06 00:13:17 -------- d-----w- C:\Users\Cole\AppData\Roaming\Dropbox
2014-12-06 00:10:15 -------- d-----w- C:\Windows\SysWow64\vbox
2014-12-06 00:10:15 -------- d-----w- C:\Windows\System32\vbox
2014-12-06 00:09:18 -------- d-----w- C:\Users\Cole\AppData\Roaming\AVAST Software
2014-12-06 00:07:58 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-12-06 00:07:58 83280 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-12-06 00:07:58 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-12-06 00:07:58 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-12-06 00:07:58 267632 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-12-06 00:07:58 116728 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-12-06 00:07:58 1050432 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2014-12-06 00:07:47 43152 ----a-w- C:\Windows\avastSS.scr
2014-12-06 00:05:14 -------- d-----w- C:\Program Files\AVAST Software
2014-12-06 00:02:32 -------- d-----w- C:\ProgramData\AVAST Software
2014-12-05 12:25:03 941720 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\NISBackup\gapaengine.dll
2014-12-05 12:25:03 1188440 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{701A1C47-65A5-48EF-B90D-2E9336FDF693}\gapaengine.dll
2014-12-05 12:24:24 11632448 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2C7D13A0-63C4-48E6-A6D5-0A9290BD196C}\mpengine.dll
2014-12-05 00:12:52 -------- d-----w- C:\Program Files (x86)\Security Task Manager
2014-12-02 01:21:07 269992 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10248.bin
2014-12-02 00:25:04 -------- d-----w- C:\zoek_backup
2014-12-01 20:37:09 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-12-01 20:36:50 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-12-01 20:36:50 64216 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-12-01 20:36:50 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-12-01 20:36:50 -------- d-----w- C:\ProgramData\Malwarebytes
2014-12-01 20:36:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-01 20:29:22 -------- d-----w- C:\ProgramData\McAfee Security Scan
2014-12-01 20:29:20 -------- d-----w- C:\Program Files\McAfee Security Scan
2014-11-28 15:05:42 -------- d-----w- C:\Users\Cole\AppData\Local\Risk_of_Rain
2014-11-26 22:57:07 -------- d-----w- C:\Users\Cole\AppData\Local\Game Dev Tycoon - Steam
2014-11-16 05:00:48 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
.
==================== Find3M ====================
.
2014-11-03 23:12:12 46136 ---ha-w- C:\Windows\System32\drivers\Hamdrv.sys
2014-10-30 11:25:26 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-10-19 19:26:31 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
============= FINISH: 10:41:37.65 ===============

Broni · Dec 6, 2014

I still need Attach.txt log from DDS.

Winterblizzard · Dec 6, 2014

DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8 Pro
Boot Device: \Device\HarddiskVolume2
Install Date: 12/2/2012 10:23:55 AM
System Uptime: 12/6/2014 9:11:14 AM (1 hours ago)
.
Motherboard: Gateway | | SX2110G
Processor: AMD E1-1200 APU with Radeon(tm) HD Graphics | P0 | 1400/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 422 GiB total, 110.792 GiB free.
D: is FIXED (NTFS) - 0 GiB total, 0.162 GiB free.
E: is FIXED (NTFS) - 17 GiB total, 3.911 GiB free.
G: is Removable
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP150: 12/4/2014 12:59:19 AM - Scheduled Checkpoint
RP151: 12/5/2014 7:04:13 PM - avast! antivirus system restore point
.
==== Installed Programs ======================
.
Tools for .Net 3.5
Adobe Flash Player 15 Plugin
Adobe Reader XI (11.0.09)
Akamai NetSession Interface
Apple Application Support
Arc
Avast Free Antivirus
AzureTools.Notifications
BattleBlock Theater
Behaviors SDK (XAML) for Visual Studio
Blend for Visual Studio Add-in for Adobe FXG Import
Blend for Visual Studio SDK for .NET 4.5
Blend for Visual Studio SDK for Silverlight 5
Build Tools - amd64
Build Tools - x86
Build Tools Language Resources - amd64
Build Tools Language Resources - x86
Bunny Must Die! Chelsea and the 7 Devils
Cthulhu Saves the World
Don't Starve
Dotfuscator and Analytics Community Edition
Dust: An Elysian Tail
Entity Framework Designer for Visual Studio 2012 - enu
Floating Point
Game Dev Tycoon
Garry's Mod
GCFScape 1.8.5
GIMP 2.8.10
Goat Simulator
Google Chrome
Google Update Helper
Half-Life
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Episode Two
Half-Life 2: Lost Coast
Half-Life: Blue Shift
Half-Life: Opposing Force
HP Deskjet 1000 J110 series Basic Device Software
HP Deskjet 1000 J110 series Product Improvement Study
HP Update
Java 7 Update 71
Java Auto Updater
JavaScript Tooling
Left 4 Dead 2
LocalESPC Dev12
LocalESPCui for en-us Dev12
Logitech SetPoint 6.65
Magicka
Malwarebytes Anti-Malware version 2.0.4.1028
McAfee Security Scan Plus
Media Player Classic - Home Cinema v1.5.2.3456
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5 Multi-Targeting Pack
Microsoft .NET Framework 4.5 SDK
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack for Windows Store Apps
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack for Windows Store Apps (ENU)
Microsoft .NET Framework 4.5.1 SDK
Microsoft Advertising SDK for Windows 8.1 - ENU
Microsoft Advertising Service Extension for Visual Studio
Microsoft C++ REST SDK for Visual Studio 2013 RC
Microsoft Expression Blend SDK for .NET 4
Microsoft Expression Blend SDK for Silverlight 4
Microsoft Help Viewer 2.0
Microsoft Help Viewer 2.1
Microsoft NuGet - Visual Studio 2013 RC
Microsoft NuGet - Visual Studio Express 2012 for Windows Desktop
Microsoft Office 365 - en-us
Microsoft OneDrive
Microsoft Portable Library Multi-Targeting Pack
Microsoft Portable Library Multi-Targeting Pack Language Pack - enu
Microsoft Report Viewer Add-On for Visual Studio 2013 RC
Microsoft Silverlight
Microsoft SQL Server 2012 Command Line Utilities
Microsoft SQL Server 2012 Data-Tier App Framework
Microsoft SQL Server 2012 Data-Tier App Framework (x64)
Microsoft SQL Server 2012 Express LocalDB
Microsoft SQL Server 2012 Management Objects
Microsoft SQL Server 2012 Management Objects (x64)
Microsoft SQL Server 2012 Native Client
Microsoft SQL Server 2012 T-SQL Language Service
Microsoft SQL Server 2012 Transact-SQL Compiler Service
Microsoft SQL Server 2012 Transact-SQL ScriptDom
Microsoft SQL Server Compact 4.0 SP1 x64 ENU
Microsoft SQL Server Data Tools - enu (11.1.20828.01)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01)
Microsoft SQL Server System CLR Types
Microsoft SQL Server System CLR Types (x64)
Microsoft System CLR Types for SQL Server 2012
Microsoft System CLR Types for SQL Server 2012 (x64)
Microsoft Team Foundation Server 2013 RC Object Model (x64)
Microsoft Team Foundation Server 2013 RC Object Model Language Pack (x64) - ENU
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ ARM Libraries
Microsoft Visual C++ x64-arm Cross Compilers
Microsoft Visual C++ x64-arm Cross Compilers - ENU Resources
Microsoft Visual C++ x64-x86 Cross Compilers
Microsoft Visual C++ x64-x86 Cross Compilers - ENU Resources
Microsoft Visual C++ x64 Libraries
Microsoft Visual C++ x64 Native Compilers
Microsoft Visual C++ x64 Native Compilers - ENU Resources
Microsoft Visual C++ x86 Libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 32bit Compilers - ENU Resources
Microsoft Visual C++ 2012 Core Libraries
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86-x64 Compilers
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2013 RC x64 Designtime - 12.0.20827
Microsoft Visual C++ 2013 32bit Compilers - ENU Resources
Microsoft Visual C++ 2013 Compilers
Microsoft Visual C++ 2013 Compilers - ENU Resources
Microsoft Visual C++ 2013 Core Libraries
Microsoft Visual C++ 2013 Extended Libraries
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.20827
Microsoft Visual C++ 2013 x64 Debug Runtime - 12.0.20827
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.20827
Microsoft Visual C++ 2013 x86-x64 Compilers
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.20827
Microsoft Visual C++ 2013 x86 Debug Runtime - 12.0.20827
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.20827
Microsoft Visual Studio 2012 Express Prerequisites x64 - ENU
Microsoft Visual Studio 2012 Preparation
Microsoft Visual Studio 2012 Shell (Minimum)
Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
Microsoft Visual Studio 2012 Shell (Minimum) Resources
Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU
Microsoft Visual Studio 2013 Devenv
Microsoft Visual Studio 2013 IntelliTrace Core amd64
Microsoft Visual Studio 2013 IntelliTrace Core x86
Microsoft Visual Studio 2013 IntelliTrace Front End x86
Microsoft Visual Studio 2013 Profiling Tools
Microsoft Visual Studio 2013 RC Devenv Resources
Microsoft Visual Studio 2013 RC Performance Collection Tools
Microsoft Visual Studio 2013 RC Performance Collection Tools - ENU
Microsoft Visual Studio 2013 RC Preparation
Microsoft Visual Studio 2013 RC Shell (Minimum) Resources
Microsoft Visual Studio 2013 RC Team Explorer Language Pack - ENU
Microsoft Visual Studio 2013 Shell (Minimum)
Microsoft Visual Studio 2013 Shell (Minimum) Interop Assemblies
Microsoft Visual Studio 2013 VsGraphics Helper Dependencies RC
Microsoft Visual Studio Express 2012 for Windows Desktop
Microsoft Visual Studio Express 2012 for Windows Desktop - ENU
Microsoft Visual Studio Premium 2013 RC
Microsoft Visual Studio Premium 2013 RC - ENU
Microsoft Visual Studio Professional 2013 RC
Microsoft Visual Studio Professional 2013 RC - ENU
Microsoft Visual Studio Team Foundation Server 2012 Object Model
Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU
Microsoft Visual Studio Team Foundation Server 2013 RC Storyboarding (x64)
Microsoft Visual Studio Team Foundation Server 2013 RC Storyboarding Language Pack (x64) - ENU
Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources
Microsoft Visual Studio Ultimate 2013 RC
Microsoft Visual Studio Ultimate 2013 RC - ENU
Microsoft Visual Studio Ultimate 2013 RC XAML UI Designer Core
Microsoft Visual Studio Ultimate 2013 RC XAML UI Designer enu Resources
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0 Refresh
NVIDIA PhysX
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
Origin
Pando Media Booster
Performance Tools for Visual Studio 2013 RC
Poker Night 2
Poker Night at the Inventory
Portal
Portal 2
PowerISO
PreEmptive Analytics Visual Studio Components
Prerequisites for SSDT
Python 3.3.1 (64-bit)
Python 3.3.2
Python Tools for Visual Studio 2013 (2.0 Dev 2013-09-20)
Razer Game Booster
Realtek High Definition Audio Driver
Risk of Rain
ROBLOX Player
ROBLOX Player for Cole
ROBLOX Studio 2013 for Cole
Sonic Adventure DX
Source Filmmaker
Steam
System Requirements Lab CYRI
Team Explorer for Microsoft Visual Studio 2013 RC
Team Fortress 2
Team Fortress Classic
Terraria
The Binding of Isaac
The Binding of Isaac: Rebirth
The Escapists
TrackMania Nations Forever
TypeScript for Microsoft® Visual Studio® 2012 and 2013
Unity Web Player
Update for (KB2504637)
Update for Japanese Microsoft IME Postal Code Dictionary
Update for Japanese Microsoft IME Standard Dictionary
Update for Japanese Microsoft IME Standard Extended Dictionary
Update for Microsoft Visual Studio 2012 (KB2781514)
VideoPad Video Editor
Visual F# 3.1 SDK
Visual F# 3.1 VS
Visual Studio 2012 Update 3 (KB2707250)
Visual Studio 2013 Prerequisites
Visual Studio 2013 Prerequisites - ENU Language Pack
Visual Studio Extensions for Windows Library for JavaScript
VLC media player 2.0.7
WCF Data Services 5.6.0 Runtime
WCF Data Services Tools for Microsoft Visual Studio 2013
Windows App Certification Kit Native Components
Windows App Certification Kit x64
Windows Azure Mobile Services SDK
Windows Azure Mobile Services Tools for Visual Studio 2013 Preview - v1.0
Windows Azure Shared Components for Microsoft Visual Studio 2013 - v1.0
Windows Movie Maker 2.6
Windows Runtime Intellisense Content - en-us
Windows Software Development Kit
Windows Software Development Kit DirectX x64 Remote
Windows Software Development Kit DirectX x86 Remote
Windows Software Development Kit for Windows Store Apps
Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
Windows XP Targeting with C++
WinRAR 4.20 (32-bit)
WinZip Registry Optimizer
.
==== Event Viewer Messages From Past Week ========
.
12/6/2014 9:38:46 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-1563641593-1657672194-2611614249-1001-0-ntuser.dat' was corrupted and it has been recovered. Some data might have been lost.
12/6/2014 9:13:47 AM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
12/6/2014 9:12:58 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AvastVBox COM Service service to connect.
12/6/2014 9:12:58 AM, Error: Service Control Manager [7000] - The AvastVBox COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/6/2014 9:12:58 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service AvastVBoxSvc with arguments "Unavailable" in order to run the server: {F319F1B8-7587-4146-AF9C-0D6D77819BF1}
12/6/2014 9:11:22 AM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.
12/5/2014 7:23:19 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB2267602 (Definition 1.189.1443.0).
12/4/2014 12:55:19 AM, Error: volsnap [36] -
12/1/2014 4:11:37 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Users\Cole\ntuser.dat' was corrupted and it has been recovered. Some data might have been lost.
11/30/2014 3:51:15 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EFS service.
.
==== End Of File ===========================

Broni · Dec 6, 2014

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download

Malwarebytes Anti-Rootkit to your desktop.

Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
Double click on downloaded file. OK self extracting prompt.
MBAR will start. Click "Next" to continue.
Click in the following screen "Update" to obtain the latest malware definitions.
Once the update is complete select "Next" and click "Scan".
When the scan is finished and no malware has been found select "Exit".
If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
- "mbar-log-{date} (xx-xx-xx).txt"
- "system-log.txt"

NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.

Winterblizzard · Dec 6, 2014

RogueKiller V10.0.8.0 [Nov 20 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Cole [Administrator]
Mode : Delete -- Date : 12/06/2014 22:02:26

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 15 ¤¤¤
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\qknfd (system32\drivers\qknfd.sys) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qknfd (system32\drivers\qknfd.sys) -> Not selected
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Not selected
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1563641593-1657672194-2611614249-1001\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1563641593-1657672194-2611614249-1001\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)][UNITED STATES (US)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)][UNITED STATES (US)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1CB6D5E7-3036-4916-913F-0D6A9B54420F} | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)][UNITED STATES (US)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1CB6D5E7-3036-4916-913F-0D6A9B54420F} | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)][UNITED STATES (US)] -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] \\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} -- C:\ProgramData\cis54C3.exe (--PostUninstall {15198508-521A-4D69-8E5B-B94A6CCFF805}) -> Deleted

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AAKX-22ERMA0 +++++
--- User ---
[MBR] a6de0d316046af047d474b690aaf920a
[BSP] 385be197ed43c090f8eb776be34b1656 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

============================================

Winterblizzard · Dec 6, 2014

Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org

Database version: v2014.12.07.03

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16921
Cole :: ETHAN [administrator]

12/6/2014 10:11:41 PM
mbar-log-2014-12-06 (22-11-41).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 403222
Time elapsed: 26 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Winterblizzard · Dec 6, 2014

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16921

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 1.397000 GHz
Memory total: 3995144192, free: 2112270336

Downloaded database version: v2014.12.07.03
Downloaded database version: v2014.12.03.01
Downloaded database version: v2014.12.06.01
=======================================
Initializing...
------------ Kernel report ------------
12/06/2014 22:11:05
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\system32\drivers\tpm.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\aswRdr2.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\Drivers\SCDEmu.SYS
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\system32\DRIVERS\hmd.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\usbohci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\system32\DRIVERS\Rt630x64.sys
\SystemRoot\System32\drivers\amdppm.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\USBSTOR.SYS
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\aswMonFlt.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\aswHwid.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mslldp.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\drivers\rdpvideominiport.sys
\SystemRoot\System32\drivers\rdpdr.sys
\SystemRoot\System32\drivers\monitor.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa80059ac060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000046\
Lower Device Object: 0xfffffa80055fc620
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004bf5060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000031\
Lower Device Object: 0xfffffa80049b3060
Lower Device Driver Name: \Driver\storahci\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004bf5060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004bf62b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004bf5060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa80049b3060, DeviceName: \Device\00000031\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File "C:\Windows\System32\Drivers\vwifibus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: D49E1276

GPT Protective MBR Partition information:

Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

GPT Partition information:

GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 1092762581
GPT Header CurrentLba = 1 BackupLba 976773167
GPT Header FirstUsableLba 34 LastUsableLba 976773134
GPT Header Guid 5e9c1399-692-415d-a261-dfd4a3675bc
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128

Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 1092762581
Backup GPT header CurrentLba = 976773167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 976773134
Backup GPT header Guid 5e9c1399-692-415d-a261-dfd4a3675bc
Backup GPT header Contains 128 partition entries starting at LBA 976773135
Backup GPT header Partition entry size = 128

Partition 0 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID f529e0ad-3ca5-11e2-b2cd-c8678288d8c
FirstLBA 2048 Last LBA 821247
Attributes 0
Partition Name

Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID 7b30be30-c697-4845-a435-28445787a736
FirstLBA 821248 Last LBA 1435647
Attributes 0
Partition Name EFI

GPT Partition 1 is bootable
Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID 60574fc4-383b-4735-a96a-55bfe687b5a9
FirstLBA 1435648 Last LBA 1697791
Attributes 0
Partition Name Micr

Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 37b8eda2-2710-0-80fe-806e6f6e6963
FirstLBA 1697792 Last LBA 886924012
Attributes 0
Partition Name

Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID f529e0ae-3ca5-11e2-b2cd-c8678288d8c
FirstLBA 941121536 Last LBA 976773119
Attributes 0
Partition Name

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa80059ac060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80059ac970, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80059ac060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa80055fc620, DeviceName: \Device\00000046\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

Broni · Dec 6, 2014

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

Winterblizzard · Dec 7, 2014

I've got the log, but its really large, and I would have to paste more than 5 or 4 replies to get the whole log in, do you want me to attach the log to a reply, or just make 5 or 4 replies?

Broni · Dec 7, 2014

Split it between several replies.

Winterblizzard · Dec 7, 2014

ComboFix 14-12-04.01 - Cole 12/06/2014 23:16:30.1.2 - x64
Microsoft Windows 8 Pro 6.2.9200.0.1252.1.1033.18.3810.2284 [GMT -5:00]
Running from: c:\users\Cole\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\w6Z.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\SijwRs_Ahy.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\Aj0Iq.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\newtab.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\WuO0uqYBN.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\YzMH2v.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\w6Z.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\SijwRs_Ahy.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\Aj0Iq.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\newtab.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\WuO0uqYBN.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\YzMH2v.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\w6Z.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\SijwRs_Ahy.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\Aj0Iq.js

Winterblizzard · Dec 7, 2014

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\newtab.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\WuO0uqYBN.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\YzMH2v.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\w6Z.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\SijwRs_Ahy.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\Aj0Iq.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\newtab.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\WuO0uqYBN.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\YzMH2v.js
c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok
c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\background.html
c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\content.js
c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\lsdb.js
c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\manifest.json
c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\w6Z.js
c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf
c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\background.html
c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\content.js
c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\lsdb.js
c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\manifest.json
c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\SijwRs_Ahy.js
c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm
c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\Aj0Iq.js
c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\background.html
c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\content.js
c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\lsdb.js
c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\manifest.json
c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki
c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\background.html
c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\content.js
c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\lsdb.js
c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\manifest.json
c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\newtab.html
c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\WuO0uqYBN.js
c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\background.html
c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\content.js
c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\lsdb.js
c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\manifest.json
c:\users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\YzMH2v.js
c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok
c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\background.html
c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\content.js
c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\lsdb.js
c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\manifest.json
c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\w6Z.js
c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf
c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\background.html
c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\content.js
c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\lsdb.js
c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\manifest.json
c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\SijwRs_Ahy.js
c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm
c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\Aj0Iq.js
c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\background.html
c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\content.js
c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\lsdb.js
c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\manifest.json
c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki
c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\background.html
c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\content.js
c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\lsdb.js
c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\manifest.json
c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\newtab.html
c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\WuO0uqYBN.js
c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\background.html
c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\content.js
c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\lsdb.js
c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\manifest.json
c:\users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\YzMH2v.js
c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok
c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\background.html
c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\content.js
c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\lsdb.js
c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\manifest.json
c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\w6Z.js
c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf
c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\background.html
c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\content.js
c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\lsdb.js
c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\manifest.json
c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\SijwRs_Ahy.js
c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm
c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\Aj0Iq.js
c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\background.html
c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\content.js
c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\lsdb.js
c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\manifest.json
c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki
c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\background.html
c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\content.js
c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\lsdb.js
c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\manifest.json
c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\newtab.html
c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\WuO0uqYBN.js
c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\background.html
c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\content.js
c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\lsdb.js
c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\manifest.json
c:\users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\YzMH2v.js
c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok
c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\background.html
c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\content.js
c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\lsdb.js
c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\manifest.json
c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\w6Z.js
c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf
c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\background.html
c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\content.js
c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\lsdb.js
c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\manifest.json
c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\SijwRs_Ahy.js
c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm
c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\Aj0Iq.js
c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\background.html
c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\content.js
c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\lsdb.js
c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\manifest.json
c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki
c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\background.html
c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\content.js
c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\lsdb.js
c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\manifest.json
c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\newtab.html
c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\WuO0uqYBN.js
c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\background.html
c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\content.js
c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\lsdb.js
c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\manifest.json
c:\users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\YzMH2v.js
c:\users\Cole\AppData\Local\assembly\tmp
c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok
c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\background.html
c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\content.js
c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\lsdb.js
c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\manifest.json
c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\w6Z.js
c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf
c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\background.html
c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\content.js
c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\lsdb.js
c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\manifest.json
c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\SijwRs_Ahy.js
c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm
c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\Aj0Iq.js
c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\background.html
c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\content.js
c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\lsdb.js
c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\manifest.json
c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki
c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\background.html
c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\content.js
c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\lsdb.js
c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\manifest.json

Winterblizzard · Dec 7, 2014

c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\newtab.html
c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\WuO0uqYBN.js
c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\background.html
c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\content.js
c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\lsdb.js
c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\manifest.json
c:\users\Cole\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\YzMH2v.js
c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok
c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\background.html
c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\content.js
c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\lsdb.js
c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\manifest.json
c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\w6Z.js
c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf
c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\background.html
c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\content.js
c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\lsdb.js
c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\manifest.json
c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\SijwRs_Ahy.js
c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm
c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\Aj0Iq.js
c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\background.html
c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\content.js
c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\lsdb.js
c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\manifest.json
c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki
c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\background.html
c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\content.js
c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\lsdb.js
c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\manifest.json
c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\newtab.html
c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\WuO0uqYBN.js
c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\background.html
c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\content.js
c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\lsdb.js
c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\manifest.json
c:\users\Cole\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\YzMH2v.js
c:\users\Cole\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok
c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\background.html
c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\content.js
c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\lsdb.js
c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\manifest.json
c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\w6Z.js
c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf
c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\background.html
c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\content.js
c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\lsdb.js
c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\manifest.json
c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\SijwRs_Ahy.js
c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm
c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\Aj0Iq.js
c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\background.html
c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\content.js
c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\lsdb.js
c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\manifest.json
c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki
c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\background.html
c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\content.js
c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\lsdb.js
c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\manifest.json
c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\newtab.html
c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\WuO0uqYBN.js
c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\background.html
c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\content.js
c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\lsdb.js
c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\manifest.json
c:\users\Cole\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\YzMH2v.js
c:\users\Cole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk
c:\users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\extensions\staged
c:\users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\extensions\staged\ea-4qlz@zarqmxyo.org\bootstrap.js
c:\users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\extensions\staged\ea-4qlz@zarqmxyo.org\chrome.manifest
c:\users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\extensions\staged\ea-4qlz@zarqmxyo.org\content\bg.js
c:\users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\extensions\staged\ea-4qlz@zarqmxyo.org\install.rdf
c:\users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\extensions\staged\iyuepayg@smsya.com\bootstrap.js
c:\users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\extensions\staged\iyuepayg@smsya.com\chrome.manifest
c:\users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\extensions\staged\iyuepayg@smsya.com\content\bg.js
c:\users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\extensions\staged\iyuepayg@smsya.com\install.rdf
c:\users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\extensions\staged\neu@ejqo-.co.uk\bootstrap.js
c:\users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\extensions\staged\neu@ejqo-.co.uk\chrome.manifest
c:\users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\extensions\staged\neu@ejqo-.co.uk\content\bg.js
c:\users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\extensions\staged\neu@ejqo-.co.uk\install.rdf
c:\users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\extensions\staged\odbo@jzanm.edu\bootstrap.js
c:\users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\extensions\staged\odbo@jzanm.edu\chrome.manifest
c:\users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\extensions\staged\odbo@jzanm.edu\content\bg.js
c:\users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\extensions\staged\odbo@jzanm.edu\install.rdf
c:\users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\extensions\staged\ooacf_0uyou@iknlkhieiefzsc.com\bootstrap.js
c:\users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\extensions\staged\ooacf_0uyou@iknlkhieiefzsc.com\chrome.manifest
c:\users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\extensions\staged\ooacf_0uyou@iknlkhieiefzsc.com\content\bg.js
c:\users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\extensions\staged\ooacf_0uyou@iknlkhieiefzsc.com\install.rdf
c:\users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\extensions\staged\s-yaoa@ooaoyi-.net\bootstrap.js
c:\users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\extensions\staged\s-yaoa@ooaoyi-.net\chrome.manifest
c:\users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\extensions\staged\s-yaoa@ooaoyi-.net\content\bg.js
c:\users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\extensions\staged\s-yaoa@ooaoyi-.net\install.rdf
c:\users\Cole\AppData\Roaming\windows
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\w6Z.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\SijwRs_Ahy.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\Aj0Iq.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\newtab.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\WuO0uqYBN.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\YzMH2v.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\w6Z.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\SijwRs_Ahy.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\Aj0Iq.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\newtab.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\WuO0uqYBN.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\YzMH2v.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\w6Z.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\SijwRs_Ahy.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\Aj0Iq.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\newtab.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\WuO0uqYBN.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\YzMH2v.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\background.html
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\content.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\lsdb.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\manifest.json
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\w6Z.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\background.html
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\content.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\lsdb.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\manifest.json
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\SijwRs_Ahy.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\Aj0Iq.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\background.html
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\content.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\lsdb.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\manifest.json
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\background.html
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\content.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\lsdb.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\manifest.json
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\newtab.html
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\WuO0uqYBN.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\background.html
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\content.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\lsdb.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\manifest.json
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\YzMH2v.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\w6Z.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\SijwRs_Ahy.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\Aj0Iq.js

Winterblizzard · Dec 7, 2014

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\newtab.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\WuO0uqYBN.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\YzMH2v.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\w6Z.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\SijwRs_Ahy.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\Aj0Iq.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\newtab.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\WuO0uqYBN.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\YzMH2v.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\w6Z.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\SijwRs_Ahy.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\Aj0Iq.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\newtab.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\WuO0uqYBN.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\YzMH2v.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\cegcpffhknkbcaolgahobidmbjnghmok\1.0\w6Z.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\djeafhaajdpmbfolchgkoahcklopbpgf\1.0\SijwRs_Ahy.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\Aj0Iq.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\fchepedkmjnpilklpojbloobknpoeefm\1.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\newtab.html
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\gphbjjjlckjhcikcnkhlkpkpclhanjki\2.1\WuO0uqYBN.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\background.html
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\content.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\122\YzMH2v.js
c:\windows\msdownld.tmp
c:\windows\SysWow64\html
c:\windows\SysWow64\images
.
.
((((((((((((((((((((((((( Files Created from 2014-11-07 to 2014-12-07 )))))))))))))))))))))))))))))))
.
.
2014-12-07 04:56 . 2014-12-07 04:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-12-07 03:11 . 2014-12-07 03:38 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-12-07 02:51 . 2014-12-07 02:51 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-12-07 02:51 . 2014-12-07 02:51 -------- d-----w- c:\programdata\RogueKiller
2014-12-06 00:13 . 2014-12-06 00:13 -------- d-----w- c:\users\Cole\AppData\Roaming\Dropbox
2014-12-06 00:10 . 2014-12-06 00:11 -------- d-----w- c:\windows\SysWow64\vbox
2014-12-06 00:10 . 2014-12-06 00:11 -------- d-----w- c:\windows\system32\vbox
2014-12-06 00:09 . 2014-12-06 00:09 -------- d-----w- c:\users\Cole\AppData\Roaming\AVAST Software
2014-12-06 00:07 . 2014-12-06 00:08 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-12-06 00:07 . 2014-12-06 00:07 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-12-06 00:07 . 2014-12-06 00:07 436624 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-12-06 00:07 . 2014-12-06 00:07 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-12-06 00:07 . 2014-12-06 00:07 116728 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-12-06 00:07 . 2014-12-06 00:07 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-12-06 00:07 . 2014-12-06 00:07 83280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-12-06 00:07 . 2014-12-06 00:07 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-12-06 00:07 . 2014-12-06 00:07 364512 ----a-w- c:\windows\system32\aswBoot.exe
2014-12-06 00:07 . 2014-12-06 00:07 43152 ----a-w- c:\windows\avastSS.scr
2014-12-06 00:05 . 2014-12-06 00:05 -------- d-----w- c:\program files\AVAST Software
2014-12-06 00:02 . 2014-12-06 00:05 -------- d-----w- c:\programdata\AVAST Software
2014-12-05 12:25 . 2014-09-10 20:30 1188440 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{701A1C47-65A5-48EF-B90D-2E9336FDF693}\gapaengine.dll
2014-12-05 12:25 . 2013-07-16 09:02 941720 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\NISBackup\gapaengine.dll
2014-12-05 12:24 . 2014-11-17 07:08 11632448 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2C7D13A0-63C4-48E6-A6D5-0A9290BD196C}\mpengine.dll
2014-12-05 00:12 . 2014-12-05 00:12 -------- d-----w- c:\program files (x86)\Security Task Manager
2014-12-02 01:21 . 2014-12-06 19:20 269992 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10248.bin
2014-12-02 00:25 . 2014-12-02 00:25 -------- d-----w- C:\zoek_backup
2014-12-01 20:37 . 2014-12-07 03:11 135384 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-01 20:36 . 2014-12-07 03:10 96472 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-12-01 20:36 . 2014-12-05 00:23 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-12-01 20:36 . 2014-12-01 20:36 -------- d-----w- c:\programdata\Malwarebytes
2014-12-01 20:36 . 2014-11-21 11:14 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-12-01 20:36 . 2014-11-21 11:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-28 15:05 . 2014-11-28 15:05 -------- d-----w- c:\users\Cole\AppData\Local\Risk_of_Rain
2014-11-26 22:57 . 2014-11-29 02:28 -------- d-----w- c:\users\Cole\AppData\Local\Game Dev Tycoon - Steam
2014-11-16 05:00 . 2014-11-16 05:00 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-03 23:12 . 2014-11-03 23:12 46136 ---ha-w- c:\windows\system32\drivers\Hamdrv.sys
2014-10-30 11:25 . 2012-12-06 03:45 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-10-19 19:26 . 2014-10-19 19:26 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-07 09:06 . 2013-04-20 03:24 590536 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-04-14 00:55 223432 ----a-w- c:\users\Cole\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-04-14 00:55 223432 ----a-w- c:\users\Cole\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-04-14 00:55 223432 ----a-w- c:\users\Cole\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-12-02 3093624]
"Akamai NetSession Interface"="c:\users\Cole\AppData\Local\Akamai\netsession_win.exe" [2014-10-30 4673432]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2014-11-18 1940160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2013-01-27 337432]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"Gameiki"="c:\program files (x86)\Gameiki\Gameiki Mod Installer\Gameiki Mod Installer.exe" [2014-02-23 358912]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-09-26 271744]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-12-06 5226600]
.
c:\users\Cole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Deskjet 1000 J110 series Class Driver.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 1000 J110 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN2142N1H605D2;CONNECTION=USB;MONITOR=1; [2012-7-25 51712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R1 qknfd;qknfd;c:\windows\system32\drivers\qknfd.sys;c:\windows\SYSNATIVE\drivers\qknfd.sys [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 ArcService;Arc Service;c:\program files (x86)\Perfect World Entertainment\Arc\ArcService.exe;c:\program files (x86)\Perfect World Entertainment\Arc\ArcService.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 VsEtwService120;Visual Studio ETW Event Collection Service;c:\program files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe;c:\program files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [x]
R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]
R3 xusb22;Xbox 360 Wireless Receiver Driver Service 22;c:\windows\System32\drivers\xusb22.sys;c:\windows\SYSNATIVE\drivers\xusb22.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 HMD;COMODO livePCsupport Hardware Monitor Driver;c:\windows\system32\DRIVERS\hmd.sys;c:\windows\SYSNATIVE\DRIVERS\hmd.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 15:26 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2013-09-05 14:04 215416 ----a-w- c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2014-12-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-14 20:47]
.
2014-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-02 15:36]
.
2014-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-02 15:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-04-14 00:56 262344 ----a-w- c:\users\Cole\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-04-14 00:56 262344 ----a-w- c:\users\Cole\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-04-14 00:56 262344 ----a-w- c:\users\Cole\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-10-14 18:27 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-10-14 18:27 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-10-14 18:27 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-12-06 00:07 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2014-05-19 3100440]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mStart Page = www.google.com
uInternet Settings,ProxyOverride = <-loopback>;<local>
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{5F0DB9C6-EF49-4748-A75D-FAD76538734C} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va012]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2014-12-07 00:05:31
ComboFix-quarantined-files.txt 2014-12-07 05:05
.
Pre-Run: 118,136,549,376 bytes free
Post-Run: 119,830,290,432 bytes free
.
- - End Of File - - CC38B8A9877E34AF3C262714457E0AD7
5FB38429D5D77768867C76DCBDB35194

Broni · Dec 7, 2014

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.

Winterblizzard · Dec 7, 2014

# AdwCleaner v4.104 - Report created 07/12/2014 at 13:41:12
# Updated 05/12/2014 by Xplode
# Database : 2014-12-03.1 [Live]
# Operating System : Windows 8 Pro (64 bits)
# Username : Cole - ETHAN
# Running from : C:\Users\Cole\Desktop\adwcleaner_4.104.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : qknfd

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\safesoft
Folder Deleted : C:\ProgramData\SNT
Folder Deleted : C:\ProgramData\DiiisecaountExtenssi
Folder Deleted : C:\ProgramData\saifEwwebb
Folder Deleted : C:\ProgramData\e3c2888e6ef84f2f
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Registry Optimizer
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\Program Files (x86)\Iminent
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Program Files (x86)\SNT
Folder Deleted : C:\Program Files (x86)\WinZip Registry Optimizer
Folder Deleted : C:\Program Files (x86)\DiiisecaountExtenssi
Folder Deleted : C:\Program Files (x86)\saifEwwebb
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\ASPNET\AppData\Local\torch
Folder Deleted : C:\Users\Cole\AppData\Local\torch
Folder Deleted : C:\Users\Cole\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Cole\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\Cole\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
File Deleted : C:\END

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKCU\Software\5fe8d88e03cea46
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-917353282
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{031B4006-CAC5-4F51-8294-A53933798B5B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7E82846D-8C6B-4C30-82D1-2B94AAD3B0BB}
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\InfoAtoms
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B138259A-351E-33FA-2726-8D71704F1DA9}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16921

-\\ Mozilla Firefox v

[7x74npej.default\prefs.js] - Line Deleted : user_pref("extensions.enabledAddons", "webbooster@iminent.com:5.14.1.0,{972ce4c6-7e08-4474-a285-3208198ce6fd}:16.0.1");
[7x74npej.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "WebSearch");
[7x74npej.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "WebSearch");
[7x74npej.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "WebSearch");
[7x74npej.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
[7x74npej.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
[7x74npej.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");

-\\ Google Chrome v33.0.1750.154

[C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

-\\ Chromium v

[C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

-\\ Comodo Dragon v

[C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [14238 octets] - [07/12/2014 13:29:15]
AdwCleaner[S0].txt - [14665 octets] - [07/12/2014 13:41:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14726 octets] ##########

Winterblizzard · Dec 7, 2014

Seems to be that Junkware download page is down at this time, any other links to get it from?

Broni · Dec 7, 2014

Works for me.
Uploaded it here: https://www.sendspace.com/file/384qpv

Winterblizzard · Dec 7, 2014

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 8 Pro x64
Ran by Cole on Sun 12/07/2014 at 14:03:06.50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Cole\AppData\Roaming\ask4expert"
Successfully deleted: [Folder] "C:\Users\Cole\AppData\Roaming\mywordtool"
Successfully deleted: [Folder] "C:\Program Files (x86)\ask4expert"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 12/07/2014 at 14:15:49.63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Winterblizzard · Dec 7, 2014

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-12-2014 01
Ran by Cole (administrator) on ETHAN on 07-12-2014 14:20:34
Running from C:\Users\Cole\Desktop
Loaded Profile: Cole (Available profiles: Cole)
Platform: Windows 8 Pro (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Akamai Technologies, Inc.) C:\Users\Cole\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Cole\AppData\Local\Akamai\netsession_win.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [337432 2013-01-27] (Power Software Ltd)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [Gameiki] => C:\Program Files (x86)\Gameiki\Gameiki Mod Installer\Gameiki Mod Installer.exe [358912 2014-02-23] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-12-05] (AVAST Software)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1563641593-1657672194-2611614249-1001\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-12-02] ()
HKU\S-1-5-21-1563641593-1657672194-2611614249-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Cole\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1563641593-1657672194-2611614249-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1940160 2014-11-18] (Valve Corporation)
Startup: C:\Users\Cole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1000 J110 series Class Driver.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1000 J110 series Class Driver.lnk -> C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Cole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\インク警告のモニタ - HP Deskjet 1000 J110 series Class Driver.lnk
ShortcutTarget: インク警告のモニタ - HP Deskjet 1000 J110 series Class Driver.lnk -> C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1563641593-1657672194-2611614249-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1563641593-1657672194-2611614249-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1563641593-1657672194-2611614249-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x641AD6BBA1D0CD01
HKU\S-1-5-21-1563641593-1657672194-2611614249-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US,en;q=0.5
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-1563641593-1657672194-2611614249-1001 -> {BED63B85-3095-456B-B95C-A2FA0C5BEFBB} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1563641593-1657672194-2611614249-1001 -> No Name - {5F0DB9C6-EF49-4748-A75D-FAD76538734C} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1563641593-1657672194-2611614249-1001: @nsroblox.roblox.com/launcher -> C:\Users\Cole\AppData\Local\Roblox\Versions\version-a21a1def88774149\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1563641593-1657672194-2611614249-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Cole\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1563641593-1657672194-2611614249-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: MyWordTool - C:\Users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\7x74npej.default\Extensions\emily@wilford.biz [2014-01-18]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-08-10]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-05]

Chrome:
=======
CHR Profile: C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-07]
CHR Extension: (Google Drive) - C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-07]
CHR Extension: (YouTube) - C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-07]
CHR Extension: (Google Search) - C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-07]
CHR Extension: (Avast Online Security) - C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-07]
CHR Extension: (Google Wallet) - C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Cole\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-07]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-05]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88424 2013-05-23] (Perfect World Entertainment Inc)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-05] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-05] (Avast Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [658432 2013-04-11] (Macrovision Europe Ltd.) [File not signed]
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87136 2013-08-27] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-05] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-05] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-05] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-05] ()
S3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-11-03] (LogMeIn Inc.)
R1 HMD; C:\Windows\system32\DRIVERS\hmd.sys [14888 2013-10-04] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-25] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\Drivers\TrueSight.sys [34808 2014-12-06] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-05] (Avast Software)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-25] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-07 14:20 - 2014-12-07 14:21 - 00016566 _____ () C:\Users\Cole\Desktop\FRST.txt
2014-12-07 14:20 - 2014-12-07 14:20 - 00000000 ____D () C:\FRST
2014-12-07 14:18 - 2014-12-07 14:18 - 02119680 _____ (Farbar) C:\Users\Cole\Downloads\FRST64.exe
2014-12-07 14:18 - 2014-12-07 14:18 - 02119680 _____ (Farbar) C:\Users\Cole\Desktop\FRST64.exe
2014-12-07 14:15 - 2014-12-07 14:15 - 00000911 _____ () C:\Users\Cole\Desktop\JRT.txt
2014-12-07 14:03 - 2014-12-07 14:03 - 00000000 ____D () C:\Windows\ERUNT
2014-12-07 14:01 - 2014-12-07 14:01 - 01707646 _____ (Thisisu) C:\Users\Cole\Downloads\JRT.exe
2014-12-07 14:01 - 2014-12-07 14:01 - 01707646 _____ (Thisisu) C:\Users\Cole\Desktop\JRT.exe
2014-12-07 13:47 - 2014-12-07 13:47 - 00000197 _____ () C:\Windows\system32\2014-12-07-18-47-21.058-AvastVBoxSVC.exe-4952.log
2014-12-07 13:29 - 2014-12-07 13:41 - 00000000 ____D () C:\AdwCleaner
2014-12-07 13:29 - 2014-12-07 13:29 - 00000055 _____ () C:\AdwCleanerDebug.txt
2014-12-07 13:28 - 2014-12-07 13:28 - 02153472 _____ () C:\Users\Cole\Downloads\adwcleaner_4.104.exe
2014-12-07 13:28 - 2014-12-07 13:28 - 02153472 _____ () C:\Users\Cole\Desktop\adwcleaner_4.104.exe
2014-12-07 00:05 - 2014-12-07 00:05 - 00091989 _____ () C:\ComboFix.txt
2014-12-06 23:11 - 2014-12-07 00:05 - 00000000 ____D () C:\Qoobox
2014-12-06 23:11 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-06 23:11 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-06 23:11 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-06 23:11 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-06 23:11 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-06 23:11 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2014-12-06 23:11 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-06 23:11 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-06 23:11 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-06 23:10 - 2014-12-06 23:59 - 00000000 ____D () C:\Windows\erdnt
2014-12-06 23:04 - 2014-12-06 23:04 - 05600479 ____R (Swearware) C:\Users\Cole\Desktop\ComboFix.exe
2014-12-06 23:04 - 2014-12-06 23:04 - 05600479 _____ (Swearware) C:\Users\Cole\Downloads\ComboFix.exe
2014-12-06 22:11 - 2014-12-06 22:38 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-06 22:09 - 2014-12-06 22:38 - 00000000 ____D () C:\Users\Cole\Desktop\mbar
2014-12-06 22:09 - 2014-12-06 22:09 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Cole\Downloads\mbar-1.08.2.1001.exe
2014-12-06 22:09 - 2014-12-06 22:09 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Cole\Desktop\mbar-1.08.2.1001.exe
2014-12-06 21:51 - 2014-12-06 21:51 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-12-06 21:51 - 2014-12-06 21:51 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-12-06 21:50 - 2014-12-06 23:10 - 00004248 _____ () C:\Users\Cole\Desktop\New Text Document.txt
2014-12-06 21:46 - 2014-12-06 21:46 - 15196248 _____ () C:\Users\Cole\Downloads\RogueKiller.exe
2014-12-06 21:46 - 2014-12-06 21:46 - 15196248 _____ () C:\Users\Cole\Desktop\RogueKiller.exe
2014-12-06 10:36 - 2014-12-06 10:36 - 00688992 ____R (Swearware) C:\Users\Cole\Desktop\dds.com
2014-12-06 10:36 - 2014-12-06 10:36 - 00688992 _____ (Swearware) C:\Users\Cole\Downloads\dds.com
2014-12-06 10:31 - 2014-12-06 10:47 - 00000000 ____D () C:\Users\Cole\Desktop\Logsfromscanning
2014-12-06 09:14 - 2014-12-06 09:16 - 00000197 _____ () C:\Windows\system32\2014-12-06-14-14-50.072-AvastVBoxSVC.exe-2788.log
2014-12-05 20:08 - 2014-12-05 20:08 - 00000247 _____ () C:\Windows\system32\2014-12-06-01-08-09.028-aswFe.exe-5272.log
2014-12-05 19:56 - 2014-12-05 20:07 - 00000247 _____ () C:\Windows\system32\2014-12-06-00-56-39.065-aswFe.exe-4880.log
2014-12-05 19:56 - 2014-12-05 19:56 - 00000197 _____ () C:\Windows\system32\2014-12-06-00-56-31.084-AvastVBoxSVC.exe-1028.log
2014-12-05 19:13 - 2014-12-05 19:13 - 00000000 ____D () C:\Users\Cole\AppData\Roaming\Dropbox
2014-12-05 19:10 - 2014-12-05 19:11 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2014-12-05 19:10 - 2014-12-05 19:11 - 00000000 ____D () C:\Windows\system32\vbox
2014-12-05 19:09 - 2014-12-05 19:09 - 00001971 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-05 19:09 - 2014-12-05 19:09 - 00000000 ____D () C:\Users\Cole\AppData\Roaming\AVAST Software
2014-12-05 19:09 - 2014-12-05 19:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-05 19:08 - 2014-12-07 13:46 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-05 19:07 - 2014-12-05 19:08 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-05 19:07 - 2014-12-05 19:07 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-12-05 19:07 - 2014-12-05 19:07 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-05 19:07 - 2014-12-05 19:07 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-05 19:07 - 2014-12-05 19:07 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-12-05 19:07 - 2014-12-05 19:07 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-12-05 19:07 - 2014-12-05 19:07 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-12-05 19:07 - 2014-12-05 19:07 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-05 19:07 - 2014-12-05 19:07 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-12-05 19:07 - 2014-12-05 19:07 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-05 19:05 - 2014-12-05 19:05 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-05 19:02 - 2014-12-05 19:05 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-05 19:01 - 2014-12-05 19:01 - 05006864 _____ (AVAST Software) C:\Users\Cole\Downloads\avast_free_antivirus_setup_online.exe
2014-12-05 15:28 - 2014-05-19 21:33 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-12-05 15:28 - 2014-05-19 18:45 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-12-05 15:28 - 2014-05-19 18:45 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-12-05 15:28 - 2014-05-19 18:24 - 03286528 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-12-05 15:28 - 2014-05-19 18:24 - 01623040 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-12-05 15:28 - 2014-05-19 18:24 - 00773632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-12-05 15:28 - 2014-05-19 18:24 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-12-05 15:28 - 2014-05-19 18:24 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-12-05 15:28 - 2014-05-19 18:24 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-12-05 15:28 - 2014-05-14 17:43 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-12-05 15:28 - 2014-05-14 17:43 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-12-05 15:28 - 2014-05-14 17:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-12-05 15:28 - 2014-05-14 17:42 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-12-04 19:12 - 2014-12-04 19:12 - 02365840 _____ () C:\Users\Cole\Downloads\SecurityTaskManager_Setup.exe
2014-12-04 19:12 - 2014-12-04 19:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
2014-12-04 19:12 - 2014-12-04 19:12 - 00000000 ____D () C:\Program Files (x86)\Security Task Manager
2014-12-04 18:25 - 2014-12-04 18:25 - 00001479 _____ () C:\Users\Cole\AppData\Local\recently-used.xbel
2014-12-01 19:47 - 2014-12-01 19:57 - 00040590 _____ () C:\zoek-results.log
2014-12-01 19:26 - 2014-12-01 19:22 - 01295360 _____ () C:\Users\Cole\Desktop\zoek.exe
2014-12-01 19:25 - 2014-12-01 19:25 - 00000000 ____D () C:\zoek_backup
2014-12-01 19:22 - 2014-12-01 19:22 - 01295360 _____ () C:\Users\Cole\Downloads\zoek.exe
2014-12-01 15:37 - 2014-12-07 13:48 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-01 15:36 - 2014-12-06 22:10 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-01 15:36 - 2014-12-04 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-01 15:36 - 2014-12-04 19:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-01 15:36 - 2014-12-01 17:46 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-01 15:36 - 2014-12-01 15:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-01 15:36 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-01 15:36 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-01 15:28 - 2014-12-01 15:28 - 08423856 _____ (McAfee, Inc.) C:\Users\Cole\Downloads\SecurityScan_Release.exe
2014-11-30 12:35 - 2014-11-30 12:35 - 00000219 _____ () C:\Users\Cole\Desktop\Team Fortress 2.url
2014-11-28 15:00 - 2014-11-28 15:00 - 00000222 _____ () C:\Users\Cole\Desktop\Dust An Elysian Tail.url
2014-11-28 10:05 - 2014-11-28 10:05 - 00000000 ____D () C:\Users\Cole\AppData\Local\Risk_of_Rain
2014-11-26 17:57 - 2014-11-28 21:28 - 00000000 ____D () C:\Users\Cole\AppData\Local\Game Dev Tycoon - Steam
2014-11-26 17:42 - 2014-11-26 17:42 - 00000222 _____ () C:\Users\Cole\Desktop\Game Dev Tycoon.url
2014-11-26 15:43 - 2014-11-26 15:43 - 00000000 ____D () C:\Users\Cole\Documents\SEGA
2014-11-26 14:34 - 2014-11-26 14:34 - 00000222 _____ () C:\Users\Cole\Desktop\The Binding of Isaac Rebirth.url
2014-11-17 16:19 - 2014-11-17 16:19 - 00174984 _____ () C:\Users\Cole\Downloads\f81b2d4e-cc65-4c47-9575-1b5926f70107.vtf
2014-11-17 16:19 - 2014-11-17 16:19 - 00000183 _____ () C:\Users\Cole\Downloads\f81b2d4e-cc65-4c47-9575-1b5926f70107.vmt
2014-11-09 00:03 - 2014-11-09 00:03 - 00394446 _____ () C:\Users\Cole\Downloads\pyrovision_fix.rar

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-07 14:14 - 2012-12-02 10:42 - 00000000 ____D () C:\Users\Cole\AppData\Local\PMB Files
2014-12-07 14:13 - 2012-12-02 10:33 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1563641593-1657672194-2611614249-1001
2014-12-07 14:00 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\sru
2014-12-07 13:58 - 2014-06-27 07:57 - 01222276 _____ () C:\Windows\WindowsUpdate.log
2014-12-07 13:50 - 2012-12-02 04:49 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-07 13:47 - 2014-07-13 21:51 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-07 13:43 - 2014-06-28 16:07 - 00148806 _____ () C:\Windows\PFRO.log
2014-12-07 13:43 - 2012-12-02 10:36 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-07 13:43 - 2012-07-26 02:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-07 13:25 - 2012-12-02 10:36 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-07 00:05 - 2012-07-26 00:37 - 00000000 __RHD () C:\Users\Default
2014-12-06 23:57 - 2012-07-26 00:26 - 00000215 _____ () C:\Windows\system.ini
2014-12-06 12:11 - 2012-12-02 06:15 - 00000000 ____D () C:\Users\Cole\AppData\Local\Razer
2014-12-06 12:11 - 2012-12-02 06:15 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-12-05 15:32 - 2012-07-26 02:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-05 07:24 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-12-04 18:25 - 2014-06-16 12:08 - 00000000 ____D () C:\Users\Cole\AppData\Local\gtk-2.0
2014-12-04 18:25 - 2014-06-16 12:04 - 00000000 ____D () C:\Users\Cole\.gimp-2.8
2014-12-04 15:19 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-12-01 18:24 - 2014-03-30 12:46 - 00000000 ____D () C:\ProgramData\GreenApp
2014-12-01 16:11 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-01 16:10 - 2012-12-02 10:23 - 00000000 ____D () C:\Users\Cole
2014-12-01 16:10 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-11-30 16:08 - 2014-07-31 12:32 - 00000000 ____D () C:\Program Files (x86)\AVS4YOU
2014-11-30 15:56 - 2013-07-24 18:57 - 00496852 _____ () C:\Windows\system32\perfh011.dat
2014-11-30 15:56 - 2013-07-24 18:57 - 00136170 _____ () C:\Windows\system32\perfc011.dat
2014-11-30 15:56 - 2012-07-26 02:28 - 01486242 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-28 22:07 - 2014-09-26 17:16 - 00000000 ____D () C:\Users\Cole\Documents\Telltale Games
2014-11-28 14:59 - 2013-07-02 01:30 - 00000000 ____D () C:\Users\Cole\Documents\SavedGames
2014-11-28 09:42 - 2013-05-30 20:51 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-27 01:13 - 2012-12-02 05:11 - 00000000 ____D () C:\Users\Cole\Documents\My Games
2014-11-25 15:47 - 2014-07-13 21:51 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-16 11:11 - 2013-05-12 10:17 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-11-13 18:26 - 2013-03-02 18:58 - 00000000 ____D () C:\Users\Cole\AppData\Local\Akamai
2014-11-11 23:31 - 2014-06-27 06:18 - 00000794 _____ () C:\Windows\setupact.log
2014-11-11 10:56 - 2013-05-03 23:41 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi

Files to move or delete:
====================
C:\ProgramData\hash.dat

Some content of TEMP:
====================
C:\Users\Cole\AppData\Local\temp\Quarantine.exe
C:\Users\Cole\AppData\Local\temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-04 00:00

==================== End Of Log ============================

Winterblizzard · Dec 7, 2014

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2014 01
Ran by Cole at 2014-12-07 14:23:27
Running from C:\Users\Cole\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Tools for .Net 3.5 (x32 Version: 3.11.50727 - Microsoft Corporation) Hidden
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-1563641593-1657672194-2611614249-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.5510 - Perfect World Entertainment)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
AzureTools.Notifications (x32 Version: 2.1.10730.1601 - Microsoft Corporation) Hidden
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version: - The Behemoth)
Behaviors SDK (XAML) for Visual Studio (x32 Version: 12.0.40822.30 - Microsoft Corporation) Hidden
Blend for Visual Studio Add-in for Adobe FXG Import (x32 Version: 1.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Build Tools - amd64 (Version: 12.0.20827 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.20827 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.20827 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.20827 - Microsoft Corporation) Hidden
Bunny Must Die! Chelsea and the 7 Devils (HKLM-x32\...\Steam App 250660) (Version: - Platine Dispositif)
Cthulhu Saves the World (HKLM-x32\...\Steam App 107310) (Version: - Zeboyd Games)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version: - Klei Entertainment)
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Dust: An Elysian Tail (HKLM-x32\...\Steam App 236090) (Version: - Humble Hearts LLC)
Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{32136776-FE3F-453D-80DA-CDD993BDB2A3}) (Version: 11.1.20810.00 - Microsoft Corporation)
Floating Point (HKLM-x32\...\Steam App 302380) (Version: - Suspicious Developments)
Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version: - Greenheart Games)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Team Garry)
GCFScape 1.8.5 (HKLM\...\GCFScape_is1) (Version: - Ryan Gregg)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version: - Coffee Stain Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Half-Life (HKLM-x32\...\Steam App 70) (Version: - Valve)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version: - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version: - Valve)
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version: - Valve)
Half-Life: Blue Shift (HKLM-x32\...\Steam App 130) (Version: - Gearbox Software)
Half-Life: Opposing Force (HKLM-x32\...\Steam App 50) (Version: - Gearbox Software)
HP Deskjet 1000 J110 series Basic Device Software (HKLM\...\{A3E89C5B-BB3A-433A-A878-D1310BB13EAD}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1000 J110 series Product Improvement Study (HKLM\...\{EEC82191-E879-4906-9D6B-D9665CF030CD}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
JavaScript Tooling (Version: 12.0.20827 - Microsoft Corporation) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Magicka (HKLM-x32\...\Steam App 42910) (Version: - Arrowhead Game Studios)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Media Player Classic - Home Cinema v1.5.2.3456 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.5.2.3456 - MPC-HC Team)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.20827 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1563641593-1657672194-2611614249-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{A2359A7D-FB6E-414F-8EDC-15D7BD739CEC}) (Version: 11.1.2864.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{1DB1A63A-C1E2-451A-A6B8-A981F22F201E}) (Version: 11.1.2864.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20828.01) (HKLM-x32\...\{4F2B8233-35EE-4197-8C3B-EACCBF712029}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01) (HKLM-x32\...\{FAE0523E-08A4-4717-8E8E-6EC6F32CBE88}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{CD5AAE18-1DF8-4D7B-8B99-9071D7D36126}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{99AC7F47-A4E0-4706-9C65-8948775C2652}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft Text-to-Speech Engine 4.0 (English) (HKLM-x32\...\MSTTS) (Version: - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual Studio Express 2012 for Windows Desktop - ENU (HKLM-x32\...\{55a51ce7-3c9d-4d4e-9464-c725923be253}) (Version: 11.0.50727.42 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2013 RC (HKLM-x32\...\{7e83af8e-87aa-48fe-b2df-2c705052f6cd}) (Version: 12.0.20827.3 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
NVIDIA PhysX (HKLM-x32\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
Performance Tools for Visual Studio 2013 RC (HKLM-x32\...\{307e0cce-34de-4aab-afde-1c79824f3699}) (Version: 12.0.20827.3 - Microsoft Corporation)
Poker Night 2 (HKLM-x32\...\Steam App 234710) (Version: - Telltale Games)
Poker Night at the Inventory (HKLM-x32\...\Steam App 31280) (Version: - Telltale Games)
Portal (HKLM-x32\...\Steam App 400) (Version: - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.5 - Power Software Ltd)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
Python 3.3.1 (64-bit) (HKLM\...\{1b70ec9b-564c-35cf-aca9-66176666d751}) (Version: 3.3.1150 - Python Software Foundation)
Python 3.3.2 (HKLM-x32\...\{92389de9-939e-341b-a076-1d52d7dbca71}) (Version: 3.3.2150 - Python Software Foundation)
Python Tools for Visual Studio 2013 (2.0 Dev 2013-09-20) (HKLM-x32\...\{5E91A16F-5ED3-45EC-95DA-8C98485ED687}) (Version: 2.0.10920.00 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Risk of Rain (HKLM-x32\...\Steam App 248820) (Version: - )
ROBLOX Player (HKLM-x32\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
ROBLOX Player for Cole (HKU\S-1-5-21-1563641593-1657672194-2611614249-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
ROBLOX Studio 2013 for Cole (HKU\S-1-5-21-1563641593-1657672194-2611614249-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation)
Sonic Adventure DX (HKLM-x32\...\Steam App 71250) (Version: - SEGA)
Source Filmmaker (HKLM-x32\...\Steam App 1840) (Version: - Valve)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
System Requirements Lab CYRI (HKLM-x32\...\{19B0831B-0C18-4103-86E4-90FCD04CD3B9}) (Version: 6.0.12.5 - Husdawg, LLC)
Team Explorer for Microsoft Visual Studio 2013 RC (x32 Version: 12.0.20827 - Microsoft Corporation) Hidden
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
Team Fortress Classic (HKLM-x32\...\Steam App 20) (Version: - Valve)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version: - Edmund McMillen and Florian Himsl)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version: - Nicalis, Inc.)
The Escapists (HKLM-x32\...\Steam App 298630) (Version: - Mouldy Toof Studios)
TrackMania Nations Forever (HKLM-x32\...\Steam App 11020) (Version: - Nadeo)
TypeScript for Microsoft® Visual Studio® 2012 and 2013 (x32 Version: 0.9.1.1 - Microsoft Corporation) Hidden
Unity Web Player (HKU\S-1-5-21-1563641593-1657672194-2611614249-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Japanese Microsoft IME Postal Code Dictionary (HKLM-x32\...\{121C874E-5797-40B2-86CE-CE6624F2711A}) (Version: 15.0.1376 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Dictionary (HKLM-x32\...\{7DB71278-9AD7-4480-AB08-8649C5010B17}) (Version: 15.0.1215 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Extended Dictionary (HKLM-x32\...\{78CE66A9-85AF-4BD8-8FB7-35B5F3846C00}) (Version: 15.0.1215 - Microsoft Corporation)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.58 - NCH Software)
Visual Studio 2012 Update 3 (KB2707250) (HKLM-x32\...\{29828f33-4679-462a-8c98-1c3507678922}) (Version: 11.0.60610 - Microsoft Corporation)
VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinZip Registry Optimizer (HKLM-x32\...\WinZip Registry Optimizer_is1) (Version: 1.0 - WinZip International LLC)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1563641593-1657672194-2611614249-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Cole\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1563641593-1657672194-2611614249-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Cole\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1563641593-1657672194-2611614249-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Cole\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1563641593-1657672194-2611614249-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Cole\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1563641593-1657672194-2611614249-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Cole\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

04-12-2014 05:59:19 Scheduled Checkpoint
06-12-2014 00:04:13 avast! antivirus system restore point
07-12-2014 03:06:40 AfterRougeKiller

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 00:26 - 2014-12-06 23:56 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {011F39BE-7018-412E-9706-0E22C578C19C} - System32\Tasks\Ask4Expert\Smart PC Booster\Startup Dialog => C:\Program Files (x86)\Ask4Expert\Smart PC Booster 7\Helper.exe
Task: {118B19F3-2AD1-4416-9932-7C5C6F2D881F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-05] (AVAST Software)
Task: {2E531DAC-7090-4168-A849-3D445B4AE760} - System32\Tasks\HPCustParticipation HP Deskjet 1000 J110 series => C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {4D40FEE5-DF32-4708-B36F-87650C6D623D} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-10-22] (Microsoft Corporation)
Task: {93C44026-C910-4594-A419-357F14E19F16} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-25] (Adobe Systems Incorporated)
Task: {96CF4EB6-C723-4363-B38A-983DC8CAAB69} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe
Task: {B4959FC2-4C59-4FBC-827B-E77166E5765D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-02] (Google Inc.)
Task: {D4831D3D-5823-4DC8-94ED-9EE29E504B0D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-02] (Google Inc.)
Task: {D7725266-8354-41BC-9B42-CE2A56857C4D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-14 21:28 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-07-26 02:58 - 2012-07-26 02:53 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2014-12-05 19:07 - 2014-12-05 19:07 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-12-05 19:07 - 2014-12-05 19:07 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-11-16 11:09 - 2014-09-23 08:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-12-05 19:07 - 2014-12-05 19:07 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2014-12-07 13:47 - 2014-12-07 13:47 - 02905088 _____ () C:\Program Files\AVAST Software\Avast\defs\14120702\algo.dll
2014-12-05 19:07 - 2014-12-05 19:07 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-03-15 10:44 - 2014-03-14 19:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-15 10:44 - 2014-03-14 19:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-15 10:44 - 2014-03-14 19:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-15 10:44 - 2014-03-14 19:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-15 10:44 - 2014-03-14 19:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-15 10:44 - 2014-03-14 19:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
2014-03-15 10:44 - 2014-03-14 19:50 - 13637448 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "LOLRecorder.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Start GeekBuddy.lnk"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "tvncontrol"
HKLM\...\StartupApproved\Run32: => "Gameiki"
HKU\S-1-5-21-1563641593-1657672194-2611614249-1001\...\StartupApproved\Run: => "Spotify Web Helper"

========================= Accounts: ==========================

Administrator (S-1-5-21-1563641593-1657672194-2611614249-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1563641593-1657672194-2611614249-1004 - Limited - Enabled)
Cole (S-1-5-21-1563641593-1657672194-2611614249-1001 - Administrator - Enabled) => C:\Users\Cole
Guest (S-1-5-21-1563641593-1657672194-2611614249-501 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2014-12-06 23:50:23.367
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-12-06 16:31:06.992
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-12-06 16:23:50.768
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-12-06 16:22:36.119
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-12-05 18:20:09.672
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-12-05 18:06:50.778
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-12-05 18:04:30.151
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-12-04 22:15:44.170
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-12-04 19:55:13.315
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-12-04 18:16:24.719
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD E1-1200 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 37%
Total physical RAM: 3810.07 MB
Available physical RAM: 2380.82 MB
Total Pagefile: 4642.07 MB
Available Pagefile: 2998.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:422.11 GB) (Free:111.66 GB) NTFS
Drive d: (Recovery) (Fixed) (Total:0.39 GB) (Free:0.16 GB) NTFS
Drive e: (Push Button Reset) (Fixed) (Total:17 GB) (Free:3.91 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: D49E1276)

Partition: GPT Partition Type.

==================== End Of Log ============================

Broni · Dec 8, 2014

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Solved Computer slower than normal

Posts: 24 +0

Posts: 56,041 +516

Posts: 24 +0

Posts: 24 +0

Posts: 56,041 +516

Posts: 24 +0

Posts: 56,041 +516

Posts: 24 +0

Posts: 24 +0

Posts: 24 +0

Posts: 56,041 +516

Posts: 24 +0

Posts: 56,041 +516

Posts: 24 +0

Posts: 24 +0

Posts: 24 +0

Posts: 24 +0

Posts: 56,041 +516

Posts: 24 +0

Posts: 24 +0

Posts: 56,041 +516

Posts: 24 +0

Posts: 24 +0

Posts: 24 +0

Posts: 56,041 +516

Attachments

Similar threads