Cosstminn infected my computer

pinkfxy · Aug 2, 2014

I have tried a lot of different things to remove Cosstminn but it is still on my computer. attached are the two reports from the Farbar Recovery Scan

TwinHeadedEagle · Aug 2, 2014

Hi,

Before we begin, I want you to have this in mind:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
Please attach all report using

button below. Doing this, you make it easier for me to analyze and fix your problem.

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Right-click on

icon and select

Run as Administrator to start the tool.
Wait patiently until the main console will appear, it may take a minute or two.

In the main box please paste in the following script:

Code:

createsrpoint;
gpt.ini;z 
C:\Windows\System32\GroupPolicy;v
C:\Windows\SysWOW64\GroupPolicy;v
process;
services-list;
systemspecs;
startupall;
skipfix-iedefaults;
firefoxlook;
chromelook;
filesrcm;
installedprogs;

Make sure that Scan All Users option is checked.
Push Run Script and wait patiently. The scan may take a couple of minutes.
When the scan completes, a zoek-results logfile should open in notepad.
If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

pinkfxy · Aug 2, 2014

Thank you so much.
Here is my net report

---

Zoek.exe v5.0.0.0 Updated 31-07-2014
Tool run by Maggie on Sat 08/02/2014 at 14:38:21.64.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Maggie\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

8/2/2014 2:40:22 PM Zoek.exe System Restore Point Created Succesfully.

==== Installed Programs ======================

æTorrent
Adobe Reader X MUI
AMR Player 1.3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 2.0.3
Combined Community Codec Pack 2013-10-17
D3DX10
EA Download Manager
File Association Helper
Galer¡a de fotos
Galerie de photos
Google Chrome
Google Update Helper
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intelr Trusted Connect Service Client
iTunes
Java 7 Update 65
Java Auto Updater
MapleStory
Microsoft Application Error Reporting
Microsoft Office
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Movie Maker
MSVCRT
MSVCRT110
MSVCRT110_amd64
Nexon Game Manager
Norton AntiVirus
Norton Identity Safe
Photo Common
Photo Gallery
Qualcomm Atheros Client Installation Program
QuickTime 7
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
Shared C Run-time for x64
SkypeT 6.16
Spotify
Synaptics Pointing Device Driver
The Hyper - Browser Updater
The SimsT 3
Unity Web Player
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack

==== Running Processes ======================

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\21.4.0.13\NAV.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe
C:\Users\Maggie\AppData\Roaming\uTorrent\uTorrent.exe
C:\Users\Maggie\AppData\Roaming\Spotify\spotify.exe
C:\Users\Maggie\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\21.4.0.13\NAV.exe
C:\Users\Maggie\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Maggie\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Maggie\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Users\Maggie\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Maggie\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Maggie\Downloads\zoek.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe

==== Services (whitelist) ======================
Powered by E Dev

R2 - [Apple Mobile Device] - Apple Mobile Device - "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
R2 - [IconMan_R] - IconMan_R - "C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe"
R2 - [Intel(R) Capability Licensing Service Interface] - Intel(R) Capability Licensing Service Interface - "C:\Program Files\Intel\iCLS Client\HeciServer.exe"
R2 - [Intel(R) ME Service] - Intel(R) ME Service - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
R2 - [jhi_service] - Intel(R) Dynamic Application Loader Host Interface Service - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
R2 - [LMS] - Intel(R) Management and Security Application Local Management Service - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
R2 - [NAV] - Norton AntiVirus - "C:\Program Files (x86)\Norton AntiVirus\Engine\21.4.0.13\NAV.exe" /s "NAV" /m "C:\Program Files (x86)\Norton AntiVirus\Engine\21.4.0.13\diMaster.dll" /prefetch:1
R2 - [NCO] - Norton Identity Safe - "C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe" /s "NCO" /m "C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\diMaster.dll" /prefetch:1
R2 - [UNS] - Intel(R) Management and Security Application User Notification Service - "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
R2 - [WSearch] - Windows Search - C:\WINDOWS\system32\SearchIndexer.exe /Embedding
R3 - [VSS] - Volume Shadow Copy - C:\WINDOWS\system32\vssvc.exe
S2 - [gupdate] - Google Update Service (gupdate) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
S2 - [SkypeUpdate] - Skype Updater - "C:\Program Files (x86)\Skype\Updater\Updater.exe"
S2 - [sppsvc] - Software Protection - C:\WINDOWS\system32\sppsvc.exe
S3 - [ALG] - Application Layer Gateway Service - C:\WINDOWS\System32\alg.exe
S3 - [COMSysApp] - COM+ System Application - C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 - [cphs] - Intel(R) Content Protection HECI Service - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
S3 - [Fax] - Fax - C:\WINDOWS\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
S3 - [gupdatem] - Google Update Service (gupdatem) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - C:\WINDOWS\system32\IEEtwCollector.exe /V
S3 - [iPod Service] - iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
S3 - [MSDTC] - Distributed Transaction Coordinator - C:\WINDOWS\System32\msdtc.exe
S3 - [msiserver] - Windows Installer - C:\WINDOWS\system32\msiexec.exe /V
S3 - [PerfHost] - Performance Counter DLL Host - C:\WINDOWS\SysWow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - C:\WINDOWS\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - C:\WINDOWS\System32\snmptrap.exe
S3 - [TrustedInstaller] - Windows Modules Installer - C:\WINDOWS\servicing\TrustedInstaller.exe
S3 - [vds] - Virtual Disk - C:\WINDOWS\System32\vds.exe
S3 - [wbengine] - Block Level Backup Engine Service - "C:\WINDOWS\system32\wbengine.exe"
S3 - [WdNisSvc] - Windows Defender Network Inspection Service - "C:\Program Files\Windows Defender\NisSrv.exe"
S3 - [WinDefend] - Windows Defender Service - "C:\Program Files\Windows Defender\MsMpEng.exe"
S3 - [wmiApSrv] - WMI Performance Adapter - C:\WINDOWS\system32\wbem\WmiApSrv.exe
S3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe"

==== Folders Found ======================

==== Files Found ======================

--- C:\Windows\System32\GroupPolicy\GPT.INI ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 11
Created time: 2014-07-22 20:13:01
Modified time: 2014-07-23 02:49:10
MD5: EC3584F3DB838942EC3669DB02DC908E
SHA1: 8DCEB96874D5C6425EBB81BFEE587244C89416DA

--- C:\Windows\SysWOW64\GroupPolicy\gpt.ini ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 11
Created time: 2014-07-22 20:13:01
Modified time: 2014-07-23 02:49:10
MD5: EC3584F3DB838942EC3669DB02DC908E
SHA1: 8DCEB96874D5C6425EBB81BFEE587244C89416DA

==== Folders Found In C:\Windows\System32\GroupPolicy ======================

2014-07-22 20:13:01 d-----w- C:\Windows\System32\GroupPolicy\Machine
2014-07-22 20:13:01 d-----w- C:\Windows\System32\GroupPolicy\User

==== Files Found In C:\Windows\System32\GroupPolicy ======================

2014-07-23 02:49:10 165 ----a-w- BF233D3F32875CFCD621F531A00AA558 C:\Windows\System32\GroupPolicy\GPT.INI

==== Files Found In C:\Windows\SysWOW64\GroupPolicy ======================

2014-07-23 02:49:10 11 ----a-w- EC3584F3DB838942EC3669DB02DC908E C:\Windows\SysWOW64\GroupPolicy\gpt.ini

==== System Specs ======================

Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 3982 MB
CPU Info: Intel(R) Core(TM) i3-3120M CPU @ 2.50GHz
CPU Speed: 2495.8 MHz
Sound Card: Speakers (Realtek High Definiti |
Display Adapters: Intel(R) HD Graphics 4000 | Intel(R) HD Graphics 4000 | Intel(R) HD Graphics 4000
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Microsoft Wi-Fi Direct Virtual Adapter | Qualcomm Atheros AR9485 Wireless Network Adapter | Realtek PCIe GBE Family Controller
CD / DVD Drives: No optical drives found.
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C: 444.1GB
Hard Disks - Free: C: 359.3GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | | _ASUS_ - 1072009
Time Zone: Central Standard Time
Motherboard *: ASUSTeK COMPUTER INC. X501A
Country: United States
Language: ENU

==== System Specs (Software) ======================

Anti-Virus: Windows Defender On-access scanning disabled (Outdated)
Anti-Virus: Norton AntiVirus On-access scanning disabled (Outdated)
Anti-Spyware: Norton AntiVirus disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Default Browser: Google Chrome 36.0.1985.125
Internet Explorer Version: 11.0.9600.17207
Google Chrome version: 36.0.1985.125
Adobe Reader version: 10.0.0.396
Sun Java version: 1.7.0_65 (32-bit)

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====
====== C:\Users\Maggie\AppData\Local\Temp ====
2014-08-02 15:54:02 9FF6078C0DEA0672EAD358A1EC359F70 47796216 ----a-w- C:\Users\Maggie\AppData\Local\Temp\EAD2E5E.exe
2014-08-02 04:51:56 9FF6078C0DEA0672EAD358A1EC359F70 47796216 ----a-w- C:\Users\Maggie\AppData\Local\Temp\EADA663.exe
2014-08-02 04:32:05 9FF6078C0DEA0672EAD358A1EC359F70 47796216 ----a-w- C:\Users\Maggie\AppData\Local\Temp\EAD8274.exe
2014-08-02 04:16:43 9FF6078C0DEA0672EAD358A1EC359F70 47796216 ----a-w- C:\Users\Maggie\AppData\Local\Temp\EAD13AC.exe
====== Java Cache =====
====== C:\WINDOWS\SysWOW64 =====
2014-08-02 04:42:38 0DC5AF80D059DEC792B665ED598C6567 536576 ----a-w- C:\WINDOWS\SysWOW64\sqlite3.dll
2014-08-02 04:38:22 7F26D694BC7E78958BE38D1D9AAFC2B9 272808 ----a-w- C:\WINDOWS\SysWOW64\javaws.exe
2014-08-02 04:38:00 FFAECE8AEC1D9CCDCEC1C55C2CA450BA 175528 ----a-w- C:\WINDOWS\SysWOW64\java.exe
2014-08-02 04:38:00 67BE34FBF29E783691C713517102E67E 175528 ----a-w- C:\WINDOWS\SysWOW64\javaw.exe
2014-08-02 04:38:00 419094DF76A32252ECD70730382029ED 98216 ----a-w- C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
2014-08-02 15:46:57 DE5559AF7CB0AB0BA16F1774F7E2BA49 1784 ----a-w- C:\WINDOWS\Sysnative\.crusader
====== C:\WINDOWS\Sysnative\drivers =====
2014-08-02 15:53:16 FCE2251FE4464DCAA2F4684F19A8EE9B 32512 ----a-w- C:\WINDOWS\Sysnative\drivers\hitmanpro37.sys
2014-08-02 02:48:40 E16E2431516D904CED3946AD3FF8C86B 854 ----a-w- C:\WINDOWS\Sysnative\drivers\SYMEVENT64x86.INF
2014-08-02 02:48:40 97E11C50CE52277B377396EA8838E539 177752 ----a-w- C:\WINDOWS\Sysnative\drivers\SYMEVENT64x86.SYS
2014-08-02 02:48:40 7846ED59291A134CC5DD017C6EC7B433 8222 ----a-w- C:\WINDOWS\Sysnative\drivers\SYMEVENT64x86.CAT
2014-07-22 20:55:09 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\WINDOWS\Sysnative\drivers\Msft_Kernel_webinstr_01009.Wdf
2014-07-10 04:23:01 374E27295F0A9DCAA8FC96370F9BEEA5 563200 ----a-w- C:\WINDOWS\Sysnative\drivers\afd.sys
2014-07-10 04:22:56 1CD3A907D64D08F49208DA00B69BF35E 565576 ----a-w- C:\WINDOWS\Sysnative\drivers\cng.sys
====== C:\WINDOWS\Tasks ======
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2014-08-02 04:38:26 -------- d-----w- C:\PROGRA~2\COMMON~1\Java
2014-08-02 04:37:44 -------- d-----w- C:\PROGRA~2\Java
2014-07-30 22:08:42 -------- d-----w- C:\PROGRA~2\Anvisoft
2014-07-25 21:27:21 -------- d-----w- C:\PROGRA~2\Toontown Infinite
2014-07-22 20:10:44 4216840 ----a-w- C:\PROGRA~2\COMMON~1\vcredist.exe
2014-07-22 20:10:33 -------- d-----w- C:\PROGRA~2\XZip
======= C: =====
2014-07-23 02:44:33 6C94EA5D4AFA4680450FFDA4731D779D 269 ----a-w- C:\cleaner.bat
====== C:\Users\Maggie\AppData\Roaming ======
2014-08-02 03:59:54 -------- d-----w- C:\Users\Maggie\AppData\Local\NPE
2014-07-29 02:19:15 -------- d-----w- C:\Users\Maggie\AppData\Locallow\{79981CEF-2BF0-8B90-F2C0-EF372127BB7F}
2014-07-22 20:13:14 -------- d-----w- C:\Users\Maggie\AppData\Local\Hyper - Browser
2014-07-22 20:13:04 -------- d-----w- C:\Users\Maggie\AppData\Locallow\{959A946F-578B-B3E8-7AB7-EB21EE46DADE}
2014-07-22 20:12:57 -------- d-----w- C:\Users\Maggie\AppData\Local\Comodo
2014-07-22 20:12:56 -------- d-----w- C:\Users\Guest\AppData\Local\Comodo
2014-07-22 20:12:56 -------- d-----w- C:\Users\Administrator\AppData\Local\Comodo
2014-07-22 20:12:55 -------- d-----w- C:\Users\Guest\AppData\Local\Google
2014-07-22 20:12:53 -------- d-----w- C:\Users\Administrator\AppData\Local\Google
2014-07-11 01:23:04 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Roaming\Microsoft
====== C:\Users\Maggie ======
2014-08-02 18:50:25 83C0AF64AC7B777A61C13E608D9B4CC6 2094080 ----a-w- C:\Users\Maggie\Downloads\FRST64.exe
2014-08-02 15:36:34 -------- d-----w- C:\ProgramData\HitmanPro
2014-08-02 15:36:01 0C20503483D6FBAF0DF97D7043BB5583 11188736 ----a-w- C:\Users\Maggie\Downloads\HitmanPro_x64.exe
2014-08-02 05:00:56 E9AC5617A2EE3F03E3D863D46180ED36 7281816 ----a-w- C:\Users\Maggie\Downloads\FinallyFast.setup.exe
2014-08-02 04:38:00 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-02 04:36:56 C9D490D6D602309F182DFE7304100930 918952 ----a-w- C:\Users\Maggie\Downloads\chromeinstall-7u65.exe
2014-08-02 02:49:21 -------- d-----w- C:\ProgramData\NCOTEMP
2014-08-02 02:43:11 69D677CC114614591B4E78E5F542DEA0 218966928 ------w- C:\Users\Maggie\Downloads\NAV-TW-21.1.0-EN-US.exe
2014-07-30 22:08:51 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2014-07-30 22:06:38 830AE101F17B6D0AA4B050F0A2A6E4F1 16419032 ----a-w- C:\Users\Maggie\Downloads\csbsetup.exe
2014-07-25 23:11:40 B4EE1E69088FEE77EB7D855C8F2FEE29 33096964 ----a-w- C:\Users\Maggie\Downloads\ToontownInfinite_test (3).exe
2014-07-25 22:42:25 B4EE1E69088FEE77EB7D855C8F2FEE29 33096964 ----a-w- C:\Users\Maggie\Downloads\ToontownInfinite_test (2).exe
2014-07-25 21:52:21 B4EE1E69088FEE77EB7D855C8F2FEE29 33096964 ----a-w- C:\Users\Maggie\Downloads\ToontownInfinite_test (1).exe
2014-07-25 21:26:42 B4EE1E69088FEE77EB7D855C8F2FEE29 33096964 ----a-w- C:\Users\Maggie\Downloads\ToontownInfinite_test.exe
2014-07-22 20:13:08 -------- d-----w- C:\ProgramData\d775806c017ee32e
2014-07-22 20:13:04 075B0DA82E23780FA2DD7F2EA0464FD4 258 --sha-r- C:\ProgramData\ntuser.pol
2014-07-22 20:12:55 -------- d-----w- C:\Users\Guest\AppData
2014-07-22 20:12:53 -------- d-----w- C:\Users\Administrator\AppData
2014-07-22 20:10:18 4012E171FEEBF368066C36E79185B253 405768 ----a-w- C:\Users\Maggie\Downloads\XZipInst.exe
2014-07-22 20:05:49 29702C25639B549AC5221E546545D56B 728960 ----a-w- C:\Users\Maggie\Downloads\SpyHunter-Installer.exe
2014-07-21 17:43:32 -------- d-----r- C:\WINDOWS\SysNative\config\systemprofile\Searches

====== C: exe-files ==
2014-08-02 19:39:34 5E45752ED5858FF536A3175F2349159B 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-346830145-1342133206-2450470605-1001\$IYB54DZ.exe
2014-08-02 19:39:32 5F897AFEA66EB810AF48F906D8FF835E 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-346830145-1342133206-2450470605-1001\$IA9HHG9.exe
2014-08-02 19:37:11 B1CE6F75DC00164869021F4FAD45D149 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-346830145-1342133206-2450470605-1001\$IYEIL10.exe
2014-08-02 19:37:11 8CB4290356F891F950A273E1895D8794 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-346830145-1342133206-2450470605-1001\$IBJ04JZ.exe
2014-08-02 19:37:11 5115BE795562F1D2D207F95E697AAE37 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-346830145-1342133206-2450470605-1001\$IP96IYJ.exe
2014-08-02 18:50:25 83C0AF64AC7B777A61C13E608D9B4CC6 2094080 ----a-w- C:\Users\Maggie\Downloads\FRST64.exe
2014-08-02 15:54:02 9FF6078C0DEA0672EAD358A1EC359F70 47796216 ----a-w- C:\Users\Maggie\AppData\Local\Temp\EAD2E5E.exe
2014-08-02 15:36:01 0C20503483D6FBAF0DF97D7043BB5583 11188736 ----a-w- C:\Users\Maggie\Downloads\HitmanPro_x64.exe
2014-08-02 05:00:56 E9AC5617A2EE3F03E3D863D46180ED36 7281816 ----a-w- C:\Users\Maggie\Downloads\FinallyFast.setup.exe
2014-08-02 04:51:56 9FF6078C0DEA0672EAD358A1EC359F70 47796216 ----a-w- C:\Users\Maggie\AppData\Local\Temp\EADA663.exe
2014-08-02 04:41:30 065B9F528580B2C8A54E9A14C6890685 1361309 ----a-w- C:\$Recycle.Bin\S-1-5-21-346830145-1342133206-2450470605-1001\$RYB54DZ.exe
2014-08-02 04:38:22 7F26D694BC7E78958BE38D1D9AAFC2B9 272808 ----a-w- C:\Windows\SysWOW64\javaws.exe
2014-08-02 04:38:00 FFAECE8AEC1D9CCDCEC1C55C2CA450BA 175528 ----a-w- C:\Windows\SysWOW64\java.exe
2014-08-02 04:38:00 67BE34FBF29E783691C713517102E67E 175528 ----a-w- C:\Windows\SysWOW64\javaw.exe
2014-08-02 04:37:49 91B7F0DA8B6C52096CFD8B738F3D3D24 16808 ----a-w- C:\Program Files (x86)\Java\jre7\bin\tnameserv.exe
2014-08-02 04:37:49 04390E59F4EA447B05B3B31DA4CB23FF 145832 ----a-w- C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
2014-08-02 04:37:48 F67B94393ADB74B6616CFEECD1171EFE 68008 ----a-w- C:\Program Files (x86)\Java\jre7\bin\javacpl.exe
2014-08-02 04:37:48 CBBC0857D6E677362AADD3C54FFD6E50 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\rmid.exe
2014-08-02 04:37:48 A980296E1EC9921356F0D8AD06A6EF9C 182696 ----a-w- C:\Program Files (x86)\Java\jre7\bin\jqs.exe
2014-08-02 04:37:48 992B9F82FE3364B1DE57DD1FA09DC590 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\servertool.exe
2014-08-02 04:37:48 9538F45F86C30E9AB73E9159BA55FE2B 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\keytool.exe
2014-08-02 04:37:48 7F26D694BC7E78958BE38D1D9AAFC2B9 272808 ----a-w- C:\Program Files (x86)\Java\jre7\bin\javaws.exe
2014-08-02 04:37:48 7EF928D407D281E66C248AC323995F6E 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\klist.exe
2014-08-02 04:37:48 74F08806423063B1ABD3B79958DA8B22 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\pack200.exe
2014-08-02 04:37:48 731F0F68BD4B24C96539E7041162F4B5 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\kinit.exe
2014-08-02 04:37:48 67BE34FBF29E783691C713517102E67E 175528 ----a-w- C:\Program Files (x86)\Java\jre7\bin\javaw.exe
2014-08-02 04:37:48 550D282FDE001860D09544DCE6F3B218 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\ktab.exe
2014-08-02 04:37:48 51CCA1D8C86EEDD01E962F54AD0A40A3 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\rmiregistry.exe
2014-08-02 04:37:48 4A9C9EB33EC6779E2B8A1CDAB6B22E75 75688 ----a-w- C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe
2014-08-02 04:37:48 24A247CB63FE3A5DEC8E1070F9D49ECE 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\policytool.exe
2014-08-02 04:37:48 131EE1B71F6F770AB6820FD383BC184E 50088 ----a-w- C:\Program Files (x86)\Java\jre7\bin\ssvagent.exe
2014-08-02 04:37:48 09AD1CE65816D427E12A564A24F3FE11 16808 ----a-w- C:\Program Files (x86)\Java\jre7\bin\orbd.exe
2014-08-02 04:37:47 FFAECE8AEC1D9CCDCEC1C55C2CA450BA 175528 ----a-w- C:\Program Files (x86)\Java\jre7\bin\java.exe
2014-08-02 04:37:47 C626BC51E0149090DDBA9A98C5E27689 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\java-rmi.exe
2014-08-02 04:37:47 6A81137F68B0A8815B9BE3BE11F29CCE 48040 ----a-w- C:\Program Files (x86)\Java\jre7\bin\jabswitch.exe
2014-08-02 04:37:15 3842C46F2FBC7522EF625F1833530804 145408 ----a-w- C:\Users\Maggie\AppData\LocalLow\Sun\Java\jre1.7.0_65\lzma.exe
2014-08-02 04:36:56 C9D490D6D602309F182DFE7304100930 918952 ----a-w- C:\Users\Maggie\Downloads\chromeinstall-7u65.exe
2014-08-02 04:32:05 9FF6078C0DEA0672EAD358A1EC359F70 47796216 ----a-w- C:\Users\Maggie\AppData\Local\Temp\EAD8274.exe
2014-08-02 04:16:43 9FF6078C0DEA0672EAD358A1EC359F70 47796216 ----a-w- C:\Users\Maggie\AppData\Local\Temp\EAD13AC.exe
2014-08-02 02:43:11 69D677CC114614591B4E78E5F542DEA0 218966928 ------w- C:\Users\Maggie\Downloads\NAV-TW-21.1.0-EN-US.exe
2014-07-30 22:06:38 830AE101F17B6D0AA4B050F0A2A6E4F1 16419032 ----a-w- C:\Users\Maggie\Downloads\csbsetup.exe
=== C: other files ==
2014-08-02 19:39:13 A12F9C2AAAF5AF827A72A97F03580D34 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-346830145-1342133206-2450470605-1001\$ISD69G2.zip
2014-08-02 15:53:16 FCE2251FE4464DCAA2F4684F19A8EE9B 32512 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys
2014-08-02 14:52:19 0510396A957E9FD7205BA62D3CAE4528 162392 ----a-w- C:\Windows\System32\drivers\NSTx64\7DE07030.00C\ccsetx64.sys
2014-08-02 10:51:44 0510396A957E9FD7205BA62D3CAE4528 162392 ----a-w- C:\Windows\System32\drivers\NSTx64\7DE07000.02F\ccsetx64.sys
2014-08-02 06:50:43 0510396A957E9FD7205BA62D3CAE4528 162392 ----a-w- C:\Windows\System32\drivers\NSTx64\7DE07000.02B\ccsetx64.sys
2014-08-02 04:37:49 C17BF24D0FEB42E51B0C961030CB5F36 18650 ----a-w- C:\Program Files (x86)\Java\jre7\lib\deploy\ffjcext.zip
2014-08-02 03:57:57 F718A57D946EAC76EFCB351D74E269F4 875736 ----a-w- C:\Windows\System32\drivers\NAVx64\1504000.00D\srtsp64.sys
2014-08-02 03:57:57 B18CE01B9C09C59422BA7C7064248B35 36952 ----a-r- C:\Windows\System32\drivers\NAVx64\1504000.00D\srtspx64.sys
2014-08-02 03:57:57 9F31630D7FC2DD9D5DA1CE359AAD1F46 1148120 ----a-w- C:\Windows\System32\drivers\NAVx64\1504000.00D\symefa64.sys
2014-08-02 03:57:57 5C9EE2303CA7F267665D75237862B39C 493656 ----a-r- C:\Windows\System32\drivers\NAVx64\1504000.00D\symds64.sys
2014-08-02 03:57:57 5570A74FF9B1EFBC5154DD1E2F05C517 593112 ----a-w- C:\Windows\System32\drivers\NAVx64\1504000.00D\symnets.sys
2014-08-02 03:57:57 48C2934683CBD06F662B088EEF49EF6A 264280 ----a-r- C:\Windows\System32\drivers\NAVx64\1504000.00D\ironx64.sys
2014-08-02 03:57:57 20F758E6339A16F97DD83389D582E09A 23568 ----a-r- C:\Windows\System32\drivers\NAVx64\1504000.00D\symelam.sys
2014-08-02 03:57:57 0510396A957E9FD7205BA62D3CAE4528 162392 ----a-r- C:\Windows\System32\drivers\NAVx64\1504000.00D\ccsetx64.sys
2014-08-02 02:49:16 0510396A957E9FD7205BA62D3CAE4528 162392 ----a-r- C:\Windows\System32\drivers\NSTx64\7DE06000.01B\ccSetx64.sys
2014-08-02 02:48:40 97E11C50CE52277B377396EA8838E539 177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2014-08-02 02:48:39 20F758E6339A16F97DD83389D582E09A 23568 ----a-r- C:\Windows\ELAMBKUP\SYMELAM.SYS

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-346830145-1342133206-2450470605-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="C:\Users\Maggie\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED"
"Spotify"="C:\Users\Maggie\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart"
"Spotify Web Helper"="C:\Users\Maggie\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"EA Core"="C:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"ASUSPRP"="C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="C:\Users\Maggie\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED"
"Spotify"="C:\Users\Maggie\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart"
"Spotify Web Helper"="C:\Users\Maggie\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"EA Core"="C:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe"
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe"
"Persistence"="C:\WINDOWS\system32\igfxpers.exe"
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"FAHConsole"="C:\Program Files\File Association Helper\FAHConsole.exe"

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe []
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe []

==== Other Scheduled Tasks ======================

"C:\WINDOWS\SysNative\tasks\Adobe online update program" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\Java Update Scheduler" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe]
"C:\WINDOWS\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton AntiVirus\Engine\21.4.0.13\WSCStub.exe"]
"C:\WINDOWS\SysNative\tasks\Synaptics TouchPad Enhancements" ["C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"]
"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{B561A3F8-4B12-4CC6-B44D-ED2E4803EDAD}" [C:\WINDOWS\system32\msfeedssync.exe]
"C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\WINDOWS\SysNative\tasks\Norton AntiVirus\Norton Error Analyzer" [C:\Program Files (x86)\Norton AntiVirus\Engine\21.4.0.13\SymErr.exe]
"C:\WINDOWS\SysNative\tasks\Norton AntiVirus\Norton Error Processor" [C:\Program Files (x86)\Norton AntiVirus\Engine\21.4.0.13\SymErr.exe]
"C:\WINDOWS\SysNative\tasks\Norton Identity Safe\Norton Error Analyzer" [C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe]
"C:\WINDOWS\SysNative\tasks\Norton Identity Safe\Norton Error Processor" [C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{F04D2D30-776C-4d02-8627-8E4385ECA58D}"="C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn" [08/02/2014 10:53 AM]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
nppllibpnmahfaklnpggkibhkapjkeob - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\Exts\Chrome.crx[10/05/2013 10:26 PM]

cosstminn - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pknmknoembocpookcjcmojhbjhkegjao
cosstminn - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pknmknoembocpookcjcmojhbjhkegjao
cosstminn - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pknmknoembocpookcjcmojhbjhkegjao
cosstminn - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pknmknoembocpookcjcmojhbjhkegjao
cosstminn - Maggie\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pknmknoembocpookcjcmojhbjhkegjao
Google Voice Search Hotword (Beta) - Maggie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
XKit - Maggie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd
Google Wallet - Maggie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Norton Identity Protection - Maggie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob
cosstminn - Maggie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pknmknoembocpookcjcmojhbjhkegjao
cosstminn - Maggie\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pknmknoembocpookcjcmojhbjhkegjao

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Start Page Redirect Cache"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Start Page Redirect Cache"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} Google Url="http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on Sat 08/02/2014 at 14:49:44.42 ======================

TwinHeadedEagle · Aug 2, 2014

Very good

Scan with ZOEK

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Right-click on

icon and select

Run as Administrator to start the tool.
Wait patiently until the main console will appear, it may take a minute or two.

In the main box please paste in the following script:

Code:

createsrpoint;
C:\Windows\System32\GroupPolicy\GPT.INI;f
C:\Windows\SysWOW64\GroupPolicy\gpt.ini;f
C:\Windows\System32\GroupPolicy\Machine;fs
C:\Windows\System32\GroupPolicy\User;fs
C:\Users\Maggie\AppData\Local\Hyper - Browser;fs
The Hyper - Browser Updater;u
pknmknoembocpookcjcmojhbjhkegjao;chr
autoclean;
emptyalltemp;
ipconfig /flushdns;b

Make sure that Scan All Users option is checked.
Push Run Script and wait patiently. The scan may take a couple of minutes.
When the scan completes, a zoek-results logfile should open in notepad.
If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

***** NEXT *****

Run FRST again, check Addition.txt, press Scan and attach both reports.

pinkfxy · Aug 2, 2014

This is my report from the Zoek scan

--

Zoek.exe v5.0.0.0 Updated 31-07-2014
Tool run by Maggie on Sat 08/02/2014 at 16:03:20.42.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Maggie\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-08-02-194944.log 31440 bytes

==== System Restore Info ======================

8/2/2014 4:04:31 PM Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Batch Command(s) Run By Tool======================

==== Deleting Files \ Folders ======================

C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\Users\Maggie\AppData\Local\Hyper - Browser deleted
C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} deleted
C:\Users\Maggie\AppData\LocalLow\{79981CEF-2BF0-8B90-F2C0-EF372127BB7F} deleted
C:\Users\Maggie\AppData\Local\Packages\windows_ie_ac_001\AC\{79981CEF-2BF0-8B90-F2C0-EF372127BB7F} deleted
C:\PROGRA~3\d775806c017ee32e deleted
C:\PROGRA~3\MiniApp deleted
C:\PROGRA~3\SetStretch.VBS deleted
C:\PROGRA~3\InstallMate deleted
C:\Users\Maggie\AppData\Local\CRE deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\Maggie\Downloads\avg_free_stb_all_2014_4158_cnet.exe deleted
C:\Users\Maggie\Searches deleted
C:\Users\Maggie\Downloads\SoftonicDownloader_for_painttool-sai (1).exe deleted
C:\Users\Maggie\Downloads\SoftonicDownloader_for_painttool-sai (2).exe deleted
C:\Users\Maggie\Downloads\SoftonicDownloader_for_painttool-sai.exe deleted
C:\WINDOWS\wininit.ini deleted
C:\WINDOWS\SysNative\config\systemprofile\Searches deleted
"C:\windows\SysNative\GroupPolicy\GPT.INI" deleted
"C:\Windows\SysWOW64\GroupPolicy\gpt.ini" deleted
"C:\Users\Maggie\AppData\Local\{C68F4A96-3F2D-4265-BFA7-C8E60AD6364A}" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{F04D2D30-776C-4d02-8627-8E4385ECA58D}"="C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn" [08/02/2014 10:53 AM]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
nppllibpnmahfaklnpggkibhkapjkeob - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\Exts\Chrome.crx[10/05/2013 10:26 PM]

cosstminn - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pknmknoembocpookcjcmojhbjhkegjao
cosstminn - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pknmknoembocpookcjcmojhbjhkegjao
cosstminn - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pknmknoembocpookcjcmojhbjhkegjao
cosstminn - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pknmknoembocpookcjcmojhbjhkegjao
cosstminn - Maggie\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pknmknoembocpookcjcmojhbjhkegjao
Google Voice Search Hotword (Beta) - Maggie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
XKit - Maggie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd
Google Wallet - Maggie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Norton Identity Protection - Maggie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob
cosstminn - Maggie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pknmknoembocpookcjcmojhbjhkegjao
cosstminn - Maggie\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pknmknoembocpookcjcmojhbjhkegjao

==== Chrome Fix ======================

C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage deleted successfully
C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal deleted successfully
C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricsmode.com_0.localstorage deleted successfully
C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricsmode.com_0.localstorage-journal deleted successfully
C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage deleted successfully
C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage-journal deleted successfully
C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.songlyrics.com_0.localstorage deleted successfully
C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.songlyrics.com_0.localstorage-journal deleted successfully
C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully
C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully
C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.taxifarefinder.com_0.localstorage deleted successfully
C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.taxifarefinder.com_0.localstorage-journal deleted successfully
C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage deleted successfully
C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage-journal deleted successfully
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pknmknoembocpookcjcmojhbjhkegjao deleted successfully
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pknmknoembocpookcjcmojhbjhkegjao deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pknmknoembocpookcjcmojhbjhkegjao deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pknmknoembocpookcjcmojhbjhkegjao deleted successfully
C:\Users\Maggie\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pknmknoembocpookcjcmojhbjhkegjao deleted successfully
C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pknmknoembocpookcjcmojhbjhkegjao deleted successfully
C:\Users\Maggie\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pknmknoembocpookcjcmojhbjhkegjao deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Start Page Redirect Cache"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Start Page Redirect Cache"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page Redirect Cache"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page Redirect Cache"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} Google Url="http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-346830145-1342133206-2450470605-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{93ec97bf-fe43-4bca-a735-5c5d6a0a40c4} deleted successfully
HKEY_USERS\S-1-5-21-346830145-1342133206-2450470605-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{93ec97bf-fe43-4bca-a735-5c5d6a0a40c4} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{93ec97bf-fe43-4bca-a735-5c5d6a0a40c4} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93ec97bf-fe43-4bca-a735-5c5d6a0a40c4} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-346830145-1342133206-2450470605-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{93ec97bf-fe43-4bca-a735-5c5d6a0a40c4} deleted successfully
HKEY_USERS\S-1-5-21-346830145-1342133206-2450470605-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{93ec97bf-fe43-4bca-a735-5c5d6a0a40c4} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{93ec97bf-fe43-4bca-a735-5c5d6a0a40c4} deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\fa8025c2-3168-41a4-be31-2dc80580ea2b deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\The Hyper - Browser Updater deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Maggie\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Maggie\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=99 folders=30 12722193 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Maggie\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Maggie\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Sat 08/02/2014 at 16:30:22.12 ======================

here is the FRST scan

--

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by Maggie (administrator) on ENDER on 02-08-2014 16:34:49
Running from C:\Users\Maggie\Downloads
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.4.0.13\nav.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.4.0.13\nav.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(BitTorrent Inc.) C:\Users\Maggie\AppData\Roaming\uTorrent\uTorrent.exe
(Spotify Ltd) C:\Users\Maggie\AppData\Roaming\Spotify\spotify.exe
(Spotify Ltd) C:\Users\Maggie\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\APRP\aprp.exe
() C:\Users\Maggie\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Maggie\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Maggie\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Maggie\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Maggie\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17200_none_fa7026dd9b04586e\TiWorker.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13197456 2012-09-28] (Realtek Semiconductor)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2012-11-23] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [fst_us_171] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-346830145-1342133206-2450470605-1001\...\Run: [uTorrent] => C:\Users\Maggie\AppData\Roaming\uTorrent\uTorrent.exe [1322832 2014-06-29] (BitTorrent Inc.)
HKU\S-1-5-21-346830145-1342133206-2450470605-1001\...\Run: [Spotify] => C:\Users\Maggie\AppData\Roaming\Spotify\Spotify.exe [6162488 2014-07-22] (Spotify Ltd)
HKU\S-1-5-21-346830145-1342133206-2450470605-1001\...\Run: [Spotify Web Helper] => C:\Users\Maggie\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-22] (Spotify Ltd)
HKU\S-1-5-21-346830145-1342133206-2450470605-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-346830145-1342133206-2450470605-1001\...\Run: [EA Core] => C:\Program Files (x86)\Electronic Arts\EADM\Core.exe [3325952 2009-03-28] (Electronic Arts)
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

URLSearchHook: HKLM-x32 - (No Name) - {93ec97bf-fe43-4bca-a735-5c5d6a0a40c4} - No File
SearchScopes: HKCU - DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\21.4.0.13\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Maggie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF [2014-08-01]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn [2014-08-02]

Chrome:
=======
CHR HomePage:
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (XKit) - C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2014-07-22]
CHR Extension: (Google Wallet) - C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-18]
CHR Extension: (Norton Identity Protection) - C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2014-08-01]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\Exts\Chrome.crx [2014-08-02]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.4.0.13\NAV.exe [262968 2014-06-27] (Symantec Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe [129424 2013-10-05] (Symantec Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ATP; C:\Windows\System32\drivers\AsusTP.sys [62848 2012-11-20] (ASUS Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20140718.001\BHDrvx64.sys [1530160 2014-07-18] (Symantec Corporation)
R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1504000.00D\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE06000.01B\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-08-01] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-08-01] (Symantec Corporation)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [32512 2014-08-02] ()
R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20140731.001\IDSvia64.sys [525016 2014-07-31] (Symantec Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
S3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20140801.018\ENG64.SYS [126040 2014-08-01] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20140801.018\EX64.SYS [2099288 2014-08-01] (Symantec Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-20] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1504000.00D\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1504000.00D\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NAVx64\1504000.00D\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1504000.00D\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NAVx64\1504000.00D\SymELAM.sys [23568 2013-09-09] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-08-01] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1504000.00D\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1504000.00D\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-02 16:22 - 2014-08-02 16:02 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-08-02 16:04 - 2014-08-02 14:49 - 00031440 _____ () C:\zoek-results2014-08-02-194944.log
2014-08-02 14:40 - 2014-08-02 16:30 - 00013708 _____ () C:\zoek-results.log
2014-08-02 14:36 - 2014-08-02 16:19 - 00000000 ____D () C:\zoek_backup
2014-08-02 14:36 - 2014-08-02 14:36 - 04102729 _____ () C:\Users\Maggie\Downloads\zoek.zip
2014-08-02 14:36 - 2014-08-02 14:36 - 04102729 _____ () C:\Users\Maggie\Downloads\zoek (1).zip
2014-08-02 14:36 - 2014-08-02 14:36 - 01287168 _____ () C:\Users\Maggie\Downloads\zoek.exe
2014-08-02 14:01 - 2014-08-02 14:01 - 00045036 _____ () C:\Users\Maggie\Downloads\FRST 1.txt
2014-08-02 13:52 - 2014-08-02 14:01 - 00029811 _____ () C:\Users\Maggie\Downloads\Addition.txt
2014-08-02 13:50 - 2014-08-02 16:35 - 00016690 _____ () C:\Users\Maggie\Downloads\FRST.txt
2014-08-02 13:50 - 2014-08-02 16:34 - 00000000 ____D () C:\FRST
2014-08-02 13:50 - 2014-08-02 13:50 - 02094080 _____ (Farbar) C:\Users\Maggie\Downloads\FRST64.exe
2014-08-02 10:53 - 2014-08-02 10:53 - 00032512 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2014-08-02 10:46 - 2014-08-02 10:46 - 00001784 _____ () C:\WINDOWS\system32\.crusader
2014-08-02 10:36 - 2014-08-02 10:46 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-02 10:36 - 2014-08-02 10:36 - 11188736 _____ (SurfRight B.V.) C:\Users\Maggie\Downloads\HitmanPro_x64.exe
2014-08-02 01:49 - 2014-08-02 01:49 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Identity Safe
2014-08-02 00:00 - 2014-08-02 00:01 - 07281816 _____ () C:\Users\Maggie\Downloads\FinallyFast.setup.exe
2014-08-01 23:42 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-08-01 23:41 - 2014-08-01 23:44 - 00000000 ____D () C:\AdwCleaner
2014-08-01 23:38 - 2014-08-01 23:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-01 23:38 - 2014-08-01 23:37 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-08-01 23:38 - 2014-08-01 23:37 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-08-01 23:38 - 2014-08-01 23:37 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-08-01 23:38 - 2014-08-01 23:37 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-08-01 23:37 - 2014-08-01 23:37 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-01 23:36 - 2014-08-01 23:36 - 00918952 _____ (Oracle Corporation) C:\Users\Maggie\Downloads\chromeinstall-7u65.exe
2014-08-01 23:04 - 2014-08-01 23:16 - 00000000 ____D () C:\NPE
2014-08-01 23:03 - 2014-08-02 16:25 - 00005600 _____ () C:\WINDOWS\PFRO.log
2014-08-01 23:00 - 2014-08-01 23:00 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton AntiVirus
2014-08-01 22:59 - 2014-08-01 23:37 - 00000000 ____D () C:\Users\Maggie\AppData\Local\NPE
2014-08-01 21:49 - 2014-08-01 21:49 - 00000000 ____D () C:\ProgramData\NCOTEMP
2014-08-01 21:48 - 2014-08-02 09:52 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NSTx64
2014-08-01 21:48 - 2014-08-01 23:00 - 00003218 _____ () C:\WINDOWS\System32\Tasks\Norton WSC Integration
2014-08-01 21:48 - 2014-08-01 21:48 - 00177752 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2014-08-01 21:48 - 2014-08-01 21:48 - 00008222 _____ () C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2014-08-01 21:48 - 2014-08-01 21:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
2014-08-01 21:48 - 2014-08-01 21:48 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-08-01 21:48 - 2014-08-01 21:48 - 00000000 ____D () C:\Program Files (x86)\Norton Identity Safe
2014-08-01 21:46 - 2014-08-01 23:00 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
2014-08-01 21:46 - 2014-08-01 23:00 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NAVx64
2014-08-01 21:46 - 2014-08-01 23:00 - 00000000 ____D () C:\ProgramData\Norton
2014-08-01 21:46 - 2014-08-01 21:46 - 00000000 ____D () C:\Program Files (x86)\Norton AntiVirus
2014-08-01 21:43 - 2014-08-01 21:45 - 218966928 ____N (Symantec Corporation) C:\Users\Maggie\Downloads\NAV-TW-21.1.0-EN-US.exe
2014-07-31 10:01 - 2014-07-31 10:01 - 00152647 _____ () C:\Users\Maggie\Downloads\tchaikovsky_swan_lake_05_(c)lucarelli.mid
2014-07-30 19:15 - 2014-08-02 16:34 - 00275815 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-30 17:08 - 2014-08-01 23:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2014-07-30 17:08 - 2014-08-01 23:39 - 00000000 ____D () C:\Program Files (x86)\Anvisoft
2014-07-30 17:06 - 2014-07-30 17:07 - 16419032 _____ (Anvisoft) C:\Users\Maggie\Downloads\csbsetup.exe
2014-07-30 14:23 - 2014-07-30 14:23 - 00284352 _____ () C:\WINDOWS\Minidump\073014-71890-01.dmp
2014-07-25 18:11 - 2014-07-25 18:11 - 33096964 _____ () C:\Users\Maggie\Downloads\ToontownInfinite_test (3).exe
2014-07-25 17:42 - 2014-07-25 17:42 - 33096964 _____ () C:\Users\Maggie\Downloads\ToontownInfinite_test (2).exe
2014-07-25 16:52 - 2014-07-25 16:52 - 33096964 _____ () C:\Users\Maggie\Downloads\ToontownInfinite_test (1).exe
2014-07-25 16:41 - 2014-07-25 16:41 - 00284352 _____ () C:\WINDOWS\Minidump\072514-95906-01.dmp
2014-07-25 16:27 - 2014-07-25 18:13 - 00002085 _____ () C:\Users\Maggie\Desktop\Toontown Infinite Test.lnk
2014-07-25 16:27 - 2014-07-25 16:27 - 00000000 ____D () C:\Program Files (x86)\Toontown Infinite
2014-07-25 16:26 - 2014-07-25 16:27 - 33096964 _____ () C:\Users\Maggie\Downloads\ToontownInfinite_test.exe
2014-07-23 18:15 - 2014-07-23 18:15 - 00267144 _____ () C:\Users\Maggie\Downloads\H82T3iKs.htm
2014-07-22 21:44 - 2014-07-22 21:44 - 00000269 _____ () C:\cleaner.bat
2014-07-22 21:40 - 2014-07-22 21:40 - 00284408 _____ () C:\WINDOWS\Minidump\072214-79406-01.dmp
2014-07-22 15:55 - 2014-07-22 15:55 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
2014-07-22 15:17 - 2014-07-22 15:17 - 00284296 _____ () C:\WINDOWS\Minidump\072214-91984-01.dmp
2014-07-22 15:13 - 2014-08-02 16:25 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-07-22 15:12 - 2014-07-22 15:12 - 01921872 _____ (Bandoo Media Inc) C:\Users\Maggie\Downloads\Unconfirmed 23174.crdownload
2014-07-22 15:12 - 2014-07-22 15:12 - 00000000 ____D () C:\Users\Maggie\AppData\Local\Comodo
2014-07-22 15:12 - 2014-07-22 15:12 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-07-22 15:12 - 2014-07-22 15:12 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-07-22 15:12 - 2014-07-22 15:12 - 00000000 ____D () C:\Users\Guest
2014-07-22 15:12 - 2014-07-22 15:12 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-22 15:12 - 2014-07-22 15:12 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-07-22 15:12 - 2014-07-22 15:12 - 00000000 ____D () C:\Users\Administrator
2014-07-22 15:10 - 2014-07-22 21:44 - 00000000 ____D () C:\Program Files (x86)\XZip
2014-07-22 15:10 - 2014-07-22 15:10 - 00405768 _____ (Company limited) C:\Users\Maggie\Downloads\XZipInst.exe
2014-07-22 15:05 - 2014-07-22 15:06 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Maggie\Downloads\SpyHunter-Installer.exe
2014-07-22 11:54 - 2014-07-22 11:54 - 00288720 _____ () C:\WINDOWS\Minidump\072214-82812-01.dmp
2014-07-21 18:16 - 2014-07-21 18:16 - 00011178 _____ () C:\Users\Maggie\Downloads\James Vincent McMorrow - Gold (live on triple j).aup
2014-07-21 18:16 - 2014-07-21 18:16 - 00000000 ____D () C:\Users\Maggie\Downloads\James Vincent McMorrow - Gold (live on triple j)_data
2014-07-21 16:40 - 2014-07-21 16:40 - 31584262 _____ () C:\Users\Maggie\Documents\Gold (Live) - James Vincent Mcmorrow.wav
2014-07-16 00:31 - 2014-07-16 00:31 - 00000000 ____D () C:\Users\Maggie\Downloads\tumblr
2014-07-12 21:55 - 2014-07-12 21:55 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-10 20:35 - 2014-07-10 20:35 - 16619550 _____ () C:\Users\Maggie\Downloads\Free! - lets take off the swimsuit in the bath [MakoHaru] (eng) (1).rar
2014-07-10 20:33 - 2014-07-10 20:33 - 16619550 _____ () C:\Users\Maggie\Downloads\Free! - lets take off the swimsuit in the bath [MakoHaru] (eng).rar
2014-07-10 17:24 - 2014-04-13 22:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-10 10:57 - 2014-06-30 17:45 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-07-10 10:57 - 2014-06-28 02:48 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-07-10 10:57 - 2014-06-28 02:07 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-07-09 23:23 - 2014-06-18 20:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-09 23:23 - 2014-06-18 19:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-09 23:23 - 2014-06-18 19:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-09 23:23 - 2014-06-18 19:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-09 23:23 - 2014-06-18 18:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-09 23:23 - 2014-06-18 18:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-09 23:23 - 2014-06-18 18:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-09 23:23 - 2014-06-18 18:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-09 23:23 - 2014-06-18 18:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-09 23:23 - 2014-06-18 18:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-09 23:23 - 2014-06-18 18:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-09 23:23 - 2014-06-18 18:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-09 23:23 - 2014-06-18 18:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-09 23:23 - 2014-06-18 17:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-09 23:23 - 2014-06-18 17:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-09 23:23 - 2014-06-18 17:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-09 23:23 - 2014-06-18 17:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-09 23:23 - 2014-06-18 17:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-09 23:23 - 2014-06-18 17:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-09 23:23 - 2014-06-18 17:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-09 23:23 - 2014-06-18 17:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-09 23:23 - 2014-06-18 17:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-09 23:23 - 2014-06-18 17:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-09 23:23 - 2014-06-18 17:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-09 23:23 - 2014-06-18 17:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-09 23:23 - 2014-06-18 17:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-09 23:23 - 2014-06-18 17:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-09 23:23 - 2014-06-16 17:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-09 23:23 - 2014-06-16 17:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-09 23:23 - 2014-06-06 09:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-09 23:23 - 2014-05-29 22:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-09 23:22 - 2014-06-06 08:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-09 23:22 - 2014-05-29 07:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-09 23:22 - 2014-05-29 02:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-09 23:22 - 2014-05-29 01:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-09 23:22 - 2014-05-29 01:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-09 23:22 - 2014-05-29 00:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-09 23:22 - 2014-05-29 00:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-09 23:21 - 2014-06-06 07:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-09 23:21 - 2014-05-31 05:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-09 23:21 - 2014-05-31 05:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-09 23:21 - 2014-05-30 22:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-09 23:21 - 2014-05-30 22:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-09 23:21 - 2014-05-30 22:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 23:21 - 2014-05-30 22:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-09 23:21 - 2014-05-30 22:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-09 23:21 - 2014-05-30 22:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 23:21 - 2014-05-30 21:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-09 23:21 - 2014-05-30 21:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-09 23:21 - 2014-05-30 21:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-09 23:21 - 2014-05-30 21:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-09 23:21 - 2014-05-30 21:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-09 23:21 - 2014-05-30 21:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-09 23:21 - 2014-05-30 21:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-06 21:43 - 2014-07-06 21:43 - 00839680 _____ () C:\Users\Maggie\Desktop\Flower thingy drawing.sai
2014-07-06 21:43 - 2014-07-06 21:43 - 00385024 _____ () C:\Users\Maggie\Desktop\Makoto Drawing trace.sai
2014-07-06 21:42 - 2014-07-12 21:54 - 01425408 _____ () C:\Users\Maggie\Desktop\Sarah Drawing.sai
2014-07-05 21:34 - 2014-07-05 21:34 - 00399317 _____ () C:\Users\Maggie\Downloads\FMtMvo5z.htm

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-02 16:35 - 2014-08-02 13:50 - 00016690 _____ () C:\Users\Maggie\Downloads\FRST.txt
2014-08-02 16:35 - 2013-10-10 19:25 - 00000000 ____D () C:\Users\Maggie\AppData\Roaming\uTorrent
2014-08-02 16:34 - 2014-08-02 13:50 - 00000000 ____D () C:\FRST
2014-08-02 16:34 - 2014-07-30 19:15 - 00275815 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-02 16:34 - 2014-06-19 14:48 - 00003918 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B561A3F8-4B12-4CC6-B44D-ED2E4803EDAD}
2014-08-02 16:32 - 2014-04-21 22:50 - 00000000 ____D () C:\Users\Maggie\AppData\Roaming\Skype
2014-08-02 16:32 - 2013-11-08 10:43 - 00000000 __RDO () C:\Users\Maggie\SkyDrive
2014-08-02 16:32 - 2013-10-21 11:20 - 00000000 ____D () C:\Users\Maggie\AppData\Roaming\Spotify
2014-08-02 16:30 - 2014-08-02 14:40 - 00013708 _____ () C:\zoek-results.log
2014-08-02 16:30 - 2013-11-08 00:27 - 00000000 ____D () C:\Users\Maggie
2014-08-02 16:25 - 2014-08-01 23:03 - 00005600 _____ () C:\WINDOWS\PFRO.log
2014-08-02 16:25 - 2014-07-22 15:13 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-08-02 16:25 - 2013-10-10 19:05 - 00000906 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-02 16:25 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-02 16:24 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-08-02 16:19 - 2014-08-02 14:36 - 00000000 ____D () C:\zoek_backup
2014-08-02 16:19 - 2013-08-22 10:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-08-02 16:19 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
2014-08-02 16:02 - 2014-08-02 16:22 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-08-02 16:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-08-02 15:41 - 2013-10-10 19:05 - 00000910 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-02 14:49 - 2014-08-02 16:04 - 00031440 _____ () C:\zoek-results2014-08-02-194944.log
2014-08-02 14:36 - 2014-08-02 14:36 - 04102729 _____ () C:\Users\Maggie\Downloads\zoek.zip
2014-08-02 14:36 - 2014-08-02 14:36 - 04102729 _____ () C:\Users\Maggie\Downloads\zoek (1).zip
2014-08-02 14:36 - 2014-08-02 14:36 - 01287168 _____ () C:\Users\Maggie\Downloads\zoek.exe
2014-08-02 14:01 - 2014-08-02 14:01 - 00045036 _____ () C:\Users\Maggie\Downloads\FRST 1.txt
2014-08-02 14:01 - 2014-08-02 13:52 - 00029811 _____ () C:\Users\Maggie\Downloads\Addition.txt
2014-08-02 13:50 - 2014-08-02 13:50 - 02094080 _____ (Farbar) C:\Users\Maggie\Downloads\FRST64.exe
2014-08-02 11:11 - 2013-10-10 18:19 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-346830145-1342133206-2450470605-1001
2014-08-02 10:53 - 2014-08-02 10:53 - 00032512 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2014-08-02 10:46 - 2014-08-02 10:46 - 00001784 _____ () C:\WINDOWS\system32\.crusader
2014-08-02 10:46 - 2014-08-02 10:36 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-02 10:36 - 2014-08-02 10:36 - 11188736 _____ (SurfRight B.V.) C:\Users\Maggie\Downloads\HitmanPro_x64.exe
2014-08-02 09:52 - 2014-08-01 21:48 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NSTx64
2014-08-02 01:49 - 2014-08-02 01:49 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Identity Safe
2014-08-02 00:01 - 2014-08-02 00:00 - 07281816 _____ () C:\Users\Maggie\Downloads\FinallyFast.setup.exe
2014-08-01 23:44 - 2014-08-01 23:41 - 00000000 ____D () C:\AdwCleaner
2014-08-01 23:39 - 2014-07-30 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2014-08-01 23:39 - 2014-07-30 17:08 - 00000000 ____D () C:\Program Files (x86)\Anvisoft
2014-08-01 23:38 - 2014-08-01 23:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-01 23:38 - 2013-10-10 19:44 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-01 23:37 - 2014-08-01 23:38 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-08-01 23:37 - 2014-08-01 23:38 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-08-01 23:37 - 2014-08-01 23:38 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-08-01 23:37 - 2014-08-01 23:38 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-08-01 23:37 - 2014-08-01 23:37 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-01 23:37 - 2014-08-01 22:59 - 00000000 ____D () C:\Users\Maggie\AppData\Local\NPE
2014-08-01 23:36 - 2014-08-01 23:36 - 00918952 _____ (Oracle Corporation) C:\Users\Maggie\Downloads\chromeinstall-7u65.exe
2014-08-01 23:30 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-08-01 23:26 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-08-01 23:16 - 2014-08-01 23:04 - 00000000 ____D () C:\NPE
2014-08-01 23:03 - 2012-07-26 03:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-08-01 23:00 - 2014-08-01 23:00 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton AntiVirus
2014-08-01 23:00 - 2014-08-01 21:48 - 00003218 _____ () C:\WINDOWS\System32\Tasks\Norton WSC Integration
2014-08-01 23:00 - 2014-08-01 21:46 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
2014-08-01 23:00 - 2014-08-01 21:46 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NAVx64
2014-08-01 23:00 - 2014-08-01 21:46 - 00000000 ____D () C:\ProgramData\Norton
2014-08-01 21:49 - 2014-08-01 21:49 - 00000000 ____D () C:\ProgramData\NCOTEMP
2014-08-01 21:48 - 2014-08-01 21:48 - 00177752 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2014-08-01 21:48 - 2014-08-01 21:48 - 00008222 _____ () C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2014-08-01 21:48 - 2014-08-01 21:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
2014-08-01 21:48 - 2014-08-01 21:48 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-08-01 21:48 - 2014-08-01 21:48 - 00000000 ____D () C:\Program Files (x86)\Norton Identity Safe
2014-08-01 21:46 - 2014-08-01 21:46 - 00000000 ____D () C:\Program Files (x86)\Norton AntiVirus
2014-08-01 21:45 - 2014-08-01 21:43 - 218966928 ____N (Symantec Corporation) C:\Users\Maggie\Downloads\NAV-TW-21.1.0-EN-US.exe
2014-07-31 10:01 - 2014-07-31 10:01 - 00152647 _____ () C:\Users\Maggie\Downloads\tchaikovsky_swan_lake_05_(c)lucarelli.mid
2014-07-30 17:40 - 2014-03-12 21:56 - 00000000 ____D () C:\Users\Maggie\AppData\Local\CrashDumps
2014-07-30 17:40 - 2013-11-08 02:20 - 00000000 ___DC () C:\WINDOWS\Panther
2014-07-30 17:40 - 2013-03-19 04:33 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-07-30 17:07 - 2014-07-30 17:06 - 16419032 _____ (Anvisoft) C:\Users\Maggie\Downloads\csbsetup.exe
2014-07-30 16:18 - 2013-10-26 19:33 - 00000000 ____D () C:\Users\Maggie\AppData\Local\Spotify
2014-07-30 14:23 - 2014-07-30 14:23 - 00284352 _____ () C:\WINDOWS\Minidump\073014-71890-01.dmp
2014-07-30 14:23 - 2013-11-14 14:58 - 00000000 ____D () C:\WINDOWS\Minidump
2014-07-25 18:13 - 2014-07-25 16:27 - 00002085 _____ () C:\Users\Maggie\Desktop\Toontown Infinite Test.lnk
2014-07-25 18:11 - 2014-07-25 18:11 - 33096964 _____ () C:\Users\Maggie\Downloads\ToontownInfinite_test (3).exe
2014-07-25 17:42 - 2014-07-25 17:42 - 33096964 _____ () C:\Users\Maggie\Downloads\ToontownInfinite_test (2).exe
2014-07-25 16:52 - 2014-07-25 16:52 - 33096964 _____ () C:\Users\Maggie\Downloads\ToontownInfinite_test (1).exe
2014-07-25 16:41 - 2014-07-25 16:41 - 00284352 _____ () C:\WINDOWS\Minidump\072514-95906-01.dmp
2014-07-25 16:27 - 2014-07-25 16:27 - 00000000 ____D () C:\Program Files (x86)\Toontown Infinite
2014-07-25 16:27 - 2014-07-25 16:26 - 33096964 _____ () C:\Users\Maggie\Downloads\ToontownInfinite_test.exe
2014-07-23 18:15 - 2014-07-23 18:15 - 00267144 _____ () C:\Users\Maggie\Downloads\H82T3iKs.htm
2014-07-23 15:27 - 2014-05-26 14:46 - 00000000 ____D () C:\Users\Maggie\Downloads\skype
2014-07-22 21:44 - 2014-07-22 21:44 - 00000269 _____ () C:\cleaner.bat
2014-07-22 21:44 - 2014-07-22 15:10 - 00000000 ____D () C:\Program Files (x86)\XZip
2014-07-22 21:40 - 2014-07-22 21:40 - 00284408 _____ () C:\WINDOWS\Minidump\072214-79406-01.dmp
2014-07-22 15:55 - 2014-07-22 15:55 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
2014-07-22 15:17 - 2014-07-22 15:17 - 00284296 _____ () C:\WINDOWS\Minidump\072214-91984-01.dmp
2014-07-22 15:16 - 2013-10-10 19:05 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-22 15:12 - 2014-07-22 15:12 - 01921872 _____ (Bandoo Media Inc) C:\Users\Maggie\Downloads\Unconfirmed 23174.crdownload
2014-07-22 15:12 - 2014-07-22 15:12 - 00000000 ____D () C:\Users\Maggie\AppData\Local\Comodo
2014-07-22 15:12 - 2014-07-22 15:12 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-07-22 15:12 - 2014-07-22 15:12 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-07-22 15:12 - 2014-07-22 15:12 - 00000000 ____D () C:\Users\Guest
2014-07-22 15:12 - 2014-07-22 15:12 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-22 15:12 - 2014-07-22 15:12 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-07-22 15:12 - 2014-07-22 15:12 - 00000000 ____D () C:\Users\Administrator
2014-07-22 15:12 - 2013-10-10 19:05 - 00000000 ____D () C:\Users\Maggie\AppData\Local\Google
2014-07-22 15:10 - 2014-07-22 15:10 - 00405768 _____ (Company limited) C:\Users\Maggie\Downloads\XZipInst.exe
2014-07-22 15:06 - 2014-07-22 15:05 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Maggie\Downloads\SpyHunter-Installer.exe
2014-07-22 11:54 - 2014-07-22 11:54 - 00288720 _____ () C:\WINDOWS\Minidump\072214-82812-01.dmp
2014-07-22 11:51 - 2014-02-23 14:41 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-07-22 11:51 - 2014-02-23 14:40 - 00000000 ____D () C:\ProgramData\TechSmith
2014-07-21 18:16 - 2014-07-21 18:16 - 00011178 _____ () C:\Users\Maggie\Downloads\James Vincent McMorrow - Gold (live on triple j).aup
2014-07-21 18:16 - 2014-07-21 18:16 - 00000000 ____D () C:\Users\Maggie\Downloads\James Vincent McMorrow - Gold (live on triple j)_data
2014-07-21 18:16 - 2013-10-16 20:05 - 00000000 ____D () C:\Users\Maggie\AppData\Roaming\Audacity
2014-07-21 16:40 - 2014-07-21 16:40 - 31584262 _____ () C:\Users\Maggie\Documents\Gold (Live) - James Vincent Mcmorrow.wav
2014-07-16 00:31 - 2014-07-16 00:31 - 00000000 ____D () C:\Users\Maggie\Downloads\tumblr
2014-07-15 23:04 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-12 21:59 - 2013-08-22 09:44 - 00335784 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-12 21:55 - 2014-07-12 21:55 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-12 21:55 - 2013-09-29 22:51 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-12 21:55 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-12 21:55 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 21:55 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 21:55 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-12 21:54 - 2014-07-06 21:42 - 01425408 _____ () C:\Users\Maggie\Desktop\Sarah Drawing.sai
2014-07-10 20:38 - 2013-10-10 18:09 - 00000000 ____D () C:\Users\Maggie\AppData\Local\Packages
2014-07-10 20:35 - 2014-07-10 20:35 - 16619550 _____ () C:\Users\Maggie\Downloads\Free! - lets take off the swimsuit in the bath [MakoHaru] (eng) (1).rar
2014-07-10 20:33 - 2014-07-10 20:33 - 16619550 _____ () C:\Users\Maggie\Downloads\Free! - lets take off the swimsuit in the bath [MakoHaru] (eng).rar
2014-07-10 17:34 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-10 17:32 - 2013-10-13 10:45 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-10 17:26 - 2013-10-13 10:45 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-06 21:43 - 2014-07-06 21:43 - 00839680 _____ () C:\Users\Maggie\Desktop\Flower thingy drawing.sai
2014-07-06 21:43 - 2014-07-06 21:43 - 00385024 _____ () C:\Users\Maggie\Desktop\Makoto Drawing trace.sai
2014-07-05 21:34 - 2014-07-05 21:34 - 00399317 _____ () C:\Users\Maggie\Downloads\FMtMvo5z.htm

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe

Some content of TEMP:
====================
C:\Users\Maggie\AppData\Local\Temp\EAD50C7.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-08-02 11:11

==================== End Of Log ============================

here is the addition txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-08-2014
Ran by Maggie at 2014-08-02 16:36:11
Running from C:\Users\Maggie\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton AntiVirus (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton AntiVirus (Disabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32126 - BitTorrent Inc.)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
AMR Player 1.3 (HKLM-x32\...\{2F881B56-CBDF-4EC6-A8D2-6412A879C66A}_is1) (Version: - www.amrplayer.com)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Combined Community Codec Pack 2013-10-17 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2013.10.17.0 - CCCP Project)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
EA Download Manager (HKLM-x32\...\EADM) (Version: 5.0.0.255 - Electronic Arts, Inc.)
File Association Helper (HKLM\...\{C168639F-5810-4EC8-B1E8-0251AA8A771C}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{A535111D-95C8-487F-869E-CE4C239972D2}) (Version: 11.1.1.11 - Apple Inc.)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
MapleStory (HKLM-x32\...\MapleStory) (Version: - )
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version: - )
Norton AntiVirus (HKLM-x32\...\NAV) (Version: 21.4.0.13 - Symantec Corporation)
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.6.0.27 - Symantec Corporation)
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6754 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.9200.27030 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.2 - Synaptics Incorporated)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

30-07-2014 03:15:15 Scheduled Checkpoint
02-08-2014 04:26:52 Norton_Power_Eraser_20140801232651278

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {03EA5D88-066D-4EEF-9A2F-86F1C5825476} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {142FF7E3-CBFC-4C27-BF22-6C7B31A731C6} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {3034D41F-B92F-4E82-A44E-8B23ADA74DCC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3AF9BD94-D80D-4C23-BE46-521A669B483C} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {43DE81C6-85AF-44E7-AFF8-82FDF9CA8A3D} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {507DE2CF-01A5-49B7-85D7-8B7440E64AB5} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-11] (Oracle Corporation)
Task: {551FA52E-CDEB-4EE2-9F9F-2C375DC9A088} - System32\Tasks\Microsoft\Windows\Maintenance\Hyper - Browser Update => %LOCALAPPDATA%\Hyper - Browser\Hyper - Browser.exe <==== ATTENTION
Task: {57B9D121-174E-4439-914F-D3D396DBDAEB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6063AC0B-7801-4B6B-988A-B9DE5FC4C8E7} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6D6C6627-F2C3-4CCC-BA3E-FA65B5A202BF} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7BE3833D-EDA4-4C27-B57A-6E002803F35B} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-20] (Synaptics Incorporated)
Task: {7D77168D-C385-4573-B7D8-970A834D1E61} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8C17104F-026C-46A7-9BE6-10D721D7544F} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton AntiVirus\Engine\21.4.0.13\WSCStub.exe [2014-06-26] (Symantec Corporation)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {99B6DC90-E125-4034-AD1A-E12CB3DF7E8F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {9F504752-18A7-45D7-9348-10A214D64818} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A256E145-60F9-4B37-A779-7E5FD07BEEFE} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-16] (Adobe Systems Incorporated)
Task: {BFAE0890-BCD7-4F5D-8B01-4E7679F53223} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-10] (Microsoft Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F8C18339-F43E-4130-814F-570C4E2A73A5} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {FEDD5772-77E8-41DB-AA14-CBAA45E6438B} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-10-01 14:02 - 2013-10-01 14:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-10-26 19:33 - 2014-07-22 11:58 - 00601144 _____ () C:\Users\Maggie\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-03-19 04:36 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-10-26 19:33 - 2014-07-22 11:58 - 36966968 _____ () C:\Users\Maggie\AppData\Roaming\Spotify\Data\libcef.dll
2014-07-22 11:58 - 2014-07-22 11:58 - 00867896 _____ () C:\Users\Maggie\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
2013-10-26 19:33 - 2014-07-22 11:58 - 00886840 _____ () C:\Users\Maggie\AppData\Roaming\Spotify\Data\libglesv2.dll
2013-10-26 19:33 - 2014-07-22 11:58 - 00108600 _____ () C:\Users\Maggie\AppData\Roaming\Spotify\Data\libegl.dll
2014-07-21 12:57 - 2014-07-15 04:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-21 12:57 - 2014-07-15 04:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-21 12:57 - 2014-07-15 04:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-21 12:57 - 2014-07-15 04:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-21 12:57 - 2014-07-15 04:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-07-21 12:57 - 2014-07-15 04:24 - 14664008 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Maggie\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "ACMON"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "PCFixSpeed"
HKCU\...\StartupApproved\Run: => "SearchProtection"
HKCU\...\StartupApproved\Run: => "SearchProtect"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/02/2014 02:33:18 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (08/02/2014 02:33:17 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (08/02/2014 02:33:17 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (08/02/2014 10:53:58 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (08/02/2014 10:46:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 36.0.1985.125, time stamp: 0x53c4dbee
Faulting module name: chrome.dll, version: 36.0.1985.125, time stamp: 0x53c4d8ad
Exception code: 0xc0000005
Fault offset: 0x00126606
Faulting process id: 0x288
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5

Error: (08/01/2014 10:33:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17031 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1518

Start Time: 01cfae01762d0637

Termination Time: 4294967295

Application Path: C:\WINDOWS\syswow64\wwahost.exe

Report Id: c87d2252-19f5-11e4-bea0-74d02b451ec0

Faulting package full name: Microsoft.SkypeApp_3.0.0.1002_x86__kzf8qxf38zg5c

Faulting package-relative application ID: App

Error: (08/01/2014 10:22:46 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (07/30/2014 05:28:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20498 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 9d0

Start Time: 01cfac44df25dd21

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: d40462f5-1838-11e4-bea0-74d02b451ec0

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (07/28/2014 10:13:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ENDER)
Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/28/2014 05:34:43 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

System errors:
=============
Error: (08/02/2014 04:29:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (08/02/2014 04:25:54 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (08/02/2014 04:25:52 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (08/02/2014 04:24:18 PM) (Source: DCOM) (EventID: 10010) (User: ENDER)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (08/02/2014 04:19:18 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (08/02/2014 04:19:11 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (08/02/2014 04:19:11 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (08/02/2014 04:19:10 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (08/02/2014 04:19:09 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (08/02/2014 04:19:09 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Microsoft Office Sessions:
=========================
Error: (08/02/2014 02:33:18 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Maggie\Downloads\SoftonicDownloader_for_painttool-sai.exe

Error: (08/02/2014 02:33:17 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Maggie\Downloads\SoftonicDownloader_for_painttool-sai (1).exe

Error: (08/02/2014 02:33:17 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Maggie\Downloads\SoftonicDownloader_for_painttool-sai (2).exe

Error: (08/02/2014 10:53:58 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: -2147024883

Error: (08/02/2014 10:46:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe36.0.1985.12553c4dbeechrome.dll36.0.1985.12553c4d8adc00000050012660628801cfae0dbd38e639C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\chrome.dll1f27054c-1a5c-11e4-bea3-74d02b451ec0

Error: (08/01/2014 10:33:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.17031151801cfae01762d06374294967295C:\WINDOWS\syswow64\wwahost.exec87d2252-19f5-11e4-bea0-74d02b451ec0Microsoft.SkypeApp_3.0.0.1002_x86__kzf8qxf38zg5cApp

Error: (08/01/2014 10:22:46 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (07/30/2014 05:28:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.204989d001cfac44df25dd214294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exed40462f5-1838-11e4-bea0-74d02b451ec0microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (07/28/2014 10:13:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ENDER)
Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141

Error: (07/28/2014 05:34:43 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

CodeIntegrity Errors:
===================================
Date: 2014-07-25 16:43:23.571
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-07-25 16:43:23.415
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-07-25 16:41:35.631
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

Date: 2014-07-25 16:41:35.490
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.

Date: 2014-07-23 14:54:59.720
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

Date: 2014-07-23 14:54:59.504
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.

Date: 2014-07-22 21:41:49.828
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-07-22 21:41:49.641
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-07-22 21:40:18.940
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

Date: 2014-07-22 21:40:18.862
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.

==================== Memory info ===========================

Percentage of memory in use: 47%
Total physical RAM: 3981.65 MB
Available physical RAM: 2085.7 MB
Total Pagefile: 8077.65 MB
Available Pagefile: 6028.4 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:444.11 GB) (Free:359.84 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 04A53D1B)

Partition: GPT Partition Type.

==================== End Of Log ============================

TwinHeadedEagle · Aug 2, 2014

Okay, last fix. Tell me how is your PC now?

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

Right-click on

icon and select

Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

pinkfxy · Aug 3, 2014

From what I can tell, it looks like Cosstminn is all gone from my computer!

here is my report, thank you so so much!

---

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-08-2014
Ran by Maggie at 2014-08-03 11:06:44 Run:1
Running from C:\Users\Maggie\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [fst_us_171] => [X]
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
URLSearchHook: HKLM-x32 - (No Name) - {93ec97bf-fe43-4bca-a735-5c5d6a0a40c4} - No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
C:\ProgramData\SetStretch.exe
C:\Users\Maggie\AppData\Local\Temp\EAD50C7.exe
Task: {551FA52E-CDEB-4EE2-9F9F-2C375DC9A088} - System32\Tasks\Microsoft\Windows\Maintenance\Hyper - Browser Update => %LOCALAPPDATA%\Hyper - Browser\Hyper - Browser.exe <==== ATTENTION
AlternateDataStreams: C:\Users\Maggie\SkyDrive:ms-properties
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\fst_us_171 => value deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SkyDrive1" => Key not found.
"HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SkyDrive2" => Key not found.
"HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SkyDrive3" => Key not found.
"HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}" => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SkyDrive1" => Key not found.
"HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SkyDrive2" => Key not found.
"HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SkyDrive3" => Key not found.
"HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}" => Key not found.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{93ec97bf-fe43-4bca-a735-5c5d6a0a40c4} => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
gupdate => Service deleted successfully.
gupdatem => Service deleted successfully.
EagleX64 => Service deleted successfully.
C:\ProgramData\SetStretch.exe => Moved successfully.
C:\Users\Maggie\AppData\Local\Temp\EAD50C7.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{551FA52E-CDEB-4EE2-9F9F-2C375DC9A088}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{551FA52E-CDEB-4EE2-9F9F-2C375DC9A088}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\Hyper - Browser Update => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\Hyper - Browser Update" => Key deleted successfully.
"C:\Users\Maggie\SkyDrive" => ":ms-properties" ADS not found.

==== End of Fixlog ====

TwinHeadedEagle · Aug 3, 2014

Then we're done here

Below you will find my thoughts about securing your machine. Go ahead through it, you will benefit from some useful advice about safe computing.

Recommended reading:

MUST READ - security tips: Computer Security - a short guide to staying safer online. Simple and easy ways to keep your computer safe and secure on the Internet

MUST READ - general maintenance: What to do if your Computer is running slowly?

Recommended additional software:

TFC - to clean unneeded temporary files.

Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.

Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.

McShield - to prevent infections spread by removable media.

CryptoPrevent - to secure yourself from very severe CryptoLocker infection.

Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.

• The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;

Remove disinfection tools

Create registry backup

Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

My help is free for everybody.
If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation:

Thank you!

Stay safe,
TwinHeadedEagle

TwinHeadedEagle · Aug 3, 2014

Since this issue appears to be resolved, I am closing the topic. If that is not the case and you need or wish to continue with this topic, please contact me or any staff member with the address of the thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Search

Cosstminn infected my computer

pinkfxy

New Member

Attachments

TwinHeadedEagle

Level 41

pinkfxy

New Member

TwinHeadedEagle

Level 41

pinkfxy

New Member

TwinHeadedEagle

Level 41

Attachments

pinkfxy

New Member

TwinHeadedEagle

Level 41

TwinHeadedEagle

Level 41

Similar threads