Good old us.yhs4.search.yahoo.com won't go away

[Rhi-Chi]

I've tried everything and I'm at my wits end. It came along with a photofiltre program I tried to download to my new computer after having used it on previous computers. Right after that, the yahoo looksafe page kept popping up in place of all my chrome url searchs.

 

[TwinHeadedEagle]

Hello,



They call me TwinHeadedEagle around here, and I'll be working with you.



Before we start please read and note the following:

• At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
• Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
• Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
• Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  
• All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
• If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
• I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
• Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  
• Please attach all report using
  
  button below. Doing this, you make it easier for me to analyze and fix your problem.
  
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:
  

  createsrpoint;
  gpt.ini;z 
  C:\Windows\System32\GroupPolicy;v
  C:\Windows\SysWOW64\GroupPolicy;v
  process;
  services-list;
  systemspecs;
  startupall;
  skipfix-iedefaults;
  firefoxlook;
  chromelook;
  filesrcm;
  installedprogs;

• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

 

[Rhi-Chi]

Thank you for your reply. Since I've posted this I've tried numerous times to see if it would pop up again but the safesearch has not appeared since. Would it be okay if you kept the thread open for a day or two more just incase? I'm cautiously optimistic that maybe adwcleaner or one of the others finally took full effect.

 

[TwinHeadedEagle]

Yes, let me know if it happens again

 

[Rhi-Chi]

Well it started happening again, so I will do what you tell me to. I'm letting the ZOEK run.

 

[Rhi-Chi]

The Zoek scan has been going on for 5 hours. Is this normal?

 

[TwinHeadedEagle]

No, this is not normal. Have you disabled your antivirus?

 

[Rhi-Chi]

Yes I only have AVG and I disabled everything. It still just says "checking input"

 

[TwinHeadedEagle]

Can you try again?

 

[Rhi-Chi]

I'm trying it again, and it seems to be working correctly this time.

 

[Rhi-Chi]

Zoek.exe v5.0.0.0 Updated 11-August-2014
Tool run by Rhiannon on Tue 08/12/2014 at 10:17:59.75.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Rhiannon\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-08-12-002333.log 397 bytes

==== System Restore Info ======================

8/12/2014 10:18:59 AM Zoek.exe System Restore Point Created Succesfully.

==== Installed Programs ======================

æTorrent
7-Zip 9.20 (x64 edition)
Adobe Reader XI (11.0.07)
Alcor Micro USB Card Reader Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2014
BattleBlock Theater
Bonjour
CCleaner
CyberLink LabelPrint
CyberLink Power2Go 8
CyberLink PowerDirector 10
CyberLink PowerDVD 12
D3DX10
Dropbox
Google Chrome
Google Update Helper
Hewlett-Packard ACLM.NET v1.2.2.3
HitmanPro 3.7
HP Customer Experience Enhancements
HP Documentation
HP Postscript Converter
HP Registration Service
HP SimplePass
HP Support Assistant
HP Support Information
IDT Audio
Inst5675
Inst5676
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intelr Trusted Connect Service Client
iTunes
Java 7 Update 67
Java 7 Update 67 (64-bit)
Java Auto Updater
Malwarebytes Anti-Malware version 2.0.2.1012
MapleStory
Microsoft Application Error Reporting
Microsoft Office
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
Movie Maker
MSVCRT
MSVCRT110
MSVCRT110_amd64
Nexon Game Manager
Origin
Peggle
Photo Common
Photo Gallery
Ralink RT3290 802.11bgn Wi-Fi Adapter
Realtek Card Reader
Recovery Manager
SkypeT 6.16
Steam
Team Fortress 2
The Elder Scrolls V: Skyrim
The SimsT 3
The SimsT 3 Generations
The SimsT 3 High-End Loft Stuff
The SimsT 3 Late Night
Unturned
VideoPad Video Editor
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
Webroot SecureAnywhere
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Ys Origin

==== Running Processes ======================

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
C:\ProgramData\Avg_Update_0614a\AVG-Secure-Search-Update_0614a.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\windows\SysWOW64\ctfmon.exe
c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Users\Rhiannon\Downloads\zoek.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\SysWOW64\cmd.exe

==== Services (whitelist) ======================
Powered by E Dev

R2 - [AdobeARMservice] - Adobe Acrobat Update Service - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
R2 - [Apple Mobile Device] - Apple Mobile Device - "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
R2 - [avgwd] - AVG WatchDog - "C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe"
R2 - [Bonjour Service] - Bonjour Service - "C:\Program Files\Bonjour\mDNSResponder.exe"
R2 - [Cachedrv server] - HP SimplePass Cachedrv Service - "C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe"
R2 - [HitmanProScheduler] - HitmanPro Scheduler - C:\Program Files\HitmanPro\hmpsched.exe
R2 - [HP Support Assistant Service] - HP Support Assistant Service - "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
R2 - [Intel(R) Capability Licensing Service Interface] - Intel(R) Capability Licensing Service Interface - "c:\Program Files\Intel\iCLS Client\HeciServer.exe"
R2 - [Intel(R) ME Service] - Intel(R) ME Service - "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
R2 - [jhi_service] - Intel(R) Dynamic Application Loader Host Interface Service - "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
R2 - [LMS] - Intel(R) Management and Security Application Local Management Service - "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
R2 - [omniserv] - HP SimplePass Service - C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
R2 - [sppsvc] - Software Protection - C:\windows\system32\sppsvc.exe
R2 - [STacSV] - Audio Service - C:\Program Files\IDT\WDM\STacSV64.exe
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe"
R2 - [WSearch] - Windows Search - C:\windows\system32\SearchIndexer.exe /Embedding
R3 - [iPod Service] - iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
R3 - [VSS] - Volume Shadow Copy - C:\windows\system32\vssvc.exe
S2 - [0187791403411434mcinstcleanup] - McAfee Application Installer Cleanup (0187791403411434) - C:\windows\TEMP\018779~1.EXE -cleanup -nolog
S2 - [AVGIDSAgent] - AVGIDSAgent - "C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe"
S2 - [gupdate] - Google Update Service (gupdate) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
S2 - [SkypeUpdate] - Skype Updater - "C:\Program Files (x86)\Skype\Updater\Updater.exe"
S2 - [WRSVC] - WRSVC - "C:\Program Files\Webroot\WRSA.exe" -service
S3 - [ALG] - Application Layer Gateway Service - C:\windows\System32\alg.exe
S3 - [aspnet_state] - ASP.NET State Service - C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S3 - [COMSysApp] - COM+ System Application - C:\windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 - [cphs] - Intel(R) Content Protection HECI Service - C:\windows\SysWow64\IntelCpHeciSvc.exe
S3 - [Fax] - Fax - C:\windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
S3 - [gupdatem] - Google Update Service (gupdatem) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc
S3 - [hpqwmiex] - HP Software Framework Service - "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
S3 - [ICCS] - Intel(R) Integrated Clock Controller Service - Intel(R) ICCS - "C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe"
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - C:\windows\system32\IEEtwCollector.exe /V
S3 - [Intel(R) Capability Licensing Service TCP IP Interface] - Intel(R) Capability Licensing Service TCP IP Interface - "c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe"
S3 - [MSDTC] - Distributed Transaction Coordinator - C:\windows\System32\msdtc.exe
S3 - [msiserver] - Windows Installer - C:\windows\system32\msiexec.exe /V
S3 - [PerfHost] - Performance Counter DLL Host - C:\windows\SysWow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - C:\windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - C:\windows\System32\snmptrap.exe
S3 - [Steam Client Service] - Steam Client Service - "C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
S3 - [TrustedInstaller] - Windows Modules Installer - C:\windows\servicing\TrustedInstaller.exe
S3 - [vds] - Virtual Disk - C:\windows\System32\vds.exe
S3 - [wbengine] - Block Level Backup Engine Service - "C:\windows\system32\wbengine.exe"
S3 - [WdNisSvc] - Windows Defender Network Inspection Service - "C:\Program Files\Windows Defender\NisSrv.exe"
S3 - [WinDefend] - Windows Defender Service - "C:\Program Files\Windows Defender\MsMpEng.exe"
S3 - [wmiApSrv] - WMI Performance Adapter - C:\windows\system32\wbem\WmiApSrv.exe

==== Folders Found ======================


==== Files Found ======================


==== System Specs ======================

Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 12194 MB
CPU Info: Intel(R) Core(TM) i5-4440 CPU @ 3.10GHz
CPU Speed: 3093.4 MHz
Sound Card: Speakers / Headphones (IDT High |
Display Adapters: Intel(R) HD Graphics 4600 | Intel(R) HD Graphics 4600 | Intel(R) HD Graphics 4600
Monitors: 1x; HP S2031 Series Wide LCD Monitor |
Screen Resolution: 1600 X 900 - 32 bit
Network: Network Present
Network Adapters: Microsoft Wi-Fi Direct Virtual Adapter | Realtek PCIe GBE Family Controller | Ralink RT3290 802.11bgn Wi-Fi Adapter
CD / DVD Drives: 1x (E: | ) E: hp DVD-RAM GHB0N
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C: 1846.4GB | D: 15.1GB
Hard Disks - Free: C: 1690.8GB | D: 1.8GB
Manufacturer *: AMI
BIOS Info: AT/AT COMPATIBLE | | HPQOEM - 1072009
Time Zone: Eastern Standard Time
Motherboard *: Hewlett-Packard 2AF7
Country: United States
Language: ENU

==== System Specs (Software) ======================

Anti-Virus: Webroot SecureAnywhere On-access scanning disabled (Outdated)
Anti-Virus: AVG AntiVirus Free Edition 2014 On-access scanning disabled (Outdated)
Anti-Spyware: Webroot SecureAnywhere disabled (Outdated)
Anti-Spyware: AVG AntiVirus Free Edition 2014 disabled (Outdated)
Default Browser: Google Chrome 36.0.1985.125
Internet Explorer Version: 11.0.9600.17207
Google Chrome version: 36.0.1985.125
Adobe Reader version: 11.0.07.79
Sun Java version: 1.7.0_67 (32-bit)
Sun Java version: 1.7.0_67 (64-bit)

==== Files Recently Created / Modified ======================

====== C:\windows ====
====== C:\Users\Rhiannon\AppData\Local\Temp ====
====== Java Cache =====
====== C:\windows\SysWOW64 =====
2014-08-09 05:31:44 07EF2978A5BC36720378F95566697FD8 272808 ----a-w- C:\windows\SysWOW64\javaws.exe
2014-08-09 05:31:40 3BDEB17FE6390BFF1BF3A2D964DE8E48 175528 ----a-w- C:\windows\SysWOW64\javaw.exe
2014-08-09 05:31:40 11FD45A41DF45298686ED39062AABE2A 175528 ----a-w- C:\windows\SysWOW64\java.exe
2014-08-09 05:31:40 0F70F4DAF2BC5613EE75C9B2585CE67E 98216 ----a-w- C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-05 22:45:18 0DC5AF80D059DEC792B665ED598C6567 536576 ----a-w- C:\windows\SysWOW64\sqlite3.dll
====== C:\windows\SysWOW64\drivers =====
====== C:\windows\Sysnative =====
2014-08-09 05:33:31 1E4B49F0261DFE0554ADC597F531E2C6 319912 ----a-w- C:\windows\Sysnative\javaws.exe
2014-08-09 05:33:27 F5853E27E18E47E4A0F1F69F068B5AEC 111016 ----a-w- C:\windows\Sysnative\WindowsAccessBridge-64.dll
2014-08-09 05:33:27 EC335EBD1AD1B3D252F9485DFE9AA6A7 189352 ----a-w- C:\windows\Sysnative\javaw.exe
2014-08-09 05:33:27 881430C055BAD0233EF9014C12AC629A 189352 ----a-w- C:\windows\Sysnative\java.exe
2014-08-09 03:35:11 C1B61EA6B362BF4B41F1D4D6204DBF85 1870 ----a-w- C:\windows\Sysnative\.crusader
====== C:\windows\Sysnative\drivers =====
2014-08-05 22:46:01 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-08-05 22:45:51 F92B0E478C0FAA6D6661E6E977247E60 25816 ----a-w- C:\windows\Sysnative\drivers\mbam.sys
2014-08-05 22:45:51 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 ----a-w- C:\windows\Sysnative\drivers\mbamchameleon.sys
2014-08-05 22:45:51 0664F6335F108F38FE08C3CA747311EE 64216 ----a-w- C:\windows\Sysnative\drivers\mwac.sys
2014-08-02 06:35:10 8E98D21EE06192492A5671A6144D092F 33240 ----a-w- C:\windows\Sysnative\drivers\GEARAspiWDM.sys
====== C:\windows\Tasks ======
2014-08-09 17:02:58 F9530EF382675DAE1F7D10C0C23E6DB1 3888 ----a-w- C:\windows\Sysnative\Tasks\GoogleUpdateTaskMachineUA
2014-08-09 17:02:58 A85721A0D8D4A59DA528EE4E80C587F5 916 ----a-w- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-09 17:02:57 72621CB3C8A3061876BC7F7C8E7897A7 912 ----a-w- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-09 17:02:57 2AD794F297C69C98EF4DD43CD42B12F5 3652 ----a-w- C:\windows\Sysnative\Tasks\GoogleUpdateTaskMachineCore
2014-08-02 06:33:54 -------- d-----w- C:\windows\Sysnative\Tasks\Apple
====== C:\windows\Temp ======
======= C:\Program Files =====
2014-08-09 05:42:02 -------- d-----w- C:\Program Files\iPod
2014-08-09 05:42:01 -------- d-----w- C:\Program Files\iTunes
2014-08-09 05:33:23 -------- d-----w- C:\Program Files\Java
2014-08-09 03:29:55 -------- d-----w- C:\Program Files\HitmanPro
2014-08-02 06:33:45 -------- d-----w- C:\Program Files\Common Files\Apple
======= C:\PROGRA~2 =====
2014-08-09 05:42:01 -------- d-----w- C:\PROGRA~2\iTunes
2014-08-09 05:31:45 -------- d-----w- C:\PROGRA~2\COMMON~1\Java
2014-08-09 05:31:36 -------- d-----w- C:\PROGRA~2\Java
2014-08-09 04:20:23 -------- d-----w- C:\PROGRA~2\AVG
2014-08-09 04:02:38 -------- d-----w- C:\PROGRA~2\COMMON~1\Adobe
2014-08-09 04:02:38 -------- d-----w- C:\PROGRA~2\Adobe
2014-08-02 06:33:52 -------- d-----w- C:\PROGRA~2\Apple Software Update
2014-08-02 06:33:37 -------- d-----w- C:\PROGRA~2\COMMON~1\Apple
======= C: =====
====== C:\Users\Rhiannon\AppData\Roaming ======
2014-08-09 19:38:40 -------- d-----w- C:\Users\Rhiannon\AppData\Locallow\Adobe
2014-08-09 19:38:40 -------- d-----w- C:\Users\Rhiannon\AppData\Local\Adobe
2014-08-09 17:01:45 -------- d-sh--w- C:\Users\Rhiannon\AppData\Local\EmieUserList
2014-08-09 17:01:45 -------- d-sh--w- C:\Users\Rhiannon\AppData\Local\EmieSiteList
2014-08-09 04:21:11 -------- d-----w- C:\Users\Rhiannon\AppData\Roaming\AVG2014
2014-08-09 04:21:00 -------- d-----w- C:\windows\sysWoW64\config\systemprofile\AppData\Roaming\AVG2014
2014-08-09 04:20:47 -------- d-----w- C:\windows\sysWoW64\config\systemprofile\AppData\Local\Avg2014
2014-08-09 04:20:47 -------- d-----w- C:\Users\Rhiannon\AppData\Roaming\TuneUp Software
2014-08-09 04:20:23 -------- d-----w- C:\windows\SysNative\config\systemprofile\AppData\Local\Avg2014
2014-08-09 04:10:36 -------- d-----w- C:\Users\Rhiannon\AppData\Local\Avg2014
2014-08-09 01:33:48 -------- d-----w- C:\Users\Rhiannon\AppData\Local\Skyrim
2014-08-05 22:45:35 -------- d-----w- C:\Users\Rhiannon\AppData\Local\Programs
2014-08-03 02:05:46 -------- d-----w- C:\Users\Nancy\AppData\Roaming\Apple Computer
2014-08-02 06:35:14 -------- d-----w- C:\Users\Rhiannon\AppData\Roaming\Apple Computer
2014-08-02 06:35:14 -------- d-----w- C:\Users\Rhiannon\AppData\Local\Apple Computer
2014-08-02 06:33:53 -------- d-----w- C:\Users\Rhiannon\AppData\Local\Apple
2014-08-02 06:33:49 -------- d-----w- C:\windows\sysWoW64\config\systemprofile\AppData\Roaming\Apple Computer
2014-07-27 04:40:51 -------- d-----w- C:\Users\Rhiannon\AppData\Local\Windows Live
2014-07-27 04:13:07 -------- d-----w- C:\Users\Rhiannon\AppData\Roaming\uTorrent
2014-07-27 03:17:00 -------- d-----w- C:\Users\Rhiannon\AppData\Local\MediaShow
2014-07-27 03:16:21 -------- d-----w- C:\Users\Rhiannon\AppData\Roaming\CyberLink
2014-07-27 03:15:07 -------- d-----w- C:\Users\Rhiannon\AppData\Local\CyberLink
2014-07-22 04:48:01 -------- d-----w- C:\Users\Rhiannon\AppData\Roaming\DropboxMaster
2014-07-22 04:47:54 -------- d-----w- C:\Users\Rhiannon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-22 04:47:12 -------- d-----w- C:\Users\Rhiannon\AppData\Roaming\Dropbox
2014-07-14 14:23:42 -------- d-----w- C:\windows\SysNative\config\systemprofile\AppData\Local\CrashDumps
====== C:\Users\Rhiannon ======
2014-08-12 14:12:32 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
2014-08-09 17:04:59 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-09 05:42:23 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-09 05:42:01 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-09 05:31:40 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-09 05:30:10 7DCDAC68A564E26D251E162F06470E43 270848 ----a-w- C:\Users\Rhiannon\Downloads\Ninite 7Zip AVG Chrome Java Reader Skype Installer (1).exe
2014-08-09 05:29:40 94C7569086C6EB4374869ABC073A4F0F 270848 ----a-w- C:\Users\Rhiannon\Downloads\Ninite 7Zip AVG Chrome Java Reader Skype Installer.exe
2014-08-09 04:20:47 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-08-09 04:20:28 -------- d-----w- C:\ProgramData\AVG2014
2014-08-09 04:10:36 -------- d--h--w- C:\ProgramData\Common Files
2014-08-09 04:02:26 -------- d-----w- C:\ProgramData\Adobe
2014-08-09 03:57:04 F2B2D4280492E9375B1BC7FDC5D4E634 2094080 ----a-w- C:\Users\Rhiannon\Downloads\FRST64.exe
2014-08-09 03:29:55 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-08-09 03:29:23 -------- d-----w- C:\ProgramData\HitmanPro
2014-08-09 03:28:27 0C20503483D6FBAF0DF97D7043BB5583 11188736 ----a-w- C:\Users\Rhiannon\Downloads\HitmanPro_x64.exe
2014-08-09 02:19:58 9D46D72131D0E36A79D4819F08EA0E0B 1366203 ----a-w- C:\Users\Rhiannon\Desktop\adwcleaner_3.304.exe
2014-08-02 06:34:50 -------- d-----w- C:\ProgramData\Apple Computer

====== C: exe-files ==
2014-08-12 03:43:22 C9D9EEBCCEF20D637F193490CEC05E79 10274136 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Unturned\_CommonRedist\vcredist\2010\vcredist_x64.exe
2014-08-12 03:43:22 C234CA5724D1850BA11E39C783026494 11538432 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
2014-08-12 03:43:22 1801436936E64598BAB5B87B37DC7F87 8990552 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Unturned\_CommonRedist\vcredist\2010\vcredist_x86.exe
2014-08-10 13:13:40 ECD1C0E725C330B68C4B65BEA173965A 7127664 ----a-w- C:\Program Files (x86)\AVG\AVG2014\Notification\Launcher.exe
2014-08-09 17:04:48 5CA3B9DB1F03E19C4EAD46A7322D1D3F 39749712 ----a-w- C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\36.0.1985.125\36.0.1985.125_chrome_installer.exe
2014-08-09 17:02:57 AC6998D92A311E7CF0B4DAEC3566F444 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleUpdateBroker.exe
2014-08-09 17:02:57 956672375AF066D958E4D07F5ABAFC1A 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe
2014-08-09 17:02:57 901AC7A94B75648F4084A37640473271 895120 ----a-w- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleUpdateSetup.exe
2014-08-09 17:02:56 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
2014-08-09 17:02:52 AA0E4F73727BFC8BA404884B1C1DB719 285064 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
2014-08-09 17:02:52 80E350E0AA963B2125896B13E60A4D68 114568 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleUpdateComRegisterShell64.exe
2014-08-09 17:02:52 397D14958D6C9C2B365469A857B2AC4E 230792 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
2014-08-09 17:02:51 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleUpdate.exe
2014-08-09 05:33:31 1E4B49F0261DFE0554ADC597F531E2C6 319912 ----a-w- C:\Windows\System32\javaws.exe
2014-08-09 05:33:27 EC335EBD1AD1B3D252F9485DFE9AA6A7 189352 ----a-w- C:\Windows\System32\javaw.exe
2014-08-09 05:33:27 881430C055BAD0233EF9014C12AC629A 189352 ----a-w- C:\Windows\System32\java.exe
2014-08-09 05:33:24 EC335EBD1AD1B3D252F9485DFE9AA6A7 189352 ----a-w- C:\Program Files\Java\jre7\bin\javaw.exe
2014-08-09 05:33:24 E6FCADBE898BDC27C1E1CB60B466E276 16296 ----a-w- C:\Program Files\Java\jre7\bin\policytool.exe
2014-08-09 05:33:24 E459F1214BBAF09A592C6D6468BF09F3 16296 ----a-w- C:\Program Files\Java\jre7\bin\keytool.exe
2014-08-09 05:33:24 DA210735854233048365C40305F6F0B3 16296 ----a-w- C:\Program Files\Java\jre7\bin\kinit.exe
2014-08-09 05:33:24 CEDBC2B0FAD9E588F465B5A50F2DB1E9 76200 ----a-w- C:\Program Files\Java\jre7\bin\javacpl.exe
2014-08-09 05:33:24 A6E5D44F5B2A2B431323F0647A696C6A 16296 ----a-w- C:\Program Files\Java\jre7\bin\ktab.exe
2014-08-09 05:33:24 A17F07317F540F1F7012C5DEB7F0E99D 180648 ----a-w- C:\Program Files\Java\jre7\bin\unpack200.exe
2014-08-09 05:33:24 A10DB0FC2BD7F0A562DDB1A9F7DE77BE 16296 ----a-w- C:\Program Files\Java\jre7\bin\pack200.exe
2014-08-09 05:33:24 8B37FA1E34112D502174D24A2F664724 65448 ----a-w- C:\Program Files\Java\jre7\bin\ssvagent.exe
2014-08-09 05:33:24 881430C055BAD0233EF9014C12AC629A 189352 ----a-w- C:\Program Files\Java\jre7\bin\java.exe
2014-08-09 05:33:24 8149698F8897D4CD098AE38FDC691948 55720 ----a-w- C:\Program Files\Java\jre7\bin\jabswitch.exe
2014-08-09 05:33:24 2E887F4AC98A770775372D04BCA00657 98216 ----a-w- C:\Program Files\Java\jre7\bin\jp2launcher.exe
2014-08-09 05:33:24 2DCD165DF82FEBE7DC356B25B84BCE0F 16296 ----a-w- C:\Program Files\Java\jre7\bin\java-rmi.exe
2014-08-09 05:33:24 2CB585E8C47166BABBC54F0FC8D46D83 16296 ----a-w- C:\Program Files\Java\jre7\bin\servertool.exe
2014-08-09 05:33:24 2BE89A7E3F7A368FAE1A9CFC1EA9DB40 16808 ----a-w- C:\Program Files\Java\jre7\bin\tnameserv.exe
2014-08-09 05:33:24 2B4F8CE2A46B899B47DBD0C988BA7211 16296 ----a-w- C:\Program Files\Java\jre7\bin\rmiregistry.exe
2014-08-09 05:33:24 24C352C7F3272A1E824D7C36033A3676 16296 ----a-w- C:\Program Files\Java\jre7\bin\klist.exe
2014-08-09 05:33:24 212EE6665B5A091DBD7A318E848E69BC 16808 ----a-w- C:\Program Files\Java\jre7\bin\orbd.exe
2014-08-09 05:33:24 1E4B49F0261DFE0554ADC597F531E2C6 319912 ----a-w- C:\Program Files\Java\jre7\bin\javaws.exe
2014-08-09 05:33:24 1548B05C02D0336546DE2303BE50A067 16296 ----a-w- C:\Program Files\Java\jre7\bin\rmid.exe
2014-08-09 05:31:44 07EF2978A5BC36720378F95566697FD8 272808 ----a-w- C:\Windows\SysWOW64\javaws.exe
2014-08-09 05:31:40 3BDEB17FE6390BFF1BF3A2D964DE8E48 175528 ----a-w- C:\Windows\SysWOW64\javaw.exe
2014-08-09 05:31:40 11FD45A41DF45298686ED39062AABE2A 175528 ----a-w- C:\Windows\SysWOW64\java.exe
2014-08-09 05:31:36 F69D8BDC202973592D710BC913D01919 48040 ----a-w- C:\Program Files (x86)\Java\jre7\bin\jabswitch.exe
2014-08-09 05:31:36 F67D9621616CB31217A497FEDE4913F5 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\pack200.exe
2014-08-09 05:31:36 EC4C47AADE6606AFCDEAB28E29654ECE 75688 ----a-w- C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe
2014-08-09 05:31:36 CEEFA72555A8FAD52C29BA17AE3E6DEF 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\servertool.exe
2014-08-09 05:31:36 C8883F91C31CAC40890AC8B668E05F61 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\java-rmi.exe
2014-08-09 05:31:36 C3F55C9B02A22EC0B345E20AE9AE9B71 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\klist.exe
2014-08-09 05:31:36 BF918C9473D64BBD53C22C47045883F5 182696 ----a-w- C:\Program Files (x86)\Java\jre7\bin\jqs.exe
2014-08-09 05:31:36 A788E5ED0454307CBCFB95CC33E5F717 16808 ----a-w- C:\Program Files (x86)\Java\jre7\bin\orbd.exe
2014-08-09 05:31:36 A6B7A388547C4CDF4D8F2AF55D79AC85 145832 ----a-w- C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
2014-08-09 05:31:36 8B986C008892DB58928BC72483ADF7B9 16808 ----a-w- C:\Program Files (x86)\Java\jre7\bin\tnameserv.exe
2014-08-09 05:31:36 8B657BA869AE7D3C6A29792C986E0DD5 68008 ----a-w- C:\Program Files (x86)\Java\jre7\bin\javacpl.exe
2014-08-09 05:31:36 7ED5C21F9F29B5278FFF39718C667235 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\ktab.exe
2014-08-09 05:31:36 7DC9A0127F850997B4CFD9923C680D7D 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\keytool.exe
2014-08-09 05:31:36 7BDCC29DDFBB355761A018A74D4A1E8C 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\rmiregistry.exe
2014-08-09 05:31:36 7A17013ABD895DFBD61A5AF9996D0E5E 50088 ----a-w- C:\Program Files (x86)\Java\jre7\bin\ssvagent.exe
2014-08-09 05:31:36 48442596BFEB26E56898A0E4D2596A95 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\policytool.exe
2014-08-09 05:31:36 3BDEB17FE6390BFF1BF3A2D964DE8E48 175528 ----a-w- C:\Program Files (x86)\Java\jre7\bin\javaw.exe
2014-08-09 05:31:36 34CEC403ED594B55D55DED61A3A53DAF 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\rmid.exe
2014-08-09 05:31:36 11FD45A41DF45298686ED39062AABE2A 175528 ----a-w- C:\Program Files (x86)\Java\jre7\bin\java.exe
2014-08-09 05:31:36 07EF2978A5BC36720378F95566697FD8 272808 ----a-w- C:\Program Files (x86)\Java\jre7\bin\javaws.exe
2014-08-09 05:31:36 0371CFD6228F89B5B9E20F67807987FE 16296 ----a-w- C:\Program Files (x86)\Java\jre7\bin\kinit.exe
2014-08-09 05:30:10 7DCDAC68A564E26D251E162F06470E43 270848 ----a-w- C:\Users\Rhiannon\Downloads\Ninite 7Zip AVG Chrome Java Reader Skype Installer (1).exe
2014-08-09 05:29:40 94C7569086C6EB4374869ABC073A4F0F 270848 ----a-w- C:\Users\Rhiannon\Downloads\Ninite 7Zip AVG Chrome Java Reader Skype Installer.exe
2014-08-09 04:00:29 B4AE71F271508C4B78BBB5534D13C2BE 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-347318854-318507600-1726750354-1001\$IA4SUO7.exe
2014-08-09 03:57:04 F2B2D4280492E9375B1BC7FDC5D4E634 2094080 ----a-w- C:\Users\Rhiannon\Downloads\FRST64.exe
2014-08-09 03:29:55 EA100E56171D4BBA8E4D0B37745E985F 127752 ----a-w- C:\Program Files\HitmanPro\hmpsched.exe
2014-08-09 03:29:55 0C20503483D6FBAF0DF97D7043BB5583 11188736 ----a-w- C:\Program Files\HitmanPro\HitmanPro.exe
2014-08-09 03:28:27 0C20503483D6FBAF0DF97D7043BB5583 11188736 ----a-w- C:\Users\Rhiannon\Downloads\HitmanPro_x64.exe
2014-08-09 02:19:58 9D46D72131D0E36A79D4819F08EA0E0B 1366203 ----a-w- C:\Users\Rhiannon\Desktop\adwcleaner_3.304.exe
2014-08-05 16:52:38 30A4B7EB1E0B01D3D358079BE43348CC 77136 ----a-w- C:\ProgramData\Apple Computer\Installer Cache\iTunes 11.3.1.2\SetupAdmin.exe
=== C: other files ==
2014-08-09 05:33:24 75AE8170A7E76022FB3FB521E3866653 18619 ----a-w- C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip
2014-08-09 05:31:36 F3EABF8A2AF5C0D8BAE022EE6C17FD91 18650 ----a-w- C:\Program Files (x86)\Java\jre7\lib\deploy\ffjcext.zip
2014-08-05 22:46:01 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-08-05 22:45:51 F92B0E478C0FAA6D6661E6E977247E60 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-08-05 22:45:51 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-08-05 22:45:51 0664F6335F108F38FE08C3CA747311EE 64216 ----a-w- C:\Windows\System32\drivers\mwac.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-347318854-318507600-1726750354-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AVG_UI"="C:\Program Files (x86)\AVG\AVG2014\avgui.exe /TRAYONLY"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\windows\system32\igfxtray.exe"
"Persistence"="C:\windows\system32\igfxpers.exe"
"SimplePass"="C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe /hideui"
"OPBHOBroker"="C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe"
"OPBHOBrokerDesktop"="C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe"
"BeatsOSDApp"="C:\Program Files\IDT\WDM\beats64.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update"

==== Task Scheduler Jobs ======================

C:\windows\tasks\AVG_SYS_TASK_0614a.job --a-------- C:\ProgramData\Avg_Update_0614a\AVG-Secure-Search-Update_0614a.exe [06/19/2014 10:09 AM]
C:\windows\tasks\AVG_SYS_TASK_0614a_DELETE.job --a-------- C:\ProgramData\Avg_Update_0614a\AVG-Secure-Search-Update_0614a.exe [06/19/2014 10:09 AM]
C:\windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08/09/2014 01:02 PM]
C:\windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08/09/2014 01:02 PM]
C:\windows\tasks\HPCeeScheduleForRhiannon.job --a-------- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [07/15/2011 04:43 AM]

==== Other Scheduled Tasks ======================

"C:\windows\SysNative\tasks\AVG_SYS_TASK_0614a" [C:\ProgramData\Avg_Update_0614a\AVG-Secure-Search-Update_0614a.exe]
"C:\windows\SysNative\tasks\AVG_SYS_TASK_0614a_DELETE" [C:\ProgramData\Avg_Update_0614a\AVG-Secure-Search-Update_0614a.exe]
"C:\windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\windows\SysNative\tasks\CLMLSvc_P2G8" [c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe]
"C:\windows\SysNative\tasks\CLVDLauncher" [c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe]
"C:\windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\windows\SysNative\tasks\HPCeeScheduleForRhiannon" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\windows\SysNative\tasks\User_Feed_Synchronization-{2CCABADE-F61B-4E06-9B5A-158BB936F3A3}" [C:\windows\system32\msfeedssync.exe]
"C:\windows\SysNative\tasks\User_Feed_Synchronization-{8B711F27-F8C0-43CD-80CF-E9CC19F242BA}" [C:\windows\system32\msfeedssync.exe]
"C:\windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe]
"C:\windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]
"C:\windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]

==== Chrome Look ======================

Google Docs - Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
avast Online Security - Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Google Wallet - Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Learn French - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeifanonhefcaphaeeknpklkfnjjmpec
Gojee Food - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajebcmdcgoggdncokkbdifohckmfpgnb
Angry Birds - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj
Google Drive - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Kleki - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdndldkfimmnnfbagnkjgnemgpjadbag
Google Voice Search Hotword (Beta) - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Strawberry Pal Menstrual Calendar - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmeafmbadejchdjffdbdjdkcgfmlhjmh
Weebly - Website Builder - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnocophcbjfiimmnhlhleaooedeheifb
Google Search - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
The Flower Shop - Summer in Fairbrook - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhpcacgginliblljanhdgnkohkffaekp
XKit - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd
Vanilla - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gieohaicffldbmiilohhggbidhephnjj
AdBlock - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Knock Free - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjpklapmpfamogeeklnicfkjomdedikd
Random Chat by APumpkinPatch (video chat) - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjmnobclpbhnjcpdnpdnkbgdkbfifbao
Kindle Cloud Reader - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd
YourNextFilm - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jadajphjladhhmcjiomkmlihlknbnicc
YourNextRead - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbmoechgcbcngboikkfiojlnefcgjepp
BBC Good Food - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkffnoliaheoidfeejcmnidkkgilkja
my-diary.org - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmajfebnamplgladopdemdaenbhedkhb
TouristEye Planner - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpjpejalhlnocbhggpnokneghfenoneg
Evernote Web - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol
Fileminx - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbmphdinbmonlcogmljkkahppnkannma
Mint - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhgffcfekbglhpcdjkhhjekhdnddkflg
TumTaster - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nanfbkacbckngfcklahdgfagjlghfbgm
Diet Diary - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\neckeibmjhibmgoigmffjlihekefmffd
Google Wallet - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Elfster - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfagmcegbaeelbnibmipibkmigipedmk
Gmail - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Connected Mind - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmkffmgahaepmhkhkblhopnpleeikokc
Writer - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnengefjfhgcceajaepbjhanoojifmog

==== Chromium Startpages ======================

C:\Users\Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.tumblr.com/dashboard",
"startup_urls": [ "http://tumblr.com/" ],


==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS"
{D944BB61-2E34-4DBF-A683-47E505C587DC} Unknown Url="Not_Found"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on Tue 08/12/2014 at 10:23:04.97 ======================

 

[TwinHeadedEagle]

Fix with ZOEK

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:
  

  createsrpoint;
  autoclean;
  emptyalltemp;
  ipconfig /flushdns;b

• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

 

[Rhi-Chi]

Zoek.exe v5.0.0.0 Updated 11-August-2014
Tool run by Rhiannon on Tue 08/12/2014 at 11:28:28.66.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Rhiannon\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-08-12-002333.log 397 bytes
C:\zoek-results2014-08-12-142304.log 38424 bytes

==== System Restore Info ======================

8/12/2014 11:29:27 AM Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\PROGRA~3\SoundResearch deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Nancy\AppData\Local\MaxWebSearch deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\Rhiannon\Downloads\avg_free_stb_all_2014_4744_cnet.exe deleted
C:\Users\Rhiannon\Searches deleted
C:\windows\SysNative\tasks\AVG_SYS_TASK_0614a deleted
C:\windows\SysNative\tasks\AVG_SYS_TASK_0614a_DELETE deleted
C:\windows\SysNative\config\systemprofile\Searches deleted
"C:\PROGRA~3\Avg_Update_0614a\AVG-Secure-Search-Update_0614a.exe" deleted
"C:\PROGRA~3\Avg_Update_0614a" not deleted

==== Chrome Look ======================

Google Voice Search Hotword (Beta) - Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
avast Online Security - Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Learn French - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeifanonhefcaphaeeknpklkfnjjmpec
Gojee Food - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajebcmdcgoggdncokkbdifohckmfpgnb
Angry Birds - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj
Kleki - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdndldkfimmnnfbagnkjgnemgpjadbag
Google Voice Search Hotword (Beta) - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Weebly - Website Builder - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnocophcbjfiimmnhlhleaooedeheifb
The Flower Shop - Summer in Fairbrook - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhpcacgginliblljanhdgnkohkffaekp
XKit - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd
Vanilla - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gieohaicffldbmiilohhggbidhephnjj
AdBlock - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Knock Free - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjpklapmpfamogeeklnicfkjomdedikd
Random Chat by APumpkinPatch (video chat) - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjmnobclpbhnjcpdnpdnkbgdkbfifbao
Kindle Cloud Reader - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd
YourNextFilm - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jadajphjladhhmcjiomkmlihlknbnicc
YourNextRead - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbmoechgcbcngboikkfiojlnefcgjepp
BBC Good Food - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkffnoliaheoidfeejcmnidkkgilkja
my-diary.org - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmajfebnamplgladopdemdaenbhedkhb
Fileminx - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbmphdinbmonlcogmljkkahppnkannma
Mint - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhgffcfekbglhpcdjkhhjekhdnddkflg
TumTaster - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nanfbkacbckngfcklahdgfagjlghfbgm
Diet Diary - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\neckeibmjhibmgoigmffjlihekefmffd
Elfster - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfagmcegbaeelbnibmipibkmigipedmk
Connected Mind - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmkffmgahaepmhkhkblhopnpleeikokc
Writer - Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnengefjfhgcceajaepbjhanoojifmog

==== Chromium Startpages ======================

C:\Users\Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.tumblr.com/dashboard",
"startup_urls": [ "http://tumblr.com/" ],


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS"
{D944BB61-2E34-4DBF-A683-47E505C587DC} Unknown Url="Not_Found"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-347318854-318507600-1726750354-1001\Software\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Empty IE Cache ======================

C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Nancy\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Nancy\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\Rhiannon\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Rhiannon\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Rhiannon\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=60 folders=22 35896155 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Nancy\AppData\Local\Temp emptied successfully
C:\Users\Rhiannon\AppData\Local\Temp will be emptied at reboot
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied
C:\Users\Rhiannon\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~3\Avg_Update_0614a" not found

==== EOF on Tue 08/12/2014 at 11:49:08.54 ======================

 

[TwinHeadedEagle]

Is your problem fixed now?

 

[Rhi-Chi]

I just got home, and it hasn't popped up but can you leave the thread open for a few more days just in case?

 

[TwinHeadedEagle]

Okay, let me know.

 

[Rhi-Chi]

It's still happening

 

[TwinHeadedEagle]

Try these options:

Empty cache --> https://support.google.com/chrome/answer/95582?hl=en

Reset settings --> https://support.google.com/chrome/answer/3296214?hl=en

Delete sync data --> http://www.howtogeek.com/103655/how-to-delete-your-google-chrome-browser-sync-data/

Change DNS to Google --> http://www.computerhope.com/issues/ch001161.htm

 

[Rhi-Chi]

Okay tried this. So far so good

 

[TwinHeadedEagle]

Ok, keep me updated after day or two.