Solved IStartSurf taking over all browsers

[LiamA]

I'm having a problem with a random search engine by the name of IStartSurf, it occured after I downloaded Google Chrome AdBlock (Doesn't make sense to me) And from that point onwards my computer is always laggy and slow to function. Along with this problem, there is pop-ups which destroy my current window/tab.

I read another thread which had a similar problem and completed the first step with the zoek, here as is follows after copying and pasting what was in the box:


Zoek.exe v5.0.0.0 Updated 10-September-2014
Tool run by User on 10/09/2014 at 21:53:11.59.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\User\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

10/09/2014 21:54:47 Zoek.exe System Restore Point Created Succesfully.

==== Installed Programs ======================

Acer System Information
Adobe AIR
Adobe Flash Player 14 Plugin
Adobe Flash Player 15 ActiveX
Adobe Reader XI (11.0.07)
Adobe Shockwave Player 12.1
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 2.0.5
Auslogics DiskDefrag
avast Free Antivirus
Bonjour
Broadcom Gigabit NetLink Controller
Browse Safe
Browsers Apps
CDBurnerXP
Combined Community Codec Pack 2014-04-20
CouponFactory
D3DX10
Driver Support
eDealsPop version 1.0
eMu3Ds
FreeSoftToday 013.97
GIMP 2.8.10
Glary Utilities 5.1
Google Chrome
Google Earth
Google Update Helper
Happy Cloud Client
Hotspot Shield 3.46
Idle~_~Crawler
ImgBurn
InfraRecorder 0.53 (x64 edition)
Intel(R) Processor Graphics
istartsurf uninstall
iTunes
Java 7 Update 60
Java 7 Update 67 (64-bit)
Java Auto Updater
K-Lite Codec Pack 10.5.0 Full
Malwarebytes Anti-Malware version 2.0.2.1012
McAfee Security Scan Plus
MediaMonkey 4.1
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Movie Maker
Mozilla Firefox 31.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT110
MSVCRT110_amd64
MyPC Backup
OffersWizard Network System Driver
OpenOffice 4.1.0
Optimizer Pro v3.2
Paint.NET v3.5.11
PepperZip 1.0
Photo Common
Photo Gallery
PrivateTunnel
proXPN 2.7.2
qBittorrent 3.1.9.2
Qualcomm Atheros Fast Reconnect
QuickTime 7
Remote Desktop Access (VuuPC)
Revo Uninstaller 1.95
SaveRAuddon
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
SkypeT 6.16
SlimDrivers
Spotify
swMSM
TeamViewer 9
The Lord of the Rings Online
The Lord of the Rings OnlineT v1301.0055.0535.4025
ToggleMark
VLC media player 2.1.3
WindApp (remove only)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WindowsMangerProtect20.0.0.502
WinRAR 5.01 (64-bit)
Yahoo Community Smartbar
Yahoo Community Smartbar Engine

==== Running Processes ======================

C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\ProgramData\IePluginServices\PluginService.exe
C:\Program Files (x86)\SupTab\HpUI.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
C:\Program Files (x86)\SupTab\Loader32.exe
C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ptservice.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ptcore.exe
C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe
C:\Users\User\AppData\Local\fst_gb_97\upfst_gb_97.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\User\AppData\Local\Akamai\netsession_win.exe
C:\Users\User\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe
C:\Users\User\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\PrivateTunnel.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Users\User\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe
C:\Program Files (x86)\fst_gb_97\fst_gb_97.exe
C:\Program Files (x86)\eDealsPop\eDealsPop.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Bench\BService\1.1\bservice.exe
C:\Program Files (x86)\Bench\Wd\wd.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe
C:\Users\User\AppData\Roaming\Nosibay\Bubble Dock\Bubble Dock.exe
C:\Users\User\AppData\Local\Temp\JExplorer32.2.7.1.exe
C:\Program Files (x86)\Hotspot Shield\bin\af_proxy_cmd.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpn.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\User\Downloads\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Services (whitelist) ======================
Powered by E Dev

R2 - [70e6ca8c] - Optimizer Pro Crash Monitor - "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll",SVC
R2 - [AdobeARMservice] - Adobe Acrobat Update Service - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
R2 - [Apple Mobile Device] - Apple Mobile Device - "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
R2 - [Bonjour Service] - Bonjour Service - "C:\Program Files\Bonjour\mDNSResponder.exe"
R2 - [hshld] - Hotspot Shield Service - C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
R2 - [HssWd] - Hotspot Shield Monitoring Service - "C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe" -product hss
R2 - [IePluginServices] - IePlugin Services - C:\ProgramData\IePluginServices\PluginService.exe -service
R2 - [MsMpSvc] - Microsoft Antimalware Service - "c:\Program Files\Microsoft Security Client\MsMpEng.exe"
R2 - [ptservice] - Private Tunnel Core Service - C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ptservice.exe
R2 - [TeamViewer9] - TeamViewer 9 - "C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe"
R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
R2 - [WSearch] - Windows Search - C:\Windows\system32\SearchIndexer.exe /Embedding
R2 - [ZAtheros Wlan Agent] - ZAtheros Wlan Agent - C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe
R3 - [iPod Service] - iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
R3 - [NisSrv] - Microsoft Network Inspection - "c:\Program Files\Microsoft Security Client\NisSrv.exe"
R3 - [VSS] - Volume Shadow Copy - C:\Windows\system32\vssvc.exe
S2 - [BackupStack] - Computer Backup (MyPC Backup) - C:\Program Files (x86)\MyPC Backup\BackupStack.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S2 - [globalUpdate] - globalUpdate Update Service (globalUpdate) - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc
S2 - [gupdate] - Google Update Service (gupdate) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
S2 - [PrivacyRawRecycle.exe] - PrivacyRawRecycle.exe - C:\Users\User\AppData\Local\PrivacyRawRecycle\PrivacyRawRecycle.exe
S2 - [sppsvc] - Software Protection - C:\Windows\system32\sppsvc.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S3 - [ALG] - Application Layer Gateway Service - C:\Windows\System32\alg.exe
S3 - [COMSysApp] - COM+ System Application - C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 - [ehRecvr] - Windows Media Center Receiver Service - C:\Windows\ehome\ehRecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - C:\Windows\ehome\ehsched.exe
S3 - [Fax] - Fax - C:\Windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
S3 - [globalUpdatem] - globalUpdate Update Service (globalUpdatem) - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc
S3 - [gupdatem] - Google Update Service (gupdatem) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc
S3 - [HssTrayService] - Hotspot Shield Tray Service - C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - C:\Windows\system32\IEEtwCollector.exe /V
S3 - [McComponentHostService] - McAfee Security Scan Component Host Service - "C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe"
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
S3 - [MSDTC] - Distributed Transaction Coordinator - C:\Windows\System32\msdtc.exe
S3 - [msiserver] - Windows Installer - C:\Windows\system32\msiexec.exe /V
S3 - [PerfHost] - Performance Counter DLL Host - C:\Windows\SysWow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - C:\Windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - C:\Windows\System32\snmptrap.exe
S3 - [TrustedInstaller] - Windows Modules Installer - C:\Windows\servicing\TrustedInstaller.exe
S3 - [vds] - Virtual Disk - C:\Windows\System32\vds.exe
S3 - [WatAdminSvc] - Windows Activation Technologies Service - C:\Windows\system32\Wat\WatAdminSvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - "C:\Windows\system32\wbengine.exe"
S3 - [wmiApSrv] - WMI Performance Adapter - C:\Windows\system32\wbem\WmiApSrv.exe
S3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe"
S4 - [aspnet_state] - ASP.NET State Service - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
S4 - [CompilerRawWindows.exe] - CompilerRawWindows.exe - C:\Users\User\AppData\Local\CompilerRawWindows\CompilerRawWindows.exe
S4 - [NetHttpService] - Network HTTP Support Service - C:\Windows\SysWOW64\nethtsrv.exe
S4 - [scores] - scores - C:\Windows\score.exe

==== Folders Found ======================


==== Files Found ======================


--- C:\Windows\System32\GroupPolicy\GPT.INI ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 11
Created time: 2014-08-12 12:39:39
Modified time: 2014-08-14 15:36:51
MD5: EC3584F3DB838942EC3669DB02DC908E
SHA1: 8DCEB96874D5C6425EBB81BFEE587244C89416DA


--- C:\Windows\SysWOW64\GroupPolicy\gpt.ini ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 11
Created time: 2014-08-12 12:39:39
Modified time: 2014-08-14 15:36:51
MD5: EC3584F3DB838942EC3669DB02DC908E
SHA1: 8DCEB96874D5C6425EBB81BFEE587244C89416DA


==== Folders Found In C:\Windows\System32\GroupPolicy ======================

2014-08-12 12:39:39 d-----w- C:\Windows\System32\GroupPolicy\Machine
2014-08-12 12:39:39 d-----w- C:\Windows\System32\GroupPolicy\User

==== Files Found In C:\Windows\System32\GroupPolicy ======================

2014-08-14 15:36:51 165 ----a-w- 9119465A983611C21B0D09D23B5C8DCE C:\Windows\System32\GroupPolicy\GPT.INI

==== Files Found In C:\Windows\SysWOW64\GroupPolicy ======================

2014-08-14 15:36:51 11 ----a-w- EC3584F3DB838942EC3669DB02DC908E C:\Windows\SysWOW64\GroupPolicy\gpt.ini

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 5815 MB
CPU Info: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz
CPU Speed: 2635.2 MHz
Sound Card: Headset Earphone (2- Microsoft |
Speakers (High Definition Audio |
Display Adapters: Intel(R) HD Graphics | Intel(R) HD Graphics | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Anchorfree HSS VPN Adapter #2 | Anchorfree HSS VPN Adapter | TAP Adapter V9 for Private Tunnel | Atheros AR5B97 Wireless Network Adapter | Broadcom NetLink (TM) Gigabit Ethernet
CD / DVD Drives: 1x (D: | ) D: PIONEER DVD-RW DVRTD11RS
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 2 Button Mouse Present
Hard Disks: C: 111.7GB
Hard Disks - Free: C: 53.5GB
Manufacturer *: Acer
BIOS Info: AT/AT COMPATIBLE | 05/30/11 | ACRSYS - 1
Time Zone: GMT Standard Time
Motherboard *: Acer Aspire 5742
Country: United Kingdom
Language: ENG

==== System Specs (Software) ======================

Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)
Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: avast! Antivirus disabled (Outdated)
Anti-Spyware: Microsoft Security Essentials disabled (Outdated)
Default Browser: Firefox 31.0
Internet Explorer Version: 11.0.9600.17239
Mozilla Firefox version: 31.0 (x86 en-US)
Google Chrome version: 37.0.2062.103
Adobe Reader version: 11.0.07.79
Sun Java version: 1.7.0_67 (32-bit)
Sun Java version: 1.7.0_67 (64-bit)
Flash Player version: 14.0.0.145
Shockwave Player version: 12.1.2r152

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2014-08-12 13:20:36 357CEBBCD99C8928A2D1A61A6CACC168 43152 ----a-w- C:\Windows\avastSS.scr
2014-08-12 10:43:11 43BB01FA6B3E6E4D4343BDEAB3EC56B7 4816384 ----a-w- C:\Windows\score.exe
====== C:\Users\User\AppData\Local\Temp ====
2014-09-10 14:51:10 9251C7F50E95F549A72904A2D08DAD5C 49249 ----a-w- C:\Users\User\AppData\Local\Temp\privatetunnel-desktop-jar-with-dependencies.Build.Unknownde095e0b-e3a3-4446-b1e8-f8e7ffb32cad\jniwrap.dll
2014-09-09 17:05:44 9251C7F50E95F549A72904A2D08DAD5C 49249 ------w- C:\Users\User\AppData\Local\Temp\privatetunnel-desktop-jar-with-dependencies.Build.Unknown33637f02-1f83-41f9-b913-238373dca614\jniwrap.dll
2014-09-08 15:03:20 9251C7F50E95F549A72904A2D08DAD5C 49249 ----a-w- C:\Users\User\AppData\Local\Temp\privatetunnel-desktop-jar-with-dependencies.Build.Unknown1b63191f-ece6-4dda-a4fa-d16f8f91a308\jniwrap.dll
2014-09-07 08:19:51 9251C7F50E95F549A72904A2D08DAD5C 49249 ------w- C:\Users\User\AppData\Local\Temp\privatetunnel-desktop-jar-with-dependencies.Build.Unknown7449f4c7-2381-4e4a-9a64-2a521d76adcd\jniwrap.dll
2014-09-06 09:45:36 9251C7F50E95F549A72904A2D08DAD5C 49249 ----a-w- C:\Users\User\AppData\Local\Temp\privatetunnel-desktop-jar-with-dependencies.Build.Unknown62747c7a-ab0e-4e30-9c5c-88ad231a964f\jniwrap.dll
2014-09-05 12:28:06 9251C7F50E95F549A72904A2D08DAD5C 49249 ------w- C:\Users\User\AppData\Local\Temp\privatetunnel-desktop-jar-with-dependencies.Build.Unknown25d56463-afe5-45a5-91af-d2489f045f85\jniwrap.dll
2014-09-04 15:03:35 9251C7F50E95F549A72904A2D08DAD5C 49249 ----a-w- C:\Users\User\AppData\Local\Temp\privatetunnel-desktop-jar-with-dependencies.Build.Unknown8223d624-d81b-4b4b-a331-f995af34c79e\jniwrap.dll
2014-09-04 15:00:34 7A9CE7AB06F9C8D5330E6945CAED451A 131072 ----a-w- C:\Users\User\AppData\Local\Temp\{4AF357ED-C7A4-411D-A18C-B71244991553}\{628DD5EE-DC77-49F6-A876-94F3A1E4DF42}\extensions\vagrant@firefox.net\resources\vagrant\data\dll\MuterWin7-64.dll
2014-09-04 15:00:33 9E816C5D8F31EFAA4F5316DFE3D830B9 116736 ----a-w- C:\Users\User\AppData\Local\Temp\{4AF357ED-C7A4-411D-A18C-B71244991553}\{628DD5EE-DC77-49F6-A876-94F3A1E4DF42}\extensions\vagrant@firefox.net\resources\vagrant\data\dll\MuterWin7-32.dll
2014-09-04 15:00:33 3C92833D35AF2B1275CD4E825C1D2C9B 132096 ----a-w- C:\Users\User\AppData\Local\Temp\{4AF357ED-C7A4-411D-A18C-B71244991553}\{628DD5EE-DC77-49F6-A876-94F3A1E4DF42}\extensions\vagrant@firefox.net\resources\vagrant\data\dll\MuterHook-64.dll
2014-09-04 15:00:28 3BFA4922D5187D5080B1CF5AB86C58E3 111104 ----a-w- C:\Users\User\AppData\Local\Temp\{4AF357ED-C7A4-411D-A18C-B71244991553}\{628DD5EE-DC77-49F6-A876-94F3A1E4DF42}\extensions\vagrant@firefox.net\resources\vagrant\data\dll\MuterHook-32.dll
2014-09-03 21:41:35 9E816C5D8F31EFAA4F5316DFE3D830B9 116736 ----a-w- C:\Users\User\AppData\Local\Temp\{4AF357ED-C7A4-411D-A18C-B71244991553}\{007AED8C-35A4-4738-810E-3BCB8442D356}\extensions\vagrant@firefox.net\resources\vagrant\data\dll\MuterWin7-32.dll
2014-09-03 21:41:35 7A9CE7AB06F9C8D5330E6945CAED451A 131072 ----a-w- C:\Users\User\AppData\Local\Temp\{4AF357ED-C7A4-411D-A18C-B71244991553}\{007AED8C-35A4-4738-810E-3BCB8442D356}\extensions\vagrant@firefox.net\resources\vagrant\data\dll\MuterWin7-64.dll
2014-09-03 21:41:35 3C92833D35AF2B1275CD4E825C1D2C9B 132096 ----a-w- C:\Users\User\AppData\Local\Temp\{4AF357ED-C7A4-411D-A18C-B71244991553}\{007AED8C-35A4-4738-810E-3BCB8442D356}\extensions\vagrant@firefox.net\resources\vagrant\data\dll\MuterHook-64.dll
2014-09-03 21:41:35 3BFA4922D5187D5080B1CF5AB86C58E3 111104 ----a-w- C:\Users\User\AppData\Local\Temp\{4AF357ED-C7A4-411D-A18C-B71244991553}\{007AED8C-35A4-4738-810E-3BCB8442D356}\extensions\vagrant@firefox.net\resources\vagrant\data\dll\MuterHook-32.dll
2014-09-03 21:34:25 7A9CE7AB06F9C8D5330E6945CAED451A 131072 ----a-w- C:\Users\User\AppData\Local\Temp\{4AF357ED-C7A4-411D-A18C-B71244991553}\{E569CD3F-7E23-41E6-973E-C2D39EF8BEAC}\extensions\vagrant@firefox.net\resources\vagrant\data\dll\MuterWin7-64.dll
2014-09-03 21:34:24 9E816C5D8F31EFAA4F5316DFE3D830B9 116736 ----a-w- C:\Users\User\AppData\Local\Temp\{4AF357ED-C7A4-411D-A18C-B71244991553}\{E569CD3F-7E23-41E6-973E-C2D39EF8BEAC}\extensions\vagrant@firefox.net\resources\vagrant\data\dll\MuterWin7-32.dll
2014-09-03 21:34:24 3C92833D35AF2B1275CD4E825C1D2C9B 132096 ----a-w- C:\Users\User\AppData\Local\Temp\{4AF357ED-C7A4-411D-A18C-B71244991553}\{E569CD3F-7E23-41E6-973E-C2D39EF8BEAC}\extensions\vagrant@firefox.net\resources\vagrant\data\dll\MuterHook-64.dll
2014-09-03 21:34:24 3BFA4922D5187D5080B1CF5AB86C58E3 111104 ----a-w- C:\Users\User\AppData\Local\Temp\{4AF357ED-C7A4-411D-A18C-B71244991553}\{E569CD3F-7E23-41E6-973E-C2D39EF8BEAC}\extensions\vagrant@firefox.net\resources\vagrant\data\dll\MuterHook-32.dll
2014-09-03 20:58:14 9E816C5D8F31EFAA4F5316DFE3D830B9 116736 ----a-w- C:\Users\User\AppData\Local\Temp\{4AF357ED-C7A4-411D-A18C-B71244991553}\{7EF16A5F-6C05-4F0A-90EC-2AB2BFD82F4A}\extensions\vagrant@firefox.net\resources\vagrant\data\dll\MuterWin7-32.dll
2014-09-03 20:58:14 7A9CE7AB06F9C8D5330E6945CAED451A 131072 ----a-w- C:\Users\User\AppData\Local\Temp\{4AF357ED-C7A4-411D-A18C-B71244991553}\{7EF16A5F-6C05-4F0A-90EC-2AB2BFD82F4A}\extensions\vagrant@firefox.net\resources\vagrant\data\dll\MuterWin7-64.dll
2014-09-03 20:58:14 3C92833D35AF2B1275CD4E825C1D2C9B 132096 ----a-w- C:\Users\User\AppData\Local\Temp\{4AF357ED-C7A4-411D-A18C-B71244991553}\{7EF16A5F-6C05-4F0A-90EC-2AB2BFD82F4A}\extensions\vagrant@firefox.net\resources\vagrant\data\dll\MuterHook-64.dll
2014-09-03 20:58:14 3BFA4922D5187D5080B1CF5AB86C58E3 111104 ----a-w- C:\Users\User\AppData\Local\Temp\{4AF357ED-C7A4-411D-A18C-B71244991553}\{7EF16A5F-6C05-4F0A-90EC-2AB2BFD82F4A}\extensions\vagrant@firefox.net\resources\vagrant\data\dll\MuterHook-32.dll
2014-09-03 20:50:04 7A9CE7AB06F9C8D5330E6945CAED451A 131072 ----a-w- C:\Users\User\AppData\Local\Temp\{4AF357ED-C7A4-411D-A18C-B71244991553}\{E760846F-A7A5-48E9-8AC5-21B3EED9DDDD}\extensions\vagrant@firefox.net\resources\vagrant\data\dll\MuterWin7-64.dll
2014-09-03 20:50:03 9E816C5D8F31EFAA4F5316DFE3D830B9 116736 ----a-w- C:\Users\User\AppData\Local\Temp\{4AF357ED-C7A4-411D-A18C-B71244991553}\{E760846F-A7A5-48E9-8AC5-21B3EED9DDDD}\extensions\vagrant@firefox.net\resources\vagrant\data\dll\MuterWin7-32.dll
2014-09-03 20:50:03 3C92833D35AF2B1275CD4E825C1D2C9B 132096 ----a-w- C:\Users\User\AppData\Local\Temp\{4AF357ED-C7A4-411D-A18C-B71244991553}\{E760846F-A7A5-48E9-8AC5-21B3EED9DDDD}\extensions\vagrant@firefox.net\resources\vagrant\data\dll\MuterHook-64.dll
2014-09-03 20:50:03 3BFA4922D5187D5080B1CF5AB86C58E3 111104 ----a-w- C:\Users\User\AppData\Local\Temp\{4AF357ED-C7A4-411D-A18C-B71244991553}\{E760846F-A7A5-48E9-8AC5-21B3EED9DDDD}\extensions\vagrant@firefox.net\resources\vagrant\data\dll\MuterHook-32.dll
2014-09-03 20:35:30 9E816C5D8F31EFAA4F5316DFE3D830B9 116736 ----a-w- C:\Users\User\AppData\Local\Temp\{4AF357ED-C7A4-411D-A18C-B71244991553}\{C719D746-DDF3-4F98-BDBA-C8B0F40FFC4B}\extensions\vagrant@firefox.net\resources\vagrant\data\dll\MuterWin7-32.dll
2014-09-03 20:35:30 7A9CE7AB06F9C8D5330E6945CAED451A 131072 ----a-w- C:\Users\User\AppData\Local\Temp\{4AF357ED-C7A4-411D-A18C-B71244991553}\{C719D746-DDF3-4F98-BDBA-C8B0F40FFC4B}\extensions\vagrant@firefox.net\resources\vagrant\data\dll\MuterWin7-64.dll
2014-09-03 20:35:29 3C92833D35AF2B1275CD4E825C1D2C9B 132096 ----a-w- C:\Users\User\AppData\Local\Temp\{4AF357ED-C7A4-411D-A18C-B71244991553}\{C719D746-DDF3-4F98-BDBA-C8B0F40FFC4B}\extensions\vagrant@firefox.net\resources\vagrant\data\dll\MuterHook-64.dll
2014-09-03 20:35:29 3BFA4922D5187D5080B1CF5AB86C58E3 111104 ----a-w- C:\Users\User\AppData\Local\Temp\{4AF357ED-C7A4-411D-A18C-B71244991553}\{C719D746-DDF3-4F98-BDBA-C8B0F40FFC4B}\extensions\vagrant@firefox.net\resources\vagrant\data\dll\MuterHook-32.dll
2014-09-03 20:21:11 9E816C5D8F31EFAA4F5316DFE3D830B9 116736 ----a-w- C:\Users\User\AppData\Local\Temp\{4AF357ED-C7A4-411D-A18C-B71244991553}\{DA61D9CA-C087-4228-9994-C898D16A6AE3}\extensions\vagrant@firefox.net\resources\vagrant\data\dll\MuterWin7-32.dll
2014-09-03 20:21:11 7A9CE7AB06F9C8D5330E6945CAED451A 131072 ----a-w- C:\Users\User\AppData\Local\Temp\{4AF357ED-C7A4-411D-A18C-B71244991553}\{DA61D9CA-C087-4228-9994-C898D16A6AE3}\extensions\vagrant@firefox.net\resources\vagrant\data\dll\MuterWin7-64.dll
2014-09-03 20:21:11 3C92833D35AF2B1275CD4E825C1D2C9B 132096 ----a-w- C:\Users\User\AppData\Local\Temp\{4AF357ED-C7A4-411D-A18C-B71244991553}\{DA61D9CA-C087-4228-9994-C898D16A6AE3}\extensions\vagrant@firefox.net\resources\vagrant\data\dll\MuterHook-64.dll
2014-09-03 20:21:11 3BFA4922D5187D5080B1CF5AB86C58E3 111104 ----a-w- C:\Users\User\AppData\Local\Temp\{4AF357ED-C7A4-411D-A18C-B71244991553}\{DA61D9CA-C087-4228-9994-C898D16A6AE3}\extensions\vagrant@firefox.net\resources\vagrant\data\dll\MuterHook-32.dll
2014-09-03 20:15:00 9E816C5D8F31EFAA4F5316DFE3D830B9 116736 ----a-w- C:\Users\User\AppData\Local\Temp\{4AF357ED-C7A4-411D-A18C-B71244991553}\{C9D7061C-5EAD-49D2-AADA-8696814CA741}\extensions\vagrant@firefox.net\resources\vagrant\data\dll\MuterWin7-32.dll
2014-09-03 20:15:00 7A9CE7AB06F9C8D5330E6945CAED451A 131072 ----a-w- C:\Users\User\AppData\Local\Temp\{4AF357ED-C7A4-411D-A18C-B71244991553}\{C9D7061C-5EAD-49D2-AADA-8696814CA741}\extensions\vagrant@firefox.net\resources\vagrant\data\dll\MuterWin7-64.dll
2014-09-03 20:15:00 3C92833D35AF2B1275CD4E825C1D2C9B 132096 ----a-w- C:\Users\User\AppData\Local\Temp\{4AF357ED-C7A4-411D-A18C-B71244991553}\{C9D7061C-5EAD-49D2-AADA-8696814CA741}\extensions\vagrant@firefox.net\resources\vagrant\data\dll\MuterHook-64.dll
2014-09-03 20:15:00 3BFA4922D5187D5080B1CF5AB86C58E3 111104 ----a-w- C:\Users\User\AppData\Local\Temp\{4AF357ED-C7A4-411D-A18C-B71244991553}\{C9D7061C-5EAD-49D2-AADA-8696814CA741}\extensions\vagrant@firefox.net\resources\vagrant\data\dll\MuterHook-32.dll
2014-09-03 20:05:47 9E816C5D8F31EFAA4F5316DFE3D830B9 116736 ----a-w- C:\Users\User\AppData\Local\Temp\{4AF357ED-C7A4-411D-A18C-B71244991553}\{9E8AB65D-27F1-457F-B6BF-7211C9960C88}\extensions\vagrant@firefox.net\resources\vagrant\data\dll\MuterWin7-32.dll
2014-09-03 20:05:47 7A9CE7AB06F9C8D5330E6945CAED451A 131072 ----a-w- C:\Users\User\AppData\Local\Temp\{4AF357ED-C7A4-411D-A18C-B71244991553}\{9E8AB65D-27F1-457F-B6BF-7211C9960C88}\extensions\vagrant@firefox.net\resources\vagrant\data\dll\MuterWin7-64.dll
2014-09-03 20:05:46 3C92833D35AF2B1275CD4E825C1D2C9B 132096 ----a-w- C:\Users\User\AppData\Local\Temp\{4AF357ED-C7A4-411D-A18C-B71244991553}\{9E8AB65D-27F1-457F-B6BF-7211C9960C88}\extensions\vagrant@firefox.net\resources\vagrant\data\dll\MuterHook-64.dll
2014-09-03 20:05:46 3BFA4922D5187D5080B1CF5AB86C58E3 111104 ----a-w- C:\Users\User\AppData\Local\Temp\{4AF357ED-C7A4-411D-A18C-B71244991553}\{9E8AB65D-27F1-457F-B6BF-7211C9960C88}\extensions\vagrant@firefox.net\resources\vagrant\data\dll\MuterHook-32.dll
2014-09-03 19:54:25 9E816C5D8F31EFAA4F5316DFE3D830B9 116736 ----a-w- C:\Users\User\AppData\Local\Temp\{4AF357ED-C7A4-411D-A18C-B71244991553}\{F524719B-E023-426C-90C5-3C39ACB7E0BB}\extensions\vagrant@firefox.net\resources\vagrant\data\dll\MuterWin7-32.dll
2014-09-03 19:54:25 7A9CE7AB06F9C8D5330E6945CAED451A 131072 ----a-w- C:\Users\User\AppData\Local\Temp\{4AF357ED-C7A4-411D-A18C-B71244991553}\{F524719B-E023-426C-90C5-3C39ACB7E0BB}\extensions\vagrant@firefox.net\resources\vagrant\data\dll\MuterWin7-64.dll
2014-09-03 19:54:25 3C92833D35AF2B1275CD4E825C1D2C9B 132096 ----a-w- C:\Users\User\AppData\Local\Temp\{4AF357ED-C7A4-411D-A18C-B71244991553}\{F524719B-E023-426C-90C5-3C39ACB7E0BB}\extensions\vagrant@firefox.net\resources\vagrant\data\dll\MuterHook-64.dll
2014-09-03 19:54:25 3BFA4922D5187D5080B1CF5AB86C58E3 111104 ----a-w- C:\Users\User\AppData\Local\Temp\{4AF357ED-C7A4-411D-A18C-B71244991553}\{F524719B-E023-426C-90C5-3C39ACB7E0BB}\extensions\vagrant@firefox.net\resources\vagrant\data\dll\MuterHook-32.dll
2014-09-03 19:48:16 9251C7F50E95F549A72904A2D08DAD5C 49249 ------w- C:\Users\User\AppData\Local\Temp\privatetunnel-desktop-jar-with-dependencies.Build.Unknownff034df9-38b1-4751-9fb6-16b67ec20d17\jniwrap.dll
2014-09-03 19:34:10 9251C7F50E95F549A72904A2D08DAD5C 49249 ------w- C:\Users\User\AppData\Local\Temp\privatetunnel-desktop-jar-with-dependencies.Build.Unknownc4a75055-828b-49e7-9759-be1bf642c91a\jniwrap.dll
2014-09-03 15:03:40 9251C7F50E95F549A72904A2D08DAD5C 49249 ----a-w- C:\Users\User\AppData\Local\Temp\privatetunnel-desktop-jar-with-dependencies.Build.Unknownca017e71-7667-4fc1-99fb-d44609520184\jniwrap.dll
2014-09-03 14:52:19 9251C7F50E95F549A72904A2D08DAD5C 49249 ------w- C:\Users\User\AppData\Local\Temp\privatetunnel-desktop-jar-with-dependencies.Build.Unknown89dc08ab-fffc-4867-86e3-f27ab312ad24\jniwrap.dll
2014-09-02 15:14:54 9251C7F50E95F549A72904A2D08DAD5C 49249 ------w- C:\Users\User\AppData\Local\Temp\privatetunnel-desktop-jar-with-dependencies.Build.Unknown43a36978-a220-441e-aec6-966b8ee7a888\jniwrap.dll
2014-09-01 15:05:03 9251C7F50E95F549A72904A2D08DAD5C 49249 ------w- C:\Users\User\AppData\Local\Temp\privatetunnel-desktop-jar-with-dependencies.Build.Unknown6630ab8e-2436-4b07-9d05-747545d92f15\jniwrap.dll
2014-08-31 07:55:47 9251C7F50E95F549A72904A2D08DAD5C 49249 ------w- C:\Users\User\AppData\Local\Temp\privatetunnel-desktop-jar-with-dependencies.Build.Unknownbc61fdad-e4dc-41f0-a0ee-9ba09ad42b66\jniwrap.dll
2014-08-30 12:50:01 9251C7F50E95F549A72904A2D08DAD5C 49249 ------w- C:\Users\User\AppData\Local\Temp\privatetunnel-desktop-jar-with-dependencies.Build.Unknown271bc7a5-64d6-449f-b529-012dd80ff008\jniwrap.dll
2014-08-30 09:27:15 9251C7F50E95F549A72904A2D08DAD5C 49249 ------w- C:\Users\User\AppData\Local\Temp\privatetunnel-desktop-jar-with-dependencies.Build.Unknowneb8b2cce-c725-4927-a399-564a51b2a18d\jniwrap.dll
2014-08-29 11:04:10 9251C7F50E95F549A72904A2D08DAD5C 49249 ------w- C:\Users\User\AppData\Local\Temp\privatetunnel-desktop-jar-with-dependencies.Build.Unknown02ca584c-cd92-4b58-86e5-132ed295c457\jniwrap.dll
2014-08-28 14:54:05 9251C7F50E95F549A72904A2D08DAD5C 49249 ------w- C:\Users\User\AppData\Local\Temp\privatetunnel-desktop-jar-with-dependencies.Build.Unknownf9e116d6-332c-4b1f-adf3-05ed426b39af\jniwrap.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-08-28 15:00:07 980305AC3AF53C1964A11190451ABB32 311808 ----a-w- C:\Windows\SysWOW64\gdi32.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-09-03 19:56:52 1E4B49F0261DFE0554ADC597F531E2C6 319912 ----a-w- C:\Windows\Sysnative\javaws.exe
2014-09-03 19:56:43 F5853E27E18E47E4A0F1F69F068B5AEC 111016 ----a-w- C:\Windows\Sysnative\WindowsAccessBridge-64.dll
2014-09-03 19:56:43 EC335EBD1AD1B3D252F9485DFE9AA6A7 189352 ----a-w- C:\Windows\Sysnative\javaw.exe
2014-09-03 19:56:43 881430C055BAD0233EF9014C12AC629A 189352 ----a-w- C:\Windows\Sysnative\java.exe
2014-08-28 15:00:07 A347EF56B7CD8360B3EF7772FEA597B9 3163648 ----a-w- C:\Windows\Sysnative\win32k.sys
2014-08-28 15:00:07 860528C9E50AB84935843B23A80E665E 404480 ----a-w- C:\Windows\Sysnative\gdi32.dll
====== C:\Windows\Sysnative\drivers =====
2014-09-10 20:47:45 95B3CEAF06A2DF96FE28CD0755D319C4 79064 ----a-w- C:\Windows\Sysnative\drivers\essb.sys
2014-09-10 20:31:58 ADCFDB071D98DE433842D54A6566724C 55104 ----a-w- C:\Windows\Sysnative\drivers\ucjbnfyo.sys
2014-09-10 20:21:38 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-08-13 15:38:28 87CE5C8965E101CCCED1F4675557E868 985536 ----a-w- C:\Windows\Sysnative\drivers\dxgkrnl.sys
2014-08-12 13:20:51 48DED912CDE54FC0923B9858512366E1 92008 ----a-w- C:\Windows\Sysnative\drivers\aswStm.sys
2014-08-12 13:20:50 B8FDEDE963B82CFD23B3A53A3084666D 1041168 ----a-w- C:\Windows\Sysnative\drivers\aswSnx.sys
2014-08-12 13:20:50 471A311745848B80339436688A8286E6 224896 ----a-w- C:\Windows\Sysnative\drivers\aswVmm.sys
2014-08-12 13:20:50 0DEDC041DF594AEC2C3BD00417CFAF60 427360 ----a-w- C:\Windows\Sysnative\drivers\aswsp.sys
2014-08-12 13:20:49 FF1E537A3632CBB9A0BF72B9FD0878D5 79184 ----a-w- C:\Windows\Sysnative\drivers\aswMonFlt.sys
2014-08-12 13:20:49 D95E64416A4A3ED6986E0F474DA934BD 29208 ----a-w- C:\Windows\Sysnative\drivers\aswHwid.sys
2014-08-12 13:20:49 645D97385F3F284FB5604F9B970F4D24 65776 ----a-w- C:\Windows\Sysnative\drivers\aswRvrt.sys
2014-08-12 13:20:48 A5757DE5F9C83AB40667A53D5126EA40 93568 ----a-w- C:\Windows\Sysnative\drivers\aswRdr2.sys
====== C:\Windows\Tasks ======
2014-08-31 21:04:37 77939B986C82BF08A22A9B02E4E16D92 4582 ----a-w- C:\Windows\Sysnative\Tasks\Idle~_~Crawler Runner
2014-08-28 15:28:08 CEFBC4378C5D12C5CA91FFF178875109 3762 ----a-w- C:\Windows\Sysnative\Tasks\Driver Support-RTMRules
2014-08-28 15:28:07 8C4040C0996331E4B4A8A75CFE87D3A1 3776 ----a-w- C:\Windows\Sysnative\Tasks\Driver Support-RTMUpdater
2014-08-28 15:28:06 766156E6FEFDC3AC87DABC4A54C2A81D 3778 ----a-w- C:\Windows\Sysnative\Tasks\Driver Support-RTMScan
2014-08-12 13:26:11 455334C97AFB84E3D0359EAE20471C39 4182 ----a-w- C:\Windows\Sysnative\Tasks\avast! Emergency Update
2014-08-12 10:45:16 C33A2251AB36E42CF212C2E22B87B421 1376 ----a-w- C:\Windows\Tasks\c57b5d7b-2403-4341-b235-3e180f8171e4-2.job
2014-08-12 10:45:16 6162432589E45B81BAF2A495CC017452 4406 ----a-w- C:\Windows\Sysnative\Tasks\c57b5d7b-2403-4341-b235-3e180f8171e4-2
2014-08-12 10:45:10 74900F71CACBCDBBFAB57625FF25AF2F 1692 ----a-w- C:\Windows\Tasks\c57b5d7b-2403-4341-b235-3e180f8171e4-1.job
2014-08-12 10:45:10 6ECD68EEC507D5CC41A38474BCDC753F 4722 ----a-w- C:\Windows\Sysnative\Tasks\c57b5d7b-2403-4341-b235-3e180f8171e4-1
2014-08-12 10:44:30 95A5D4EC9B11D1D51F6A33CF1426ABC1 2006 ----a-w- C:\Windows\Tasks\c57b5d7b-2403-4341-b235-3e180f8171e4-7.job
2014-08-12 10:44:30 5133B11216B164911DB32CD95BC3F32C 5036 ----a-w- C:\Windows\Sysnative\Tasks\c57b5d7b-2403-4341-b235-3e180f8171e4-7
2014-08-12 10:44:25 A29F7DE523F787B4F89079F12EF3AA6A 3636 ----a-w- C:\Windows\Sysnative\Tasks\90a6a590-0d41-4f77-a577-a138cdea22b4
2014-08-12 10:44:24 DBE653286F7BBDEB17A7F5674315A57B 614 ----a-w- C:\Windows\Tasks\90a6a590-0d41-4f77-a577-a138cdea22b4.job
2014-08-12 10:44:11 1F2972CBE76285CA8897C08372CBC368 3886 ----a-w- C:\Windows\Sysnative\Tasks\globalUpdateUpdateTaskMachineUA
2014-08-12 10:44:08 72675333E8492A6F3B87C03867FBA23F 888 ----a-w- C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-08-12 10:44:05 BF4C4EE6E23EB81049AB1804521636A6 3632 ----a-w- C:\Windows\Sysnative\Tasks\globalUpdateUpdateTaskMachineCore
2014-08-12 10:44:00 9262C90C1FF44356F6BC0BB1F3549ED5 884 ----a-w- C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-08-12 10:43:46 AFB260021A0469CAB83CAAC39C97075E 3238 ----a-w- C:\Windows\Sysnative\Tasks\Optimizer Pro Schedule
2014-08-12 10:43:07 619C68932D0DF7D9E423FECF8D5C4E19 4020 ----a-w- C:\Windows\Sysnative\Tasks\LaunchSignup
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2014-08-28 15:27:33 -------- d-----w- C:\PROGRA~2\Driver Support
2014-08-14 15:36:45 -------- d-----w- C:\PROGRA~2\SupTab
2014-08-14 15:36:29 -------- d-----w- C:\PROGRA~2\Bench
2014-08-14 15:36:12 -------- d-----w- C:\PROGRA~2\Browse Safe
2014-08-13 15:23:26 -------- d-----w- C:\PROGRA~2\ToggleMark
2014-08-12 12:39:40 -------- d-----w- C:\PROGRA~2\cosstminn
2014-08-12 12:39:23 -------- d-----w- C:\PROGRA~2\eDealsPop
2014-08-12 12:27:58 -------- d-----w- C:\PROGRA~2\COMMON~1\Java
2014-08-12 10:43:47 -------- d-----w- C:\PROGRA~2\globalUpdate
2014-08-12 10:43:38 -------- d-----w- C:\PROGRA~2\Browsers Apps
2014-08-12 10:43:16 -------- d-----w- C:\PROGRA~2\PepperZip
2014-08-12 10:43:08 -------- d-----w- C:\PROGRA~2\Optimizer Pro
2014-08-12 10:42:36 -------- d-----w- C:\PROGRA~2\MyPC Backup
2014-08-12 10:41:07 -------- d-----w- C:\PROGRA~2\fst_gb_97
======= C: =====
2014-08-12 12:50:31 F14F1EBB47CCBD9C1AE2348E8FF7BF9E 687 ----a-w- C:\awh4AA6.tmp
2014-08-12 08:57:33 F14F1EBB47CCBD9C1AE2348E8FF7BF9E 687 ----a-w- C:\awh2D37.tmp
====== C:\Users\User\AppData\Roaming ======
2014-09-04 15:10:44 4352D88A78AA39750BF70CD6F27BCAA5 4 ----a-w- C:\Users\User\AppData\Roaming\appdataFr2.bin
2014-09-03 19:52:56 -------- d-----w- C:\Users\User\AppData\Local\Adobe
2014-08-31 21:04:34 -------- d-----w- C:\Users\User\AppData\Local\Idle~_~Crawler
2014-08-31 18:40:10 -------- d-----w- C:\Users\User\AppData\Roaming\OpenOffice
2014-08-28 15:28:04 -------- d-----w- C:\Users\User\AppData\Local\PC_Drivers_Headquarters
2014-08-25 15:09:04 -------- d-----w- C:\Users\User\AppData\Local\DebugSoftwareUtility
2014-08-14 15:37:03 -------- d-----w- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browse Safe
2014-08-14 15:36:29 -------- d-----w- C:\Users\User\AppData\Locallow\{8E56A02B-46FE-4490-B169-F16E5231533B}
2014-08-14 15:36:26 -------- d-----w- C:\Users\User\AppData\Roaming\istartsurf
2014-08-14 15:36:09 -------- d-----w- C:\Users\User\AppData\Local\Browse Safe
2014-08-13 19:05:46 -------- d-----w- C:\Users\User\AppData\Roaming\Store
2014-08-13 19:05:15 -------- d-----w- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bubble Dock
2014-08-13 19:04:19 -------- d-----w- C:\Users\User\AppData\Roaming\Nosibay
2014-08-13 15:23:38 -------- d-----w- C:\Users\User\AppData\Local\SearchProtect
2014-08-12 13:37:13 -------- d-----w- C:\Users\User\AppData\Roaming\Dropbox
2014-08-12 12:42:18 -------- d-----w- C:\Users\User\AppData\Local\CheckCode
2014-08-12 12:39:36 -------- d-----w- C:\Users\User\AppData\Local\Chromatic Browser
2014-08-12 12:39:36 -------- d-----w- C:\Users\Guest\AppData\Local\Chromatic Browser
2014-08-12 12:39:36 -------- d-----w- C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-08-12 12:39:35 -------- d-----w- C:\Users\User\AppData\Local\Torch
2014-08-12 12:39:35 -------- d-----w- C:\Users\Guest\AppData\Local\Torch
2014-08-12 12:39:35 -------- d-----w- C:\Users\Administrator\AppData\Local\Torch
2014-08-12 12:39:34 -------- d-----w- C:\Users\User\AppData\Local\Comodo
2014-08-12 12:39:34 -------- d-----w- C:\Users\Guest\AppData\Local\Comodo
2014-08-12 12:39:34 -------- d-----w- C:\Users\Administrator\AppData\Local\Comodo
2014-08-12 12:39:32 -------- d-----w- C:\Users\Guest\AppData\Local\Google
2014-08-12 12:39:27 -------- d-----w- C:\Users\Administrator\AppData\Local\Google
2014-08-12 10:45:43 -------- d-----w- C:\Users\User\AppData\Locallow\Smartbar
2014-08-12 10:43:46 -------- d-----w- C:\Users\User\AppData\Local\globalUpdate
2014-08-12 10:43:42 -------- d-----w- C:\Users\User\AppData\Roaming\Optimizer Pro
2014-08-12 10:43:17 -------- d-----w- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PepperZip
2014-08-12 10:42:40 -------- d-----w- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-08-12 10:42:03 -------- d-----w- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-08-12 10:42:02 -------- d-----w- C:\Users\User\AppData\Roaming\VOPackage
2014-08-12 10:41:08 -------- d-----w- C:\Users\User\AppData\Local\fst_gb_97
2014-08-12 10:40:13 -------- d-----w- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2014-08-12 10:39:51 -------- d-----w- C:\Users\User\AppData\Local\WeatherAlerts
====== C:\Users\User ======
2014-09-04 18:10:17 EE13A631AE02DF26E1E274287484E84F 895120 ----a-w- C:\Users\User\Downloads\ChromeSetup(1).exe
2014-09-03 19:26:35 -------- d-----w- C:\ProgramData\CouponFactory
2014-09-01 20:41:34 -------- d-----w- C:\ProgramData\SaveRAuddon
2014-09-01 20:21:49 -------- d-----w- C:\ProgramData\87415d5c200d2892
2014-08-31 21:03:45 B2B87E43A315EA1EB91CE837B1F01546 123469 ------w- C:\Users\Public\1CD067E59E4740D1AD79D1B37547207E\setup.exe
2014-08-31 21:03:44 -------- d-----w- C:\Users\Public\1CD067E59E4740D1AD79D1B37547207E
2014-08-28 15:28:09 -------- d-----w- C:\ProgramData\UAB
2014-08-28 15:27:59 -------- d-----w- C:\ProgramData\Driver Support
2014-08-28 15:27:47 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Support
2014-08-28 15:26:22 9F26BDD20D770BB3ACEEB42640F7EC10 351744 ------w- C:\Users\Public\906C433CEBE8467FBAC8B9C0BA903E85\setup.exe
2014-08-28 15:26:22 -------- d-----w- C:\Users\Public\906C433CEBE8467FBAC8B9C0BA903E85
2014-08-14 15:37:02 -------- d-----w- C:\ProgramData\IePluginServices
2014-08-14 15:36:32 -------- d-----w- C:\ProgramData\WindowsMangerProtect
2014-08-13 19:01:55 -------- d-----w- C:\Users\Public\BAD0A63E56F143D78BF7956FA9206150
2014-08-12 13:26:39 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-12 12:39:40 075B0DA82E23780FA2DD7F2EA0464FD4 258 --sha-r- C:\ProgramData\ntuser.pol
2014-08-12 12:39:32 -------- d-----w- C:\Users\Guest\AppData
2014-08-12 12:39:27 -------- d-----w- C:\Users\Administrator\AppData
2014-08-12 12:28:04 -------- d-----w- C:\ProgramData\Oracle
2014-08-12 10:43:21 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2014-08-12 10:43:17 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip

====== C: exe-files ==
2014-09-04 18:13:56 29DA99B398CDD1B42D2CD49CAC5BA4B8 39915088 ----a-w- C:\Program Files (x86)\Google\Update\Install\{13E798E2-2380-4A9D-9BF8-1F082DFC8F6B}\37.0.2062.103_chrome_installer.exe
2014-09-04 18:13:55 29DA99B398CDD1B42D2CD49CAC5BA4B8 39915088 ----a-w- C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\37.0.2062.103\37.0.2062.103_chrome_installer.exe
2014-09-04 18:11:05 EE13A631AE02DF26E1E274287484E84F 895120 ----a-w- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleUpdateSetup.exe
2014-09-04 18:11:05 AC6998D92A311E7CF0B4DAEC3566F444 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleUpdateBroker.exe
2014-09-04 18:11:05 956672375AF066D958E4D07F5ABAFC1A 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe
2014-09-04 18:11:04 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
2014-09-04 18:11:03 AA0E4F73727BFC8BA404884B1C1DB719 285064 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
2014-09-04 18:11:03 80E350E0AA963B2125896B13E60A4D68 114568 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleUpdateComRegisterShell64.exe
2014-09-04 18:11:03 397D14958D6C9C2B365469A857B2AC4E 230792 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
2014-09-04 18:11:02 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleUpdate.exe
2014-09-04 18:10:17 EE13A631AE02DF26E1E274287484E84F 895120 ----a-w- C:\Users\User\Downloads\ChromeSetup(1).exe
=== C: other files ==
2014-09-10 20:47:45 95B3CEAF06A2DF96FE28CD0755D319C4 79064 ----a-w- C:\Windows\System32\drivers\essb.sys
2014-09-10 20:31:58 ADCFDB071D98DE433842D54A6566724C 55104 ----a-w- C:\Windows\System32\drivers\ucjbnfyo.sys
2014-09-10 20:21:38 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-807559294-1489611633-1804961059-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"GUDelayStartup"="C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe -delayrun"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"Spotify Web Helper"="C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"Akamai NetSession Interface"="C:\Users\User\AppData\Local\Akamai\netsession_win.exe"
"Driver Support"="C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe /applicationMode:systemTray /showWelcome:false"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"Registry Helper"="C:\Program Files (x86)\Registry Helper\RegistryHelper.Exe /boot"
"fst_gb_97"="C:\Program Files (x86)\fst_gb_97\fst_gb_97.exe"
"eDealsPop"="C:\Program Files (x86)\eDealsPop\eDealsPop.exe"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Browse Safe-repairJob"="wscript.exe C:\Users\User\AppData\Local\Browse Safe\repair.js Browse Safe-repairJob"
"upfst_gb_97.exe"="C:\Users\User\AppData\Local\fst_gb_97\upfst_gb_97.exe -runonce"
"Malwarebytes Anti-Malware (cleanup)"="C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"GUDelayStartup"="C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe -delayrun"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"Spotify Web Helper"="C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"Akamai NetSession Interface"="C:\Users\User\AppData\Local\Akamai\netsession_win.exe"
"Driver Support"="C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe /applicationMode:systemTray /showWelcome:false"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"

==== Startup Folders ======================

2014-08-12 10:42:42 1097 ----a-w- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
2014-06-27 17:00:59 1931 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
2014-07-28 21:21:10 2248 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PrivateTunnel.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\90a6a590-0d41-4f77-a577-a138cdea22b4.job --a------ C:\Program Files (x86)\Browsers Apps\90a6a590-0d41-4f77-a577-a138cdea22b4.exe [12/08/2014 11:44]
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task]
C:\Windows\tasks\c57b5d7b-2403-4341-b235-3e180f8171e4-1.job --a------ C:\Program Files (x86)\Browsers Apps\Browsers Apps-codedownloader.exe [12/08/2014 11:45]
C:\Windows\tasks\c57b5d7b-2403-4341-b235-3e180f8171e4-2.job --a------ C:\Program Files (x86)\Browsers Apps\c57b5d7b-2403-4341-b235-3e180f8171e4-2.exe [12/08/2014 11:45]
C:\Windows\tasks\c57b5d7b-2403-4341-b235-3e180f8171e4-7.job --a------ C:\Program Files (x86)\Browsers Apps\c57b5d7b-2403-4341-b235-3e180f8171e4-7.exe [12/08/2014 11:44]
C:\Windows\tasks\GlaryInitialize 5.job --a------ [Undetermined Task]
C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [12/08/2014 11:43]
C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [12/08/2014 11:43]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [04/09/2014 19:10]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [04/09/2014 19:10]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\90a6a590-0d41-4f77-a577-a138cdea22b4" [C:\Program Files (x86)\Browsers Apps\90a6a590-0d41-4f77-a577-a138cdea22b4.exe]
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\c57b5d7b-2403-4341-b235-3e180f8171e4-1" [C:\Program Files (x86)\Browsers Apps\Browsers Apps-codedownloader.exe]
"C:\Windows\SysNative\tasks\c57b5d7b-2403-4341-b235-3e180f8171e4-2" [C:\Program Files (x86)\Browsers Apps\c57b5d7b-2403-4341-b235-3e180f8171e4-2.exe]
"C:\Windows\SysNative\tasks\c57b5d7b-2403-4341-b235-3e180f8171e4-7" [C:\Program Files (x86)\Browsers Apps\c57b5d7b-2403-4341-b235-3e180f8171e4-7.exe]
"C:\Windows\SysNative\tasks\Driver Support-RTMRules" [C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe]
"C:\Windows\SysNative\tasks\Driver Support-RTMScan" [C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe]
"C:\Windows\SysNative\tasks\Driver Support-RTMUpdater" [C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe]
"C:\Windows\SysNative\tasks\GlaryInitialize 5" [C:\Program Files (x86)\Glary Utilities 5\Initialize.exe]
"C:\Windows\SysNative\tasks\globalUpdateUpdateTaskMachineCore" [C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\globalUpdateUpdateTaskMachineUA" [C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GU5SkipUAC" [C:\Program Files (x86)\Glary Utilities 5\Integrator.exe]
"C:\Windows\SysNative\tasks\Idle~_~Crawler Runner" ["%LOCALAPPDATA%\Idle~_~Crawler\Idle~_~Crawler.exe"]
"C:\Windows\SysNative\tasks\LaunchSignup" [C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe]
"C:\Windows\SysNative\tasks\Optimizer Pro Schedule" ["C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe"]
"C:\Windows\SysNative\tasks\proXPN" ["C:\Program Files (x86)\proXPN\bin\proxpn.exe"]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"faststartff@gmail.com"="C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\c15ib0e9.default\extensions\faststartff@gmail.com" []
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{e4f94d1e-2f53-401e-8885-681602c0ddd8}"="C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi" [04/04/2014 11:36]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Hotspot Shield Extension - %AppDir%\browser\extensions\afproxy@anchorfree.com
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ddy1u3tr.default-1409772981256
4390CCD3790F8D9C427C0C29590C62D7 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash
C195AC4544729A69CFF30BB62F473054 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll - Shockwave for Director / Shockwave for Director
4C07B5286D129DFD25C24B4A31B9B888 - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll - Happy Cloud Plugin


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
bopakagnckmlgajfccecajhnimjiiedh - No path found[]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[12/08/2014 14:20]

cosstminn - Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\daghjgaeamaenkcfjbojfdiamlocmape
cosstminn - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\daghjgaeamaenkcfjbojfdiamlocmape
cosstminn - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\daghjgaeamaenkcfjbojfdiamlocmape
cosstminn - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\daghjgaeamaenkcfjbojfdiamlocmape
cosstminn - Administrator\AppData\Local\Torch\User Data\Default\Extensions\daghjgaeamaenkcfjbojfdiamlocmape
cosstminn - Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\daghjgaeamaenkcfjbojfdiamlocmape
cosstminn - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\daghjgaeamaenkcfjbojfdiamlocmape
cosstminn - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\daghjgaeamaenkcfjbojfdiamlocmape
cosstminn - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\daghjgaeamaenkcfjbojfdiamlocmape
cosstminn - Guest\AppData\Local\Torch\User Data\Default\Extensions\daghjgaeamaenkcfjbojfdiamlocmape
cosstminn - User\AppData\Local\Chromatic Browser\User Data\Default\Extensions\daghjgaeamaenkcfjbojfdiamlocmape
cosstminn - User\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\daghjgaeamaenkcfjbojfdiamlocmape
Google Drive - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Browse Safe - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaolfhobbbokdcmfiplbokkokobjgc
Google Search - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
cosstminn - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\daghjgaeamaenkcfjbojfdiamlocmape
Browsers Apps - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffhfoagmjcnkolneahbpagjcjjaeofbg
Google Wallet - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
cosstminn - User\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\daghjgaeamaenkcfjbojfdiamlocmape
cosstminn - User\AppData\Local\Torch\User Data\Default\Extensions\daghjgaeamaenkcfjbojfdiamlocmape

==== Chromium Startpages ======================

C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.istartsurf.com/?type=hp&...4u&uid=TOSHIBAXMK1237GSX_18HHFHY3SXX18HHFHY3S",
"startup_urls": [ "http://www.istartsurf.com/?type=hp&...4u&uid=TOSHIBAXMK1237GSX_18HHFHY3SXX18HHFHY3S" ],


==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?pc=AV01"
"Search Page"="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com"
"SearchAssistant"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{006ee092-9658-4fd6-bd8e-a21a348e59f5} Web Search Url="http://feed.helperbar.com/?p=mKO_Aw...XijciZDFPQdTCL2rcRQn2jxYepw,,&q={searchTerms}"
{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Trovi search Url="http://www.trovi.com/Results.aspx?g...-4B38-AEC3-02E205460DDE&q={searchTerms}&SSPV="
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} Microsoft (Bing) Url="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on 10/09/2014 at 22:01:11.37 ======================

 

[TwinHeadedEagle]

Hello,



They call me TwinHeadedEagle around here, and I'll be working with you.



Before we start please read and note the following:

• At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
• Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
• Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
• Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  
• All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
• If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
• I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
• Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  
• Please attach all report using
  
  button below. Doing this, you make it easier for me to analyze and fix your problem.
  
• Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

Fix with ZOEK

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:
  

  createsrpoint;
  Idle~_~Crawler;u
  istartsurf uninstall;u
  SaveRAuddon;u
  Yahoo Community Smartbar;u 
  Yahoo Community Smartbar Engine;u 
  autoclean;
  emptyalltemp;

• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

 

[LiamA]

Thank you for you help, the results are as follows.

Zoek.exe v5.0.0.0 Updated 10-September-2014
Tool run by User on 11/09/2014 at 16:48:41.99.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\User\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-09-10-210111.log 55756 bytes
C:\zoek-results2014-09-11-154151.log 32060 bytes

==== System Restore Info ======================

11/09/2014 16:50:23 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [12/08/2014 14:20]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{e4f94d1e-2f53-401e-8885-681602c0ddd8}"="C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi" [04/04/2014 11:36]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ddy1u3tr.default-1409772981256
4390CCD3790F8D9C427C0C29590C62D7 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash
C195AC4544729A69CFF30BB62F473054 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll - Shockwave for Director / Shockwave for Director
4C07B5286D129DFD25C24B4A31B9B888 - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll - Happy Cloud Plugin


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
bopakagnckmlgajfccecajhnimjiiedh - No path found[]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[12/08/2014 14:20]

Google Voice Search Hotword (Beta) - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn

==== Chromium Startpages ======================

C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences
":{"known_disabled":"72EBCB8EA89F52FE3098441A0A425AB665FCA55467A3C2F5ADDB47D4780F1447","settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"05836E187C3742918F4F63F4B8497690924C0E24B3D4AE456C1DF65D89E38924","apdfllckaahabafndbhieahigkjlhalf":"75A3B53824CBA377374284FE3731ED7DD792800B3A4395A15264FD5D90C6D695","bepbmhgboaologfdajaanbcjmnhjmhfn":"8523A790CB4E3352C4BD726C388BBA7B21702C26EF3CED72B5945B273D2D867F","blpcfgokakmgnkcojhhkbfbldkacnbeo":"C501EF5F0CB6F9A1060CAA36F71955E908FD3916D683774F342549510553200A","bnbaolfhobbbokdcmfiplbokkokobjgc":"7545DA0CD3726C617CAA9E953FA55B123E45B543AA76DDFC1170571FE74CB269","booedmolknjekdopkepjjeckmjkdpfgl":"19CD6282B7B366FEE78A872CA2389A5030A55432E4DFB7A4E8CB343E580781AC","bopakagnckmlgajfccecajhnimjiiedh":"A0FE9D5F17DC1DB72A7A6312F0851FA6E6362964BD966D1F6CD567FC193033BA","coobgpohoikkiipiblmjeljniedjpjpf":"55DA7C03DE6D5D7EF6790280CA29FB742C556210B5B56C6AD3C2140D67F84B43","daghjgaeamaenkcfjbojfdiamlocmape":"2030F3FADBAE4BF13A0947A5E272B3B8BCFB562C3B023EC81EED55C20CCCCF96","dnhpdliibojhegemfjheidglijccjfmc":"70241FAF05F02C2138566C7F2D0AAFB909C2F56A99FCB362819ACDC18AF52F54","eemcgdkfndhakfknompkggombfjjjeno":"5DAA9EB1FA71A41914FE362632CBDB36E71585396375FDA467F8E939265B1A10","ennkphjdgehloodpbhlhldgbnhmacadg":"C654CABB8DA9B2610B5C3B6447CE5806158553A691361C5515D88A3B70B80CDA","ffhfoagmjcnkolneahbpagjcjjaeofbg":"D75BB6623B4DA1A74A0F632E9B90BFAA5908A91F703D5312C00C61962B6ED5FD","flpcjncodpafbgdpnkljologafpionhb":"D8054206795B9BD5E762A567A058B20F610F44D25BA06151446DCCCAEC300AFA","gfdkimpbcpahaombhbimeihdjnejgicl":"1E917CC343047F0A4C15124574AFFA431FBF8F18F9F8216E1A9386963172B9EB","gomekmidlodglbbmalcneegieacbdmki":"317E12021A7F6730FABE9024DA446FB0F16763176CC56736F3F7F6C16F2A5974","impaepofmnammebeenafgmllpnjaiime":"5295BCFE7320B7895EDBBE196BD272A37FEB0C172C3FD15E29A5ACE5DF1AFDC8","kmendfapggjehodndflmmgagdbamhnfd":"D616EAF7B9F8B9BEE3C938E01EC275753D923C5E8AAE7DDFD81343F1F6B1ECA5","laemenhgkighepiafkfjmmpbocmeffjl":"56ED6678B43D5DE40282888D809080B1AF14FA8280441AEE9108A067B8BEEA32","mfehgcgbbipciphmccgaenjidiccnmng":"8BE4AF82A05BD261EC9C2784ACC2E5C159CA5DDEB40A1F75D1A4639CCEB0126F","mfffpogegjflfpflabcdkioaeobkgjik":"335FC71B19E7A1F116A8C81A137B9B31A74B5F2AB0DA625C34D799281E6EE2DF","mgndgikekgjfcpckkfioiadnlibdjbkf":"2EE0327F9B7B8814D106F803D1892A90392BD936B3FB4E9A2019DD2242626BCE","neajdppkdcdipfabeoofebfddakdcjhd":"842D1672701F8B18F8DFA0F9D6AE0A45356D981A468FDD46C9437A81634DC380","nkeimhogjdpnpccoofpliimaahmaaome":"ADF3183CF7CB3908E6C47C1AD15D75224CD7717B059ADAB75BF0636238188D32","nmmhkkegccagdldgiimedpiccmgmieda":"CDCEA882F0C1476C2D59BA032F947AAC1EA25DE4D473568A17AC9642380D5349","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"DDBE9355152B33829713ACA959F6BE249AF6BD83C2090B477D13931F1305E47F","pjkljhegncpnkpknbcohdijeoejaedia":"44DE05019D4B0F7421FD54FA1CDEA34E4C3A7D5E10C5229555E25DFB5ACF54B9"}},"google":{"services":{"last_username":"4588FD3458002F1638522C13A156E0F02DB9593B8DD13F1E51EFD72558AF987A"}},"homepage":"9A06C7613BBBB0024826A2D38E7C1CCC30B118A596642F5ADF3E4E9C66CEBE1D","homepage_is_newtabpage":"ACCEC6D2C6D303FE508202E094D35D2EAE8A255BF4571BE3306DD70C88C523FC","pinned_tabs":"B83FC1405B4104CA8AD41A044D705B10CC942B37CE1C923E95E5CB706EB5CFC6","prefs":{"preference_reset_time":"669EF1716CE9573E7B425C1726A0DD863A9FE77F8EEA505FA52D63556694290D"},"profile":{"reset_prompt_memento":"7EEEE547D11A8DF66E793686AF52CA7B0CAD258AE36093C99F807CA200E079B1"},"safebrowsing":{"incident_report_sent":"E2ACA7D4F0D9A368799A6CBE1688485E10AA956BF7EFCA8216B452F29F381442"},"search_provider_overrides":"AAFDEC98AB4FDB4CE1EB0F12C67792F7625F812F36A2D09780C9BB4F6A4651E7","session":{"restore_on_startup":"34CCCE703C9AC722F79A3EEC05B451B7863E89F677C94B6848CE2291EFBE7060","startup_urls":"DA5363B5ADE817F041F71D96AD57ACA03D45542F265934FAA05C0A4964567AF0"},"sync":{"remaining_rollback_tries":"B8548E18CCE5C0B522DBE2E4352DEE7A749BC2EC6ACB0E191E549F0F81BA655D"}}},"safebrowsing":{"enabled":false},"savefile":{"default_directory":"C:\\Users\\User\\Downloads"},"selectfile":{"last_directory":"C:\\Users\\User\\Pictures"},"session":{"restore_on_startup":4,"restore_on_startup_migrated":true,"startup_urls":["http://www.istartsurf.com/?type=hp&...4u&uid=TOSHIBAXMK1237GSX_18HHFHY3SXX18HHFHY3S"],"startup_urls_migration_time":"13047907879540913"},"sync":{"remaining_rollback_tries":0},"sync_promo":{"startup_count":3,"user_skipped":true},"translate_accepted_count":{"de":0,"nl":1},"translate_blocked_languages":["en"],"translate_denied_count":{"de":8,"nl":0},"translate_whitelists":{},"zerosuggest":{"cachedresults":""}}


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?pc=AV01"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?pc=AV01"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} Microsoft (Bing) Url="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Idle~_~Crawler deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\istartsurf uninstall deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{10A0E600-D246-BD63-F465-4C849C688998} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6818F6FB-6270-4DE8-9827-40E852111F2A} deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{c0ac12fb-52ab-498f-97b1-a71fd4774748} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\HotspotShield deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PepperZip deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\eDealsPop_is1 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\inethnfd deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\WindApp deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1 deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\BF6F818607268ED48972048E2511F1A2 deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\156TF0ME will be deleted at reboot
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3GLZFPJ will be deleted at reboot
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VF93Q83Y will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\c15ib0e9.default\Cache emptied successfully
C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\ddy1u3tr.default-1409772981256\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=629 folders=166 123085868 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\User\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\User\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~2\MyPC Backup\Database\mpcb_settings.db" not found
"C:\PROGRA~2\MyPC Backup" not found
"C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\156TF0ME" not found
"C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3GLZFPJ" not found
"C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VF93Q83Y" not found

==== EOF on 11/09/2014 at 17:38:54.45 ======================

 

[TwinHeadedEagle]

Very good
We need more scans:

Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Follow the prompts and click Scan.
• When finished, please click Clean.
• Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.

Please include the contents of that file in your reply.

Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.

• Install the progam and select update.
• Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
• Click the Scan tab, choose Threat Scan is checked and click Scan Now.
• If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
• Upon completion of the scan (or after the reboot), click the History tab.
• Click Application Logs and double-click the Scan Log.
• At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.




Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

[LiamA]

Once again thanks,

Order is as follows AdwCleaner, then MalwareBytes, then Farbar. The FRST and Addition file are attached.

# AdwCleaner v3.309 - Report created 11/09/2014 at 18:12:21
# Updated 02/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : User - USER-PC
# Running from : C:\Users\User\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\SAlesCHeccKer
Folder Deleted : C:\Program Files (x86)\Browse Safe
Folder Deleted : C:\Program Files (x86)\Browsers Apps
Folder Deleted : C:\Users\User\AppData\Local\Browse Safe
Folder Deleted : C:\Users\User\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\User\AppData\Local\Idle~_~Crawler
Folder Deleted : C:\Users\User\AppData\Local\torch
Folder Deleted : C:\Users\User\AppData\Roaming\InetStat
Folder Deleted : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browse Safe
Folder Deleted : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\istartsurf.xml

***** [ Scheduled Tasks ] *****

Task Deleted : Driver Support-RTMRules
Task Deleted : Driver Support-RTMScan
Task Deleted : Driver Support-RTMUpdater
Task Deleted : Idle~_~Crawler Runner
Task Deleted : LaunchSignup
Task Deleted : Optimizer Pro Schedule

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Classes\Applications\inetstat.exe
Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DesktopWeatherAlertsApp_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DesktopWeatherAlertsApp_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [eDealsPop]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Registry Helper]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\Classes\SaleussChecker.SaleussChecker
Key Deleted : HKLM\SOFTWARE\Classes\SaleussChecker.SaleussChecker.2.2
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2B47855E-B429-4DF6-8293-E1DBF2381A07}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8E56A02B-46FE-4490-B169-F16E5231533B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{79E887FC-00CE-2AE6-0B61-B3F7A601982F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655175587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666176687}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E56A02B-46FE-4490-B169-F16E5231533B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79E887FC-00CE-2AE6-0B61-B3F7A601982F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8E56A02B-46FE-4490-B169-F16E5231533B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{79E887FC-00CE-2AE6-0B61-B3F7A601982F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{79E887FC-00CE-2AE6-0B61-B3F7A601982F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655175587}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666176687}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79E887FC-00CE-2AE6-0B61-B3F7A601982F}
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKCU\Software\FreeSoftToday
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InetStat
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Nosibay
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\PepperZip
Key Deleted : HKCU\Software\Proxy
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Store
Key Deleted : HKCU\Software\SupHpUISoft
Key Deleted : HKCU\Software\ToggleMark
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Browsers Apps
Key Deleted : HKCU\Software\AppDataLow\Software\Re_Markit
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\AdvertisingSupport
Key Deleted : HKLM\SOFTWARE\Bench
Key Deleted : HKLM\SOFTWARE\Browsers Apps
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\hotspotshield
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\istartsurfSoftware
Key Deleted : HKLM\SOFTWARE\Registry Helper
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\supWPM
Key Deleted : HKLM\SOFTWARE\ToggleMark
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\Upt
Key Deleted : HKLM\SOFTWARE\Wajam
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browsers Apps
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CC17A332-9555-AD95-3985-0BDD9BF0EC71}
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\Upt
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ToggleMark
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ddy1u3tr.default-1409772981256\prefs.js ]


-\\ Google Chrome v37.0.2062.103

[ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://www.istartsurf.com/web/?type=ds&ts=1408030556&from=tt4u&uid=TOSHIBAXMK1237GSX_18HHFHY3SXX18HHFHY3S&q={searchTerms}
Deleted [Search Provider] : hxxp://www.istartsurf.com/web/?type=ds&ts=1408030556&from=tt4u&uid=TOSHIBAXMK1237GSX_18HHFHY3SXX18HHFHY3S&q={searchTerms}
Deleted [Startup_urls] : hxxp://www.istartsurf.com/?type=hp&ts=1408030556&from=tt4u&uid=TOSHIBAXMK1237GSX_18HHFHY3SXX18HHFHY3S
Deleted [Homepage] : hxxp://www.istartsurf.com/?type=hp&ts=1408030556&from=tt4u&uid=TOSHIBAXMK1237GSX_18HHFHY3SXX18HHFHY3S
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb

*************************

AdwCleaner[R0].txt - [15003 octets] - [11/09/2014 18:09:48]
AdwCleaner[S0].txt - [14304 octets] - [11/09/2014 18:12:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14365 octets] ##########







Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/09/2014
Scan Time: 18:22:11
Logfile: Malwarebytes file.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.11.06
Rootkit Database: v2014.09.10.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: User

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 333276
Time Elapsed: 19 min, 7 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 6
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, Quarantined, [9c6455976e0d2016b776d594a55fac54],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, Quarantined, [f90711db1e5d30068d9fd89157adc33d],
PUP.Optional.BrowseSafe.A, HKLM\SOFTWARE\WOW6432NODE\Browse Safe, Quarantined, [6b955696f18af3436a805ea562a1cc34],
PUP.Optional.FreeSoftToday.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\fst_gb_97_is1, Quarantined, [e41c0ce07b009a9c43ec1eea1ee50cf4],
PUP.Optional.BrowsersApp.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Browsers Apps, Quarantined, [d22e97554536fd3980ae07fcfb087c84],
PUP.Optional.FastStart.A, HKU\S-1-5-21-807559294-1489611633-1804961059-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS, Quarantined, [a55bad3fe893af875e29a853e71b6e92],

Registry Values: 2
PUP.Optional.FirstSeenToday.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fst_gb_97, "C:\Program Files (x86)\fst_gb_97\fst_gb_97.exe", Quarantined, [936d5399d8a3c571c96d8d8e0ef5c33d]
PUP.Optional.FastStart.A, HKU\S-1-5-21-807559294-1489611633-1804961059-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, Quarantined, [a55bad3fe893af875e29a853e71b6e92]

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\cosstminn, Quarantined, [43bd03e9661576c0bdf2d5133ac8c53b],

Files: 8
PUP.Optional.MultiPlug, C:\Program Files (x86)\cosstminn\VaQBR.dll, Quarantined, [68985597cbb075c18749cde76a9755ab],
PUP.Optional.Amonetize, C:\Users\Public\906C433CEBE8467FBAC8B9C0BA903E85\setup.exe, Quarantined, [0df39656b6c53afc24f5189ee71a41bf],
PUP.Optional.Amonetize, C:\Users\User\Downloads\3DS Emulator 1 0 3 Downloader__3687_i1110888427_il1760065.exe, Quarantined, [42bea3491c5f74c2a76a8429fa07629e],
PUP.Optional.Amonetize, C:\Users\User\Downloads\3DS Emulator 1 0 3 Downloader__3687_i1110890921_il1760291.exe, Quarantined, [38c848a499e271c566ab733aba479769],
PUP.Optional.iBryte, C:\Users\User\Downloads\java_setup (1).exe, Quarantined, [659b49a3a8d3092df0704c62c53c6898],
PUP.Optional.IBryte, C:\Users\User\Downloads\java_setup.exe, Quarantined, [49b77e6e84f790a6e3fc5a53ba478c74],
PUP.Optional.Amonetize, C:\Users\User\AppData\Local\7214\a22717.exe, Quarantined, [f40c9359c4b7f343a8d27c2a49b8b947],
PUP.Optional.SearchProtect, C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, Quarantined, [10f018d4fe7dc472161acf9a0ef6ed13],

Physical Sectors: 0
(No malicious items detected)


(end)

 

[TwinHeadedEagle]

Very good. We still need some work to do

Multiple Resident Protection warning!

Always have one (and no more than one!) AntiVirus program! In this case having more of them will not provide you with better protection - instead they may cause slowness, lock-ups and even mark another ones as harmful, leading to leave your system unstable and even damaged. Please choose only one from the listed below to stay with and uninstall the others:

• avast Free Antivirus
• Microsoft Security Essentials

Uninstallation procedure:

• Press the
  
  + R on your keyboard at the same time. Type appwiz.cpl and click OK.
• Search for each uninstalled entry, right-click it and select Uninstall.

This should be done until any other steps will be taken.

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

 

[LiamA]

I think this is the right one?

 

[TwinHeadedEagle]

You attached the same file like me. I need Fixlog.txt

 

[LiamA]

2nd time is the charm :/

 

[TwinHeadedEagle]

Okay, how is your PC now?

 

[LiamA]

It runs much faster, I still get the occasional pop ups on chrome (my most used browser however) and it keeps asking me to update Java which still destroy my current page.

 

[TwinHeadedEagle]

I must go to sleep, too tired to continue. Will respond tomorrow.

 

[TwinHeadedEagle]

Okay, let's scan again:

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

 

[LiamA]

Okay sorry for the later reply, school and all, anyway. The files are attached.

 

[TwinHeadedEagle]

It seems you didn't follow my advice about two antivirus products.


Please uninstall Driver Support program.

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

 

[LiamA]

Sorry, hopefully this is the right one.

 

[TwinHeadedEagle]

Very good, how is the situation now?

 

[LiamA]

I still have pop-ups on chrome, would you reckon ad-block would deal with that? My computer overall is much better though. Thanks for your help!

 

[TwinHeadedEagle]

Is it only in Chrome or in other browsers too? Try Adblock and let me know if it helped.

 

[LiamA]

I get a Network_Failed error whenever I try to download it.