1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Omega plus and pro pc cleaner

Discussion in 'Virus & Other Malware Removal' started by Tadrichards, Jan 31, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. Tadrichards

    Tadrichards Thread Starter

    Joined:
    Jan 31, 2015
    Messages:
    74
    How do I get rid of these?
     
  2. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Hello Tadrichards,

    Welcome to TSG.

    Please download Farbar Recovery Scan Tool from here and save it to your desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    • Right click to run as administrator. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called (FRST.txt) in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.
     
  3. Tadrichards

    Tadrichards Thread Starter

    Joined:
    Jan 31, 2015
    Messages:
    74
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
    Ran by Pat (administrator) on PATSSURFACE on 01-02-2015 18:20:00
    Running from C:\Users\Pat\Downloads
    Loaded Profiles: Pat (Available profiles: Pat & user)
    Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (SysTool PasSame LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
    (XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
    (Small Island Development) C:\ProgramData\MovieWizard\MovieWizardService.exe
    (HQ CinemaV31.01) C:\Program Files (x86)\HQ Cinemax 1.9cV31.01\16fc9b58-1d16-47ab-a480-b5afe6bac942-1-6.exe
    () C:\Users\Pat\AppData\Local\gmsd_mx_119\upgmsd_mx_119.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Spotify Ltd) C:\Users\Pat\AppData\Roaming\Spotify\spotify.exe
    () C:\Users\Pat\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    () C:\Users\Pat\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    () C:\Users\Pat\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    () C:\Users\Pat\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    () C:\Users\Pat\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    () C:\Program Files (x86)\MagnoPlayer\WBrowser.exe
    () C:\Program Files (x86)\gmsd_mx_119\gmsd_mx_119.exe
    (Dropbox, Inc.) C:\Users\Pat\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (TuneIn) C:\Program Files\WindowsApps\TuneIn.TuneInRadio_1.1.0.0_neutral__6bhtb546zcxnj\TuneIn.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
    (Pro PC Cleaner) C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe
    (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM-x32\...\RunOnce: [WSE_Taplika] => C:\windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\Pat\AppData\Roaming\WSE_Taplika\UpdateProc\bkup.dat"
    HKLM-x32\...\RunOnce: [upgmsd_mx_119.exe] => C:\Users\Pat\AppData\Local\gmsd_mx_119\upgmsd_mx_119.exe [3308224 2015-01-30] ()
    HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)
    HKU\S-1-5-21-379946212-1816574113-116217764-1001\...\Run: [Spotify] => C:\Users\Pat\AppData\Roaming\Spotify\spotify.exe [6737976 2014-12-27] (Spotify Ltd)
    Startup: C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
    ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
    HKU\S-1-5-21-379946212-1816574113-116217764-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL =
    SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
    SearchScopes: HKU\S-1-5-21-379946212-1816574113-116217764-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=HFS128G3AMNB-2200A_EIE5M000910505N4K&ts=1422744460&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-379946212-1816574113-116217764-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=HFS128G3AMNB-2200A_EIE5M000910505N4K&ts=1422744460&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-379946212-1816574113-116217764-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://taplika.com/results.php?f=4&q={searchTerms}&a=tpl_tuto4_15_05&cd=2XzuyEtN2Y1L1QzuyCtDtDtBzytByE0A0DtC0Czy0EyCyEtDtN0D0Tzu0StCtCtByCtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StAzytA0EtBtDtC0BtGtDyByEtCtGzztC0EyDtGzzyC0D0FtGyCtA0C0CyCyByBtDtA0F0CtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtAzytDzztDyE0FtGyDyDzytDtGyE0ByBtDtG0ByBtByBtGyDyB0FyCzz0BtD0F0AyCzzyD2Q&cr=1729811673&ir=
    SearchScopes: HKU\S-1-5-21-379946212-1816574113-116217764-1001 -> {589B893E-773C-4941-88C2-0DCC718E621C} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=HFS128G3AMNB-2200A_EIE5M000910505N4K&ts=1422744460&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-379946212-1816574113-116217764-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=HFS128G3AMNB-2200A_EIE5M000910505N4K&ts=1422744460&type=default&q={searchTerms}
    BHO: PRicceLess -> {10e76691-f971-4250-9273-8b6df967a538} -> C:\Program Files (x86)\PRicceLess\SYfI54hQzRMd0Q.x64.dll ()
    BHO: youtubeadblocker -> {4931498d-327f-4695-beeb-fb3a86c8d63b} -> C:\Program Files (x86)\youtubeadblocker\fH2kXQyLY57oW5.x64.dll No File
    BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
    BHO-x32: PRicceLess -> {10e76691-f971-4250-9273-8b6df967a538} -> C:\Program Files (x86)\PRicceLess\SYfI54hQzRMd0Q.dll ()
    BHO-x32: youtubeadblocker -> {4931498d-327f-4695-beeb-fb3a86c8d63b} -> C:\Program Files (x86)\youtubeadblocker\fH2kXQyLY57oW5.dll No File
    BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    Tcpip\Parameters: [DhcpNameServer] 192.168.3.1 192.168.3.1
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF ProfilePath: C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\4he4ll0d.default-1419047285107
    FF DefaultSearchEngine: Taplika
    FF SearchEngineOrder.1: Yahoo
    FF SearchEngineOrder.2:
    FF SelectedSearchEngine: Taplika
    FF Homepage: hxxp://taplika.com/?f=1&a=tpl_tuto4_15_05&cd=2XzuyEtN2Y1L1QzuyCtDtDtBzytByE0A0DtC0Czy0EyCyEtDtN0D0Tzu0StCtCtByCtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StAzytA0EtBtDtC0BtGtDyByEtCtGzztC0EyDtGzzyC0D0FtGyCtA0C0CyCyByBtDtA0F0CtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtAzytDzztDyE0FtGyDyDzytDtGyE0ByBtDtG0ByBtByBtGyDyB0FyCzz0BtD0F0AyCzzyD2Q&cr=1729811673&ir=
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
    FF SearchPlugin: C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\4he4ll0d.default-1419047285107\searchplugins\taplika.xml
    FF Extension: youtubeadblocker - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\4he4ll0d.default-1419047285107\Extensions\[email protected] [2015-01-31]
    FF Extension: PRicceLess - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\4he4ll0d.default-1419047285107\Extensions\[email protected] [2015-01-31]
    FF Extension: Zoom It - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\4he4ll0d.default-1419047285107\Extensions\{7e92bf29-b0bc-233d-e35b-afeed1aa31eb} [2015-01-31]
    FF Extension: Zoom It - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\4he4ll0d.default-1419047285107\Extensions\{83e02f0a-1694-3889-c714-122520abd078} [2015-01-31]
    StartMenuInternet: FIREFOX.EXE - firefox.exe

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 be0fb33b; c:\Program Files (x86)\Supporter\Supporter.dll [4214272 2015-01-31] () [File not signed]
    R3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)
    R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
    R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
    R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
    R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-05-08] (Microsoft Corporation)
    R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24568 2013-10-07] (Intel Corporation)
    R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-10-07] (Intel Corporation)
    R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [129752 2015-01-31] (Malwarebytes Corporation)
    R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2014-01-31] (Intel Corporation)
    R3 mrvlpcie8897; C:\Windows\system32\DRIVERS\mrvlpcie8897.sys [1002496 2014-12-24] (Marvell Semiconductors Inc.)
    U0 rrvvv; C:\Windows\System32\drivers\roixlcg.sys [79064 2015-01-31] (Malwarebytes Corporation)
    R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
    R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
    R3 SurfaceAccessoryDevice; C:\Windows\System32\drivers\SurfaceAccessoryDevice.sys [51856 2014-05-30] (Microsoft Corporation)
    R3 SurfaceCapacitiveHomeButton; C:\Windows\System32\drivers\SurfaceCapacitiveHomeButton.sys [44152 2014-11-27] (Microsoft Corporation)
    R3 SurfaceDisplayCalibration; C:\Windows\System32\drivers\SurfaceDisplayCalibration.sys [41616 2014-05-02] (Microsoft Corporation)
    R3 SurfaceIntegrationDriver; C:\Windows\System32\drivers\SurfaceIntegrationDriver.sys [49776 2014-12-09] (Microsoft Corporation)
    R0 SurfacePciController; C:\Windows\System32\drivers\SurfacePciController.sys [35440 2014-10-08] (Microsoft Corporation)
    R3 SurfacePenDriver; C:\Windows\system32\DRIVERS\SurfacePenDriver.sys [66672 2014-10-25] (Microsoft Corporation)
    S3 SurfaceTouchCover; C:\Windows\System32\drivers\SurfaceTouchCover.sys [35976 2014-04-14] (Microsoft Corporation)
    S3 SurfaceTypeCover; C:\Windows\System32\drivers\SurfaceTypeCover.sys [35984 2014-03-18] (Microsoft Corporation)
    R3 TrueColor; C:\Windows\system32\DRIVERS\TrueColor.sys [35952 2014-07-07] ()
    R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
    R3 WiFiClass; C:\Windows\system32\DRIVERS\wificlass.sys [411648 2014-12-24] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-01 18:20 - 2015-02-01 18:20 - 00013842 _____ () C:\Users\Pat\Downloads\FRST.txt
    2015-02-01 18:19 - 2015-02-01 18:20 - 00000000 ____D () C:\FRST
    2015-02-01 18:18 - 2015-02-01 18:18 - 02131456 _____ (Farbar) C:\Users\Pat\Downloads\FRST64.exe
    2015-02-01 18:16 - 2015-02-01 18:16 - 00000580 _____ () C:\windows\setupact.log
    2015-02-01 18:16 - 2015-02-01 18:16 - 00000000 _____ () C:\windows\setuperr.log
    2015-01-31 21:34 - 2015-02-01 18:19 - 00219504 _____ () C:\windows\WindowsUpdate.log
    2015-01-31 19:11 - 2015-01-31 19:11 - 00079064 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\roixlcg.sys
    2015-01-31 19:11 - 2015-01-31 19:11 - 00000000 ____D () C:\Users\Pat\AppData\Local\MovieWizard
    2015-01-31 19:11 - 2015-01-31 19:11 - 00000000 ____D () C:\MovieWizard
    2015-01-31 19:10 - 2015-01-31 19:10 - 00000000 ____D () C:\Program Files (x86)\Supporter
    2015-01-31 19:09 - 2015-01-31 19:09 - 00000000 ____D () C:\Program Files (x86)\Tamriel Maps
    2015-01-31 19:08 - 2015-01-31 19:08 - 00000000 ____D () C:\ProgramData\7126542232522465554
    2015-01-31 19:08 - 2015-01-31 19:08 - 00000000 ____D () C:\Program Files (x86)\PRicceLess
    2015-01-31 16:53 - 2015-02-01 18:17 - 00000000 ____D () C:\Users\Pat\Documents\ProPCCleaner
    2015-01-31 16:53 - 2015-02-01 18:16 - 00003462 _____ () C:\windows\System32\Tasks\ProPCCleaner_Popup
    2015-01-31 16:53 - 2015-01-31 16:53 - 00003198 _____ () C:\windows\System32\Tasks\ProPCCleaner_Start
    2015-01-31 16:53 - 2015-01-31 16:53 - 00000000 ____D () C:\Users\Pat\AppData\Local\Pro_PC_Cleaner
    2015-01-31 16:52 - 2015-01-31 16:52 - 00000937 _____ () C:\Users\Public\Desktop\Pro PC Cleaner.lnk
    2015-01-31 16:52 - 2015-01-31 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pro PC Cleaner
    2015-01-31 16:52 - 2015-01-31 16:52 - 00000000 ____D () C:\Program Files\Reference Assemblies
    2015-01-31 16:52 - 2015-01-31 16:52 - 00000000 ____D () C:\Program Files\MSBuild
    2015-01-31 16:52 - 2015-01-31 16:52 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
    2015-01-31 16:52 - 2015-01-31 16:52 - 00000000 ____D () C:\Program Files (x86)\Pro PC Cleaner
    2015-01-31 16:52 - 2015-01-31 16:52 - 00000000 ____D () C:\Program Files (x86)\MSBuild
    2015-01-31 16:49 - 2013-08-02 22:48 - 01166520 _____ (Microsoft Corporation) C:\windows\system32\PresentationNative_v0300.dll
    2015-01-31 16:49 - 2013-08-02 22:48 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-01-31 16:49 - 2013-08-02 22:48 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
    2015-01-31 16:49 - 2013-08-02 22:41 - 00778936 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationNative_v0300.dll
    2015-01-31 16:49 - 2013-08-02 22:41 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2015-01-31 16:49 - 2013-08-02 22:41 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
    2015-01-31 16:48 - 2015-01-31 19:11 - 00000000 ____D () C:\Users\Pat\AppData\Local\com
    2015-01-31 16:48 - 2015-01-31 16:48 - 00004016 _____ () C:\windows\System32\Tasks\LaunchSignup
    2015-01-31 16:48 - 2015-01-31 16:48 - 00001988 _____ () C:\Users\Pat\Desktop\Sync Folder.lnk
    2015-01-31 16:47 - 2015-02-01 02:42 - 00001350 _____ () C:\windows\Tasks\XJJN.job
    2015-01-31 16:47 - 2015-01-31 19:11 - 00000000 ____D () C:\Program Files (x86)\MagnoPlayer
    2015-01-31 16:47 - 2015-01-31 19:10 - 00000000 ____D () C:\ProgramData\MovieWizard
    2015-01-31 16:47 - 2015-01-31 19:10 - 00000000 ____D () C:\Program Files (x86)\XTab
    2015-01-31 16:47 - 2015-01-31 16:47 - 00004710 _____ () C:\windows\System32\Tasks\MWHROGA
    2015-01-31 16:47 - 2015-01-31 16:47 - 00004358 _____ () C:\windows\System32\Tasks\XJJN
    2015-01-31 16:46 - 2015-01-31 19:10 - 00000000 ____D () C:\Users\Pat\AppData\Local\gmsd_mx_119
    2015-01-31 16:46 - 2015-01-31 19:10 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
    2015-01-31 16:46 - 2015-01-31 19:10 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
    2015-01-31 16:46 - 2015-01-31 19:10 - 00000000 ____D () C:\Program Files (x86)\HQ Cinemax 1.9cV31.01
    2015-01-31 16:46 - 2015-01-31 19:10 - 00000000 ____D () C:\Program Files (x86)\gmsd_mx_119
    2015-01-31 16:46 - 2015-01-31 19:10 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
    2015-01-31 16:46 - 2015-01-31 19:02 - 00001700 _____ () C:\windows\Tasks\MWHROGA.job
    2015-01-31 16:46 - 2015-01-31 16:46 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\Pro PC Cleaner
    2015-01-31 16:46 - 2015-01-31 16:46 - 00000000 ____D () C:\Users\Pat\AppData\Local\globalUpdate
    2015-01-29 21:46 - 2015-01-29 21:29 - 00264010 _____ () C:\Users\Pat\Documents\Prestige%20book%201.doc_0.odt
    2015-01-29 11:56 - 2015-01-29 11:56 - 00013824 ___SH () C:\Users\Pat\Documents\Thumbs.db
    2015-01-26 14:26 - 2015-01-26 14:26 - 00000000 ____D () C:\Users\Public\Documents\sun
    2015-01-26 13:34 - 2015-01-26 13:34 - 00001047 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
    2015-01-26 13:34 - 2015-01-26 13:34 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
    2015-01-26 13:15 - 2015-01-26 13:15 - 00000000 ____D () C:\Users\Pat\Desktop\OpenOffice 4.1.1 (en-US) Installation Files
    2015-01-26 10:45 - 2015-01-26 10:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-01-25 10:12 - 2015-01-25 10:12 - 00002086 _____ () C:\Users\Pat\AppData\Roaming\XJJN
    2015-01-25 10:12 - 2015-01-25 10:12 - 00001248 _____ () C:\Users\Pat\AppData\Roaming\MWHROGA
    2015-01-24 15:25 - 2015-01-24 15:04 - 00014540 _____ () C:\Users\Pat\Documents\DODGE%20CITY.docx_0.odt
    2015-01-22 11:23 - 2015-01-22 11:24 - 00009758 _____ () C:\Users\Pat\Downloads\standardpaperback.1-200.ott
    2015-01-22 11:23 - 2015-01-22 11:23 - 00168995 _____ () C:\Users\Pat\Downloads\a5cover.otg
    2015-01-20 18:23 - 2015-01-20 17:35 - 00041156 _____ () C:\Users\Pat\Documents\Meet%20the%20real%20'Golden%20Girls'.htm_0.odt
    2015-01-16 01:22 - 2014-11-26 10:38 - 24201368 _____ (Intel Corporation) C:\windows\system32\igdumdim64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 05943072 _____ (Intel Corporation) C:\windows\system32\igdusc64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 04679768 _____ (Intel Corporation) C:\windows\SysWOW64\igdusc32.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 02945472 _____ (Intel Corporation) C:\windows\system32\IntelWiDiVAD64.exe
    2015-01-16 01:22 - 2014-11-26 10:38 - 02776408 _____ (Intel Corporation) C:\windows\system32\IntelWiDiAAC64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 01512568 _____ (Intel Corporation) C:\windows\system32\IntelWiDiSecureSourceFilter64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 01402296 _____ (Intel Corporation) C:\windows\system32\iglhsip64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 01399200 _____ (Intel Corporation) C:\windows\SysWOW64\iglhsip32.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 01365504 _____ (Intel Corporation) C:\windows\system32\igfxcmjit64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 01061376 _____ (Intel Corporation) C:\windows\SysWOW64\igfxcmjit32.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00978040 _____ (Intel Corporation) C:\windows\system32\IntelWiDiWinNextAgent64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00734720 _____ (Intel Corporation) C:\windows\system32\MetroIntelGenericUIFramework.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00671352 _____ (Intel Corporation) C:\windows\system32\IntelWiDiAudioFilter64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00615544 _____ (Intel Corporation) C:\windows\system32\IntelWiDiMux64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00472976 _____ (Intel Corporation) C:\windows\system32\IntelWiDiUMS64.exe
    2015-01-16 01:22 - 2014-11-26 10:38 - 00457616 _____ () C:\windows\system32\igfxTray.exe
    2015-01-16 01:22 - 2014-11-26 10:38 - 00372224 _____ (Intel Corporation) C:\windows\system32\IntelOpenCL64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00354136 _____ (Intel Corporation) C:\windows\system32\IntelWiDiSilenceFilter64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00304128 _____ (Intel Corporation) C:\windows\SysWOW64\IntelOpenCL32.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00279952 _____ (Intel Corporation) C:\windows\SysWOW64\IntelCpHeciSvc.exe
    2015-01-16 01:22 - 2014-11-26 10:38 - 00266072 _____ (Intel Corporation) C:\windows\system32\IntelWiDiUtils64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00254976 _____ () C:\windows\system32\igfxCPL.cpl
    2015-01-16 01:22 - 2014-11-26 10:38 - 00220392 _____ (Intel Corporation) C:\windows\system32\iglhcp64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00207872 _____ (Intel Corporation) C:\windows\system32\igfx11cmrt64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00207496 _____ (Intel Corporation) C:\windows\system32\igfxcmrt64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00196728 _____ (Intel Corporation) C:\windows\system32\IntelWiDiDDEAgent64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00195984 _____ (Intel Corporation) C:\windows\system32\igfxext.exe
    2015-01-16 01:22 - 2014-11-26 10:38 - 00184312 _____ (Intel Corporation) C:\windows\SysWOW64\iglhcp32.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00183296 _____ (Intel Corporation) C:\windows\system32\igfxCoIn_v4029.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00175104 _____ (Intel Corporation) C:\windows\SysWOW64\igfx11cmrt32.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00175024 _____ (Intel Corporation) C:\windows\SysWOW64\igfxcmrt32.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00135000 _____ (Intel Corporation) C:\windows\system32\IntelWiDiMCUMD64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00127320 _____ (Intel Corporation) C:\windows\system32\IntelWiDiLogServer64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00082432 _____ (Khronos Group) C:\windows\system32\Intel_OpenCL_ICD64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00074240 _____ (Khronos Group) C:\windows\SysWOW64\Intel_OpenCL_ICD32.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00031408 _____ (Intel Corporation) C:\windows\system32\igfxexps.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00030720 _____ (Intel Corporation) C:\windows\SysWOW64\igfxexps32.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00004016 _____ () C:\windows\system32\iglhxs64.vp
    2015-01-16 01:22 - 2014-11-26 10:37 - 25175552 _____ (Intel Corporation) C:\windows\system32\igdfcl64.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 23401576 _____ (Intel Corporation) C:\windows\SysWOW64\igdumdim32.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 20049408 _____ (Intel Corporation) C:\windows\SysWOW64\igdfcl32.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 17170624 _____ () C:\windows\system32\igd11dxva64.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 16698848 _____ () C:\windows\SysWOW64\igd11dxva32.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 12003840 _____ (Intel Corporation) C:\windows\system32\igdrcl64.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 11512320 _____ (Intel Corporation) C:\windows\SysWOW64\igdrcl32.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 09155072 _____ (Intel Corporation) C:\windows\system32\ig75icd64.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 07654408 _____ (Intel Corporation) C:\windows\system32\igd10iumd64.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 07232512 _____ (Intel Corporation) C:\windows\SysWOW64\ig75icd32.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 06956056 _____ (Intel Corporation) C:\windows\SysWOW64\igd10iumd32.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 04763064 _____ (Intel Corporation) C:\windows\system32\Drivers\igdkmd64.sys
    2015-01-16 01:22 - 2014-11-26 10:37 - 00637000 _____ (Intel Corporation) C:\windows\system32\igdmd64.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 00515960 _____ (Intel Corporation) C:\windows\SysWOW64\igdmd32.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 00418704 _____ (Intel Corporation) C:\windows\system32\GfxUIEx.exe
    2015-01-16 01:22 - 2014-11-26 10:37 - 00397824 _____ (Intel Corporation) C:\windows\system32\igdbcl64.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 00350208 _____ (Intel Corporation) C:\windows\SysWOW64\igdbcl32.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 00227328 _____ () C:\windows\system32\igdde64.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 00187392 _____ () C:\windows\SysWOW64\igdde32.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 00169984 _____ (Intel Corporation) C:\windows\system32\igdail64.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 00155536 _____ (Intel Corporation) C:\windows\system32\difx64.exe
    2015-01-16 01:22 - 2014-11-26 10:37 - 00151552 _____ (Intel Corporation) C:\windows\SysWOW64\igdail32.dll
    2015-01-14 18:03 - 2015-01-26 13:15 - 140852175 _____ () C:\Users\Pat\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-US.exe
    2015-01-13 15:47 - 2014-12-19 00:26 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
    2015-01-13 15:47 - 2014-12-11 20:04 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
    2015-01-13 15:47 - 2014-12-11 18:51 - 00075776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ahcache.sys
    2015-01-13 15:47 - 2014-12-08 19:50 - 00225280 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
    2015-01-13 15:47 - 2014-12-08 13:42 - 00535640 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
    2015-01-13 15:47 - 2014-12-08 13:42 - 00531616 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
    2015-01-13 15:47 - 2014-12-08 13:42 - 00448792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
    2015-01-13 15:47 - 2014-12-08 13:42 - 00413248 _____ (Microsoft Corporation) C:\windows\system32\Faultrep.dll
    2015-01-13 15:47 - 2014-12-08 13:42 - 00372408 _____ (Microsoft Corporation) C:\windows\SysWOW64\Faultrep.dll
    2015-01-13 15:47 - 2014-12-08 13:42 - 00108944 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
    2015-01-13 15:47 - 2014-12-08 13:42 - 00038264 _____ (Microsoft Corporation) C:\windows\system32\WerFaultSecure.exe
    2015-01-13 15:47 - 2014-12-08 13:42 - 00033584 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFaultSecure.exe
    2015-01-13 15:47 - 2014-12-05 21:17 - 00360448 _____ (Microsoft Corporation) C:\windows\system32\ncsi.dll
    2015-01-13 15:47 - 2014-12-05 19:41 - 00391680 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
    2015-01-13 15:47 - 2014-12-05 19:35 - 00229888 _____ (Microsoft Corporation) C:\windows\system32\AudioEndpointBuilder.dll
    2015-01-13 15:47 - 2014-10-28 22:00 - 00465320 _____ (Microsoft Corporation) C:\windows\system32\WerFault.exe
    2015-01-13 15:47 - 2014-10-28 22:00 - 00139984 _____ (Microsoft Corporation) C:\windows\system32\wermgr.exe
    2015-01-13 15:47 - 2014-10-28 21:52 - 00500016 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
    2015-01-13 15:47 - 2014-10-28 21:52 - 00482872 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
    2015-01-13 15:47 - 2014-10-28 21:52 - 00394120 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
    2015-01-13 15:47 - 2014-10-28 21:52 - 00272248 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
    2015-01-13 15:47 - 2014-10-28 21:12 - 00413136 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFault.exe
    2015-01-13 15:47 - 2014-10-28 21:12 - 00136296 _____ (Microsoft Corporation) C:\windows\SysWOW64\wermgr.exe
    2015-01-13 15:47 - 2014-10-28 21:07 - 00424544 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
    2015-01-13 15:47 - 2014-10-28 21:07 - 00370424 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
    2015-01-13 15:47 - 2014-10-28 21:07 - 00344536 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
    2015-01-13 15:47 - 2014-10-28 20:44 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\werdiagcontroller.dll
    2015-01-13 15:47 - 2014-10-28 19:59 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\werdiagcontroller.dll
    2015-01-13 15:47 - 2014-10-28 19:24 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\nlaapi.dll
    2015-01-13 15:47 - 2014-10-28 19:02 - 00911360 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
    2015-01-13 15:47 - 2014-10-28 19:01 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
    2015-01-12 21:42 - 2015-01-12 21:57 - 05606532 _____ () C:\Users\Pat\Downloads\FBFR291FCGMC3.EXE
    2015-01-12 15:26 - 2015-01-12 15:28 - 25667443 _____ () C:\Users\Pat\Downloads\WINS 1010 AM Rock N Roll Party - Alan Freed - February 12, 1955.wma
    2015-01-09 15:56 - 2015-01-31 21:13 - 00000000 ____D () C:\windows\Minidump
    2015-01-08 14:14 - 2015-01-08 14:14 - 00000000 __SHD () C:\Users\Pat\AppData\Local\EmieBrowserModeList
    2015-01-06 13:38 - 2015-01-06 13:38 - 00000000 ____D () C:\windows\system32\appraiser
    2015-01-04 18:17 - 2015-01-04 18:17 - 00000760 _____ () C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DMB11.lnk
    2015-01-02 04:44 - 2015-01-02 04:45 - 13087456 _____ (Microsoft Corporation) C:\Users\Pat\Downloads\Silverlight_x64.exe

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-01 18:19 - 2013-08-22 09:20 - 00000000 ____D () C:\windows\CbsTemp
    2015-02-01 18:18 - 2014-05-08 21:06 - 00863592 _____ () C:\windows\system32\PerfStringBackup.INI
    2015-02-01 18:16 - 2014-12-27 18:50 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\Spotify
    2015-02-01 18:16 - 2014-07-31 12:16 - 00003930 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{3FA79BC0-5A37-4057-BA9D-58061432AEC0}
    2015-02-01 18:16 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\sru
    2015-02-01 02:35 - 2014-08-01 07:23 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
    2015-01-31 20:14 - 2014-07-31 12:17 - 00003596 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-379946212-1816574113-116217764-1001
    2015-01-31 19:05 - 2014-12-26 10:47 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2015-01-31 19:02 - 2014-12-20 15:40 - 00000000 ___RD () C:\Users\Pat\Dropbox
    2015-01-31 19:02 - 2014-12-19 22:24 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\Dropbox
    2015-01-31 19:02 - 2014-07-31 12:14 - 00000000 ___DO () C:\Users\Pat\OneDrive
    2015-01-31 16:45 - 2014-07-31 12:20 - 00001386 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2015-01-31 16:45 - 2014-07-31 12:20 - 00001374 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2015-01-31 16:45 - 2014-07-31 12:12 - 00001669 _____ () C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2015-01-31 14:44 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\NDF
    2015-01-30 19:49 - 2014-12-27 18:51 - 00000000 ____D () C:\Users\Pat\AppData\Local\Spotify
    2015-01-30 17:24 - 2014-12-31 09:54 - 00000000 ____D () C:\dmb11
    2015-01-29 21:43 - 2014-07-31 12:12 - 00000000 ____D () C:\Users\Pat
    2015-01-29 11:56 - 2014-07-31 12:36 - 00225280 ___SH () C:\Users\Pat\Downloads\Thumbs.db
    2015-01-28 17:33 - 2013-08-22 08:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2015-01-28 17:33 - 2013-08-22 08:44 - 00363064 _____ () C:\windows\system32\FNTCACHE.DAT
    2015-01-27 10:19 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\AppReadiness
    2015-01-26 13:36 - 2014-07-31 12:12 - 00000000 ____D () C:\Users\Pat\AppData\Local\Packages
    2015-01-26 13:34 - 2014-12-20 16:45 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
    2015-01-26 13:33 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
    2015-01-26 13:31 - 2014-07-31 12:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-01-26 13:31 - 2013-08-22 07:25 - 00524288 ___SH () C:\windows\system32\config\BBI
    2015-01-24 14:35 - 2014-08-01 07:23 - 00003718 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
    2015-01-24 14:20 - 2013-08-22 09:38 - 00714720 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2015-01-24 14:20 - 2013-08-22 09:38 - 00106976 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-01-16 01:23 - 2014-05-08 20:43 - 00000000 ____D () C:\windows\Firmware
    2015-01-13 16:11 - 2014-08-08 05:46 - 00000000 ____D () C:\windows\system32\MRT
    2015-01-13 16:09 - 2014-08-08 05:46 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2015-01-07 10:16 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\rescache
    2015-01-06 13:38 - 2014-08-08 05:44 - 00000000 ___SD () C:\windows\system32\CompatTel
    2015-01-06 13:38 - 2013-08-22 13:11 - 00000000 ____D () C:\Program Files\Windows Journal
    2015-01-06 13:38 - 2013-08-22 09:36 - 00000000 ___RD () C:\windows\ToastData
    2015-01-06 13:38 - 2013-08-22 09:36 - 00000000 ___RD () C:\windows\ImmersiveControlPanel
    2015-01-06 13:38 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2015-01-06 13:38 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2015-01-06 13:38 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2015-01-06 13:38 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2015-01-06 13:38 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\SysWOW64\setup
    2015-01-06 13:38 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\SysWOW64\InputMethod
    2015-01-06 13:38 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\setup
    2015-01-06 13:38 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\PolicyDefinitions
    2015-01-06 13:38 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\Windows Defender
    2015-01-06 13:38 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
    2015-01-06 13:38 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\system32\oobe

    ==================== Files in the root of some directories =======

    2015-01-25 10:12 - 2015-01-25 10:12 - 0001248 _____ () C:\Users\Pat\AppData\Roaming\MWHROGA
    2015-01-25 10:12 - 2015-01-25 10:12 - 0002086 _____ () C:\Users\Pat\AppData\Roaming\XJJN
    2014-05-08 20:58 - 2014-05-08 20:58 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

    Some content of TEMP:
    ====================
    C:\Users\Pat\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5pnldr.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-01-26 03:11

    ==================== End Of Log ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
    Ran by Pat at 2015-02-01 18:20:23
    Running from C:\Users\Pat\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip (HKLM-x32\...\7-Zip 9.2.0) (Version: 9.2.0 - 7-Zip)
    7-Zip (Version: 9.2.0 - 7-Zip) Hidden
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
    CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
    Diamond Mind Baseball version 11 (HKLM-x32\...\Diamond Mind Baseball version 11) (Version: 11 - Diamond Mind, Inc.)
    DMB Encyclopedia version 11 (HKLM-x32\...\DMB Encyclopedia version 11) (Version: 11 - Diamond Mind, Inc.)
    Dropbox (HKU\S-1-5-21-379946212-1816574113-116217764-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
    Evernote v. 5.8.1 (HKLM-x32\...\{4FD2D1C8-8636-11E4-9D21-00163E98E7D6}) (Version: 5.8.1.6061 - Evernote Corp.)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
    OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
    Paint XP version 1.4 (HKLM-x32\...\{2367FAB6-055A-4923-835F-F57F7BBBA363}_is1) (Version: 1.4 - MSPAINTXP.COM)
    paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
    PRicceLess (HKLM-x32\...\{75F9BF4A-AF67-A478-A37B-31D73186D3F3}) (Version: - )
    Pro PC Cleaner (HKLM-x32\...\{C3060724-6AC7-4BEF-B516-4F6B1D90887D}) (Version: 2.5.5 - Pro PC Cleaner)
    Spotify (HKU\S-1-5-21-379946212-1816574113-116217764-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
    Support PL 1.1 (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{be0fb33b}) (Version: - riceLes) <==== ATTENTION
    Tamriel Maps (HKLM-x32\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version: - ) <==== ATTENTION
    TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-379946212-1816574113-116217764-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-379946212-1816574113-116217764-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-379946212-1816574113-116217764-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-379946212-1816574113-116217764-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-379946212-1816574113-116217764-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-379946212-1816574113-116217764-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-379946212-1816574113-116217764-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-379946212-1816574113-116217764-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-379946212-1816574113-116217764-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

    ==================== Restore Points =========================

    23-01-2015 02:49:36 Windows Update
    26-01-2015 13:16:45 Installed OpenOffice 4.1.1
    31-01-2015 16:46:45 Windows Modules Installer

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {07800508-AF0B-40D8-A5D7-1347D9143066} - System32\Tasks\XJJN => C:\Users\Pat\AppData\Roaming\XJJN.exe <==== ATTENTION
    Task: {6480CFC2-87B3-421E-AFC5-6982B12A1724} - System32\Tasks\MWHROGA => C:\Users\Pat\AppData\Roaming\MWHROGA.exe <==== ATTENTION
    Task: {96E68DBE-5803-4759-B660-237D8013BA6A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
    Task: {A2C5D3B1-41CD-4EFC-9DD0-6C4F098C13D6} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Pat) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
    Task: {B44D9972-74E5-4E41-9C32-881499510E78} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
    Task: {C4ED0877-F3E8-4670-8E13-DF0F58230967} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe [2014-08-21] (Pro PC Cleaner)
    Task: {F585ABA9-29D7-494A-98E7-CBF44F4985AA} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-24] (Adobe Systems Incorporated)
    Task: {F5EE3547-C3BC-472A-913C-D4E0B9B2EC14} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-01-13] (Microsoft Corporation)
    Task: {FB23E3FB-9B04-4963-8744-4E2849609190} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe [2014-08-21] ()
    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\windows\Tasks\MWHROGA.job => C:\Users\Pat\AppData\Roaming\MWHROGA.exe <==== ATTENTION
    Task: C:\windows\Tasks\SlimCleaner Plus (Scheduled Scan - Pat).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
    Task: C:\windows\Tasks\XJJN.job => C:\Users\Pat\AppData\Roaming\XJJN.exe <==== ATTENTION

    ==================== Loaded Modules (whitelisted) =============

    2015-01-31 16:46 - 2015-01-30 13:10 - 03308224 _____ () C:\Users\Pat\AppData\Local\gmsd_mx_119\upgmsd_mx_119.exe
    2014-12-27 18:50 - 2014-12-27 18:50 - 00374840 _____ () C:\Users\Pat\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    2015-01-29 05:43 - 2015-01-29 05:43 - 00134656 _____ () C:\Program Files (x86)\MagnoPlayer\WBrowser.exe
    2015-01-31 16:46 - 2015-01-30 13:10 - 03977064 _____ () C:\Program Files (x86)\gmsd_mx_119\gmsd_mx_119.exe
    2015-01-31 16:48 - 2014-11-25 13:37 - 00012800 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll
    2014-12-27 12:01 - 2014-12-27 12:02 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
    2014-07-14 00:41 - 2014-07-14 00:41 - 00008704 _____ () C:\Program Files (x86)\Pro PC Cleaner\Logging.dll
    2014-07-14 00:41 - 2014-07-14 00:41 - 00058880 _____ () C:\Program Files (x86)\Pro PC Cleaner\Helper.dll
    2014-07-14 00:41 - 2014-07-14 00:41 - 00076288 _____ () C:\Program Files (x86)\Pro PC Cleaner\Setup.dll
    2014-08-21 17:29 - 2014-08-21 17:29 - 00007680 _____ () C:\Program Files (x86)\Pro PC Cleaner\bo.dll
    2014-12-27 18:50 - 2014-12-27 18:50 - 36966968 _____ () C:\Users\Pat\AppData\Roaming\Spotify\Data\libcef.dll
    2014-12-27 18:50 - 2014-12-27 18:50 - 00867896 _____ () C:\Users\Pat\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
    2014-12-27 18:50 - 2014-12-27 18:50 - 00886840 _____ () C:\Users\Pat\AppData\Roaming\Spotify\Data\libglesv2.dll
    2014-12-27 18:50 - 2014-12-27 18:50 - 00108600 _____ () C:\Users\Pat\AppData\Roaming\Spotify\Data\libegl.dll
    2014-12-19 22:26 - 2014-10-21 18:22 - 00750080 _____ () C:\Users\Pat\AppData\Roaming\Dropbox\bin\libGLESv2.dll
    2015-01-31 19:02 - 2015-01-31 19:02 - 00043008 ____N () c:\users\pat\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5pnldr.dll
    2014-12-19 22:26 - 2014-10-21 18:22 - 00047616 _____ () C:\Users\Pat\AppData\Roaming\Dropbox\bin\libEGL.dll
    2014-12-19 22:26 - 2014-10-21 18:22 - 00863744 _____ () C:\Users\Pat\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
    2014-12-19 22:26 - 2014-10-21 18:22 - 00200704 _____ () C:\Users\Pat\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
    2014-12-17 14:11 - 2014-12-17 14:11 - 00439304 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
    2014-12-17 14:11 - 2014-12-17 14:11 - 00321032 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
    2015-01-31 19:10 - 2015-01-31 19:10 - 04214272 _____ () c:\Program Files (x86)\Supporter\Supporter.dll
    2015-01-18 03:17 - 2015-01-18 03:17 - 03530752 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\90a4331ab5b5bb3ead23d75d4349a491\Windows.UI.Xaml.ni.dll
    2015-01-22 15:32 - 2015-01-22 15:32 - 00079360 _____ () C:\Users\Pat\AppData\Local\Packages\tunein.tuneinradio_6bhtb546zcxnj\AC\Microsoft\CLR_v4.0_32\NativeImages\nVentive.Um114fe9fe#\3270c71a4d19618e0a5150a66bd58176\nVentive.Umbrella.Services.Contract.WinRT.ni.dll
    2015-01-18 03:17 - 2015-01-18 03:17 - 00960000 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.UI\6c2169e34bfb3814fa44f267572335f6\Windows.UI.ni.dll
    2015-01-16 05:02 - 2015-01-16 05:02 - 01130496 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.App640a3541#\6e37f358bf8363dad51e2333292d61a9\Windows.ApplicationModel.ni.dll
    2015-01-16 05:02 - 2015-01-16 05:02 - 00133120 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.System\7819e306c2c55c42f35a5fa10b93710f\Windows.System.ni.dll
    2015-01-16 05:02 - 2015-01-16 05:02 - 00808448 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.Storage\f0a2c10499402eff632a7a7df0b4afef\Windows.Storage.ni.dll
    2015-01-16 05:01 - 2015-01-16 05:01 - 00228864 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\f7e726805e56676bd7b8662a3d842b0e\Windows.Foundation.ni.dll
    2015-01-16 05:03 - 2015-01-16 05:03 - 00797696 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.Networking\e1a2f3f274995f1f847c00f962657943\Windows.Networking.ni.dll
    2015-01-22 15:33 - 2015-01-22 15:33 - 00827392 _____ () C:\Users\Pat\AppData\Local\Packages\tunein.tuneinradio_6bhtb546zcxnj\AC\Microsoft\CLR_v4.0_32\NativeImages\nVentive.Um9106121c#\57bf9c3964fac46fb8ddaf41b3ec48f4\nVentive.Umbrella.Web.WinRT.ni.dll
    2014-12-28 03:19 - 2014-12-28 03:19 - 00770560 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.Media\ca5d421f33f051f1b561add6753e4360\Windows.Media.ni.dll
    2015-01-16 05:03 - 2015-01-16 05:03 - 00238080 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.Gloaae92e31#\a1306b1fdd9c22508f9e5d901fceb4cd\Windows.Globalization.ni.dll
    2014-12-28 03:19 - 2014-12-28 03:19 - 01282048 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.Devices\bf5509cf3a0d2e3afbd0c33e9153ecbd\Windows.Devices.ni.dll
    2014-12-28 03:19 - 2014-12-28 03:19 - 00337920 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.Data\fe565d34d4335337c06264bb0d85e3b0\Windows.Data.ni.dll
    2015-01-26 10:45 - 2015-01-26 10:45 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\Pat\OneDrive:ms-properties

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CatWSw8 => ""="Driver"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ========================= Accounts: ==========================

    Administrator (S-1-5-21-379946212-1816574113-116217764-500 - Administrator - Disabled)
    Guest (S-1-5-21-379946212-1816574113-116217764-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-379946212-1816574113-116217764-1003 - Limited - Enabled)
    Pat (S-1-5-21-379946212-1816574113-116217764-1001 - Administrator - Enabled) => C:\Users\Pat
    user (S-1-5-21-379946212-1816574113-116217764-1004 - Administrator - Enabled) => C:\Users\user

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/31/2015 08:10:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: d44

    Start Time: 01d03dc2cd3fce1d

    Termination Time: 4294967295

    Application Path: C:\windows\system32\backgroundTaskHost.exe

    Report Id: 7399184e-a9b7-11e4-8268-6002924ad1c9

    Faulting package full name: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt

    Faulting package-relative application ID: App

    Error: (01/31/2015 07:44:34 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 80070005

    Error: (01/31/2015 07:15:55 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17284, time stamp: 0x53f816dc
    Faulting module name: DropboxExt64.24.dll, version: 1.0.0.24, time stamp: 0x53a8c70f
    Exception code: 0xc000041d
    Fault offset: 0x0000000000008d57
    Faulting process id: 0x120c
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3
    Faulting package full name: Explorer.EXE4
    Faulting package-relative application ID: Explorer.EXE5

    Error: (01/31/2015 04:46:28 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: plugin-container.exe, version: 35.0.1.5500, time stamp: 0x54c1f9f3
    Faulting module name: mozalloc.dll, version: 35.0.1.5500, time stamp: 0x54c1f224
    Exception code: 0x80000003
    Fault offset: 0x00001425
    Faulting process id: 0x1cfc
    Faulting application start time: 0xplugin-container.exe0
    Faulting application path: plugin-container.exe1
    Faulting module path: plugin-container.exe2
    Report Id: plugin-container.exe3
    Faulting package full name: plugin-container.exe4
    Faulting package-relative application ID: plugin-container.exe5

    Error: (01/31/2015 04:45:56 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: plugin-container.exe, version: 35.0.1.5500, time stamp: 0x54c1f9f3
    Faulting module name: mozalloc.dll, version: 35.0.1.5500, time stamp: 0x54c1f224
    Exception code: 0x80000003
    Fault offset: 0x00001425
    Faulting process id: 0xf2c
    Faulting application start time: 0xplugin-container.exe0
    Faulting application path: plugin-container.exe1
    Faulting module path: plugin-container.exe2
    Report Id: plugin-container.exe3
    Faulting package full name: plugin-container.exe4
    Faulting package-relative application ID: plugin-container.exe5

    Error: (01/31/2015 04:44:07 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: plugin-container.exe, version: 35.0.1.5500, time stamp: 0x54c1f9f3
    Faulting module name: mozalloc.dll, version: 35.0.1.5500, time stamp: 0x54c1f224
    Exception code: 0x80000003
    Fault offset: 0x00001425
    Faulting process id: 0x1270
    Faulting application start time: 0xplugin-container.exe0
    Faulting application path: plugin-container.exe1
    Faulting module path: plugin-container.exe2
    Report Id: plugin-container.exe3
    Faulting package full name: plugin-container.exe4
    Faulting package-relative application ID: plugin-container.exe5

    Error: (01/31/2015 11:54:19 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: d70

    Start Time: 01d03d7e3188d57f

    Termination Time: 4294967295

    Application Path: C:\windows\system32\backgroundTaskHost.exe

    Report Id: 25da06cb-a972-11e4-8268-6002924ad1c9

    Faulting package full name: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt

    Faulting package-relative application ID: App

    Error: (01/31/2015 09:51:01 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 420

    Start Time: 01d03d6cb8cdf3c2

    Termination Time: 4294967295

    Application Path: C:\windows\system32\backgroundTaskHost.exe

    Report Id: f39ebb3d-a960-11e4-8268-6002924ad1c9

    Faulting package full name: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt

    Faulting package-relative application ID: App

    Error: (01/31/2015 09:43:03 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1aac

    Start Time: 01d03d6be1d59b3f

    Termination Time: 4294967295

    Application Path: C:\windows\system32\backgroundTaskHost.exe

    Report Id: d5585afd-a95f-11e4-8268-6002924ad1c9

    Faulting package full name: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt

    Faulting package-relative application ID: App

    Error: (01/31/2015 08:56:48 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1c2c

    Start Time: 01d03d656d0b26b6

    Termination Time: 4294967295

    Application Path: C:\windows\system32\backgroundTaskHost.exe

    Report Id: 608c18af-a959-11e4-8268-6002924ad1c9

    Faulting package full name: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt

    Faulting package-relative application ID: App


    System errors:
    =============
    Error: (02/01/2015 06:16:13 PM) (Source: BTHUSB) (EventID: 17) (User: )
    Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

    Error: (02/01/2015 03:07:12 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.

    Error: (01/31/2015 07:01:40 PM) (Source: BTHUSB) (EventID: 17) (User: )
    Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

    Error: (01/31/2015 05:02:00 PM) (Source: DCOM) (EventID: 10010) (User: PATSSURFACE)
    Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

    Error: (01/31/2015 05:02:00 PM) (Source: DCOM) (EventID: 10010) (User: PATSSURFACE)
    Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

    Error: (01/31/2015 05:02:00 PM) (Source: DCOM) (EventID: 10010) (User: PATSSURFACE)
    Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

    Error: (01/31/2015 05:02:00 PM) (Source: DCOM) (EventID: 10010) (User: PATSSURFACE)
    Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

    Error: (01/31/2015 07:13:32 AM) (Source: DCOM) (EventID: 10016) (User: PATSSURFACE)
    Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}PatsSurfacePatS-1-5-21-379946212-1816574113-116217764-1001LocalHost (Using LRPC)D52A8D61.WordsWithFriends_1.2.0.1_x64__jwbwg6xx0377aS-1-15-2-965281832-2310444747-3180759850-603269243-1034815153-2375164496-1948704185

    Error: (01/31/2015 07:13:29 AM) (Source: DCOM) (EventID: 10016) (User: PATSSURFACE)
    Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}PatsSurfacePatS-1-5-21-379946212-1816574113-116217764-1001LocalHost (Using LRPC)D52A8D61.WordsWithFriends_1.2.0.1_x64__jwbwg6xx0377aS-1-15-2-965281832-2310444747-3180759850-603269243-1034815153-2375164496-1948704185

    Error: (01/31/2015 07:13:29 AM) (Source: DCOM) (EventID: 10016) (User: PATSSURFACE)
    Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}PatsSurfacePatS-1-5-21-379946212-1816574113-116217764-1001LocalHost (Using LRPC)D52A8D61.WordsWithFriends_1.2.0.1_x64__jwbwg6xx0377aS-1-15-2-965281832-2310444747-3180759850-603269243-1034815153-2375164496-1948704185


    Microsoft Office Sessions:
    =========================
    Error: (01/31/2015 08:10:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: backgroundTaskHost.exe6.3.9600.16384d4401d03dc2cd3fce1d4294967295C:\windows\system32\backgroundTaskHost.exe7399184e-a9b7-11e4-8268-6002924ad1c9Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nntApp

    Error: (01/31/2015 07:44:34 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 80070005

    Error: (01/31/2015 07:15:55 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Explorer.EXE6.3.9600.1728453f816dcDropboxExt64.24.dll1.0.0.2453a8c70fc000041d0000000000008d57120c01d03dbab259c5c3C:\windows\Explorer.EXEC:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dlldead37ed-a9af-11e4-8268-6002924ad1c9

    Error: (01/31/2015 04:46:28 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f22480000003000014251cfc01d03da7be97c88eC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllfdf6c6ab-a99a-11e4-8268-6002924ad1c9

    Error: (01/31/2015 04:45:56 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f2248000000300001425f2c01d03da772010f1aC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlleaba6486-a99a-11e4-8268-6002924ad1c9

    Error: (01/31/2015 04:44:07 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f2248000000300001425127001d03cdbf8525d63C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlla9ad12a6-a99a-11e4-8268-6002924ad1c9

    Error: (01/31/2015 11:54:19 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: backgroundTaskHost.exe6.3.9600.16384d7001d03d7e3188d57f4294967295C:\windows\system32\backgroundTaskHost.exe25da06cb-a972-11e4-8268-6002924ad1c9Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nntApp

    Error: (01/31/2015 09:51:01 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: backgroundTaskHost.exe6.3.9600.1638442001d03d6cb8cdf3c24294967295C:\windows\system32\backgroundTaskHost.exef39ebb3d-a960-11e4-8268-6002924ad1c9Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nntApp

    Error: (01/31/2015 09:43:03 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: backgroundTaskHost.exe6.3.9600.163841aac01d03d6be1d59b3f4294967295C:\windows\system32\backgroundTaskHost.exed5585afd-a95f-11e4-8268-6002924ad1c9Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nntApp

    Error: (01/31/2015 08:56:48 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: backgroundTaskHost.exe6.3.9600.163841c2c01d03d656d0b26b64294967295C:\windows\system32\backgroundTaskHost.exe608c18af-a959-11e4-8268-6002924ad1c9Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nntApp


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-4300U CPU @ 1.90GHz
    Percentage of memory in use: 64%
    Total physical RAM: 4001.07 MB
    Available physical RAM: 1416.74 MB
    Total Pagefile: 8097.07 MB
    Available Pagefile: 5222.75 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.79 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:113.5 GB) (Free:63.11 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 119.2 GB) (Disk ID: 514D03E9)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================
     
  4. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Hello again Tadrichards,

    Step one

    Please navigate to your Downloads folder and drag (or cut and paste) FRST64 to your Desktop

    Step 2

    Please uninstall the following adware and potentially unwanted programs if you can:

    Pro PC Cleaner
    Support PL 1.1
    Tamriel Maps


    And

    This one if you didn't install it:

    TeamViewer 10

    It is a legitimate program but is used for remote access to your computer and is sometimes used for malicious purposes.

    After that

    Open notepad.

    Please copy the contents of the code box below.

    To do this highlight (click in the box and press Ctrl + A) the contents of the box and right click on it. Paste this into the open notepad. Save it to the Desktop as fixlist.txt.

    Alternatively type the contents of the box into notepad and save it to your desktop as fixlist.txt.

    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    Code:
    C:\Program Files (x86)\Pro PC Cleaner
    SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL =
    SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
    SearchScopes: HKU\S-1-5-21-379946212-1816574113-116217764-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=t ugs&uid=HFS128G3AMNB-2200A_EIE5M000910505N4K&ts=1422744460&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-379946212-1816574113-116217764-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=t ugs&uid=HFS128G3AMNB-2200A_EIE5M000910505N4K&ts=1422744460&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-379946212-1816574113-116217764-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://taplika.com/results.php?f=4&q={searchTerms}&a=tpl_tuto4_15_05&cd=2XzuyEtN2Y1L1QzuyCtDtD tBzytByE0A0DtC0Czy0EyCyEtDtN0D0Tzu0StCtCtByCtN1L2XzutAtFyBtFtBtFtDtN1L1Czut N1L1G1B1V1N2Y1L1Qzu2StAzytA0EtBtDtC0BtGtDyByEtCtGzztC0EyDtGzzyC0D0FtGyCtA0C 0CyCyByBtDtA0F0CtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtAzytDzztDyE0FtGyDyDzytDtGyE0 ByBtDtG0ByBtByBtGyDyB0FyCzz0BtD0F0AyCzzyD2Q&cr=1729811673&ir=
    SearchScopes: HKU\S-1-5-21-379946212-1816574113-116217764-1001 -> {589B893E-773C-4941-88C2-0DCC718E621C} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=t ugs&uid=HFS128G3AMNB-2200A_EIE5M000910505N4K&ts=1422744460&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-379946212-1816574113-116217764-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=t ugs&uid=HFS128G3AMNB-2200A_EIE5M000910505N4K&ts=1422744460&type=default&q={searchTerms}
    BHO: PRicceLess -> {10e76691-f971-4250-9273-8b6df967a538} -> C:\Program Files (x86)\PRicceLess\SYfI54hQzRMd0Q.x64.dll ()
    C:\Program Files (x86)\PRicceLess
    BHO: youtubeadblocker -> {4931498d-327f-4695-beeb-fb3a86c8d63b} -> C:\Program Files (x86)\youtubeadblocker\fH2kXQyLY57oW5.x64.dll No File
    BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
    BHO-x32: PRicceLess -> {10e76691-f971-4250-9273-8b6df967a538} -> C:\Program Files (x86)\PRicceLess\SYfI54hQzRMd0Q.dll ()
    BHO-x32: youtubeadblocker -> {4931498d-327f-4695-beeb-fb3a86c8d63b} -> C:\Program Files (x86)\youtubeadblocker\fH2kXQyLY57oW5.dll No File
    C:\Program Files (x86)\youtubeadblocker
    FF DefaultSearchEngine: Taplika
    FF SearchEngineOrder.1: Yahoo
    FF SearchEngineOrder.2:
    FF SelectedSearchEngine: Taplika
    FF Homepage: hxxp://taplika.com/?f=1&a=tpl_tuto4_15_05&cd=2XzuyEtN2Y1L1QzuyCtDtDtBzytByE0A0DtC0Czy0EyCyEtDt N0D0Tzu0StCtCtByCtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StAzytA 0EtBtDtC0BtGtDyByEtCtGzztC0EyDtGzzyC0D0FtGyCtA0C0CyCyByBtDtA0F0CtD2QtN1M1F1 B2Z1V1N2Y1L1Qzu2S0BtAzytDzztDyE0FtGyDyDzytDtGyE0ByBtDtG0ByBtByBtGyDyB0FyCzz 0BtD0F0AyCzzyD2Q&cr=1729811673&ir=
    FF SearchPlugin: C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\4he4ll0d.default-1419047285107\searchplugins\taplika.xml
    FF Extension: youtubeadblocker - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\4he4ll0d.default-1419047285107\Extensions\[email protected] [2015-01-31]
    FF Extension: PRicceLess - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\4he4ll0d.default-1419047285107\Extensions\[email protected] [2015-01-31]
    FF Extension: Zoom It - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\4he4ll0d.default-1419047285107\Extensions\{7e92bf29-b0bc-233d-e35b-afeed1aa31eb} [2015-01-31]
    FF Extension: Zoom It - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\4he4ll0d.default-1419047285107\Extensions\{83e02f0a-1694-3889-c714-122520abd078} [2015-01-31]
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    C:\Users\Pat\AppData\Roaming\MWHROGA
    C:\Users\Pat\AppData\Roaming\XJJN
    C:\ProgramData\DP45977C.lfl
    C:\Users\Pat\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5pnldr.dll
    Task: {07800508-AF0B-40D8-A5D7-1347D9143066} - System32\Tasks\XJJN => C:\Users\Pat\AppData\Roaming\XJJN.exe <==== ATTENTION
    Task: {6480CFC2-87B3-421E-AFC5-6982B12A1724} - System32\Tasks\MWHROGA => C:\Users\Pat\AppData\Roaming\MWHROGA.exe <==== ATTENTION
    Task: {A2C5D3B1-41CD-4EFC-9DD0-6C4F098C13D6} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Pat) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
    C:\Program Files\SlimCleaner Plus
    Task: {B44D9972-74E5-4E41-9C32-881499510E78} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
    Task: {C4ED0877-F3E8-4670-8E13-DF0F58230967} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe [2014-08-21] (Pro PC Cleaner)
    C:\Program Files (x86)\MyPC Backup
    Task: C:\windows\Tasks\MWHROGA.job => C:\Users\Pat\AppData\Roaming\MWHROGA.exe <==== ATTENTION
    Task: C:\windows\Tasks\SlimCleaner Plus (Scheduled Scan - Pat).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
    CMD: ipconfig /flushdns
    EmptyTemp:
    
    This script is specifically written for the infection on this person's computer. It should NOT to be used on another machine. It may cause serious damage even to the point of rendering the computer unusable.

    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

    Next

    The FRST scan shows that you have the dev: build version of Chrome. Replacing your browser with the development build is a technique used by malware to gain access to your browser.

    If you haven't installed the dev: build then your Chrome browser has a nasty infection. It's quite recent and to fix it we need to uninstall and reinstall Chrome. Depending on how long you have had the infection we may need further work after the reinstall.

    Firstly

    You might like to backup your bookmarks. Go to the link below to learn how to export Chrome's bookmarks. You can save them somewhere you can find them and import them back to Chrome when you reinstall.

    https://support.google.com/chrome/answer/96816?hl=en

    Step 2

    Go to the link below for instructions to uninstall Google Chrome. Use the Windows instructions for Windows Vista/ Windows 7/ Windows 8

    Note: To remove this infection properly you must remove your profile information so make sure you tick the "Also delete your browsing data" check box.

    Step 3

    Download and reinstall Google Chrome.

    Finally in this post

    Please run another FRST scan with the Addition.txt box ticked and post back the two logs generated - FRST.txt and Addition.txt.

    So when you return please post
    • Fixlog.txt
    • FRST.txt
    • Addition.txt


    If they don't fit in one post just use as many posts as you need. That is fine. :)
     
  5. Tadrichards

    Tadrichards Thread Starter

    Joined:
    Jan 31, 2015
    Messages:
    74
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2015
    Ran by Pat at 2015-02-01 19:37:05 Run:1
    Running from C:\Users\Pat\Desktop
    Loaded Profiles: Pat (Available profiles: Pat & user)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    C:\Program Files (x86)\Pro PC Cleaner
    SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL =
    SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
    SearchScopes: HKU\S-1-5-21-379946212-1816574113-116217764-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://isearch.omiga-plus.com/web/?...utm_campaign=install_ie&utm_content=ds&from=t ugs&uid=HFS128G3AMNB-2200A_EIE5M000910505N4K&ts=1422744460&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-379946212-1816574113-116217764-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://isearch.omiga-plus.com/web/?...utm_campaign=install_ie&utm_content=ds&from=t ugs&uid=HFS128G3AMNB-2200A_EIE5M000910505N4K&ts=1422744460&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-379946212-1816574113-116217764-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://taplika.com/results.php?f=4&q={searchTerms}&a=tpl_tuto4_15_05&cd=2XzuyEtN2Y1L1QzuyCtDtD tBzytByE0A0DtC0Czy0EyCyEtDtN0D0Tzu0StCtCtByCtN1L2XzutAtFyBtFtBtFtDtN1L1Czut N1L1G1B1V1N2Y1L1Qzu2StAzytA0EtBtDtC0BtGtDyByEtCtGzztC0EyDtGzzyC0D0FtGyCtA0C 0CyCyByBtDtA0F0CtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtAzytDzztDyE0FtGyDyDzytDtGyE0 ByBtDtG0ByBtByBtGyDyB0FyCzz0BtD0F0AyCzzyD2Q&cr=1729811673&ir=
    SearchScopes: HKU\S-1-5-21-379946212-1816574113-116217764-1001 -> {589B893E-773C-4941-88C2-0DCC718E621C} URL = http://isearch.omiga-plus.com/web/?...utm_campaign=install_ie&utm_content=ds&from=t ugs&uid=HFS128G3AMNB-2200A_EIE5M000910505N4K&ts=1422744460&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-379946212-1816574113-116217764-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://isearch.omiga-plus.com/web/?...utm_campaign=install_ie&utm_content=ds&from=t ugs&uid=HFS128G3AMNB-2200A_EIE5M000910505N4K&ts=1422744460&type=default&q={searchTerms}
    BHO: PRicceLess -> {10e76691-f971-4250-9273-8b6df967a538} -> C:\Program Files (x86)\PRicceLess\SYfI54hQzRMd0Q.x64.dll ()
    C:\Program Files (x86)\PRicceLess
    BHO: youtubeadblocker -> {4931498d-327f-4695-beeb-fb3a86c8d63b} -> C:\Program Files (x86)\youtubeadblocker\fH2kXQyLY57oW5.x64.dll No File
    BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
    BHO-x32: PRicceLess -> {10e76691-f971-4250-9273-8b6df967a538} -> C:\Program Files (x86)\PRicceLess\SYfI54hQzRMd0Q.dll ()
    BHO-x32: youtubeadblocker -> {4931498d-327f-4695-beeb-fb3a86c8d63b} -> C:\Program Files (x86)\youtubeadblocker\fH2kXQyLY57oW5.dll No File
    C:\Program Files (x86)\youtubeadblocker
    FF DefaultSearchEngine: Taplika
    FF SearchEngineOrder.1: Yahoo
    FF SearchEngineOrder.2:
    FF SelectedSearchEngine: Taplika
    FF Homepage: hxxp://taplika.com/?f=1&a=tpl_tuto4_15_05&cd=2XzuyEtN2Y1L1QzuyCtDtDtBzytByE0A0DtC0Czy0EyCyEtDt N0D0Tzu0StCtCtByCtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StAzytA 0EtBtDtC0BtGtDyByEtCtGzztC0EyDtGzzyC0D0FtGyCtA0C0CyCyByBtDtA0F0CtD2QtN1M1F1 B2Z1V1N2Y1L1Qzu2S0BtAzytDzztDyE0FtGyDyDzytDtGyE0ByBtDtG0ByBtByBtGyDyB0FyCzz 0BtD0F0AyCzzyD2Q&cr=1729811673&ir=
    FF SearchPlugin: C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\4he4ll0d.default-1419047285107\searchplugins\taplika.xml
    FF Extension: youtubeadblocker - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\4he4ll0d.default-1419047285107\Extensions\[email protected] [2015-01-31]
    FF Extension: PRicceLess - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\4he4ll0d.default-1419047285107\Extensions\[email protected] [2015-01-31]
    FF Extension: Zoom It - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\4he4ll0d.default-1419047285107\Extensions\{7e92bf29-b0bc-233d-e35b-afeed1aa31eb} [2015-01-31]
    FF Extension: Zoom It - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\4he4ll0d.default-1419047285107\Extensions\{83e02f0a-1694-3889-c714-122520abd078} [2015-01-31]
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    C:\Users\Pat\AppData\Roaming\MWHROGA
    C:\Users\Pat\AppData\Roaming\XJJN
    C:\ProgramData\DP45977C.lfl
    C:\Users\Pat\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5pnldr.dll
    Task: {07800508-AF0B-40D8-A5D7-1347D9143066} - System32\Tasks\XJJN => C:\Users\Pat\AppData\Roaming\XJJN.exe <==== ATTENTION
    Task: {6480CFC2-87B3-421E-AFC5-6982B12A1724} - System32\Tasks\MWHROGA => C:\Users\Pat\AppData\Roaming\MWHROGA.exe <==== ATTENTION
    Task: {A2C5D3B1-41CD-4EFC-9DD0-6C4F098C13D6} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Pat) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
    C:\Program Files\SlimCleaner Plus
    Task: {B44D9972-74E5-4E41-9C32-881499510E78} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
    Task: {C4ED0877-F3E8-4670-8E13-DF0F58230967} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe [2014-08-21] (Pro PC Cleaner)
    C:\Program Files (x86)\MyPC Backup
    Task: C:\windows\Tasks\MWHROGA.job => C:\Users\Pat\AppData\Roaming\MWHROGA.exe <==== ATTENTION
    Task: C:\windows\Tasks\SlimCleaner Plus (Scheduled Scan - Pat).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
    CMD: ipconfig /flushdns
    EmptyTemp:
    *****************

    "C:\Program Files (x86)\Pro PC Cleaner" => File/Directory not found.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{589B893E-773C-4941-88C2-0DCC718E621C}" => Key deleted successfully.
    HKCR\CLSID\{589B893E-773C-4941-88C2-0DCC718E621C} => Key not found.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
    HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found.
    HKU\S-1-5-21-379946212-1816574113-116217764-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    "HKU\S-1-5-21-379946212-1816574113-116217764-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
    HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
    "HKU\S-1-5-21-379946212-1816574113-116217764-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}" => Key deleted successfully.
    HKCR\CLSID\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} => Key not found.
    "HKU\S-1-5-21-379946212-1816574113-116217764-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{589B893E-773C-4941-88C2-0DCC718E621C}" => Key deleted successfully.
    HKCR\CLSID\{589B893E-773C-4941-88C2-0DCC718E621C} => Key not found.
    "HKU\S-1-5-21-379946212-1816574113-116217764-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}" => Key deleted successfully.
    HKCR\CLSID\{E733165D-CBCF-4FDA-883E-ADEF965B476C} => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10e76691-f971-4250-9273-8b6df967a538} => Key not found.
    "HKCR\CLSID\{10e76691-f971-4250-9273-8b6df967a538}" => Key deleted successfully.
    C:\Program Files (x86)\PRicceLess => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4931498d-327f-4695-beeb-fb3a86c8d63b} => Key not found.
    "HKCR\CLSID\{4931498d-327f-4695-beeb-fb3a86c8d63b}" => Key deleted successfully.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
    HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10e76691-f971-4250-9273-8b6df967a538} => Key not found.
    "HKCR\Wow6432Node\CLSID\{10e76691-f971-4250-9273-8b6df967a538}" => Key deleted successfully.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4931498d-327f-4695-beeb-fb3a86c8d63b} => Key not found.
    "HKCR\Wow6432Node\CLSID\{4931498d-327f-4695-beeb-fb3a86c8d63b}" => Key deleted successfully.
    "C:\Program Files (x86)\youtubeadblocker" => File/Directory not found.
    Firefox DefaultSearchEngine deleted successfully.
    Firefox SearchEngineOrder.1 deleted successfully.
    Firefox SearchEngineOrder.2 deleted successfully.
    Firefox SelectedSearchEngine deleted successfully.
    Firefox homepage deleted successfully.
    "C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\4he4ll0d.default-1419047285107\searchplugins\taplika.xml" => not found.
    C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\4he4ll0d.default-1419047285107\Extensions\[email protected] => Moved successfully.
    C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\4he4ll0d.default-1419047285107\Extensions\[email protected] => Moved successfully.
    C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\4he4ll0d.default-1419047285107\Extensions\{7e92bf29-b0bc-233d-e35b-afeed1aa31eb} => Moved successfully.
    C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\4he4ll0d.default-1419047285107\Extensions\{83e02f0a-1694-3889-c714-122520abd078} => Moved successfully.
    C:\windows\system32\GroupPolicy\Machine => Moved successfully.
    C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
    C:\Users\Pat\AppData\Roaming\MWHROGA => Moved successfully.
    C:\Users\Pat\AppData\Roaming\XJJN => Moved successfully.
    Could not move "C:\ProgramData\DP45977C.lfl" => Scheduled to move on reboot.
    "C:\Users\Pat\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5pnldr.dll" => File/Directory not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{07800508-AF0B-40D8-A5D7-1347D9143066}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07800508-AF0B-40D8-A5D7-1347D9143066}" => Key deleted successfully.
    C:\Windows\System32\Tasks\XJJN => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\XJJN" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6480CFC2-87B3-421E-AFC5-6982B12A1724}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6480CFC2-87B3-421E-AFC5-6982B12A1724}" => Key deleted successfully.
    C:\Windows\System32\Tasks\MWHROGA => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MWHROGA" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A2C5D3B1-41CD-4EFC-9DD0-6C4F098C13D6}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2C5D3B1-41CD-4EFC-9DD0-6C4F098C13D6}" => Key deleted successfully.
    C:\Windows\System32\Tasks\SlimCleaner Plus (Scheduled Scan - Pat) => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SlimCleaner Plus (Scheduled Scan - Pat)" => Key deleted successfully.
    "C:\Program Files\SlimCleaner Plus" => File/Directory not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B44D9972-74E5-4E41-9C32-881499510E78}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B44D9972-74E5-4E41-9C32-881499510E78}" => Key deleted successfully.
    C:\Windows\System32\Tasks\LaunchSignup => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C4ED0877-F3E8-4670-8E13-DF0F58230967}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4ED0877-F3E8-4670-8E13-DF0F58230967}" => Key deleted successfully.
    C:\Windows\System32\Tasks\ProPCCleaner_Start => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Start" => Key deleted successfully.
    "C:\Program Files (x86)\MyPC Backup" => File/Directory not found.
    C:\windows\Tasks\MWHROGA.job => Moved successfully.
    C:\windows\Tasks\SlimCleaner Plus (Scheduled Scan - Pat).job => Moved successfully.

    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========

    EmptyTemp: => Removed 49.5 MB temporary data.

    => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-02-01 19:37:53)<=

    C:\ProgramData\DP45977C.lfl => Moved successfully.

    ==== End of Fixlog 19:37:53 ====


    I found out something interesting, which is that Desktop isn't all that easy to access with Windows 8.

    I don't think I've ever used Chrome on this computer -- I can't find it on the Install/Uninstall Programs list. Where else should I look?

    IO do use Teamviewer 10 to communicate with a guy who does work on my computer sometimes.

    I also uninstalled something called Pricceless that seemed like junk.

    about to run the new FRST scan.
     
  6. Tadrichards

    Tadrichards Thread Starter

    Joined:
    Jan 31, 2015
    Messages:
    74
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
    Ran by Pat (administrator) on PATSSURFACE on 01-02-2015 19:49:04
    Running from C:\Users\Pat\Desktop
    Loaded Profiles: Pat (Available profiles: Pat & user)
    Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Spotify Ltd) C:\Users\Pat\AppData\Roaming\Spotify\spotify.exe
    (Dropbox, Inc.) C:\Users\Pat\AppData\Roaming\Dropbox\bin\Dropbox.exe
    () C:\Users\Pat\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    () C:\Users\Pat\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    () C:\Users\Pat\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    () C:\Users\Pat\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    () C:\Users\Pat\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKU\S-1-5-21-379946212-1816574113-116217764-1001\...\Run: [Spotify] => C:\Users\Pat\AppData\Roaming\Spotify\spotify.exe [6737976 2014-12-27] (Spotify Ltd)
    Startup: C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
    ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
    HKU\S-1-5-21-379946212-1816574113-116217764-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    Tcpip\Parameters: [DhcpNameServer] 192.168.3.1 192.168.3.1
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF ProfilePath: C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\4he4ll0d.default-1419047285107
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
    FF Extension: Zoom It - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\4he4ll0d.default-1419047285107\Extensions\{6eac7c15-ebf2-4dd5-80c2-ffad1e53a03e} [2015-02-01]
    StartMenuInternet: FIREFOX.EXE - firefox.exe

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)
    R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
    R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
    R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
    R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-05-08] (Microsoft Corporation)
    R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24568 2013-10-07] (Intel Corporation)
    R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-10-07] (Intel Corporation)
    R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2014-01-31] (Intel Corporation)
    R3 mrvlpcie8897; C:\Windows\system32\DRIVERS\mrvlpcie8897.sys [1002496 2014-12-24] (Marvell Semiconductors Inc.)
    R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
    R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
    R3 SurfaceAccessoryDevice; C:\Windows\System32\drivers\SurfaceAccessoryDevice.sys [51856 2014-05-30] (Microsoft Corporation)
    R3 SurfaceCapacitiveHomeButton; C:\Windows\System32\drivers\SurfaceCapacitiveHomeButton.sys [44152 2014-11-27] (Microsoft Corporation)
    R3 SurfaceDisplayCalibration; C:\Windows\System32\drivers\SurfaceDisplayCalibration.sys [41616 2014-05-02] (Microsoft Corporation)
    R3 SurfaceIntegrationDriver; C:\Windows\System32\drivers\SurfaceIntegrationDriver.sys [49776 2014-12-09] (Microsoft Corporation)
    R0 SurfacePciController; C:\Windows\System32\drivers\SurfacePciController.sys [35440 2014-10-08] (Microsoft Corporation)
    R3 SurfacePenDriver; C:\Windows\system32\DRIVERS\SurfacePenDriver.sys [66672 2014-10-25] (Microsoft Corporation)
    S3 SurfaceTouchCover; C:\Windows\System32\drivers\SurfaceTouchCover.sys [35976 2014-04-14] (Microsoft Corporation)
    S3 SurfaceTypeCover; C:\Windows\System32\drivers\SurfaceTypeCover.sys [35984 2014-03-18] (Microsoft Corporation)
    R3 TrueColor; C:\Windows\system32\DRIVERS\TrueColor.sys [35952 2014-07-07] ()
    R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
    R3 WiFiClass; C:\Windows\system32\DRIVERS\wificlass.sys [411648 2014-12-24] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-01 19:49 - 2015-02-01 19:49 - 00007864 _____ () C:\Users\Pat\Desktop\FRST.txt
    2015-02-01 19:39 - 2015-02-01 19:39 - 00000000 ____H () C:\ProgramData\DP45977C.lfl
    2015-02-01 19:33 - 2015-02-01 19:37 - 00196922 _____ () C:\windows\PFRO.log
    2015-02-01 19:31 - 2015-02-01 19:31 - 00000000 ____D () C:\ProgramData\846063261
    2015-02-01 19:30 - 2015-02-01 19:30 - 00000000 ____D () C:\windows\system32\appmgmt
    2015-02-01 18:32 - 2014-06-09 16:13 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
    2015-02-01 18:32 - 2014-06-09 16:13 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
    2015-02-01 18:20 - 2015-02-01 18:20 - 00037425 _____ () C:\Users\Pat\Downloads\FRST.txt
    2015-02-01 18:20 - 2015-02-01 18:20 - 00027234 _____ () C:\Users\Pat\Downloads\Addition.txt
    2015-02-01 18:19 - 2015-02-01 19:49 - 00000000 ____D () C:\FRST
    2015-02-01 18:18 - 2015-02-01 18:18 - 02131456 _____ (Farbar) C:\Users\Pat\Desktop\FRST64.exe
    2015-02-01 18:16 - 2015-02-01 19:37 - 00001044 _____ () C:\windows\setupact.log
    2015-02-01 18:16 - 2015-02-01 18:16 - 00000000 _____ () C:\windows\setuperr.log
    2015-01-31 21:34 - 2015-02-01 19:48 - 00562739 _____ () C:\windows\WindowsUpdate.log
    2015-01-31 19:11 - 2015-01-31 19:11 - 00000000 ____D () C:\MovieWizard
    2015-01-31 19:08 - 2015-01-31 19:08 - 00000000 ____D () C:\ProgramData\7126542232522465554
    2015-01-31 16:53 - 2015-02-01 18:17 - 00000000 ____D () C:\Users\Pat\Documents\ProPCCleaner
    2015-01-31 16:53 - 2015-02-01 18:16 - 00003462 _____ () C:\windows\System32\Tasks\ProPCCleaner_Popup
    2015-01-31 16:53 - 2015-01-31 16:53 - 00000000 ____D () C:\Users\Pat\AppData\Local\Pro_PC_Cleaner
    2015-01-31 16:52 - 2015-01-31 16:52 - 00000000 ____D () C:\Program Files\Reference Assemblies
    2015-01-31 16:52 - 2015-01-31 16:52 - 00000000 ____D () C:\Program Files\MSBuild
    2015-01-31 16:52 - 2015-01-31 16:52 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
    2015-01-31 16:52 - 2015-01-31 16:52 - 00000000 ____D () C:\Program Files (x86)\MSBuild
    2015-01-31 16:49 - 2013-08-02 22:48 - 01166520 _____ (Microsoft Corporation) C:\windows\system32\PresentationNative_v0300.dll
    2015-01-31 16:49 - 2013-08-02 22:48 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-01-31 16:49 - 2013-08-02 22:41 - 00778936 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationNative_v0300.dll
    2015-01-31 16:49 - 2013-08-02 22:41 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2015-01-31 16:48 - 2015-01-31 19:11 - 00000000 ____D () C:\Users\Pat\AppData\Local\com
    2015-01-31 16:48 - 2015-01-31 16:48 - 00001988 _____ () C:\Users\Pat\Desktop\Sync Folder.lnk
    2015-01-31 16:47 - 2015-02-01 19:33 - 00001350 _____ () C:\windows\Tasks\XJJN.job
    2015-01-31 16:46 - 2015-01-31 19:10 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
    2015-01-31 16:46 - 2015-01-31 16:46 - 00000000 ____D () C:\Users\Pat\AppData\Local\globalUpdate
    2015-01-29 21:46 - 2015-01-29 21:29 - 00264010 _____ () C:\Users\Pat\Documents\Prestige%20book%201.doc_0.odt
    2015-01-29 11:56 - 2015-01-29 11:56 - 00013824 ___SH () C:\Users\Pat\Documents\Thumbs.db
    2015-01-26 14:26 - 2015-01-26 14:26 - 00000000 ____D () C:\Users\Public\Documents\sun
    2015-01-26 13:34 - 2015-01-26 13:34 - 00001047 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
    2015-01-26 13:34 - 2015-01-26 13:34 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
    2015-01-26 13:15 - 2015-01-26 13:15 - 00000000 ____D () C:\Users\Pat\Desktop\OpenOffice 4.1.1 (en-US) Installation Files
    2015-01-26 10:45 - 2015-01-26 10:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-01-24 15:25 - 2015-01-24 15:04 - 00014540 _____ () C:\Users\Pat\Documents\DODGE%20CITY.docx_0.odt
    2015-01-22 11:23 - 2015-01-22 11:24 - 00009758 _____ () C:\Users\Pat\Downloads\standardpaperback.1-200.ott
    2015-01-22 11:23 - 2015-01-22 11:23 - 00168995 _____ () C:\Users\Pat\Downloads\a5cover.otg
    2015-01-20 18:23 - 2015-01-20 17:35 - 00041156 _____ () C:\Users\Pat\Documents\Meet%20the%20real%20'Golden%20Girls'.htm_0.odt
    2015-01-16 01:22 - 2014-11-26 10:38 - 24201368 _____ (Intel Corporation) C:\windows\system32\igdumdim64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 05943072 _____ (Intel Corporation) C:\windows\system32\igdusc64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 04679768 _____ (Intel Corporation) C:\windows\SysWOW64\igdusc32.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 02945472 _____ (Intel Corporation) C:\windows\system32\IntelWiDiVAD64.exe
    2015-01-16 01:22 - 2014-11-26 10:38 - 02776408 _____ (Intel Corporation) C:\windows\system32\IntelWiDiAAC64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 01512568 _____ (Intel Corporation) C:\windows\system32\IntelWiDiSecureSourceFilter64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 01402296 _____ (Intel Corporation) C:\windows\system32\iglhsip64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 01399200 _____ (Intel Corporation) C:\windows\SysWOW64\iglhsip32.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 01365504 _____ (Intel Corporation) C:\windows\system32\igfxcmjit64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 01061376 _____ (Intel Corporation) C:\windows\SysWOW64\igfxcmjit32.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00978040 _____ (Intel Corporation) C:\windows\system32\IntelWiDiWinNextAgent64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00734720 _____ (Intel Corporation) C:\windows\system32\MetroIntelGenericUIFramework.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00671352 _____ (Intel Corporation) C:\windows\system32\IntelWiDiAudioFilter64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00615544 _____ (Intel Corporation) C:\windows\system32\IntelWiDiMux64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00472976 _____ (Intel Corporation) C:\windows\system32\IntelWiDiUMS64.exe
    2015-01-16 01:22 - 2014-11-26 10:38 - 00457616 _____ () C:\windows\system32\igfxTray.exe
    2015-01-16 01:22 - 2014-11-26 10:38 - 00372224 _____ (Intel Corporation) C:\windows\system32\IntelOpenCL64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00354136 _____ (Intel Corporation) C:\windows\system32\IntelWiDiSilenceFilter64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00304128 _____ (Intel Corporation) C:\windows\SysWOW64\IntelOpenCL32.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00279952 _____ (Intel Corporation) C:\windows\SysWOW64\IntelCpHeciSvc.exe
    2015-01-16 01:22 - 2014-11-26 10:38 - 00266072 _____ (Intel Corporation) C:\windows\system32\IntelWiDiUtils64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00254976 _____ () C:\windows\system32\igfxCPL.cpl
    2015-01-16 01:22 - 2014-11-26 10:38 - 00220392 _____ (Intel Corporation) C:\windows\system32\iglhcp64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00207872 _____ (Intel Corporation) C:\windows\system32\igfx11cmrt64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00207496 _____ (Intel Corporation) C:\windows\system32\igfxcmrt64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00196728 _____ (Intel Corporation) C:\windows\system32\IntelWiDiDDEAgent64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00195984 _____ (Intel Corporation) C:\windows\system32\igfxext.exe
    2015-01-16 01:22 - 2014-11-26 10:38 - 00184312 _____ (Intel Corporation) C:\windows\SysWOW64\iglhcp32.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00183296 _____ (Intel Corporation) C:\windows\system32\igfxCoIn_v4029.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00175104 _____ (Intel Corporation) C:\windows\SysWOW64\igfx11cmrt32.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00175024 _____ (Intel Corporation) C:\windows\SysWOW64\igfxcmrt32.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00135000 _____ (Intel Corporation) C:\windows\system32\IntelWiDiMCUMD64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00127320 _____ (Intel Corporation) C:\windows\system32\IntelWiDiLogServer64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00082432 _____ (Khronos Group) C:\windows\system32\Intel_OpenCL_ICD64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00074240 _____ (Khronos Group) C:\windows\SysWOW64\Intel_OpenCL_ICD32.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00031408 _____ (Intel Corporation) C:\windows\system32\igfxexps.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00030720 _____ (Intel Corporation) C:\windows\SysWOW64\igfxexps32.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00004016 _____ () C:\windows\system32\iglhxs64.vp
    2015-01-16 01:22 - 2014-11-26 10:37 - 25175552 _____ (Intel Corporation) C:\windows\system32\igdfcl64.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 23401576 _____ (Intel Corporation) C:\windows\SysWOW64\igdumdim32.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 20049408 _____ (Intel Corporation) C:\windows\SysWOW64\igdfcl32.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 17170624 _____ () C:\windows\system32\igd11dxva64.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 16698848 _____ () C:\windows\SysWOW64\igd11dxva32.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 12003840 _____ (Intel Corporation) C:\windows\system32\igdrcl64.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 11512320 _____ (Intel Corporation) C:\windows\SysWOW64\igdrcl32.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 09155072 _____ (Intel Corporation) C:\windows\system32\ig75icd64.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 07654408 _____ (Intel Corporation) C:\windows\system32\igd10iumd64.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 07232512 _____ (Intel Corporation) C:\windows\SysWOW64\ig75icd32.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 06956056 _____ (Intel Corporation) C:\windows\SysWOW64\igd10iumd32.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 04763064 _____ (Intel Corporation) C:\windows\system32\Drivers\igdkmd64.sys
    2015-01-16 01:22 - 2014-11-26 10:37 - 00637000 _____ (Intel Corporation) C:\windows\system32\igdmd64.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 00515960 _____ (Intel Corporation) C:\windows\SysWOW64\igdmd32.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 00418704 _____ (Intel Corporation) C:\windows\system32\GfxUIEx.exe
    2015-01-16 01:22 - 2014-11-26 10:37 - 00397824 _____ (Intel Corporation) C:\windows\system32\igdbcl64.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 00350208 _____ (Intel Corporation) C:\windows\SysWOW64\igdbcl32.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 00227328 _____ () C:\windows\system32\igdde64.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 00187392 _____ () C:\windows\SysWOW64\igdde32.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 00169984 _____ (Intel Corporation) C:\windows\system32\igdail64.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 00155536 _____ (Intel Corporation) C:\windows\system32\difx64.exe
    2015-01-16 01:22 - 2014-11-26 10:37 - 00151552 _____ (Intel Corporation) C:\windows\SysWOW64\igdail32.dll
    2015-01-14 18:03 - 2015-01-26 13:15 - 140852175 _____ () C:\Users\Pat\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-US.exe
    2015-01-13 15:47 - 2014-12-19 00:26 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
    2015-01-13 15:47 - 2014-12-11 20:04 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
    2015-01-13 15:47 - 2014-12-11 18:51 - 00075776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ahcache.sys
    2015-01-13 15:47 - 2014-12-08 19:50 - 00225280 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
    2015-01-13 15:47 - 2014-12-08 13:42 - 00535640 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
    2015-01-13 15:47 - 2014-12-08 13:42 - 00531616 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
    2015-01-13 15:47 - 2014-12-08 13:42 - 00448792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
    2015-01-13 15:47 - 2014-12-08 13:42 - 00413248 _____ (Microsoft Corporation) C:\windows\system32\Faultrep.dll
    2015-01-13 15:47 - 2014-12-08 13:42 - 00372408 _____ (Microsoft Corporation) C:\windows\SysWOW64\Faultrep.dll
    2015-01-13 15:47 - 2014-12-08 13:42 - 00108944 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
    2015-01-13 15:47 - 2014-12-08 13:42 - 00038264 _____ (Microsoft Corporation) C:\windows\system32\WerFaultSecure.exe
    2015-01-13 15:47 - 2014-12-08 13:42 - 00033584 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFaultSecure.exe
    2015-01-13 15:47 - 2014-12-05 21:17 - 00360448 _____ (Microsoft Corporation) C:\windows\system32\ncsi.dll
    2015-01-13 15:47 - 2014-12-05 19:41 - 00391680 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
    2015-01-13 15:47 - 2014-12-05 19:35 - 00229888 _____ (Microsoft Corporation) C:\windows\system32\AudioEndpointBuilder.dll
    2015-01-13 15:47 - 2014-10-28 22:00 - 00465320 _____ (Microsoft Corporation) C:\windows\system32\WerFault.exe
    2015-01-13 15:47 - 2014-10-28 22:00 - 00139984 _____ (Microsoft Corporation) C:\windows\system32\wermgr.exe
    2015-01-13 15:47 - 2014-10-28 21:52 - 00500016 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
    2015-01-13 15:47 - 2014-10-28 21:52 - 00482872 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
    2015-01-13 15:47 - 2014-10-28 21:52 - 00394120 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
    2015-01-13 15:47 - 2014-10-28 21:52 - 00272248 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
    2015-01-13 15:47 - 2014-10-28 21:12 - 00413136 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFault.exe
    2015-01-13 15:47 - 2014-10-28 21:12 - 00136296 _____ (Microsoft Corporation) C:\windows\SysWOW64\wermgr.exe
    2015-01-13 15:47 - 2014-10-28 21:07 - 00424544 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
    2015-01-13 15:47 - 2014-10-28 21:07 - 00370424 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
    2015-01-13 15:47 - 2014-10-28 21:07 - 00344536 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
    2015-01-13 15:47 - 2014-10-28 20:44 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\werdiagcontroller.dll
    2015-01-13 15:47 - 2014-10-28 19:59 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\werdiagcontroller.dll
    2015-01-13 15:47 - 2014-10-28 19:24 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\nlaapi.dll
    2015-01-13 15:47 - 2014-10-28 19:02 - 00911360 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
    2015-01-13 15:47 - 2014-10-28 19:01 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
    2015-01-12 21:42 - 2015-01-12 21:57 - 05606532 _____ () C:\Users\Pat\Downloads\FBFR291FCGMC3.EXE
    2015-01-12 15:26 - 2015-01-12 15:28 - 25667443 _____ () C:\Users\Pat\Downloads\WINS 1010 AM Rock N Roll Party - Alan Freed - February 12, 1955.wma
    2015-01-09 15:56 - 2015-01-31 21:13 - 00000000 ____D () C:\windows\Minidump
    2015-01-08 14:14 - 2015-01-08 14:14 - 00000000 __SHD () C:\Users\Pat\AppData\Local\EmieBrowserModeList
    2015-01-06 13:38 - 2015-01-06 13:38 - 00000000 ____D () C:\windows\system32\appraiser
    2015-01-04 18:17 - 2015-01-04 18:17 - 00000760 _____ () C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DMB11.lnk
    2015-01-02 04:44 - 2015-01-02 04:45 - 13087456 _____ (Microsoft Corporation) C:\Users\Pat\Downloads\Silverlight_x64.exe

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-01 19:47 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\sru
    2015-02-01 19:43 - 2014-07-31 12:17 - 00003594 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-379946212-1816574113-116217764-1001
    2015-02-01 19:42 - 2014-05-08 21:06 - 00863592 _____ () C:\windows\system32\PerfStringBackup.INI
    2015-02-01 19:39 - 2014-12-27 18:50 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\Spotify
    2015-02-01 19:39 - 2014-12-20 15:40 - 00000000 ___RD () C:\Users\Pat\Dropbox
    2015-02-01 19:39 - 2014-12-19 22:24 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\Dropbox
    2015-02-01 19:38 - 2014-07-31 12:14 - 00000000 ___DO () C:\Users\Pat\OneDrive
    2015-02-01 19:37 - 2014-12-26 10:56 - 00000008 __RSH () C:\ProgramData\ntuser.pol
    2015-02-01 19:37 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\GroupPolicy
    2015-02-01 19:37 - 2013-08-22 08:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2015-02-01 19:37 - 2013-08-22 07:25 - 00524288 ___SH () C:\windows\system32\config\BBI
    2015-02-01 19:35 - 2014-08-01 07:23 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
    2015-02-01 19:32 - 2013-08-22 09:20 - 00000000 ____D () C:\windows\CbsTemp
    2015-02-01 19:29 - 2014-12-31 09:55 - 00000000 ____D () C:\dmbenc11
    2015-02-01 18:16 - 2014-07-31 12:16 - 00003930 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{3FA79BC0-5A37-4057-BA9D-58061432AEC0}
    2015-01-31 19:05 - 2014-12-26 10:47 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2015-01-31 16:45 - 2014-07-31 12:20 - 00001386 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2015-01-31 16:45 - 2014-07-31 12:20 - 00001374 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2015-01-31 16:45 - 2014-07-31 12:12 - 00001669 _____ () C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2015-01-31 14:44 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\NDF
    2015-01-30 19:49 - 2014-12-27 18:51 - 00000000 ____D () C:\Users\Pat\AppData\Local\Spotify
    2015-01-30 17:24 - 2014-12-31 09:54 - 00000000 ____D () C:\dmb11
    2015-01-29 21:43 - 2014-07-31 12:12 - 00000000 ____D () C:\Users\Pat
    2015-01-29 11:56 - 2014-07-31 12:36 - 00225280 ___SH () C:\Users\Pat\Downloads\Thumbs.db
    2015-01-28 17:33 - 2013-08-22 08:44 - 00363064 _____ () C:\windows\system32\FNTCACHE.DAT
    2015-01-27 10:19 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\AppReadiness
    2015-01-26 13:36 - 2014-07-31 12:12 - 00000000 ____D () C:\Users\Pat\AppData\Local\Packages
    2015-01-26 13:34 - 2014-12-20 16:45 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
    2015-01-26 13:33 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
    2015-01-26 13:31 - 2014-07-31 12:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-01-24 14:35 - 2014-08-01 07:23 - 00003718 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
    2015-01-24 14:20 - 2013-08-22 09:38 - 00714720 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2015-01-24 14:20 - 2013-08-22 09:38 - 00106976 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-01-16 01:23 - 2014-05-08 20:43 - 00000000 ____D () C:\windows\Firmware
    2015-01-13 16:11 - 2014-08-08 05:46 - 00000000 ____D () C:\windows\system32\MRT
    2015-01-13 16:09 - 2014-08-08 05:46 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2015-01-07 10:16 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\rescache
    2015-01-06 13:38 - 2014-08-08 05:44 - 00000000 ___SD () C:\windows\system32\CompatTel
    2015-01-06 13:38 - 2013-08-22 13:11 - 00000000 ____D () C:\Program Files\Windows Journal
    2015-01-06 13:38 - 2013-08-22 09:36 - 00000000 ___RD () C:\windows\ToastData
    2015-01-06 13:38 - 2013-08-22 09:36 - 00000000 ___RD () C:\windows\ImmersiveControlPanel
    2015-01-06 13:38 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2015-01-06 13:38 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2015-01-06 13:38 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2015-01-06 13:38 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2015-01-06 13:38 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\SysWOW64\setup
    2015-01-06 13:38 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\SysWOW64\InputMethod
    2015-01-06 13:38 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\setup
    2015-01-06 13:38 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\PolicyDefinitions
    2015-01-06 13:38 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\Windows Defender
    2015-01-06 13:38 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
    2015-01-06 13:38 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\system32\oobe

    ==================== Files in the root of some directories =======

    2015-02-01 19:39 - 2015-02-01 19:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

    Some content of TEMP:
    ====================
    C:\Users\Pat\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpywhfgf.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-01-26 03:11

    ==================== End Of Log ============================
     
  7. Tadrichards

    Tadrichards Thread Starter

    Joined:
    Jan 31, 2015
    Messages:
    74
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
    Ran by Pat at 2015-02-01 19:49:36
    Running from C:\Users\Pat\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip (HKLM-x32\...\7-Zip 9.2.0) (Version: 9.2.0 - 7-Zip)
    7-Zip (Version: 9.2.0 - 7-Zip) Hidden
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
    CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
    Diamond Mind Baseball version 11 (HKLM-x32\...\Diamond Mind Baseball version 11) (Version: 11 - Diamond Mind, Inc.)
    DMB Encyclopedia version 11 (HKLM-x32\...\DMB Encyclopedia version 11) (Version: 11 - Diamond Mind, Inc.)
    Dropbox (HKU\S-1-5-21-379946212-1816574113-116217764-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
    Evernote v. 5.8.1 (HKLM-x32\...\{4FD2D1C8-8636-11E4-9D21-00163E98E7D6}) (Version: 5.8.1.6061 - Evernote Corp.)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
    OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
    Paint XP version 1.4 (HKLM-x32\...\{2367FAB6-055A-4923-835F-F57F7BBBA363}_is1) (Version: 1.4 - MSPAINTXP.COM)
    paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
    Spotify (HKU\S-1-5-21-379946212-1816574113-116217764-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
    TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-379946212-1816574113-116217764-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-379946212-1816574113-116217764-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-379946212-1816574113-116217764-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-379946212-1816574113-116217764-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-379946212-1816574113-116217764-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-379946212-1816574113-116217764-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-379946212-1816574113-116217764-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-379946212-1816574113-116217764-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-379946212-1816574113-116217764-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

    ==================== Restore Points =========================

    23-01-2015 02:49:36 Windows Update
    26-01-2015 13:16:45 Installed OpenOffice 4.1.1
    31-01-2015 16:46:45 Windows Modules Installer

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {96E68DBE-5803-4759-B660-237D8013BA6A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
    Task: {E240BE63-579F-4275-A869-D324BC37CE5D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-01-13] (Microsoft Corporation)
    Task: {F585ABA9-29D7-494A-98E7-CBF44F4985AA} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-24] (Adobe Systems Incorporated)
    Task: {FB23E3FB-9B04-4963-8744-4E2849609190} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe
    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\windows\Tasks\XJJN.job => C:\Users\Pat\AppData\Roaming\XJJN.exe <==== ATTENTION

    ==================== Loaded Modules (whitelisted) =============

    2014-12-27 18:50 - 2014-12-27 18:50 - 00374840 _____ () C:\Users\Pat\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    2015-01-26 10:45 - 2015-01-26 10:45 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    2014-12-27 18:50 - 2014-12-27 18:50 - 36966968 _____ () C:\Users\Pat\AppData\Roaming\Spotify\Data\libcef.dll
    2014-12-19 22:26 - 2014-10-21 18:22 - 00750080 _____ () C:\Users\Pat\AppData\Roaming\Dropbox\bin\libGLESv2.dll
    2015-02-01 19:38 - 2015-02-01 19:38 - 00043008 _____ () c:\users\pat\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpywhfgf.dll
    2014-12-19 22:26 - 2014-10-21 18:22 - 00047616 _____ () C:\Users\Pat\AppData\Roaming\Dropbox\bin\libEGL.dll
    2014-12-19 22:26 - 2014-10-21 18:22 - 00863744 _____ () C:\Users\Pat\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
    2014-12-19 22:26 - 2014-10-21 18:22 - 00200704 _____ () C:\Users\Pat\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
    2014-12-27 18:50 - 2014-12-27 18:50 - 00867896 _____ () C:\Users\Pat\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
    2014-12-27 18:50 - 2014-12-27 18:50 - 00886840 _____ () C:\Users\Pat\AppData\Roaming\Spotify\Data\libglesv2.dll
    2014-12-27 18:50 - 2014-12-27 18:50 - 00108600 _____ () C:\Users\Pat\AppData\Roaming\Spotify\Data\libegl.dll
    2014-12-17 14:11 - 2014-12-17 14:11 - 00439304 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
    2014-12-17 14:11 - 2014-12-17 14:11 - 00321032 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\Pat\OneDrive:ms-properties

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CatWSw8 => ""="Driver"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ========================= Accounts: ==========================

    Administrator (S-1-5-21-379946212-1816574113-116217764-500 - Administrator - Disabled)
    Guest (S-1-5-21-379946212-1816574113-116217764-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-379946212-1816574113-116217764-1003 - Limited - Enabled)
    Pat (S-1-5-21-379946212-1816574113-116217764-1001 - Administrator - Enabled) => C:\Users\Pat
    user (S-1-5-21-379946212-1816574113-116217764-1004 - Administrator - Enabled) => C:\Users\user

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/01/2015 07:37:06 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: plugin-container.exe, version: 35.0.1.5500, time stamp: 0x54c1f9f3
    Faulting module name: mozalloc.dll, version: 35.0.1.5500, time stamp: 0x54c1f224
    Exception code: 0x80000003
    Fault offset: 0x00001425
    Faulting process id: 0x12c4
    Faulting application start time: 0xplugin-container.exe0
    Faulting application path: plugin-container.exe1
    Faulting module path: plugin-container.exe2
    Report Id: plugin-container.exe3
    Faulting package full name: plugin-container.exe4
    Faulting package-relative application ID: plugin-container.exe5

    Error: (02/01/2015 06:48:52 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
    Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

    Error: (02/01/2015 06:48:08 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
    Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

    Error: (02/01/2015 06:44:04 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
    Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

    Error: (02/01/2015 06:33:33 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
    Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

    Error: (02/01/2015 06:32:50 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
    Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

    Error: (01/31/2015 08:10:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: d44

    Start Time: 01d03dc2cd3fce1d

    Termination Time: 4294967295

    Application Path: C:\windows\system32\backgroundTaskHost.exe

    Report Id: 7399184e-a9b7-11e4-8268-6002924ad1c9

    Faulting package full name: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt

    Faulting package-relative application ID: App

    Error: (01/31/2015 07:44:34 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 80070005

    Error: (01/31/2015 07:15:55 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17284, time stamp: 0x53f816dc
    Faulting module name: DropboxExt64.24.dll, version: 1.0.0.24, time stamp: 0x53a8c70f
    Exception code: 0xc000041d
    Fault offset: 0x0000000000008d57
    Faulting process id: 0x120c
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3
    Faulting package full name: Explorer.EXE4
    Faulting package-relative application ID: Explorer.EXE5

    Error: (01/31/2015 04:46:28 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: plugin-container.exe, version: 35.0.1.5500, time stamp: 0x54c1f9f3
    Faulting module name: mozalloc.dll, version: 35.0.1.5500, time stamp: 0x54c1f224
    Exception code: 0x80000003
    Fault offset: 0x00001425
    Faulting process id: 0x1cfc
    Faulting application start time: 0xplugin-container.exe0
    Faulting application path: plugin-container.exe1
    Faulting module path: plugin-container.exe2
    Report Id: plugin-container.exe3
    Faulting package full name: plugin-container.exe4
    Faulting package-relative application ID: plugin-container.exe5


    System errors:
    =============
    Error: (02/01/2015 07:37:06 PM) (Source: DCOM) (EventID: 10010) (User: PATSSURFACE)
    Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

    Error: (02/01/2015 07:32:19 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

    Error: (02/01/2015 07:32:19 PM) (Source: DCOM) (EventID: 10010) (User: PATSSURFACE)
    Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

    Error: (02/01/2015 06:16:13 PM) (Source: BTHUSB) (EventID: 17) (User: )
    Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

    Error: (02/01/2015 03:07:12 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.

    Error: (01/31/2015 07:01:40 PM) (Source: BTHUSB) (EventID: 17) (User: )
    Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

    Error: (01/31/2015 05:02:00 PM) (Source: DCOM) (EventID: 10010) (User: PATSSURFACE)
    Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

    Error: (01/31/2015 05:02:00 PM) (Source: DCOM) (EventID: 10010) (User: PATSSURFACE)
    Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

    Error: (01/31/2015 05:02:00 PM) (Source: DCOM) (EventID: 10010) (User: PATSSURFACE)
    Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

    Error: (01/31/2015 05:02:00 PM) (Source: DCOM) (EventID: 10010) (User: PATSSURFACE)
    Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}


    Microsoft Office Sessions:
    =========================
    Error: (02/01/2015 07:37:06 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f224800000030000142512c401d03e885e3cedb8C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllfe35534a-aa7b-11e4-8269-6002924ad1c9

    Error: (02/01/2015 06:48:52 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files\CCleaner\CCleaner.exe

    Error: (02/01/2015 06:48:08 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files\CCleaner\CCleaner.exe

    Error: (02/01/2015 06:44:04 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files\CCleaner\CCleaner.exe

    Error: (02/01/2015 06:33:33 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files\CCleaner\CCleaner.exe

    Error: (02/01/2015 06:32:50 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files\CCleaner\CCleaner.exe

    Error: (01/31/2015 08:10:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: backgroundTaskHost.exe6.3.9600.16384d4401d03dc2cd3fce1d4294967295C:\windows\system32\backgroundTaskHost.exe7399184e-a9b7-11e4-8268-6002924ad1c9Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nntApp

    Error: (01/31/2015 07:44:34 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 80070005

    Error: (01/31/2015 07:15:55 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Explorer.EXE6.3.9600.1728453f816dcDropboxExt64.24.dll1.0.0.2453a8c70fc000041d0000000000008d57120c01d03dbab259c5c3C:\windows\Explorer.EXEC:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dlldead37ed-a9af-11e4-8268-6002924ad1c9

    Error: (01/31/2015 04:46:28 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f22480000003000014251cfc01d03da7be97c88eC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllfdf6c6ab-a99a-11e4-8268-6002924ad1c9


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-4300U CPU @ 1.90GHz
    Percentage of memory in use: 39%
    Total physical RAM: 4001.07 MB
    Available physical RAM: 2420.3 MB
    Total Pagefile: 8097.07 MB
    Available Pagefile: 6401.42 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.84 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:113.5 GB) (Free:62.39 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 119.2 GB) (Disk ID: 514D03E9)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================
     
  8. Tadrichards

    Tadrichards Thread Starter

    Joined:
    Jan 31, 2015
    Messages:
    74
    And good new3s so far. I just opened Firefox and IE and Omiga didn't come up on either.
     
  9. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Aha, the infection thinks you have it. Some programs add Chrome to your machine without your knowledge... foistware. Sometimes you can find it under Google Chrome in your installed programs list. If it's there then you can uninstall it but usually it doesn't show. It's not showing in the FRST uninstall list.

    SOoo...

    You need to download Chrome, install it and then uninstall it. Use the link I provided in my last post. Usually that will remove it.

    Yes, looks like we have most of it. :)

    Now

    Please download Junkware Removal Tool to your desktop.

    • Shut down your protection software to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right click JRT.exe and "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    Next

    Please download : ADWCleaner to your desktop (use the Download Now @ BleepingComputer button)..

    NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

    Close all programs and click on the AdwCleaner icon. AdwCleaner will update itself and then open.

    [​IMG]

    Click on Scan and follow the prompts. It may appear not to be doing anything, please be patient and let it run unhindered. When the "Please uncheck elements you don't want to remove" appears just go ahead and click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy and paste back here. If a report doesn't appear, press the report button and Copy & Paste the contents on your next reply.

    A copy of the report is also saved in the C:\AdwCleaner folder.

    Finally

    Let's check to make sure we have got rid of the Chrome Dev: build.

    • Please run Farbars Recovery Scan Tool again. Double click on FRST64 to open. Allow it to update if it wants to
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    When you return please post
    • JRT.txt
    • AdwCleaner log
    • FRST.txt
     
  10. Tadrichards

    Tadrichards Thread Starter

    Joined:
    Jan 31, 2015
    Messages:
    74
    First, thanks for all of this. I can't tell you how much I appreciate it.
    Second, before I start the last phase, I'm never quite sure what "Shut down your protection software to avoid potential conflicts." means. I guess that's Windows Defender. I thought I had Avast, but I guess not on this computer. What do I do, exactly?
     
  11. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    No Avast does not show on that machine.

    It means, turn off your security programs.

    In your case it is Windows Defender.

    Open the Start screen and type win def
    • In the list that presents, click Windows Defender
    • Click Settings tab, click the Administrator item in the left panel > Untick the box "Turn on this app"
    • Click Save changes

    To re-enable you can use the Action Center applet from the classic Control panel.

    Open the Control panel and navigate to Control Panel\System and Security\Action Center and press the Turn on buttons.
     
  12. Tadrichards

    Tadrichards Thread Starter

    Joined:
    Jan 31, 2015
    Messages:
    74
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.1 (12.28.2014:1)
    OS: Windows 8.1 Pro x64
    Ran by Pat on Sun 02/01/2015 at 20:41:49.70
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Users\Pat\appdata\local\globalupdate"
    Successfully deleted: [Folder] "C:\Users\Pat\appdata\local\pro_pc_cleaner"
    Successfully deleted: [Folder] "C:\Users\Pat\appdata\locallow\yahoocouponaddon"
    Successfully deleted: [Folder] "C:\Program Files (x86)\globalupdate"
    Successfully deleted: [Folder] "C:\Users\Pat\documents\optimizer pro"
    Successfully deleted: [Folder] "C:\Users\Pat\documents\propccleaner"



    ~~~ FireFox

    Successfully deleted the following from C:\Users\Pat\AppData\Roaming\mozilla\firefox\profiles\4he4ll0d.default-1419047285107\prefs.js

    user_pref("browser.search.hiddenOneOffs", "Yahoo,Bing,Amazon.com,DuckDuckGo,eBay,Twitter,Vosteran,Wikipedia (en)");
    user_pref("browser.search.searchengine.alias", "omiga-plus");
    user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine");
    user_pref("browser.search.searchengine.iconURL", "hxxp://isearch.omiga-plus.com/favicon.ico");
    user_pref("browser.search.searchengine.name", "omiga-plus");
    user_pref("browser.search.searchengine.ptid", "tugs");
    user_pref("browser.search.searchengine.uid", "HFS128G3AMNB-2200A_EIE5M000910505N4K");
    user_pref("browser.search.searchengine.url", "hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422744356&from=tugs&uid=HFS128G3AMNB-2200A_EIE5M000910505N4K&q={searchTerms}");
    user_pref("extensions.8iGQIkiKpKaSiGMn.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnale
    user_pref("extensions.a6c03cee0ab9442c4a67a50758d658df5a30468fabf5c7acom69063.69063.cookie.previous_page.value", "%22hxxp%3A//isearch.omiga-plus.com/%3Ftype%3Dsc%26ts%3D142274
    user_pref("extensions.a6c03cee0ab9442c4a67a50758d658df5a30468fabf5c7acom69063.69063.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5
    user_pref("extensions.llSUFwSkhAssBC5L.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnale
    user_pref("extensions.llSUFwSkhAssBC5L.url", "hxxp://homewebbnew.us/sync2/?q=hfZ9ofV9CShEAen0qjk7qTgMg708BNmGWj8qechGheDUojw8rdsErjaFrdYHpihIC7n0rjkErTaFrdwFrjs4tNhVCT94tMVKhd



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 02/01/2015 at 20:43:25.03
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  13. Tadrichards

    Tadrichards Thread Starter

    Joined:
    Jan 31, 2015
    Messages:
    74
    # AdwCleaner v4.109 - Report created 01/02/2015 at 20:50:47
    # Updated 24/01/2015 by Xplode
    # Database : 2015-01-26.1 [Live]
    # Operating System : Windows 8.1 Pro (64 bits)
    # Username : Pat - PATSSURFACE
    # Running from : C:\Users\Pat\Downloads\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\FinanceAlert
    Folder Deleted : C:\MovieWizard
    Folder Deleted : C:\ProgramData\7126542232522465554
    Folder Deleted : C:\Users\Pat\AppData\Roaming\KeepMySettingsX
    File Deleted : C:\Users\Pat\Desktop\Sync Folder.lnk

    ***** [ Scheduled Tasks ] *****

    Task Deleted : ProPCCleaner_Popup

    ***** [ Shortcuts ] *****

    Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
    Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    Shortcut Disinfected : C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    Shortcut Disinfected : C:\Users\Pat\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{230332DF-D235-47EE-BC42-60860EF144CD}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
    Key Deleted : HKCU\Software\GlobalUpdate
    Key Deleted : HKCU\Software\InstalledBrowserExtensions
    Key Deleted : HKCU\Software\Tutorials
    Key Deleted : HKCU\Software\GAMESDESKTOP
    Key Deleted : HKCU\Software\ProPCCleanerLanguage
    Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
    Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Deleted : HKLM\SOFTWARE\GlobalUpdate
    Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
    Key Deleted : HKLM\SOFTWARE\SupDp
    Key Deleted : HKLM\SOFTWARE\Tutorials
    Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
    Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
    Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17416


    -\\ Mozilla Firefox v35.0.1 (x86 en-US)

    [4he4ll0d.default-1419047285107\prefs.js] - Line Deleted : user_pref("extensions.llSUFwSkhAssBC5L.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
    [4he4ll0d.default-1419047285107\prefs.js] - Line Deleted : user_pref("extensions.quick_start.enable_search1", false);
    [4he4ll0d.default-1419047285107\prefs.js] - Line Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

    *************************

    AdwCleaner[R0].txt - [8159 octets] - [01/02/2015 20:48:18]
    AdwCleaner[S0].txt - [8233 octets] - [01/02/2015 20:50:47]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8293 octets] ##########
     
  14. Tadrichards

    Tadrichards Thread Starter

    Joined:
    Jan 31, 2015
    Messages:
    74
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
    Ran by Pat (administrator) on PATSSURFACE on 01-02-2015 20:53:59
    Running from C:\Users\Pat\Desktop
    Loaded Profiles: Pat (Available profiles: Pat & user)
    Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Spotify Ltd) C:\Users\Pat\AppData\Roaming\Spotify\spotify.exe
    () C:\Users\Pat\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    () C:\Users\Pat\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    () C:\Users\Pat\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    () C:\Users\Pat\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    () C:\Users\Pat\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    (Dropbox, Inc.) C:\Users\Pat\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKU\S-1-5-21-379946212-1816574113-116217764-1001\...\Run: [Spotify] => C:\Users\Pat\AppData\Roaming\Spotify\spotify.exe [6737976 2014-12-27] (Spotify Ltd)
    Startup: C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
    ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
    HKU\S-1-5-21-379946212-1816574113-116217764-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Tcpip\Parameters: [DhcpNameServer] 192.168.3.1 192.168.3.1
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF ProfilePath: C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\4he4ll0d.default-1419047285107
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
    FF Extension: Zoom It - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\4he4ll0d.default-1419047285107\Extensions\{6eac7c15-ebf2-4dd5-80c2-ffad1e53a03e} [2015-02-01]
    StartMenuInternet: FIREFOX.EXE - firefox.exe

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)
    R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
    R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
    R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
    R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-05-08] (Microsoft Corporation)
    R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24568 2013-10-07] (Intel Corporation)
    R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-10-07] (Intel Corporation)
    R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2014-01-31] (Intel Corporation)
    R3 mrvlpcie8897; C:\Windows\system32\DRIVERS\mrvlpcie8897.sys [1002496 2014-12-24] (Marvell Semiconductors Inc.)
    R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
    R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
    R3 SurfaceAccessoryDevice; C:\Windows\System32\drivers\SurfaceAccessoryDevice.sys [51856 2014-05-30] (Microsoft Corporation)
    R3 SurfaceCapacitiveHomeButton; C:\Windows\System32\drivers\SurfaceCapacitiveHomeButton.sys [44152 2014-11-27] (Microsoft Corporation)
    R3 SurfaceDisplayCalibration; C:\Windows\System32\drivers\SurfaceDisplayCalibration.sys [41616 2014-05-02] (Microsoft Corporation)
    R3 SurfaceIntegrationDriver; C:\Windows\System32\drivers\SurfaceIntegrationDriver.sys [49776 2014-12-09] (Microsoft Corporation)
    R0 SurfacePciController; C:\Windows\System32\drivers\SurfacePciController.sys [35440 2014-10-08] (Microsoft Corporation)
    R3 SurfacePenDriver; C:\Windows\system32\DRIVERS\SurfacePenDriver.sys [66672 2014-10-25] (Microsoft Corporation)
    S3 SurfaceTouchCover; C:\Windows\System32\drivers\SurfaceTouchCover.sys [35976 2014-04-14] (Microsoft Corporation)
    S3 SurfaceTypeCover; C:\Windows\System32\drivers\SurfaceTypeCover.sys [35984 2014-03-18] (Microsoft Corporation)
    R3 TrueColor; C:\Windows\system32\DRIVERS\TrueColor.sys [35952 2014-07-07] ()
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
    R3 WiFiClass; C:\Windows\system32\DRIVERS\wificlass.sys [411648 2014-12-24] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-01 20:46 - 2015-02-01 20:50 - 00000000 ____D () C:\AdwCleaner
    2015-02-01 20:45 - 2015-02-01 20:46 - 02194432 _____ () C:\Users\Pat\Downloads\AdwCleaner.exe
    2015-02-01 20:43 - 2015-02-01 20:43 - 00002855 _____ () C:\Users\Pat\Desktop\JRT.txt
    2015-02-01 20:41 - 2015-02-01 20:41 - 00000000 ____D () C:\windows\ERUNT
    2015-02-01 20:40 - 2015-02-01 20:40 - 01707939 _____ (Thisisu) C:\Users\Pat\Downloads\JRT(1).exe
    2015-02-01 20:37 - 2015-02-01 20:38 - 01707939 _____ (Thisisu) C:\Users\Pat\Downloads\JRT.exe
    2015-02-01 19:49 - 2015-02-01 20:53 - 00008371 _____ () C:\Users\Pat\Desktop\FRST.txt
    2015-02-01 19:49 - 2015-02-01 19:49 - 00023541 _____ () C:\Users\Pat\Desktop\Addition.txt
    2015-02-01 19:39 - 2015-02-01 19:39 - 00000000 ____H () C:\ProgramData\DP45977C.lfl
    2015-02-01 19:33 - 2015-02-01 20:51 - 00197232 _____ () C:\windows\PFRO.log
    2015-02-01 19:31 - 2015-02-01 19:31 - 00000000 ____D () C:\ProgramData\846063261
    2015-02-01 19:30 - 2015-02-01 19:30 - 00000000 ____D () C:\windows\system32\appmgmt
    2015-02-01 18:32 - 2014-06-09 16:13 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
    2015-02-01 18:32 - 2014-06-09 16:13 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
    2015-02-01 18:20 - 2015-02-01 18:20 - 00037425 _____ () C:\Users\Pat\Downloads\FRST.txt
    2015-02-01 18:20 - 2015-02-01 18:20 - 00027234 _____ () C:\Users\Pat\Downloads\Addition.txt
    2015-02-01 18:19 - 2015-02-01 20:53 - 00000000 ____D () C:\FRST
    2015-02-01 18:18 - 2015-02-01 18:18 - 02131456 _____ (Farbar) C:\Users\Pat\Desktop\FRST64.exe
    2015-02-01 18:16 - 2015-02-01 20:51 - 00001276 _____ () C:\windows\setupact.log
    2015-02-01 18:16 - 2015-02-01 18:16 - 00000000 _____ () C:\windows\setuperr.log
    2015-01-31 21:34 - 2015-02-01 20:51 - 00569821 _____ () C:\windows\WindowsUpdate.log
    2015-01-31 16:52 - 2015-01-31 16:52 - 00000000 ____D () C:\Program Files\Reference Assemblies
    2015-01-31 16:52 - 2015-01-31 16:52 - 00000000 ____D () C:\Program Files\MSBuild
    2015-01-31 16:52 - 2015-01-31 16:52 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
    2015-01-31 16:52 - 2015-01-31 16:52 - 00000000 ____D () C:\Program Files (x86)\MSBuild
    2015-01-31 16:49 - 2013-08-02 22:48 - 01166520 _____ (Microsoft Corporation) C:\windows\system32\PresentationNative_v0300.dll
    2015-01-31 16:49 - 2013-08-02 22:48 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-01-31 16:49 - 2013-08-02 22:41 - 00778936 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationNative_v0300.dll
    2015-01-31 16:49 - 2013-08-02 22:41 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2015-01-31 16:48 - 2015-01-31 19:11 - 00000000 ____D () C:\Users\Pat\AppData\Local\com
    2015-01-31 16:47 - 2015-02-01 19:33 - 00001350 _____ () C:\windows\Tasks\XJJN.job
    2015-01-29 21:46 - 2015-01-29 21:29 - 00264010 _____ () C:\Users\Pat\Documents\Prestige%20book%201.doc_0.odt
    2015-01-29 11:56 - 2015-01-29 11:56 - 00013824 ___SH () C:\Users\Pat\Documents\Thumbs.db
    2015-01-26 14:26 - 2015-01-26 14:26 - 00000000 ____D () C:\Users\Public\Documents\sun
    2015-01-26 13:34 - 2015-01-26 13:34 - 00001047 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
    2015-01-26 13:34 - 2015-01-26 13:34 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
    2015-01-26 13:15 - 2015-01-26 13:15 - 00000000 ____D () C:\Users\Pat\Desktop\OpenOffice 4.1.1 (en-US) Installation Files
    2015-01-26 10:45 - 2015-01-26 10:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-01-24 15:25 - 2015-01-24 15:04 - 00014540 _____ () C:\Users\Pat\Documents\DODGE%20CITY.docx_0.odt
    2015-01-22 11:23 - 2015-01-22 11:24 - 00009758 _____ () C:\Users\Pat\Downloads\standardpaperback.1-200.ott
    2015-01-22 11:23 - 2015-01-22 11:23 - 00168995 _____ () C:\Users\Pat\Downloads\a5cover.otg
    2015-01-20 18:23 - 2015-01-20 17:35 - 00041156 _____ () C:\Users\Pat\Documents\Meet%20the%20real%20'Golden%20Girls'.htm_0.odt
    2015-01-16 01:22 - 2014-11-26 10:38 - 24201368 _____ (Intel Corporation) C:\windows\system32\igdumdim64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 05943072 _____ (Intel Corporation) C:\windows\system32\igdusc64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 04679768 _____ (Intel Corporation) C:\windows\SysWOW64\igdusc32.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 02945472 _____ (Intel Corporation) C:\windows\system32\IntelWiDiVAD64.exe
    2015-01-16 01:22 - 2014-11-26 10:38 - 02776408 _____ (Intel Corporation) C:\windows\system32\IntelWiDiAAC64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 01512568 _____ (Intel Corporation) C:\windows\system32\IntelWiDiSecureSourceFilter64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 01402296 _____ (Intel Corporation) C:\windows\system32\iglhsip64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 01399200 _____ (Intel Corporation) C:\windows\SysWOW64\iglhsip32.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 01365504 _____ (Intel Corporation) C:\windows\system32\igfxcmjit64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 01061376 _____ (Intel Corporation) C:\windows\SysWOW64\igfxcmjit32.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00978040 _____ (Intel Corporation) C:\windows\system32\IntelWiDiWinNextAgent64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00734720 _____ (Intel Corporation) C:\windows\system32\MetroIntelGenericUIFramework.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00671352 _____ (Intel Corporation) C:\windows\system32\IntelWiDiAudioFilter64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00615544 _____ (Intel Corporation) C:\windows\system32\IntelWiDiMux64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00472976 _____ (Intel Corporation) C:\windows\system32\IntelWiDiUMS64.exe
    2015-01-16 01:22 - 2014-11-26 10:38 - 00457616 _____ () C:\windows\system32\igfxTray.exe
    2015-01-16 01:22 - 2014-11-26 10:38 - 00372224 _____ (Intel Corporation) C:\windows\system32\IntelOpenCL64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00354136 _____ (Intel Corporation) C:\windows\system32\IntelWiDiSilenceFilter64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00304128 _____ (Intel Corporation) C:\windows\SysWOW64\IntelOpenCL32.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00279952 _____ (Intel Corporation) C:\windows\SysWOW64\IntelCpHeciSvc.exe
    2015-01-16 01:22 - 2014-11-26 10:38 - 00266072 _____ (Intel Corporation) C:\windows\system32\IntelWiDiUtils64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00254976 _____ () C:\windows\system32\igfxCPL.cpl
    2015-01-16 01:22 - 2014-11-26 10:38 - 00220392 _____ (Intel Corporation) C:\windows\system32\iglhcp64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00207872 _____ (Intel Corporation) C:\windows\system32\igfx11cmrt64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00207496 _____ (Intel Corporation) C:\windows\system32\igfxcmrt64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00196728 _____ (Intel Corporation) C:\windows\system32\IntelWiDiDDEAgent64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00195984 _____ (Intel Corporation) C:\windows\system32\igfxext.exe
    2015-01-16 01:22 - 2014-11-26 10:38 - 00184312 _____ (Intel Corporation) C:\windows\SysWOW64\iglhcp32.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00183296 _____ (Intel Corporation) C:\windows\system32\igfxCoIn_v4029.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00175104 _____ (Intel Corporation) C:\windows\SysWOW64\igfx11cmrt32.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00175024 _____ (Intel Corporation) C:\windows\SysWOW64\igfxcmrt32.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00135000 _____ (Intel Corporation) C:\windows\system32\IntelWiDiMCUMD64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00127320 _____ (Intel Corporation) C:\windows\system32\IntelWiDiLogServer64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00082432 _____ (Khronos Group) C:\windows\system32\Intel_OpenCL_ICD64.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00074240 _____ (Khronos Group) C:\windows\SysWOW64\Intel_OpenCL_ICD32.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00031408 _____ (Intel Corporation) C:\windows\system32\igfxexps.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00030720 _____ (Intel Corporation) C:\windows\SysWOW64\igfxexps32.dll
    2015-01-16 01:22 - 2014-11-26 10:38 - 00004016 _____ () C:\windows\system32\iglhxs64.vp
    2015-01-16 01:22 - 2014-11-26 10:37 - 25175552 _____ (Intel Corporation) C:\windows\system32\igdfcl64.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 23401576 _____ (Intel Corporation) C:\windows\SysWOW64\igdumdim32.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 20049408 _____ (Intel Corporation) C:\windows\SysWOW64\igdfcl32.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 17170624 _____ () C:\windows\system32\igd11dxva64.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 16698848 _____ () C:\windows\SysWOW64\igd11dxva32.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 12003840 _____ (Intel Corporation) C:\windows\system32\igdrcl64.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 11512320 _____ (Intel Corporation) C:\windows\SysWOW64\igdrcl32.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 09155072 _____ (Intel Corporation) C:\windows\system32\ig75icd64.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 07654408 _____ (Intel Corporation) C:\windows\system32\igd10iumd64.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 07232512 _____ (Intel Corporation) C:\windows\SysWOW64\ig75icd32.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 06956056 _____ (Intel Corporation) C:\windows\SysWOW64\igd10iumd32.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 04763064 _____ (Intel Corporation) C:\windows\system32\Drivers\igdkmd64.sys
    2015-01-16 01:22 - 2014-11-26 10:37 - 00637000 _____ (Intel Corporation) C:\windows\system32\igdmd64.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 00515960 _____ (Intel Corporation) C:\windows\SysWOW64\igdmd32.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 00418704 _____ (Intel Corporation) C:\windows\system32\GfxUIEx.exe
    2015-01-16 01:22 - 2014-11-26 10:37 - 00397824 _____ (Intel Corporation) C:\windows\system32\igdbcl64.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 00350208 _____ (Intel Corporation) C:\windows\SysWOW64\igdbcl32.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 00227328 _____ () C:\windows\system32\igdde64.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 00187392 _____ () C:\windows\SysWOW64\igdde32.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 00169984 _____ (Intel Corporation) C:\windows\system32\igdail64.dll
    2015-01-16 01:22 - 2014-11-26 10:37 - 00155536 _____ (Intel Corporation) C:\windows\system32\difx64.exe
    2015-01-16 01:22 - 2014-11-26 10:37 - 00151552 _____ (Intel Corporation) C:\windows\SysWOW64\igdail32.dll
    2015-01-14 18:03 - 2015-01-26 13:15 - 140852175 _____ () C:\Users\Pat\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-US.exe
    2015-01-13 15:47 - 2014-12-19 00:26 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
    2015-01-13 15:47 - 2014-12-11 20:04 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
    2015-01-13 15:47 - 2014-12-11 18:51 - 00075776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ahcache.sys
    2015-01-13 15:47 - 2014-12-08 19:50 - 00225280 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
    2015-01-13 15:47 - 2014-12-08 13:42 - 00535640 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
    2015-01-13 15:47 - 2014-12-08 13:42 - 00531616 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
    2015-01-13 15:47 - 2014-12-08 13:42 - 00448792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
    2015-01-13 15:47 - 2014-12-08 13:42 - 00413248 _____ (Microsoft Corporation) C:\windows\system32\Faultrep.dll
    2015-01-13 15:47 - 2014-12-08 13:42 - 00372408 _____ (Microsoft Corporation) C:\windows\SysWOW64\Faultrep.dll
    2015-01-13 15:47 - 2014-12-08 13:42 - 00108944 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
    2015-01-13 15:47 - 2014-12-08 13:42 - 00038264 _____ (Microsoft Corporation) C:\windows\system32\WerFaultSecure.exe
    2015-01-13 15:47 - 2014-12-08 13:42 - 00033584 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFaultSecure.exe
    2015-01-13 15:47 - 2014-12-05 21:17 - 00360448 _____ (Microsoft Corporation) C:\windows\system32\ncsi.dll
    2015-01-13 15:47 - 2014-12-05 19:41 - 00391680 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
    2015-01-13 15:47 - 2014-12-05 19:35 - 00229888 _____ (Microsoft Corporation) C:\windows\system32\AudioEndpointBuilder.dll
    2015-01-13 15:47 - 2014-10-28 22:00 - 00465320 _____ (Microsoft Corporation) C:\windows\system32\WerFault.exe
    2015-01-13 15:47 - 2014-10-28 22:00 - 00139984 _____ (Microsoft Corporation) C:\windows\system32\wermgr.exe
    2015-01-13 15:47 - 2014-10-28 21:52 - 00500016 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
    2015-01-13 15:47 - 2014-10-28 21:52 - 00482872 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
    2015-01-13 15:47 - 2014-10-28 21:52 - 00394120 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
    2015-01-13 15:47 - 2014-10-28 21:52 - 00272248 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
    2015-01-13 15:47 - 2014-10-28 21:12 - 00413136 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFault.exe
    2015-01-13 15:47 - 2014-10-28 21:12 - 00136296 _____ (Microsoft Corporation) C:\windows\SysWOW64\wermgr.exe
    2015-01-13 15:47 - 2014-10-28 21:07 - 00424544 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
    2015-01-13 15:47 - 2014-10-28 21:07 - 00370424 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
    2015-01-13 15:47 - 2014-10-28 21:07 - 00344536 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
    2015-01-13 15:47 - 2014-10-28 20:44 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\werdiagcontroller.dll
    2015-01-13 15:47 - 2014-10-28 19:59 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\werdiagcontroller.dll
    2015-01-13 15:47 - 2014-10-28 19:24 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\nlaapi.dll
    2015-01-13 15:47 - 2014-10-28 19:02 - 00911360 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
    2015-01-13 15:47 - 2014-10-28 19:01 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
    2015-01-12 21:42 - 2015-01-12 21:57 - 05606532 _____ () C:\Users\Pat\Downloads\FBFR291FCGMC3.EXE
    2015-01-12 15:26 - 2015-01-12 15:28 - 25667443 _____ () C:\Users\Pat\Downloads\WINS 1010 AM Rock N Roll Party - Alan Freed - February 12, 1955.wma
    2015-01-09 15:56 - 2015-01-31 21:13 - 00000000 ____D () C:\windows\Minidump
    2015-01-08 14:14 - 2015-01-08 14:14 - 00000000 __SHD () C:\Users\Pat\AppData\Local\EmieBrowserModeList
    2015-01-06 13:38 - 2015-01-06 13:38 - 00000000 ____D () C:\windows\system32\appraiser
    2015-01-04 18:17 - 2015-01-04 18:17 - 00000760 _____ () C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DMB11.lnk
    2015-01-02 04:44 - 2015-01-02 04:45 - 13087456 _____ (Microsoft Corporation) C:\Users\Pat\Downloads\Silverlight_x64.exe

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-01 20:52 - 2014-12-27 18:50 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\Spotify
    2015-02-01 20:52 - 2014-12-20 15:40 - 00000000 ___RD () C:\Users\Pat\Dropbox
    2015-02-01 20:52 - 2014-12-19 22:24 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\Dropbox
    2015-02-01 20:51 - 2014-07-31 12:14 - 00000000 ___DO () C:\Users\Pat\OneDrive
    2015-02-01 20:51 - 2013-08-22 08:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2015-02-01 20:51 - 2013-08-22 07:25 - 00524288 ___SH () C:\windows\system32\config\BBI
    2015-02-01 20:50 - 2014-07-31 12:20 - 00001080 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2015-02-01 20:50 - 2014-07-31 12:20 - 00001068 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2015-02-01 20:50 - 2014-07-31 12:12 - 00001004 _____ () C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2015-02-01 20:35 - 2014-08-01 07:23 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
    2015-02-01 20:00 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\sru
    2015-02-01 19:59 - 2014-07-31 12:17 - 00003596 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-379946212-1816574113-116217764-1001
    2015-02-01 19:42 - 2014-05-08 21:06 - 00863592 _____ () C:\windows\system32\PerfStringBackup.INI
    2015-02-01 19:37 - 2014-12-26 10:56 - 00000008 __RSH () C:\ProgramData\ntuser.pol
    2015-02-01 19:37 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\GroupPolicy
    2015-02-01 19:32 - 2013-08-22 09:20 - 00000000 ____D () C:\windows\CbsTemp
    2015-02-01 19:29 - 2014-12-31 09:55 - 00000000 ____D () C:\dmbenc11
    2015-02-01 18:16 - 2014-07-31 12:16 - 00003930 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{3FA79BC0-5A37-4057-BA9D-58061432AEC0}
    2015-01-31 19:05 - 2014-12-26 10:47 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2015-01-31 14:44 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\NDF
    2015-01-30 19:49 - 2014-12-27 18:51 - 00000000 ____D () C:\Users\Pat\AppData\Local\Spotify
    2015-01-30 17:24 - 2014-12-31 09:54 - 00000000 ____D () C:\dmb11
    2015-01-29 21:43 - 2014-07-31 12:12 - 00000000 ____D () C:\Users\Pat
    2015-01-29 11:56 - 2014-07-31 12:36 - 00225280 ___SH () C:\Users\Pat\Downloads\Thumbs.db
    2015-01-28 17:33 - 2013-08-22 08:44 - 00363064 _____ () C:\windows\system32\FNTCACHE.DAT
    2015-01-27 10:19 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\AppReadiness
    2015-01-26 13:36 - 2014-07-31 12:12 - 00000000 ____D () C:\Users\Pat\AppData\Local\Packages
    2015-01-26 13:34 - 2014-12-20 16:45 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
    2015-01-26 13:33 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
    2015-01-26 13:31 - 2014-07-31 12:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-01-24 14:35 - 2014-08-01 07:23 - 00003718 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
    2015-01-24 14:20 - 2013-08-22 09:38 - 00714720 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2015-01-24 14:20 - 2013-08-22 09:38 - 00106976 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-01-16 01:23 - 2014-05-08 20:43 - 00000000 ____D () C:\windows\Firmware
    2015-01-13 16:11 - 2014-08-08 05:46 - 00000000 ____D () C:\windows\system32\MRT
    2015-01-13 16:09 - 2014-08-08 05:46 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2015-01-07 10:16 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\rescache
    2015-01-06 13:38 - 2014-08-08 05:44 - 00000000 ___SD () C:\windows\system32\CompatTel
    2015-01-06 13:38 - 2013-08-22 13:11 - 00000000 ____D () C:\Program Files\Windows Journal
    2015-01-06 13:38 - 2013-08-22 09:36 - 00000000 ___RD () C:\windows\ToastData
    2015-01-06 13:38 - 2013-08-22 09:36 - 00000000 ___RD () C:\windows\ImmersiveControlPanel
    2015-01-06 13:38 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2015-01-06 13:38 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2015-01-06 13:38 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2015-01-06 13:38 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2015-01-06 13:38 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\SysWOW64\setup
    2015-01-06 13:38 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\SysWOW64\InputMethod
    2015-01-06 13:38 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\system32\setup
    2015-01-06 13:38 - 2013-08-22 09:36 - 00000000 ____D () C:\windows\PolicyDefinitions
    2015-01-06 13:38 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\Windows Defender
    2015-01-06 13:38 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
    2015-01-06 13:38 - 2013-08-22 07:36 - 00000000 ____D () C:\windows\system32\oobe

    ==================== Files in the root of some directories =======

    2015-02-01 19:39 - 2015-02-01 19:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

    Some content of TEMP:
    ====================
    C:\Users\Pat\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpclzc4r.dll
    C:\Users\Pat\AppData\Local\Temp\Quarantine.exe
    C:\Users\Pat\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-01-26 03:11

    ==================== End Of Log ============================
     
  15. Tadrichards

    Tadrichards Thread Starter

    Joined:
    Jan 31, 2015
    Messages:
    74
    I forgot to install and uninstall Chrome. Do I still need to?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1142233

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice