PUP white smoke, gong, price foundation and others

Ghost · February 27, 2015, 02:37:57 PM

Picked this up from a friend this morning.
Malwarebytes was run 3 times but cant find the logs!
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01
Ran by Chase (administrator) on MYPC on 27-02-2015 09:24:32
Running from C:\Users\Chase\Desktop
Loaded Profiles: Chase & UpdatusUser (Available profiles: Chase & UpdatusUser)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Absolute Software) C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
(Infineon Technologies AG) C:\Program Files (x86)\Infineon\Security Platform Software\IFXSPMGT.exe
(Infineon Technologies AG) C:\Program Files (x86)\Infineon\Security Platform Software\IFXTCS.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
(Infineon Technologies AG) C:\Program Files (x86)\Infineon\Security Platform Software\IfxPsdSv.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\SAMSUNG\SW Update Service\SWMAgent.exe
() C:\ProgramData\Online\updater.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(Infineon Technologies AG) C:\Program Files (x86)\Infineon\Security Platform Software\PSDrt.exe
(Infineon Technologies AG) C:\Program Files (x86)\Infineon\Security Platform Software\SpTNA.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Mozilla Corporation) E:\FirefoxPortable\App\Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\backgroundTaskHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894152 2013-11-04] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13654744 2013-09-30] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\runner_avp.exe [24504 2013-03-02] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [Absolute Notifier] => C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe [85672 2011-05-10] (Absolute Software)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AnyProtect Scanner] => "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe"
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-863201406-2619704260-1695041489-1002\...\Run: [PCKeeper2] => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun
HKU\S-1-5-21-863201406-2619704260-1695041489-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-863201406-2619704260-1695041489-1002\...\MountPoints2: {074f2245-3b5d-11e4-bec0-50b7c36b242f} - "E:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-863201406-2619704260-1695041489-1002\...\MountPoints2: {65a2c926-719e-11e3-bead-50b7c36b242f} - "E:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-863201406-2619704260-1695041489-1002\...\MountPoints2: {949c0f24-9118-11e4-bedd-50b7c36b242f} - "G:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-863201406-2619704260-1695041489-1002\...\MountPoints2: {cc7b6c5c-fa3f-11e2-be9a-50b7c36b242f} - "G:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-863201406-2619704260-1695041489-1002\...\MountPoints2: {e0d79c0e-839a-11e2-be74-c48508dbb3c4} - "E:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Startup: C:\Users\Chase\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6700.lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet 6700.lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Chase\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
URLSearchHook: [S-1-5-21-863201406-2619704260-1695041489-1009] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-search.net/search?sid=492&aid=100&itype=a&ver=15005&tm=347&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {FDAA0ADD-8E09-4D70-A127-9BA9D249AD46} URL =
SearchScopes: HKLM-x32 -> _tmp URL =
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-search.net/search?sid=492&aid=100&itype=a&ver=15005&tm=347&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-863201406-2619704260-1695041489-1002 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_dnldstr_15_09&cd=2XzuyEtN2Y1L1Qzu0CyCzzyDtDzz0D0B0BtA0CtDtByB0E0BtN0D0Tzu0StCtCyDtCtN1L2XzutAtFyBtFyBtFtCtAtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyD0B0D0F0CyDyDzytGyDyB0E0AtGzzyE0DtCtGyCtB0E0BtGyDzy0FtAtDyCtA0Fzz0D0Fzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtAtAyBtAzz0CtGtA0BtAtAtGyE0BtAzytG0AzzzzyCtGyEtByEtDtCyEyEyE0EtB0ByD2Q&cr=1877956028&ir=
SearchScopes: HKU\S-1-5-21-863201406-2619704260-1695041489-1002 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = http://www.default-search.net/search?sid=492&aid=100&itype=a&ver=15005&tm=347&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-863201406-2619704260-1695041489-1002 -> {1B257E81-ECCE-45AE-8173-A669AD9393F2} URL = http://rts.dsrlte.com/?affID=na&q={searchTerms}&r=422
SearchScopes: HKU\S-1-5-21-863201406-2619704260-1695041489-1002 -> {74C1E655-9BB7-4F2F-BAFA-FA5E6095AA09} URL =
SearchScopes: HKU\S-1-5-21-863201406-2619704260-1695041489-1002 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_dnldstr_15_09&cd=2XzuyEtN2Y1L1Qzu0CyCzzyDtDzz0D0B0BtA0CtDtByB0E0BtN0D0Tzu0StCtCyDtCtN1L2XzutAtFyBtFyBtFtCtAtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyD0B0D0F0CyDyDzytGyDyB0E0AtGzzyE0DtCtGyCtB0E0BtGyDzy0FtAtDyCtA0Fzz0D0Fzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtAtAyBtAzz0CtGtA0BtAtAtGyE0BtAzytG0AzzzzyCtGyEtByEtDtCyEyEyE0EtB0ByD2Q&cr=1877956028&ir=
SearchScopes: HKU\S-1-5-21-863201406-2619704260-1695041489-1002 -> {FDAA0ADD-8E09-4D70-A127-9BA9D249AD46} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN24585449762893124&UM=2&SSPV=TB_TIS
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\coIEPlg.dll No File
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\IPS\IPSBHO.DLL No File
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013-03-02]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Kaspersky виртуелна тастатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013-03-02]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Gevaarlijke websiteblokkering - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013-03-02]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013-03-02]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013-03-02]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn

Chrome:
=======
CHR HomePage: Default -> hxxp://binkiland.com/?f=1&a=bnk_dnldstr_15_09&cd=2XzuyEtN2Y1L1Qzu0CyCzzyDtDzz0D0B0BtA0CtDtByB0E0BtN0D0Tzu0StCtCyDtCtN1L2XzutAtFyBtFyBtFtCtAtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyD0B0D0F0CyDyDzytGyDyB0E0AtGzzyE0DtCtGyCtB0E0BtGyDzy0FtAtDyCtA0Fzz0D0Fzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtAtAyBtAzz0CtGtA0BtAtAtGyE0BtAzytG0AzzzzyCtGyEtByEtDtCyEyEyE0EtB0ByD2Q&cr=1877956028&ir=
CHR RestoreOnStartup: Default -> "hxxp://search.yahoo.com/?fr=hp-ddc-bd&type=840_pr__alt__ddc_dsssyc_bd_com"
CHR StartupUrls: Default -> "https://www.google.com/"
CHR DefaultSearchKeyword: Default -> binkiland.com
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-11]
CHR Extension: (Google Docs) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-11]
CHR Extension: (Google Drive) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-11]
CHR Extension: (YouTube) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-11]
CHR Extension: (Google Search) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-11]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2015-01-11]
CHR Extension: (Google Sheets) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-11]
CHR Extension: (Kaspersky Protection) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh [2015-01-11]
CHR Extension: (Google Wallet) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-11]
CHR Extension: (Deal Keeper) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjdjonjhkmemnldiniaionkhfnpbdom [2015-01-11]
CHR Extension: (Gmail) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-11]
CHR Extension: (Anti-Banner) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2015-01-11]
CHR Extension: (No Name) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkbffhpdalaceholagpcomhnigjjdfdb [2015-01-11]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\Exts\Chrome.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-08-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AbsoluteNotifier; C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [10920 2011-05-10] (Absolute Software) [File not signed]
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-09] (Kaspersky Lab ZAO)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-13] (Microsoft Corporation)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593152 2014-01-29] (Samsung Electronics CO., LTD.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100104 2013-09-05] (ELAN Microelectronics Corp.)
R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [102224 2012-08-17] (Condusiv Technologies)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 IFXSpMgtSrv; C:\Program Files (x86)\Infineon\Security Platform Software\ifxspmgt.exe [1141656 2012-08-05] (Infineon Technologies AG)
R2 IFXTCS; C:\Program Files (x86)\Infineon\Security Platform Software\ifxtcs.exe [994200 2012-08-05] (Infineon Technologies AG)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 PersonalSecureDriveService; C:\Program Files (x86)\Infineon\Security Platform Software\IfxPsdSv.exe [212888 2012-08-05] (Infineon Technologies AG)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3000664 2014-10-21] (Samsung Electronics CO., LTD.)
R2 UpWork; C:\ProgramData\Online\updater.exe [404480 2015-02-25] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-24] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [22832 2013-07-24] (ELAN Microelectronic Corp.)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23376 2012-08-17] (Condusiv Technologies)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [103248 2012-08-17] (Condusiv Technologies)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-14] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [627296 2014-05-19] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-12-14] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2013-10-09] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-09] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [50448 2013-04-22] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [177864 2015-02-25] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-27] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)
R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [44576 2012-02-03] (Infineon Technologies AG)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-09-24] (Windows (R) 2003 DDK 3790 provider)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-27 09:24 - 2015-02-27 09:26 - 00030827 _____ () C:\Users\Chase\Desktop\FRST.txt
2015-02-27 09:24 - 2015-02-27 09:24 - 00000000 ____D () C:\FRST
2015-02-27 09:22 - 2015-02-27 09:22 - 00852604 _____ () C:\Users\Chase\Desktop\SecurityCheck.exe
2015-02-27 09:20 - 2015-02-27 09:21 - 02087936 _____ (Farbar) C:\Users\Chase\Desktop\FRST64.exe
2015-02-27 09:14 - 2007-04-24 12:19 - 00050688 _____ (Atribune.org) C:\Users\Chase\Desktop\ATF-Cleaner.exe
2015-02-27 09:07 - 2015-02-27 09:07 - 00000000 ___SH () C:\DkHyperbootSync
2015-02-26 19:06 - 2015-02-27 09:16 - 00174009 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-26 18:34 - 2015-02-26 18:34 - 00002275 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-26 18:34 - 2015-02-26 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-26 18:27 - 2015-02-26 18:28 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-26 18:27 - 2015-02-26 18:27 - 00002772 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-02-26 18:27 - 2015-02-26 18:27 - 00000834 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-02-26 18:27 - 2015-02-26 18:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-26 05:52 - 2015-02-26 05:52 - 00000000 ____D () C:\Users\Chase\AppData\Local\Zeoinsight
2015-02-26 05:52 - 2015-02-26 05:52 - 00000000 ____D () C:\Users\Chase\AppData\Local\ZBAnalyticsCore
2015-02-26 05:52 - 2015-02-26 05:52 - 00000000 ____D () C:\Users\Chase\AppData\Local\Kromtech
2015-02-26 05:49 - 2015-02-26 05:52 - 00000000 ____D () C:\ProgramData\Kromtech
2015-02-26 05:49 - 2015-02-26 05:52 - 00000000 ____D () C:\Program Files (x86)\Portable WeatherApp
2015-02-26 05:49 - 2015-02-26 05:49 - 00003644 _____ () C:\WINDOWS\System32\Tasks\IE_ERR4WDR
2015-02-26 05:49 - 2015-02-26 05:49 - 00003620 _____ () C:\WINDOWS\System32\Tasks\HDNINSTSCHD
2015-02-26 05:49 - 2015-02-26 05:49 - 00003486 _____ () C:\WINDOWS\System32\Tasks\UPDTEXE4_WDR
2015-02-25 21:45 - 2015-02-25 21:45 - 00000000 ____D () C:\Users\Chase\AppData\Roaming\Product_RM
2015-02-25 21:45 - 2015-02-25 21:45 - 00000000 ____D () C:\ProgramData\PC Tools
2015-02-25 21:41 - 2015-02-25 21:44 - 18666584 _____ (PC Tools) C:\Users\Chase\Downloads\rminstall.exe
2015-02-25 20:35 - 2015-02-25 21:48 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\2DE9427B.sys
2015-02-25 20:33 - 2015-02-25 20:33 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\5BBC40D2.sys
2015-02-25 20:12 - 2015-02-25 20:13 - 00792480 _____ (Dnldstr_Aggregator) C:\Users\Chase\Downloads\Unconfirmed 129501.crdownload
2015-02-25 20:10 - 2015-02-27 09:13 - 00000302 _____ () C:\WINDOWS\Tasks\UpdaterEX.job
2015-02-25 20:10 - 2015-02-25 20:30 - 00000000 ____D () C:\Users\Chase\AppData\Roaming\UpdaterEX
2015-02-25 20:10 - 2015-02-25 20:13 - 00002636 _____ () C:\WINDOWS\System32\Tasks\UpdaterEX
2015-02-25 20:10 - 2015-02-25 20:10 - 04378864 _____ (Piriform Ltd) C:\Users\Chase\Downloads\cc_setup.exe
2015-02-25 20:08 - 2015-02-25 20:08 - 00792480 _____ (Dnldstr_Aggregator) C:\Users\Chase\Downloads\CCleaner_Setup (1).exe
2015-02-25 19:42 - 2015-02-27 09:08 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-25 19:42 - 2015-02-25 19:43 - 00000000 ____D () C:\Users\Chase\AppData\Roaming\et
2015-02-25 19:42 - 2015-02-25 19:42 - 00000000 ____D () C:\ProgramData\a5srv5task
2015-02-25 19:41 - 2015-02-25 19:41 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-25 19:41 - 2015-02-25 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-25 19:41 - 2015-02-25 19:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-25 19:41 - 2015-02-25 19:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-25 19:41 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-25 19:41 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-25 19:41 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-25 19:38 - 2015-02-25 19:40 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Chase\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-25 19:36 - 2015-02-25 19:36 - 00792480 _____ (Dnldstr_Aggregator) C:\Users\Chase\Downloads\CCleaner_Setup.exe
2015-02-25 19:32 - 2015-02-25 19:32 - 00003246 _____ () C:\WINDOWS\System32\Tasks\{5ED06D9C-E8F3-4642-9867-E608F1F79143}
2015-02-25 19:23 - 2015-02-25 19:23 - 00604262 _____ () C:\WINDOWS\system32\errordetails.xml
2015-02-25 18:45 - 2014-12-19 03:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-25 18:45 - 2014-12-19 03:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-25 18:45 - 2014-12-13 16:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-02-25 18:45 - 2014-12-13 16:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-02-25 18:45 - 2014-12-08 18:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-25 18:45 - 2014-10-28 20:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-02-25 18:45 - 2014-10-28 20:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-02-25 18:45 - 2014-10-28 20:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-02-25 18:45 - 2014-10-28 20:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-02-25 18:44 - 2015-02-25 18:45 - 00000000 ____D () C:\Program Files (x86)\msrtn32
2015-02-25 18:44 - 2015-02-03 18:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-25 18:44 - 2015-02-03 18:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-25 18:44 - 2015-02-03 18:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-25 18:44 - 2015-02-02 18:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-25 18:44 - 2015-02-02 18:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-25 18:44 - 2015-02-02 18:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-25 18:44 - 2015-01-19 13:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-25 18:35 - 2015-02-25 18:35 - 00000000 ____D () C:\Program Files (x86)\predm
2015-02-25 18:31 - 2015-02-25 18:31 - 00000000 ____D () C:\Users\Chase\AppData\Local\Bypass
2015-02-25 18:31 - 2015-02-25 18:31 - 00000000 ____D () C:\ProgramData\u2c
2015-02-25 18:31 - 2015-02-25 18:31 - 00000000 ____D () C:\ProgramData\Online
2015-02-25 18:31 - 2015-02-25 18:31 - 00000000 ____D () C:\Program Files (x86)\s5mark
2015-02-25 18:30 - 2015-02-25 18:30 - 00000045 _____ () C:\user.js
2015-02-25 18:28 - 2015-02-25 18:28 - 00002086 _____ () C:\Users\Chase\Desktop\Continue GamesDesktop Uninstaller.lnk
2015-02-25 18:24 - 2014-03-17 15:21 - 00000426 _____ () C:\AVScanner.ini
2015-02-25 18:13 - 2015-01-15 17:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-25 18:13 - 2015-01-15 17:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-25 18:13 - 2015-01-13 23:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-25 18:13 - 2015-01-13 22:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-25 18:13 - 2014-10-28 21:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-25 18:13 - 2014-10-28 21:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-25 18:13 - 2014-10-28 21:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-25 18:13 - 2014-10-28 21:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-25 18:13 - 2014-10-28 20:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-25 18:08 - 2015-02-25 21:27 - 00000000 ____D () C:\Users\Chase\AppData\Local\SmartWeb
2015-02-25 18:07 - 2015-01-13 17:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-25 18:07 - 2015-01-13 17:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-25 18:07 - 2015-01-10 04:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-25 18:07 - 2015-01-10 04:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-25 18:07 - 2015-01-10 03:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-25 18:07 - 2014-12-08 22:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-25 18:07 - 2014-12-08 20:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-25 18:07 - 2014-10-28 21:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-25 18:07 - 2014-10-28 21:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-25 18:07 - 2014-10-28 20:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-25 18:07 - 2014-10-28 20:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-25 18:07 - 2014-10-28 20:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-25 18:07 - 2014-10-28 20:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-25 18:07 - 2014-10-28 20:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-25 18:07 - 2014-10-28 20:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-25 18:06 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-25 18:06 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-25 18:06 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-25 18:06 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-25 18:06 - 2015-01-11 21:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-25 18:06 - 2015-01-11 21:32 - 06041088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-25 18:06 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-25 18:06 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-25 18:06 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-25 18:06 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-25 18:06 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-25 18:06 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-25 18:06 - 2015-01-11 20:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-25 18:06 - 2015-01-11 20:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-25 18:06 - 2015-01-11 20:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-25 18:06 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-25 18:06 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-25 18:06 - 2015-01-11 20:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-25 18:06 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-25 18:06 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-25 18:06 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-25 18:06 - 2015-01-11 20:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-25 18:06 - 2015-01-11 20:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-25 18:06 - 2015-01-11 20:29 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-25 18:06 - 2015-01-11 20:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-25 18:06 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-25 18:06 - 2015-01-11 20:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-25 18:06 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-25 18:06 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-25 18:06 - 2015-01-11 20:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-25 18:06 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-25 18:06 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-25 18:06 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-25 18:06 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-25 18:06 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-25 18:06 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-25 18:06 - 2015-01-10 02:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-25 18:06 - 2015-01-10 01:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-25 18:05 - 2015-01-10 03:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-27 09:25 - 2013-03-02 21:04 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-02-27 09:23 - 2013-03-02 19:51 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-863201406-2619704260-1695041489-1002
2015-02-27 09:18 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-27 09:17 - 2014-03-02 10:17 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-27 09:15 - 2013-11-19 19:21 - 00000000 ____D () C:\Users\Chase\AppData\Roaming\Mozilla
2015-02-27 09:13 - 2013-12-16 19:16 - 00000000 __RDO () C:\Users\Chase\SkyDrive
2015-02-27 09:12 - 2013-11-14 02:28 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-27 09:12 - 2013-03-03 02:20 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-27 09:11 - 2013-12-16 19:27 - 00003910 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{44A923D5-FAC9-4324-93B9-45F4E573F6DD}
2015-02-27 09:08 - 2013-03-03 02:20 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-27 09:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-26 20:11 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-26 19:57 - 2012-08-31 01:08 - 00000360 _____ () C:\WINDOWS\Tasks\Xerox PhotoCafe Communicator.job
2015-02-26 18:50 - 2012-08-31 01:00 - 00000000 ____D () C:\ProgramData\PopCap Games
2015-02-26 18:34 - 2013-03-03 02:20 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-26 18:30 - 2013-12-16 21:06 - 00000000 ___DC () C:\WINDOWS\Panther
2015-02-26 18:30 - 2013-03-03 12:42 - 00000000 ____D () C:\Users\Chase\AppData\Local\CrashDumps
2015-02-26 07:01 - 2013-03-03 02:20 - 00000000 ____D () C:\Users\Chase\AppData\Local\Google
2015-02-26 06:54 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-26 05:55 - 2012-08-31 01:05 - 00000000 ____D () C:\ProgramData\Temp
2015-02-25 21:47 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-25 21:46 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-25 21:27 - 2014-09-01 16:51 - 00000000 ____D () C:\ProgramData\uebaZXTl
2015-02-25 21:27 - 2014-05-14 16:48 - 00000000 ____D () C:\Program Files (x86)\Settings Manager
2015-02-25 21:27 - 2013-08-22 10:36 - 00000000 __RSD () C:\WINDOWS\Media
2015-02-25 20:52 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-02-25 20:38 - 2013-04-22 18:20 - 00177864 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\kneps.sys
2015-02-25 20:30 - 2014-07-24 20:56 - 00000000 ____D () C:\Users\Chase\AppData\Roaming\Systweak
2015-02-25 20:30 - 2014-07-24 20:56 - 00000000 ____D () C:\ProgramData\Systweak
2015-02-25 20:30 - 2014-05-14 16:48 - 00000000 ____D () C:\Users\Chase\AppData\Roaming\Settings Manager
2015-02-25 20:30 - 2014-05-14 16:38 - 00000000 ____D () C:\Users\Chase\AppData\Local\com
2015-02-25 20:30 - 2014-05-14 16:35 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-02-25 20:30 - 2013-08-22 08:25 - 00000194 _____ () C:\WINDOWS\win.ini
2015-02-25 20:11 - 2014-07-24 20:59 - 00001938 _____ () C:\Users\Chase\Desktop\Search.lnk
2015-02-25 20:06 - 2013-04-28 13:45 - 00000000 ____D () C:\Users\Chase\AppData\Local\CRE
2015-02-25 19:20 - 2012-08-31 00:58 - 00000000 ____D () C:\ProgramData\Norton
2015-02-25 19:16 - 2014-12-16 18:48 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-25 19:16 - 2014-09-01 17:19 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-25 18:25 - 2014-03-02 10:17 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-25 18:16 - 2013-08-22 09:44 - 00371720 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-25 18:15 - 2013-08-15 18:01 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-25 18:09 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-25 18:07 - 2013-03-03 02:20 - 00003888 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-25 18:07 - 2013-03-03 02:20 - 00003652 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-25 17:08 - 2013-12-16 18:17 - 00000000 ____D () C:\Users\Chase
2015-02-25 17:01 - 2013-03-14 19:31 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-03 14:31 - 2014-12-16 18:50 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 14:31 - 2014-12-16 18:50 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-29 17:49 - 2013-03-03 01:52 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2013-03-02 19:45 - 2013-03-03 21:52 - 0003004 _____ () C:\Users\Chase\AppData\Roaming\AbsoluteReminder.xml
2014-05-14 16:40 - 2014-05-14 16:40 - 0000320 _____ () C:\Users\Chase\AppData\Roaming\aps.uninstall.scan.results
2013-03-03 21:49 - 2013-03-03 21:51 - 6469064 _____ (Absolute Software Corp.) C:\Users\Chase\AppData\Roaming\LoJackSetup.exe
2014-05-14 16:36 - 2014-05-14 16:35 - 1746032 _____ (AnyProtect.com) C:\Users\Chase\AppData\Local\nszEA11.tmp
2013-11-13 16:43 - 2013-11-13 16:44 - 0021541 _____ () C:\Users\Chase\AppData\Local\WiDiSetupLog.20131113.164324.txt
2011-05-10 13:37 - 2011-05-10 13:37 - 0000003 _____ () C:\ProgramData\AbsoluteNotifier.txt
2013-09-29 15:37 - 2013-09-29 15:37 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-12-22 17:48 - 2013-12-22 17:48 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2012-08-31 00:54 - 2012-08-06 03:23 - 0000031 _____ () C:\ProgramData\ECReset_Partition.bat
2012-08-31 00:54 - 2012-08-06 04:34 - 1782152 _____ (Samsung Electronics) C:\ProgramData\ExpressCacheRun.exe
2013-05-26 23:33 - 2013-02-21 15:59 - 2063240 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2013-05-26 23:33 - 2013-01-12 22:51 - 0003004 _____ () C:\ProgramData\MakeMarkerFile.xml
2014-12-02 20:58 - 2014-12-02 20:58 - 0000036 _____ () C:\ProgramData\suguid.txt

Files to move or delete:
====================
C:\ProgramData\ECReset_Partition.bat
C:\ProgramData\ExpressCacheRun.exe
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-26 06:21

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2015 01
Ran by Chase at 2015-02-27 09:26:49
Running from C:\Users\Chase\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Absolute Notifier (HKLM-x32\...\{EBE939ED-4612-45FD-A39E-77AC199C4273}) (Version: 1.4.3.10 - Absolute Software)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Allshare Play Link (HKLM-x32\...\{91786428-D4AA-476D-8AF9-A63FFAC2901F}) (Version: 1.0.0 - Samsung)
AllSharePlayLink (HKLM-x32\...\{CE1836A8-3F2B-49BD-8395-93DD414068D2}) (Version: 1.0.0 - Samsung Electronics Co., Ltd.)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
CinemaP-1.1c (HKLM-x32\...\CinemaP-1.1c) (Version: 1.35.9.29 - Cinema Plus) <==== ATTENTION
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DomaIQ (HKLM-x32\...\DomaIQ Uninstaller) (Version: - Tuguu SLU) <==== ATTENTION
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.4 - Samsung Electronics CO.,LTD.)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
ETDWare X64 11.7.19.9_WHQL (HKLM\...\Elantech) (Version: 11.7.19.9 - ELAN Microelectronic Corp.)
ExpressCache (HKLM\...\{3EA6AB5D-D434-4ACA-9609-48F1319518EF}) (Version: 1.0.94 - Condusiv Technologies)
Galería de fotos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Help Desk (HKLM\...\{AEC9D273-E162-4614-83F1-722B8C74B185}) (Version: 1.0.96 - Samsung Electronics CO., LTD.)
HP Officejet 6700 Basic Device Software (HKLM\...\{A1CFA587-90D4-4DE6-B200-68CC0F92252F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6700 Help (HKLM-x32\...\{E1AE0CB7-1333-4728-8520-CB3F88A252B4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6700 Product Improvement Study (HKLM\...\{988D55BB-08DE-43C9-8D16-3751361E2A79}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Infineon TPM Professional Package (HKLM\...\{D035AE8C-1161-4C90-908F-3380C1BE4B12}) (Version: 4.3.000.3137 - Infineon Technologies AG)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 3.6.1.33070.11 - Intel)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3304 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
Kaspersky Internet Security 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4693.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-863201406-2619704260-1695041489-1002\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
NVIDIA Graphics Driver 327.68 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.68 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
Oasis2Service (HKLM-x32\...\Oasis2Service) (Version: 2.0.607.7 - DDNi)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Online Support(S Service) (HKLM-x32\...\{C8996970-A56E-4659-B01B-CCB7097C4E59}) (Version: 1.1 - Samsung Electronics CO., LTD.)
Quick Starter (HKLM\...\{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}) (Version: 1.0.2 - Samsung Electronics CO., LTD.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7055 - Realtek Semiconductor Corp.)
S Agent (Version: 1.1.51 - Samsung Electronics CO., LTD.) Hidden
Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)
Support Center (HKLM\...\{711DE117-767F-48A8-9864-66C525B9539F}) (Version: 2.1.1223 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.17 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{4F1936F8-82B4-437E-BC47-FAB9136A04B2}) (Version: 2.2.2 - Samsung Electronics CO., LTD.)
User Guide (HKLM-x32\...\{5D4E117D-FC6A-4FB8-81E3-BEFFAE2F7BE6}) (Version: 1.1.00 - Samsung Electronics CO., LTD.)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (08/23/2013 6.2.8400.4218) (HKLM\...\26BFE384C802803107F583AE1A739E4FEB56134B) (Version: 08/23/2013 6.2.8400.42

Ghost · February 27, 2015, 02:45:32 PM

CONT:
Results of screen317's Security Check version 0.99.97
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
Kaspersky Internet Security
Windows Defender
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````[/u]
Java 64-bit 8 Update 31[/color]
Adobe Flash Player 16.0.0.305
Adobe Reader 10.1.12 Adobe Reader out of Date!
Google Chrome (40.0.2214.115)
````````Process Check: objlist.exe by Laurent````````[/u]
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
Online updater.exe
Kaspersky Lab Kaspersky Internet Security 2013 avp.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````[/u]

Ghost

Corrine · February 27, 2015, 08:57:36 PM

Hi, Ghost.

I gather this is the laptop you told me your friend said Malwarebytes originally has already removed a ton from. Looks like there is a fair amount of cleaning remaining too.

1. Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

Open Notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the entire contents of the code box below into Notepad.

Code Select


start
CreateRestorePoint:
CloseProcesses:
() C:\ProgramData\Online\updater.exe
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AnyProtect Scanner] => "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe"
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: [S-1-5-21-863201406-2619704260-1695041489-1009] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-search.net/search?sid=492&aid=100&itype=a&ver=15005&tm=347&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {FDAA0ADD-8E09-4D70-A127-9BA9D249AD46} URL =
SearchScopes: HKLM-x32 -> _tmp URL =
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-search.net/search?sid=492&aid=100&itype=a&ver=15005&tm=347&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-863201406-2619704260-1695041489-1002 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_dnldstr_15_09&cd=2XzuyEtN2Y1L1Qzu0CyCzzyDtDzz0D0B0BtA0CtDtByB0E0BtN0D0Tzu0StCtCyDtCtN1L2XzutAtFyBtFyBtFtCtAtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyD0B0D0F0CyDyDzytGyDyB0E0AtGzzyE0DtCtGyCtB0E0BtGyDzy0FtAtDyCtA0Fzz0D0Fzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtAtAyBtAzz0CtGtA0BtAtAtGyE0BtAzytG0AzzzzyCtGyEtByEtDtCyEyEyE0EtB0ByD2Q&cr=1877956028&ir=
SearchScopes: HKU\S-1-5-21-863201406-2619704260-1695041489-1002 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = http://www.default-search.net/search?sid=492&aid=100&itype=a&ver=15005&tm=347&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-863201406-2619704260-1695041489-1002 -> {1B257E81-ECCE-45AE-8173-A669AD9393F2} URL = http://rts.dsrlte.com/?affID=na&q={searchTerms}&r=422
SearchScopes: HKU\S-1-5-21-863201406-2619704260-1695041489-1002 -> {74C1E655-9BB7-4F2F-BAFA-FA5E6095AA09} URL =
SearchScopes: HKU\S-1-5-21-863201406-2619704260-1695041489-1002 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_dnldstr_15_09&cd=2XzuyEtN2Y1L1Qzu0CyCzzyDtDzz0D0B0BtA0CtDtByB0E0BtN0D0Tzu0StCtCyDtCtN1L2XzutAtFyBtFyBtFtCtAtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyD0B0D0F0CyDyDzytGyDyB0E0AtGzzyE0DtCtGyCtB0E0BtGyDzy0FtAtDyCtA0Fzz0D0Fzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtAtAyBtAzz0CtGtA0BtAtAtGyE0BtAzytG0AzzzzyCtGyEtByEtDtCyEyEyE0EtB0ByD2Q&cr=1877956028&ir=
SearchScopes: HKU\S-1-5-21-863201406-2619704260-1695041489-1002 -> {FDAA0ADD-8E09-4D70-A127-9BA9D249AD46} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN24585449762893124&UM=2&SSPV=TB_TIS
CHR HomePage: Default -> hxxp://binkiland.com/?f=1&a=bnk_dnldstr_15_09&cd=2XzuyEtN2Y1L1Qzu0CyCzzyDtDzz0D0B0BtA0CtDtByB0E0BtN0D0Tzu0StCtCyDtCtN1L2XzutAtFyBtFyBtFtCtAtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyD0B0D0F0CyDyDzytGyDyB0E0AtGzzyE0DtCtGyCtB0E0BtGyDzy0FtAtDyCtA0Fzz0D0Fzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtAtAyBtAzz0CtGtA0BtAtAtGyE0BtAzytG0AzzzzyCtGyEtByEtDtCyEyEyE0EtB0ByD2Q&cr=1877956028&ir=
CHR RestoreOnStartup: Default -> "hxxp://search.yahoo.com/?fr=hp-ddc-bd&type=840_pr__alt__ddc_dsssyc_bd_com"
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Extension: (Deal Keeper) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjdjonjhkmemnldiniaionkhfnpbdom [2015-01-11]
CHR Extension: (No Name) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkbffhpdalaceholagpcomhnigjjdfdb [2015-01-11]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\Exts\Chrome.crx [Not Found]
R2 UpWork; C:\ProgramData\Online\updater.exe [404480 2015-02-25] () [File not signed]
2015-02-25 18:44 - 2015-02-25 18:45 - 00000000 ____D () C:\Program Files (x86)\msrtn32
2015-02-25 18:35 - 2015-02-25 18:35 - 00000000 ____D () C:\Program Files (x86)\predm
2015-02-25 18:31 - 2015-02-25 18:31 - 00000000 ____D () C:\Users\Chase\AppData\Local\Bypass
2015-02-25 18:31 - 2015-02-25 18:31 - 00000000 ____D () C:\ProgramData\u2c
2015-02-25 18:31 - 2015-02-25 18:31 - 00000000 ____D () C:\ProgramData\Online
2015-02-25 18:31 - 2015-02-25 18:31 - 00000000 ____D () C:\Program Files (x86)\s5mark
2015-02-25 18:30 - 2015-02-25 18:30 - 00000045 _____ () C:\user.js
2015-02-25 18:08 - 2015-02-25 21:27 - 00000000 ____D () C:\Users\Chase\AppData\Local\SmartWeb
C:\Users\EasySurvey\EasySurvey.exe
Folder:
C:\Program Files (x86)\AnyProtectEx
C:\Users\Chase\AppData\Roaming\et
C:\ProgramData\a5srv5task
EmptyTemp:
end

Click Format and ensure Wordwrap is unchecked.
Important: Save the code to the same folder/directory that FRST.exe is located in, naming it as fixlist.txt
Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
- Press the Fix button once and wait.
- FRST will process fixlist.txt
- When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
- Please post the log in your next reply.

2. Please download Adware Cleaner by Xplode. Please save it to your desktop!

Close all open programs and internet browsers.
Double-click AdwCleaner.exe to run the tool.
Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
Click the Scan button.
AdwCleaner will begin. Be patient as the scan may take some time to complete.
After the scan has finished, click the ~~Report~~Logfile* button. A logfile (AdwCleaner[R0].txt) will open in Notepad for review.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

*Must have been a change to "Logfile" rather than Report.

Ghost · February 27, 2015, 09:41:10 PM

Hi Corrine,
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-02-2015 01
Ran by Chase at 2015-02-27 16:10:51 Run:1
Running from C:\Users\Chase\Desktop
Loaded Profiles: Chase & UpdatusUser (Available profiles: Chase & UpdatusUser)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CreateRestorePoint:
CloseProcesses:
() C:\ProgramData\Online\updater.exe
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AnyProtect Scanner] => "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe"
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: [S-1-5-21-863201406-2619704260-1695041489-1009] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-search.net/search?sid=492&aid=100&itype=a&ver=15005&tm=347&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {FDAA0ADD-8E09-4D70-A127-9BA9D249AD46} URL =
SearchScopes: HKLM-x32 -> _tmp URL =
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-search.net/search?sid=492&aid=100&itype=a&ver=15005&tm=347&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-863201406-2619704260-1695041489-1002 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_dnldstr_15_09&cd=2XzuyEtN2Y1L1Qzu0CyCzzyDtDzz0D0B0BtA0CtDtByB0E0BtN0D0Tzu0StCtCyDtCtN1L2XzutAtFyBtFyBtFtCtAtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyD0B0D0F0CyDyDzytGyDyB0E0AtGzzyE0DtCtGyCtB0E0BtGyDzy0FtAtDyCtA0Fzz0D0Fzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtAtAyBtAzz0CtGtA0BtAtAtGyE0BtAzytG0AzzzzyCtGyEtByEtDtCyEyEyE0EtB0ByD2Q&cr=1877956028&ir=
SearchScopes: HKU\S-1-5-21-863201406-2619704260-1695041489-1002 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = http://www.default-search.net/search?sid=492&aid=100&itype=a&ver=15005&tm=347&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-863201406-2619704260-1695041489-1002 -> {1B257E81-ECCE-45AE-8173-A669AD9393F2} URL = http://rts.dsrlte.com/?affID=na&q={searchTerms}&r=422
SearchScopes: HKU\S-1-5-21-863201406-2619704260-1695041489-1002 -> {74C1E655-9BB7-4F2F-BAFA-FA5E6095AA09} URL =
SearchScopes: HKU\S-1-5-21-863201406-2619704260-1695041489-1002 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_dnldstr_15_09&cd=2XzuyEtN2Y1L1Qzu0CyCzzyDtDzz0D0B0BtA0CtDtByB0E0BtN0D0Tzu0StCtCyDtCtN1L2XzutAtFyBtFyBtFtCtAtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyD0B0D0F0CyDyDzytGyDyB0E0AtGzzyE0DtCtGyCtB0E0BtGyDzy0FtAtDyCtA0Fzz0D0Fzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtAtAyBtAzz0CtGtA0BtAtAtGyE0BtAzytG0AzzzzyCtGyEtByEtDtCyEyEyE0EtB0ByD2Q&cr=1877956028&ir=
SearchScopes: HKU\S-1-5-21-863201406-2619704260-1695041489-1002 -> {FDAA0ADD-8E09-4D70-A127-9BA9D249AD46} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN24585449762893124&UM=2&SSPV=TB_TIS
CHR HomePage: Default -> hxxp://binkiland.com/?f=1&a=bnk_dnldstr_15_09&cd=2XzuyEtN2Y1L1Qzu0CyCzzyDtDzz0D0B0BtA0CtDtByB0E0BtN0D0Tzu0StCtCyDtCtN1L2XzutAtFyBtFyBtFtCtAtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyD0B0D0F0CyDyDzytGyDyB0E0AtGzzyE0DtCtGyCtB0E0BtGyDzy0FtAtDyCtA0Fzz0D0Fzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtAtAyBtAzz0CtGtA0BtAtAtGyE0BtAzytG0AzzzzyCtGyEtByEtDtCyEyEyE0EtB0ByD2Q&cr=1877956028&ir=
CHR RestoreOnStartup: Default -> "hxxp://search.yahoo.com/?fr=hp-ddc-bd&type=840_pr__alt__ddc_dsssyc_bd_com"
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Extension: (Deal Keeper) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjdjonjhkmemnldiniaionkhfnpbdom [2015-01-11]
CHR Extension: (No Name) - C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkbffhpdalaceholagpcomhnigjjdfdb [2015-01-11]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\Exts\Chrome.crx [Not Found]
R2 UpWork; C:\ProgramData\Online\updater.exe [404480 2015-02-25] () [File not signed]
2015-02-25 18:44 - 2015-02-25 18:45 - 00000000 ____D () C:\Program Files (x86)\msrtn32
2015-02-25 18:35 - 2015-02-25 18:35 - 00000000 ____D () C:\Program Files (x86)\predm
2015-02-25 18:31 - 2015-02-25 18:31 - 00000000 ____D () C:\Users\Chase\AppData\Local\Bypass
2015-02-25 18:31 - 2015-02-25 18:31 - 00000000 ____D () C:\ProgramData\u2c
2015-02-25 18:31 - 2015-02-25 18:31 - 00000000 ____D () C:\ProgramData\Online
2015-02-25 18:31 - 2015-02-25 18:31 - 00000000 ____D () C:\Program Files (x86)\s5mark
2015-02-25 18:30 - 2015-02-25 18:30 - 00000045 _____ () C:\user.js
2015-02-25 18:08 - 2015-02-25 21:27 - 00000000 ____D () C:\Users\Chase\AppData\Local\SmartWeb
C:\Users\EasySurvey\EasySurvey.exe
Folder:
C:\Program Files (x86)\AnyProtectEx
C:\Users\Chase\AppData\Roaming\et
C:\ProgramData\a5srv5task
EmptyTemp:
end
*****************

Restore point was successfully created.
Processes closed successfully.
C:\ProgramData\Online\updater.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AnyProtect Scanner => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value deleted successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
Error setting Default URLSearchHook.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}" => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\_tmp" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\_tmp => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} => Key not found.
HKU\S-1-5-21-863201406-2619704260-1695041489-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-863201406-2619704260-1695041489-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6}" => Key deleted successfully.
HKCR\CLSID\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} => Key not found.
"HKU\S-1-5-21-863201406-2619704260-1695041489-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1B257E81-ECCE-45AE-8173-A669AD9393F2}" => Key deleted successfully.
HKCR\CLSID\{1B257E81-ECCE-45AE-8173-A669AD9393F2} => Key not found.
"HKU\S-1-5-21-863201406-2619704260-1695041489-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{74C1E655-9BB7-4F2F-BAFA-FA5E6095AA09}" => Key deleted successfully.
HKCR\CLSID\{74C1E655-9BB7-4F2F-BAFA-FA5E6095AA09} => Key not found.
"HKU\S-1-5-21-863201406-2619704260-1695041489-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}" => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} => Key not found.
"HKU\S-1-5-21-863201406-2619704260-1695041489-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FDAA0ADD-8E09-4D70-A127-9BA9D249AD46}" => Key deleted successfully.
HKCR\CLSID\{FDAA0ADD-8E09-4D70-A127-9BA9D249AD46} => Key not found.
Chrome HomePage deleted successfully.
Chrome RestoreOnStartup deleted successfully.
Chrome StartupUrls deleted successfully.
C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjdjonjhkmemnldiniaionkhfnpbdom => Moved successfully.
C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkbffhpdalaceholagpcomhnigjjdfdb => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dchlnpcodkpfdpacogkljefecpegganj" => Key deleted successfully.
Could not move "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk" => Key deleted successfully.
UpWork => Unable to stop service
UpWork => Service deleted successfully.
C:\Program Files (x86)\msrtn32 => Moved successfully.
C:\Program Files (x86)\predm => Moved successfully.
C:\Users\Chase\AppData\Local\Bypass => Moved successfully.
C:\ProgramData\u2c => Moved successfully.
C:\ProgramData\Online => Moved successfully.
C:\Program Files (x86)\s5mark => Moved successfully.
C:\user.js => Moved successfully.
C:\Users\Chase\AppData\Local\SmartWeb => Moved successfully.
C:\Users\EasySurvey\EasySurvey.exe => Moved successfully.

========================= Folder: ========================

Directory Not Found
"C:\Program Files (x86)\AnyProtectEx" => File/Directory not found.
C:\Users\Chase\AppData\Roaming\et => Moved successfully.
C:\ProgramData\a5srv5task => Moved successfully.
EmptyTemp: => Removed 32.9 MB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-02-27 16:13:31)<=

"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx" => File could not move.

==== End of Fixlog 16:13:32 ====

# AdwCleaner v4.111 - Logfile created 27/02/2015 at 16:20:22
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Chase - MYPC
# Running from : C:\Users\Chase\Desktop\adwcleaner_4.111.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Users\Chase\AppData\Roaming\aps.uninstall.scan.results
File Found : C:\Users\Chase\Desktop\Continue Live Installation.lnk
File Found : C:\Users\Chase\Desktop\Sync Folder.lnk
File Found : C:\Users\Public\Desktop\NewPlayer.lnk
File Found : C:\WINDOWS\System32\roboot64.exe
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\Program Files (x86)\Settings Manager
Folder Found : C:\Program Files (x86)\Tbccint
Folder Found : C:\Program Files\DomaIQ Uninstaller
Folder Found : C:\ProgramData\Browser
Folder Found : C:\ProgramData\Kromtech
Folder Found : C:\ProgramData\systemk
Folder Found : C:\ProgramData\Systweak
Folder Found : C:\SafeWeb
Folder Found : C:\SearchProtect
Folder Found : C:\Users\Chase\AppData\Local\Conduit
Folder Found : C:\Users\Chase\AppData\Local\globalUpdate
Folder Found : C:\Users\Chase\AppData\Local\Kromtech
Folder Found : C:\Users\Chase\AppData\Local\NativeMessaging
Folder Found : C:\Users\Chase\AppData\Local\WebBar
Folder Found : C:\Users\Chase\AppData\Local\WhiteListing
Folder Found : C:\Users\Chase\AppData\LocalLow\Conduit
Folder Found : C:\Users\Chase\AppData\LocalLow\SmartWeb
Folder Found : C:\Users\Chase\AppData\Roaming\Settings Manager
Folder Found : C:\Users\Chase\AppData\Roaming\Systweak
Folder Found : C:\Users\Chase\AppData\Roaming\UpdaterEX
Folder Found : C:\Users\UpdatusUser\AppData\Local\speed browser
Folder Found : C:\WINDOWS\SysWOW64\SearchProtect

***** [ Scheduled tasks ] *****

Task Found : APSnotifierPP1
Task Found : APSnotifierPP2
Task Found : APSnotifierPP3
Task Found : ASP
Task Found : UpdaterEX
Task Found : SmartWeb Upgrade Trigger Task
Task Found : PastaQuotes
Task Found : UpdaterEX

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AnyProtect
Key Found : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Found : HKCU\Software\AppDataLow\Software\BackgroundContainerV2
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\SmartWeb
Key Found : HKCU\Software\AppDataLow\Software\TheBestDeals
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Classes\keepmysearch
Key Found : HKCU\Software\Compete
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\PriceFountain
Key Found : HKCU\Software\SoftwareUpdater
Key Found : HKCU\Software\systweak
Key Found : HKCU\Software\Tbccint_HKLM
Key Found : HKCU\Software\UpdaterEX
Key Found : [x64] HKCU\Software\AnyProtect
Key Found : [x64] HKCU\Software\Compete
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : [x64] HKCU\Software\InstalledBrowserExtensions
Key Found : [x64] HKCU\Software\PriceFountain
Key Found : [x64] HKCU\Software\SoftwareUpdater
Key Found : [x64] HKCU\Software\systweak
Key Found : [x64] HKCU\Software\Tbccint_HKLM
Key Found : [x64] HKCU\Software\UpdaterEX
Key Found : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\AppID\iedll.dll
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Found : HKLM\SOFTWARE\CompeteInc
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DomaIQ Uninstaller
Key Found : HKLM\SOFTWARE\NewPlayer
Key Found : HKLM\SOFTWARE\NpApp
Key Found : HKLM\SOFTWARE\SpeedBrowser
Key Found : HKLM\SOFTWARE\systweak
Key Found : HKLM\SOFTWARE\V9Software
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Google Chrome v40.0.2214.115

[C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9ho1IAoH5LYnFv7Jf63Dbp3hUD-8zeqwlt9hX5o4_tIAadOG0600Ml9v_hAZepzy3BTACzfD7RIJYCFxTQz_qqZZcFdpEviE7nt7nZC5uBPP3Z4QeTw7Rl_SEpYbh71ijB9MunZBJm3kcUaaeTaqhXwciRbuhSad4D_Ng,,&q={searchTerms}
[C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3289847&octid=EB_ORIGINAL_CTID&SearchSource=62&CUI=&UM=2&UP=SPA944E372-A449-4B1E-BEB3-1F6D0550CACA&q=UCM_SEARCH_TERM&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=TB_TIS
[C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.v9.com/web/?type=ds&ts=1409608163&from=air&uid=ST1000LM024XHN-M101MBB_S2RQJ9AC807944&i=psd&t=3483122e6&q={searchTerms}
[C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.default-search.net/search?sid=492&aid=100&itype=a&ver=15005&tm=347&src=ds&p={searchTerms}
[C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_dnldstr_15_09&cd=2XzuyEtN2Y1L1Qzu0CyCzzyDtDzz0D0B0BtA0CtDtByB0E0BtN0D0Tzu0StCtCyDtCtN1L2XzutAtFyBtFyBtFtCtAtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyD0B0D0F0CyDyDzytGyDyB0E0AtGzzyE0DtCtGyCtB0E0BtGyDzy0FtAtDyCtA0Fzz0D0Fzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtAtAyBtAzz0CtGtA0BtAtAtGyE0BtAzytG0AzzzzyCtGyEtByEtDtCyEyEyE0EtB0ByD2Q&cr=1877956028&ir=
*************************

AdwCleaner[R0].txt - [12880 bytes] - [27/02/2015 16:20:22]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [12940 bytes] ##########

Thanks,
Ghost

Corrine · February 27, 2015, 11:08:28 PM

Whew! That is some AdwCleaner log. Please do the following:

1. Double-click AdwCleaner.exe to run the tool again.

Click the Scan button.
AdwCleaner will begin to scan your computer like it did before.
Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
After the scan has finished,
This time click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.

2. Please download Junkware Removal Tool to your desktop.

Disable your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

3. Please update Adobe Reader to the current version or replace it with Sumatra PDF from http://www.sumatrapdfreader.org/free-pdf-reader.html. Adobe Reader XI (11.0.10) for Windows is available here: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows.

4. Since Malwarebytes is installed, please scan with MBAM again:

Launch Malwarebytes' Anti-Malware then click the Update tab and "Check for Updates"
Once the update has been installed and the program has loaded, select Threat Scan
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
Click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Please post contents of that file in your next reply.

** Note **

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Ghost · February 27, 2015, 11:52:47 PM

Hi Corrine,
# AdwCleaner v4.111 - Logfile created 27/02/2015 at 18:13:29
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Chase - MYPC
# Running from : C:\Users\Chase\Desktop\adwcleaner_4.111.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\SearchProtect
Folder Deleted : C:\SafeWeb
Folder Deleted : C:\ProgramData\Browser
Folder Deleted : C:\ProgramData\systemk
Folder Deleted : C:\ProgramData\Systweak
Folder Deleted : C:\ProgramData\Kromtech
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\Settings Manager
Folder Deleted : C:\Program Files (x86)\Tbccint
Folder Deleted : C:\WINDOWS\SysWOW64\SearchProtect
Folder Deleted : C:\Program Files\DomaIQ Uninstaller
Folder Deleted : C:\Users\Chase\AppData\Local\Conduit
Folder Deleted : C:\Users\Chase\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Chase\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Chase\AppData\Local\WhiteListing
Folder Deleted : C:\Users\Chase\AppData\Local\Kromtech
Folder Deleted : C:\Users\Chase\AppData\Local\WebBar
Folder Deleted : C:\Users\Chase\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Chase\AppData\LocalLow\SmartWeb
Folder Deleted : C:\Users\Chase\AppData\Roaming\Settings Manager
Folder Deleted : C:\Users\Chase\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Chase\AppData\Roaming\UpdaterEX
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\speed browser
File Deleted : C:\Users\Public\Desktop\NewPlayer.lnk
File Deleted : C:\WINDOWS\System32\roboot64.exe
File Deleted : C:\Users\Chase\AppData\Roaming\aps.uninstall.scan.results
File Deleted : C:\Users\Chase\Desktop\Continue Live Installation.lnk
File Deleted : C:\Users\Chase\Desktop\Sync Folder.lnk

***** [ Scheduled tasks ] *****

Task Deleted : APSnotifierPP1
Task Deleted : APSnotifierPP2
Task Deleted : APSnotifierPP3
Task Deleted : ASP
Task Deleted : UpdaterEX
Task Deleted : SmartWeb Upgrade Trigger Task
Task Deleted : PastaQuotes

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Chase\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
Shortcut Disinfected : C:\Users\Chase\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\Chrome.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Deleted : HKCU\Software\Classes\keepmysearch
Key Deleted : HKLM\SOFTWARE\Classes\AppID\iedll.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\Compete
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\SoftwareUpdater
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\Tbccint_HKLM
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKCU\Software\PriceFountain
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainerV2
Key Deleted : HKCU\Software\AppDataLow\Software\SmartWeb
Key Deleted : HKCU\Software\AppDataLow\Software\TheBestDeals
Key Deleted : HKLM\SOFTWARE\CompeteInc
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\NewPlayer
Key Deleted : HKLM\SOFTWARE\NpApp
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\V9Software
Key Deleted : HKLM\SOFTWARE\SpeedBrowser
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DomaIQ Uninstaller
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Google Chrome v40.0.2214.115

[C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9ho1IAoH5LYnFv7Jf63Dbp3hUD-8zeqwlt9hX5o4_tIAadOG0600Ml9v_hAZepzy3BTACzfD7RIJYCFxTQz_qqZZcFdpEviE7nt7nZC5uBPP3Z4QeTw7Rl_SEpYbh71ijB9MunZBJm3kcUaaeTaqhXwciRbuhSad4D_Ng,,&q={searchTerms}
[C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3289847&octid=EB_ORIGINAL_CTID&SearchSource=62&CUI=&UM=2&UP=SPA944E372-A449-4B1E-BEB3-1F6D0550CACA&q=UCM_SEARCH_TERM&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=TB_TIS
[C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.v9.com/web/?type=ds&ts=1409608163&from=air&uid=ST1000LM024XHN-M101MBB_S2RQJ9AC807944&i=psd&t=3483122e6&q={searchTerms}
[C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.default-search.net/search?sid=492&aid=100&itype=a&ver=15005&tm=347&src=ds&p={searchTerms}
[C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_dnldstr_15_09&cd=2XzuyEtN2Y1L1Qzu0CyCzzyDtDzz0D0B0BtA0CtDtByB0E0BtN0D0Tzu0StCtCyDtCtN1L2XzutAtFyBtFyBtFtCtAtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyD0B0D0F0CyDyDzytGyDyB0E0AtGzzyE0DtCtGyCtB0E0BtGyDzy0FtAtDyCtA0Fzz0D0Fzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtAtAyBtAzz0CtGtA0BtAtAtGyE0BtAzytG0AzzzzyCtGyEtByEtDtCyEyEyE0EtB0ByD2Q&cr=1877956028&ir=

*************************

AdwCleaner[R0].txt - [13076 bytes] - [27/02/2015 16:20:22]
AdwCleaner[R1].txt - [13136 bytes] - [27/02/2015 18:12:19]
AdwCleaner[S0].txt - [12748 bytes] - [27/02/2015 18:13:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12808 bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8.1 x64
Ran by Chase on Fri 02/27/2015 at 18:22:48.02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

Successfully deleted: [File] "C:\WINDOWS\wininit.ini"

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Chase\appdata\local\cre"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 02/27/2015 at 18:27:15.18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

C:\ProgramData\Browser\prompt.exe->C:\AdwCleaner\Quarantine\C\ProgramData\Browser\prompt.exe.vir
C:\ProgramData\Browser\prompt.exe.config->C:\AdwCleaner\Quarantine\C\ProgramData\Browser\prompt.exe.config.vir
C:\ProgramData\Kromtech\installer.exe->C:\AdwCleaner\Quarantine\C\ProgramData\Kromtech\installer.exe.vir
C:\ProgramData\Kromtech\PCKeeper\CrashReportSender.llog->C:\AdwCleaner\Quarantine\C\ProgramData\Kromtech\PCKeeper\CrashReportSender.llog.vir
C:\ProgramData\Kromtech\PCKeeper\OneClickFixService.exe0.llog->C:\AdwCleaner\Quarantine\C\ProgramData\Kromtech\PCKeeper\OneClickFixService.exe0.llog.vir
C:\ProgramData\Kromtech\PCKeeper\PCKeeper.exe0.llog->C:\AdwCleaner\Quarantine\C\ProgramData\Kromtech\PCKeeper\PCKeeper.exe0.llog.vir
C:\ProgramData\Kromtech\PCKeeper\PCKeeper.llog->C:\AdwCleaner\Quarantine\C\ProgramData\Kromtech\PCKeeper\PCKeeper.llog.vir
C:\ProgramData\Kromtech\PCKeeper\PCKeeperService.exe0.llog->C:\AdwCleaner\Quarantine\C\ProgramData\Kromtech\PCKeeper\PCKeeperService.exe0.llog.vir
C:\ProgramData\Kromtech\PCKeeper\PCKeeperService.exe1.llog->C:\AdwCleaner\Quarantine\C\ProgramData\Kromtech\PCKeeper\PCKeeperService.exe1.llog.vir
C:\ProgramData\Kromtech\PCKeeper\PCKeeperService.exe2.llog->C:\AdwCleaner\Quarantine\C\ProgramData\Kromtech\PCKeeper\PCKeeperService.exe2.llog.vir
C:\ProgramData\Kromtech\PCKeeper\PCKeeperService.llog->C:\AdwCleaner\Quarantine\C\ProgramData\Kromtech\PCKeeper\PCKeeperService.llog.vir
C:\ProgramData\Kromtech\PCKeeper\RegistryCleanerComponent.dll0.llog->C:\AdwCleaner\Quarantine\C\ProgramData\Kromtech\PCKeeper\RegistryCleanerComponent.dll0.llog.vir
C:\ProgramData\Kromtech\PCKeeper\ProblemFinder\RegistryScan.xml->C:\AdwCleaner\Quarantine\C\ProgramData\Kromtech\PCKeeper\ProblemFinder\RegistryScan.xml.vir
C:\ProgramData\Kromtech\PCKeeper\ProblemFinder\ScanReport.xml->C:\AdwCleaner\Quarantine\C\ProgramData\Kromtech\PCKeeper\ProblemFinder\ScanReport.xml.vir
C:\ProgramData\Kromtech\PCKeeper\ProblemFinder\SystemScan.xml->C:\AdwCleaner\Quarantine\C\ProgramData\Kromtech\PCKeeper\ProblemFinder\SystemScan.xml.vir
C:\ProgramData\Kromtech\Installer\AccSvc.log->C:\AdwCleaner\Quarantine\C\ProgramData\Kromtech\Installer\AccSvc.log.vir
C:\ProgramData\Kromtech\Installer\installer.exe0.llog->C:\AdwCleaner\Quarantine\C\ProgramData\Kromtech\Installer\installer.exe0.llog.vir
C:\ProgramData\Kromtech\Installer\installer0.exe0.llog->C:\AdwCleaner\Quarantine\C\ProgramData\Kromtech\Installer\installer0.exe0.llog.vir
C:\ProgramData\Kromtech\Installer\PCKeeper.exe0.llog->C:\AdwCleaner\Quarantine\C\ProgramData\Kromtech\Installer\PCKeeper.exe0.llog.vir
C:\ProgramData\Kromtech\AccountService\AccountService.exe0.llog->C:\AdwCleaner\Quarantine\C\ProgramData\Kromtech\AccountService\AccountService.exe0.llog.vir
C:\ProgramData\Kromtech\AccountService\AccountService.exe1.llog->C:\AdwCleaner\Quarantine\C\ProgramData\Kromtech\AccountService\AccountService.exe1.llog.vir
C:\ProgramData\Kromtech\AccountService\AccountService.llog->C:\AdwCleaner\Quarantine\C\ProgramData\Kromtech\AccountService\AccountService.llog.vir
C:\ProgramData\Kromtech\AccountService\CrashReportSender.llog->C:\AdwCleaner\Quarantine\C\ProgramData\Kromtech\AccountService\CrashReportSender.llog.vir
C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll->C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir
C:\Program Files\DomaIQ Uninstaller\DomaIQUninstall.exe->C:\AdwCleaner\Quarantine\C\Program Files\DomaIQ Uninstaller\DomaIQUninstall.exe.vir
C:\Program Files\DomaIQ Uninstaller\Uninstall.xml->C:\AdwCleaner\Quarantine\C\Program Files\DomaIQ Uninstaller\Uninstall.xml.vir
C:\Users\Chase\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll.vir
C:\Users\Chase\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll.vir
C:\Users\Chase\AppData\Local\NativeMessaging\CT3289847\nmHostManifest.json->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\Local\NativeMessaging\CT3289847\nmHostManifest.json.vir
C:\Users\Chase\AppData\Local\NativeMessaging\CT3289847\1_0_1_6\nmHostConfig.json->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\Local\NativeMessaging\CT3289847\1_0_1_6\nmHostConfig.json.vir
C:\Users\Chase\AppData\Local\NativeMessaging\CT3289847\1_0_1_6\nmHostManifest.json->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\Local\NativeMessaging\CT3289847\1_0_1_6\nmHostManifest.json.vir
C:\Users\Chase\AppData\Local\NativeMessaging\CT3289847\1_0_1_6\TBMessagingHost.exe->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\Local\NativeMessaging\CT3289847\1_0_1_6\TBMessagingHost.exe.vir
C:\Users\Chase\AppData\Local\NativeMessaging\CT3289847\1_0_0_4\nmHostConfig.json->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\Local\NativeMessaging\CT3289847\1_0_0_4\nmHostConfig.json.vir
C:\Users\Chase\AppData\Local\NativeMessaging\CT3289847\1_0_0_4\nmHostManifest.json->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\Local\NativeMessaging\CT3289847\1_0_0_4\nmHostManifest.json.vir
C:\Users\Chase\AppData\Local\NativeMessaging\CT3289847\1_0_0_4\TBMessagingHost.exe->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\Local\NativeMessaging\CT3289847\1_0_0_4\TBMessagingHost.exe.vir
C:\Users\Chase\AppData\Local\WhiteListing\PluginsWhiteListing.dll->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\Local\WhiteListing\PluginsWhiteListing.dll.vir
C:\Users\Chase\AppData\Local\Kromtech\DefaultDomain_Path_tzl5ohjst5nuramxnoxdmhvenx1uekmr\2.2.982.0\user.config->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\Local\Kromtech\DefaultDomain_Path_tzl5ohjst5nuramxnoxdmhvenx1uekmr\2.2.982.0\user.config.vir
C:\Users\Chase\AppData\Local\WebBar\wb.app.settings->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\Local\WebBar\wb.app.settings.vir
C:\Users\Chase\AppData\Local\WebBar\wb.log->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\Local\WebBar\wb.log.vir
C:\Users\Chase\AppData\Local\WebBar\wb.user.settings->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\Local\WebBar\wb.user.settings.vir
C:\Users\Chase\AppData\LocalLow\Conduit\localStorage\appsFiles\2d2f2f16-9432-4890-9f93-624a84cf6261\mam_gk_userId.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\localStorage\appsFiles\2d2f2f16-9432-4890-9f93-624a84cf6261\mam_gk_userId.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\LanguagePacks\en.xml->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\LanguagePacks\en.xml.vir
C:\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1774897_1765438_US.xml->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1774897_1765438_US.xml.vir
C:\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\DialogsAPI.js->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\DialogsAPI.js.vir
C:\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\PIE.htc->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\PIE.htc.vir
C:\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\settings.js->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\settings.js.vir
C:\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\version.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\version.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\AppNotification.js->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\AppNotification.js.vir
C:\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\initialNotification.html->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\initialNotification.html.vir
C:\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\main.html->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\main.html.vir
C:\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\NotificationDialogStyle.css->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\NotificationDialogStyle.css.vir
C:\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\NotificationDialogStyleIE9.css->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\NotificationDialogStyleIE9.css.vir
C:\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\sampleNotification.html->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\sampleNotification.html.vir
C:\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\close.png->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\close.png.vir
C:\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\like.png->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\like.png.vir
C:\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Next.png->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Next.png.vir
C:\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Next_hover.png->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Next_hover.png.vir
C:\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\powered-by.png->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\powered-by.png.vir
C:\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Prev.png->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Prev.png.vir
C:\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Prev_hover.png->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Prev_hover.png.vir
C:\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\settings.png->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\settings.png.vir
C:\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Thumbs.db->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Thumbs.db.vir
C:\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\close.png->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\close.png.vir
C:\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\closeBtn.png->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\closeBtn.png.vir
C:\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Next.png->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Next.png.vir
C:\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Next_hover.png->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Next_hover.png.vir
C:\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\powered-by.png->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\powered-by.png.vir
C:\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Prev.png->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Prev.png.vir
C:\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Prev_hover.png->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Prev_hover.png.vir
C:\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\settings.png->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\settings.png.vir
C:\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\settingsBtn.png->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\settingsBtn.png.vir
C:\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Thumbs.db->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Thumbs.db.vir
C:\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\close.png->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\close.png.vir
C:\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\closeBtn.png->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\closeBtn.png.vir
C:\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Next.png->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Next.png.vir
C:\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Next_hover.png->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Next_hover.png.vir
C:\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\powered-by.png->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\powered-by.png.vir
C:\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Prev.png->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Prev.png.vir
C:\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Prev_hover.png->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Prev_hover.png.vir
C:\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\settings.png->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\settings.png.vir
C:\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\settingsBtn.png->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\settingsBtn.png.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847.1000082.currentList.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847.1000082.currentList.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847.1000082.localStations.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847.1000082.localStations.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847.1000082.nowPlaying.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847.1000082.nowPlaying.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847.1000082.publisherStations.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847.1000082.publisherStations.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847.130068661007799818.search.selectedEngineId.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847.130068661007799818.search.selectedEngineId.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847.130068661007799818.search.settings.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847.130068661007799818.search.settings.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847.130068661007799818.search.user-enlargeBoxSettings.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847.130068661007799818.search.user-enlargeBoxSettings.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847.1774897_1765438_236176.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847.1774897_1765438_236176.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847.1774897_1765438_236177.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847.1774897_1765438_236177.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847.1774897_1765438_238533.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847.1774897_1765438_238533.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847.appOptions.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847.appOptions.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847.installUsage.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847.installUsage.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847.installUsageEarly.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847.installUsageEarly.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847.NotificationSettings.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847.NotificationSettings.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847.NotificationsHistory_1774897.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847.NotificationsHistory_1774897.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847.NOTIFICATION_ID.notifications-repository.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847.NOTIFICATION_ID.notifications-repository.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847.NOTIFICATION_ID.notifications-servicemap.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847.NOTIFICATION_ID.notifications-servicemap.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847.NOTIFICATION_ID.notifications-service_1774897.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847.NOTIFICATION_ID.notifications-service_1774897.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847.pg_conf_global.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847.pg_conf_global.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847.savedPositions.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847.savedPositions.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847.searchProtectorData.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847.searchProtectorData.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_10.15.2.24.serviceLayer_services_appsMetadata.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_10.15.2.24.serviceLayer_services_appsMetadata.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_10.15.2.24.serviceLayer_services_appTrackingFirstTime.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_10.15.2.24.serviceLayer_services_appTrackingFirstTime.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_10.15.2.24.serviceLayer_services_gottenAppsContextMenu.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_10.15.2.24.serviceLayer_services_gottenAppsContextMenu.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_10.15.2.24.serviceLayer_services_location.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_10.15.2.24.serviceLayer_services_location.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_10.15.2.24.serviceLayer_services_login.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_10.15.2.24.serviceLayer_services_login.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_10.15.2.24.serviceLayer_services_otherAppsContextMenu.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_10.15.2.24.serviceLayer_services_otherAppsContextMenu.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_10.15.2.24.serviceLayer_services_searchAPI.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_10.15.2.24.serviceLayer_services_searchAPI.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_10.15.2.24.serviceLayer_services_serviceMap.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_10.15.2.24.serviceLayer_services_serviceMap.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_10.15.2.24.serviceLayer_services_toolbarContextMenu.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_10.15.2.24.serviceLayer_services_toolbarContextMenu.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_10.15.2.24.serviceLayer_services_toolbarSettings.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_10.15.2.24.serviceLayer_services_toolbarSettings.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_10.15.2.24.serviceLayer_services_translation.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_10.15.2.24.serviceLayer_services_translation.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_10.15.2.24.serviceLayer_services_userApps.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_10.15.2.24.serviceLayer_services_userApps.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_10.22.5.510.serviceLayer_services_appsMetadata.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_10.22.5.510.serviceLayer_services_appsMetadata.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_10.22.5.510.serviceLayer_services_appTrackingFirstTime.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_10.22.5.510.serviceLayer_services_appTrackingFirstTime.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_10.22.5.510.serviceLayer_services_Configuration.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_10.22.5.510.serviceLayer_services_Configuration.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_10.22.5.510.serviceLayer_services_gottenAppsContextMenu.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_10.22.5.510.serviceLayer_services_gottenAppsContextMenu.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_10.22.5.510.serviceLayer_services_login.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_10.22.5.510.serviceLayer_services_login.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_10.22.5.510.serviceLayer_services_otherAppsContextMenu.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_10.22.5.510.serviceLayer_services_otherAppsContextMenu.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_10.22.5.510.serviceLayer_services_searchAPI.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_10.22.5.510.serviceLayer_services_searchAPI.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_10.22.5.510.serviceLayer_services_serviceMap.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_10.22.5.510.serviceLayer_services_serviceMap.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_10.22.5.510.serviceLayer_services_toolbarContextMenu.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_10.22.5.510.serviceLayer_services_toolbarContextMenu.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_10.22.5.510.serviceLayer_services_toolbarSettings.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_10.22.5.510.serviceLayer_services_toolbarSettings.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_10.22.5.510.serviceLayer_services_translation.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_10.22.5.510.serviceLayer_services_translation.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_RAW.serviceLayer_services_appsMetadata.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_RAW.serviceLayer_services_appsMetadata.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_RAW.serviceLayer_services_appTrackingFirstTime.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_RAW.serviceLayer_services_appTrackingFirstTime.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_RAW.serviceLayer_services_Configuration.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_RAW.serviceLayer_services_Configuration.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_RAW.serviceLayer_services_gottenAppsContextMenu.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_RAW.serviceLayer_services_gottenAppsContextMenu.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_RAW.serviceLayer_services_location.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_RAW.serviceLayer_services_location.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_RAW.serviceLayer_services_login.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_RAW.serviceLayer_services_login.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_RAW.serviceLayer_services_otherAppsContextMenu.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_RAW.serviceLayer_services_otherAppsContextMenu.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_RAW.serviceLayer_services_searchAPI.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_RAW.serviceLayer_services_searchAPI.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_RAW.serviceLayer_services_serviceMap.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_RAW.serviceLayer_services_serviceMap.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_RAW.serviceLayer_services_toolbarContextMenu.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_RAW.serviceLayer_services_toolbarContextMenu.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_RAW.serviceLayer_services_toolbarSettings.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_RAW.serviceLayer_services_toolbarSettings.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_RAW.serviceLayer_services_translation.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\CT3289847_RAW.serviceLayer_services_translation.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\serviceLayer_userApps_added.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\serviceLayer_userApps_added.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\serviceLayer_userApps_removed.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\serviceLayer_userApps_removed.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\ToolbarFullUserID.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\ToolbarFullUserID.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\ToolbarUserID.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\ToolbarUserID.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\toolbar_initializing_logger.txt.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\toolbar_initializing_logger.txt.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\uninstallData.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\uninstallData.txt.vir
C:\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\uninstallUrl.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\Conduit\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository\uninstallUrl.txt.vir
C:\Users\Chase\AppData\LocalLow\SmartWeb\Data\1.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\SmartWeb\Data\1.txt.vir
C:\Users\Chase\AppData\LocalLow\SmartWeb\Data\2229.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\SmartWeb\Data\2229.txt.vir
C:\Users\Chase\AppData\LocalLow\SmartWeb\Data\27472.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\SmartWeb\Data\27472.txt.vir
C:\Users\Chase\AppData\LocalLow\SmartWeb\Data\41014.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\SmartWeb\Data\41014.txt.vir
C:\Users\Chase\AppData\LocalLow\SmartWeb\Data\450.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\SmartWeb\Data\450.txt.vir
C:\Users\Chase\AppData\LocalLow\SmartWeb\Data\45092.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\SmartWeb\Data\45092.txt.vir
C:\Users\Chase\AppData\LocalLow\SmartWeb\Data\a.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\SmartWeb\Data\a.txt.vir
C:\Users\Chase\AppData\LocalLow\SmartWeb\Data\b.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\SmartWeb\Data\b.txt.vir
C:\Users\Chase\AppData\LocalLow\SmartWeb\Data\c.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\SmartWeb\Data\c.txt.vir
C:\Users\Chase\AppData\LocalLow\SmartWeb\Data\d.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\SmartWeb\Data\d.txt.vir
C:\Users\Chase\AppData\LocalLow\SmartWeb\Data\e.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\SmartWeb\Data\e.txt.vir
C:\Users\Chase\AppData\LocalLow\SmartWeb\Data\f.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\SmartWeb\Data\f.txt.vir
C:\Users\Chase\AppData\LocalLow\SmartWeb\Data\g.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\SmartWeb\Data\g.txt.vir
C:\Users\Chase\AppData\LocalLow\SmartWeb\Data\h.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\SmartWeb\Data\h.txt.vir
C:\Users\Chase\AppData\LocalLow\SmartWeb\Data\i.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\SmartWeb\Data\i.txt.vir
C:\Users\Chase\AppData\LocalLow\SmartWeb\Data\j.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\SmartWeb\Data\j.txt.vir
C:\Users\Chase\AppData\LocalLow\SmartWeb\Data\k.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\SmartWeb\Data\k.txt.vir
C:\Users\Chase\AppData\LocalLow\SmartWeb\Data\l.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\SmartWeb\Data\l.txt.vir
C:\Users\Chase\AppData\LocalLow\SmartWeb\Data\m.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\SmartWeb\Data\m.txt.vir
C:\Users\Chase\AppData\LocalLow\SmartWeb\Data\n.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\SmartWeb\Data\n.txt.vir
C:\Users\Chase\AppData\LocalLow\SmartWeb\Data\o.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\SmartWeb\Data\o.txt.vir
C:\Users\Chase\AppData\LocalLow\SmartWeb\Data\p.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\SmartWeb\Data\p.txt.vir
C:\Users\Chase\AppData\LocalLow\SmartWeb\Data\q.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\SmartWeb\Data\q.txt.vir
C:\Users\Chase\AppData\LocalLow\SmartWeb\Data\r.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\SmartWeb\Data\r.txt.vir
C:\Users\Chase\AppData\LocalLow\SmartWeb\Data\s.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\SmartWeb\Data\s.txt.vir
C:\Users\Chase\AppData\LocalLow\SmartWeb\Data\t.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\SmartWeb\Data\t.txt.vir
C:\Users\Chase\AppData\LocalLow\SmartWeb\Data\u.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\SmartWeb\Data\u.txt.vir
C:\Users\Chase\AppData\LocalLow\SmartWeb\Data\v.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\SmartWeb\Data\v.txt.vir
C:\Users\Chase\AppData\LocalLow\SmartWeb\Data\w.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\SmartWeb\Data\w.txt.vir
C:\Users\Chase\AppData\LocalLow\SmartWeb\Data\wlu.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\SmartWeb\Data\wlu.txt.vir
C:\Users\Chase\AppData\LocalLow\SmartWeb\Data\x.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\SmartWeb\Data\x.txt.vir
C:\Users\Chase\AppData\LocalLow\SmartWeb\Data\y.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\SmartWeb\Data\y.txt.vir
C:\Users\Chase\AppData\LocalLow\SmartWeb\Data\z.txt->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\LocalLow\SmartWeb\Data\z.txt.vir
C:\Users\UpdatusUser\AppData\Local\speed browser\User Data\Default\Local Storage\chrome-extension_igjjkeeamkpihpncmmbgdkhdnjpcfmfb_0.localstorage->C:\AdwCleaner\Quarantine\C\Users\UpdatusUser\AppData\Local\speed browser\User Data\Default\Local Storage\chrome-extension_igjjkeeamkpihpncmmbgdkhdnjpcfmfb_0.localstorage.vir
C:\Users\Public\Desktop\NewPlayer.lnk->C:\AdwCleaner\Quarantine\C\Users\Public\Desktop\NewPlayer.lnk.vir
C:\WINDOWS\System32\roboot64.exe->C:\AdwCleaner\Quarantine\C\WINDOWS\System32\roboot64.exe.vir
C:\Users\Chase\AppData\Roaming\aps.uninstall.scan.results->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\Roaming\aps.uninstall.scan.results.vir
C:\Users\Chase\Desktop\Continue Live Installation.lnk->C:\AdwCleaner\Quarantine\C\Users\Chase\Desktop\Continue Live Installation.lnk.vir
C:\Users\Chase\Desktop\Sync Folder.lnk->C:\AdwCleaner\Quarantine\C\Users\Chase\Desktop\Sync Folder.lnk.vir
C:\Users\Chase\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk.vir
C:\Users\Chase\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\Chrome.lnk->C:\AdwCleaner\Quarantine\C\Users\Chase\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\Chrome.lnk.vir

Thanks,
Ghost

Corrine · February 28, 2015, 12:23:09 AM

Looks like Malwarebytes just found the AdwCleaner log and nothing new. How is the computer working now?

Ghost · February 28, 2015, 12:27:40 AM

Hi Corrine,
Its running much better thank you;-)
Ghost

Corrine · February 28, 2015, 12:38:20 AM

If there are no further symptoms that your friend was experiencing, please do the following to take care of removing the tools used. You may also want to suggest he pay more attention when installing programs. His laptop was loaded with PUPs. In fact, he may want to consider Unchecky. The object of the software is to keep potentially unwanted programs from being installed by automatically unchecking unrelated offers. Unchecky also provides a warning when you try to accept a potentially unwanted offer. The program automatically updates when a new version is available.

Although an older article by How-to Geek, it provides additional information about Unchecky: How to Avoid Junkware Offers with Unchecky

Home Page: Unchecky

Note: Even with Unchecky, a "custom" install of software is still recommended. It is also advised to continue watching each screen while installing software for anything that Unchecky may have missed.

Please download Delfix from here.

Ensure the following boxes are checked:

Remove disinfection tools
Create registry backup
Purge system restore
Click Run

The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

Ghost · February 28, 2015, 12:59:28 AM

Hi Corrine,
Had to turn off Smart Screen before i could run Delfix.
# DelFix v10.9 - Logfile created 27/02/2015 at 19:54:41
# Updated 27/02/2015 by Xplode
# Username : Chase - MYPC
# Operating System : Windows 8.1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Chase\Desktop\Addition.txt
Deleted : C:\Users\Chase\Desktop\AdwCleaner[R0].txt
Deleted : C:\Users\Chase\Desktop\AdwCleaner[S0].txt
Deleted : C:\Users\Chase\Desktop\adwcleaner_4.111.exe
Deleted : C:\Users\Chase\Desktop\Fixlog.txt
Deleted : C:\Users\Chase\Desktop\Fixlog2.txt
Deleted : C:\Users\Chase\Desktop\FRST.txt
Deleted : C:\Users\Chase\Desktop\FRST64.exe
Deleted : C:\Users\Chase\Desktop\JRT log.txt
Deleted : C:\Users\Chase\Desktop\JRT.exe
Deleted : C:\Users\Chase\Desktop\JRT.txt
Deleted : C:\Users\Chase\Desktop\SecurityCheck.exe
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #40 [Scheduled Checkpoint | 01/18/2015 21:24:25]
Deleted : RP #41 [Windows Update | 02/25/2015 23:08:33]
Deleted : RP #43 [Restore Point Created by FRST | 02/27/2015 21:10:58]

New restore point created !

########## - EOF - ##########

Thanks,
Ghost

Corrine · February 28, 2015, 01:31:49 AM

Smart Screen Filter doesn't recognize Delfix as a well known program. Delfix certainly made cleaning the tools and logs a simple process though.

Ghost · February 28, 2015, 01:36:45 AM

Hi Corrine,

QuoteDelfix certainly made cleaning the tools and logs a simple process though.

You can say that agin with this one.
Thanks Corrine :rose:
Ghost

Ghost · February 28, 2015, 01:42:34 AM

and i did update Adobe.
Ghost

Corrine · February 28, 2015, 03:02:07 AM

As always, you are most welcome, Ghost!

(I knew you wouldn't forget Adobe Reader. :) )