Trojaner-Board - Extreme Anzahl an Popups/Ads Windows 8

Hallo Schrauber

vielen Dank dass Ich bin ab morgen bis Donnerstag auf einer Geschaeftsreise daher antworte ich wohl erst am Freitag wieder (evtl. bekomme ich morgen frueh / nachmittags noch eine weitere aktion hin... daher bitte nicht den Thread schliessen ;)

Hier sind die gewuenschten logs...

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2015 01
Ran by Chioma (administrator) on BADBETCH on 25-05-2015 17:05:08
Running from C:\Users\Chioma\Downloads
Loaded Profiles: Chioma (Available Profiles: Chioma)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Taiwan Shui Mu Chih Ching Technology Limited) C:\Program Files (x86)\Picexa\picexasvc.exe
(Windows SysTool) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
() C:\Windows\System32\valWBFPolicyService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(HDPlus-3.1TotalV10.02) C:\Program Files (x86)\TotalPlusHD-3.1V10.02\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-1-6.exe
(home) C:\Program Files (x86)\TheHDvid-Codec V10\ca527dc9-4b35-4cab-a8c4-a531fa291553-1-6.exe
(home) C:\Program Files (x86)\TheHDvid-Codec V10\ca527dc9-4b35-4cab-a8c4-a531fa291553-6.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe
(FileProperties_CompanyName) C:\Program Files (x86)\disco games\disco_games_notification_service.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIJJE.EXE
(PC Utilities Software Limited) C:\ProgramData\{22a93b49-5eb1-9ac2-22a9-93b495ebed25}\OPTISetup.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
(PC Utilities Software Limited) C:\Program Files (x86)\Optimizer Pro 3.38\OptProReminder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(PC Utilities Software Limited) C:\Program Files (x86)\Optimizer Pro 3.38\OptimizerPro.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
(FileProperties_CompanyName) C:\Program Files (x86)\disco games\disco_games_notification_service.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YUBJJE.EXE
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-08-03] (IDT, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [509192 2014-12-01] (Hewlett-Packard Development Company, L.P.)
HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro 3.38\OptProLauncher.exe [148024 2015-02-09] (PC Utilities Software Limited)
HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [283232 2015-01-19] (SEIKO EPSON CORPORATION)
Startup: C:\Users\Chioma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OPTISetup.lnk [2015-02-10]
ShortcutTarget: OPTISetup.lnk -> C:\ProgramData\{22a93b49-5eb1-9ac2-22a9-93b495ebed25}\OPTISetup.exe (PC Utilities Software Limited)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hppp&ts=1423590475&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hppp&ts=1423590475&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423590407&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423590407&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hppp&ts=1423590475&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hppp&ts=1423590475&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423590407&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423590407&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX&q={searchTerms}
HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hppp&ts=1423590475&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX
HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hppp&ts=1423590475&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX
HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1423590475&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX&q={searchTerms}
HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1423590475&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423590407&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423590407&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423590407&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423590407&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3740528191-2975148286-2186109717-1002 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3740528191-2975148286-2186109717-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3740528191-2975148286-2186109717-1002 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3740528191-2975148286-2186109717-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3740528191-2975148286-2186109717-1002 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: saaverebioX -> {712185FF-60C8-4FB6-8727-BDFAD10AFCEA} -> C:\Program Files (x86)\saaverebioX\dilFIapx5sl9BK.x64.dll [2015-05-19] ()
BHO: PrinceCOupoon -> {94C45CCB-66C0-4823-9E5A-C6933CF5CA0C} -> C:\Program Files (x86)\PrinceCOupoon\W535iNW4l3K9Kx.x64.dll [2015-05-21] ()
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO: LuckYCOuupuone -> {E3876FB7-B1BD-4C77-BD50-94165251F7B5} -> C:\Program Files (x86)\LuckYCOuupuone\U2O5FrVLw8OBxo.x64.dll [2015-05-21] ()
BHO-x32: LuckyTab Class -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> C:\Program Files (x86)\XTab\SupTab.dll [2015-05-20] (Thinknice Co. Limited)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-05] (Symantec Corporation)
BHO-x32: saaverebioX -> {712185FF-60C8-4FB6-8727-BDFAD10AFCEA} -> C:\Program Files (x86)\saaverebioX\dilFIapx5sl9BK.dll [2015-05-19] ()
BHO-x32: PrinceCOupoon -> {94C45CCB-66C0-4823-9E5A-C6933CF5CA0C} -> C:\Program Files (x86)\PrinceCOupoon\W535iNW4l3K9Kx.dll [2015-05-21] ()
BHO-x32: LuckYCOuupuone -> {E3876FB7-B1BD-4C77-BD50-94165251F7B5} -> C:\Program Files (x86)\LuckYCOuupuone\U2O5FrVLw8OBxo.dll [2015-05-21] ()
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3740528191-2975148286-2186109717-1002 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1423590407&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX

FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll [2012-08-08] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll [2013-06-07] ( HP)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-02-02] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-13] (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin HKU\S-1-5-21-3740528191-2975148286-2186109717-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Chioma\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn [2015-05-23]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-13]
CHR Extension: (Google Drive) - C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-13]
CHR Extension: (YouTube) - C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-13]
CHR Extension: (Adblock Plus) - C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-24]
CHR Extension: (cghglbggfogikpminlhbocmmbkppikhf) - C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Extensions\cghglbggfogikpminlhbocmmbkppikhf [2015-02-17]
CHR Extension: (Google Search) - C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-13]
CHR Extension: (eokdcgmibpioegghefegkcdjcbiggefe) - C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Extensions\eokdcgmibpioegghefegkcdjcbiggefe [2015-02-17]
CHR Extension: (Norton Identity Safe) - C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-09-21]
CHR Extension: (Website Logon) - C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanflfepiobnpjbljmngfgegijhdpljm [2014-02-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-20]
CHR Extension: (Bookmark) - C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Extensions\naghkjogakhpimmejjmakpmnbdeccinm [2015-05-21]
CHR Extension: (Effective Measure Community Plugin) - C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkgdmfemjeohjmeeabffnombnpkkogjm [2015-04-20]
CHR Extension: (Google Wallet) - C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-13]
CHR Extension: (Simple Units Converter) - C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjehmknlpomniikcbeldooclffegofcc [2015-02-25]
CHR Extension: (Gmail) - C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-13]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-24]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kanflfepiobnpjbljmngfgegijhdpljm] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2013-04-01]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 4ef60154; c:\Program Files (x86)\Optimizer Pro 3.38\OptProMon.dll [1652280 2015-02-10] () <==== ATTENTION
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-02-15] (Advanced Micro Devices, Inc.) []
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-06-07] (HP)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) []
S2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [573704 2014-12-01] (Hewlett-Packard Development Company, L.P.)
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [157824 2015-05-20] (XTab system)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe [276336 2015-03-07] (Symantec Corporation)
R2 PicexaService; C:\Program Files (x86)\Picexa\PicexaSvc.exe [393880 2015-05-20] (Taiwan Shui Mu Chih Ching Technology Limited)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2014-08-03] (IDT, Inc.) []
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-08] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2013-02-12] () []
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-08-03] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [602112 2015-05-20] (Windows SysTool) [] <==== ATTENTION

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3880448 2013-11-13] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-22] (Advanced Micro Devices)
R3 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1507000.00B\ccSetx64.sys [162392 2014-02-25] (Symantec Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-18] (Symantec Corporation)
R3 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\IPSDefs\20140701.001\IDSvia64.sys [525016 2014-04-11] (Symantec Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20140702.001\ENG64.SYS [126040 2014-06-03] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20140702.001\EX64.SYS [2099288 2014-06-03] (Symantec Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290520 2014-08-03] (Realtek Semiconductor Corp.)
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [30448 2014-08-04] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [31984 2013-02-06] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1507000.00B\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1507000.00B\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1507000.00B\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1507000.00B\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1507000.00B\SymELAM.sys [23568 2013-10-30] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-04-13] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1507000.00B\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-25 17:05 - 2015-05-25 17:05 - 00026244 _____ () C:\Users\Chioma\Downloads\FRST.txt
2015-05-25 17:05 - 2015-05-25 17:05 - 00000000 ____D () C:\FRST
2015-05-25 17:04 - 2015-05-25 17:04 - 02108416 _____ (Farbar) C:\Users\Chioma\Downloads\FRST64.exe
2015-05-25 17:04 - 2015-05-25 17:04 - 02108416 _____ (Farbar) C:\Users\Chioma\Downloads\FRST64 (1).exe
2015-05-21 09:05 - 2015-05-21 09:05 - 00000000 ____D () C:\Program Files (x86)\RoyoalCouppon
2015-05-21 09:05 - 2015-05-21 09:05 - 00000000 ____D () C:\Program Files (x86)\PrinceCOupoon
2015-05-21 09:05 - 2015-05-21 09:05 - 00000000 ____D () C:\Program Files (x86)\LuckYCOuupuone
2015-05-21 09:04 - 2015-05-21 09:04 - 00000000 ____D () C:\Program Files (x86)\Bookmark
2015-05-20 23:28 - 2015-05-23 09:54 - 00000000 ____D () C:\Program Files (x86)\Picexa
2015-05-20 23:28 - 2015-05-20 23:28 - 00001812 _____ () C:\Users\Public\Desktop\Picexa.lnk
2015-05-20 23:28 - 2015-05-20 23:28 - 00000000 ____D () C:\Users\Chioma\AppData\Roaming\Picexa Viewer
2015-05-20 23:28 - 2015-05-20 23:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picexa
2015-05-20 22:54 - 2015-05-24 20:02 - 00000024 _____ () C:\Users\Chioma\AppData\Roaming\appdataFr25.bin
2015-05-20 11:59 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-20 11:59 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-19 12:04 - 2015-03-17 19:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-05-19 12:04 - 2015-03-09 04:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-05-19 12:03 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-19 12:03 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-19 12:02 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-19 12:02 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-19 12:02 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-19 12:02 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-05-19 12:02 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-19 12:02 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-05-19 12:02 - 2014-11-14 08:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-05-19 11:56 - 2015-04-14 00:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-05-19 11:56 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-19 11:56 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-19 11:56 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-05-19 11:56 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-05-19 11:56 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-05-19 11:56 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-05-19 11:56 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-05-19 11:56 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-05-19 11:56 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-05-19 11:50 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-05-19 11:50 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-05-19 11:50 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-05-19 11:50 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-05-19 11:50 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-05-19 11:50 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-05-19 11:50 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-05-19 11:50 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-05-19 11:50 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-05-19 11:50 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-05-19 11:50 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-05-19 11:50 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-05-19 11:50 - 2015-04-21 18:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-05-19 11:50 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-05-19 11:50 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-05-19 11:50 - 2015-04-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-05-19 11:50 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-05-19 11:50 - 2015-04-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-05-19 11:50 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-05-19 11:50 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-19 11:50 - 2015-04-21 17:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-05-19 11:50 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-05-19 11:50 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-05-19 11:50 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-05-19 11:50 - 2015-04-21 17:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-05-19 11:50 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-05-19 11:50 - 2015-04-21 17:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-05-19 11:50 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-05-19 11:50 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-05-19 11:50 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-05-19 11:50 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-05-19 11:50 - 2015-04-21 17:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-05-19 11:50 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-05-19 11:50 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-05-19 11:50 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-05-19 11:50 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-05-19 11:50 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-05-19 11:50 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-05-19 11:50 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-05-19 11:50 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-19 11:50 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-05-19 11:50 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-05-19 11:50 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-19 11:50 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-05-19 11:50 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-05-19 11:50 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-05-19 11:50 - 2015-03-13 06:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-05-19 11:50 - 2015-03-13 06:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-05-19 11:50 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-05-19 11:50 - 2015-03-13 02:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-05-19 11:50 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-05-19 11:50 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-05-19 11:50 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-05-19 11:50 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-05-19 11:50 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-05-19 11:50 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-05-19 11:46 - 2015-05-19 11:46 - 00000000 ____D () C:\Program Files (x86)\saaverebioX
2015-05-05 16:15 - 2015-05-19 11:46 - 00000000 ____D () C:\Program Files (x86)\SAlesMaaugnet
2015-05-05 16:14 - 2015-05-19 11:46 - 00000000 ____D () C:\Program Files (x86)\ClickoForSale
2015-05-05 16:14 - 2015-05-05 16:14 - 00000000 ____D () C:\Program Files (x86)\Talking Tom Cat Kid Ginger
2015-05-05 16:14 - 2015-05-05 16:14 - 00000000 ____D () C:\Program Files (x86)\ShopperMAster
2015-04-30 07:52 - 2015-05-19 11:46 - 00000000 ____D () C:\Program Files (x86)\eAsytoshoop
2015-04-28 13:34 - 2015-04-28 13:34 - 01712640 _____ (Bandoo Media Inc) C:\Users\Chioma\Downloads\iLividSetup-r1734-n-bc (2).exe
2015-04-28 13:34 - 2015-04-28 13:34 - 01712640 _____ (Bandoo Media Inc) C:\Users\Chioma\Downloads\iLividSetup-r1734-n-bc (1).exe
2015-04-28 13:33 - 2015-04-28 13:33 - 01712640 _____ (Bandoo Media Inc) C:\Users\Chioma\Downloads\iLividSetup-r1734-n-bc.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-25 17:03 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-25 17:01 - 2015-04-04 23:20 - 00000000 ____D () C:\ProgramData\EPSON
2015-05-25 15:33 - 2015-04-19 14:33 - 00001348 _____ () C:\WINDOWS\Tasks\disco_games_notification_service.job
2015-05-25 15:30 - 2014-08-02 17:09 - 01579814 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-25 15:30 - 2014-01-05 20:05 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3740528191-2975148286-2186109717-1002
2015-05-25 15:19 - 2014-01-05 19:57 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CD8F2EDA-FDC7-4E5E-AF44-F4526782A5B1}
2015-05-25 15:17 - 2015-02-10 19:49 - 00003258 _____ () C:\WINDOWS\System32\Tasks\Optimizer Pro Schedule
2015-05-24 20:50 - 2015-02-10 19:50 - 00003158 _____ () C:\WINDOWS\Tasks\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-1-6.job
2015-05-24 20:50 - 2015-02-10 19:50 - 00002132 _____ () C:\WINDOWS\Tasks\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-10_user.job
2015-05-24 20:45 - 2015-02-10 19:45 - 00003152 _____ () C:\WINDOWS\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-1-6.job
2015-05-24 20:44 - 2015-02-10 19:44 - 00005532 _____ () C:\WINDOWS\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-6.job
2015-05-24 20:44 - 2015-02-10 19:44 - 00002126 _____ () C:\WINDOWS\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-10_user.job
2015-05-24 20:35 - 2014-01-29 12:30 - 00000950 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3740528191-2975148286-2186109717-1002UA.job
2015-05-24 20:11 - 2015-02-10 19:43 - 00000000 ____D () C:\Users\Chioma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLVPlayer
2015-05-24 20:11 - 2014-01-05 20:01 - 00000000 ____D () C:\Users\Chioma\AppData\Roaming\Macromedia
2015-05-24 20:04 - 2014-01-20 00:40 - 00000000 ____D () C:\Users\Chioma\Documents\Youcam
2015-05-24 20:02 - 2014-08-03 13:05 - 00000000 ___DO () C:\Users\Chioma\OneDrive
2015-05-24 20:01 - 2015-04-20 14:37 - 00000004 _____ () C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-05-24 20:01 - 2015-04-19 14:33 - 00000710 _____ () C:\WINDOWS\Tasks\disco_games_updating_service.job
2015-05-24 20:01 - 2015-02-10 19:50 - 00003494 _____ () C:\WINDOWS\Tasks\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-1-7.job
2015-05-24 20:01 - 2015-02-10 19:50 - 00002466 _____ () C:\WINDOWS\Tasks\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-5_user.job
2015-05-24 20:01 - 2015-02-10 19:50 - 00002466 _____ () C:\WINDOWS\Tasks\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-5.job
2015-05-24 20:01 - 2015-02-10 19:46 - 00001014 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-05-24 20:01 - 2015-02-10 19:45 - 00003152 _____ () C:\WINDOWS\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-1-7.job
2015-05-24 20:01 - 2015-02-10 19:45 - 00002460 _____ () C:\WINDOWS\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-5_user.job
2015-05-24 20:01 - 2015-02-10 19:45 - 00002460 _____ () C:\WINDOWS\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-5.job
2015-05-24 20:01 - 2015-02-10 19:44 - 00005196 _____ () C:\WINDOWS\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-7.job
2015-05-24 20:01 - 2015-01-24 22:38 - 00000344 _____ () C:\WINDOWS\Tasks\GlaryInitialize.job
2015-05-24 20:01 - 2014-02-13 00:36 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-24 20:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-23 09:56 - 2014-03-18 12:03 - 00956476 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-23 09:54 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-05-23 09:51 - 2015-03-25 17:22 - 00000354 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForChioma.job
2015-05-23 09:51 - 2014-03-18 11:54 - 00021836 _____ () C:\WINDOWS\PFRO.log
2015-05-23 09:51 - 2013-08-22 16:46 - 00306350 _____ () C:\WINDOWS\setupact.log
2015-05-23 09:51 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-23 09:51 - 2013-08-22 16:44 - 00381368 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-23 09:49 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-23 09:47 - 2015-04-20 14:52 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-05-23 09:47 - 2015-04-20 14:52 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-05-23 09:47 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-05-23 09:47 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers
2015-05-22 12:55 - 2015-02-10 19:46 - 00001018 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-05-21 16:20 - 2014-02-13 00:36 - 00002420 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-21 09:05 - 2015-02-25 16:09 - 00000000 ____D () C:\ProgramData\3385033030442911627
2015-05-20 23:24 - 2015-02-10 19:48 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-05-20 23:24 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-20 23:23 - 2015-02-10 19:47 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-05-20 22:38 - 2015-03-25 17:22 - 00003170 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForChioma
2015-05-20 22:37 - 2014-01-08 23:38 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2015-05-20 11:59 - 2014-01-07 21:49 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-05-19 17:21 - 2014-01-07 21:49 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-19 14:18 - 2014-03-18 11:45 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-19 12:13 - 2014-02-13 00:36 - 00003896 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-19 12:13 - 2014-02-13 00:36 - 00003660 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-19 12:13 - 2014-02-13 00:36 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-19 11:48 - 2014-02-01 20:59 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-05-19 11:46 - 2015-04-04 23:41 - 00000000 ____D () C:\Program Files (x86)\saverOn
2015-05-19 11:35 - 2014-01-29 12:30 - 00000928 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3740528191-2975148286-2186109717-1002Core.job
2015-05-09 00:15 - 2015-03-02 16:38 - 00000020 _____ () C:\Users\Chioma\AppData\Roaming\appdataFr3.bin
2015-05-05 19:59 - 2015-03-12 18:17 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-05-05 19:59 - 2015-03-12 18:17 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-30 07:52 - 2015-04-20 15:15 - 00000000 ____D () C:\Program Files (x86)\RoyalSheopuperAPp
2015-04-30 07:52 - 2015-04-20 15:15 - 00000000 ____D () C:\Program Files (x86)\LLuckyCouuPon
2015-04-30 07:52 - 2015-03-23 14:06 - 00000000 ____D () C:\Program Files (x86)\ExtraSHoppEr
2015-04-30 07:52 - 2015-03-23 14:05 - 00000000 ____D () C:\Program Files (x86)\SihOpuperMasatero
2015-04-30 07:52 - 2015-03-06 14:57 - 00000000 ____D () C:\Program Files (x86)\FlAoshCoupon

==================== Files in the root of some directories =======

2015-05-20 22:54 - 2015-05-24 20:02 - 0000024 _____ () C:\Users\Chioma\AppData\Roaming\appdataFr25.bin
2015-03-02 16:38 - 2015-05-09 00:15 - 0000020 _____ () C:\Users\Chioma\AppData\Roaming\appdataFr3.bin

Some files in TEMP:
====================
C:\Users\Chioma\AppData\Local\Temp\Extract.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-23 10:02

==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015 01
Ran by Chioma at 2015-05-25 17:06:57
Running from C:\Users\Chioma\Downloads
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3740528191-2975148286-2186109717-500 - Administrator - Disabled)
Chioma (S-1-5-21-3740528191-2975148286-2186109717-1002 - Administrator - Enabled) => C:\Users\Chioma
Guest (S-1-5-21-3740528191-2975148286-2186109717-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3740528191-2975148286-2186109717-1004 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Disabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Out of date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{6E20D0AE-0E89-2FE7-4F69-C1A2799EFA65}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.87 - AuthenTec, Inc.) Hidden
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bookmark (HKLM-x32\...\{F6423EE4-93D8-FA04-D09D-A8598F6EFDFD}) (Version: - "") <==== ATTENTION
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2606 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.4.4218 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
deAL4me (HKLM-x32\...\{09854D8E-46B5-057B-5B6E-BFD2A04AD5AB}) (Version: - "") <==== ATTENTION
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Effective Measure Community Plugin (HKLM-x32\...\{8B114619-78B7-1CFF-55EF-74266954F883}) (Version: - "")
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series) (Version: - SEIKO EPSON Corporation)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Glary Utilities 2.56.0.1822 (HKLM-x32\...\Glary Utilities_is1) (Version: 2.56.0.1822 - Glarysoft Ltd)
GoldenCoupon (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version: - GoldenCoupon) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP 3D DriveGuard (HKLM-x32\...\{13133E99-B0D5-4143-B832-AAD55C62A41C}) (Version: 6.0.19.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{0FEE0C28-850D-4AC0-92E7-57D214134102}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6317.4309 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\{4BACA3B8-F63A-44ED-9A8D-48B4D02AD268}) (Version: 6.0.100.276 - Hewlett-Packard)
HP System Event Utility (HKLM-x32\...\{3EDAF5B5-0CA9-4967-B103-FBFF1162C336}) (Version: 1.2.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{73237EBB-B26F-4628-8754-4EFE563D72E9}) (Version: 2.1.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6491.0 - IDT)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
KingCoaupon (HKLM-x32\...\{5C28578D-D0F1-699F-01B0-CC0653A28C11}) (Version: - "") <==== ATTENTION
LuckYCOuupuone (HKLM-x32\...\{BA5D43C9-D633-D0EC-CFEA-2ABA974B333D}) (Version: - "") <==== ATTENTION
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4719.1002 - Microsoft Corporation)
Microsoft Office Korrekturhilfen 2013 - Deutsch (HKLM-x32\...\{90150000-001F-0407-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.7.0.11 - Symantec Corporation)
OEM Application Profile (HKLM-x32\...\{C89A97B6-F991-EBB5-77B7-927BCF420EBE}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version: 3.2.0.3 - PC Utilities Software Limited) <==== ATTENTION
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Picexa (HKLM-x32\...\Picexa) (Version: - Taiwan Shui Mu Chih Ching Technology Limited)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
PrinceCOupoon (HKLM-x32\...\{D86C82B0-1F02-816A-5F3D-6466F6A67566}) (Version: - "") <==== ATTENTION
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickMark QR Code Extension (HKLM-x32\...\{B10BC31B-DBC6-56FE-DD3D-DD4E49A3E6CE}) (Version: - "") <==== ATTENTION
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29070 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
RoyoalCouppon (HKLM-x32\...\{40DC4B27-4588-C56F-7737-D03A0ACE4383}) (Version: - "") <==== ATTENTION
saaverebioX (HKLM-x32\...\{CA8C94BE-9F47-1B2E-90F8-D8C07119BD96}) (Version: - "") <==== ATTENTION
SaaveRPRuo (HKLM-x32\...\{94851E46-5E5B-DD67-2593-709E8D27DC4C}) (Version: - SaverPro) <==== ATTENTION
ShopperMAster (HKLM-x32\...\{35E0D123-1F22-9AE6-F973-B7ECA46E8BFE}) (Version: - "") <==== ATTENTION
Simple Units Converter (HKLM-x32\...\{AE9B04F2-E9E8-162C-829B-52C116B3EFCC}) (Version: - "") <==== ATTENTION
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.0 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Talking Tom Cat Kid Ginger (HKLM-x32\...\{3DE8A1D7-C77F-E02A-70DD-31D29EC5B988}) (Version: - "")
TheHDvid-Codec V10 (HKLM-x32\...\TheHDvid-Codec V10) (Version: 1.36.01.22 - home) <==== ATTENTION
TotalPlusHD-3.1V10.02 (HKLM-x32\...\TotalPlusHD-3.1V10.02) (Version: 1.36.01.22 - HDPlus-3.1TotalV10.02) <==== ATTENTION
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Validity WBF DDK (HKLM\...\{3DA747CA-A84B-4821-9F18-5807214AB79A}) (Version: 4.5.117.0 - Validity Sensors, Inc.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3740528191-2975148286-2186109717-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Chioma\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3740528191-2975148286-2186109717-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Chioma\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3740528191-2975148286-2186109717-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Chioma\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3740528191-2975148286-2186109717-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Chioma\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

30-04-2015 10:14:25 Scheduled Checkpoint
09-05-2015 01:38:02 Scheduled Checkpoint
19-05-2015 14:16:31 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02B7C204-1425-4B82-BB61-F5794A292425} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3740528191-2975148286-2186109717-1002UA => C:\Users\Chioma\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-01-29] (Facebook Inc.)
Task: {133C6B3D-2DFB-4C1F-B121-0F836724E7D3} - System32\Tasks\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-5_user => C:\Program Files (x86)\TotalPlusHD-3.1V10.02\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-5.exe [2015-02-10] (HDPlus-3.1TotalV10.02) <==== ATTENTION
Task: {1DFAD26E-49BA-4BCA-B912-E255164C024C} - System32\Tasks\disco_games_notification_service => C:\Program Files (x86)\disco games\disco_games_notification_service.exe [2015-04-19] (FileProperties_CompanyName) <==== ATTENTION
Task: {1FF5EE6A-AF3E-46AB-B269-07EC53D7414A} - System32\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-1-7 => C:\Program Files (x86)\TheHDvid-Codec V10\ca527dc9-4b35-4cab-a8c4-a531fa291553-1-7.exe [2015-02-10] (home) <==== ATTENTION
Task: {2ADD45F5-487E-4659-876D-E650F9151882} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {35A90255-CEB5-4609-B4EC-4006E67027E3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {3801BC30-7974-45DF-AAF2-37C3F6C2157E} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro 3.38\OptProLauncher.exe [2015-02-09] (PC Utilities Software Limited) <==== ATTENTION
Task: {4217942D-1418-486A-BEA4-010901C80046} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {48AD620B-0B90-415E-BCE4-3A3D974F66EC} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {4B466DB4-CE0B-4EE6-951A-67E7EEF9A676} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {4C6201CF-93B9-4EAB-811E-83376B62F1DD} - System32\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-10_user => C:\Program Files (x86)\TheHDvid-Codec V10\ca527dc9-4b35-4cab-a8c4-a531fa291553-10.exe [2015-02-10] (home) <==== ATTENTION
Task: {5776CA24-9199-4523-9997-33703FC0A639} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-08-04] (Synaptics Incorporated)
Task: {5AC69F4A-18C8-475A-B63A-C1B0249CD3B0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-13] (Google Inc.)
Task: {5E293F0A-CE09-4137-9D08-28DF9D703464} - System32\Tasks\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-5 => C:\Program Files (x86)\TotalPlusHD-3.1V10.02\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-5.exe [2015-02-10] (HDPlus-3.1TotalV10.02) <==== ATTENTION
Task: {643068F4-18F8-48B3-A995-1236C92265F3} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2012-11-06] (Hewlett-Packard Development Company, L.P.)
Task: {68823E54-2264-44C3-B773-7FF102506A95} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {718D2554-0F5E-4B47-B1A2-878A7247F83A} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)
Task: {7C97EF7C-28B5-4FA8-B2B5-5090314C43A3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {8A2648E5-AE6D-4A7F-B816-8524D37534A4} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {8F531052-44C1-4F85-BFD9-8709321BF96B} - System32\Tasks\HPCeeScheduleForChioma => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {93A73423-36C7-4FCE-B67B-44E097E5F60E} - System32\Tasks\disco_games_updating_service => C:\Program Files (x86)\disco games\disco_games_updating_service.exe [2015-04-19] () <==== ATTENTION
Task: {9C41BC4F-DC7F-4423-9CE8-D6AEE8A5F1AF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-19] (Microsoft Corporation)
Task: {A2DC4655-1DF6-4D8F-A9E5-B7A9010E67FC} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2013-05-27] (Glarysoft Ltd)
Task: {A3B3B930-CA87-4571-A549-00DE4DB273AA} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-06-18] (CyberLink Corp.)
Task: {A6658E43-6166-48A1-AA1B-29F5B2A310AB} - System32\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-5 => C:\Program Files (x86)\TheHDvid-Codec V10\ca527dc9-4b35-4cab-a8c4-a531fa291553-5.exe [2015-02-10] (home) <==== ATTENTION
Task: {B4FE9F48-6220-426B-BBD7-CE0EE1A30089} - System32\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-5_user => C:\Program Files (x86)\TheHDvid-Codec V10\ca527dc9-4b35-4cab-a8c4-a531fa291553-5.exe [2015-02-10] (home) <==== ATTENTION
Task: {B559962B-9E9A-4E10-8A76-DC8C5DC3FBA1} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {B86B12BC-2141-45DD-B8E3-1CB9498AB0BC} - System32\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-1-6 => C:\Program Files (x86)\TheHDvid-Codec V10\ca527dc9-4b35-4cab-a8c4-a531fa291553-1-6.exe [2015-02-10] (home) <==== ATTENTION
Task: {C6EDAEF4-9C77-4C96-A192-320BDD9D0E60} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {C75E49AB-FFE0-4C8D-A8C4-048E59F43362} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {C7F12507-A041-4660-9E88-41C98F1E26DE} - System32\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-6 => C:\Program Files (x86)\TheHDvid-Codec V10\ca527dc9-4b35-4cab-a8c4-a531fa291553-6.exe [2015-02-10] (home) <==== ATTENTION
Task: {C7F77CD9-00BE-4FCE-B8A1-2B2545576131} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {C96B3B42-0861-458C-A926-E598C0217680} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {CAB881E2-359B-413E-971A-EB8DF0F9E9E5} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3740528191-2975148286-2186109717-1002Core => C:\Users\Chioma\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-01-29] (Facebook Inc.)
Task: {CC5A1771-2E4E-4609-B3C8-AA41B25CE2A3} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exe [2015-03-07] (Symantec Corporation)
Task: {CCC97BEA-58F2-4F21-82B2-1C75D6B39335} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {CECD85C6-A2B4-41AE-9821-555D6AA39BCE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-13] (Google Inc.)
Task: {DFD59543-B0E3-497A-8280-D5A0AD787148} - System32\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-7 => C:\Program Files (x86)\TheHDvid-Codec V10\ca527dc9-4b35-4cab-a8c4-a531fa291553-7.exe [2015-02-10] (home) <==== ATTENTION
Task: {E668EA51-9B1C-4045-BE57-446AA7007E5E} - System32\Tasks\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-10_user => C:\Program Files (x86)\TotalPlusHD-3.1V10.02\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-10.exe [2015-02-10] (HDPlus-3.1TotalV10.02) <==== ATTENTION
Task: {EAEE0ACC-75C3-441A-94BB-53BE5852B69D} - System32\Tasks\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-1-6 => C:\Program Files (x86)\TotalPlusHD-3.1V10.02\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-1-6.exe [2015-02-10] (HDPlus-3.1TotalV10.02) <==== ATTENTION
Task: {FCC22E2C-2871-4ABE-A096-537495A27030} - System32\Tasks\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-1-7 => C:\Program Files (x86)\TotalPlusHD-3.1V10.02\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-1-7.exe [2015-02-10] (HDPlus-3.1TotalV10.02) <==== ATTENTION
Task: C:\WINDOWS\Tasks\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-1-6.job => C:\Program Files (x86)\TotalPlusHD-3.1V10.02\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-1-6.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-1-7.job => C:\Program Files (x86)\TotalPlusHD-3.1V10.02\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-1-7.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-10_user.job => C:\Program Files (x86)\TotalPlusHD-3.1V10.02\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-10.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-5.job => C:\Program Files (x86)\TotalPlusHD-3.1V10.02\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-5_user.job => C:\Program Files (x86)\TotalPlusHD-3.1V10.02\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-1-6.job => C:\Program Files (x86)\TheHDvid-Codec V10\ca527dc9-4b35-4cab-a8c4-a531fa291553-1-6.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-1-7.job => C:\Program Files (x86)\TheHDvid-Codec V10\ca527dc9-4b35-4cab-a8c4-a531fa291553-1-7.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-10_user.job => C:\Program Files (x86)\TheHDvid-Codec V10\ca527dc9-4b35-4cab-a8c4-a531fa291553-10.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-5.job => C:\Program Files (x86)\TheHDvid-Codec V10\ca527dc9-4b35-4cab-a8c4-a531fa291553-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-5_user.job => C:\Program Files (x86)\TheHDvid-Codec V10\ca527dc9-4b35-4cab-a8c4-a531fa291553-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-6.job => C:\Program Files (x86)\TheHDvid-Codec V10\ca527dc9-4b35-4cab-a8c4-a531fa291553-6.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-7.job => C:\Program Files (x86)\TheHDvid-Codec V10\ca527dc9-4b35-4cab-a8c4-a531fa291553-7.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\disco_games_notification_service.job => C:\Program Files (x86)\disco games\disco_games_notification_service.exeç/url='http:/cdn.selectbestopt.com/notf_sys/index.html' /crregname='disco games' /appid='73143' /srcid='2913' /bic='4c8eb99164d3abbe66c6dd1e8cc3735f' /verifier='1d4c29463ec5784568cdb5a64c286661' /installerversion='1.50.3.10' /statsdomain='http:/stats.buildomserv.com/data.gif?' /errorsdomain='http:/stats.buildomserv.com/data.gif?' /monetizationdomain='http:/logs.buildomserv.com/monetization.gif <==== ATTENTION
Task: C:\WINDOWS\Tasks\disco_games_updating_service.job => C:\Program Files (x86)\disco games\disco_games_updating_service.exe¬ /campid=2913 /verid=1 /url=http:/cdn.buildomserv.com/txt/@CAMPID@/@VER@/file.txt /appid=73143 /taskname=disco_games_updating_service /funurl=http:/stats.buildomserv.com <==== ATTENTION
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3740528191-2975148286-2186109717-1002Core.job => C:\Users\Chioma\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3740528191-2975148286-2186109717-1002UA.job => C:\Users\Chioma\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GKKOhgbCSLNe7s9oxnv9Rk2.job => C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\GKKOhgbCSLNe7s9oxnv9Rk2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForChioma.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2013-02-15 03:31 - 2013-02-15 03:31 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-24 15:48 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-02-12 14:49 - 2013-02-12 14:49 - 00028160 _____ () C:\Windows\system32\valWBFPolicyService.exe
2015-03-17 23:28 - 2015-01-27 17:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-06-07 06:16 - 2013-06-07 06:16 - 04073768 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
2013-02-15 03:31 - 2013-02-15 03:31 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-05-09 13:41 - 2015-05-09 13:41 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\ErrorReporting.dll
2015-02-10 19:48 - 2015-02-10 19:48 - 01652280 _____ () c:\Program Files (x86)\Optimizer Pro 3.38\OptProMon.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-02-10 19:44 - 2015-02-10 19:44 - 00170968 _____ () C:\Program Files (x86)\TheHDvid-Codec V10\1063fdfd-805c-4d41-89e3-bf2055edd77c.dll
2015-05-21 16:20 - 2015-05-13 18:48 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\libglesv2.dll
2015-05-21 16:20 - 2015-05-13 18:48 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\libegl.dll
2015-05-21 16:20 - 2015-05-13 18:48 - 14982472 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Chioma\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{32841BC2-9775-49CF-9D61-E45D280CEC6A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{B91A858A-B217-424D-9330-5B18EE376B7C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{369A9516-0F57-46F2-80E9-F7E923D3C01F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B31BA9EE-3C82-447E-AEBC-32C526C40D3D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{84553A48-E708-4B4D-9B4A-794211C04C7F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CA244AE0-6C59-428F-A03E-AD0094CF04EB}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{4FA42755-80A1-45AB-86A2-01622E1659AC}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{D9BF3FCC-E709-4E39-911A-41298764C1DC}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{B6A7368B-F8D8-4110-BD32-96F4456085D3}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{DB551738-CE8E-45E3-9168-B10CB9BFC4CC}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{107CCCD9-102C-42C5-B99F-BC94E1C50BAC}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{D57C1609-16EF-4A0C-948D-DE0B4FAD0A24}] => (Allow) LPort=1900
FirewallRules: [{8DD77125-D88F-465A-AFB9-CB107F9D174B}] => (Allow) LPort=2869
FirewallRules: [{27077106-8A6C-41A4-B624-C249BF97FA6A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{89DC1184-B3C8-4354-A0D2-96D4B9C15A29}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{A162CB2A-4AA0-4C6B-8F03-96BEE413B176}] => (Allow) C:\Users\Chioma\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{01A1639D-4E8F-4360-9D97-C6C577F11D5D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [{D3245760-72D3-4D2A-8278-101A237E4226}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [{C73E2B94-B7C0-40CB-B635-3E55C8577367}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{86E00CB6-3B77-4B84-BE47-44EFF540EC7B}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{B51EF685-6777-4B06-AF8C-59B29621078B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/25/2015 05:01:06 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (05/25/2015 03:17:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Netflix.exe version 2.11.0.8 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 894

Start Time: 01d096542726aa5e

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\4DF9E0F8.Netflix_2.11.0.8_x64__mcm4njqhnhss8\Netflix.exe

Report Id: 6726339c-02e0-11e5-beac-a01d486c90cd

Faulting package full name: 4DF9E0F8.Netflix_2.11.0.8_x64__mcm4njqhnhss8

Faulting package-relative application ID: App

Error: (05/25/2015 03:17:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: BADBETCH)
Description: Package 4DF9E0F8.Netflix_2.11.0.8_x64__mcm4njqhnhss8+App was terminated because it took too long to suspend.

Error: (05/25/2015 03:16:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPWMISVC.exe, version: 1.2.9.0, time stamp: 0x547c0869
Faulting module name: wbemprox.dll_unloaded, version: 6.3.9600.17415, time stamp: 0x54503bfa
Exception code: 0xc00001a5
Fault offset: 0x00004b1d
Faulting process id: 0x4fc
Faulting application start time: 0xHPWMISVC.exe0
Faulting application path: HPWMISVC.exe1
Faulting module path: HPWMISVC.exe2
Report Id: HPWMISVC.exe3
Faulting package full name: HPWMISVC.exe4
Faulting package-relative application ID: HPWMISVC.exe5

Error: (05/25/2015 03:15:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 54801032

Error: (05/25/2015 03:15:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 54801032

Error: (05/25/2015 03:15:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/25/2015 00:02:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4547

Error: (05/25/2015 00:02:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4547

Error: (05/25/2015 00:02:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (05/24/2015 08:37:49 PM) (Source: MTConfig) (EventID: 1) (User: )
Description: An attempt to configure the input mode of a multitouch device failed.

Error: (05/24/2015 08:37:49 PM) (Source: MTConfig) (EventID: 1) (User: )
Description: An attempt to configure the input mode of a multitouch device failed.

Error: (05/24/2015 08:37:49 PM) (Source: MTConfig) (EventID: 1) (User: )
Description: An attempt to configure the input mode of a multitouch device failed.

Error: (05/23/2015 09:51:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error:
%%2

Error: (05/23/2015 09:51:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error:
%%2

Error: (05/23/2015 09:49:20 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error:
%%1062

Error: (05/23/2015 09:45:24 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (05/23/2015 09:45:24 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (05/23/2015 09:45:23 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (05/23/2015 09:45:23 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Microsoft Office:
=========================
Error: (05/25/2015 05:01:06 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (05/25/2015 03:17:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Netflix.exe2.11.0.889401d096542726aa5e4294967295C:\Program Files\WindowsApps\4DF9E0F8.Netflix_2.11.0.8_x64__mcm4njqhnhss8\Netflix.exe6726339c-02e0-11e5-beac-a01d486c90cd4DF9E0F8.Netflix_2.11.0.8_x64__mcm4njqhnhss8App

Error: (05/25/2015 03:17:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: BADBETCH)
Description: 4DF9E0F8.Netflix_2.11.0.8_x64__mcm4njqhnhss8+App

Error: (05/25/2015 03:16:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HPWMISVC.exe1.2.9.0547c0869wbemprox.dll_unloaded6.3.9600.1741554503bfac00001a500004b1d4fc01d0952d55e1ffeac:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exewbemprox.dll3ce524aa-02e0-11e5-beac-a01d486c90cd

Error: (05/25/2015 03:15:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 54801032

Error: (05/25/2015 03:15:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 54801032

Error: (05/25/2015 03:15:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/25/2015 00:02:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4547

Error: (05/25/2015 00:02:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4547

Error: (05/25/2015 00:02:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

==================== Memory info ===========================

Processor: AMD A10-5750M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 18%
Total physical RAM: 11482.26 MB
Available physical RAM: 9350.75 MB
Total Pagefile: 13210.26 MB
Available Pagefile: 10874.08 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:906.47 GB) (Free:824.24 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:23.83 GB) (Free:2.35 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1E1F4777)

Partition: GPT Partition Type.

==================== End of log ============================

DANKE ;):dankeschoen:

Hallo Schrauber,

hat geklappt, habe keine popups mehr bis jetzt :) danke!! schon mal hierfuer :>

mbam

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Suchlauf Datum: 6/2/2015

Suchlauf-Zeit: 8:06:48 PM

Logdatei: mbam.txt

Administrator: Ja
 

Version: 2.01.6.1022

Malware Datenbank: v2015.03.09.05

Rootkit Datenbank: v2015.06.02.01

Lizenz: Testversion

Malware Schutz: Aktiviert

Bösartiger Webseiten Schutz: Aktiviert

Selbstschutz: Deaktiviert
 

Betriebssystem: Windows 8.1

CPU: x64

Dateisystem: NTFS

Benutzer: Chioma
 

Suchlauf-Art: Bedrohungs-Suchlauf

Ergebnis: Abgeschlossen

Durchsuchte Objekte: 357167

Verstrichene Zeit: 30 Min, 30 Sek
 

Speicher: Aktiviert

Autostart: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Deaktiviert

Heuristik: Aktiviert

PUP: Aktiviert

PUM: Aktiviert
 

Prozesse: 3

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ProtectService.exe, 1088, Löschen bei Neustart, [7aff89ba7317979f80d122ec09f9a759]

PUP.Optional.OptimizerPro, C:\ProgramData\{22a93b49-5eb1-9ac2-22a9-93b495ebed25}\OPTISetup.exe, 4236, Löschen bei Neustart, [f980a2a1eb9fc670244d07200002ef11]

PUP.Optional.WindowsMangerProtect.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, 1768, Löschen bei Neustart, [d5a45be8583251e5a7ec6450ff0453ad]
 

Module: 3

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, Löschen bei Neustart, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, Löschen bei Neustart, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.RelayDouble, C:\Program Files (x86)\RelayDouble\RelayDouble.dll, Löschen bei Neustart, [354492b1d3b746f022866a47cd3602fe], 
 

Registrierungsschlüssel: 66

PUP.Optional.XTab.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IHProtect Service, In Quarantäne, [7aff89ba7317979f80d122ec09f9a759], 

PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [3b3e3d06d3b7270fcda2b26e1be81ee2], 

PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}, In Quarantäne, [3b3e3d06d3b7270fcda2b26e1be81ee2], 

PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}, In Quarantäne, [3b3e3d06d3b7270fcda2b26e1be81ee2], 

PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, In Quarantäne, [3b3e3d06d3b7270fcda2b26e1be81ee2], 

PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, In Quarantäne, [3b3e3d06d3b7270fcda2b26e1be81ee2], 

PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, In Quarantäne, [3b3e3d06d3b7270fcda2b26e1be81ee2], 

PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}, In Quarantäne, [3b3e3d06d3b7270fcda2b26e1be81ee2], 

PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}, In Quarantäne, [3b3e3d06d3b7270fcda2b26e1be81ee2], 

PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}, In Quarantäne, [3b3e3d06d3b7270fcda2b26e1be81ee2], 

PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [3b3e3d06d3b7270fcda2b26e1be81ee2], 

PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, In Quarantäne, [3b3e3d06d3b7270fcda2b26e1be81ee2], 

PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, In Quarantäne, [3b3e3d06d3b7270fcda2b26e1be81ee2], 

PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, In Quarantäne, [3b3e3d06d3b7270fcda2b26e1be81ee2], 

PUP.Optional.SupTab.A, HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [3b3e3d06d3b7270fcda2b26e1be81ee2], 

PUP.Optional.SupTab.A, HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [3b3e3d06d3b7270fcda2b26e1be81ee2], 

PUP.Optional.Multiplug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8B114619-78B7-1CFF-55EF-74266954F883}, In Quarantäne, [20590c373d4d1c1afb7dc16c5ca6a55b], 

PUP.Optional.HDVid.A, HKLM\SOFTWARE\TheHDvid-Codec V10-nv, In Quarantäne, [bebb7fc4bad03006dd9bc20be71c5ca4], 

PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\30935, In Quarantäne, [2d4c99aadfab83b39e7fa346838003fd], 

PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\3874, In Quarantäne, [4534192a6822181e2fee8960699a1ee2], 

PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [b1c896addfab20168d1230e6c045fc04], 

PUP.Optional.IHProtect.A, HKLM\SOFTWARE\WOW6432NODE\IHProtect, In Quarantäne, [82f758eb1e6ca294f1ec169a7e85c33d], 

PUP.Optional.ISearch.A, HKLM\SOFTWARE\WOW6432NODE\omiga-plusSoftware, In Quarantäne, [bbbe5ae96b1ff83e5b944cd6778e956b], 

PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, In Quarantäne, [3148a3a07e0c57dfc015f03a43c2e21e], 

PUP.Optional.HDVid.A, HKLM\SOFTWARE\WOW6432NODE\TheHDvid-Codec V10-nv, In Quarantäne, [b9c046fd94f6b87e3e3aa12cf70cdc24], 

PUP.Optional.HDVid.A, HKLM\SOFTWARE\WOW6432NODE\TheHDvid-Codec V10-nv-ie, In Quarantäne, [5f1a63e093f7a98da8d07b52877c0bf5], 

PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\TotalPlusHD-3.1V10.02-nv-ie, In Quarantäne, [99e096ad2f5b6ccaa053a716cb38c040], 

PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE, In Quarantäne, [95e49ca7c0caa78fc6b0e6e8e81b13ed], 

PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\30935, In Quarantäne, [e891cb787c0e8da9908d7f6a24dfc53b], 

PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\3874, In Quarantäne, [83f669dab7d38fa79d80f1f849ba9c64], 

PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [2554192ab5d559ddc5da19fd60a547b9], 

PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{4dd8d474}, In Quarantäne, [3f3aac97eaa090a690f67d541ee5a060], 

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, In Quarantäne, [40391c27eb9f0b2b890bab8208fd32ce], 

PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, In Quarantäne, [ed8ce55e13777bbbe7aed6573fc6ed13], 

PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, In Quarantäne, [671296ad32582115f7a5c204e71cbb45], 

PUP.Optional.RelayDouble, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\4dd8d474, In Quarantäne, [255484bf8cfe95a16b3e565b30d3837d], 

PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsMangerProtect, In Quarantäne, [d5a45be8583251e5a7ec6450ff0453ad], 

PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, In Quarantäne, [9edba3a0abdf54e2dcfbeccfbc4747b9], 

PUP.Optional.HDVid.A, HKU\S-1-5-18\SOFTWARE\TheHDvid-Codec V10-nv, In Quarantäne, [4336b68d98f2e155de9bd1fc3bc8e21e], 

PUP.Optional.HDVid.A, HKU\S-1-5-18\SOFTWARE\TheHDvid-Codec V10-nv-ie, In Quarantäne, [b9c098abf9915adc2b4eba138f74a957], 

PUP.Optional.CrossRider.A, HKU\S-1-5-18\SOFTWARE\TotalPlusHD-3.1V10.02-nv-ie, In Quarantäne, [a9d0b1921179a39353a13e7f8c770ff1], 

PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\SOFTWARE\1ClickDownload, In Quarantäne, [b3c687bcec9efc3ada8ae22a9d68d729], 

PUP.Optional.HDVid.A, HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\SOFTWARE\TheHDvid-Codec V10-nv, In Quarantäne, [ccad8ab9414995a113667855996a7a86], 

PUP.Optional.HDVid.A, HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\SOFTWARE\TheHDvid-Codec V10-nv-ie, In Quarantäne, [1960e75c494148eeb2c70ebfa95ac040], 

PUP.Optional.CrossRider.A, HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\SOFTWARE\TotalPlusHD-3.1V10.02-nv-ie, In Quarantäne, [b0c9a99af7935ed86d87ae0fa85bd030], 

PUP.Optional.CrossRider.A, HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [c0b93a0926646fc773c54ed161a433cd], 

PUP.Optional.CrossRider.A, HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\30935, In Quarantäne, [accd4cf72664b1857447b80a2cd7f30d], 

PUP.Optional.CrossRider.A, HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\3874, In Quarantäne, [7306053e0882b383a11a9b2731d23ac6], 

PUP.Optional.CrossRider.A, HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\HDPlus-3.1TotalV10.02, In Quarantäne, [aecb59eabdcd60d60e3ee3d44ab94eb2], 

PUP.Optional.CrossRider.A, HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\home, In Quarantäne, [a0d9c083602a0d29d3a83a9338cbd729], 

PUP.Optional.Qone8, HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [7bfe99aa6723fd396935de382dd8c23e], 

PUP.Optional.ExtraShopper.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{2105FE20-DEBD-4084-A306-61C5DA001CCA}, In Quarantäne, [760385beee9c5adc0633abdf3dc6a45c], 

PUP.Optional.ExtraShopper.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{2234079B-E720-47A7-8BE7-0A18922192C9}, In Quarantäne, [760385beee9c5adc0633abdf3dc6a45c], 

PUP.Optional.ExtraShopper.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3A96CEBD-D968-4DC8-9ED9-9785E726C381}, In Quarantäne, [760385beee9c5adc0633abdf3dc6a45c], 

PUP.Optional.ExtraShopper.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{8682D1EB-07A1-4518-89C1-D9D9EEF47C06}, In Quarantäne, [760385beee9c5adc0633abdf3dc6a45c], 

PUP.Optional.ExtraShopper.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D838B01C-11A0-4CAC-BCF1-B5DE0154E9D3}, In Quarantäne, [760385beee9c5adc0633abdf3dc6a45c], 

PUP.Optional.ExtraShopper.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2234079B-E720-47A7-8BE7-0A18922192C9}, In Quarantäne, [760385beee9c5adc0633abdf3dc6a45c], 

PUP.Optional.ExtraShopper.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3A96CEBD-D968-4DC8-9ED9-9785E726C381}, In Quarantäne, [760385beee9c5adc0633abdf3dc6a45c], 

PUP.Optional.ExtraShopper.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8682D1EB-07A1-4518-89C1-D9D9EEF47C06}, In Quarantäne, [760385beee9c5adc0633abdf3dc6a45c], 

PUP.Optional.ExtraShopper.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D838B01C-11A0-4CAC-BCF1-B5DE0154E9D3}, In Quarantäne, [760385beee9c5adc0633abdf3dc6a45c], 

PUP.Optional.ExtraShopper.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{2234079B-E720-47A7-8BE7-0A18922192C9}, In Quarantäne, [760385beee9c5adc0633abdf3dc6a45c], 

PUP.Optional.ExtraShopper.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{3A96CEBD-D968-4DC8-9ED9-9785E726C381}, In Quarantäne, [760385beee9c5adc0633abdf3dc6a45c], 

PUP.Optional.ExtraShopper.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8682D1EB-07A1-4518-89C1-D9D9EEF47C06}, In Quarantäne, [760385beee9c5adc0633abdf3dc6a45c], 

PUP.Optional.ExtraShopper.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{D838B01C-11A0-4CAC-BCF1-B5DE0154E9D3}, In Quarantäne, [760385beee9c5adc0633abdf3dc6a45c], 

PUP.Optional.ExtraShopper.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{2105FE20-DEBD-4084-A306-61C5DA001CCA}, In Quarantäne, [760385beee9c5adc0633abdf3dc6a45c], 

PUP.Optional.ExtraShopper.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{2105FE20-DEBD-4084-A306-61C5DA001CCA}, In Quarantäne, [760385beee9c5adc0633abdf3dc6a45c], 
 

Registrierungswerte: 2

PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE|path, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, In Quarantäne, [95e49ca7c0caa78fc6b0e6e8e81b13ed]

PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, ild, In Quarantäne, [671296ad32582115f7a5c204e71cbb45]
 

Registrierungsdaten: 16

PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1423590407&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1423590407&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX),Ersetzt,[ee8bec57abdfb383a5bf8a59df26eb15]

PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423590407&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423590407&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX&q={searchTerms}),Ersetzt,[a5d485be0d7d39fd086039aa6c999f61]

PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423590407&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423590407&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX&q={searchTerms}),Ersetzt,[6415d66d6327e6502d3f72716c99d42c]

PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://isearch.omiga-plus.com/?type=hppp&ts=1423590475&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/?type=hppp&ts=1423590475&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX),Ersetzt,[443559ea2565e6505215e102ca3bcd33]

PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://isearch.omiga-plus.com/?type=hppp&ts=1423590475&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/?type=hppp&ts=1423590475&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX),Ersetzt,[43364bf8800a6fc7a4c5d40f74919e62]

PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[1d5c97ac2268f541c7d3697840c54db3]

PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1423590407&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1423590407&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX),Ersetzt,[14656cd7dcaee452b0b49350cc390cf4]

PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423590407&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423590407&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX&q={searchTerms}),Ersetzt,[6316d46f1b6fc0762147e5fef41110f0]

PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://isearch.omiga-plus.com/?type=hppp&ts=1423590475&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/?type=hppp&ts=1423590475&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX),Ersetzt,[1465063d9cee78be194ef2f1f2135ba5]

PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://isearch.omiga-plus.com/?type=hppp&ts=1423590475&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/?type=hppp&ts=1423590475&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX),Ersetzt,[1a5ff64d6d1d2313e089a241ae57fa06]

PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423590407&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1423590407&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX&q={searchTerms}),Ersetzt,[c3b69da67b0fd16581eb8a5921e4718f]

PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[3445162d7a100d2946544c953acbab55]

PUP.Optional.OmigaPlus.A, HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://isearch.omiga-plus.com/?type=hppp&ts=1423590475&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/?type=hppp&ts=1423590475&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX),Ersetzt,[a7d291b28ffbad89f9695a8971949b65]

PUP.Optional.OmigaPlus.A, HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://isearch.omiga-plus.com/?type=hppp&ts=1423590475&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/?type=hppp&ts=1423590475&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX),Ersetzt,[0e6b2c176b1f73c3124f895a0203aa56]

PUP.Optional.OmigaPlus.A, HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1423590475&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1423590475&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX&q={searchTerms}),Ersetzt,[1e5b86bd721843f3702fb91c0bfa35cb]

PUP.Optional.OmigaPlus.A, HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1423590475&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1423590475&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX&q={searchTerms}),Ersetzt,[caaffb48d0baec4a910d3b9a0ff602fe]
 

Ordner: 36

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab, Löschen bei Neustart, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\image, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\weather, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\en-US, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-419, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-ES, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-BE, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CA, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CH, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-FR, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-LU, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-CH, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-IT, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pl, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt-BR, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru-MO, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\tr-TR, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\vi-VI, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-CN, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-TW, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.RelayDouble, C:\Program Files (x86)\RelayDouble, Löschen bei Neustart, [354492b1d3b746f022866a47cd3602fe], 

PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, Löschen bei Neustart, [d2a72023c9c1f640049b611f5ba84db3], 

PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, In Quarantäne, [d2a72023c9c1f640049b611f5ba84db3], 

PUP.Optional.HDVid.A, C:\Program Files (x86)\TheHDvid-Codec V10, In Quarantäne, [2356d2715f2bcb6bc2daa2e113f0ab55], 

PUP.Optional.ExtraShopper.A, C:\Program Files (x86)\ExtraSHoppEr, In Quarantäne, [760385beee9c5adc0633abdf3dc6a45c], 

PUP.Optional.ColorMyTwitter.A, C:\Program Files (x86)\Color My Twitter, In Quarantäne, [72074df69ded54e2bc36beccb84b48b8], 

PUP.Optional.CrossRider.A, C:\Program Files (x86)\TotalPlusHD-3.1V10.02, In Quarantäne, [681172d1acde2412676a91ff946fc13f], 

PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate, In Quarantäne, [ef8ad2718a0048ee7db9ff9ed92a6f91], 

PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update, In Quarantäne, [ef8ad2718a0048ee7db9ff9ed92a6f91], 
 

Dateien: 142

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ProtectService.exe, Löschen bei Neustart, [7aff89ba7317979f80d122ec09f9a759], 

PUP.Optional.OptimizerPro, C:\ProgramData\{22a93b49-5eb1-9ac2-22a9-93b495ebed25}\OPTISetup.exe, Löschen bei Neustart, [f980a2a1eb9fc670244d07200002ef11], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\XTab\SupTab.dll, In Quarantäne, [3b3e3d06d3b7270fcda2b26e1be81ee2], 

PUP.Optional.Nova.A, C:\Program Files (x86)\2091ddc5-3060-4578-9d8d-7f7e368bb940\c5079b0f-1a24-4197-98c5-3bfae61bb4c4.dll, In Quarantäne, [3d3c3d06a7e358debf4fd8332dd5857b], 

PUP.Optional.Nova.A, C:\Program Files (x86)\AMD AVT\e5e3542a-b44f-41e0-9b47-31eb2074941e.dll, In Quarantäne, [88f131124a40bb7b5eb00902dc2605fb], 

PUP.Optional.Multiplug, C:\Program Files (x86)\Woot\Woot.exe, In Quarantäne, [0f6abd866f1b93a3ef9bbe4e996aa65a], 

PUP.Optional.Multiplug.A, C:\Program Files (x86)\PirincECOuPoon\PirincECOuPoon.exe, In Quarantäne, [e891172ce2a8c96d2355df4e51b1bd43], 

PUP.Optional.Multiplug.A, C:\Program Files (x86)\Effective Measure Community Plugin\Effective Measure Community Plugin.exe, In Quarantäne, [20590c373d4d1c1afb7dc16c5ca6a55b], 

PUP.Optional.HDVid.A, C:\$Recycle.Bin\S-1-5-21-3740528191-2975148286-2186109717-1002\$R0M3TIY.exe, In Quarantäne, [2851b58ecebc0630d033744cbd442dd3], 

PUP.Optional.HDVid.A, C:\$Recycle.Bin\S-1-5-21-3740528191-2975148286-2186109717-1002\$R1GBDF3.exe, In Quarantäne, [cdaca0a3e6a42a0c7192863a748d6b95], 

PUP.Optional.HDVid.A, C:\$Recycle.Bin\S-1-5-21-3740528191-2975148286-2186109717-1002\$R1ZZWGP.exe, In Quarantäne, [d3a62c17bcce81b5b44fb10f3ec3ee12], 

PUP.Optional.HDVid.A, C:\$Recycle.Bin\S-1-5-21-3740528191-2975148286-2186109717-1002\$R5ABVM5.exe, In Quarantäne, [3f3ace754b3f60d605fe4d73c63b13ed], 

PUP.Optional.CrossRider.A, C:\$Recycle.Bin\S-1-5-21-3740528191-2975148286-2186109717-1002\$R7RQFZO.exe, In Quarantäne, [601960e3cac046f0ca981ff5fa0cf60a], 

PUP.Optional.HDVid.A, C:\$Recycle.Bin\S-1-5-21-3740528191-2975148286-2186109717-1002\$RL9LFNI.exe, In Quarantäne, [3d3c2a19385271c545be972910f10000], 

PUP.Optional.CrossRider.A, C:\$Recycle.Bin\S-1-5-21-3740528191-2975148286-2186109717-1002\$RMDARKL.exe, In Quarantäne, [babf063de7a390a682f773d9649cc937], 

PUP.Optional.CrossRider.A, C:\$Recycle.Bin\S-1-5-21-3740528191-2975148286-2186109717-1002\$RNN3P3G.exe, In Quarantäne, [3f3ab88b5a30999d5e0435df689e1ee2], 

PUP.Optional.CrossRider.A, C:\$Recycle.Bin\S-1-5-21-3740528191-2975148286-2186109717-1002\$RPHC5EO.exe, In Quarantäne, [5623d76c8efc0630026004102adc05fb], 

PUP.Optional.CrossRider.A, C:\$Recycle.Bin\S-1-5-21-3740528191-2975148286-2186109717-1002\$RWHUA6U.exe, In Quarantäne, [d7a2bf84206a6cca8298f74e31cf669a], 

PUP.Optional.Multiplug, C:\$Recycle.Bin\S-1-5-21-3740528191-2975148286-2186109717-1002\$R7Y99U3\KingCoaupon.exe, In Quarantäne, [47329ca7e6a4cb6bf496b15bcc37fb05], 

PUP.Optional.Multiplug, C:\$Recycle.Bin\S-1-5-21-3740528191-2975148286-2186109717-1002\$R9P397Y\SaaveRPRuo.exe, In Quarantäne, [18615de6fb8f75c1b5d5cc40d82bee12], 

PUP.Optional.Multiplug, C:\$Recycle.Bin\S-1-5-21-3740528191-2975148286-2186109717-1002\$RCEOXOC\QuickMark QR Code Extension.exe, In Quarantäne, [3a3f8eb53159d5616a200c00b64d3fc1], 

PUP.Optional.Multiplug, C:\$Recycle.Bin\S-1-5-21-3740528191-2975148286-2186109717-1002\$RR49BDK\deAL4me.exe, In Quarantäne, [5b1e68db17737abc8ffbdd2fbf4420e0], 

PUP.Optional.Multiplug, C:\$Recycle.Bin\S-1-5-21-3740528191-2975148286-2186109717-1002\$RSIB185\Simple Units Converter.exe, In Quarantäne, [ccadf053a9e1191d137713f9847fba46], 

Trojan.MSIL.Injector, C:\Users\Chioma\Downloads\FLVPlayer-Chrome (1).exe, In Quarantäne, [d3a67ec53a507cba7f0e4e8329dcdf21], 

Trojan.MSIL.Injector, C:\Users\Chioma\Downloads\FLVPlayer-Chrome_a (1).exe, In Quarantäne, [017879ca7119dd5944495b7617ee7b85], 

Trojan.MSIL.Injector, C:\Users\Chioma\Downloads\FLVPlayer-Chrome_a.exe, In Quarantäne, [53260f34f397989e2667b819f1144bb5], 

PUP.Optional.Bandoo, C:\Users\Chioma\Downloads\iLividSetup-r1734-n-bc (1).exe, In Quarantäne, [d0a9a3a024663204267a3004df22659b], 

PUP.Optional.Bandoo, C:\Users\Chioma\Downloads\iLividSetup-r1734-n-bc (2).exe, In Quarantäne, [5c1d97ac602a84b2f3ad999b55aca858], 

PUP.Optional.Bandoo, C:\Users\Chioma\Downloads\iLividSetup-r1734-n-bc.exe, In Quarantäne, [7504261da0ea270f1987ca6a778a29d7], 

PUP.Optional.SelectNGo.A, C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage, In Quarantäne, [babf331024661a1cceb97a33dd262ed2], 

PUP.Optional.SelectNGo.A, C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage-journal, In Quarantäne, [a3d6df643a509a9c0b7c4d60c63dc43c], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\uninstall.exe, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\conf, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ffsearch_toolbar!1.0.0.1025.xpi, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ffsearch_toolbar!1.0.0.1031.xpi, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\install.data, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, Löschen bei Neustart, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, Löschen bei Neustart, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\searchProvider.xml, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\about.png, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\about_bk.png, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\btn.png, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\btn_apply.png, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\close.png, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\conf.xml, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\conf_back.png, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\input_bk.png, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\logo.png, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\main.xml, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\radio_1.png, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\radio_2.png, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\rigth_arrow.png, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\settings.png, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\data.html, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\indexIE.html, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\indexIE8.html, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\main.css, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\ver.txt, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\arrow.png, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_add_logo.png, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_add_logo_hover.png, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_logo.png, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\googlelogo.png, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\googlelogo2.png, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\google_trends.png, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon128.png, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon16.png, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon48.png, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\loading.gif, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\logo32.ico, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\weather\0.png, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\common.js, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\ga.js, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\ie8.js, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery-1.11.0.min.js, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery.autocomplete.js, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery.xdomainrequest.min.js, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\js.js, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\library.js, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit-ie8.js, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit.js, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit2.0.js, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xdomain.min.js, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\en-US\messages.json, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-419\messages.json, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-ES\messages.json, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-BE\messages.json, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CA\messages.json, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CH\messages.json, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-FR\messages.json, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-LU\messages.json, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-CH\messages.json, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-IT\messages.json, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pl\messages.json, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt\messages.json, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt-BR\messages.json, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru\messages.json, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru-MO\messages.json, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\tr-TR\messages.json, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\vi-VI\messages.json, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-CN\messages.json, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-TW\messages.json, In Quarantäne, [93e6390a93f72a0cedf1f5bbfc0739c7], 

PUP.Optional.RelayDouble, C:\Program Files (x86)\RelayDouble\RelayDouble.dll, Löschen bei Neustart, [354492b1d3b746f022866a47cd3602fe], 

PUP.Optional.OmigaPlus.A, C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.omiga-plus.com_0.localstorage, Löschen bei Neustart, [7900ba893e4c0f27ef81dbdba75cee12], 

PUP.Optional.OmigaPlus.A, C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.omiga-plus.com_0.localstorage-journal, Löschen bei Neustart, [54258ab9236749eddb958b2b9073758b], 

PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-1-6, In Quarantäne, [e39687bc0189c1752b46597544bf32ce], 

PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-1-7, In Quarantäne, [a3d6a79cbcce90a6244dab233cc715eb], 

PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-10_user, In Quarantäne, [d8a1281b6327d264db964787e71c5da3], 

PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-5, In Quarantäne, [c2b74102d1b93bfbacc5e8e65ca72cd4], 

PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-5_user, In Quarantäne, [146545fe0b7f32047ff2b51925de9d63], 

PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-1-6, In Quarantäne, [e9908bb8fb8f42f44e23b717c241f20e], 

PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-1-7, In Quarantäne, [403973d0bdcdfd393a372ca2a55e9769], 

PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-10_user, In Quarantäne, [2a4f172c82081e18373a795529da60a0], 

PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-5, In Quarantäne, [d6a375ce008a52e4ee8319b5da29c33d], 

PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-5_user, In Quarantäne, [ceabc182602aa78f89e8ac22dc27ef11], 

PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-6, In Quarantäne, [b9c01e251b6fd2640968cc02d72c7d83], 

PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-7, In Quarantäne, [9cdd58eb4e3cac8afb76eee0907307f9], 

PUP.Optional.SelectNGo.A, C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage, Löschen bei Neustart, [2653fe4591f92e08fd66d4061ae9d828], 

PUP.Optional.SelectNGo.A, C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage-journal, Löschen bei Neustart, [f980142ff29878be72f14e8c897aeb15], 

PUP.Optional.CrossRider.T, C:\Windows\Tasks\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-1-6.job, In Quarantäne, [6514c2816f1bfa3c0469f833fd08a45c], 

PUP.Optional.CrossRider.T, C:\Windows\Tasks\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-1-7.job, In Quarantäne, [9fdab3906f1be84eed80aa81f80ded13], 

PUP.Optional.CrossRider.T, C:\Windows\Tasks\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-10_user.job, In Quarantäne, [423744ffcdbd1422561776b581844cb4], 

PUP.Optional.CrossRider.T, C:\Windows\Tasks\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-5.job, In Quarantäne, [e1987bc8355593a3402d58d328ddda26], 

PUP.Optional.CrossRider.T, C:\Windows\Tasks\03a5ef33-428b-4c1c-8c8a-72ca10bd4a50-5_user.job, In Quarantäne, [423784bf3f4b5dd92d407caf22e3c43c], 

PUP.Optional.CrossRider.T, C:\Windows\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-1-6.job, In Quarantäne, [6d0cb68dc2c8f4425b12b576dd28718f], 

PUP.Optional.CrossRider.T, C:\Windows\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-1-7.job, In Quarantäne, [6d0c2d16fe8c96a0e786ac7f9c69d62a], 

PUP.Optional.CrossRider.T, C:\Windows\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-10_user.job, In Quarantäne, [374245fe6d1ddc5a86e7db50f510936d], 

PUP.Optional.CrossRider.T, C:\Windows\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-5.job, In Quarantäne, [235670d36921d75f81ecb27926df9d63], 

PUP.Optional.CrossRider.T, C:\Windows\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-5_user.job, In Quarantäne, [fd7c063d6e1c76c0f875b5769471c43c], 

PUP.Optional.CrossRider.T, C:\Windows\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-6.job, In Quarantäne, [bcbdfe45f59513234528c962e520b44c], 

PUP.Optional.CrossRider.T, C:\Windows\Tasks\ca527dc9-4b35-4cab-a8c4-a531fa291553-7.job, In Quarantäne, [651477cc3d4d3afccca1a8839273817f], 

PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job, In Quarantäne, [ee8b4df6e6a4d75fa0dcee3de61f6f91], 

PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore, In Quarantäne, [d8a16cd78802fb3b4d307eadce37f010], 

PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job, In Quarantäne, [16635de66921f04647377fac9a6bc43c], 

PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA, In Quarantäne, [9bdef84b701a6fc7641b999253b24cb4], 

PUP.Optional.WindowsMangerProtect.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, Löschen bei Neustart, [d5a45be8583251e5a7ec6450ff0453ad], 

PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, In Quarantäne, [d2a72023c9c1f640049b611f5ba84db3], 

PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\update.exe, In Quarantäne, [d2a72023c9c1f640049b611f5ba84db3], 

PUP.Optional.ExtraShopper.A, C:\Program Files (x86)\ExtraSHoppEr\H5IaLiqDYhNZL8.dat, In Quarantäne, [760385beee9c5adc0633abdf3dc6a45c], 

PUP.Optional.ExtraShopper.A, C:\Program Files (x86)\ExtraSHoppEr\H5IaLiqDYhNZL8.tlb, In Quarantäne, [760385beee9c5adc0633abdf3dc6a45c], 

PUP.Optional.ColorMyTwitter.A, C:\Program Files (x86)\Color My Twitter\Color My Twitter.dat, In Quarantäne, [72074df69ded54e2bc36beccb84b48b8], 

PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update\conf, In Quarantäne, [ef8ad2718a0048ee7db9ff9ed92a6f91], 
 

Physische Sektoren: 0

(Keine schädliche Elemente gefunden)
 
 

(end)

AdwCleaner

Code:

# AdwCleaner v4.206 - Logfile created 02/06/2015 at 20:49:56

# Updated 01/06/2015 by Xplode

# Database : 2015-06-01.1 [Server]

# Operating system : Windows 8.1  (x64)

# Username : Chioma - BADBETCH

# Running from : C:\Users\Chioma\Downloads\AdwCleaner_4.206.exe

# Option : Cleaning
 

***** [ Services ] *****
 

[#] Service Deleted : PicexaService
 

***** [ Files / Folders ] *****
 

Folder Deleted : C:\ProgramData\2efa0d9b4483878b

Folder Deleted : C:\ProgramData\3385033030442911627

Folder Deleted : C:\ProgramData\8f659df000005ba9

Folder Deleted : C:\ProgramData\{22a93b49-5eb1-9ac2-22a9-93b495ebed25}

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picexa

Folder Deleted : C:\Program Files (x86)\Picexa

Folder Deleted : C:\Program Files (x86)\disco games

Folder Deleted : C:\Program Files (x86)\ClickoForSale

Folder Deleted : C:\Program Files (x86)\eAsytoshoop

Folder Deleted : C:\Program Files (x86)\FlAoshCoupon

Folder Deleted : C:\Program Files (x86)\FLeXuibleShoppeer

Folder Deleted : C:\Program Files (x86)\greatsuaVing

Folder Deleted : C:\Program Files (x86)\LLuckyCouuPon

Folder Deleted : C:\Program Files (x86)\PirincECOuPoon

Folder Deleted : C:\Program Files (x86)\ProSHoppeRR

Folder Deleted : C:\Program Files (x86)\RoyalSheopuperAPp

Folder Deleted : C:\Program Files (x86)\SAlesMaaugnet

Folder Deleted : C:\Program Files (x86)\SaoftCoup

Folder Deleted : C:\Program Files (x86)\SAuverPro

Folder Deleted : C:\Program Files (x86)\savEr  BBoax

Folder Deleted : C:\Program Files (x86)\saverOn

Folder Deleted : C:\Program Files (x86)\saviingotOOyouu

Folder Deleted : C:\Program Files (x86)\SihOpuperMasatero

Folder Deleted : C:\Users\Chioma\AppData\Local\globalUpdate

Folder Deleted : C:\Users\Chioma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FlvPlayer

Folder Deleted : C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmbdmchmkmjamopihbpmnknbkflciolk

Folder Deleted : C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Extensions\naghkjogakhpimmejjmakpmnbdeccinm

Folder Deleted : C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkgdmfemjeohjmeeabffnombnpkkogjm

Folder Deleted : C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjehmknlpomniikcbeldooclffegofcc

File Deleted : C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lmbdmchmkmjamopihbpmnknbkflciolk_0.localstorage

File Deleted : C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lmbdmchmkmjamopihbpmnknbkflciolk_0.localstorage-journal

File Deleted : C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lmbdmchmkmjamopihbpmnknbkflciolk

File Deleted : C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_naghkjogakhpimmejjmakpmnbdeccinm_0.localstorage

File Deleted : C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_naghkjogakhpimmejjmakpmnbdeccinm_0.localstorage-journal

File Deleted : C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nkgdmfemjeohjmeeabffnombnpkkogjm_0.localstorage

File Deleted : C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nkgdmfemjeohjmeeabffnombnpkkogjm_0.localstorage-journal

File Deleted : C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pjehmknlpomniikcbeldooclffegofcc_0.localstorage

File Deleted : C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pjehmknlpomniikcbeldooclffegofcc_0.localstorage-journal

File Deleted : C:\Users\Chioma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OPTISetup.lnk

File Deleted : C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_isearch.omiga-plus.com_0.localstorage

File Deleted : C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_isearch.omiga-plus.com_0.localstorage-journal

File Deleted : C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_de.reimageplus.com_0.localstorage

File Deleted : C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_de.reimageplus.com_0.localstorage-journal
 

***** [ Scheduled tasks ] *****
 

Task Deleted : disco_games_updating_service

Task Deleted : disco_games_notification_service
 

***** [ Shortcuts ] *****
 

Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk

Shortcut Disinfected : C:\Users\Chioma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

Shortcut Disinfected : C:\Users\Chioma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

Shortcut Disinfected : C:\Users\Chioma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

Shortcut Disinfected : C:\Users\Chioma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
 

***** [ Registry ] *****
 

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0

Key Deleted : HKLM\SOFTWARE\Classes\PicexaViewer.bmp

Key Deleted : HKLM\SOFTWARE\Classes\PicexaViewer.gif

Key Deleted : HKLM\SOFTWARE\Classes\PicexaViewer.jpeg

Key Deleted : HKLM\SOFTWARE\Classes\PicexaViewer.jpg

Key Deleted : HKLM\SOFTWARE\Classes\PicexaViewer.png

Key Deleted : HKLM\SOFTWARE\Classes\PicexaViewer.tif

Key Deleted : HKLM\SOFTWARE\Classes\P4797877D_B43A_45A0_B231_47C614214392_.P4797877D_B43A_45A0_B231_47C614214392_

Key Deleted : HKLM\SOFTWARE\Classes\P4797877D_B43A_45A0_B231_47C614214392_.P4797877D_B43A_45A0_B231_47C614214392_.9

Key Deleted : HKLM\SOFTWARE\Classes\P50D0018E_1214_446A_9599_1F5443706205_.P50D0018E_1214_446A_9599_1F5443706205_

Key Deleted : HKLM\SOFTWARE\Classes\P50D0018E_1214_446A_9599_1F5443706205_.P50D0018E_1214_446A_9599_1F5443706205_.9

Key Deleted : HKLM\SOFTWARE\038a5f2e-58dc-4180-b615-d2f2753efd8f

Key Deleted : HKLM\SOFTWARE\09f70cc9-fdbf-3fe1-1b10-e80f57dcda5b

Key Deleted : HKLM\SOFTWARE\1063fdfd-805c-4d41-89e3-bf2055edd77c

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4797877D-B43A-45A0-B231-47C614214392}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{50D0018E-1214-446A-9599-1F5443706205}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3E52324B-66BF-44AE-A8C5-2DB48E90E729}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{41F978F3-431A-4464-A789-5C0692D562FB}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{89310413-97E0-4F09-AA75-390A7F4D4918}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BDAF5CA1-4082-4F20-B44D-0238A9183DCA}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D553067B-6F4E-4F58-BF46-7ACDBBC50332}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EB559340-3A8F-4456-B24D-160098054EF0}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FCE74B5F-13A9-47C3-B69E-5210C1EECBEF}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4797877D-B43A-45A0-B231-47C614214392}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50D0018E-1214-446A-9599-1F5443706205}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4797877D-B43A-45A0-B231-47C614214392}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{50D0018E-1214-446A-9599-1F5443706205}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4797877D-B43A-45A0-B231-47C614214392}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{50D0018E-1214-446A-9599-1F5443706205}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4797877D-B43A-45A0-B231-47C614214392}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50D0018E-1214-446A-9599-1F5443706205}

Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}

Key Deleted : HKCU\Software\GlobalUpdate

Key Deleted : HKCU\Software\InstalledBrowserExtensions

Key Deleted : HKCU\Software\Optimizer Pro

Key Deleted : HKCU\Software\powerpack

Key Deleted : HKCU\Software\V9

Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Key Deleted : HKLM\SOFTWARE\GlobalUpdate

Key Deleted : HKLM\SOFTWARE\hdcode

Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions

Key Deleted : HKLM\SOFTWARE\SupDp

Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}

Key Deleted : HKLM\SOFTWARE\PicexaSvc

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2616871-3463-BCEE-5AFA-73773317A381}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8F213470-964F-4092-6B31-BC7570F31B5A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94851E46-5E5B-DD67-2593-709E8D27DC4C}

Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\chatango.com

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\isearch.omiga-plus.com

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mmotraffic.com

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\movshare.net

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\omiga-plus.com

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\primeshare.tv

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\st.chatango.com

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.movshare.net
 

***** [ Web browsers ] *****
 

-\\ Internet Explorer v11.0.9600.17416
 
 

-\\ Google Chrome v43.0.2357.81
 

[C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://isearch.omiga-plus.com/?type=hppp&ts=1423590475&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX

[C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : 4DB731C1E7104F61967E664B4D3999806852BFE2DD53B3B8712D106F544702E2"},"software_reporter":{"prompt_reason":"B7FE90F086C03C3E27D0444A113D45AA87F63C10A75CB99C13EA8E6D6CDE5B75","prompt_seed":"2954EE5AA515E57B1A821B047340B8BD051C3F7F77ED8D67F35FB9F6937EFE93","prompt_version":"1CDB640B08F5F608B523D58D0A71CDF82331EC0EC80FEC47ECC3AF77F7775ABE"},"sync":{"remaining_rollback_tries":"1D7F66409BAD9C562851E9D8C5F83B47B1EC2C9E12F51BF813895159B690C787"}},"super_mac":"A30D8DA6AAB69D87B1238B1D121502EA2ECE7B75ED31FCD475A956E111007BB2"},"session":{"restore_on_startup":4,"startup_urls":["hxxp://isearch.omiga-plus.com/?type=hppp&ts=1423590475&from=ild&uid=HGSTXHTS541010A9E680_JB1000CAH8KZXPH8KZXPX
 

*************************
 

AdwCleaner[R0].txt - [16729 bytes] - [02/06/2015 20:48:11]

AdwCleaner[S0].txt - [15914 bytes] - [02/06/2015 20:49:56]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15974  bytes] ##########

JRT

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.8.7 (06.01.2015:1)

OS: Windows 8.1 x64

Ran by Chioma on Tue 06/02/2015 at 20:56:51.71

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Tasks
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 

Successfully deleted: [File] C:\Users\Chioma\AppData\Roaming\appdataFr25.bin

Successfully deleted: [File] C:\Users\Chioma\AppData\Roaming\appdataFr3.bin

Successfully deleted: [File] C:\Users\Chioma\appdata\local\google\chrome\user data\default\local storage\http_static.select-n-go00.select-n-go.com_0.localstorage

Successfully deleted: [File] C:\Users\Chioma\appdata\local\google\chrome\user data\default\local storage\http_static.select-n-go00.select-n-go.com_0.localstorage-journal
 
 
 

~~~ Folders
 

Successfully deleted: [Folder] C:\Users\Chioma\AppData\Roaming\picexa viewer

Successfully deleted: [Folder] C:\Users\Chioma\documents\optimizer pro
 
 
 

~~~ Chrome
 

Successfully deleted: [Folder] C:\Users\Chioma\appdata\local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
 

[C:\Users\Chioma\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 

[C:\Users\Chioma\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 

[C:\Users\Chioma\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 

[C:\Users\Chioma\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:

[

  mkfokfffehpeedafpekjeddnmnjhmcmk

]
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Tue 06/02/2015 at 21:03:31.87

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015

Ran by Chioma (administrator) on BADBETCH on 02-06-2015 21:17:42

Running from C:\Users\Chioma\Downloads

Loaded Profiles: Chioma (Available Profiles: Chioma)

Platform: Windows 8.1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-08-03] (IDT, Inc.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)

HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [509192 2014-12-01] (Hewlett-Packard Development Company, L.P.)

HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)

HKU\S-1-5-21-3740528191-2975148286-2186109717-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)

BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-05] (Symantec Corporation)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)

Toolbar: HKU\S-1-5-21-3740528191-2975148286-2186109717-1002 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 

FireFox:

========

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll [2012-08-08] (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()

FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll [2013-06-07] ( HP)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-02-02] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-13] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()

FF Plugin HKU\S-1-5-21-3740528191-2975148286-2186109717-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Chioma\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)

FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn

FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn [2015-06-02]
 

Chrome: 

=======

CHR dev: Chrome dev build detected! <======= ATTENTION

CHR Profile: C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Norton Identity Safe) - C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-09-21]

CHR Extension: (Website Logon) - C:\Users\Chioma\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanflfepiobnpjbljmngfgegijhdpljm [2014-02-13]

CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx

CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-24]

CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [kanflfepiobnpjbljmngfgegijhdpljm] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2013-04-01]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-02-15] (Advanced Micro Devices, Inc.) [File not signed]

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)

S2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-06-07] (HP)

R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]

S2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [573704 2014-12-01] (Hewlett-Packard Development Company, L.P.)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)

R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe [276336 2015-03-07] (Symantec Corporation)

S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2014-08-03] (IDT, Inc.) [File not signed]

S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-08] (AuthenTec, Inc.)

S2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2013-02-12] () [File not signed]

S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-08-03] (Microsoft Corporation)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

S2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3880448 2013-11-13] (Qualcomm Atheros Communications, Inc.)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-22] (Advanced Micro Devices)

R3 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation)

R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1507000.00B\ccSetx64.sys [162392 2014-02-25] (Symantec Corporation)

R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-18] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-18] (Symantec Corporation)

R3 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\IPSDefs\20140701.001\IDSvia64.sys [525016 2014-04-11] (Symantec Corporation)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-02] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)

S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20140702.001\ENG64.SYS [126040 2014-06-03] (Symantec Corporation)

S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20140702.001\EX64.SYS [2099288 2014-06-03] (Symantec Corporation)

R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290520 2014-08-03] (Realtek Semiconductor Corp.)

R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [30448 2014-08-04] (Synaptics Incorporated)

S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [31984 2013-02-06] (Synaptics Incorporated)

S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1507000.00B\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)

R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1507000.00B\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)

R3 SymDS; C:\Windows\system32\drivers\NISx64\1507000.00B\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)

R3 SymEFA; C:\Windows\system32\drivers\NISx64\1507000.00B\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)

S4 SymELAM; C:\Windows\system32\drivers\NISx64\1507000.00B\SymELAM.sys [23568 2013-10-30] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-04-13] (Symantec Corporation)

R3 SymIRON; C:\Windows\system32\drivers\NISx64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)

R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1507000.00B\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
 

==================== NetSvcs (Whitelisted) ===================
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 

==================== One Month Created files and folders ========
 

(If an entry is included in the fixlist, the file/folder will be moved.)
 

2015-06-02 21:17 - 2015-06-02 21:17 - 00000000 ____D () C:\Users\Chioma\Downloads\FRST-OlderVersion

2015-06-02 21:04 - 2015-06-02 21:04 - 00000024 _____ () C:\Users\Chioma\AppData\Roaming\appdataFr25.bin

2015-06-02 21:03 - 2015-06-02 21:03 - 00002003 _____ () C:\Users\Chioma\Desktop\JRT.txt

2015-06-02 20:57 - 2015-06-02 20:57 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-BADBETCH-Windows-8.1-(64-bit).dat

2015-06-02 20:56 - 2015-06-02 20:56 - 02947766 _____ (Thisisu) C:\Users\Chioma\Downloads\JRT (1).exe

2015-06-02 20:56 - 2015-06-02 20:56 - 00000000 ____D () C:\RegBackup

2015-06-02 20:55 - 2015-06-02 20:56 - 02947766 _____ (Thisisu) C:\Users\Chioma\Downloads\JRT.exe

2015-06-02 20:54 - 2015-06-02 20:54 - 00016079 _____ () C:\Users\Chioma\Desktop\AdwCleaner[S0].txt

2015-06-02 20:46 - 2015-06-02 20:46 - 00043091 _____ () C:\Users\Chioma\Desktop\mbam.txt

2015-06-02 20:40 - 2015-06-02 20:40 - 00000000 ____D () C:\Users\Chioma\AppData\Local\GWX

2015-06-02 20:34 - 2015-06-02 20:50 - 00000000 ____D () C:\AdwCleaner

2015-06-02 20:06 - 2015-06-02 20:54 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2015-06-02 20:05 - 2015-06-02 20:05 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-06-02 20:05 - 2015-06-02 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-06-02 20:05 - 2015-06-02 20:05 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-06-02 20:05 - 2015-06-02 20:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-06-02 20:05 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2015-06-02 20:05 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2015-06-02 20:05 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2015-06-02 20:04 - 2015-06-02 20:04 - 02231296 _____ () C:\Users\Chioma\Downloads\AdwCleaner_4.206.exe

2015-06-02 20:02 - 2015-06-02 20:03 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Chioma\Downloads\mbam-setup-2.1.6.1022.exe

2015-05-30 15:36 - 2015-05-30 15:36 - 05628678 _____ (Swearware) C:\Users\Chioma\Downloads\ComboFix.exe

2015-05-30 15:36 - 2015-05-30 15:36 - 05628678 _____ (Swearware) C:\Users\Chioma\Downloads\ComboFix (1).exe

2015-05-30 15:13 - 2015-05-30 15:13 - 00000000 _____ () C:\Users\Chioma\AppData\Local\Temp.dat

2015-05-30 15:03 - 2015-05-30 15:03 - 00000755 _____ () C:\Users\Chioma\Desktop\Revo Uninstaller.lnk

2015-05-30 15:02 - 2015-05-30 15:02 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Chioma\Downloads\revosetup95.exe

2015-05-25 17:06 - 2015-05-25 17:08 - 00040770 _____ () C:\Users\Chioma\Downloads\Addition.txt

2015-05-25 17:05 - 2015-06-02 21:17 - 00014141 _____ () C:\Users\Chioma\Downloads\FRST.txt

2015-05-25 17:05 - 2015-06-02 21:17 - 00000000 ____D () C:\FRST

2015-05-25 17:04 - 2015-06-02 21:17 - 02108928 _____ (Farbar) C:\Users\Chioma\Downloads\FRST64.exe

2015-05-20 11:59 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll

2015-05-20 11:59 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll

2015-05-19 12:04 - 2015-03-17 19:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS

2015-05-19 12:04 - 2015-03-09 04:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys

2015-05-19 12:03 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll

2015-05-19 12:03 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll

2015-05-19 12:02 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll

2015-05-19 12:02 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll

2015-05-19 12:02 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys

2015-05-19 12:02 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll

2015-05-19 12:02 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll

2015-05-19 12:02 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll

2015-05-19 12:02 - 2014-11-14 08:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll

2015-05-19 11:56 - 2015-04-14 00:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

2015-05-19 11:56 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll

2015-05-19 11:56 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll

2015-05-19 11:56 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll

2015-05-19 11:56 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll

2015-05-19 11:56 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll

2015-05-19 11:56 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll

2015-05-19 11:56 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll

2015-05-19 11:56 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll

2015-05-19 11:56 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll

2015-05-19 11:50 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2015-05-19 11:50 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2015-05-19 11:50 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec

2015-05-19 11:50 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2015-05-19 11:50 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll

2015-05-19 11:50 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll

2015-05-19 11:50 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2015-05-19 11:50 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2015-05-19 11:50 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll

2015-05-19 11:50 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2015-05-19 11:50 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec

2015-05-19 11:50 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2015-05-19 11:50 - 2015-04-21 18:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll

2015-05-19 11:50 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll

2015-05-19 11:50 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2015-05-19 11:50 - 2015-04-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll

2015-05-19 11:50 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll

2015-05-19 11:50 - 2015-04-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll

2015-05-19 11:50 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2015-05-19 11:50 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2015-05-19 11:50 - 2015-04-21 17:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2015-05-19 11:50 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2015-05-19 11:50 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2015-05-19 11:50 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll

2015-05-19 11:50 - 2015-04-21 17:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll

2015-05-19 11:50 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll

2015-05-19 11:50 - 2015-04-21 17:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll

2015-05-19 11:50 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2015-05-19 11:50 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll

2015-05-19 11:50 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2015-05-19 11:50 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2015-05-19 11:50 - 2015-04-21 17:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll

2015-05-19 11:50 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2015-05-19 11:50 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2015-05-19 11:50 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2015-05-19 11:50 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2015-05-19 11:50 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2015-05-19 11:50 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2015-05-19 11:50 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2015-05-19 11:50 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe

2015-05-19 11:50 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll

2015-05-19 11:50 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll

2015-05-19 11:50 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys

2015-05-19 11:50 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll

2015-05-19 11:50 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll

2015-05-19 11:50 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll

2015-05-19 11:50 - 2015-03-13 06:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys

2015-05-19 11:50 - 2015-03-13 06:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys

2015-05-19 11:50 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys

2015-05-19 11:50 - 2015-03-13 02:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml

2015-05-19 11:50 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe

2015-05-19 11:50 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe

2015-05-19 11:50 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll

2015-05-19 11:50 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll

2015-05-19 11:50 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll

2015-05-19 11:50 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
 

==================== One Month Modified files and folders ========
 

(If an entry is included in the fixlist, the file/folder will be moved.)
 

2015-06-02 21:09 - 2014-08-03 13:05 - 00000000 ___DO () C:\Users\Chioma\OneDrive

2015-06-02 21:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2015-06-02 20:59 - 2014-01-05 20:05 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3740528191-2975148286-2186109717-1002

2015-06-02 20:56 - 2014-01-20 00:40 - 00000000 ____D () C:\Users\Chioma\Documents\Youcam

2015-06-02 20:54 - 2015-01-24 22:38 - 00000344 _____ () C:\WINDOWS\Tasks\GlaryInitialize.job

2015-06-02 20:54 - 2014-02-13 00:36 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2015-06-02 20:51 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2015-06-02 20:50 - 2014-03-18 11:54 - 00065346 _____ () C:\WINDOWS\PFRO.log

2015-06-02 20:50 - 2013-08-22 16:46 - 00309122 _____ () C:\WINDOWS\setupact.log

2015-06-02 20:50 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI

2015-06-02 20:49 - 2014-08-03 13:00 - 00001010 _____ () C:\Users\Chioma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2015-06-02 20:49 - 2014-02-13 00:36 - 00001309 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-06-02 20:49 - 2014-02-13 00:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-06-02 20:37 - 2015-04-20 15:16 - 00000000 ____D () C:\Program Files (x86)\Effective Measure Community Plugin

2015-06-02 20:37 - 2015-03-23 14:06 - 00000000 ____D () C:\Program Files (x86)\Woot

2015-06-02 20:37 - 2015-02-10 19:44 - 00000000 ____D () C:\Program Files (x86)\2091ddc5-3060-4578-9d8d-7f7e368bb940

2015-06-02 20:37 - 2013-11-18 00:54 - 00000000 ____D () C:\Program Files (x86)\AMD AVT

2015-06-02 20:35 - 2014-01-29 12:30 - 00000950 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3740528191-2975148286-2186109717-1002UA.job

2015-06-02 20:18 - 2014-08-02 17:09 - 02054353 _____ () C:\WINDOWS\WindowsUpdate.log

2015-06-02 19:57 - 2014-01-05 19:57 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CD8F2EDA-FDC7-4E5E-AF44-F4526782A5B1}

2015-06-02 19:56 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM

2015-06-02 19:53 - 2015-04-20 14:37 - 00000004 _____ () C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7

2015-06-02 19:51 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

2015-06-01 19:26 - 2015-03-25 17:22 - 00003170 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForChioma

2015-06-01 19:26 - 2015-03-25 17:22 - 00000354 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForChioma.job

2015-05-28 19:55 - 2014-03-18 12:03 - 00956476 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2015-05-28 11:35 - 2014-01-29 12:30 - 00000928 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3740528191-2975148286-2186109717-1002Core.job

2015-05-27 03:21 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache

2015-05-25 17:01 - 2015-04-04 23:20 - 00000000 ____D () C:\ProgramData\EPSON

2015-05-24 20:11 - 2014-01-05 20:01 - 00000000 ____D () C:\Users\Chioma\AppData\Roaming\Macromedia

2015-05-23 09:51 - 2013-08-22 16:44 - 00381368 _____ () C:\WINDOWS\system32\FNTCACHE.DAT

2015-05-23 09:47 - 2015-04-20 14:52 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX

2015-05-23 09:47 - 2015-04-20 14:52 - 00000000 ___SD () C:\WINDOWS\system32\GWX

2015-05-23 09:47 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel

2015-05-23 09:47 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers

2015-05-20 23:24 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

2015-05-20 22:37 - 2014-01-08 23:38 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log

2015-05-20 11:59 - 2014-01-07 21:49 - 00000000 ____D () C:\WINDOWS\system32\MRT

2015-05-19 17:21 - 2014-01-07 21:49 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2015-05-19 14:18 - 2014-03-18 11:45 - 00000000 ____D () C:\Program Files\Windows Journal

2015-05-19 12:13 - 2014-02-13 00:36 - 00003896 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

2015-05-19 12:13 - 2014-02-13 00:36 - 00003660 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

2015-05-19 12:13 - 2014-02-13 00:36 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2015-05-19 11:48 - 2014-02-01 20:59 - 00000000 ____D () C:\Program Files\Microsoft Office 15

2015-05-05 19:59 - 2015-03-12 18:17 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2015-05-05 19:59 - 2015-03-12 18:17 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 

==================== Files in the root of some directories =======
 

2015-06-02 21:04 - 2015-06-02 21:04 - 0000024 _____ () C:\Users\Chioma\AppData\Roaming\appdataFr25.bin

2015-05-30 15:13 - 2015-05-30 15:13 - 0000000 _____ () C:\Users\Chioma\AppData\Local\Temp.dat
 

Some files in TEMP:

====================

C:\Users\Chioma\AppData\Local\Temp\Extract.exe

C:\Users\Chioma\AppData\Local\Temp\Quarantine.exe

C:\Users\Chioma\AppData\Local\Temp\sqlite3.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-05-28 20:23
 

==================== End of log ============================