Unwanted search engine searchprivacy.co

**Gweetar** · 11-10-2016, 02:59 PM

Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by Swooce on Wed 11/09/2016 at 17:53:50.92.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Swooce\Downloads\zoek.exe [Scan all users] [Deep Scan] [Auto Clean]

==== System Restore Info ======================

11/9/2016 9:27:23 PM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\R.G. Mechanics deleted successfully
C:\Users\Swooce\AppData\Roaming\c deleted successfully
C:\Users\Swooce\AppData\Local\CrashDumps deleted successfully
C:\Users\Swooce\AppData\Local\Skype deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Running Processes ======================

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
C:\Users\Swooce\Downloads\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\PROGRA~2\R.G. Mechanics not found
C:\Users\Swooce\AppData\Roaming\Curse Client deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Swooce\AppData\Local\Unity deleted
C:\Users\Swooce\AppData\LocalLow\Unity deleted

==== System Specs ======================

Windows: Windows 7 Ultimate Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 8165 MB
CPU Info: AMD FX™-8350 Eight-Core Processor
CPU Speed: 3959.3 MHz
Sound Card: Speakers (Realtek High Definiti |
Display Adapters: NVIDIA GeForce GTX 750 Ti | NVIDIA GeForce GTX 750 Ti | NVIDIA GeForce GTX 750 Ti | NVIDIA GeForce GTX 750 Ti | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1440 X 900 - 32 bit
Network: Network Present
Network Adapters: Realtek PCIe GBE Family Controller | N600 Wireless Dual Band PCI Express Adapter | Hamachi Network Interface
CD / DVD Drives: No optical drives found.
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 8 Button Wheel Mouse Present
Hard Disks: C: 931.4GB | D: 186.3GB | E: 254.5GB | F: 465.8GB
Hard Disks - Free: C: 598.3GB | D: 15.0GB | E: 131.8GB | F: 465.6GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 01/21/15 | ALASKA - 1072009
Time Zone: Eastern Standard Time
Motherboard *: ASRock 970M Pro3
Country: United States
Language: ENU

==== System Specs (Software) ======================

AV: Microsoft Security Essentials Disabled/Updated {71A27EC9-3DA6-45FC-60A7-004F623C6189}
SP: Microsoft Security Essentials Disabled/Updated {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
SP: Windows Defender Disabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
Default Browser: Google Chrome 54.0.2840.71
Internet Explorer Version: 11.0.9600.18499
Google Chrome version: 54.0.2840.71
Sun Java version: 1.8.0_51 (32-bit)
Sun Java version: 1.8.0_51 (64-bit)

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2016-11-08 10:07:56 7122DC6E7A33CB56217DC27FE3BDEFBC 1914038 ----a-w- C:\Windows\345b373d6c15734d8a7cece5f8fbc403.exe
====== C:\Users\Swooce\AppData\Local\Temp ====
2016-11-09 21:53:30 D7B59C5C8C22101B50502AFB482A86FE 387072 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.147 8728375_permissionsCopy\updates\3.4.7_42330\utorre ntie.exe
2016-11-09 21:53:30 D023A7DA00A3F63E79C8F16E509CEA20 387072 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.147 8728375_permissionsCopy\updates\3.4.8_42449\utorre ntie.exe
2016-11-09 21:53:30 AE740DAFEB88429E8E7E83ACEE609516 340480 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.147 8728375_permissionsCopy\updates\3.4.6_42094\utorre ntie.exe
2016-11-09 21:53:30 9FF7A89211B37CD81309421D53FD66C0 387072 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.147 8728375_permissionsCopy\updates\3.4.8_42576\utorre ntie.exe
2016-11-09 21:53:30 61F5086763071C254EFE51C1E3E03C5E 387072 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.147 8728375_permissionsCopy\updates\3.4.9_42606\utorre ntie.exe
2016-11-09 21:53:30 55F5FF4E4BD359CB8D44787DFD945855 335872 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.147 8728375_permissionsCopy\updates\3.4.5_41712\utorre ntie.exe
2016-11-09 21:53:30 4568951FA4CD0B478D01D131F25A0ECC 1977536 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.147 8728375_permissionsCopy\updates\3.4.9_42606.exe
2016-11-09 21:53:30 25B6F764C7201ABD6672AAB425F48019 335872 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.147 8728375_permissionsCopy\updates\3.4.5_41865\utorre ntie.exe
2016-11-09 21:53:22 5A6BD2A6FA1323AC96E860DFA6CBC9B6 2139840 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.147 8728375_permissionsCopy\updates\3.4.8_42576.exe
2016-11-09 21:53:15 6F8F01C2279F49BD3103599B53EE2A57 1972224 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.147 8728375_permissionsCopy\updates\3.4.8_42449.exe
2016-11-09 21:53:08 D0278FA8947ED54A112893F71917F46A 2133504 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.147 8728375_permissionsCopy\updates\3.4.7_42330.exe
2016-11-09 21:53:01 89144ED117C1D506AE3AB6D0E12F4D4B 2094080 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.147 8728375_permissionsCopy\updates\3.4.5_41865.exe
2016-11-09 21:53:01 570193297A02D9332C1122C1C7B756EF 1959424 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.147 8728375_permissionsCopy\updates\3.4.6_42094.exe
2016-11-09 21:52:59 65066A6E15E60A707E587005E4DDA398 2065944 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.147 8728375_permissionsCopy\updates\3.4.5_41712.exe
2016-11-09 21:52:57 EABA486CA44CE139B1A6C2520FE61837 933376 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.147 8728375\HTA\3rdparty\FS.dll
2016-11-09 21:52:57 4568951FA4CD0B478D01D131F25A0ECC 1977536 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.147 8728375_permissionsCopy\uTorrent.exe
2016-11-09 04:10:13 D6C47585818079867E3B7B46245B46AE 24606 ----a-w- C:\Users\Swooce\AppData\Local\Temp\cubecc.exe
2016-11-09 04:10:01 090FBD01505C47342AD2CEEFD6BF2AD7 196096 ----a-w- C:\Users\Swooce\AppData\Local\Temp\53218929\ic-0.b059c4eca06ec.exe
2016-11-09 04:09:36 828131855DD4D89E6EB6CEC08DF03C22 4605744 ----a-w- C:\Users\Swooce\AppData\Local\Temp\53218929\ic-0.3b2bc6c0671744.exe
2016-11-09 04:09:13 30B43E01A6C983FFD37B90D1D91F7CA8 522752 ----a-w- C:\Users\Swooce\AppData\Local\Temp\53218929\ic-0.6012ccea114728.exe
2016-11-09 04:09:11 1C308D8F45584AAF4652CB9C33451BBB 8843968 ----a-w- C:\Users\Swooce\AppData\Local\Temp\53218929\ic-0.a35752e8909478.exe
2016-11-09 04:08:45 ACA1E16A65F938C42B62DEBE60CD2AFF 766169 ----a-w- C:\Users\Swooce\AppData\Local\Temp\53218929\ic-0.2e548b537bfe34.exe
2016-11-09 04:08:37 D51A9BFF2AD251288EA7700771FD3EE2 12288 ----a-w- C:\Users\Swooce\AppData\Local\Temp\wait.exe
2016-11-09 04:08:37 1C11AC458753F3D3D896C24ABB35F49F 699392 ----a-w- C:\Users\Swooce\AppData\Local\Temp\CodecFixDivx.ex e
2016-11-09 04:08:36 C3F5F4A1FB69B5889F0BBB313CF6017F 329944 ----a-w- C:\Users\Swooce\AppData\Local\Temp_ir_sf_temp_2\lu a5.1.dll
2016-11-09 04:08:36 B895D42059B9CE3B2305C77DC27DEF95 20510 ----a-w- C:\Users\Swooce\AppData\Local\Temp\dxdiag.exe
2016-11-09 04:08:36 9BDCF813D65265255B820BC7A704DA3C 1388544 ----a-w- C:\Users\Swooce\AppData\Local\Temp_ir_sf_temp_2\ir setup.exe
2016-11-09 04:08:33 DF4AD319625777EEB460396B3D6741EF 6860215 ----a-w- C:\Users\Swooce\AppData\Local\Temp\startIT.exe
2016-11-09 04:08:28 AAE5D937048B3BC62F63534DAFA71628 1850694 ----a-w- C:\Users\Swooce\AppData\Local\Temp\cpa.exe
2016-11-07 12:13:06 1A6557BB2FF808A4CDE614F8D4E80119 380928 ----a-w- C:\Users\Swooce\AppData\Local\Temp\WindowService.L ib.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2016-11-09 15:27:53 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2016-11-09 15:27:41 78BFF5425E044086E74E78650A359FBB 27008 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
2016-11-09 15:27:41 452ACB7A9914398D9E18CCCFFCF92208 64896 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys
2016-11-09 15:27:41 1239597BAB7EED2BB16D035AF87E65D9 140672 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
2016-10-12 22:22:29 EA4D67448BE493D543F1730D6CD04694 663552 ----a-w- C:\Windows\Sysnative\drivers\PEAuth.sys
2016-10-12 22:22:27 8ADB5445B29941CB41AF2846FD5C93C7 94440 ----a-w- C:\Windows\Sysnative\drivers\mountmgr.sys
2016-10-12 22:22:26 9B38580063D281A99E68EF5813022A5F 106496 ----a-w- C:\Windows\Sysnative\drivers\dfsc.sys
2016-10-12 22:22:24 CF11CC2B73D5155533C67354F9188E09 95464 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys
2016-10-12 22:22:24 98DB1790F0A584E0A2528B92B052417F 142336 ----a-w- C:\Windows\Sysnative\drivers\mrxdav.sys
2016-10-12 22:22:24 2E56D51B184EFB8E353B7AF446299DC8 154856 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys
2016-10-12 22:22:21 FCA01B0C70DAE9BE557577E719469D17 159744 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb.sys
2016-10-12 22:22:19 841474CF2EB14F826038FBCC7D85B857 129536 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb20.sys
2016-10-12 22:22:19 386BE96797C5B480AD31E8B50CEE337C 291328 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb10.sys
2016-10-12 22:22:17 8B73FEE96B60EE597CBCAA735A842A36 62464 ----a-w- C:\Windows\Sysnative\drivers\appid.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
======= C: =====
====== C:\Users\Swooce\AppData\Roaming ======
2016-11-09 22:43:38 -------- d-----w- C:\Users\Swooce\AppData\Roaming\ZHP
2016-11-09 04:02:50 -------- d-----w- C:\Users\Swooce\AppData\Locallow\uTorrent
2016-10-28 03:57:28 -------- d-----w- C:\Users\Swooce\AppData\Local\Black_Tree_Gaming
2016-10-16 21:13:19 -------- d-----w- C:\Users\Swooce\AppData\Roaming\runic games
====== C:\Users\Swooce ======
2016-11-09 22:42:51 C13760F9F0C978919F087ABFC20CB05D 2488832 ----a-w- C:\Users\Swooce\Downloads\ZHPCleaner.exe
2016-11-09 21:24:55 A4B12C9ABC86B6F0B42D2ACEDF7F5C76 2410496 ----a-w- C:\Users\Swooce\Downloads\FRST64.exe
2016-11-09 15:21:21 52F4695C53B02ADA7D648F95F2E2F8B4 22851472 ----a-w- C:\Users\Swooce\Downloads\mbam-setup-2.2.1.1043.exe
2016-11-09 15:20:52 121F06C1DA71965212F3B6C13C17C514 3910208 ----a-w- C:\Users\Swooce\Downloads\AdwCleaner.exe
2016-10-28 03:56:12 4E9E48593706B7F9B95E4E5FAA2E28C5 6450488 ----a-w- C:\Users\Swooce\Downloads\Nexus Mod Manager-0.63.2.exe

====== C: exe-files ==
2016-11-10 02:34:10 2905624FC89D330956E239CFBD81A725 727120 ----a-w- C:\Users\Swooce\AppData\Local\NVIDIA\NvBackend\Pac kages\0000971e\CoProc update.21350355.exe
2016-11-10 02:34:05 62C7E48758BCB99308D58F0622DFE13B 9381376 ----a-w- C:\Users\Swooce\AppData\Local\NVIDIA\NvBackend\Pac kages\00009730\DAO.21352768.exe
2016-11-09 22:43:38 C13760F9F0C978919F087ABFC20CB05D 2488832 ----a-w- C:\Users\Swooce\AppData\Roaming\ZHP\ZHPCleaner.exe
2016-11-09 22:42:51 C13760F9F0C978919F087ABFC20CB05D 2488832 ----a-w- C:\Users\Swooce\Downloads\ZHPCleaner.exe
2016-11-09 21:53:30 D7B59C5C8C22101B50502AFB482A86FE 387072 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.147 8728375_permissionsCopy\updates\3.4.7_42330\utorre ntie.exe
2016-11-09 21:53:30 D023A7DA00A3F63E79C8F16E509CEA20 387072 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.147 8728375_permissionsCopy\updates\3.4.8_42449\utorre ntie.exe
2016-11-09 21:53:30 AE740DAFEB88429E8E7E83ACEE609516 340480 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.147 8728375_permissionsCopy\updates\3.4.6_42094\utorre ntie.exe
2016-11-09 21:53:30 9FF7A89211B37CD81309421D53FD66C0 387072 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.147 8728375_permissionsCopy\updates\3.4.8_42576\utorre ntie.exe
2016-11-09 21:53:30 61F5086763071C254EFE51C1E3E03C5E 387072 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.147 8728375_permissionsCopy\updates\3.4.9_42606\utorre ntie.exe
2016-11-09 21:53:30 55F5FF4E4BD359CB8D44787DFD945855 335872 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.147 8728375_permissionsCopy\updates\3.4.5_41712\utorre ntie.exe
2016-11-09 21:53:30 4568951FA4CD0B478D01D131F25A0ECC 1977536 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.147 8728375_permissionsCopy\updates\3.4.9_42606.exe
2016-11-09 21:53:30 25B6F764C7201ABD6672AAB425F48019 335872 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.147 8728375_permissionsCopy\updates\3.4.5_41865\utorre ntie.exe
2016-11-09 21:53:22 5A6BD2A6FA1323AC96E860DFA6CBC9B6 2139840 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.147 8728375_permissionsCopy\updates\3.4.8_42576.exe
2016-11-09 21:53:15 6F8F01C2279F49BD3103599B53EE2A57 1972224 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.147 8728375_permissionsCopy\updates\3.4.8_42449.exe
2016-11-09 21:53:08 D0278FA8947ED54A112893F71917F46A 2133504 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.147 8728375_permissionsCopy\updates\3.4.7_42330.exe
2016-11-09 21:53:01 89144ED117C1D506AE3AB6D0E12F4D4B 2094080 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.147 8728375_permissionsCopy\updates\3.4.5_41865.exe
2016-11-09 21:53:01 570193297A02D9332C1122C1C7B756EF 1959424 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.147 8728375_permissionsCopy\updates\3.4.6_42094.exe
2016-11-09 21:52:59 65066A6E15E60A707E587005E4DDA398 2065944 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.147 8728375_permissionsCopy\updates\3.4.5_41712.exe
2016-11-09 21:52:57 4568951FA4CD0B478D01D131F25A0ECC 1977536 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.147 8728375_permissionsCopy\uTorrent.exe
2016-11-09 21:24:55 A4B12C9ABC86B6F0B42D2ACEDF7F5C76 2410496 ----a-w- C:\Users\Swooce\Downloads\FRST64.exe
2016-11-09 21:22:22 63592C483A75F9D0BC887BC9FC1ED7CC 346512 ----a-w- C:\Users\Swooce\AppData\Local\NVIDIA\NvBackend\App licationOntology\NvOAWrapperCache.exe
2016-11-09 21:22:20 239C0D2EA04E2B835AA3CAC711DD69D0 403856 ----a-w- C:\Users\Swooce\AppData\Local\NVIDIA\NvBackend\App licationOntology\OAWrapper.exe
2016-11-09 15:23:13 4E3F9DC6AFED15D617BD3B8CEC9A56B3 119808 ----a-w- C:\AdwCleaner\quarantine\files\chbqrmxmwrekkrxyynk sjrynpokvlrzv\ur.exe
2016-11-09 15:21:21 52F4695C53B02ADA7D648F95F2E2F8B4 22851472 ----a-w- C:\Users\Swooce\Downloads\mbam-setup-2.2.1.1043.exe
2016-11-09 15:20:52 121F06C1DA71965212F3B6C13C17C514 3910208 ----a-w- C:\Users\Swooce\Downloads\AdwCleaner.exe
2016-11-09 15:18:26 CC0FCC4C5AA93959E19744C9ADF63A6D 544 ----a-w- C:$Recycle.Bin\S-1-5-21-3488453458-2430756528-1590804681-1000$IU8904Q.exe
2016-11-09 15:18:26 B54F68C522868E02E91CA1C27DFBD224 544 ----a-w- C:$Recycle.Bin\S-1-5-21-3488453458-2430756528-1590804681-1000$IF3W01N.exe
2016-11-09 15:02:35 121F06C1DA71965212F3B6C13C17C514 3910208 ----a-w- C:$Recycle.Bin\S-1-5-21-3488453458-2430756528-1590804681-1000$RF3W01N.exe
2016-11-09 15:00:38 52F4695C53B02ADA7D648F95F2E2F8B4 22851472 ----a-w- C:$Recycle.Bin\S-1-5-21-3488453458-2430756528-1590804681-1000$RU8904Q.exe
2016-11-09 04:10:13 D6C47585818079867E3B7B46245B46AE 24606 ----a-w- C:\Users\Swooce\AppData\Local\Temp\cubecc.exe
2016-11-09 04:10:01 090FBD01505C47342AD2CEEFD6BF2AD7 196096 ----a-w- C:\Users\Swooce\AppData\Local\Temp\53218929\ic-0.b059c4eca06ec.exe
2016-11-09 04:09:36 828131855DD4D89E6EB6CEC08DF03C22 4605744 ----a-w- C:\Users\Swooce\AppData\Local\Temp\53218929\ic-0.3b2bc6c0671744.exe
2016-11-09 04:09:13 30B43E01A6C983FFD37B90D1D91F7CA8 522752 ----a-w- C:\Users\Swooce\AppData\Local\Temp\53218929\ic-0.6012ccea114728.exe
2016-11-09 04:09:11 1C308D8F45584AAF4652CB9C33451BBB 8843968 ----a-w- C:\Users\Swooce\AppData\Local\Temp\53218929\ic-0.a35752e8909478.exe
2016-11-09 04:08:45 ACA1E16A65F938C42B62DEBE60CD2AFF 766169 ----a-w- C:\Users\Swooce\AppData\Local\Temp\53218929\ic-0.2e548b537bfe34.exe
2016-11-09 04:08:37 D51A9BFF2AD251288EA7700771FD3EE2 12288 ----a-w- C:\Users\Swooce\AppData\Local\Temp\wait.exe
2016-11-09 04:08:37 1C11AC458753F3D3D896C24ABB35F49F 699392 ----a-w- C:\Users\Swooce\AppData\Local\Temp\CodecFixDivx.ex e
2016-11-09 04:08:36 B895D42059B9CE3B2305C77DC27DEF95 20510 ----a-w- C:\Users\Swooce\AppData\Local\Temp\dxdiag.exe
2016-11-09 04:08:36 9BDCF813D65265255B820BC7A704DA3C 1388544 ----a-w- C:\Users\Swooce\AppData\Local\Temp_ir_sf_temp_2\ir setup.exe
2016-11-09 04:08:33 DF4AD319625777EEB460396B3D6741EF 6860215 ----a-w- C:\Users\Swooce\AppData\Local\Temp\startIT.exe
2016-11-09 04:08:28 AAE5D937048B3BC62F63534DAFA71628 1850694 ----a-w- C:\Users\Swooce\AppData\Local\Temp\cpa.exe
2016-11-09 04:03:50 544D3B5ED3C988699C9E77D14F7DA225 402886071 ----a-r- C:\Users\Swooce\Downloads\Minecraft 1 9 5 Cracked - P2P\Setup.exe
2016-11-08 10:07:56 7122DC6E7A33CB56217DC27FE3BDEFBC 1914038 ----a-w- C:\Windows\345b373d6c15734d8a7cece5f8fbc403.exe
2016-11-08 02:36:57 42D4C5F3338C624FCFEC515AF3E26C1B 4824552 ----a-w- C:\ProgramData\Battle.net\Agent\Agent.5269\Agent.e xe
2016-11-06 02:07:17 DEE3B4349482368E3E0E1C231229233C 133608 ----a-w- C:\Program Files (x86)\Battle.net\Battle.net.8098\Loader64.exe
2016-11-06 02:07:08 E3F4B6E5305707FF088A4BA1268A49FE 1484776 ----a-w- C:\Program Files (x86)\Battle.net\Battle.net.8098\Battle.net Helper.exe
2016-11-06 02:07:08 C35B1FB1E02E77F49D5DC606ACCB3F2A 12967912 ----a-w- C:\Program Files (x86)\Battle.net\Battle.net.8098\Battle.net.exe
2016-11-05 23:04:38 DDCE338BB173B32024679D61FB4F2BA6 537432 ----a-w- C:\Program Files (x86)\Steam\steamapps\common\Psychonauts\redist\DX SETUP.exe
2016-11-05 23:04:38 DD54E65CB1D5C18BCB0F061E4AA8EE80 4150272 ----a-w- C:\Program Files (x86)\Steam\steamapps\common\Psychonauts\Psychonau ts.exe
2016-11-05 23:04:38 5689D43C3B201DD3810FA3BBA4A6476A 4216840 ----a-w- C:\Program Files (x86)\Steam\steamapps\common\Psychonauts\redist\vc redist_x86.exe
2016-11-03 20:27:00 E465D472C90BD07357D26A6BAAD32B0C 2226680 ----a-w- C:\Users\Swooce\AppData\Local\Google\Chrome\User Data\SwReporter\13.79.1\software_reporter_tool.exe
=== C: other files ==
2016-11-09 21:52:55 3E73077328D6C51D35A46ABC5D951802 2192006 ----a-w- C:\Users\Swooce\AppData\Local\Temp\HYD129D.tmp.147 8728375\HTA\install.1478728375.zip
2016-11-09 15:27:53 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2016-11-09 15:27:41 78BFF5425E044086E74E78650A359FBB 27008 ----a-w- C:\Windows\System32\drivers\mbam.sys
2016-11-09 15:27:41 452ACB7A9914398D9E18CCCFFCF92208 64896 ----a-w- C:\Windows\System32\drivers\mwac.sys
2016-11-09 15:27:41 1239597BAB7EED2BB16D035AF87E65D9 140672 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2016-11-09 15:23:14 B96E2E2AB0CA289465E49C4423ADB294 597 ----a-w- C:\Users\Swooce\AppData\Local\Temp\DeleteOnReboot. bat
2016-11-05 23:10:22 28D9D9BBE54E8C61F6CB674EA159730B 1036 ----a-w- C:\Program Files (x86)\Steam\steamapps\common\Psychonauts\WorkResou rce\VertexShaders\PreprocessVertexShaders.bat
2016-11-05 23:10:20 6B07E930C1713C3040F1E6C378F3B770 55 ----a-w- C:\Program Files (x86)\Steam\steamapps\common\Psychonauts\WorkResou rce\VertexShaders\CompileShader.bat

==== Startup Registry Enabled ======================

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\Curr entVersion\Run]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”

[HKEY_USERS\S-1-5-21-3488453458-2430756528-1590804681-1000\Software\Microsoft\Windows\CurrentVersion\Run]
“Steam”=“C:\Program Files (x86)\Steam\steam.exe -silent”
“RESTART_STICKY_NOTES”=“C:\Windows\System32\StikyN ot.exe”
“CCleaner Monitoring”=“C:\Program Files\CCleaner\CCleaner64.exe /MONITOR”
“Skype”=“C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun”

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOn ce]
“mctadmin”=“C:\Windows\System32\mctadmin.exe”

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOn ce]
“mctadmin”=“C:\Windows\System32\mctadmin.exe”

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
“SunJavaUpdateSched”=“C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
“BlueStacks Agent”=“C:\Program Files (x86)\BlueStacks\HD-Agent.exe”
“LogMeIn Hamachi Ui”=“C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe --auto-start”

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
“Steam”=“C:\Program Files (x86)\Steam\steam.exe -silent”
“RESTART_STICKY_NOTES”=“C:\Windows\System32\StikyN ot.exe”
“CCleaner Monitoring”=“C:\Program Files\CCleaner\CCleaner64.exe /MONITOR”
“Skype”=“C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun”

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
“MSC”=“c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey”
“NvBackend”=“C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe”
“ShadowPlay”=“C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSyst emStart”
“RtHDVCpl”=“C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s”
“GamecomSound”=“C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe”
“Logitech Download Assistant”=“C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch”
“iTunesHelper”=“C:\Program Files\iTunes\iTunesHelper.exe”

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Everything]
“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\R un”
“item”=“Everything”
“hkey”=“HKLM”
“command”=“"C:\Program Files\Everything\Everything.exe" -startup”

==== Task Scheduler Jobs ======================

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore1d1e92 bdcbba985.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\tasks\GoogleUpdateTaskMachineUA1d1e92bd d417cbf.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==== Other Scheduled Tasks ======================

“C:\Windows\SysNative\tasks\CCleanerSkipUAC” [“C:\Program Files\CCleaner\CCleaner.exe”]
“C:\Windows\SysNative\tasks\GoogleUpdateTaskMachin eCore” [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
“C:\Windows\SysNative\tasks\GoogleUpdateTaskMachin eCore1d1e92bdcbba985” [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
“C:\Windows\SysNative\tasks\GoogleUpdateTaskMachin eUA” [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
“C:\Windows\SysNative\tasks\GoogleUpdateTaskMachin eUA1d1e92bdd417cbf” [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
“C:\Windows\SysNative\tasks{53CF22D0-3EE7-48B7-BD6C-7168DB898A79}” [C:\Program Files (x86)\R.G. Mechanics\Sherlock Holmes - Crimes & Punishments\Binaries\Win32\Sherlock.exe]
“C:\Windows\SysNative\tasks{EE0056F9-C17E-4488-B954-ADB34F959B3A}” [“c:\program files (x86)\google\chrome\application\chrome.exe”]
“C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpd ate” [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]

==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86

Google Slides - Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek
Google Docs - Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake
Google Drive - Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf
Skype Calling - Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklih nhjkij
YouTube - Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo
Google Cast - Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkm llpafd
Google Search - Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf
Google Sheets - Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap
Google Docs Offline - Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi
Whitelisted domains - Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbi glidom
Speed Dial 2 - Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclc ccjcik
Ponify - Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaelfbndbnpddlehfmbhjnphpj ljegae
Reddit Enhancement Suite - Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgo cmfgmb
Search-Privacy.club - Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldcmlbbokmmghcjldembpnhfap encced
Chrome Web Store Payments - Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda
4chan X - Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohnjgmpcibpbafdlkimncjhflg edgpam
Gmail - Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia
Chrome Media Router - Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm

==== Chromium Fix ======================

C:\Users\Swooce\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclc ccjcik deleted successfully
C:\Users\Swooce\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jpfpebmajhhopeonhlcgidhclcccjcik_0.local storage deleted successfully
C:\Users\Swooce\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jpfpebmajhhopeonhlcgidhclcccjcik_0.local storage-journal deleted successfully
C:\Users\Swooce\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_jpfpebmajhhopeonhlcgidhclcccjcik_0 deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
“Start Page”=" MSN "

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
“Start Page”=" MSN "

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes “DefaultScope”=“{0633EE93-D776-472f-A0FF-E1416B8B2E3A}”
HKLM\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - Search - Microsoft Bing {searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes “DefaultScope”=“{0633EE93-D776-472f-A0FF-E1416B8B2E3A}”
HKLM\Wow6432Node\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - Search - Microsoft Bing {searchTerms}&FORM=IE8SRC
HKCU\SearchScopes “DefaultScope”=“{0633EE93-D776-472f-A0FF-E1416B8B2E3A}”
HKCU\SearchScopes{012E1000-F331-11DB-8314-0800200C9A66} - Google {searchTerms}
HKCU\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - Search - Microsoft Bing {searchTerms}&src=IE-SearchBox&FORM=IESR02

==== Deleting Registry Keys ======================

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Uninstall\UnityWebPlayer deleted successfully

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] “C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe” --auto-start
O4 - HKCU..\Run: [Steam] “C:\Program Files (x86)\Steam\steam.exe” -silent
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU..\Run: [CCleaner Monitoring] “C:\Program Files\CCleaner\CCleaner64.exe” /MONITOR
O4 - HKCU..\Run: [Skype] “C:\Program Files (x86)\Skype\Phone\Skype.exe” /minimized /regrun
O4 - HKUS\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-18..\Run: (User ‘SYSTEM’)
O4 - HKUS.DEFAULT..\Run: (User ‘Default user’)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Desura Install Service - Desura Net Pty Ltd - C:\Program Files (x86)\Common Files\Desura\desura_service.exe
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Windows\system32\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5 emptied successfully
C:\Users\Swooce\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\ Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Swooce\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\2PGH55C1 will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Swooce\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=873 folders=107 419164766 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Swooce\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\ Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Lo cal\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Swooce\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

“C:\Windows\serviceprofiles\networkservice\AppData \Local\Temp\MpCmdRun-5C-53C9D589-6B66-4F30-9BAB-9A0193B0BAFC.lock” not found
“C:\Windows\serviceprofiles\networkservice\AppData \Local\Temp\MpCmdRun.log” not found
“C:\Users\Swooce\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\2PGH55C1” not found

==== EOF on Wed 11/09/2016 at 21:45:04.29 ======================

**Gweetar** · 11-10-2016, 03:04 PM

For the zhp scan, What txt file should it be? I have multiple for some reason

**Malnutrition** · 11-10-2016, 03:24 PM

Zoek was ran incorrectly, also for now just skip that and the ZHP. Go ahead and run Zemana and the FRST fix and tell me how things are.

**Gweetar** · 11-10-2016, 04:31 PM

For Zemana there isnt an option for a deep scan

**Gweetar** · 11-10-2016, 04:54 PM

Zemana AntiMalware 2.60.2.1 (Installed)

Scan Result : Completed
Scan Date : 2016/11/10
Operating System : Windows 7 64-bit
Processor : 8X AMD FX™-8350 Eight-Core Processor
BIOS Mode : Legacy
CUID : 12B4594181B6192D284F30
Scan Type : Smart Scan
Duration : 20m 36s
Scanned Objects : 120291
Detected Objects : 3
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2
[HEADING=1]Detected Objects[/HEADING]
Chrome Startup Url
Status : Scanned
Object : chrome-extension://dgpdioedihjhncjafcpgbbjdpbbkikmi/speeddial.html
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Chrome Startup Url

Chrome Homepage
Status : Scanned
Object : Search
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Chrome Homepage

Search-Privacy.club
Status : Scanned
Object : %localappdata%\google\chrome\user data\default\extensions\ldcmlbbokmmghcjldembpnhfap encced
MD5 : -
Publisher : -
Size : -
Version : -
Detection : PUA.ChromeExt!Gr
Cleaning Action : Repair
Related Objects :
Browser Extension - Search-Privacy.club

**Malnutrition** · 11-10-2016, 05:10 PM

Originally posted by Gweetar

For Zemana there isnt an option for a deep scan

[ATTACH]745[/ATTACH]

**Gweetar** · 11-10-2016, 05:24 PM

Seems like zemana finally did it and my search engine is back to google again

**Gweetar** · 11-10-2016, 05:25 PM

Originally posted by Malnutrition

[ATTACH]745[/ATTACH]

That doesnt say that on mine

**Malnutrition** · 11-10-2016, 05:29 PM

Originally posted by Gweetar

That doesnt say that on mine

Odd, can you go ahead and run the FRST fix as well. Then update your out of date programs with Patch My PC.

After you have updated the programs, then please run this to make sure that they are updated.

Security Check Scan.

[ul]
[li]Download Security Check to your desktop.[/li][li]Right click it run as administrator.[/li][li]When the program completes, the tool will automatically open a log file.[/li][li]Please post that log here in your next post.[/li][/ul]

**Malnutrition** · 11-15-2016, 08:27 PM

@Gweetar Please give us an update, or this thread will be closed and marked inactive in 48 hours.

**Malnutrition** · 11-18-2016, 03:19 AM

Thread closed; due to lack of response by OP.~ Please send me a private message if you would like this thread re-opened for closure.

Unwanted search engine searchprivacy.co

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment