Timrl

Zemana AntiMalware 2.21.2.15 (Installed) ------------------------------------------------------- Scan Result : Completed Scan Date : 2016/6/19 Operating System : Windows 10 64-bit Processor : 8X Intel(R) Core(TM) i7-4810MQ CPU @ 2.80GHz BIOS Mode : UEFI CUID : 125507D02439396FB3F275 Scan Type : Smart Scan Duration : 1m 18s Scanned Objects : 15514 Detected Objects : 5 Excluded Objects : 0 Read Level : Normal Auto Upload : Enabled Detect All Extensions : Disabled Scan Documents : Disabled Domain Info : WORKGROUP,0,2 Detected Objects ------------------------------------------------------- Edge Homepage Status : Scanned Object : search.mpc.am MD5 : - Publisher : - Size : - Version : - Detection : Suspicious Browser Setting Cleaning Action : Repair Related Objects : Browser Setting - Edge Homepage Chrome Shortcut Status : Scanned Object : --load-extension="C:\Program Files (x86)\Google\Chrome\Application\7416b758f99a3b204bb1fddf8ff624c1_2" MD5 : - Publisher : - Size : - Version : - Detection : Suspicious Browser Setting Cleaning Action : Repair Related Objects : Browser Setting - Chrome Shortcut Chrome Shortcut Status : Scanned Object : --load-extension="C:\Program Files (x86)\Google\Chrome\Application\7416b758f99a3b204bb1fddf8ff624c1_2" MD5 : - Publisher : - Size : - Version : - Detection : Suspicious Browser Setting Cleaning Action : Repair Related Objects : Browser Setting - Chrome Shortcut FLV Player Status : Scanned Object : %localappdata%\google\chrome\user data\default\extensions\dhogabmliblgpadclikpkjfnnipeebjm MD5 : - Publisher : - Size : - Version : - Detection : PUA.ChromeExt!Gr Cleaning Action : Repair Related Objects : Browser Extension - FLV Player PCService.exe Status : Scanned Object : %programfiles%\pc service\pcservice.exe MD5 : 7F8A8ECD6665D457C1373D226482A175 Publisher : - Size : 722432 Version : 7.8.4.1 Detection : Adware:Win32/Vorniac.A!Krei Cleaning Action : Quarantine Related Objects : File - %programfiles%\pc service\pcservice.exe Scheduled Task - C:\WINDOWS\System32\Tasks\PC Service Worker Cleaning Result ------------------------------------------------------- Cleaned : 5 Reported as safe : 0 Failed : 0 First log, downloading other item now.

It didn't complete. It was getting close to completion, had found 7 things, and then all the text highlighted black and it froze. Then it popped up that it had stopped working.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.6 (04.25.2016) Operating System: Windows 10 Home x64 Ran by User (Administrator) on Sat 06/18/2016 at 14:24:53.34 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 5 Successfully deleted: C:\Users\User\AppData\Local\crashrpt (Folder) Successfully deleted: C:\Users\User\AppData Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod (Folder) Successfully deleted: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bigefpfhnfcobdlfbedofhhaibnlghod_0.localstorage-journal (File) Successfully deleted: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bigefpfhnfcobdlfbedofhhaibnlghod_0.localstorage (File) Successfully deleted: C:\WINDOWS\prefetch\HUSTLE CAT FREE DOWNLOAD.EXE-50F79CAC.pf (File) Registry 1 Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4A9E3757-8EE9-46AF-B120-2508CF31401E} (Registry Key) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 06/18/2016 at 14:27:24.85 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v5.200 - Logfile created 18/06/2016 at 14:31:28 # Updated 14/06/2016 by ToolsLib # Database : 2016-06-17.1 [Server] # Operating system : Windows 10 Home (X64) # Username : User - MR-MERPS-ALOT # Running from : C:\Users\User\Desktop\AdwCleaner.exe # Option : Clean # Support : https://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** ***** [ Files ] ***** [-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage [-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal [-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_foxi69.tlscdn.com_0.localstorage [-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_foxi69.tlscdn.com_0.localstorage-journal ***** [ DLLs ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** [-] Key Deleted : HKLM\SOFTWARE\SecureWeb [-] Key Deleted : HKLM\SOFTWARE\SecureWebChannel [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mpc.am [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\search.mpc.am ***** [ Web browsers ] ***** ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [10627 bytes] - [11/06/2016 00:44:21] C:\AdwCleaner\AdwCleaner[C2].txt - [1604 bytes] - [18/06/2016 14:31:28] C:\AdwCleaner\AdwCleaner[S1].txt - [10432 bytes] - [11/06/2016 00:39:50] C:\AdwCleaner\AdwCleaner[S2].txt - [1693 bytes] - [18/06/2016 14:29:24] ########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1824 bytes] ########## If at all possible, it's gotten worse. These are the first two logs, I'm attempting to run the ESET Scan at the moment but it's having issues. And since I went through and deleted everything with MalwareBytes it's begun to hotlink random words on webpages linking to various virus cleaners and such.

Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 6/16/2016 Scan Time: 12:13 PM Logfile: Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.06.16.03 Rootkit Database: v2016.05.27.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 10 CPU: x64 File System: NTFS User: User Scan Type: Threat Scan Result: Completed Objects Scanned: 356664 Time Elapsed: 29 min, 58 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 1 PUP.Optional.Privoxy, C:\Program Files (x86)\Gamma Task Menager\privoxy.exe, 23232, , [6e35ed10cacf88aef3b32185ab5840c0] Modules: 1 PUP.Optional.Privoxy.PrxySvrRST, C:\Program Files (x86)\Gamma Task Menager\mgwz.dll, , [a4ff02fb8118a78f7fd9acf60002c33d], Registry Keys: 8 PUP.Optional.Privoxy, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{35A48EAE-865D-498D-988A-CF62D66EC38B}, , [ecb7c5389900ed494c5d16dfec173cc4], PUP.Optional.Privoxy, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{68DE6ED9-20DD-42B1-B4F9-4638BBA5C3E4}, , [8221c03d93060333eebb6c89788b10f0], PUP.Optional.Privoxy, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A3B4E5F2-609D-418C-8BB5-231A2158E4A3}, , [643f26d7a3f661d5c3f46e5117ebae52], PUP.Optional.Privoxy, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F7345E0F-0521-4BBF-BC33-7EA3053A043B}, , [346fcc31633615214e6915aaa55dfc04], PUP.Optional.Privoxy, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Gamma Task Menager Worker, , [bae947b684152d098633c9f6d72b4bb5], PUP.Optional.Privoxy, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Security Defrag, , [465d609de4b5e1556644fafbc73c3ac6], PUP.Optional.Privoxy, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Security Defrag Logon, , [b0f32ecfb8e1c274159509ecc34054ac], PUP.Optional.Privoxy, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PRIVOXYSERVICE, , [6e35ed10cacf88aef3b32185ab5840c0], Registry Values: 6 PUP.Optional.Privoxy, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{35A48EAE-865D-498D-988A-CF62D66EC38B}|Path, \Security Defrag Logon, , [ecb7c5389900ed494c5d16dfec173cc4] PUP.Optional.Privoxy, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{68DE6ED9-20DD-42B1-B4F9-4638BBA5C3E4}|Path, \Security Defrag, , [8221c03d93060333eebb6c89788b10f0] PUP.Optional.Privoxy, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A3B4E5F2-609D-418C-8BB5-231A2158E4A3}|Path, \Gamma Task Menager Worker, , [643f26d7a3f661d5c3f46e5117ebae52] PUP.Optional.Privoxy, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F7345E0F-0521-4BBF-BC33-7EA3053A043B}|Path, \Gamma Task Menager Worker, , [346fcc31633615214e6915aaa55dfc04] PUP.Optional.Privoxy, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PRIVOXYSERVICE|ImagePath, "C:\Program Files (x86)\Gamma Task Menager\privoxy.exe" --service, , [6e35ed10cacf88aef3b32185ab5840c0] PUM.Optional.ProxyHijacker, HKU\S-1-5-21-4125750833-1635105260-2843386978-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, 127.0.0.1:8118, , [c2e19f5e9efb4de9c9f26760ec1708f8] Registry Data: 0 (No malicious items detected) Folders: 2 PUP.Optional.Privoxy.PrxySvrRST, C:\Program Files (x86)\Gamma Task Menager, , [a4ff02fb8118a78f7fd9acf60002c33d], PUP.Optional.Privoxy, C:\Users\User\AppData\Roaming\Security Defrag, , [93104ab37722f046cabbf9c6fe047d83], Files: 15 Backdoor.Agent.WD, C:\Users\User\AppData\Local\Temp\GPUpd575DF9F40.exe, , [277c42bb2970ab8b8698cb4e16ea966a], Backdoor.Agent.WD, C:\Users\User\AppData\Local\Temp\GPUpd5762CF740.exe, , [198a84794b4ed75f3ee0ef2a38c8a55b], PUP.Optional.Privoxy, C:\Windows\System32\Tasks\Gamma Task Menager Worker, , [b6ed7c811089f1459d07f5b110f319e7], PUP.Optional.CrossRider, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage, , [356e15e8049585b1a50eb52a6c975aa6], PUP.Optional.CrossRider, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal, , [bde6db2231683afcc0f399462cd748b8], PUP.Optional.Privoxy, C:\Windows\System32\Tasks\Security Defrag, , [a8fbde1f0c8db5818d1810e5ae55a45c], PUP.Optional.Privoxy, C:\Windows\System32\Tasks\Security Defrag Logon, , [cdd655a8346578be4b5a4aab3fc4847c], PUP.Optional.Privoxy, C:\Program Files (x86)\Gamma Task Menager\privoxy.exe, , [6e35ed10cacf88aef3b32185ab5840c0], PUP.Optional.Privoxy.PrxySvrRST, C:\Program Files (x86)\Gamma Task Menager\config.txt, , [a4ff02fb8118a78f7fd9acf60002c33d], PUP.Optional.Privoxy.PrxySvrRST, C:\Program Files (x86)\Gamma Task Menager\default.action, , [a4ff02fb8118a78f7fd9acf60002c33d], PUP.Optional.Privoxy.PrxySvrRST, C:\Program Files (x86)\Gamma Task Menager\default.filter, , [a4ff02fb8118a78f7fd9acf60002c33d], PUP.Optional.Privoxy.PrxySvrRST, C:\Program Files (x86)\Gamma Task Menager\gtrsecure.exe, , [a4ff02fb8118a78f7fd9acf60002c33d], PUP.Optional.Privoxy.PrxySvrRST, C:\Program Files (x86)\Gamma Task Menager\mgwz.dll, , [a4ff02fb8118a78f7fd9acf60002c33d], PUP.Optional.Privoxy.PrxySvrRST, C:\Program Files (x86)\Gamma Task Menager\privoxy.log, , [a4ff02fb8118a78f7fd9acf60002c33d], PUP.Optional.Privoxy, C:\Users\User\AppData\Roaming\Security Defrag\Security Defrag.exe, , [93104ab37722f046cabbf9c6fe047d83], Physical Sectors: 0 (No malicious items detected) (end) I didn't remove any of them, awaiting directions further.

Hello, I've been having some issues. There are numerous viruses that have been infected on my computer that continue to return even after attempting to return them. I'm not really sure how to go about working on it. I'm attaching the logs. Thanks in advance! Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-06-2016 01 Ran by User (administrator) on MR-MERPS-ALOT (13-06-2016 12:29:17) Running from C:\Users\User\Desktop Loaded Profiles: User & (Available Profiles: User) Platform: Windows 10 Home Version 1511 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (MSI) C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe (Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (The Privoxy team - www.privoxy.org) C:\Program Files (x86)\Gamma Task Menager\privoxy.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe (Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (MSI) C:\Program Files (x86)\SCM\Radio Manager.exe (MSI) C:\Program Files (x86)\SCM\SCM.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (MSI) C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\bcastdvr.exe (iSkySoft) C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Microsoft Corporation) C:\Windows\SysWOW64\GamePanel.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqbam08.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqgpc01.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation) HKLM\...\Run: [Radio Manager] => C:\Program Files (x86)\SCM\Radio Manager.exe [406920 2014-04-28] (MSI) HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [406016 2014-04-28] (MSI) HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64 HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [402344 2016-01-25] () HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3929288 2015-07-30] (Synaptics Incorporated) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.) HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2013-08-16] (Creative Technology Ltd) HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.) HKLM-x32\...\Run: [SUPER CHARGER] => C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe [1047536 2014-02-21] (MSI) HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2080768 2014-09-11] (iSkySoft) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-05-19] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [814608 2016-05-14] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Denzi] => C:\Program Files (x86)\Denzi\Launcher.bat --wait Winlogon\Notify\igfxcui: igfxdev.dll [X] HKU\S-1-5-21-4125750833-1635105260-2843386978-1002\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [87040 2014-06-26] (SteelSeries ApS) HKU\S-1-5-21-4125750833-1635105260-2843386978-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd) HKU\S-1-5-21-4125750833-1635105260-2843386978-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [87040 2014-06-26] (SteelSeries ApS) HKU\S-1-5-21-4125750833-1635105260-2843386978-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-06-21] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2014-08-28] ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{4692B750-DE88-4DCF-9163-745AF5604B24}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC) Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk [2015-11-25] ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\User\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [S-1-5-21-4125750833-1635105260-2843386978-1002] => Proxy is enabled. ProxyServer: [S-1-5-21-4125750833-1635105260-2843386978-1002] => 127.0.0.1:8118 ProxyEnable: [S-1-5-21-4125750833-1635105260-2843386978-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => Proxy is enabled. ProxyServer: [S-1-5-21-4125750833-1635105260-2843386978-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => 127.0.0.1:8118 Tcpip\Parameters: [DhcpNameServer] 10.0.1.1 Tcpip\..\Interfaces\{1c19726d-571f-4785-ad48-ec4a18dad0aa}: [DhcpNameServer] 10.0.1.1 ManualProxies: Internet Explorer: ================== SearchScopes: HKU\S-1-5-21-4125750833-1635105260-2843386978-1002 -> DefaultScope {4A9E3757-8EE9-46AF-B120-2508CF31401E} URL = SearchScopes: HKU\S-1-5-21-4125750833-1635105260-2843386978-1002 -> {4A9E3757-8EE9-46AF-B120-2508CF31401E} URL = SearchScopes: HKU\S-1-5-21-4125750833-1635105260-2843386978-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {4A9E3757-8EE9-46AF-B120-2508CF31401E} URL = SearchScopes: HKU\S-1-5-21-4125750833-1635105260-2843386978-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {4A9E3757-8EE9-46AF-B120-2508CF31401E} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-04-12] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-05] (Oracle Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-05] (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-05] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-05] (Oracle Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\EasyVoice\data\skype4com.dll No File FireFox: ======== FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\27slqnmy.default FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-05] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-05] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll [2015-10-04] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-05] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-05] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-02-20] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-01-10] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-04-27] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-04-27] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin HKU\S-1-5-21-4125750833-1635105260-2843386978-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-09-02] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-4125750833-1635105260-2843386978-1002: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin HKU\S-1-5-21-4125750833-1635105260-2843386978-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-09-02] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-4125750833-1635105260-2843386978-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Extension: Avira Browser Safety - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\27slqnmy.default\Extensions\abs@avira.com [2016-06-11] FF Extension: Firefox Hotfix: Fix the migration to clear passwords on shutdown - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\27slqnmy.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-06-11] FF HKU\S-1-5-21-4125750833-1635105260-2843386978-1002\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found FF HKU\S-1-5-21-4125750833-1635105260-2843386978-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found Chrome: ======= CHR HomePage: Default -> hxxp://g.msn.com/USCON/1 CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23] CHR Extension: (MEGA) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2016-05-30] CHR Extension: (Google Cast) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-03-24] CHR Extension: (Blue Nebula - Full HD - Axlg) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpbfcgopniakghhkjcnnmpfdemapblij [2016-01-06] CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-03] CHR Extension: (Adblock for Youtube™) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2016-03-05] CHR Extension: (FLV Player) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhogabmliblgpadclikpkjfnnipeebjm [2015-11-18] CHR Extension: (MLG-ifier) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dneebgdgldanagagmfhnphjelnngdcai [2015-12-15] CHR Extension: (Ponyhoof) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\efjjgphedlaihnlgaibiaihhmhaejjdd [2016-04-03] CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (AdBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-03] CHR Extension: (Do It! Shia Labeouf (Super Pack)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\miagjfhahnjmnnmhdgelhmbpjgojfnok [2015-12-15] CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found> CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [970656 2016-05-14] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [467016 2016-05-14] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [467016 2016-05-14] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1435704 2016-05-14] (Avira Operations GmbH & Co. KG) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [285176 2016-05-19] (Avira Operations GmbH & Co. KG) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1362464 2016-03-22] () R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3009264 2016-05-17] (Microsoft Corporation) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-02] (NVIDIA Corporation) U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-03-14] (Hi-Rez Studios) [File not signed] R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed] R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation) R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373160 2016-01-25] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-09] (Intel Corporation) S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation) R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2014-04-28] (Micro-Star International Co., Ltd.) [File not signed] R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe [162800 2014-02-21] (MSI) R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation) R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation) R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] R2 PrivoxyService; C:\Program Files (x86)\Gamma Task Menager\privoxy.exe [371200 2016-06-12] (The Privoxy team - www.privoxy.org) [File not signed] <==== ATTENTION R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [344576 2014-04-17] (Qualcomm Atheros) [File not signed] R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-04] () R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2014-10-03] (CyberLink) R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation) R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [672024 2015-02-26] (Wacom Technology, Corp.) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128664 2016-03-08] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [146712 2016-05-14] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-30] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [78208 2016-05-14] (Avira Operations GmbH & Co. KG) R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [82608 2014-04-10] (Qualcomm Atheros, Inc.) S3 EagleX64; C:\WINDOWS\system32\drivers\EagleX64.sys [174728 2015-09-13] (AhnLab, Inc.) S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2016-05-04] (LogMeIn Inc.) R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [263952 2016-01-25] (Intel Corporation) S3 Ke2200; C:\Windows\System32\drivers\e22w8x64.sys [130224 2014-03-27] (Qualcomm Atheros, Inc.) R3 KillerEth; C:\Windows\System32\drivers\e2xw10x64.sys [170128 2016-02-05] (Qualcomm Atheros, Inc.) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation) R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3485696 2015-10-30] (Intel Corporation) R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\SUPER CHARGER\NTIOLib_X64.sys [13368 2012-10-25] (MSI) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation) R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [444632 2014-08-26] (Realsil Semiconductor Corporation) S3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-12-30] (Razer Inc) S3 rzmpos; C:\Windows\System32\drivers\rzmpos.sys [35496 2014-12-30] (Razer Inc) R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-04] (Razer, Inc.) R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2015-03-03] (Razer, Inc.) S3 SAlphamBth; C:\Windows\System32\drivers\SAlphabt64.sys [31232 2014-05-16] (SteelSeries Corporation) [File not signed] S3 SAlphamHid; C:\Windows\System32\drivers\SAlpham64.sys [39168 2014-05-27] (SteelSeries Corporation) R3 SAlphaPS2; C:\Windows\System32\drivers\SAlphaPS264.sys [27520 2014-05-16] (SteelSeries Corporation) R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29936 2014-08-26] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-30] (Synaptics Incorporated) R3 VBAudioVACMME; C:\Windows\system32\DRIVERS\vbaudio_cable64_win7.sys [41192 2015-03-16] (Windows (R) Win 7 DDK provider) R3 vjoy; C:\Windows\System32\drivers\vjoy.sys [56440 2016-02-03] (Shaul Eizikovich) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) R3 WINIO; C:\Program Files (x86)\MSI\Dragon Gaming Center\winio64.sys [15160 2010-06-07] () R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-07-10] (Intel Corporation) S4 NVHDA; \SystemRoot\system32\drivers\nvhda64v.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-06-13 12:29 - 2016-06-13 12:30 - 00030785 _____ C:\Users\User\Desktop\FRST.txt 2016-06-13 12:29 - 2016-06-13 12:29 - 00000000 ____D C:\FRST 2016-06-13 12:28 - 2016-06-13 12:29 - 02385408 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe 2016-06-12 20:10 - 2016-06-12 20:10 - 00000000 ____D C:\Program Files (x86)\Gamma Task Menager 2016-06-11 20:10 - 2016-06-11 20:10 - 00000000 ____D C:\Users\User\AppData\Local\CrashRpt 2016-06-11 12:57 - 2016-06-11 12:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2016-06-11 12:56 - 2016-06-11 12:57 - 00000000 ____D C:\Program Files\iTunes 2016-06-11 12:56 - 2016-06-11 12:56 - 00000000 ____D C:\Program Files\iPod 2016-06-11 12:56 - 2016-06-11 12:56 - 00000000 ____D C:\Program Files (x86)\iTunes 2016-06-11 01:31 - 2016-06-11 01:31 - 06858912 _____ (ESET spol. s r.o.) C:\Users\User\Downloads\esetonlinescanner_enu (1).exe 2016-06-11 01:28 - 2016-06-11 01:28 - 00000000 ____D C:\Users\User\AppData\Local\ESET 2016-06-11 01:27 - 2016-06-11 01:28 - 06858912 _____ (ESET spol. s r.o.) C:\Users\User\Downloads\esetonlinescanner_enu.exe 2016-06-11 00:39 - 2016-06-11 00:44 - 00000000 ____D C:\AdwCleaner 2016-06-11 00:11 - 2016-06-11 01:08 - 00000000 ____D C:\Program Files\UbutjijokewbenUn 2016-06-11 00:11 - 2016-06-11 01:08 - 00000000 ____D C:\Program Files\Ubutjijokewben 2016-06-11 00:11 - 2016-06-11 00:11 - 00000000 ____D C:\Users\User\AppData\Local\Tempfolder 2016-06-11 00:08 - 2016-06-11 00:08 - 00003750 _____ C:\WINDOWS\System32\Tasks\Security Defrag 2016-06-11 00:08 - 2016-06-11 00:08 - 00003424 _____ C:\WINDOWS\System32\Tasks\Security Defrag Logon 2016-06-11 00:08 - 2016-06-11 00:08 - 00000000 ____D C:\Users\User\AppData\Roaming\Security Defrag 2016-06-09 15:19 - 2016-06-11 00:32 - 00000000 ____D C:\Users\User\AppData\Roaming\discord 2016-06-09 15:19 - 2016-06-09 15:20 - 00000000 ____D C:\Users\User\AppData\Local\SquirrelTemp 2016-06-09 15:19 - 2016-06-09 15:19 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc 2016-06-09 15:19 - 2016-06-09 15:19 - 00000000 ____D C:\Users\User\AppData\Local\Discord 2016-06-06 20:40 - 2016-06-07 12:25 - 00000000 ____D C:\Users\User\AppData\Roaming\com.datenighto.game.hustlecat 2016-06-06 20:40 - 2016-06-06 20:40 - 00000000 ____D C:\Users\User\AppData\Local\Hustle Cat 2016-05-30 13:48 - 2016-05-30 13:48 - 00000149 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\New Online Games.url 2016-05-30 13:48 - 2016-05-30 13:48 - 00000133 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games for Free!.url 2016-05-21 19:05 - 2016-05-29 02:13 - 00000518 _____ C:\Users\User\Documents\Animal List.ini 2016-05-17 22:55 - 2016-05-22 03:17 - 00004932 _____ C:\Users\User\Documents\Naivira Vandlind.ini 2016-05-17 19:54 - 2016-05-17 19:54 - 00001063 _____ C:\Users\User\Documents\D&D Template.ini 2016-05-17 19:51 - 2016-05-17 19:55 - 00000000 ____D C:\Users\User\AppData\Roaming\Notepad++ 2016-05-17 19:51 - 2016-05-17 19:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ 2016-05-17 19:51 - 2016-05-17 19:51 - 00000000 ____D C:\Program Files (x86)\Notepad++ ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-06-13 12:24 - 2014-12-25 13:46 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps 2016-06-13 12:17 - 2014-12-25 12:10 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-06-13 12:05 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps 2016-06-13 12:05 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-06-13 11:43 - 2015-09-02 23:56 - 00004142 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DB5CF239-1837-4BE4-9799-9A3E848B2D99} 2016-06-13 11:40 - 2016-02-25 02:44 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2016-06-13 11:40 - 2015-07-07 14:19 - 00000000 __SHD C:\Users\User\IntelGraphicsProfiles 2016-06-13 11:40 - 2014-12-25 12:10 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-06-12 20:59 - 2015-03-08 21:29 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-06-12 20:55 - 2016-05-04 17:53 - 00000000 ____D C:\Program Files (x86)\Battle.net 2016-06-12 20:55 - 2015-07-29 17:27 - 00000000 ____D C:\Users\User\AppData\Local\Battle.net 2016-06-12 19:45 - 2015-09-11 20:14 - 00000000 ____D C:\Users\User\AppData\Local\osu! 2016-06-12 13:58 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF 2016-06-12 13:58 - 2015-07-30 21:20 - 00881036 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-06-12 13:35 - 2016-02-10 15:47 - 00000000 ____D C:\Users\User\AppData\Roaming\DS4Windows 2016-06-12 13:34 - 2014-12-26 12:29 - 00000000 ____D C:\PaintToolSAI 2016-06-12 13:32 - 2015-01-14 19:14 - 00000000 ___RD C:\Users\User\Desktop\Gaming 2016-06-11 14:12 - 2015-12-01 21:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-06-11 13:12 - 2015-01-14 19:14 - 00000000 ___RD C:\Users\User\Desktop\Drawing Tools 2016-06-11 13:12 - 2015-01-14 19:14 - 00000000 ___RD C:\Users\User\Desktop\Desktop Items 2016-06-11 12:56 - 2015-03-28 18:45 - 00000000 ____D C:\Program Files\Common Files\Apple 2016-06-11 01:10 - 2016-02-25 03:05 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-06-11 01:10 - 2016-02-25 02:42 - 00000000 ____D C:\ProgramData\NVIDIA 2016-06-11 01:09 - 2015-10-30 03:24 - 00000000 __RSD C:\WINDOWS\Media 2016-06-11 01:09 - 2015-10-30 02:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2016-06-11 01:05 - 2014-12-19 18:17 - 00000000 ____D C:\Users\User\AppData\Local\Packages 2016-06-11 00:48 - 2014-08-28 11:07 - 00000000 ____D C:\ProgramData\Package Cache 2016-06-10 16:27 - 2015-09-17 17:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2016-06-09 18:47 - 2014-12-25 13:50 - 00000000 ____D C:\Program Files (x86)\Steam 2016-06-09 15:19 - 2014-12-25 15:16 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype 2016-06-08 18:02 - 2016-03-10 20:51 - 00000000 ____D C:\Users\User\AppData\Local\Pokemon Showdown 2016-06-08 17:23 - 2014-12-25 12:10 - 00002282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-06-07 20:53 - 2016-05-05 15:15 - 00000000 ____D C:\Program Files (x86)\Overwatch 2016-06-04 13:40 - 2015-11-17 22:59 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2016-05-29 00:33 - 2015-10-30 03:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-05-29 00:32 - 2015-02-10 22:10 - 00000000 ____D C:\Program Files\Microsoft Office 15 2016-05-22 16:08 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-05-20 17:33 - 2015-09-03 19:18 - 00000000 ____D C:\Users\User\AppData\Local\LogMeIn Hamachi 2016-05-14 16:40 - 2015-09-17 17:42 - 00146712 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2016-05-14 16:40 - 2015-09-17 17:42 - 00078208 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys 2016-05-14 14:03 - 2015-07-30 21:39 - 00002374 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-05-14 14:03 - 2014-12-25 12:25 - 00000000 ___RD C:\Users\User\OneDrive ==================== Files in the root of some directories ======= 2015-06-21 11:28 - 2015-06-21 11:28 - 0000033 _____ () C:\Users\User\AppData\Roaming\AdobeWLCMCache.dat 2015-06-21 19:28 - 2015-09-18 18:05 - 0001898 _____ () C:\ProgramData\hpzinstall.log Some files in TEMP: ==================== C:\Users\User\AppData\Local\Temp\avgnt.exe C:\Users\User\AppData\Local\Temp\GPUpd575C44160.exe C:\Users\User\AppData\Local\Temp\GPUpd575CA8740.exe C:\Users\User\AppData\Local\Temp\GPUpd575DF9F40.exe C:\Users\User\AppData\Local\Temp\GPUpd575ED46F0.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-06-03 19:25 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version:12-06-2016 01 Ran by User (2016-06-13 12:30:34) Running from C:\Users\User\Desktop Windows 10 Home Version 1511 (X64) (2016-02-25 07:12:44) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4125750833-1635105260-2843386978-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-4125750833-1635105260-2843386978-503 - Limited - Disabled) Guest (S-1-5-21-4125750833-1635105260-2843386978-501 - Limited - Disabled) User (S-1-5-21-4125750833-1635105260-2843386978-1002 - Administrator - Enabled) => C:\Users\User ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated) Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.3.183.90 - Adobe Systems Incorporated) Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated) AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.17.273 - Avira Operations GmbH & Co. KG) Avira Launcher (HKLM-x32\...\{761cd2c4-5249-4346-8318-a499d06d2681}) (Version: 1.1.63.21885 - Avira Operations GmbH & Co. KG) Avira Launcher (x32 Version: 1.1.63.21885 - Avira Operations GmbH & Co. KG) Hidden Battery Calibration (HKLM-x32\...\{619FA785-489B-4D22-911F-82D6EDF5BDB0}) (Version: 1.0.1405.0701 - Micro-Star International Co., Ltd.) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Boot Configure (HKLM-x32\...\{AB72B3BB-A389-4F62-86EE-C08326B4BE60}) (Version: 20.014.05233 - Micro-Star International Co., Ltd.) Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software) BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden BurnRecovery (HKLM-x32\...\{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}) (Version: 4.0.1402.2601 - ) C7200 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden C7200_Help (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform) Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve) CyberLink PowerDirector 13 (HKLM-x32\...\{BA385AFC-00B1-417C-8C20-74B996EF3AF0}) (Version: 13.0.2907.0 - CyberLink Corp.) CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5509.52 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dead Island (HKLM\...\Steam App 91310) (Version: - Techland) Dead Island Riptide (HKLM\...\Steam App 216250) (Version: - Techland) Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden Discord (HKU\S-1-5-21-4125750833-1635105260-2843386978-1002\...\Discord) (Version: 0.0.291 - Hammer & Chisel, Inc.) Discord (HKU\S-1-5-21-4125750833-1635105260-2843386978-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Discord) (Version: 0.0.291 - Hammer & Chisel, Inc.) DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden Dragon Gaming Center (HKLM-x32\...\InstallShield_{965B16C7-0778-4C45-B7D1-83A59E6FBBCB}) (Version: 1.0.1405.1201 - Micro-Star International Co., Ltd.) Dragon Gaming Center (x32 Version: 1.0.1405.1201 - Micro-Star International Co., Ltd.) Hidden Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden Fotogalerie (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Galeria de Fotos (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Galería de fotos (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Galerie de photos (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.) Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version: - Rockstar North) Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios) HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP) HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife) HP Photosmart All-In-One Driver Software (HKLM\...\{A96C5DB7-40F9-46DD-B36F-9E657D1D9E04}) (Version: 14.0 - HP) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4170 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1414.3) (HKLM\...\{302600C1-6BDF-4FD1-1403-148929CC1385}) (Version: 17.0.1403.0442 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation) Intel(R) Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{85b9d34f-7397-4e39-8600-07942ef6ca04}) (Version: 17.0.5 - Intel Corporation) iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.) Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation) Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation) KB9X Radio Switch Driver (HKLM\...\5AADE1068CF70DD983F763B20CF2CAAB72883915) (Version: 1.1.0.0 - ENE TECHNOLOGY INC.) Killer is Dead (HKLM\...\Steam App 261110) (Version: - KADOKAWA GAMES / GRASSHOPPER MANUFACTURE) Lernout & Hauspie TruVoice American English TTS Engine (HKLM-x32\...\tv_enua) (Version: - ) MAGIX MX Suite (HKLM-x32\...\MAGIX_{43136332-880B-458A-966C-900C18752B66}) (Version: 1.13.0.121 - MAGIX AG) MAGIX MX Suite (Version: 1.13.0.121 - MAGIX AG) Hidden MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4823.1004 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Minecraft (HKLM-x32\...\{63227E62-F417-497E-9060-22B3A9A52D7A}) (Version: 1.0.1.0 - Mojang) Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0 - Mozilla) MSI Remind Manager (HKLM-x32\...\InstallShield_{3E23F267-3E35-40F9-B6BF-BC034D214717}) (Version: 1.0.1404.1101 - Micro-Star International Co., Ltd.) MSI Remind Manager (x32 Version: 1.0.1404.1101 - Micro-Star International Co., Ltd.) Hidden MSI Social Media Collection (HKLM-x32\...\{7ADEC426-BE95-48EF-84D4-086BD0F4D331}) (Version: 1.14.2251 - Micro-Star International Co., Ltd.) Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue) NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version: - ) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.1 - Notepad++ Team) NVIDIA 3D Vision Driver 365.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 365.10 - NVIDIA Corporation) NVIDIA GeForce Experience 2.11.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.3.5 - NVIDIA Corporation) NVIDIA Graphics Driver 365.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 365.10 - NVIDIA Corporation) NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4823.1004 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4823.1004 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4823.1004 - Microsoft Corporation) Hidden osu! (HKLM-x32\...\{f28371b8-c100-49fa-9c96-0a394eb684dc}) (Version: latest - ppy Pty Ltd) Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment) PaintTool SAI Ver.1 (HKLM-x32\...\PaintToolSAI) (Version: - ) PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.) Pokemon Showdown (HKLM-x32\...\Pokemon Showdown) (Version: - "Pokemon Showdown") Portal (HKLM-x32\...\Steam App 400) (Version: - Valve) PS_AIO_02_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden PS_AIO_02_Software (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden PS_AIO_02_Software_Min (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.1.42.1045 - Qualcomm Atheros) Hidden Qualcomm Atheros Killer E220x Drivers (Version: 1.1.42.1045 - Qualcomm Atheros) Hidden Qualcomm Atheros Network Manager (Version: 1.1.42.1045 - Qualcomm Atheros) Hidden Qualcomm Atheros Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.42.1045 - Qualcomm Atheros) QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements) QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.21243 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.) Remember Me (HKLM\...\Steam App 228300) (Version: - DONTNOD Entertainment) Risen (HKLM\...\Steam App 40300) (Version: - Piranha Bytes) Risen 2 - Dark Waters (HKLM\...\Steam App 40390) (Version: - Piranha Bytes) Rocket League (HKLM-x32\...\Steam App 252950) (Version: - Psyonix) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.7.8 - Rockstar Games) Sacred 3 (HKLM\...\Steam App 247950) (Version: - Keen Games) Saints Row 2 (HKLM\...\Steam App 9480) (Version: - Volition) Saints Row: The Third (HKLM\...\Steam App 55230) (Version: - Volition) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.) Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden SCM (HKLM\...\{F96B2B83-A1B3-46FB-8322-52BE9F270CBF}) (Version: 13.014.04288 - Application) SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.11.3.5 - NVIDIA Corporation) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP) Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.) SMITE (HKLM-x32\...\Steam App 386360) (Version: - Hi-Rez Studios) SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden Sound Blaster Cinema (HKLM-x32\...\{8801CA65-921A-4CCC-9D63-879D1D0BAA97}) (Version: 1.00.05 - Creative Technology Limited) Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) SteelSeries Engine (HKLM\...\SteelSeries Engine) (Version: 2.8.450.22786 - SteelSeries) SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.6.1 - Synaptics Incorporated) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer) Tom Clancy's Rainbow Six Siege (HKLM\...\Steam App 359550) (Version: - Ubisoft Montreal) Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden Undertale (HKLM-x32\...\Steam App 391540) (Version: - tobyfox) Unity Web Player (HKU\S-1-5-21-4125750833-1635105260-2843386978-1002\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS) Unity Web Player (HKU\S-1-5-21-4125750833-1635105260-2843386978-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS) Uplay (HKLM-x32\...\Uplay) (Version: 18.1 - Ubisoft) VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version: - VB-Audio Software) Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{3D355D7F-004B-4D8B-9AAC-E1B4F8F7A6E7}) (Version: 2.15.0508 - Samsung Electronics Co., Ltd.) Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{9E835F39-6633-4D1C-92CC-006F4D2F5E08}) (Version: 2.15.1001 - Samsung Electronics Co., Ltd.) Vindictus (HKLM-x32\...\Steam App 212160) (Version: - Nexon) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Vulkan Run Time Libraries 1.0.8.1 (HKLM\...\VulkanRT1.0.8.1) (Version: 1.0.8.1 - LunarG, Inc.) Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.11-4 - Wacom Technology Corp.) WebM Project Directshow Filters (HKU\S-1-5-21-4125750833-1635105260-2843386978-1002\...\webmdshow) (Version: - ) WebM Project Directshow Filters (HKU\S-1-5-21-4125750833-1635105260-2843386978-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\webmdshow) (Version: - ) WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.) WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation) WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) フォト ギャラリー (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden معرض الصور (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden 사진 갤러리 (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden 影像中心 (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden 照片库 (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-4125750833-1635105260-2843386978-1002_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-A53DA100DCA5}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File CustomCLSID: HKU\S-1-5-21-4125750833-1635105260-2843386978-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0D3990B1-3ED3-488B-91DB-1A4047AD4B13} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {105E816B-C658-46BF-BCBC-0D32EB2DAD16} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) Task: {2AB05C58-06D5-49A7-8B72-D1E12C35A1D3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {2ACEB09F-D926-4C1A-8902-7C7F8C3BCB21} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) Task: {3161DD3E-57D6-4BAD-B0D1-10F58D1578C0} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {35A48EAE-865D-498D-988A-CF62D66EC38B} - System32\Tasks\Security Defrag Logon => C:\Users\User\AppData\Roaming\Security Defrag\Security Defrag.exe [2016-06-11] () Task: {37F3218C-18F7-4D82-ACC8-9E3E944719C9} - System32\Tasks\{FFCC9D63-EAE0-453E-81A7-5EA51047CC96} => Chrome.exe hxxp://ui.skype.com/ui/0/7.18.0.112/en/abandoninstall?page=tsMain Task: {37F8F35E-3063-468F-A38A-7760116A5A29} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe Task: {448E56E2-66EA-424D-84D9-57609DB7DD19} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {4BC453FF-DAB4-43B1-BA33-B6E47D6921E6} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe Task: {5F1D8331-000A-4921-AF35-7238F8899193} - System32\Tasks\{B1446394-71F7-4AD0-8879-C090F492125E} => pcalua.exe -a "C:\Program Files (x86)\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe" -c uninstall=all Task: {68DE6ED9-20DD-42B1-B4F9-4638BBA5C3E4} - System32\Tasks\Security Defrag => C:\Users\User\AppData\Roaming\Security Defrag\Security Defrag.exe [2016-06-11] () <==== ATTENTION Task: {7164677A-2FCF-4C4A-9A3A-92CB6ACA7705} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation) Task: {7479A9FA-66D7-4455-94DC-3A94DB7BE2F7} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {7D2CA214-E484-4617-A422-66D9E21E5852} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-04-12] (Microsoft Corporation) Task: {82CFB18F-C6D7-4933-93C4-4D9021F3159E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {890165D5-EAE0-4AC6-896E-A3BCCE4936D2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {8CC44243-06E1-454E-AC3F-8A4A4CA779BD} - System32\Tasks\MSI_Dragon Gaming Center => C:\Program Files (x86)\MSI\Dragon Gaming Center\mDispatch.exe [2014-01-23] (TODO: <公司名稱>) Task: {95438A44-06FB-4601-8945-73EB8BD70FFF} - System32\Tasks\MSI_Reminder => C:\Program Files (x86)\MSI\MSI Remind Manager\MSI Reminder.exe [2014-04-09] () Task: {9F0BE4B8-3D1C-49E3-A9B8-B13548F328E9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {A3B4E5F2-609D-418C-8BB5-231A2158E4A3} - \Gamma Task Menager Worker -> No File <==== ATTENTION Task: {A4F64FB7-FAAA-45DA-B8C5-5CF1547915F7} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation) Task: {A8A3C5EE-837E-4E94-8C85-82670737A8D6} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-07-30] (Synaptics Incorporated) Task: {B882D647-D46D-4C9D-856C-B858249BAC66} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {B981112C-FF7D-4A30-957D-B76C8F2B1679} - \e02c4bd5-54d5-4470-9ea0-a68d88112c00 -> No File <==== ATTENTION Task: {BAB39135-D58F-487F-BE5A-D540D5889124} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd) Task: {C858C6E0-BD35-4600-BC9D-B888C6205F0F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {CA9DDB6F-69C5-4336-BBF1-28C9A1D65B2A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {D69994CD-C16E-4628-A844-ECAB8FA35572} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation) Task: {DCBD1144-E436-44EA-A494-6FFF5F6B204D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation) Task: {DEEB369C-5C21-47D6-AF42-5DC2467B1E16} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-10] (Microsoft Corporation) Task: {E472F541-5C64-466C-8FF4-818DD3D93271} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-xxneontigerxx@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe Task: {EAF5AA72-6202-48C8-89C6-EEAFD41FA044} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe Task: C:\WINDOWS\Tasks\WebReg HP Photosmart C7200 series.job => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwrg.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\FLV Player.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=dhogabmliblgpadclikpkjfnnipeebjm ==================== Loaded Modules (Whitelisted) ============== 2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2015-02-10 22:10 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2015-02-04 19:24 - 2015-02-04 19:25 - 00187072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe 2016-03-23 15:39 - 2016-05-02 01:54 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll 2016-02-04 17:16 - 2016-05-02 01:55 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll 2016-04-17 01:16 - 2016-05-02 01:54 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll 2016-03-23 15:39 - 2016-05-02 01:55 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll 2016-04-17 01:16 - 2016-05-02 01:55 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll 2016-04-17 01:16 - 2016-05-02 01:55 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll 2016-04-17 01:16 - 2016-05-02 01:55 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll 2016-02-04 17:16 - 2016-05-02 01:55 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll 2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-02-25 02:42 - 2016-04-27 08:18 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-12-26 12:46 - 2015-02-26 18:16 - 01356568 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll 2016-04-12 21:36 - 2016-03-29 06:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-04-12 21:36 - 2016-03-29 06:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-05-14 14:03 - 2016-05-14 14:03 - 00959168 _____ () C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll 2015-10-27 18:18 - 2015-09-01 12:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2016-01-25 13:13 - 2016-01-25 13:13 - 00402344 _____ () C:\WINDOWS\system32\igfxTray.exe 2016-02-25 05:32 - 2016-02-25 05:32 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-05-10 15:41 - 2016-04-23 00:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-05-10 15:41 - 2016-04-23 00:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-05-10 15:41 - 2016-04-22 23:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-05-10 15:42 - 2016-04-22 23:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-05-10 15:42 - 2016-04-23 00:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2014-08-28 11:18 - 2012-11-01 14:23 - 00089600 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL 2014-08-28 11:18 - 2012-11-01 14:21 - 00325120 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL 2014-06-26 14:39 - 2014-06-26 14:39 - 00504832 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineLib.dll 2014-06-26 14:39 - 2014-06-26 14:39 - 09315328 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineWinGui.dll 2014-06-26 14:39 - 2014-06-26 14:39 - 00015872 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\Localization.dll 2014-06-26 14:39 - 2014-06-26 14:39 - 00011264 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\ISSPlugin.dll 2014-06-26 14:39 - 2014-06-26 14:39 - 00011264 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\Utilities.dll 2014-06-26 14:39 - 2014-06-26 14:39 - 00115200 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DriverCommunication.dll 2014-05-16 11:57 - 2014-05-16 11:57 - 00047616 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesDrivers\x2api.dll 2014-06-26 14:39 - 2014-06-26 14:39 - 00034304 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DBUtils.dll 2014-05-16 11:57 - 2014-05-16 11:57 - 01102336 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\System.Data.SQLite.dll 2014-06-26 14:39 - 2014-06-26 14:39 - 00189440 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\MousePlugin.dll 2014-06-26 14:39 - 2014-06-26 14:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\D3MousePlugin.dll 2014-06-26 14:39 - 2014-06-26 14:39 - 00031744 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\KKMousePlugin.dll 2014-06-26 14:39 - 2014-06-26 14:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SRawPlugin.dll 2014-06-26 14:39 - 2014-06-26 14:39 - 00159744 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\MLGSenseiPlugin.dll 2014-06-26 14:39 - 2014-06-26 14:39 - 00020992 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoWGoldPlugin.dll 2014-06-26 14:39 - 2014-06-26 14:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\GW2MousePlugin.dll 2014-06-26 14:39 - 2014-06-26 14:39 - 00029696 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CSGOMousePlugin.dll 2014-06-26 14:39 - 2014-06-26 14:39 - 00030208 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DOTA2MousePlugin.dll 2014-06-26 14:39 - 2014-06-26 14:39 - 00023040 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoWWirelessPlugin.dll 2014-06-26 14:39 - 2014-06-26 14:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CODMousePlugin.dll 2014-06-26 14:39 - 2014-06-26 14:39 - 00030208 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoTMousePlugin.dll 2014-04-17 14:02 - 2014-04-17 14:02 - 00300544 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe 2016-04-17 01:16 - 2016-05-02 01:54 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll 2016-04-17 01:16 - 2016-05-02 01:54 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll 2014-01-22 13:44 - 2014-01-22 13:44 - 00075912 _____ () C:\Program Files (x86)\MSI\Dragon Gaming Center\WinIo64.dll 2014-08-28 10:55 - 2013-12-09 18:26 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2016-06-12 20:10 - 2016-06-12 20:10 - 00086528 _____ () C:\Program Files (x86)\Gamma Task Menager\mgwz.dll 2015-03-30 19:45 - 2016-05-02 02:02 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2016-06-08 17:23 - 2016-06-03 21:56 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\libglesv2.dll 2016-06-08 17:23 - 2016-06-03 21:56 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\libegl.dll 2015-06-14 17:49 - 2014-09-11 18:58 - 01498112 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll 2015-06-14 17:49 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll 2015-10-30 03:18 - 2015-10-30 03:18 - 00025088 _____ () C:\Windows\SYSTEM32\GamePanelExternalHook.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4125750833-1635105260-2843386978-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\raven_bird_flying_smoke_black_white_92907_1920x1080.jpg HKU\S-1-5-21-4125750833-1635105260-2843386978-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\raven_bird_flying_smoke_black_white_92907_1920x1080.jpg DNS Servers: 10.0.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run32: => "Razer Synapse" HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager" HKU\S-1-5-21-4125750833-1635105260-2843386978-1002\...\StartupApproved\StartupFolder: => "Verizon Wireless Software Utility Application for Android – Samsung.lnk" HKU\S-1-5-21-4125750833-1635105260-2843386978-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "Verizon Wireless Software Utility Application for Android – Samsung.lnk" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{9898737C-1B7E-4142-9C54-3165718BD92B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe FirewallRules: [{2D6DA28A-0295-402A-8EC8-6AB50385A6E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe FirewallRules: [{8927F6D5-1C84-4441-909A-87069D4D2638}] => (Block) C:\users\user\appdata\local\temp\rar$exa0.474\megadownloader_ v1.21 pt-br.exe FirewallRules: [{0EB85468-698D-4648-AEED-DAB30B7998C6}] => (Block) C:\users\user\appdata\local\temp\rar$exa0.474\megadownloader_ v1.21 pt-br.exe FirewallRules: [UDP Query User{733161DA-010F-4F79-81B4-0CAA1F58F699}C:\users\user\appdata\local\temp\rar$exa0.474\megadownloader_ v1.21 pt-br.exe] => (Allow) C:\users\user\appdata\local\temp\rar$exa0.474\megadownloader_ v1.21 pt-br.exe FirewallRules: [TCP Query User{516E9383-6DF4-407A-A7E0-F4477E2251E1}C:\users\user\appdata\local\temp\rar$exa0.474\megadownloader_ v1.21 pt-br.exe] => (Allow) C:\users\user\appdata\local\temp\rar$exa0.474\megadownloader_ v1.21 pt-br.exe FirewallRules: [{7DD03EE3-DFC6-4CB9-B8C6-B6AFEA864C63}] => (Block) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe FirewallRules: [{6074F445-8684-4861-B023-831B59470861}] => (Block) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe FirewallRules: [UDP Query User{7139DC2A-B735-4A96-975A-61E3E45997F0}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe FirewallRules: [TCP Query User{09501175-141B-405B-9DA2-5B2DC3A795FE}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe FirewallRules: [{E565A15F-E835-484B-9348-DFAED0508968}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe FirewallRules: [{70289DBB-B746-41CD-B9C0-14CB774A61F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe FirewallRules: [{9132C523-B551-40BD-A200-4EA7BCD0A6A9}] => (Block) C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe FirewallRules: [{ADF65465-5D3D-4999-93F3-EDEAE1D22AE6}] => (Block) C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe FirewallRules: [UDP Query User{9AB360FA-E405-4BDA-B98C-94E2CE9847E5}C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe FirewallRules: [TCP Query User{5D37022E-C53B-4000-AD3F-BBB096CBDECB}C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe FirewallRules: [{3EA0F1D0-5EE8-41A2-BCE4-9E5AD18E18FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe FirewallRules: [{30107008-182B-4E30-A3B7-5BBBE42A3674}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe FirewallRules: [{3FCD8352-A684-4D64-8334-1867AC84304D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{68560C9F-4D85-4574-90D1-F8E625355BBC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{82328136-F543-4A8E-BA7B-1163433F76A9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{47C254E3-9925-4AE7-A2E4-A1A1D87EB790}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{4DC6E9C9-409A-41F4-B7E2-FDB6A8477B84}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe FirewallRules: [{DBB2DCA5-EFDE-4F98-AE66-D197B6117B21}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe FirewallRules: [{0C6070D6-A7BF-4F33-B7E1-78ECA86E3DBE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{002BD119-BB7E-4CE6-BF8D-B52BB683C621}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{18DF5BF0-60FF-4BA4-878C-9FA5DBB4476D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe FirewallRules: [{6EEAB761-75A3-44F1-9401-91F8C19CD693}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe FirewallRules: [{D8688F7C-712D-443C-B1C4-C8070147489F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{36B6CA12-CA51-46CB-A5EC-D4A4CC504CE6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [{74AC81F2-55CA-46C2-80BC-C5F0495C81DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{8D6B2440-4FAA-407E-BA9D-47292E8C75A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [{89ADEF39-4431-480B-A472-A04B7AB7F7C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe FirewallRules: [{7B2D6871-D414-4D7B-B813-B4A1AB72197A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe FirewallRules: [{B0372723-5691-4936-879C-5749AAA6B40E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{15F9E468-3F2A-409A-B298-58B4C00229C7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [{9DB411A1-5452-40A6-89ED-C1F14F58A815}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{0762E87F-1548-418F-A65B-8362FAC43E0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [{1D6C1C6E-A9E5-498C-9518-8A307A212F97}] => (Block) C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe FirewallRules: [{888EB34F-3824-421A-B9FF-EEE5C97CB329}] => (Block) C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe FirewallRules: [UDP Query User{8BCEE687-B4D7-4D8D-8BBC-5F4D938CC3BF}C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe FirewallRules: [TCP Query User{020D9272-3826-412C-AAC4-EE1E15F9446A}C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe FirewallRules: [{F9634785-00D9-41B9-A426-3D411057F114}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win32\HirezBridge.exe FirewallRules: [{66B306A3-7C6D-41D6-969E-BB41D62E59A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win32\HirezBridge.exe FirewallRules: [{0028750A-1C79-4782-A44C-57FF64589766}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{DFF0AE8F-3276-4727-A0B8-091063879E61}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{D0F43222-0FF3-4638-AD30-3C84651658F7}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{57349266-7595-41CF-88DF-368C3B7A10E5}] => (Allow) LPort=2869 FirewallRules: [{6CE0FF85-5F02-4553-8A14-75A9F366A987}] => (Allow) LPort=1900 FirewallRules: [{9BB3BD88-83F7-4B6E-B014-28803AC754FD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{90434298-4E96-459C-A148-F21B40962CBF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{A5F79E94-BC1F-4E1F-B04C-00DB0BEFD906}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{24C891BF-27AA-4914-8E30-0CB22B01D447}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe FirewallRules: [{6691C060-CDBE-4462-B901-209F9832323B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE FirewallRules: [{61BE2F39-D488-4746-8372-8054AFEB8087}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{2FD542E8-A4CC-43B9-8AB6-1EA006DAAF14}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{9F7E9E30-FAF3-4D0F-9F3B-2677AD88886E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{7C747DF0-157E-4E5C-8D22-F1E8D834AD96}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{96E0535B-772D-42C5-81FE-FE4B38943008}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{4BF4E79F-3ACD-48F8-B199-A007FC6A3E77}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [TCP Query User{5C56DA2E-EBCD-4800-B854-9D44CD8BF2A2}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{95BD733B-C443-4F1B-AC93-7DEB2ADD184F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{64CA08BE-0173-4DCB-9BF1-502E0251B90F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe FirewallRules: [{B124AC38-9F9B-4D6F-AE2D-BACDC9ACB9E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe FirewallRules: [{AE4E2CF5-99C6-454D-98F6-F9D2E9878512}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe FirewallRules: [{AD3700E3-B2BD-41F8-9EE0-8C3AD60317FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe FirewallRules: [TCP Query User{ED3E1FCB-93C5-411C-AFA4-76199949AEFF}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe FirewallRules: [UDP Query User{DE2B4B9A-82AF-41F5-AE75-7D349BA5B4A3}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe FirewallRules: [TCP Query User{93743F97-2EB4-45D5-A3FA-A2F79D681FCA}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{A9D9D300-1D6D-4507-9F79-9C2CCE5D72BD}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{8233ADDF-A57D-4E73-A517-953212F19E68}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{D9B843F1-B126-446B-A331-BBD506538923}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [{840637CC-ABF6-4E46-A8FD-F20150500B51}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe FirewallRules: [{382CC6FA-32C8-42D3-A2A6-6EF9930A3C40}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe FirewallRules: [{7B3209D4-E5CA-45F1-B7AB-12212A49C4CE}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe FirewallRules: [{B3F3948D-8858-4EB2-A865-B48B92C06189}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe FirewallRules: [{369EFCB3-338F-4B4D-ABE6-6FA0BD76B334}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe FirewallRules: [{AA814CD9-6088-4E00-81A5-9D4EC0A3874C}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe FirewallRules: [TCP Query User{BC44AEAB-313E-4BA8-B8AD-AC1E349B11C6}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Block) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe FirewallRules: [UDP Query User{F1C5484B-D2B2-4ECA-95E9-7DE74C25BDBA}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Block) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe FirewallRules: [{80B33AD8-B0E2-472F-97DF-AFA0E91820C4}] => (Allow) C:\Nexon\Library\vindictus\appdata\en-US\NMService.exe FirewallRules: [{61380DC2-D066-4053-BFA5-EAB29F6C6237}] => (Allow) C:\Nexon\Library\vindictus\appdata\en-US\NMService.exe FirewallRules: [TCP Query User{F84A5EC7-D7E6-4566-9D7D-5767A7EA9766}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{ADE49297-7A3F-4E01-904C-D4EE2E241478}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [{D39082BD-B61C-4978-BDC4-43FEC96D2725}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{BC1B5D2A-9704-46B0-A6A5-B7971065129C}] => (Allow) C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{95C9C5A1-B46A-4C8A-A4A1-463144FCF3C3}] => (Allow) C:\Users\User\AppData\Local\Warframe\Downloaded\Public\Warframe.exe FirewallRules: [{E145427E-E68C-46D4-B838-51CEF24F1196}] => (Allow) C:\Users\User\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe FirewallRules: [{B6950167-FBC2-4D2D-BD09-F56FE7B94BED}] => (Allow) C:\Users\User\AppData\Local\Warframe\Downloaded\Public\Warframe.exe FirewallRules: [{8EFA84E3-5B83-4C19-9D29-087A996BE6AC}] => (Allow) C:\Users\User\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe FirewallRules: [{77F7BCEF-5B87-4E0E-93DF-EE5E6F8CED15}] => (Allow) C:\Users\User\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe FirewallRules: [{CD64F37C-4A17-44E3-97A0-2DF2B8933453}] => (Allow) C:\Users\User\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe FirewallRules: [{01A4269C-BBF8-49BA-8B0A-708276886743}] => (Allow) C:\Users\User\AppData\Local\Warframe\Downloaded\Public\Warframe.exe FirewallRules: [{EF1FD9DB-759D-4102-8F98-22322128A352}] => (Allow) C:\Users\User\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe FirewallRules: [{A284D791-CDA1-4874-AA52-A40819278371}] => (Allow) C:\Users\User\AppData\Local\Warframe\Downloaded\Public\Warframe.exe FirewallRules: [{94510B89-2D8D-4F79-AC98-6D4FAF7C2F65}] => (Allow) C:\Users\User\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe FirewallRules: [{DC02FA33-721E-4080-BBA5-B1624598D74E}] => (Allow) C:\Users\User\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe FirewallRules: [{181A6505-E028-48C4-BD69-92C52D02CBFB}] => (Allow) C:\Users\User\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe FirewallRules: [TCP Query User{8EE275CF-D3C1-4ECA-9049-887717ADAD8C}C:\program files\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\javaw.exe FirewallRules: [UDP Query User{D234B0E4-BF5C-420B-8E88-1BCAA971719C}C:\program files\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\javaw.exe FirewallRules: [{1C2CD8CE-F574-441C-9E97-A22B206A05C9}] => (Block) C:\program files\java\jre1.8.0_40\bin\javaw.exe FirewallRules: [{46C41ECD-CA6A-4A0A-BBFB-4A0D9F2A1062}] => (Block) C:\program files\java\jre1.8.0_40\bin\javaw.exe FirewallRules: [{AC847531-642F-4E9B-840A-68D2FB7E103E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe FirewallRules: [{D48C39DA-3883-4D9E-A41A-6A8B7D98497C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe FirewallRules: [TCP Query User{52EB319A-C898-4E5A-9865-1BACA2295F97}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe FirewallRules: [UDP Query User{538AE0AA-E6E8-4E8B-B8C3-FFBEEEEDB24F}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe FirewallRules: [{DC61D160-D861-47AF-A5F4-9C9DBE06ACC2}] => (Block) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe FirewallRules: [{9D39BD96-320D-4038-BA3F-9A59A47BD57B}] => (Block) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe FirewallRules: [{1770876B-9A1A-4CEE-B2BB-EBFE6EFD11E8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{F444EC8F-D811-4181-8910-1394B8721EA0}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe FirewallRules: [UDP Query User{72156473-21FA-4611-9AA0-5A29877E02E2}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe FirewallRules: [{6471AA76-DC1F-42CE-ADAD-605595CB0CDC}] => (Block) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe FirewallRules: [{D9701DE2-7A5A-432D-90DF-BB5B84A323C4}] => (Block) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe FirewallRules: [{AC4B729C-64C9-4EA4-B20F-D53954DF055C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe FirewallRules: [{9BE72BF0-9051-4821-A603-5654D358AE35}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe FirewallRules: [{BEF87F47-75A3-4A7E-A516-7E8E970C47A0}] => (Allow) C:\Program Files\CyberLink\PowerDirector13\PDR10.EXE FirewallRules: [{BB85479F-AC3D-491D-B9D3-45BB6A1C8325}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS47B2\setup\hpznui40.exe FirewallRules: [{11D5A2C7-9967-403F-BAD2-13F3BC0DC965}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe FirewallRules: [{BD30ED9A-32BB-4926-809E-B048AC578607}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe FirewallRules: [{E809FC5E-5B1B-469A-9BCB-A2D3CBFB66A9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe FirewallRules: [{D5220BC0-B307-45C4-BEE9-F5258BA08BDC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe FirewallRules: [{89CC04E6-E10D-47C0-BE2B-884B0BD038C3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe FirewallRules: [{AB7C84C6-16C3-49F1-98E3-A434F188C342}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe FirewallRules: [{8BBBC86E-3BB1-4623-9574-7A8DB14C0253}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe FirewallRules: [{22B26313-BC23-489B-99EB-37BC14058244}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe FirewallRules: [{67CD5031-6A30-4967-AD76-6322B0E6B132}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe FirewallRules: [{7C1A7D9C-442D-4981-B8D9-DB9754CB6EAF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe FirewallRules: [{8D478110-4B67-40BA-B1BD-4AA73C9B40A7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe FirewallRules: [{90B14478-D77B-4D81-85E9-54FE41199DA2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe FirewallRules: [{C3B9E12B-3C72-4E10-BA14-484973CCB2AC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe FirewallRules: [{95643E25-716B-4DDF-BA3A-B2844CFD6D16}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe FirewallRules: [{7A366A02-7C88-4BC1-AAD1-0621A1176B6E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe FirewallRules: [{007B1664-6D27-4AC6-9E82-12C604F5DF5C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe FirewallRules: [{32244484-0385-48BA-B01F-BFE58B90F865}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe FirewallRules: [{C3EB3653-5B2E-4C39-B987-FA0CD615A954}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe FirewallRules: [{FFA2C3D3-56E5-410F-A2E4-28B3F5E51341}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe FirewallRules: [TCP Query User{75FC727A-5985-4F91-AB22-5F92B45E78F6}C:\program files (x86)\toon boom animation\toon boom harmony 12 essentials\win64\bin\stageessentials.exe] => (Allow) C:\program files (x86)\toon boom animation\toon boom harmony 12 essentials\win64\bin\stageessentials.exe FirewallRules: [UDP Query User{87E131C6-05B5-4C9B-83B0-801C01A1A086}C:\program files (x86)\toon boom animation\toon boom harmony 12 essentials\win64\bin\stageessentials.exe] => (Allow) C:\program files (x86)\toon boom animation\toon boom harmony 12 essentials\win64\bin\stageessentials.exe FirewallRules: [{D9C87A17-9B46-45D5-BEC6-A2F501FB1EA0}] => (Block) C:\program files (x86)\toon boom animation\toon boom harmony 12 essentials\win64\bin\stageessentials.exe FirewallRules: [{202C6D85-66D7-4D5A-A875-823C938F02E1}] => (Block) C:\program files (x86)\toon boom animation\toon boom harmony 12 essentials\win64\bin\stageessentials.exe FirewallRules: [TCP Query User{2AFA2180-3828-437B-B0B1-A37FC0121D11}C:\program files (x86)\toon boom animation\toon boom harmony 12 premium\win64\bin\stage.exe] => (Allow) C:\program files (x86)\toon boom animation\toon boom harmony 12 premium\win64\bin\stage.exe FirewallRules: [UDP Query User{2D788FC6-73AE-482F-944D-F40FE933E60A}C:\program files (x86)\toon boom animation\toon boom harmony 12 premium\win64\bin\stage.exe] => (Allow) C:\program files (x86)\toon boom animation\toon boom harmony 12 premium\win64\bin\stage.exe FirewallRules: [{6F02A70B-B74A-4BB0-BF87-041671EC560A}] => (Block) C:\program files (x86)\toon boom animation\toon boom harmony 12 premium\win64\bin\stage.exe FirewallRules: [{8901314A-5BA9-4B76-B350-085AEDD8E781}] => (Block) C:\program files (x86)\toon boom animation\toon boom harmony 12 premium\win64\bin\stage.exe FirewallRules: [{A1DC3017-C97E-460F-9BC8-6CAC50A4D3AA}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{1F7F0187-C313-469A-845B-EED395308C1B}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [TCP Query User{CE8DC230-F120-4F94-91F8-432A187FC9B7}C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe FirewallRules: [UDP Query User{CA79D1D2-9651-4946-97CF-EB7A02EEF10B}C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe FirewallRules: [{7A50AE89-B1D3-47CC-9826-AF39ED7F97C4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{48714ED8-974A-4B7D-8FFE-C8177572CBB5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{BA48C6B8-5B87-412B-A585-708B23160C77}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{B08DF1EA-E6A8-4843-9ECB-6628A350D324}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{CC6E50F4-39D7-47DA-A82E-54DA096C0C5A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{2858AE2D-4C60-4225-9E69-45FFE9C7802A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe FirewallRules: [{4AC3DC34-FBA0-4D12-9AD9-84A9C8BD62BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe FirewallRules: [{0F51613E-30BD-41C9-A535-D8DCA66B57FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\NMService.exe FirewallRules: [{D6EF3642-5CE8-4B3D-A76D-D8E57489357C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\NMService.exe FirewallRules: [{54BD3966-FFE1-4611-B2E6-F7678F4A63AD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{604DCB2C-8360-43FB-A1FE-BCEB5B2FCB67}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{841690CA-BCCE-4886-AC7D-842A69A51CA3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{7792CF6C-A313-434C-A2EE-9F58365BC6C0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{45D16418-6D86-4AAC-8C7C-F1D15BB1C104}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\nxsteam.exe FirewallRules: [{34F1F7DB-01F8-46B7-B12A-B2DE2EE12E84}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\nxsteam.exe FirewallRules: [TCP Query User{8C68D6E1-D31D-4DAF-BCA8-7A52BD88732A}C:\program files (x86)\steam\steamapps\common\vindictus\en-us\vindictus.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\vindictus\en-us\vindictus.exe FirewallRules: [UDP Query User{8275D775-61BE-4CC0-A397-BFCB93137A4B}C:\program files (x86)\steam\steamapps\common\vindictus\en-us\vindictus.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\vindictus\en-us\vindictus.exe FirewallRules: [{F42BFC55-2BF9-4EA8-85D5-B85C914DB9E7}] => (Block) C:\program files (x86)\steam\steamapps\common\vindictus\en-us\vindictus.exe FirewallRules: [{378E4A45-2FCC-4264-B6F2-B1CB8F2BFAC1}] => (Block) C:\program files (x86)\steam\steamapps\common\vindictus\en-us\vindictus.exe FirewallRules: [{3488B103-02B4-4D68-8212-2605EF911730}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BlockNLoad\Win64\BlockNLoad.exe FirewallRules: [{D767C958-84D1-4CD3-A119-236CFA407EDE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BlockNLoad\Win64\BlockNLoad.exe FirewallRules: [TCP Query User{4ED75432-A83D-4302-8D85-C61D6B2F5480}C:\program files (x86)\steam\steamapps\common\orcsmustdieunchained\binaries\win64\spitfiregame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\orcsmustdieunchained\binaries\win64\spitfiregame.exe FirewallRules: [UDP Query User{97E8A746-C247-4E89-AAE2-A444041A6C02}C:\program files (x86)\steam\steamapps\common\orcsmustdieunchained\binaries\win64\spitfiregame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\orcsmustdieunchained\binaries\win64\spitfiregame.exe FirewallRules: [{849F57D9-8AF2-406C-9FAA-0DFDE0B2FCD4}] => (Block) C:\program files (x86)\steam\steamapps\common\orcsmustdieunchained\binaries\win64\spitfiregame.exe FirewallRules: [{77AD0172-CCBA-45D2-86D6-EE197759AD46}] => (Block) C:\program files (x86)\steam\steamapps\common\orcsmustdieunchained\binaries\win64\spitfiregame.exe FirewallRules: [{9297A26B-A5FC-47DA-B340-47939C391997}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe FirewallRules: [{E8F4FE83-F3E4-4271-9840-8ADAEB522AB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe FirewallRules: [{A9D651E1-9040-4ECE-9009-0891B47B2386}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BlockNLoad\Win64\BlockNLoad.exe FirewallRules: [{6890FB2F-BEC6-488C-A0AC-2F7B2D565735}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BlockNLoad\Win64\BlockNLoad.exe FirewallRules: [TCP Query User{21EB2DD3-ED55-4F90-B309-354B5F44D3A2}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe FirewallRules: [UDP Query User{0CB81D54-3140-483B-A284-D558F2D4423A}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe FirewallRules: [TCP Query User{67F102D6-1176-4D6D-9965-2E662AD3B6FB}C:\program files\opentoonz 1.0\opentoonz_1.0.exe] => (Allow) C:\program files\opentoonz 1.0\opentoonz_1.0.exe FirewallRules: [UDP Query User{E0F3158A-A7AD-47E7-8234-4D97B5E6E44C}C:\program files\opentoonz 1.0\opentoonz_1.0.exe] => (Allow) C:\program files\opentoonz 1.0\opentoonz_1.0.exe FirewallRules: [{8B9C2D6D-23E5-4DE7-81D3-7F3827FF4093}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Remember Me\Binaries\Win32\RememberMe.exe FirewallRules: [{08B42972-0D00-4727-B454-ED0815F715AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Remember Me\Binaries\Win32\RememberMe.exe FirewallRules: [{2D283F9D-3C86-4310-9792-DF7C8B348E85}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe FirewallRules: [{24C1B4D0-28F6-4247-81A1-A1E1E05543C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe FirewallRules: [{2CEEA3CF-83FE-4AC5-9321-20DD27E53371}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Island\DeadIslandGame.exe FirewallRules: [{F14139E2-C83B-4C8A-9132-BD6D63D99E33}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Island\DeadIslandGame.exe FirewallRules: [{CD95AB8C-5F59-4CED-8159-F67FC1B6940D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\diriptide\DeadIslandGame_x86_rwdi.exe FirewallRules: [{BEE4A31A-EC83-4D62-9A08-C89FE8EC456F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\diriptide\DeadIslandGame_x86_rwdi.exe FirewallRules: [{3B95845F-546C-49A3-8F84-40BF680F2AAC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risen 2\system\Risen2.exe FirewallRules: [{C864CEF1-5219-48D9-A117-64590A5F8194}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risen 2\system\Risen2.exe FirewallRules: [{FCC6DDA4-ED17-4B56-B64E-65AA756FE5EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\nxsteam.exe FirewallRules: [{83C5AF6B-DED9-41C0-B62F-2CE95D69738C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\nxsteam.exe FirewallRules: [{7910DDA8-652D-4867-8120-6432BCFF221E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risen\bin\Risen.exe FirewallRules: [{CAAD9D14-5B04-4F27-A058-D5460E743E43}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risen\bin\Risen.exe FirewallRules: [{E5E293EF-9F3E-407D-A2AD-38B2A14B8175}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row 2\SR2_pc.exe FirewallRules: [{D192DE8B-CD05-47EF-901E-7890157FF184}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row 2\SR2_pc.exe FirewallRules: [{8E7CD2C5-3BB2-408E-A240-F73FB2C0536A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe FirewallRules: [{237C298E-8E63-41F0-A838-F3E0C1D0F269}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe FirewallRules: [{0418807E-89DF-461F-B98C-0C0ADDD66106}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sacred 3\sacred3.exe FirewallRules: [{D0684BF7-91BB-4776-81D9-521DBC07D775}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sacred 3\sacred3.exe FirewallRules: [{A7DD7AB2-90D7-47C0-A667-C78479B93702}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{110B74D3-3F45-4D68-A16A-FCEFCCAD1161}] => (Allow) C:\Program Files\iTunes\iTunes.exe ==================== Restore Points ========================= 06-06-2016 11:58:24 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= Name: Photosmart C7200 series Description: Photosmart C7200 series Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (06/13/2016 12:24:49 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: esetonlinescanner_enu (1).exe, version: 2.0.8.0, time stamp: 0x573dab40 Faulting module name: esetonlinescanner_enu (1).exe, version: 2.0.8.0, time stamp: 0x573dab40 Exception code: 0xc000041d Fault offset: 0x001a4894 Faulting process id: 0x17d0 Faulting application start time: 0xesetonlinescanner_enu (1).exe0 Faulting application path: esetonlinescanner_enu (1).exe1 Faulting module path: esetonlinescanner_enu (1).exe2 Report Id: esetonlinescanner_enu (1).exe3 Faulting package full name: esetonlinescanner_enu (1).exe4 Faulting package-relative application ID: esetonlinescanner_enu (1).exe5 Error: (06/13/2016 12:24:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: esetonlinescanner_enu (1).exe, version: 2.0.8.0, time stamp: 0x573dab40 Faulting module name: esetonlinescanner_enu (1).exe, version: 2.0.8.0, time stamp: 0x573dab40 Exception code: 0xc0000005 Fault offset: 0x001a4894 Faulting process id: 0x17d0 Faulting application start time: 0xesetonlinescanner_enu (1).exe0 Faulting application path: esetonlinescanner_enu (1).exe1 Faulting module path: esetonlinescanner_enu (1).exe2 Report Id: esetonlinescanner_enu (1).exe3 Faulting package full name: esetonlinescanner_enu (1).exe4 Faulting package-relative application ID: esetonlinescanner_enu (1).exe5 Error: (06/12/2016 10:04:29 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 6422 Error: (06/12/2016 10:04:29 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 6422 Error: (06/12/2016 10:04:29 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/12/2016 10:04:28 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5172 Error: (06/12/2016 10:04:28 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 5172 Error: (06/12/2016 10:04:28 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/12/2016 10:04:27 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3875 Error: (06/12/2016 10:04:27 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 3875 System errors: ============= Error: (06/13/2016 12:29:09 PM) (Source: DCOM) (EventID: 10010) (User: MR-MERPS-ALOT) Description: {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} Error: (06/13/2016 11:43:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: %%1275 Error: (06/13/2016 11:43:14 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\User\AppData\Local\Temp\ehdrv.sys Error: (06/13/2016 11:43:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: %%1275 Error: (06/13/2016 11:43:14 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\User\AppData\Local\Temp\ehdrv.sys Error: (06/13/2016 11:43:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: %%1275 Error: (06/13/2016 11:43:14 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\User\AppData\Local\Temp\ehdrv.sys Error: (06/13/2016 11:43:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: %%1275 Error: (06/13/2016 11:43:13 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\User\AppData\Local\Temp\ehdrv.sys Error: (06/13/2016 11:43:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: %%1275 CodeIntegrity: =================================== Date: 2016-05-15 21:21:36.170 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-14 15:33:43.924 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-13 13:59:53.381 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-10 21:21:52.858 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-10 16:07:03.191 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-18 21:21:34.219 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-16 22:18:04.007 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-13 20:52:30.708 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-22 21:21:41.040 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-11 21:21:39.594 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-4810MQ CPU @ 2.80GHz Percentage of memory in use: 48% Total physical RAM: 8110.69 MB Available physical RAM: 4152.57 MB Total Virtual: 16814.69 MB Available Virtual: 11831.6 MB ==================== Drives ================================ Drive c: (OS_Install) (Fixed) (Total:568.43 GB) (Free:130.59 GB) NTFS Drive d: (Data) (Fixed) (Total:345.64 GB) (Free:345.5 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 8BC3265B) Partition: GPT. ==================== End of Addition.txt ============================

I've been running it the past couple hours with no cpu spikes and svchost seems to be behaving. Thanks for the help!

Here's the combofix report. Combolog.txt

Yes, a few minutes after posting the reply with just chrome open the computer was sitting at 100% cpu.

Here are the reports, and thanks for the help! Fixlog.txt mbam file.txt

Hello, for awhile the computer has been having minor issues, mainly what I thought to be just hardware issues. Though due to recent escalation of issues(close to 100% cpu constantly, general lagginess, and overall lowering of quality), I felt that there has to be something more. Here are the copies of the things you asked for. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2014Ran by Timothy_Leis (administrator) on TIMOTHY_LEIS-PC on 07-08-2014 05:58:51Running from C:\Users\Timothy_Leis\DownloadsPlatform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe() C:\Program Files (x86)\ReducetheLag\reducethelag_v3_service.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Google Inc.) C:\Users\Timothy_Leis\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Timothy_Leis\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Timothy_Leis\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Timothy_Leis\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Timothy_Leis\AppData\Local\Google\Chrome\Application\chrome.exe(SQUARE ENIX CO., LTD.) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\game\ffxiv.exe(Google Inc.) C:\Users\Timothy_Leis\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6611048 2011-02-18] (Realtek Semiconductor)HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayAppHKLM\...\Run: [intelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055816 2011-05-30] ()HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStartHKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-3710671165-609888541-3485745390-1001\...\Run: [Google Update] => C:\Users\Timothy_Leis\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-11-02] (Google Inc.)HKU\S-1-5-21-3710671165-609888541-3485745390-1001\...\Run: [DellSystemDetect] => C:\Users\Timothy_Leis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-msHKU\S-1-5-21-3710671165-609888541-3485745390-1001\...\Run: [Guildwork] => C:\Users\Timothy_Leis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Guildwork\Guildwork.appref-msAppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [174296 2014-03-04] (NVIDIA Corporation)AppInit_DLLs: , C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174296 2014-03-04] (NVIDIA Corporation)AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [148016 2014-03-04] (NVIDIA Corporation)AppInit_DLLs-x32: , C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [148016 2014-03-04] (NVIDIA Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchURLSearchHook: HKCU - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}SearchScopes: HKLM - DefaultScope {49E9A046-44D9-89C5-F8F6-7DCF29A47759} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnld2msd&cd=2XzuyEtN2Y1L1Qzu0A0CyBtBzzzyyBtC0F0BzyyCyBtCyCzztN0D0Tzu0CyCtCzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=2094408640&ir=SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {49E9A046-44D9-89C5-F8F6-7DCF29A47759} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnld2msd&cd=2XzuyEtN2Y1L1Qzu0A0CyBtBzzzyyBtC0F0BzyyCyBtCyCzztN0D0Tzu0CyCtCzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=2094408640&ir=SearchScopes: HKLM-x32 - DefaultScope {3DDA1B1F-087E-AC5B-675E-2C94656DFD44} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnld2msd&cd=2XzuyEtN2Y1L1Qzu0A0CyBtBzzzyyBtC0F0BzyyCyBtCyCzztN0D0Tzu0CyCtCzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=2094408640&ir=SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {3DDA1B1F-087E-AC5B-675E-2C94656DFD44} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnld2msd&cd=2XzuyEtN2Y1L1Qzu0A0CyBtBzzzyyBtC0F0BzyyCyBtCyCzztN0D0Tzu0CyCtCzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=2094408640&ir=SearchScopes: HKCU - DefaultScope {077322EF-B0FA-4DD6-93B7-ECF90817B7AF} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnld2msd&cd=2XzuyEtN2Y1L1Qzu0A0CyBtBzzzyyBtC0F0BzyyCyBtCyCzztN0D0Tzu0CyCtCzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=2094408640&ir=SearchScopes: HKCU - {077322EF-B0FA-4DD6-93B7-ECF90817B7AF} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnld2msd&cd=2XzuyEtN2Y1L1Qzu0A0CyBtBzzzyyBtC0F0BzyyCyBtCyCzztN0D0Tzu0CyCtCzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=2094408640&ir=SearchScopes: HKCU - {49E9A046-44D9-89C5-F8F6-7DCF29A47759} URL = http://search.freecause.com/search?ourmark=4&fr=freecause&ei=utf-8&type=62133&p={searchTerms}BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Winsock: Catalog9 01 C:\Windows\SysWOW64\WTFastDrv.dll [72296] (Initex)Winsock: Catalog9 02 C:\Windows\SysWOW64\WTFastDrv.dll [72296] (Initex)Winsock: Catalog9 03 C:\Windows\SysWOW64\WTFastDrv.dll [72296] (Initex)Winsock: Catalog9 04 C:\Windows\SysWOW64\WTFastDrv.dll [72296] (Initex)Winsock: Catalog9 16 C:\Windows\SysWOW64\WTFastDrv.dll [72296] (Initex)Winsock: Catalog9-x64 01 %SystemRoot%\system32\WTFastDrv.dll [79464] (Initex)Winsock: Catalog9-x64 02 %SystemRoot%\system32\WTFastDrv.dll [79464] (Initex)Winsock: Catalog9-x64 03 %SystemRoot%\system32\WTFastDrv.dll [79464] (Initex)Winsock: Catalog9-x64 04 %SystemRoot%\system32\WTFastDrv.dll [79464] (Initex)Winsock: Catalog9-x64 16 %SystemRoot%\system32\WTFastDrv.dll [79464] (Initex)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox:========FF ProfilePath: C:\Users\Timothy_Leis\AppData\Roaming\Mozilla\Firefox\Profiles\2sb235vi.defaultFF SelectedSearchEngine: MysearchdialFF DefaultSearchEngine: MysearchdialFF Keyword.URL: user_pref("keyword.URL", "");FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No FileFF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No FileFF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Timothy_Leis\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Timothy_Leis\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Extension: No Name - C:\Users\Timothy_Leis\AppData\Roaming\Mozilla\Firefox\Profiles\2sb235vi.default\Extensions\staged [2013-09-11] Chrome: =======CHR HomePage: CHR StartupUrls: ""CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Timothy_Leis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]CHR Extension: (AdBlock) - C:\Users\Timothy_Leis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-12]CHR Extension: (Download Master) - C:\Users\Timothy_Leis\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcceagdollnkjlogmdckgjakjapmkdjf [2014-05-12]CHR Extension: (Google Wallet) - C:\Users\Timothy_Leis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]CHR StartMenuInternet: Google Chrome - C:\Users\Timothy_Leis\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [901184 2010-12-14] (Intel Corporation) [File not signed]R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1298496 2010-12-14] (Intel Corporation) [File not signed]R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [974912 2010-12-14] (Intel Corporation) [File not signed]S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-05-01] (BlueStack Systems, Inc.)R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-01] (BlueStack Systems, Inc.)R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [774928 2014-05-01] (BlueStack Systems, Inc.)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-06-25] ()R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)R2 ReduceTheLag-v3; C:\Program Files (x86)\ReducetheLag\reducethelag_v3_service.exe [221696 2014-03-18] () [File not signed]R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation)S2 PowerMon; cmd /c start cmd /c "ping -n 300 127.0.0.1 & C:\Windows\Temp\PowerMon\PowerMon.exe -o http://mining.eligius.st:9337 -O 12jgfM7qaFhKBYEz7KRjqdjBcz22d48bNh" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [123152 2014-05-01] (BlueStack Systems)R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-12-21] (DT Soft Ltd)S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated) [File not signed]R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-07] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2014-03-04] (NVIDIA Corporation)R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-06-29 17:38 - 2015-06-29 17:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-06-29 17:38 - 2015-06-29 17:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2015-06-29 17:38 - 2014-08-07 04:13 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-06-29 17:38 - 2014-05-12 08:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2015-06-29 17:38 - 2014-05-12 08:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-08-07 05:58 - 2014-08-07 05:59 - 00021192 _____ () C:\Users\Timothy_Leis\Downloads\FRST.txt2014-08-07 05:58 - 2014-08-07 05:58 - 02094080 _____ (Farbar) C:\Users\Timothy_Leis\Downloads\FRST64.exe2014-08-07 05:58 - 2014-08-07 05:58 - 00000000 ____D () C:\FRST2014-08-07 02:18 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-08-07 02:18 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-08-07 02:18 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-08-07 02:18 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-08-07 02:18 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-08-07 02:18 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-08-07 02:18 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-08-07 02:18 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-08-07 02:18 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2014-08-07 02:18 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-08-07 02:18 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-08-07 02:18 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-08-07 02:18 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-08-07 02:18 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-08-07 02:18 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-08-07 02:18 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-08-07 02:18 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-08-07 02:18 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-08-07 02:18 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-08-07 02:18 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-08-07 02:18 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-08-07 02:18 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-08-07 02:18 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-08-07 02:18 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-08-07 02:18 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-08-07 02:18 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-08-07 02:18 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-08-07 02:18 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-08-07 02:18 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-08-07 02:18 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2014-08-07 02:18 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-08-07 02:18 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-08-07 02:18 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-08-07 02:18 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-08-07 02:18 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-08-07 02:18 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-08-07 02:18 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-08-07 02:18 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-08-07 02:18 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-08-07 02:18 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-08-07 02:18 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-08-07 02:18 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-08-07 02:18 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-08-07 02:18 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-08-07 02:18 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-08-07 02:18 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-08-07 02:18 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-08-07 02:18 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-08-07 02:18 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-08-07 02:18 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-08-07 02:18 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-08-07 02:18 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-08-07 02:18 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-08-07 02:18 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-08-07 02:18 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-08-07 02:18 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-08-07 02:18 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe2014-08-07 02:18 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe2014-08-07 02:18 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-08-07 02:18 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll2014-08-07 02:18 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll2014-08-07 02:18 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys2014-08-07 02:17 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2014-08-07 02:17 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2014-08-07 02:17 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2014-08-07 02:17 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2014-08-07 02:17 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2014-08-07 02:17 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2014-08-07 02:17 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll2014-08-07 02:17 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll2014-08-07 02:17 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2014-08-07 02:17 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2014-08-07 02:17 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2014-08-07 02:17 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll2014-08-07 02:17 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2014-08-07 02:17 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll2014-08-07 02:17 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll2014-08-07 02:17 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2014-08-07 02:17 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2014-08-05 05:21 - 2014-08-05 05:21 - 00074055 _____ () C:\Users\Timothy_Leis\Downloads\Pyskador_1_2_4.rar2014-08-05 05:21 - 2014-04-09 04:22 - 00174592 _____ (Cyber Research Systems) C:\Users\Timothy_Leis\Desktop\Pyskador.exe2014-08-05 04:22 - 2014-08-05 04:22 - 00000000 ____D () C:\ProgramData\Package Cache2014-08-05 04:19 - 2014-08-05 04:19 - 00387038 _____ () C:\Users\Timothy_Leis\Downloads\BolterV2_v1.2.9b.zip2014-08-01 00:50 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll2014-08-01 00:50 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll2014-08-01 00:50 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll2014-08-01 00:50 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe2014-08-01 00:50 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll2014-08-01 00:50 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll2014-08-01 00:50 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll2014-08-01 00:50 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll2014-08-01 00:50 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll2014-08-01 00:50 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll2014-08-01 00:49 - 2014-05-14 10:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll2014-08-01 00:49 - 2014-05-14 10:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll2014-08-01 00:49 - 2014-05-14 10:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe2014-08-01 00:49 - 2014-05-14 10:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe2014-07-25 22:51 - 2014-07-25 22:51 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log2014-07-25 22:51 - 2014-07-25 22:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2014-07-25 22:51 - 2014-07-11 04:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2014-07-25 22:51 - 2014-07-11 03:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2014-07-25 22:51 - 2014-07-11 03:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2014-07-25 22:51 - 2014-07-11 03:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2014-07-19 15:57 - 2014-07-19 15:57 - 00000000 __SHD () C:\Users\Timothy_Leis\AppData\Local\EmieUserList2014-07-19 15:57 - 2014-07-19 15:57 - 00000000 __SHD () C:\Users\Timothy_Leis\AppData\Local\EmieSiteList2014-07-19 15:44 - 2014-07-19 15:44 - 00046948 _____ () C:\Users\Timothy_Leis\Downloads\TS102919464.dotx2014-07-19 15:39 - 2014-07-19 15:39 - 00055415 _____ () C:\Users\Timothy_Leis\Downloads\TS102835057.dotx2014-07-17 01:10 - 2014-07-17 01:10 - 00000000 ____D () C:\ProgramData\Riot Games ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-06-29 17:38 - 2015-06-29 17:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-06-29 17:38 - 2015-06-29 17:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2015-06-29 17:38 - 2012-04-18 10:12 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-06-29 17:38 - 2011-11-02 16:38 - 00000000 ____D () C:\Users\Timothy_Leis\AppData\Roaming\Malwarebytes2015-06-29 17:38 - 2011-11-02 16:38 - 00000000 ____D () C:\ProgramData\Malwarebytes2015-06-29 17:38 - 2011-11-02 16:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware2014-08-07 05:59 - 2014-08-07 05:58 - 00021192 _____ () C:\Users\Timothy_Leis\Downloads\FRST.txt2014-08-07 05:58 - 2014-08-07 05:58 - 02094080 _____ (Farbar) C:\Users\Timothy_Leis\Downloads\FRST64.exe2014-08-07 05:58 - 2014-08-07 05:58 - 00000000 ____D () C:\FRST2014-08-07 05:49 - 2011-11-02 16:17 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3710671165-609888541-3485745390-1001UA.job2014-08-07 05:10 - 2014-05-19 19:47 - 00000000 ____D () C:\Program Files (x86)\BlueStacks2014-08-07 05:01 - 2012-08-18 22:34 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-08-07 04:16 - 2011-09-05 16:35 - 02044972 _____ () C:\Windows\WindowsUpdate.log2014-08-07 04:14 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI2014-08-07 04:13 - 2015-06-29 17:38 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-08-07 04:13 - 2009-07-14 00:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-08-07 04:13 - 2009-07-14 00:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-08-07 04:09 - 2011-11-02 16:17 - 00000000 ____D () C:\Users\Timothy_Leis\AppData\Local\Deployment2014-08-07 04:08 - 2014-07-04 23:59 - 00003244 _____ () C:\Windows\System32\Tasks\IORRT2014-08-07 04:08 - 2014-05-12 01:43 - 00024433 _____ () C:\Windows\setupact.log2014-08-07 04:08 - 2013-01-20 02:14 - 00000376 ____H () C:\Windows\Tasks\ZoomExUpdaterTask{39D96368-7F99-4AF7-9E3E-95376C9DB3C2}.job2014-08-07 04:07 - 2011-09-05 16:36 - 00000000 ____D () C:\ProgramData\NVIDIA2014-08-07 04:07 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-08-07 04:07 - 2009-07-14 00:45 - 00416688 _____ () C:\Windows\system32\FNTCACHE.DAT2014-08-07 04:05 - 2011-11-05 18:12 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-08-07 04:05 - 2010-11-21 03:17 - 00000000 ____D () C:\Program Files\Windows Journal2014-08-07 04:05 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism2014-08-07 04:05 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism2014-08-07 04:03 - 2013-08-03 04:01 - 00000000 ____D () C:\Windows\system32\MRT2014-08-07 03:58 - 2011-12-01 10:55 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-08-07 02:57 - 2013-03-14 04:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight2014-08-07 02:57 - 2013-03-14 04:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight2014-08-07 02:26 - 2013-03-14 04:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight2014-08-06 16:31 - 2014-03-12 05:30 - 00000000 ____D () C:\Users\Timothy_Leis\Desktop\DRG Parse2014-08-06 16:13 - 2011-11-02 16:17 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3710671165-609888541-3485745390-1001Core.job2014-08-05 23:47 - 2011-11-02 16:18 - 00000000 ____D () C:\Users\Timothy_Leis\AppData\Roaming\Skype2014-08-05 22:26 - 2014-03-07 16:26 - 00000000 ____D () C:\Users\Timothy_Leis\AppData\Roaming\Advanced Combat Tracker2014-08-05 22:21 - 2013-10-31 08:13 - 00000000 ____D () C:\Users\Timothy_Leis\AppData\Roaming\TS3Client2014-08-05 20:58 - 2013-10-31 08:12 - 00000000 ____D () C:\Users\Timothy_Leis\AppData\Local\TeamSpeak 3 Client2014-08-05 05:21 - 2014-08-05 05:21 - 00074055 _____ () C:\Users\Timothy_Leis\Downloads\Pyskador_1_2_4.rar2014-08-05 04:23 - 2014-06-08 01:48 - 00000000 ____D () C:\Users\Timothy_Leis\Desktop\BolterV2_v1.2.9b2014-08-05 04:22 - 2014-08-05 04:22 - 00000000 ____D () C:\ProgramData\Package Cache2014-08-05 04:19 - 2014-08-05 04:19 - 00387038 _____ () C:\Users\Timothy_Leis\Downloads\BolterV2_v1.2.9b.zip2014-07-25 23:11 - 2013-10-28 04:02 - 00000000 ____D () C:\ProgramData\Oracle2014-07-25 22:51 - 2014-07-25 22:51 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log2014-07-25 22:51 - 2014-07-25 22:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2014-07-25 22:51 - 2012-09-12 17:16 - 00000000 ____D () C:\Program Files (x86)\Java2014-07-23 10:52 - 2010-11-20 23:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe2014-07-19 15:57 - 2014-07-19 15:57 - 00000000 __SHD () C:\Users\Timothy_Leis\AppData\Local\EmieUserList2014-07-19 15:57 - 2014-07-19 15:57 - 00000000 __SHD () C:\Users\Timothy_Leis\AppData\Local\EmieSiteList2014-07-19 15:44 - 2014-07-19 15:44 - 00046948 _____ () C:\Users\Timothy_Leis\Downloads\TS102919464.dotx2014-07-19 15:39 - 2014-07-19 15:39 - 00055415 _____ () C:\Users\Timothy_Leis\Downloads\TS102835057.dotx2014-07-18 17:09 - 2011-11-02 16:30 - 00002410 _____ () C:\Users\Timothy_Leis\Desktop\Google Chrome.lnk2014-07-17 01:10 - 2014-07-17 01:10 - 00000000 ____D () C:\ProgramData\Riot Games2014-07-11 04:02 - 2014-07-25 22:51 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2014-07-11 03:56 - 2014-07-25 22:51 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2014-07-11 03:56 - 2014-07-25 22:51 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2014-07-11 03:55 - 2014-07-25 22:51 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2014-07-10 16:01 - 2012-08-18 22:34 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-07-10 16:01 - 2012-08-18 22:34 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-07-10 16:01 - 2011-09-05 14:45 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl Files to move or delete:====================C:\Users\Timothy_Leis\jagex_cl_runescape_LIVE.datC:\Users\Timothy_Leis\random.dat Some content of TEMP:====================C:\Users\Timothy_Leis\AppData\Local\Temp\GURD27A.exeC:\Users\Timothy_Leis\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exeC:\Users\Timothy_Leis\AppData\Local\Temp\nvSCPAPI64.dllC:\Users\Timothy_Leis\AppData\Local\Temp\nvStereoApiI64.dllC:\Users\Timothy_Leis\AppData\Local\Temp\nvStInst.exeC:\Users\Timothy_Leis\AppData\Local\Temp\tmp308C.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-31 14:17 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-08-2014Ran by Timothy_Leis at 2014-08-07 06:00:59Running from C:\Users\Timothy_Leis\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) HiddenAdobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)Advanced Combat Tracker (remove only) (HKLM-x32\...\Advanced Combat Tracker) (Version: - )Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)BlueStacks Notification Center (HKLM-x32\...\{4C02AFA8-074D-44FE-B0E1-A73D4AA65390}) (Version: 0.8.9.3088 - BlueStack Systems, Inc.)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0327 - DT Soft Ltd)Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version: - Microsoft)Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell Inc.)Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell Inc.)Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)Dell Stage (HKLM-x32\...\{39D06E77-8921-4056-8901-36D0035BAECA}) (Version: 1.5.420.0 - Fingertapps)Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.)Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)Dell VideoStage (x32 Version: 1.2.0.1712 - CyberLink Corp.) HiddenDell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)GameStop App (HKLM-x32\...\GameStop App) (Version: 4.00 - GameStop)GameStop App (x32 Version: 4.00 - GameStop) HiddenGeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) HiddenGoogle Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)Guildwork (HKCU\...\941445e80933424b) (Version: 1.0.0.70 - Guildwork)High-Definition Video Playback (x32 Version: 7.3.10000.0.0 - Nero AG) HiddenIntel PROSet Wireless (Version: - ) HiddenIntel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2345 - Intel Corporation)Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}) (Version: 15.2.0.0284 - Intel Corporation)Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{5A80B0BA-79AF-4B11-B851-CCB9F7977AC0}) (Version: 1.0.1.0489 - Intel Corporation)Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)Intel® WiDi (HKLM-x32\...\{03703CBB-563D-45CE-8B35-CB04CAB258BE}) (Version: 2.1.38.0 - Intel Corporation)Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )Intel® PROSet/Wireless WiFi Software (HKLM\...\{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}) (Version: 15.02.0000.1258 - Intel Corporation)iRip (HKLM-x32\...\{0F9224B1-9331-4D56-A21B-6D4747F6ACB4}) (Version: 1.2 - The Little App Factory)iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.650 - Oracle)Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) HiddenLeague of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) HiddenMicrosoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenMozilla Firefox 22.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 22.0 (x86 en-US)) (Version: 22.0 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 22.0 - Mozilla)MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) HiddenMSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) HiddenMSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)Mumble 1.2.5 (HKLM-x32\...\{C7BC557D-8C8B-4F5F-83AB-D20C58CF4575}) (Version: 1.2.5 - Thorvald Natvig)Nero 10 Movie ThemePack Basic (x32 Version: 10.2.10200.0.0 - Nero AG) HiddenNero Control Center 10 (x32 Version: 10.6.12500.0.5 - Nero AG) HiddenNero ControlCenter 10 Help (CHM) (x32 Version: 10.2.10800 - Nero AG) HiddenNero Core Components 10 (x32 Version: 2.0.20000.9.12 - Nero AG) HiddenNero Update (x32 Version: 11.0.10623.22.0 - Nero AG) HiddenNotepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.6 - )NVIDIA 3D Vision Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)NVIDIA Control Panel 335.23 (Version: 335.23 - NVIDIA Corporation) HiddenNVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) HiddenNVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) HiddenNVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) HiddenNVIDIA Optimus Update 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) HiddenNVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) HiddenNVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)NVIDIA ShadowPlay 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) HiddenNVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) HiddenNVIDIA Update 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) HiddenNVIDIA Update Core (Version: 11.10.13 - NVIDIA Corporation) HiddenNVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)Origin (HKLM-x32\...\Origin) (Version: 9.1.3.2637 - Electronic Arts, Inc.)Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenPlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.15 - Dell Inc.)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6312 - Realtek Semiconductor Corp.)Reducethelag (HKLM-x32\...\ReducetheLag) (Version: - )Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.27.0 - Renesas Electronics Corporation)Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.27.0 - Renesas Electronics Corporation) HiddenRevo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) HiddenSHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) HiddenShockwave (HKLM-x32\...\Shockwave) (Version: - )Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) HiddenTeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.15.1 - TeamSpeak Systems GmbH)TrustedID (HKLM-x32\...\{C16A92EF-017B-4839-9C75-FBADB5A1FA27}) (Version: 5.0 - TrustedID)Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version: - Microsoft)Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWinZip 16.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D5}) (Version: 16.5.10096 - WinZip Computing, S.L. )WTFast 3.1 (HKLM-x32\...\{12B4121D-5221-4AFC-9EDC-63B0CA139856}_is1) (Version: 3.1.1.3 - Initex & AAA Internet Publishing)ZoomEx (HKLM\...\{4D1D9E2B-CC34-44D5-A63E-841696FEBCDD}) (Version: 1.0 - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3710671165-609888541-3485745390-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Timothy_Leis\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-3710671165-609888541-3485745390-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Timothy_Leis\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-3710671165-609888541-3485745390-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Timothy_Leis\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-3710671165-609888541-3485745390-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Timothy_Leis\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File ==================== Restore Points ========================= 29-06-2014 11:42:28 Scheduled Checkpoint26-07-2014 02:50:37 Installed Java 7 Update 6501-08-2014 04:49:26 Windows Update05-08-2014 08:21:48 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.2100507-08-2014 06:19:19 Windows Update07-08-2014 07:53:57 Windows Update07-08-2014 09:11:03 Removed BlueStacks Notification Center29-06-2015 21:59:19 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2012-12-05 21:16 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {11220D3B-4B3D-40DD-BEC4-0FC746225558} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3710671165-609888541-3485745390-1001UA => C:\Users\Timothy_Leis\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-02] (Google Inc.)Task: {1CE62886-E0E7-4303-91D0-E3F0F22E9BA4} - System32\Tasks\{653B4094-3C82-4110-ACEC-7D14D85F53B7} => C:\Program Files (x86)\Bethesda Softworks\Morrowind\Morrowind Launcher.exeTask: {2C1B0004-7560-4185-ADB8-37107D459D6D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {3BA2AC19-825E-43B1-AD7C-FDE63E5572E3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-10] (Adobe Systems Incorporated)Task: {3D181061-B38A-42ED-B7E7-D4F677B53B4C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)Task: {432AB34B-DDE5-4067-B449-009CE3D506A4} - System32\Tasks\{E27FF263-8823-4823-992E-3CE0DD2D32CA} => C:\Program Files (x86)\3DO\Might and Magic VII\MM7Setup.ExeTask: {47337CE0-5754-4DA5-AAA0-9B2D63A42716} - System32\Tasks\Hybrid => C:\IORRT\IORRT.bat [2011-11-05] ()Task: {665644B3-6790-46ED-BA07-540C1B8B428F} - System32\Tasks\{7B7F817F-D236-4C8E-927F-944A24BE22CF} => C:\Riot Games\League of Legends\lol.launcher.exe [2012-10-29] ()Task: {7DD3C800-6890-4DD0-A8B7-648B00146017} - System32\Tasks\IORRT => C:\IORRT\IORRT.bat [2011-11-05] ()Task: {94EE6E2E-9EEB-42CF-AB76-072DB7F31ECD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3710671165-609888541-3485745390-1001Core => C:\Users\Timothy_Leis\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-02] (Google Inc.)Task: {A3A05DC6-6E20-4069-A2CE-D9D076DD1577} - System32\Tasks\{3949627B-15A6-4C71-AEEA-4E682B865D15} => E:\SETUP.EXETask: {C6106ADF-E15C-4C74-8778-401945156FF7} - System32\Tasks\ZoomExUpdaterTask{39D96368-7F99-4AF7-9E3E-95376C9DB3C2} => C:\ProgramData\Premium\ZoomEx\ZoomEx.exe <==== ATTENTIONTask: {E5C0DA18-8B50-4029-9542-9F6365F08BB7} - System32\Tasks\{780228C5-B83A-457A-9872-76966F1CADB5} => E:\SETUP.EXETask: {EAF58480-047B-482A-84A9-D2649379FF80} - \Your File Updater No Task File <==== ATTENTIONTask: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3710671165-609888541-3485745390-1001Core.job => C:\Users\Timothy_Leis\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3710671165-609888541-3485745390-1001UA.job => C:\Users\Timothy_Leis\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\ZoomExUpdaterTask{39D96368-7F99-4AF7-9E3E-95376C9DB3C2}.job => C:\ProgramData\Premium\ZoomEx\ZoomEx.exe <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2014-03-18 05:49 - 2014-03-18 05:49 - 00221696 _____ () C:\Program Files (x86)\ReducetheLag\reducethelag_v3_service.exe2012-01-10 20:14 - 2014-03-04 09:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll2013-09-05 02:17 - 2013-09-05 02:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll2011-09-05 16:10 - 2011-03-26 19:29 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2009-03-07 16:02 - 2009-03-07 16:02 - 00098304 _____ () C:\Program Files (x86)\ReducetheLag\EasyHook32.dll2012-01-10 20:13 - 2014-03-04 10:35 - 00014280 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll2013-09-05 02:14 - 2013-09-05 02:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll2014-07-18 17:09 - 2014-07-15 05:24 - 00718664 _____ () C:\Users\Timothy_Leis\AppData\Local\Google\Chrome\Application\36.0.1985.125\libglesv2.dll2014-07-18 17:09 - 2014-07-15 05:24 - 00126280 _____ () C:\Users\Timothy_Leis\AppData\Local\Google\Chrome\Application\36.0.1985.125\libegl.dll2014-07-18 17:09 - 2014-07-15 05:24 - 08537928 _____ () C:\Users\Timothy_Leis\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll2014-07-18 17:09 - 2014-07-15 05:24 - 00353096 _____ () C:\Users\Timothy_Leis\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll2014-07-18 17:09 - 2014-07-15 05:24 - 01732936 _____ () C:\Users\Timothy_Leis\AppData\Local\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll2014-03-18 05:49 - 2014-03-18 05:49 - 00133120 _____ () C:\Program Files (x86)\ReducetheLag\reducethelagv332.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^Users^Timothy_Leis^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GameStop Now.lnk => C:\Windows\pss\GameStop Now.lnk.StartupMSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startupMSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServicesMSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exeMSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorunMSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /backgroundMSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrunMSCONFIG\startupreg: uTorrent => "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZEDMSCONFIG\startupreg: WTFast Tray => "C:\Program Files (x86)\WTFast\WTFast.exe" trayonly ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (08/07/2014 04:08:15 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/07/2014 04:08:14 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run. at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (08/07/2014 02:59:10 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/07/2014 02:59:04 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run. at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (08/07/2014 02:08:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 31306124 Error: (08/07/2014 02:08:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 31306124 Error: (08/07/2014 02:08:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/06/2014 05:26:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 1263 Error: (08/06/2014 05:26:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 1263 Error: (08/06/2014 05:26:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second System errors:=============Error: (08/07/2014 04:08:14 AM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: The BlueStacks Android Service service terminated with the following error: %%1064 Error: (08/07/2014 04:08:09 AM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Power Supply Monitor service to connect. Error: (08/07/2014 03:12:52 AM) (Source: Service Control Manager) (EventID: 7032) (User: )Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Modules Installer service, but this action failed with the following error: %%1056 Error: (08/07/2014 03:08:03 AM) (Source: Service Control Manager) (EventID: 7032) (User: )Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Modules Installer service, but this action failed with the following error: %%1056 Error: (08/07/2014 03:07:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The Windows Modules Installer service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. Error: (08/07/2014 03:06:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (08/07/2014 02:59:04 AM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: The BlueStacks Android Service service terminated with the following error: %%1064 Error: (08/07/2014 02:58:58 AM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Power Supply Monitor service to connect. Error: (08/06/2014 04:18:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: The BlueStacks Android Service service terminated with the following error: %%1064 Error: (08/06/2014 04:18:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Power Supply Monitor service to connect. Microsoft Office Sessions:=========================Error: (08/07/2014 04:08:15 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/07/2014 04:08:14 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run. at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (08/07/2014 02:59:10 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/07/2014 02:59:04 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run. at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (08/07/2014 02:08:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 31306124 Error: (08/07/2014 02:08:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 31306124 Error: (08/07/2014 02:08:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/06/2014 05:26:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 1263 Error: (08/06/2014 05:26:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 1263 Error: (08/06/2014 05:26:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second CodeIntegrity Errors:=================================== Date: 2014-05-09 17:34:33.958 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-09 17:34:33.958 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-09 17:34:33.958 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-09 17:34:33.943 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-09 17:34:33.943 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-09 17:34:33.927 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-01 10:24:49.692 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-01 10:24:49.690 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-01 10:24:49.687 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-01 10:24:49.664 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 30%Total physical RAM: 12182.17 MBAvailable physical RAM: 8515.18 MBTotal Pagefile: 24362.52 MBAvailable Pagefile: 20286.45 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:576.54 GB) (Free:327.33 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: 07F2837E)Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)Partition 2: (Active) - (Size=20 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=577 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Thank you for any help you're able to give.

Tried multiple times to run combofix, but no matter what it always hangs on the final screen saying it's preparing a report. Sat there for 8 hours yesterday and never finished. No one touched the computer in this time.

Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.16.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 terri :: TERRI-PC [administrator] 1/16/2013 12:33:30 PM mbam-log-2013-01-16 (12-33-30).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 266162 Time elapsed: 3 minute(s), 48 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2 Run by terri at 12:38:12 on 2013-01-16 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2093 [GMT -6:00] . AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\nvvsvc.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe C:\Program Files (x86)\iWin Games\iWinTrusted.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\System32\WUDFHost.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Users\terri\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\terri\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\terri\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\terri\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\terri\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\terri\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\terri\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\terri\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\terri\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173602102216p0325v1j5r49m1s452 mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173602102216p0325v1j5r49m1s452 mSearchAssistant = hxxp://www.google.com uURLSearchHooks: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - <orphaned> uURLSearchHooks: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - <orphaned> BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - <orphaned> BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: IEHlprObj Class: {8CA5ED52-F3FB-4414-A105-2E3491156990} - BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll uRun: [incrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\Users\terri\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\YAHOO!~1.LNK - C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab TCP: NameServer = 192.168.1.254 TCP: Interfaces\{C61C7BDB-C7BF-43D9-BA92-45BF4C12003B} : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{E1BD5EBB-804F-4881-9F04-E856EBF4BFCC} : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{E1BD5EBB-804F-4881-9F04-E856EBF4BFCC}\2375942554032303 : DHCPNameServer = 192.168.1.254 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173602102216p0325v1j5r49m1s452 x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\terri\AppData\Roaming\Mozilla\Firefox\Profiles\lzy9ybr7.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/mb156/?loc=ff_address_bar&a=6OxWR7DJUn&search= FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\terri\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Users\terri\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll FF - plugin: C:\Users\terri\AppData\LocalLow\Sony Online Entertainment\npsoe.dll FF - plugin: C:\Users\terri\AppData\LocalLow\Sony Online Entertainment\npsoeact.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768] R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-3-21 984144] R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-2-11 370288] R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-2-11 25232] R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-2-11 71600] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-11-21 44808] R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496] R2 iWinTrusted;iWinTrusted;C:\Program Files (x86)\iWin Games\iWinTrusted.exe [2011-4-8 176848] R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-5-1 2666880] R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-10-29 240160] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-23 344680] R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;C:\Windows\System32\drivers\wg111v3.sys [2011-4-10 446976] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\System32\drivers\netr7364.sys [2010-2-24 726816] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 128456] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-12 59392] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-17 1255736] . =============== Created Last 30 ================ . 2013-01-15 17:13:23 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AA39F33A-D1B5-4481-BB3B-C50B034342CD}\mpengine.dll 2013-01-14 13:30:57 9125352 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-01-09 17:20:54 750592 ----a-w- C:\Windows\System32\win32spl.dll 2013-01-09 17:19:32 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2013-01-03 15:09:38 -------- d-----w- C:\Program Files\CCleaner 2013-01-01 23:26:23 -------- d-----w- C:\Program Files (x86)\Crabs and Penguins 2012-12-29 15:45:33 -------- d-sh--w- C:\$RECYCLE.BIN 2012-12-28 16:01:26 -------- d-----w- C:\ComboFix 2012-12-28 00:56:03 98816 ----a-w- C:\Windows\sed.exe 2012-12-28 00:56:03 256000 ----a-w- C:\Windows\PEV.exe 2012-12-28 00:56:03 208896 ----a-w- C:\Windows\MBR.exe 2012-12-28 00:35:12 -------- d-----w- C:\Users\terri\AppData\Local\Programs 2012-12-27 20:43:52 -------- d-----w- C:\Program Files (x86)\VS Revo Group 2012-12-25 21:45:20 -------- d-----w- C:\Users\terri\AppData\Roaming\AzuazGames 2012-12-21 04:15:07 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-21 04:15:07 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-21 04:15:05 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-21 04:15:03 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-18 20:07:11 106240 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll . ==================== Find3M ==================== . 2013-01-10 03:24:09 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-10 03:24:09 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-12-14 22:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll 2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll 2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll 2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll 2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs 2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs 2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs 2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs 2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs 2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs 2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs 2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs 2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs 2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs 2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs 2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs 2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs 2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs 2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe 2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll 2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll 2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll 2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll 2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll 2012-11-01 05:43:42 2002432 ----a-w- C:\Windows\System32\msxml6.dll 2012-11-01 05:43:42 1882624 ----a-w- C:\Windows\System32\msxml3.dll 2012-11-01 04:47:54 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-11-01 04:47:54 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-10-30 23:51:55 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2012-10-30 23:51:55 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2012-10-30 23:51:07 41224 ----a-w- C:\Windows\avastSS.scr . ============= FINISH: 12:39:18.92 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 2/11/2010 2:58:56 PM System Uptime: 1/16/2013 7:23:14 AM (5 hours ago) . Motherboard: eMachines | | EMCP73VT-PM Processor: Pentium® Dual-Core CPU E5400 @ 2.70GHz | CPU 1 | 2700/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 686 GiB total, 627.089 GiB free. D: is CDROM () E: is Removable F: is Removable G: is Removable H: is Removable I: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP442: 1/3/2013 9:24:58 AM - Revo Uninstaller's restore point - Yahoo! Messenger RP443: 1/3/2013 9:30:18 AM - Revo Uninstaller's restore point - Yahoo! Install Manager RP444: 1/3/2013 9:30:56 AM - Revo Uninstaller's restore point - Yahoo! Widgets RP445: 1/5/2013 11:48:12 AM - Windows Update RP446: 1/9/2013 9:47:24 AM - Windows Update RP447: 1/9/2013 12:12:09 PM - Windows Update RP448: 1/14/2013 7:30:16 AM - Windows Update . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 9.5.3 MUI Adobe Shockwave Player 11.6 Advertising Center Angry Birds Rio Angry Birds Seasons Apple Application Support Apple Software Update avast! Free Antivirus Beetle Bug 3 (remove only) CCleaner Compatibility Pack for the 2007 Office system Crabs and Penguins D3DX10 DivX Web Player eMachines Games eMachines Recovery Management eMachines Registration eMachines ScreenSaver eMachines Updater Fairy Island Fluttabyes Free Realms Installer Google Chrome Google Update Helper Identity Card ImagXpress IncrediMail IncrediMail 2.0 iWin Games (remove only) Java 7 Update 9 Java Auto Updater Junk Mail filter update Linksys Compact Wireless-G USB Adapter Driver - WUSB54GC Malwarebytes Anti-Malware version 1.70.0.1100 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office Live Add-in 1.5 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (English) 2007 Microsoft Search Enhancement Pack Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works Mozilla Firefox 18.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero 9 Essentials Nero ControlCenter Nero DiscSpeed Nero DiscSpeed Help Nero DriveSpeed Nero DriveSpeed Help Nero Express Help Nero InfoTool Nero InfoTool Help Nero Installer Nero Online Upgrade Nero StartSmart Nero StartSmart Help Nero StartSmart OEM NeroExpress neroxml NETGEAR WG111v3 wireless USB 2.0 adapter NVIDIA Display Control Panel NVIDIA Drivers Photo Notifier and Animation Creator PhotoMail Maker PVSonyDll QuickTime Realtek High Definition Audio Driver Revo Uninstaller 1.94 Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition SOE Web Installer swMSM TeamViewer 7 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Welcome Center Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Player Firefox Plugin Yahoo! BrowserPlus 2.9.2 Yahoo! Install Manager Yahoo! Software Update Yahoo! Widgets . ==== End Of File ===========================

Hello, sorry for the delay, as I said, not my personal computer so haven't had a chance to check it out. It was working from what they were telling me but however a new issue seems to have arised... upon doing a Google search, the results page comes up and it doesn't take you to the page that was searched... it redirects to a "related" page. Going to post the new scans now and see if we can find the issue, I'm back at their house with their computer so I can update quickly.

# AdwCleaner v2.104 - Logfile created 01/03/2013 at 09:02:23 # Updated 29/12/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : terri - TERRI-PC # Boot Mode : Normal # Running from : C:\Users\terri\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\END File Deleted : C:\Users\terri\AppData\Roaming\Mozilla\Firefox\Profiles\lzy9ybr7.default\searchplugins\Askcom.xml File Deleted : C:\Users\terri\AppData\Roaming\Mozilla\Firefox\Profiles\lzy9ybr7.default\searchplugins\Conduit.xml File Deleted : C:\Users\terri\AppData\Roaming\Mozilla\Firefox\Profiles\lzy9ybr7.default\searchplugins\MyStart Search.xml File Deleted : C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerTrust\UnifiedToolbar.cfg Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\{1CE72EFA-E2D1-48FA-A5EC-D7111C2C5BB6} Folder Deleted : C:\Program Files (x86)\Perion Folder Deleted : C:\Program Files (x86)\Yontoo Layers Client Folder Deleted : C:\ProgramData\iWin Folder Deleted : C:\ProgramData\Partner Folder Deleted : C:\ProgramData\Tarma Installer Folder Deleted : C:\Users\terri\AppData\Local\Conduit Folder Deleted : C:\Users\terri\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg Folder Deleted : C:\Users\terri\AppData\Local\Kiwee Toolbar Folder Deleted : C:\Users\terri\AppData\LocalLow\AGI Folder Deleted : C:\Users\terri\AppData\LocalLow\BabylonToolbar Folder Deleted : C:\Users\terri\AppData\LocalLow\Conduit Folder Deleted : C:\Users\terri\AppData\LocalLow\facemoods.com Folder Deleted : C:\Users\terri\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\terri\AppData\Roaming\iWin Folder Deleted : C:\Users\terri\AppData\Roaming\Mozilla\Firefox\Profiles\lzy9ybr7.default\Conduit Folder Deleted : C:\Users\terri\AppData\Roaming\Mozilla\Firefox\Profiles\lzy9ybr7.default\ConduitCommon Folder Deleted : C:\Users\terri\AppData\Roaming\Mozilla\Firefox\Profiles\lzy9ybr7.default\CT2438727 Folder Deleted : C:\Users\terri\AppData\Roaming\Mozilla\Firefox\Profiles\lzy9ybr7.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} Folder Deleted : C:\Users\terri\AppData\Roaming\Mozilla\Firefox\Profiles\lzy9ybr7.default\Smartbar ***** [Registry] ***** Key Deleted : HKCU\Software\AGI Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\Babylon Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\Google\Chrome\Extensions\ebfmlbdgbekinmmpfmpjjkfclcgedhgj Key Deleted : HKCU\Software\IM Key Deleted : HKCU\Software\ImInstaller Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4260E0CC-0F75-462E-88A3-1E05C248BF4C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4260E0CC-0F75-462E-88A3-1E05C248BF4C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{86F14831-D88C-4BC8-B871-C8FB24D95D9B} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A} Key Deleted : HKLM\Software\AGI Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\SOFTWARE\Classes\AG.MediaPlayerCOM Key Deleted : HKLM\SOFTWARE\Classes\agihelper.AGUtils Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A5461FCA-320C-4D6F-A150-A53823CE8142} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Key Deleted : HKLM\SOFTWARE\Classes\AppID\contenthandler.dll Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL Key Deleted : HKLM\SOFTWARE\Classes\BabyDict Key Deleted : HKLM\SOFTWARE\Classes\BabyGloss Key Deleted : HKLM\SOFTWARE\Classes\BabyOptFile Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Classes\contenthandler.contentselection Key Deleted : HKLM\SOFTWARE\Classes\contenthandler.contentselection.1 Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1678857 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2438727 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2724386 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C7403C30-3644-43D8-A82F-4BD84B9682D9} Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\dlQUE Key Deleted : HKLM\Software\IB Updater Key Deleted : HKLM\Software\ImInstaller Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\Software\Web Assistant Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4260E0CC-0F75-462E-88A3-1E05C248BF4C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E6375F37-E4D1-4F51-B651-4658C27AC5BF} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3E16A203-C0AA-4D44-ACC5-38A70A8C76DA} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ebfmlbdgbekinmmpfmpjjkfclcgedhgj Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87A0B80B-5BA7-4CB0-9553-105D68777D60} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E16A203-C0AA-4D44-ACC5-38A70A8C76DA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2} Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Key Deleted : HKLM\SOFTWARE\Web Assistant Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=ppcb2&s={searchTerms}&f=4 --> hxxp://www.google.com -\\ Mozilla Firefox v17.0.1 (en-US) File : C:\Users\terri\AppData\Roaming\Mozilla\Firefox\Profiles\lzy9ybr7.default\prefs.js C:\Users\terri\AppData\Roaming\Mozilla\Firefox\Profiles\lzy9ybr7.default\user.js ... Deleted ! Deleted : user_pref("CT2438727..clientLogIsEnabled", false); Deleted : user_pref("CT2438727..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT2438727..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT2438727.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Deleted : user_pref("CT2438727.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT2438727.CT2438727", "CT2438727"); Deleted : user_pref("CT2438727.CurrentServerDate", "3-1-2013"); Deleted : user_pref("CT2438727.DialogsAlignMode", "LTR"); Deleted : user_pref("CT2438727.DialogsGetterLastCheckTime", "Wed Jan 02 2013 21:12:34 GMT-0600 (Central Standa[...] Deleted : user_pref("CT2438727.DownloadReferralCookieData", ""); Deleted : user_pref("CT2438727.EnableSearchHistory", false); Deleted : user_pref("CT2438727.EnableSearchSuggest", false); Deleted : user_pref("CT2438727.FirstServerDate", "21-5-2011"); Deleted : user_pref("CT2438727.FirstTime", true); Deleted : user_pref("CT2438727.FirstTimeFF3", true); Deleted : user_pref("CT2438727.FixPageNotFoundErrors", false); Deleted : user_pref("CT2438727.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT2438727.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT2438727.HasUserGlobalKeys", true); Deleted : user_pref("CT2438727.Initialize", true); Deleted : user_pref("CT2438727.InitializeCommonPrefs", true); Deleted : user_pref("CT2438727.InstallationAndCookieDataSentCount", 3); Deleted : user_pref("CT2438727.InstalledDate", "Sat May 21 2011 13:57:02 GMT-0500 (Central Daylight Time)"); Deleted : user_pref("CT2438727.IsGrouping", false); Deleted : user_pref("CT2438727.IsMulticommunity", false); Deleted : user_pref("CT2438727.IsOpenThankYouPage", true); Deleted : user_pref("CT2438727.IsOpenUninstallPage", true); Deleted : user_pref("CT2438727.LanguagePackLastCheckTime", "Wed Jan 02 2013 21:12:34 GMT-0600 (Central Standar[...] Deleted : user_pref("CT2438727.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT2438727.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT2438727.LastLogin_3.12.0.7", "Mon Apr 30 2012 15:15:04 GMT-0500 (Central Daylight Time)[...] Deleted : user_pref("CT2438727.LastLogin_3.12.2.3", "Wed May 30 2012 11:42:46 GMT-0500 (Central Daylight Time)[...] Deleted : user_pref("CT2438727.LastLogin_3.13.0.6", "Sun Jul 15 2012 14:51:45 GMT-0500 (Central Daylight Time)[...] Deleted : user_pref("CT2438727.LastLogin_3.14.1.0", "Wed Aug 22 2012 18:47:22 GMT-0500 (Central Daylight Time)[...] Deleted : user_pref("CT2438727.LastLogin_3.15.1.0", "Wed Nov 07 2012 10:56:03 GMT-0600 (Central Standard Time)[...] Deleted : user_pref("CT2438727.LastLogin_3.16.0.3", "Wed Jan 02 2013 21:12:25 GMT-0600 (Central Standard Time)[...] Deleted : user_pref("CT2438727.LastLogin_3.3.5.1", "Sat Jul 09 2011 09:05:53 GMT-0500 (Central Daylight Time)"[...] Deleted : user_pref("CT2438727.LatestVersion", "3.16.0.3"); Deleted : user_pref("CT2438727.Locale", "en"); Deleted : user_pref("CT2438727.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT2438727.MCDetectTooltipShow", false); Deleted : user_pref("CT2438727.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT2438727.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT2438727.MyStuffEnabledAtInstallation", false); Deleted : user_pref("CT2438727.RadioShrinked", "shrinked"); Deleted : user_pref("CT2438727.SHRINK_TOOLBAR", 0); Deleted : user_pref("CT2438727.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT2438727.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT243[...] Deleted : user_pref("CT2438727.SearchInNewTabEnabled", true); Deleted : user_pref("CT2438727.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT2438727.SearchInNewTabLastCheckTime", "Wed Jan 02 2013 21:12:12 GMT-0600 (Central Stand[...] Deleted : user_pref("CT2438727.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT2438727.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Deleted : user_pref("CT2438727.ServiceMapLastCheckTime", "Wed Jan 02 2013 21:12:12 GMT-0600 (Central Standard [...] Deleted : user_pref("CT2438727.SettingsLastCheckTime", "Wed Jan 02 2013 21:12:12 GMT-0600 (Central Standard Ti[...] Deleted : user_pref("CT2438727.SettingsLastUpdate", "1357167707"); Deleted : user_pref("CT2438727.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT2438727.ThirdPartyComponentsLastCheck", "Sat Jul 02 2011 21:24:40 GMT-0500 (Central Day[...] Deleted : user_pref("CT2438727.ThirdPartyComponentsLastUpdate", "1246786978"); Deleted : user_pref("CT2438727.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2438727"); Deleted : user_pref("CT2438727.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Deleted : user_pref("CT2438727.UserID", "UN19161047969712086"); Deleted : user_pref("CT2438727.ValidationData_Toolbar", 2); Deleted : user_pref("CT2438727.alertChannelId", "832836"); Deleted : user_pref("CT2438727.approveUntrustedApps", true); Deleted : user_pref("CT2438727.components.1000034", false); Deleted : user_pref("CT2438727.components.1000082", false); Deleted : user_pref("CT2438727.components.1000234", false); Deleted : user_pref("CT2438727.components.1000515", false); Deleted : user_pref("CT2438727.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Deleted : user_pref("CT2438727.globalFirstTimeInfoLastCheckTime", "Sat Jul 09 2011 13:05:54 GMT-0500 (Central [...] Deleted : user_pref("CT2438727.homepageProtectorEnableByLogin", true); Deleted : user_pref("CT2438727.initDone", true); Deleted : user_pref("CT2438727.isAppTrackingManagerOn", true); Deleted : user_pref("CT2438727.myStuffEnabled", true); Deleted : user_pref("CT2438727.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT2438727.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT2438727.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT2438727.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT2438727.oldAppsList", "129017707048431316,129017707048587567,129509324767711885,1290239[...] Deleted : user_pref("CT2438727.revertSettingsEnabled", false); Deleted : user_pref("CT2438727.searchProtectorDialogDelayInSec", 10); Deleted : user_pref("CT2438727.searchProtectorEnableByLogin", true); Deleted : user_pref("CT2438727.testingCtid", ""); Deleted : user_pref("CT2438727.toolbarAppMetaDataLastCheckTime", "Wed Jan 02 2013 21:12:34 GMT-0600 (Central S[...] Deleted : user_pref("CT2438727.toolbarContextMenuLastCheckTime", "Sat May 21 2011 13:57:06 GMT-0500 (Central D[...] Deleted : user_pref("CT2438727.usagesFlag", 2); Deleted : user_pref("CT2724386..clientLogIsEnabled", false); Deleted : user_pref("CT2724386..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT2724386..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT2724386.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Deleted : user_pref("CT2724386.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT2724386.BrowserCompStateIsOpen_129723002078767475", true); Deleted : user_pref("CT2724386.BrowserCompStateIsOpen_129847484031223416", true); Deleted : user_pref("CT2724386.BrowserCompStateIsOpen_129851871904280954", true); Deleted : user_pref("CT2724386.BrowserCompStateIsOpen_129904362604336829", true); Deleted : user_pref("CT2724386.BrowserCompStateIsOpen_129992833759124499", true); Deleted : user_pref("CT2724386.CT2724407.CommunityChanged", true); Deleted : user_pref("CT2724386.CT2724431.CommunityChanged", true); Deleted : user_pref("CT2724386.CT2727162.CommunityChanged", true); Deleted : user_pref("CT2724386.CT2727622.CommunityChanged", true); Deleted : user_pref("CT2724386.CT2727646.CommunityChanged", true); Deleted : user_pref("CT2724386.CT2727678.CommunityChanged", true); Deleted : user_pref("CT2724386.CT2727750.CommunityChanged", true); Deleted : user_pref("CT2724386.CTID", "CT2724386"); Deleted : user_pref("CT2724386.CommunitiesChangesLastCheckTime", "Mon Apr 30 2012 19:13:48 GMT-0500 (Central D[...] Deleted : user_pref("CT2724386.CommunitiesChangesLastUrl", "hxxp://grouping.services.conduit.com/GroupingReque[...] Deleted : user_pref("CT2724386.CommunityChanged", true); Deleted : user_pref("CT2724386.CurrentServerDate", "9-12-2012"); Deleted : user_pref("CT2724386.DialogsAlignMode", "LTR"); Deleted : user_pref("CT2724386.DialogsGetterLastCheckTime", "Sat Dec 08 2012 17:56:31 GMT-0600 (Central Standa[...] Deleted : user_pref("CT2724386.DownloadReferralCookieData", ""); Deleted : user_pref("CT2724386.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}"); Deleted : user_pref("CT2724386.FirstServerDate", "8-6-2011"); Deleted : user_pref("CT2724386.FirstTime", true); Deleted : user_pref("CT2724386.FirstTimeFF3", true); Deleted : user_pref("CT2724386.FixPageNotFoundErrors", false); Deleted : user_pref("CT2724386.GroupingLastCheckTime", "Mon Apr 30 2012 19:13:48 GMT-0500 (Central Daylight Ti[...] Deleted : user_pref("CT2724386.GroupingLastErrorCode", ""); Deleted : user_pref("CT2724386.GroupingLastResponse", false); Deleted : user_pref("CT2724386.GroupingLastServerUpdateTime", "129514153850000000"); Deleted : user_pref("CT2724386.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT2724386.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT2724386.HasUserGlobalKeys", true); Deleted : user_pref("CT2724386.Initialize", true); Deleted : user_pref("CT2724386.InitializeCommonPrefs", true); Deleted : user_pref("CT2724386.InstallationAndCookieDataSentCount", 3); Deleted : user_pref("CT2724386.InstallationId", "StubInstaller"); Deleted : user_pref("CT2724386.InstallationType", "ConduitIntegration"); Deleted : user_pref("CT2724386.InstalledDate", "Tue Jun 07 2011 16:12:09 GMT-0500 (Central Daylight Time)"); Deleted : user_pref("CT2724386.InvalidateCache", false); Deleted : user_pref("CT2724386.IsGrouping", false); Deleted : user_pref("CT2724386.IsMulticommunity", false); Deleted : user_pref("CT2724386.IsOpenThankYouPage", false); Deleted : user_pref("CT2724386.IsOpenUninstallPage", true); Deleted : user_pref("CT2724386.LanguagePackLastCheckTime", "Sat Dec 08 2012 17:56:05 GMT-0600 (Central Standar[...] Deleted : user_pref("CT2724386.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT2724386.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT2724386.LastLogin_3.12.2.3", "Wed May 30 2012 11:42:44 GMT-0500 (Central Daylight Time)[...] Deleted : user_pref("CT2724386.LastLogin_3.13.0.6", "Sun Jul 15 2012 14:51:54 GMT-0500 (Central Daylight Time)[...] Deleted : user_pref("CT2724386.LastLogin_3.14.1.0", "Wed Aug 22 2012 18:47:22 GMT-0500 (Central Daylight Time)[...] Deleted : user_pref("CT2724386.LastLogin_3.15.1.0", "Wed Nov 07 2012 10:55:57 GMT-0600 (Central Standard Time)[...] Deleted : user_pref("CT2724386.LastLogin_3.16.0.3", "Sat Dec 08 2012 17:56:05 GMT-0600 (Central Standard Time)[...] Deleted : user_pref("CT2724386.LastLogin_3.3.5.1", "Tue Jun 07 2011 16:12:08 GMT-0500 (Central Daylight Time)"[...] Deleted : user_pref("CT2724386.LatestVersion", "3.16.0.3"); Deleted : user_pref("CT2724386.Locale", "en"); Deleted : user_pref("CT2724386.LoginRevertSettingsEnabled", false); Deleted : user_pref("CT2724386.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT2724386.MCDetectTooltipShow", false); Deleted : user_pref("CT2724386.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT2724386.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT2724386.MyStuffEnabledAtInstallation", true); Deleted : user_pref("CT2724386.RadioIsPodcast", false); Deleted : user_pref("CT2724386.RadioLastCheckTime", "Tue Jun 07 2011 16:12:09 GMT-0500 (Central Daylight Time)[...] Deleted : user_pref("CT2724386.RadioLastUpdateIPServer", "3"); Deleted : user_pref("CT2724386.RadioLastUpdateServer", "129249036863500000"); Deleted : user_pref("CT2724386.RadioMediaID", "21080102"); Deleted : user_pref("CT2724386.RadioMediaType", "Media Player"); Deleted : user_pref("CT2724386.RadioMenuSelectedID", "EBRadioMenu_CT272438621080102"); Deleted : user_pref("CT2724386.RadioStationName", "Mix%201620%20Am"); Deleted : user_pref("CT2724386.RadioStationURL", "hxxp://69.115.65.9:8000"); Deleted : user_pref("CT2724386.SHRINK_TOOLBAR", 1); Deleted : user_pref("CT2724386.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT2724386.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT272[...] Deleted : user_pref("CT2724386.SearchInNewTabEnabled", true); Deleted : user_pref("CT2724386.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT2724386.SearchInNewTabLastCheckTime", "Sat Dec 08 2012 17:56:03 GMT-0600 (Central Stand[...] Deleted : user_pref("CT2724386.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT2724386.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Deleted : user_pref("CT2724386.SearchInNewTabUserEnabled", false); Deleted : user_pref("CT2724386.ServiceMapLastCheckTime", "Sat Dec 08 2012 17:56:04 GMT-0600 (Central Standard [...] Deleted : user_pref("CT2724386.SettingsLastCheckTime", "Sat Dec 08 2012 17:56:03 GMT-0600 (Central Standard Ti[...] Deleted : user_pref("CT2724386.SettingsLastUpdate", "1354809800"); Deleted : user_pref("CT2724386.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT2724386.ThirdPartyComponentsLastCheck", "Tue Jun 07 2011 16:12:07 GMT-0500 (Central Day[...] Deleted : user_pref("CT2724386.ThirdPartyComponentsLastUpdate", "1246786978"); Deleted : user_pref("CT2724386.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Deleted : user_pref("CT2724386.UserID", "UN99100734519817247"); Deleted : user_pref("CT2724386.ValidationData_Toolbar", 0); Deleted : user_pref("CT2724386.WeatherNetwork", ""); Deleted : user_pref("CT2724386.WeatherPollDate", "Tue Jun 07 2011 16:12:10 GMT-0500 (Central Daylight Time)"); Deleted : user_pref("CT2724386.WeatherUnit", "F"); Deleted : user_pref("CT2724386.addressBarTakeOverEnabledInHidden", "true"); Deleted : user_pref("CT2724386.alertChannelId", "1116652"); Deleted : user_pref("CT2724386.autoDisableScopes", 0); Deleted : user_pref("CT2724386.components.1000048", false); Deleted : user_pref("CT2724386.components.1000082", false); Deleted : user_pref("CT2724386.components.1000234", false); Deleted : user_pref("CT2724386.components.129248963349915487", false); Deleted : user_pref("CT2724386.components.129248964061947202", false); Deleted : user_pref("CT2724386.components.129248964422728031", false); Deleted : user_pref("CT2724386.components.129464706887642629", false); Deleted : user_pref("CT2724386.components.129464706887955131", false); Deleted : user_pref("CT2724386.defaultSearch", "false"); Deleted : user_pref("CT2724386.enableAlerts", "true"); Deleted : user_pref("CT2724386.enableSearchFromAddressBar", "false"); Deleted : user_pref("CT2724386.firstTimeDialogOpened", true); Deleted : user_pref("CT2724386.fixPageNotFoundError", "false"); Deleted : user_pref("CT2724386.fixPageNotFoundErrorInHidden", "true"); Deleted : user_pref("CT2724386.fixUrls", true); Deleted : user_pref("CT2724386.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Deleted : user_pref("CT2724386.globalFirstTimeInfoLastCheckTime", "Tue Jun 07 2011 16:12:16 GMT-0500 (Central [...] Deleted : user_pref("CT2724386.homepageProtectorEnableByLogin", true); Deleted : user_pref("CT2724386.initDone", true); Deleted : user_pref("CT2724386.installId", "conduitnsisintegration"); Deleted : user_pref("CT2724386.installType", "conduitnsisintegration"); Deleted : user_pref("CT2724386.isAppTrackingManagerOn", true); Deleted : user_pref("CT2724386.isCheckedStartAsHidden", true); Deleted : user_pref("CT2724386.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}"); Deleted : user_pref("CT2724386.isFirstTimeToolbarLoading", "false"); Deleted : user_pref("CT2724386.isNewTabEnabled", false); Deleted : user_pref("CT2724386.isPerformedSmartBarTransition", "true"); Deleted : user_pref("CT2724386.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}"); Deleted : user_pref("CT2724386.migrateAppsAndComponents", true); Deleted : user_pref("CT2724386.myStuffEnabled", true); Deleted : user_pref("CT2724386.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT2724386.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT2724386.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT2724386.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT2724386.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"about%3Aaddons\",\"EB_MAIN_FR[...] Deleted : user_pref("CT2724386.openThankYouPage", "false"); Deleted : user_pref("CT2724386.openUninstallPage", "true"); Deleted : user_pref("CT2724386.revertSettingsEnabled", false); Deleted : user_pref("CT2724386.searchInNewTabEnabled", false); Deleted : user_pref("CT2724386.searchInNewTabEnabledInHidden", "true"); Deleted : user_pref("CT2724386.searchProtectorDialogDelayInSec", 10); Deleted : user_pref("CT2724386.searchProtectorEnableByLogin", true); Deleted : user_pref("CT2724386.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}"); Deleted : user_pref("CT2724386.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...] Deleted : user_pref("CT2724386.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...] Deleted : user_pref("CT2724386.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...] Deleted : user_pref("CT2724386.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...] Deleted : user_pref("CT2724386.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...] Deleted : user_pref("CT2724386.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...] Deleted : user_pref("CT2724386.serviceLayer_services_login_10.13.40.15_lastUpdate", "1356549468479"); Deleted : user_pref("CT2724386.serviceLayer_services_serviceMap_lastUpdate", "1356486996404"); Deleted : user_pref("CT2724386.serviceLayer_services_toolbarSettings_lastUpdate", "1356549469141"); Deleted : user_pref("CT2724386.serviceLayer_services_translation_lastUpdate", "1356486996467"); Deleted : user_pref("CT2724386.settingsINI", true); Deleted : user_pref("CT2724386.shouldFirstTimeDialog", "false"); Deleted : user_pref("CT2724386.smartbar.CTID", "CT2724386"); Deleted : user_pref("CT2724386.smartbar.Uninstall", "0"); Deleted : user_pref("CT2724386.smartbar.toolbarName", "IncrediMail MediaBar 2 "); Deleted : user_pref("CT2724386.startPage", "userChanged"); Deleted : user_pref("CT2724386.testingCtid", ""); Deleted : user_pref("CT2724386.toolbarAppMetaDataLastCheckTime", "Sat Dec 08 2012 17:56:07 GMT-0600 (Central S[...] Deleted : user_pref("CT2724386.toolbarBornServerTime", "8-6-2011"); Deleted : user_pref("CT2724386.toolbarContextMenuLastCheckTime", "Tue Jun 07 2011 16:12:14 GMT-0500 (Central D[...] Deleted : user_pref("CT2724386.toolbarCurrentServerTime", "26-12-2012"); Deleted : user_pref("CT2724386.toolbarDisabled", "true"); Deleted : user_pref("CT2724386.usagesFlag", 2); Deleted : user_pref("CT2724386_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...] Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2438727"); Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2438727/CT2438727[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2724386/CT2724386[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2438727", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2724386", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2438727",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2724386",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2438727/CT2438727[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2724386/CT2724386[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/27/243/CT2438727/Images/Blank.png", "\"2[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/7/176/CT1764407/Images/63421989998628125[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/images/skins/zynga/seperator.gif", "\"46[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"b2c[...] Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", false); Deleted : user_pref("CommunityToolbar.EngineOwner", ""); Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"); Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "incredimail_mediabar_2"); Deleted : user_pref("CommunityToolbar.IsEngineShown", false); Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2724386"); Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"); Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "incredimail_mediabar_2"); Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://mystart.incredimail.com/?loc=ff_a[...] Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2438727,CT2724386"); Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2438727,CT2724386"); Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun Jun 12 2011 21:34:46 GMT-05[...] Deleted : user_pref("CommunityToolbar.alert.alertEnabled", false); Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Deleted : user_pref("CommunityToolbar.alert.locale", "en"); Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Jul 21 2011 20:47:00 GMT-0500 (Central D[...] Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559"); Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false); Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Deleted : user_pref("CommunityToolbar.alert.userId", "bfda7240-6828-4e22-a6ed-beef12f26ed2"); Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Jun 07 2011 16:13:43 GMT-0500 (Cen[...] Deleted : user_pref("CommunityToolbar.globalUserId", "b62c9f93-27a3-4856-ae53-9f4ba963a881"); Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.killedEngine", true); Deleted : user_pref("CommunityToolbar.undefined", ""); Deleted : user_pref("browser.search.defaultengine", "Ask.com"); Deleted : user_pref("browser.search.defaultenginename", "MyStart Search"); Deleted : user_pref("browser.search.order.1", "Ask.com"); Deleted : user_pref("browser.search.selectedEngine", "MyStart Search"); Deleted : user_pref("extensions.questbasic.init", true); Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=too[...] Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...] -\\ Google Chrome v23.0.1271.97 File : C:\Users\terri\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [38270 octets] - [02/01/2013 10:54:59] AdwCleaner[s1].txt - [38407 octets] - [03/01/2013 09:02:23] ########## EOF - C:\AdwCleaner[s1].txt - [38468 octets] ##########

# AdwCleaner v2.104 - Logfile created 01/02/2013 at 10:54:59 # Updated 29/12/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : terri - TERRI-PC # Boot Mode : Normal # Running from : C:\Users\terri\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** File Found : C:\END File Found : C:\Users\terri\AppData\Roaming\Mozilla\Firefox\Profiles\lzy9ybr7.default\searchplugins\Askcom.xml File Found : C:\Users\terri\AppData\Roaming\Mozilla\Firefox\Profiles\lzy9ybr7.default\searchplugins\Conduit.xml File Found : C:\Users\terri\AppData\Roaming\Mozilla\Firefox\Profiles\lzy9ybr7.default\searchplugins\MyStart Search.xml File Found : C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerTrust\UnifiedToolbar.cfg Folder Found : C:\Program Files (x86)\Conduit Folder Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\{1CE72EFA-E2D1-48FA-A5EC-D7111C2C5BB6} Folder Found : C:\Program Files (x86)\Perion Folder Found : C:\Program Files (x86)\Yontoo Layers Client Folder Found : C:\ProgramData\iWin Folder Found : C:\ProgramData\Partner Folder Found : C:\ProgramData\Tarma Installer Folder Found : C:\Users\terri\AppData\Local\Conduit Folder Found : C:\Users\terri\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg Folder Found : C:\Users\terri\AppData\Local\Kiwee Toolbar Folder Found : C:\Users\terri\AppData\LocalLow\AGI Folder Found : C:\Users\terri\AppData\LocalLow\BabylonToolbar Folder Found : C:\Users\terri\AppData\LocalLow\Conduit Folder Found : C:\Users\terri\AppData\LocalLow\facemoods.com Folder Found : C:\Users\terri\AppData\LocalLow\PriceGong Folder Found : C:\Users\terri\AppData\Roaming\iWin Folder Found : C:\Users\terri\AppData\Roaming\Mozilla\Firefox\Profiles\lzy9ybr7.default\Conduit Folder Found : C:\Users\terri\AppData\Roaming\Mozilla\Firefox\Profiles\lzy9ybr7.default\ConduitCommon Folder Found : C:\Users\terri\AppData\Roaming\Mozilla\Firefox\Profiles\lzy9ybr7.default\CT2438727 Folder Found : C:\Users\terri\AppData\Roaming\Mozilla\Firefox\Profiles\lzy9ybr7.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} Folder Found : C:\Users\terri\AppData\Roaming\Mozilla\Firefox\Profiles\lzy9ybr7.default\Smartbar ***** [Registry] ***** Key Found : HKCU\Software\AGI Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Found : HKCU\Software\AppDataLow\Software\PriceGong Key Found : HKCU\Software\AppDataLow\Software\SmartBar Key Found : HKCU\Software\Babylon Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\Google\Chrome\Extensions\ebfmlbdgbekinmmpfmpjjkfclcgedhgj Key Found : HKCU\Software\IM Key Found : HKCU\Software\ImInstaller Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4260E0CC-0F75-462E-88A3-1E05C248BF4C} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4260E0CC-0F75-462E-88A3-1E05C248BF4C} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Found : HKCU\Software\Softonic Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{86F14831-D88C-4BC8-B871-C8FB24D95D9B} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A} Key Found : HKLM\Software\AGI Key Found : HKLM\Software\Babylon Key Found : HKLM\SOFTWARE\Classes\AG.MediaPlayerCOM Key Found : HKLM\SOFTWARE\Classes\agihelper.AGUtils Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} Key Found : HKLM\SOFTWARE\Classes\AppID\{A5461FCA-320C-4D6F-A150-A53823CE8142} Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Key Found : HKLM\SOFTWARE\Classes\AppID\contenthandler.dll Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL Key Found : HKLM\SOFTWARE\Classes\BabyDict Key Found : HKLM\SOFTWARE\Classes\BabyGloss Key Found : HKLM\SOFTWARE\Classes\BabyOptFile Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine Key Found : HKLM\SOFTWARE\Classes\contenthandler.contentselection Key Found : HKLM\SOFTWARE\Classes\contenthandler.contentselection.1 Key Found : HKLM\SOFTWARE\Classes\Prod.cap Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1678857 Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2438727 Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2724386 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C7403C30-3644-43D8-A82F-4BD84B9682D9} Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1 Key Found : HKLM\Software\Conduit Key Found : HKLM\Software\dlQUE Key Found : HKLM\Software\IB Updater Key Found : HKLM\Software\ImInstaller Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Found : HKLM\Software\Web Assistant Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4260E0CC-0F75-462E-88A3-1E05C248BF4C} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E6375F37-E4D1-4F51-B651-4658C27AC5BF} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3E16A203-C0AA-4D44-ACC5-38A70A8C76DA} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2} Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ebfmlbdgbekinmmpfmpjjkfclcgedhgj Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87A0B80B-5BA7-4CB0-9553-105D68777D60} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Found : HKLM\SOFTWARE\Classes\Interface\{3E16A203-C0AA-4D44-ACC5-38A70A8C76DA} Key Found : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018} Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0} Key Found : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB} Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2} Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Key Found : HKLM\SOFTWARE\Web Assistant Key Found : HKU\S-1-5-21-2238865308-3945283567-1467993303-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} Key Found : HKU\S-1-5-21-2238865308-3945283567-1467993303-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A} Key Found : HKU\S-1-5-21-2238865308-3945283567-1467993303-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : HKU\S-1-5-21-2238865308-3945283567-1467993303-1000\Software\Microsoft\Internet Explorer\SearchScopes\{86F14831-D88C-4BC8-B871-C8FB24D95D9B} Key Found : HKU\S-1-5-21-2238865308-3945283567-1467993303-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A} Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}] Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=ppcb2&s={searchTerms}&f=4 -\\ Mozilla Firefox v17.0.1 (en-US) File : C:\Users\terri\AppData\Roaming\Mozilla\Firefox\Profiles\lzy9ybr7.default\prefs.js Found : user_pref("CT2438727..clientLogIsEnabled", false); Found : user_pref("CT2438727..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Found : user_pref("CT2438727..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Found : user_pref("CT2438727.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Found : user_pref("CT2438727.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Found : user_pref("CT2438727.CT2438727", "CT2438727"); Found : user_pref("CT2438727.CurrentServerDate", "28-12-2012"); Found : user_pref("CT2438727.DialogsAlignMode", "LTR"); Found : user_pref("CT2438727.DialogsGetterLastCheckTime", "Fri Dec 28 2012 09:56:39 GMT-0600 (Central Standa[...] Found : user_pref("CT2438727.DownloadReferralCookieData", ""); Found : user_pref("CT2438727.EnableSearchHistory", false); Found : user_pref("CT2438727.EnableSearchSuggest", false); Found : user_pref("CT2438727.FirstServerDate", "21-5-2011"); Found : user_pref("CT2438727.FirstTime", true); Found : user_pref("CT2438727.FirstTimeFF3", true); Found : user_pref("CT2438727.FixPageNotFoundErrors", false); Found : user_pref("CT2438727.GroupingServerCheckInterval", 1440); Found : user_pref("CT2438727.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Found : user_pref("CT2438727.HasUserGlobalKeys", true); Found : user_pref("CT2438727.Initialize", true); Found : user_pref("CT2438727.InitializeCommonPrefs", true); Found : user_pref("CT2438727.InstallationAndCookieDataSentCount", 3); Found : user_pref("CT2438727.InstalledDate", "Sat May 21 2011 13:57:02 GMT-0500 (Central Daylight Time)"); Found : user_pref("CT2438727.IsGrouping", false); Found : user_pref("CT2438727.IsMulticommunity", false); Found : user_pref("CT2438727.IsOpenThankYouPage", true); Found : user_pref("CT2438727.IsOpenUninstallPage", true); Found : user_pref("CT2438727.LanguagePackLastCheckTime", "Thu Dec 27 2012 14:36:34 GMT-0600 (Central Standar[...] Found : user_pref("CT2438727.LanguagePackReloadIntervalMM", 1440); Found : user_pref("CT2438727.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Found : user_pref("CT2438727.LastLogin_3.12.0.7", "Mon Apr 30 2012 15:15:04 GMT-0500 (Central Daylight Time)[...] Found : user_pref("CT2438727.LastLogin_3.12.2.3", "Wed May 30 2012 11:42:46 GMT-0500 (Central Daylight Time)[...] Found : user_pref("CT2438727.LastLogin_3.13.0.6", "Sun Jul 15 2012 14:51:45 GMT-0500 (Central Daylight Time)[...] Found : user_pref("CT2438727.LastLogin_3.14.1.0", "Wed Aug 22 2012 18:47:22 GMT-0500 (Central Daylight Time)[...] Found : user_pref("CT2438727.LastLogin_3.15.1.0", "Wed Nov 07 2012 10:56:03 GMT-0600 (Central Standard Time)[...] Found : user_pref("CT2438727.LastLogin_3.16.0.3", "Fri Dec 28 2012 09:56:39 GMT-0600 (Central Standard Time)[...] Found : user_pref("CT2438727.LastLogin_3.3.5.1", "Sat Jul 09 2011 09:05:53 GMT-0500 (Central Daylight Time)"[...] Found : user_pref("CT2438727.LatestVersion", "3.16.0.3"); Found : user_pref("CT2438727.Locale", "en"); Found : user_pref("CT2438727.MCDetectTooltipHeight", "83"); Found : user_pref("CT2438727.MCDetectTooltipShow", false); Found : user_pref("CT2438727.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Found : user_pref("CT2438727.MCDetectTooltipWidth", "295"); Found : user_pref("CT2438727.MyStuffEnabledAtInstallation", false); Found : user_pref("CT2438727.RadioShrinked", "shrinked"); Found : user_pref("CT2438727.SHRINK_TOOLBAR", 0); Found : user_pref("CT2438727.SearchFromAddressBarIsInit", true); Found : user_pref("CT2438727.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT243[...] Found : user_pref("CT2438727.SearchInNewTabEnabled", true); Found : user_pref("CT2438727.SearchInNewTabIntervalMM", 1440); Found : user_pref("CT2438727.SearchInNewTabLastCheckTime", "Thu Dec 27 2012 14:36:30 GMT-0600 (Central Stand[...] Found : user_pref("CT2438727.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Found : user_pref("CT2438727.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Found : user_pref("CT2438727.ServiceMapLastCheckTime", "Thu Dec 27 2012 14:36:32 GMT-0600 (Central Standard [...] Found : user_pref("CT2438727.SettingsLastCheckTime", "Fri Dec 28 2012 09:56:38 GMT-0600 (Central Standard Ti[...] Found : user_pref("CT2438727.SettingsLastUpdate", "1356671436"); Found : user_pref("CT2438727.ThirdPartyComponentsInterval", 504); Found : user_pref("CT2438727.ThirdPartyComponentsLastCheck", "Sat Jul 02 2011 21:24:40 GMT-0500 (Central Day[...] Found : user_pref("CT2438727.ThirdPartyComponentsLastUpdate", "1246786978"); Found : user_pref("CT2438727.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2438727"); Found : user_pref("CT2438727.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Found : user_pref("CT2438727.UserID", "UN19161047969712086"); Found : user_pref("CT2438727.ValidationData_Toolbar", 2); Found : user_pref("CT2438727.alertChannelId", "832836"); Found : user_pref("CT2438727.approveUntrustedApps", true); Found : user_pref("CT2438727.components.1000034", false); Found : user_pref("CT2438727.components.1000082", false); Found : user_pref("CT2438727.components.1000234", false); Found : user_pref("CT2438727.components.1000515", false); Found : user_pref("CT2438727.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Found : user_pref("CT2438727.globalFirstTimeInfoLastCheckTime", "Sat Jul 09 2011 13:05:54 GMT-0500 (Central [...] Found : user_pref("CT2438727.homepageProtectorEnableByLogin", true); Found : user_pref("CT2438727.initDone", true); Found : user_pref("CT2438727.isAppTrackingManagerOn", true); Found : user_pref("CT2438727.myStuffEnabled", true); Found : user_pref("CT2438727.myStuffPublihserMinWidth", 400); Found : user_pref("CT2438727.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Found : user_pref("CT2438727.myStuffServiceIntervalMM", 1440); Found : user_pref("CT2438727.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Found : user_pref("CT2438727.oldAppsList", "129017707048431316,129017707048587567,129509324767711885,1290239[...] Found : user_pref("CT2438727.revertSettingsEnabled", false); Found : user_pref("CT2438727.searchProtectorDialogDelayInSec", 10); Found : user_pref("CT2438727.searchProtectorEnableByLogin", true); Found : user_pref("CT2438727.testingCtid", ""); Found : user_pref("CT2438727.toolbarAppMetaDataLastCheckTime", "Thu Dec 27 2012 14:36:35 GMT-0600 (Central S[...] Found : user_pref("CT2438727.toolbarContextMenuLastCheckTime", "Sat May 21 2011 13:57:06 GMT-0500 (Central D[...] Found : user_pref("CT2438727.usagesFlag", 2); Found : user_pref("CT2724386..clientLogIsEnabled", false); Found : user_pref("CT2724386..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Found : user_pref("CT2724386..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Found : user_pref("CT2724386.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Found : user_pref("CT2724386.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Found : user_pref("CT2724386.BrowserCompStateIsOpen_129723002078767475", true); Found : user_pref("CT2724386.BrowserCompStateIsOpen_129847484031223416", true); Found : user_pref("CT2724386.BrowserCompStateIsOpen_129851871904280954", true); Found : user_pref("CT2724386.BrowserCompStateIsOpen_129904362604336829", true); Found : user_pref("CT2724386.BrowserCompStateIsOpen_129992833759124499", true); Found : user_pref("CT2724386.CT2724407.CommunityChanged", true); Found : user_pref("CT2724386.CT2724431.CommunityChanged", true); Found : user_pref("CT2724386.CT2727162.CommunityChanged", true); Found : user_pref("CT2724386.CT2727622.CommunityChanged", true); Found : user_pref("CT2724386.CT2727646.CommunityChanged", true); Found : user_pref("CT2724386.CT2727678.CommunityChanged", true); Found : user_pref("CT2724386.CT2727750.CommunityChanged", true); Found : user_pref("CT2724386.CTID", "CT2724386"); Found : user_pref("CT2724386.CommunitiesChangesLastCheckTime", "Mon Apr 30 2012 19:13:48 GMT-0500 (Central D[...] Found : user_pref("CT2724386.CommunitiesChangesLastUrl", "hxxp://grouping.services.conduit.com/GroupingReque[...] Found : user_pref("CT2724386.CommunityChanged", true); Found : user_pref("CT2724386.CurrentServerDate", "9-12-2012"); Found : user_pref("CT2724386.DialogsAlignMode", "LTR"); Found : user_pref("CT2724386.DialogsGetterLastCheckTime", "Sat Dec 08 2012 17:56:31 GMT-0600 (Central Standa[...] Found : user_pref("CT2724386.DownloadReferralCookieData", ""); Found : user_pref("CT2724386.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}"); Found : user_pref("CT2724386.FirstServerDate", "8-6-2011"); Found : user_pref("CT2724386.FirstTime", true); Found : user_pref("CT2724386.FirstTimeFF3", true); Found : user_pref("CT2724386.FixPageNotFoundErrors", false); Found : user_pref("CT2724386.GroupingLastCheckTime", "Mon Apr 30 2012 19:13:48 GMT-0500 (Central Daylight Ti[...] Found : user_pref("CT2724386.GroupingLastErrorCode", ""); Found : user_pref("CT2724386.GroupingLastResponse", false); Found : user_pref("CT2724386.GroupingLastServerUpdateTime", "129514153850000000"); Found : user_pref("CT2724386.GroupingServerCheckInterval", 1440); Found : user_pref("CT2724386.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Found : user_pref("CT2724386.HasUserGlobalKeys", true); Found : user_pref("CT2724386.Initialize", true); Found : user_pref("CT2724386.InitializeCommonPrefs", true); Found : user_pref("CT2724386.InstallationAndCookieDataSentCount", 3); Found : user_pref("CT2724386.InstallationId", "StubInstaller"); Found : user_pref("CT2724386.InstallationType", "ConduitIntegration"); Found : user_pref("CT2724386.InstalledDate", "Tue Jun 07 2011 16:12:09 GMT-0500 (Central Daylight Time)"); Found : user_pref("CT2724386.InvalidateCache", false); Found : user_pref("CT2724386.IsGrouping", false); Found : user_pref("CT2724386.IsMulticommunity", false); Found : user_pref("CT2724386.IsOpenThankYouPage", false); Found : user_pref("CT2724386.IsOpenUninstallPage", true); Found : user_pref("CT2724386.LanguagePackLastCheckTime", "Sat Dec 08 2012 17:56:05 GMT-0600 (Central Standar[...] Found : user_pref("CT2724386.LanguagePackReloadIntervalMM", 1440); Found : user_pref("CT2724386.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Found : user_pref("CT2724386.LastLogin_3.12.2.3", "Wed May 30 2012 11:42:44 GMT-0500 (Central Daylight Time)[...] Found : user_pref("CT2724386.LastLogin_3.13.0.6", "Sun Jul 15 2012 14:51:54 GMT-0500 (Central Daylight Time)[...] Found : user_pref("CT2724386.LastLogin_3.14.1.0", "Wed Aug 22 2012 18:47:22 GMT-0500 (Central Daylight Time)[...] Found : user_pref("CT2724386.LastLogin_3.15.1.0", "Wed Nov 07 2012 10:55:57 GMT-0600 (Central Standard Time)[...] Found : user_pref("CT2724386.LastLogin_3.16.0.3", "Sat Dec 08 2012 17:56:05 GMT-0600 (Central Standard Time)[...] Found : user_pref("CT2724386.LastLogin_3.3.5.1", "Tue Jun 07 2011 16:12:08 GMT-0500 (Central Daylight Time)"[...] Found : user_pref("CT2724386.LatestVersion", "3.16.0.3"); Found : user_pref("CT2724386.Locale", "en"); Found : user_pref("CT2724386.LoginRevertSettingsEnabled", false); Found : user_pref("CT2724386.MCDetectTooltipHeight", "83"); Found : user_pref("CT2724386.MCDetectTooltipShow", false); Found : user_pref("CT2724386.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Found : user_pref("CT2724386.MCDetectTooltipWidth", "295"); Found : user_pref("CT2724386.MyStuffEnabledAtInstallation", true); Found : user_pref("CT2724386.RadioIsPodcast", false); Found : user_pref("CT2724386.RadioLastCheckTime", "Tue Jun 07 2011 16:12:09 GMT-0500 (Central Daylight Time)[...] Found : user_pref("CT2724386.RadioLastUpdateIPServer", "3"); Found : user_pref("CT2724386.RadioLastUpdateServer", "129249036863500000"); Found : user_pref("CT2724386.RadioMediaID", "21080102"); Found : user_pref("CT2724386.RadioMediaType", "Media Player"); Found : user_pref("CT2724386.RadioMenuSelectedID", "EBRadioMenu_CT272438621080102"); Found : user_pref("CT2724386.RadioStationName", "Mix%201620%20Am"); Found : user_pref("CT2724386.RadioStationURL", "hxxp://69.115.65.9:8000"); Found : user_pref("CT2724386.SHRINK_TOOLBAR", 1); Found : user_pref("CT2724386.SearchFromAddressBarIsInit", true); Found : user_pref("CT2724386.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT272[...] Found : user_pref("CT2724386.SearchInNewTabEnabled", true); Found : user_pref("CT2724386.SearchInNewTabIntervalMM", 1440); Found : user_pref("CT2724386.SearchInNewTabLastCheckTime", "Sat Dec 08 2012 17:56:03 GMT-0600 (Central Stand[...] Found : user_pref("CT2724386.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Found : user_pref("CT2724386.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Found : user_pref("CT2724386.SearchInNewTabUserEnabled", false); Found : user_pref("CT2724386.ServiceMapLastCheckTime", "Sat Dec 08 2012 17:56:04 GMT-0600 (Central Standard [...] Found : user_pref("CT2724386.SettingsLastCheckTime", "Sat Dec 08 2012 17:56:03 GMT-0600 (Central Standard Ti[...] Found : user_pref("CT2724386.SettingsLastUpdate", "1354809800"); Found : user_pref("CT2724386.ThirdPartyComponentsInterval", 504); Found : user_pref("CT2724386.ThirdPartyComponentsLastCheck", "Tue Jun 07 2011 16:12:07 GMT-0500 (Central Day[...] Found : user_pref("CT2724386.ThirdPartyComponentsLastUpdate", "1246786978"); Found : user_pref("CT2724386.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Found : user_pref("CT2724386.UserID", "UN99100734519817247"); Found : user_pref("CT2724386.ValidationData_Toolbar", 0); Found : user_pref("CT2724386.WeatherNetwork", ""); Found : user_pref("CT2724386.WeatherPollDate", "Tue Jun 07 2011 16:12:10 GMT-0500 (Central Daylight Time)"); Found : user_pref("CT2724386.WeatherUnit", "F"); Found : user_pref("CT2724386.addressBarTakeOverEnabledInHidden", "true"); Found : user_pref("CT2724386.alertChannelId", "1116652"); Found : user_pref("CT2724386.autoDisableScopes", 0); Found : user_pref("CT2724386.components.1000048", false); Found : user_pref("CT2724386.components.1000082", false); Found : user_pref("CT2724386.components.1000234", false); Found : user_pref("CT2724386.components.129248963349915487", false); Found : user_pref("CT2724386.components.129248964061947202", false); Found : user_pref("CT2724386.components.129248964422728031", false); Found : user_pref("CT2724386.components.129464706887642629", false); Found : user_pref("CT2724386.components.129464706887955131", false); Found : user_pref("CT2724386.defaultSearch", "false"); Found : user_pref("CT2724386.enableAlerts", "true"); Found : user_pref("CT2724386.enableSearchFromAddressBar", "false"); Found : user_pref("CT2724386.firstTimeDialogOpened", true); Found : user_pref("CT2724386.fixPageNotFoundError", "false"); Found : user_pref("CT2724386.fixPageNotFoundErrorInHidden", "true"); Found : user_pref("CT2724386.fixUrls", true); Found : user_pref("CT2724386.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Found : user_pref("CT2724386.globalFirstTimeInfoLastCheckTime", "Tue Jun 07 2011 16:12:16 GMT-0500 (Central [...] Found : user_pref("CT2724386.homepageProtectorEnableByLogin", true); Found : user_pref("CT2724386.initDone", true); Found : user_pref("CT2724386.installId", "conduitnsisintegration"); Found : user_pref("CT2724386.installType", "conduitnsisintegration"); Found : user_pref("CT2724386.isAppTrackingManagerOn", true); Found : user_pref("CT2724386.isCheckedStartAsHidden", true); Found : user_pref("CT2724386.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}"); Found : user_pref("CT2724386.isFirstTimeToolbarLoading", "false"); Found : user_pref("CT2724386.isNewTabEnabled", false); Found : user_pref("CT2724386.isPerformedSmartBarTransition", "true"); Found : user_pref("CT2724386.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}"); Found : user_pref("CT2724386.migrateAppsAndComponents", true); Found : user_pref("CT2724386.myStuffEnabled", true); Found : user_pref("CT2724386.myStuffPublihserMinWidth", 400); Found : user_pref("CT2724386.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Found : user_pref("CT2724386.myStuffServiceIntervalMM", 1440); Found : user_pref("CT2724386.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Found : user_pref("CT2724386.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"about%3Aaddons\",\"EB_MAIN_FR[...] Found : user_pref("CT2724386.openThankYouPage", "false"); Found : user_pref("CT2724386.openUninstallPage", "true"); Found : user_pref("CT2724386.revertSettingsEnabled", false); Found : user_pref("CT2724386.searchInNewTabEnabled", false); Found : user_pref("CT2724386.searchInNewTabEnabledInHidden", "true"); Found : user_pref("CT2724386.searchProtectorDialogDelayInSec", 10); Found : user_pref("CT2724386.searchProtectorEnableByLogin", true); Found : user_pref("CT2724386.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}"); Found : user_pref("CT2724386.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...] Found : user_pref("CT2724386.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...] Found : user_pref("CT2724386.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...] Found : user_pref("CT2724386.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...] Found : user_pref("CT2724386.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...] Found : user_pref("CT2724386.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...] Found : user_pref("CT2724386.serviceLayer_services_login_10.13.40.15_lastUpdate", "1356549468479"); Found : user_pref("CT2724386.serviceLayer_services_serviceMap_lastUpdate", "1356486996404"); Found : user_pref("CT2724386.serviceLayer_services_toolbarSettings_lastUpdate", "1356549469141"); Found : user_pref("CT2724386.serviceLayer_services_translation_lastUpdate", "1356486996467"); Found : user_pref("CT2724386.settingsINI", true); Found : user_pref("CT2724386.shouldFirstTimeDialog", "false"); Found : user_pref("CT2724386.smartbar.CTID", "CT2724386"); Found : user_pref("CT2724386.smartbar.Uninstall", "0"); Found : user_pref("CT2724386.smartbar.toolbarName", "IncrediMail MediaBar 2 "); Found : user_pref("CT2724386.startPage", "userChanged"); Found : user_pref("CT2724386.testingCtid", ""); Found : user_pref("CT2724386.toolbarAppMetaDataLastCheckTime", "Sat Dec 08 2012 17:56:07 GMT-0600 (Central S[...] Found : user_pref("CT2724386.toolbarBornServerTime", "8-6-2011"); Found : user_pref("CT2724386.toolbarContextMenuLastCheckTime", "Tue Jun 07 2011 16:12:14 GMT-0500 (Central D[...] Found : user_pref("CT2724386.toolbarCurrentServerTime", "26-12-2012"); Found : user_pref("CT2724386.toolbarDisabled", "true"); Found : user_pref("CT2724386.usagesFlag", 2); Found : user_pref("CT2724386_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...] Found : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2438727"); Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2438727/CT2438727[...] Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2724386/CT2724386[...] Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2438727", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2724386", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...] Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2438727",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2724386",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2438727/CT2438727[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2724386/CT2724386[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/27/243/CT2438727/Images/Blank.png", "\"2[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/7/176/CT1764407/Images/63421989998628125[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/images/skins/zynga/seperator.gif", "\"46[...] Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"b33[...] Found : user_pref("CommunityToolbar.EngineHiddenByUser", false); Found : user_pref("CommunityToolbar.EngineOwner", ""); Found : user_pref("CommunityToolbar.EngineOwnerGuid", "{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"); Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "incredimail_mediabar_2"); Found : user_pref("CommunityToolbar.IsEngineShown", false); Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2724386"); Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"); Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "incredimail_mediabar_2"); Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://mystart.incredimail.com/?loc=ff_a[...] Found : user_pref("CommunityToolbar.ToolbarsList", "CT2438727,CT2724386"); Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2438727,CT2724386"); Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun Jun 12 2011 21:34:46 GMT-05[...] Found : user_pref("CommunityToolbar.alert.alertEnabled", false); Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Found : user_pref("CommunityToolbar.alert.locale", "en"); Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Jul 21 2011 20:47:00 GMT-0500 (Central D[...] Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559"); Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Found : user_pref("CommunityToolbar.alert.showTrayIcon", false); Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Found : user_pref("CommunityToolbar.alert.userId", "bfda7240-6828-4e22-a6ed-beef12f26ed2"); Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Jun 07 2011 16:13:43 GMT-0500 (Cen[...] Found : user_pref("CommunityToolbar.globalUserId", "b62c9f93-27a3-4856-ae53-9f4ba963a881"); Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Found : user_pref("CommunityToolbar.killedEngine", true); Found : user_pref("CommunityToolbar.undefined", ""); Found : user_pref("browser.search.defaultengine", "Ask.com"); Found : user_pref("browser.search.defaultenginename", "MyStart Search"); Found : user_pref("browser.search.order.1", "Ask.com"); Found : user_pref("browser.search.selectedEngine", "MyStart Search"); Found : user_pref("extensions.questbasic.init", true); Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=too[...] Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...] -\\ Google Chrome v23.0.1271.97 File : C:\Users\terri\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [38171 octets] - [02/01/2013 10:54:59] ########## EOF - C:\AdwCleaner[R1].txt - [38232 octets] ##########