Timrl
-
Posts
33 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Timrl
-
-
It didn't complete. It was getting close to completion, had found 7 things, and then all the text highlighted black and it froze. Then it popped up that it had stopped working.
-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 10
Home x64
Ran by User (Administrator) on Sat 06/18/2016 at 14:24:53.34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 5Successfully deleted: C:\Users\User\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\User\AppData Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod (Folder)
Successfully deleted: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bigefpfhnfcobdlfbedofhhaibnlghod_0.localstorage-journal (File)
Successfully deleted: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bigefpfhnfcobdlfbedofhhaibnlghod_0.localstorage (File)
Successfully deleted: C:\WINDOWS\prefetch\HUSTLE CAT FREE DOWNLOAD.EXE-50F79CAC.pf (File)Registry
1
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4A9E3757-8EE9-46AF-B120-2508CF31401E} (Registry Key)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 06/18/2016 at 14:27:24.85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# AdwCleaner v5.200 - Logfile created 18/06/2016 at 14:31:28
# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-17.1 [Server]
# Operating system : Windows 10 Home (X64)
# Username : User - MR-MERPS-ALOT
# Running from : C:\Users\User\Desktop\AdwCleaner.exe
# Option : Clean
# Support : https://toolslib.net/forum***** [ Services ] *****
***** [ Folders ] *****
***** [ Files ] *****[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_foxi69.tlscdn.com_0.localstorage
[-] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_foxi69.tlscdn.com_0.localstorage-journal***** [ DLLs ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****[-] Key Deleted : HKLM\SOFTWARE\SecureWeb
[-] Key Deleted : HKLM\SOFTWARE\SecureWebChannel
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mpc.am
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\search.mpc.am***** [ Web browsers ] *****
*************************:: "Tracing" keys deleted
:: Winsock settings cleared*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [10627 bytes] - [11/06/2016 00:44:21]
C:\AdwCleaner\AdwCleaner[C2].txt - [1604 bytes] - [18/06/2016 14:31:28]
C:\AdwCleaner\AdwCleaner[S1].txt - [10432 bytes] - [11/06/2016 00:39:50]
C:\AdwCleaner\AdwCleaner[S2].txt - [1693 bytes] - [18/06/2016 14:29:24]########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1824 bytes] ##########
If at all possible, it's gotten worse. These are the first two logs, I'm attempting to run the ESET Scan at the moment but it's having issues. And since I went through and deleted everything with MalwareBytes it's begun to hotlink random words on webpages linking to various virus cleaners and such.
-
Malwarebytes Anti-Malware
www.malwarebytes.orgScan Date: 6/16/2016
Scan Time: 12:13 PM
Logfile:
Administrator: YesVersion: 2.2.1.1043
Malware Database: v2016.06.16.03
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: DisabledOS: Windows 10
CPU: x64
File System: NTFS
User: UserScan Type: Threat Scan
Result: Completed
Objects Scanned: 356664
Time Elapsed: 29 min, 58 secMemory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: EnabledProcesses: 1
PUP.Optional.Privoxy, C:\Program Files (x86)\Gamma Task Menager\privoxy.exe, 23232, , [6e35ed10cacf88aef3b32185ab5840c0]Modules: 1
PUP.Optional.Privoxy.PrxySvrRST, C:\Program Files (x86)\Gamma Task Menager\mgwz.dll, , [a4ff02fb8118a78f7fd9acf60002c33d],Registry Keys: 8
PUP.Optional.Privoxy, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{35A48EAE-865D-498D-988A-CF62D66EC38B}, , [ecb7c5389900ed494c5d16dfec173cc4],
PUP.Optional.Privoxy, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{68DE6ED9-20DD-42B1-B4F9-4638BBA5C3E4}, , [8221c03d93060333eebb6c89788b10f0],
PUP.Optional.Privoxy, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A3B4E5F2-609D-418C-8BB5-231A2158E4A3}, , [643f26d7a3f661d5c3f46e5117ebae52],
PUP.Optional.Privoxy, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F7345E0F-0521-4BBF-BC33-7EA3053A043B}, , [346fcc31633615214e6915aaa55dfc04],
PUP.Optional.Privoxy, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Gamma Task Menager Worker, , [bae947b684152d098633c9f6d72b4bb5],
PUP.Optional.Privoxy, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Security Defrag, , [465d609de4b5e1556644fafbc73c3ac6],
PUP.Optional.Privoxy, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Security Defrag Logon, , [b0f32ecfb8e1c274159509ecc34054ac],
PUP.Optional.Privoxy, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PRIVOXYSERVICE, , [6e35ed10cacf88aef3b32185ab5840c0],Registry Values: 6
PUP.Optional.Privoxy, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{35A48EAE-865D-498D-988A-CF62D66EC38B}|Path, \Security Defrag Logon, , [ecb7c5389900ed494c5d16dfec173cc4]
PUP.Optional.Privoxy, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{68DE6ED9-20DD-42B1-B4F9-4638BBA5C3E4}|Path, \Security Defrag, , [8221c03d93060333eebb6c89788b10f0]
PUP.Optional.Privoxy, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A3B4E5F2-609D-418C-8BB5-231A2158E4A3}|Path, \Gamma Task Menager Worker, , [643f26d7a3f661d5c3f46e5117ebae52]
PUP.Optional.Privoxy, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F7345E0F-0521-4BBF-BC33-7EA3053A043B}|Path, \Gamma Task Menager Worker, , [346fcc31633615214e6915aaa55dfc04]
PUP.Optional.Privoxy, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PRIVOXYSERVICE|ImagePath, "C:\Program Files (x86)\Gamma Task Menager\privoxy.exe" --service, , [6e35ed10cacf88aef3b32185ab5840c0]
PUM.Optional.ProxyHijacker, HKU\S-1-5-21-4125750833-1635105260-2843386978-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, 127.0.0.1:8118, , [c2e19f5e9efb4de9c9f26760ec1708f8]Registry Data: 0
(No malicious items detected)Folders: 2
PUP.Optional.Privoxy.PrxySvrRST, C:\Program Files (x86)\Gamma Task Menager, , [a4ff02fb8118a78f7fd9acf60002c33d],
PUP.Optional.Privoxy, C:\Users\User\AppData\Roaming\Security Defrag, , [93104ab37722f046cabbf9c6fe047d83],Files: 15
Backdoor.Agent.WD, C:\Users\User\AppData\Local\Temp\GPUpd575DF9F40.exe, , [277c42bb2970ab8b8698cb4e16ea966a],
Backdoor.Agent.WD, C:\Users\User\AppData\Local\Temp\GPUpd5762CF740.exe, , [198a84794b4ed75f3ee0ef2a38c8a55b],
PUP.Optional.Privoxy, C:\Windows\System32\Tasks\Gamma Task Menager Worker, , [b6ed7c811089f1459d07f5b110f319e7],
PUP.Optional.CrossRider, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage, , [356e15e8049585b1a50eb52a6c975aa6],
PUP.Optional.CrossRider, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal, , [bde6db2231683afcc0f399462cd748b8],
PUP.Optional.Privoxy, C:\Windows\System32\Tasks\Security Defrag, , [a8fbde1f0c8db5818d1810e5ae55a45c],
PUP.Optional.Privoxy, C:\Windows\System32\Tasks\Security Defrag Logon, , [cdd655a8346578be4b5a4aab3fc4847c],
PUP.Optional.Privoxy, C:\Program Files (x86)\Gamma Task Menager\privoxy.exe, , [6e35ed10cacf88aef3b32185ab5840c0],
PUP.Optional.Privoxy.PrxySvrRST, C:\Program Files (x86)\Gamma Task Menager\config.txt, , [a4ff02fb8118a78f7fd9acf60002c33d],
PUP.Optional.Privoxy.PrxySvrRST, C:\Program Files (x86)\Gamma Task Menager\default.action, , [a4ff02fb8118a78f7fd9acf60002c33d],
PUP.Optional.Privoxy.PrxySvrRST, C:\Program Files (x86)\Gamma Task Menager\default.filter, , [a4ff02fb8118a78f7fd9acf60002c33d],
PUP.Optional.Privoxy.PrxySvrRST, C:\Program Files (x86)\Gamma Task Menager\gtrsecure.exe, , [a4ff02fb8118a78f7fd9acf60002c33d],
PUP.Optional.Privoxy.PrxySvrRST, C:\Program Files (x86)\Gamma Task Menager\mgwz.dll, , [a4ff02fb8118a78f7fd9acf60002c33d],
PUP.Optional.Privoxy.PrxySvrRST, C:\Program Files (x86)\Gamma Task Menager\privoxy.log, , [a4ff02fb8118a78f7fd9acf60002c33d],
PUP.Optional.Privoxy, C:\Users\User\AppData\Roaming\Security Defrag\Security Defrag.exe, , [93104ab37722f046cabbf9c6fe047d83],Physical Sectors: 0
(No malicious items detected)
(end)I didn't remove any of them, awaiting directions further.
-
Hello, I've been having some issues. There are numerous viruses that have been infected on my computer that continue to return even after attempting to return them. I'm not really sure how to go about working on it. I'm attaching the logs. Thanks in advance!
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-06-2016 01
Ran by User (administrator) on MR-MERPS-ALOT (13-06-2016 12:29:17)
Running from C:\Users\User\Desktop
Loaded Profiles: User & (Available Profiles: User)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(MSI) C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(The Privoxy team - www.privoxy.org) C:\Program Files (x86)\Gamma Task Menager\privoxy.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(MSI) C:\Program Files (x86)\SCM\Radio Manager.exe
(MSI) C:\Program Files (x86)\SCM\SCM.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(MSI) C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\bcastdvr.exe
(iSkySoft) C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\SysWOW64\GamePanel.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqbam08.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqgpc01.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)
HKLM\...\Run: [Radio Manager] => C:\Program Files (x86)\SCM\Radio Manager.exe [406920 2014-04-28] (MSI)
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [406016 2014-04-28] (MSI)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [402344 2016-01-25] ()
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3929288 2015-07-30] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2013-08-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [SUPER CHARGER] => C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe [1047536 2014-02-21] (MSI)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2080768 2014-09-11] (iSkySoft)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-05-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [814608 2016-05-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Denzi] => C:\Program Files (x86)\Denzi\Launcher.bat --wait
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-4125750833-1635105260-2843386978-1002\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [87040 2014-06-26] (SteelSeries ApS)
HKU\S-1-5-21-4125750833-1635105260-2843386978-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd)
HKU\S-1-5-21-4125750833-1635105260-2843386978-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [87040 2014-06-26] (SteelSeries ApS)
HKU\S-1-5-21-4125750833-1635105260-2843386978-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-06-21]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2014-08-28]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{4692B750-DE88-4DCF-9163-745AF5604B24}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk [2015-11-25]
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\User\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-4125750833-1635105260-2843386978-1002] => Proxy is enabled.
ProxyServer: [S-1-5-21-4125750833-1635105260-2843386978-1002] => 127.0.0.1:8118
ProxyEnable: [S-1-5-21-4125750833-1635105260-2843386978-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => Proxy is enabled.
ProxyServer: [S-1-5-21-4125750833-1635105260-2843386978-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => 127.0.0.1:8118
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{1c19726d-571f-4785-ad48-ec4a18dad0aa}: [DhcpNameServer] 10.0.1.1
ManualProxies:Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-4125750833-1635105260-2843386978-1002 -> DefaultScope {4A9E3757-8EE9-46AF-B120-2508CF31401E} URL =
SearchScopes: HKU\S-1-5-21-4125750833-1635105260-2843386978-1002 -> {4A9E3757-8EE9-46AF-B120-2508CF31401E} URL =
SearchScopes: HKU\S-1-5-21-4125750833-1635105260-2843386978-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {4A9E3757-8EE9-46AF-B120-2508CF31401E} URL =
SearchScopes: HKU\S-1-5-21-4125750833-1635105260-2843386978-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {4A9E3757-8EE9-46AF-B120-2508CF31401E} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-04-12] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-05] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-05] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-05] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-05] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\EasyVoice\data\skype4com.dll No FileFireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\27slqnmy.default
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-05] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll [2015-10-04] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-05] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-02-20] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-01-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-04-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-04-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-4125750833-1635105260-2843386978-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-09-02] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-4125750833-1635105260-2843386978-1002: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-4125750833-1635105260-2843386978-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-09-02] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-4125750833-1635105260-2843386978-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Extension: Avira Browser Safety - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\27slqnmy.default\Extensions\abs@avira.com [2016-06-11]
FF Extension: Firefox Hotfix: Fix the migration to clear passwords on shutdown - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\27slqnmy.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-06-11]
FF HKU\S-1-5-21-4125750833-1635105260-2843386978-1002\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
FF HKU\S-1-5-21-4125750833-1635105260-2843386978-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not foundChrome:
=======
CHR HomePage: Default -> hxxp://g.msn.com/USCON/1
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (MEGA) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2016-05-30]
CHR Extension: (Google Cast) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-03-24]
CHR Extension: (Blue Nebula - Full HD - Axlg) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpbfcgopniakghhkjcnnmpfdemapblij [2016-01-06]
CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-03]
CHR Extension: (Adblock for Youtube™) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2016-03-05]
CHR Extension: (FLV Player) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhogabmliblgpadclikpkjfnnipeebjm [2015-11-18]
CHR Extension: (MLG-ifier) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dneebgdgldanagagmfhnphjelnngdcai [2015-12-15]
CHR Extension: (Ponyhoof) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\efjjgphedlaihnlgaibiaihhmhaejjdd [2016-04-03]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-03]
CHR Extension: (Do It! Shia Labeouf (Super Pack)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\miagjfhahnjmnnmhdgelhmbpjgojfnok [2015-12-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [970656 2016-05-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [467016 2016-05-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [467016 2016-05-14] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1435704 2016-05-14] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [285176 2016-05-19] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1362464 2016-03-22] ()
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3009264 2016-05-17] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-02] (NVIDIA Corporation)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-03-14] (Hi-Rez Studios) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373160 2016-01-25] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-09] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2014-04-28] (Micro-Star International Co., Ltd.) [File not signed]
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe [162800 2014-02-21] (MSI)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PrivoxyService; C:\Program Files (x86)\Gamma Task Menager\privoxy.exe [371200 2016-06-12] (The Privoxy team - www.privoxy.org) [File not signed] <==== ATTENTION
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [344576 2014-04-17] (Qualcomm Atheros) [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-04] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2014-10-03] (CyberLink)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [672024 2015-02-26] (Wacom Technology, Corp.)===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128664 2016-03-08] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [146712 2016-05-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-30] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [78208 2016-05-14] (Avira Operations GmbH & Co. KG)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [82608 2014-04-10] (Qualcomm Atheros, Inc.)
S3 EagleX64; C:\WINDOWS\system32\drivers\EagleX64.sys [174728 2015-09-13] (AhnLab, Inc.)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2016-05-04] (LogMeIn Inc.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [263952 2016-01-25] (Intel Corporation)
S3 Ke2200; C:\Windows\System32\drivers\e22w8x64.sys [130224 2014-03-27] (Qualcomm Atheros, Inc.)
R3 KillerEth; C:\Windows\System32\drivers\e2xw10x64.sys [170128 2016-02-05] (Qualcomm Atheros, Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3485696 2015-10-30] (Intel Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\SUPER CHARGER\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [444632 2014-08-26] (Realsil Semiconductor Corporation)
S3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-12-30] (Razer Inc)
S3 rzmpos; C:\Windows\System32\drivers\rzmpos.sys [35496 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-04] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2015-03-03] (Razer, Inc.)
S3 SAlphamBth; C:\Windows\System32\drivers\SAlphabt64.sys [31232 2014-05-16] (SteelSeries Corporation) [File not signed]
S3 SAlphamHid; C:\Windows\System32\drivers\SAlpham64.sys [39168 2014-05-27] (SteelSeries Corporation)
R3 SAlphaPS2; C:\Windows\System32\drivers\SAlphaPS264.sys [27520 2014-05-16] (SteelSeries Corporation)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29936 2014-08-26] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-30] (Synaptics Incorporated)
R3 VBAudioVACMME; C:\Windows\system32\DRIVERS\vbaudio_cable64_win7.sys [41192 2015-03-16] (Windows (R) Win 7 DDK provider)
R3 vjoy; C:\Windows\System32\drivers\vjoy.sys [56440 2016-02-03] (Shaul Eizikovich)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WINIO; C:\Program Files (x86)\MSI\Dragon Gaming Center\winio64.sys [15160 2010-06-07] ()
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-07-10] (Intel Corporation)
S4 NVHDA; \SystemRoot\system32\drivers\nvhda64v.sys [X]==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)
2016-06-13 12:29 - 2016-06-13 12:30 - 00030785 _____ C:\Users\User\Desktop\FRST.txt
2016-06-13 12:29 - 2016-06-13 12:29 - 00000000 ____D C:\FRST
2016-06-13 12:28 - 2016-06-13 12:29 - 02385408 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2016-06-12 20:10 - 2016-06-12 20:10 - 00000000 ____D C:\Program Files (x86)\Gamma Task Menager
2016-06-11 20:10 - 2016-06-11 20:10 - 00000000 ____D C:\Users\User\AppData\Local\CrashRpt
2016-06-11 12:57 - 2016-06-11 12:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-06-11 12:56 - 2016-06-11 12:57 - 00000000 ____D C:\Program Files\iTunes
2016-06-11 12:56 - 2016-06-11 12:56 - 00000000 ____D C:\Program Files\iPod
2016-06-11 12:56 - 2016-06-11 12:56 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-06-11 01:31 - 2016-06-11 01:31 - 06858912 _____ (ESET spol. s r.o.) C:\Users\User\Downloads\esetonlinescanner_enu (1).exe
2016-06-11 01:28 - 2016-06-11 01:28 - 00000000 ____D C:\Users\User\AppData\Local\ESET
2016-06-11 01:27 - 2016-06-11 01:28 - 06858912 _____ (ESET spol. s r.o.) C:\Users\User\Downloads\esetonlinescanner_enu.exe
2016-06-11 00:39 - 2016-06-11 00:44 - 00000000 ____D C:\AdwCleaner
2016-06-11 00:11 - 2016-06-11 01:08 - 00000000 ____D C:\Program Files\UbutjijokewbenUn
2016-06-11 00:11 - 2016-06-11 01:08 - 00000000 ____D C:\Program Files\Ubutjijokewben
2016-06-11 00:11 - 2016-06-11 00:11 - 00000000 ____D C:\Users\User\AppData\Local\Tempfolder
2016-06-11 00:08 - 2016-06-11 00:08 - 00003750 _____ C:\WINDOWS\System32\Tasks\Security Defrag
2016-06-11 00:08 - 2016-06-11 00:08 - 00003424 _____ C:\WINDOWS\System32\Tasks\Security Defrag Logon
2016-06-11 00:08 - 2016-06-11 00:08 - 00000000 ____D C:\Users\User\AppData\Roaming\Security Defrag
2016-06-09 15:19 - 2016-06-11 00:32 - 00000000 ____D C:\Users\User\AppData\Roaming\discord
2016-06-09 15:19 - 2016-06-09 15:20 - 00000000 ____D C:\Users\User\AppData\Local\SquirrelTemp
2016-06-09 15:19 - 2016-06-09 15:19 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-06-09 15:19 - 2016-06-09 15:19 - 00000000 ____D C:\Users\User\AppData\Local\Discord
2016-06-06 20:40 - 2016-06-07 12:25 - 00000000 ____D C:\Users\User\AppData\Roaming\com.datenighto.game.hustlecat
2016-06-06 20:40 - 2016-06-06 20:40 - 00000000 ____D C:\Users\User\AppData\Local\Hustle Cat
2016-05-30 13:48 - 2016-05-30 13:48 - 00000149 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\New Online Games.url
2016-05-30 13:48 - 2016-05-30 13:48 - 00000133 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games for Free!.url
2016-05-21 19:05 - 2016-05-29 02:13 - 00000518 _____ C:\Users\User\Documents\Animal List.ini
2016-05-17 22:55 - 2016-05-22 03:17 - 00004932 _____ C:\Users\User\Documents\Naivira Vandlind.ini
2016-05-17 19:54 - 2016-05-17 19:54 - 00001063 _____ C:\Users\User\Documents\D&D Template.ini
2016-05-17 19:51 - 2016-05-17 19:55 - 00000000 ____D C:\Users\User\AppData\Roaming\Notepad++
2016-05-17 19:51 - 2016-05-17 19:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2016-05-17 19:51 - 2016-05-17 19:51 - 00000000 ____D C:\Program Files (x86)\Notepad++==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-06-13 12:24 - 2014-12-25 13:46 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps
2016-06-13 12:17 - 2014-12-25 12:10 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-13 12:05 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-13 12:05 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-13 11:43 - 2015-09-02 23:56 - 00004142 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DB5CF239-1837-4BE4-9799-9A3E848B2D99}
2016-06-13 11:40 - 2016-02-25 02:44 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-06-13 11:40 - 2015-07-07 14:19 - 00000000 __SHD C:\Users\User\IntelGraphicsProfiles
2016-06-13 11:40 - 2014-12-25 12:10 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-12 20:59 - 2015-03-08 21:29 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-06-12 20:55 - 2016-05-04 17:53 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-06-12 20:55 - 2015-07-29 17:27 - 00000000 ____D C:\Users\User\AppData\Local\Battle.net
2016-06-12 19:45 - 2015-09-11 20:14 - 00000000 ____D C:\Users\User\AppData\Local\osu!
2016-06-12 13:58 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-06-12 13:58 - 2015-07-30 21:20 - 00881036 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-12 13:35 - 2016-02-10 15:47 - 00000000 ____D C:\Users\User\AppData\Roaming\DS4Windows
2016-06-12 13:34 - 2014-12-26 12:29 - 00000000 ____D C:\PaintToolSAI
2016-06-12 13:32 - 2015-01-14 19:14 - 00000000 ___RD C:\Users\User\Desktop\Gaming
2016-06-11 14:12 - 2015-12-01 21:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-11 13:12 - 2015-01-14 19:14 - 00000000 ___RD C:\Users\User\Desktop\Drawing Tools
2016-06-11 13:12 - 2015-01-14 19:14 - 00000000 ___RD C:\Users\User\Desktop\Desktop Items
2016-06-11 12:56 - 2015-03-28 18:45 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-06-11 01:10 - 2016-02-25 03:05 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-11 01:10 - 2016-02-25 02:42 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-11 01:09 - 2015-10-30 03:24 - 00000000 __RSD C:\WINDOWS\Media
2016-06-11 01:09 - 2015-10-30 02:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-06-11 01:05 - 2014-12-19 18:17 - 00000000 ____D C:\Users\User\AppData\Local\Packages
2016-06-11 00:48 - 2014-08-28 11:07 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-10 16:27 - 2015-09-17 17:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-06-09 18:47 - 2014-12-25 13:50 - 00000000 ____D C:\Program Files (x86)\Steam
2016-06-09 15:19 - 2014-12-25 15:16 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2016-06-08 18:02 - 2016-03-10 20:51 - 00000000 ____D C:\Users\User\AppData\Local\Pokemon Showdown
2016-06-08 17:23 - 2014-12-25 12:10 - 00002282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-07 20:53 - 2016-05-05 15:15 - 00000000 ____D C:\Program Files (x86)\Overwatch
2016-06-04 13:40 - 2015-11-17 22:59 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-05-29 00:33 - 2015-10-30 03:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-29 00:32 - 2015-02-10 22:10 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-05-22 16:08 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-20 17:33 - 2015-09-03 19:18 - 00000000 ____D C:\Users\User\AppData\Local\LogMeIn Hamachi
2016-05-14 16:40 - 2015-09-17 17:42 - 00146712 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2016-05-14 16:40 - 2015-09-17 17:42 - 00078208 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2016-05-14 14:03 - 2015-07-30 21:39 - 00002374 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-05-14 14:03 - 2014-12-25 12:25 - 00000000 ___RD C:\Users\User\OneDrive==================== Files in the root of some directories =======
2015-06-21 11:28 - 2015-06-21 11:28 - 0000033 _____ () C:\Users\User\AppData\Roaming\AdobeWLCMCache.dat
2015-06-21 19:28 - 2015-09-18 18:05 - 0001898 _____ () C:\ProgramData\hpzinstall.logSome files in TEMP:
====================
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\GPUpd575C44160.exe
C:\Users\User\AppData\Local\Temp\GPUpd575CA8740.exe
C:\Users\User\AppData\Local\Temp\GPUpd575DF9F40.exe
C:\Users\User\AppData\Local\Temp\GPUpd575ED46F0.exe
==================== Bamital & volsnap =================(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-06-03 19:25==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:12-06-2016 01
Ran by User (2016-06-13 12:30:34)
Running from C:\Users\User\Desktop
Windows 10 Home Version 1511 (X64) (2016-02-25 07:12:44)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================Administrator (S-1-5-21-4125750833-1635105260-2843386978-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4125750833-1635105260-2843386978-503 - Limited - Disabled)
Guest (S-1-5-21-4125750833-1635105260-2843386978-501 - Limited - Disabled)
User (S-1-5-21-4125750833-1635105260-2843386978-1002 - Administrator - Enabled) => C:\Users\User==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.3.183.90 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.17.273 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{761cd2c4-5249-4346-8318-a499d06d2681}) (Version: 1.1.63.21885 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.63.21885 - Avira Operations GmbH & Co. KG) Hidden
Battery Calibration (HKLM-x32\...\{619FA785-489B-4D22-911F-82D6EDF5BDB0}) (Version: 1.0.1405.0701 - Micro-Star International Co., Ltd.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Boot Configure (HKLM-x32\...\{AB72B3BB-A389-4F62-86EE-C08326B4BE60}) (Version: 20.014.05233 - Micro-Star International Co., Ltd.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
BurnRecovery (HKLM-x32\...\{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}) (Version: 4.0.1402.2601 - )
C7200 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
C7200_Help (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
CyberLink PowerDirector 13 (HKLM-x32\...\{BA385AFC-00B1-417C-8C20-74B996EF3AF0}) (Version: 13.0.2907.0 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5509.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dead Island (HKLM\...\Steam App 91310) (Version: - Techland)
Dead Island Riptide (HKLM\...\Steam App 216250) (Version: - Techland)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Discord (HKU\S-1-5-21-4125750833-1635105260-2843386978-1002\...\Discord) (Version: 0.0.291 - Hammer & Chisel, Inc.)
Discord (HKU\S-1-5-21-4125750833-1635105260-2843386978-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Discord) (Version: 0.0.291 - Hammer & Chisel, Inc.)
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dragon Gaming Center (HKLM-x32\...\InstallShield_{965B16C7-0778-4C45-B7D1-83A59E6FBBCB}) (Version: 1.0.1405.1201 - Micro-Star International Co., Ltd.)
Dragon Gaming Center (x32 Version: 1.0.1405.1201 - Micro-Star International Co., Ltd.) Hidden
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
Fotogalerie (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Galeria de Fotos (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version: - Rockstar North)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart All-In-One Driver Software (HKLM\...\{A96C5DB7-40F9-46DD-B36F-9E657D1D9E04}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4170 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1414.3) (HKLM\...\{302600C1-6BDF-4FD1-1403-148929CC1385}) (Version: 17.0.1403.0442 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{85b9d34f-7397-4e39-8600-07942ef6ca04}) (Version: 17.0.5 - Intel Corporation)
iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
KB9X Radio Switch Driver (HKLM\...\5AADE1068CF70DD983F763B20CF2CAAB72883915) (Version: 1.1.0.0 - ENE TECHNOLOGY INC.)
Killer is Dead (HKLM\...\Steam App 261110) (Version: - KADOKAWA GAMES / GRASSHOPPER MANUFACTURE)
Lernout & Hauspie TruVoice American English TTS Engine (HKLM-x32\...\tv_enua) (Version: - )
MAGIX MX Suite (HKLM-x32\...\MAGIX_{43136332-880B-458A-966C-900C18752B66}) (Version: 1.13.0.121 - MAGIX AG)
MAGIX MX Suite (Version: 1.13.0.121 - MAGIX AG) Hidden
MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4823.1004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{63227E62-F417-497E-9060-22B3A9A52D7A}) (Version: 1.0.1.0 - Mojang)
Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0 - Mozilla)
MSI Remind Manager (HKLM-x32\...\InstallShield_{3E23F267-3E35-40F9-B6BF-BC034D214717}) (Version: 1.0.1404.1101 - Micro-Star International Co., Ltd.)
MSI Remind Manager (x32 Version: 1.0.1404.1101 - Micro-Star International Co., Ltd.) Hidden
MSI Social Media Collection (HKLM-x32\...\{7ADEC426-BE95-48EF-84D4-086BD0F4D331}) (Version: 1.14.2251 - Micro-Star International Co., Ltd.)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version: - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.1 - Notepad++ Team)
NVIDIA 3D Vision Driver 365.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 365.10 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.3.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 365.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 365.10 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
osu! (HKLM-x32\...\{f28371b8-c100-49fa-9c96-0a394eb684dc}) (Version: latest - ppy Pty Ltd)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
PaintTool SAI Ver.1 (HKLM-x32\...\PaintToolSAI) (Version: - )
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
Pokemon Showdown (HKLM-x32\...\Pokemon Showdown) (Version: - "Pokemon Showdown")
Portal (HKLM-x32\...\Steam App 400) (Version: - Valve)
PS_AIO_02_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software_Min (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.1.42.1045 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.1.42.1045 - Qualcomm Atheros) Hidden
Qualcomm Atheros Network Manager (Version: 1.1.42.1045 - Qualcomm Atheros) Hidden
Qualcomm Atheros Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.42.1045 - Qualcomm Atheros)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.21243 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Remember Me (HKLM\...\Steam App 228300) (Version: - DONTNOD Entertainment)
Risen (HKLM\...\Steam App 40300) (Version: - Piranha Bytes)
Risen 2 - Dark Waters (HKLM\...\Steam App 40390) (Version: - Piranha Bytes)
Rocket League (HKLM-x32\...\Steam App 252950) (Version: - Psyonix)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.7.8 - Rockstar Games)
Sacred 3 (HKLM\...\Steam App 247950) (Version: - Keen Games)
Saints Row 2 (HKLM\...\Steam App 9480) (Version: - Volition)
Saints Row: The Third (HKLM\...\Steam App 55230) (Version: - Volition)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
SCM (HKLM\...\{F96B2B83-A1B3-46FB-8322-52BE9F270CBF}) (Version: 13.014.04288 - Application)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.3.5 - NVIDIA Corporation) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
SMITE (HKLM-x32\...\Steam App 386360) (Version: - Hi-Rez Studios)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Sound Blaster Cinema (HKLM-x32\...\{8801CA65-921A-4CCC-9D63-879D1D0BAA97}) (Version: 1.00.05 - Creative Technology Limited)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine (HKLM\...\SteelSeries Engine) (Version: 2.8.450.22786 - SteelSeries)
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.6.1 - Synaptics Incorporated)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer)
Tom Clancy's Rainbow Six Siege (HKLM\...\Steam App 359550) (Version: - Ubisoft Montreal)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Undertale (HKLM-x32\...\Steam App 391540) (Version: - tobyfox)
Unity Web Player (HKU\S-1-5-21-4125750833-1635105260-2843386978-1002\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-4125750833-1635105260-2843386978-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 18.1 - Ubisoft)
VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version: - VB-Audio Software)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{3D355D7F-004B-4D8B-9AAC-E1B4F8F7A6E7}) (Version: 2.15.0508 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{9E835F39-6633-4D1C-92CC-006F4D2F5E08}) (Version: 2.15.1001 - Samsung Electronics Co., Ltd.)
Vindictus (HKLM-x32\...\Steam App 212160) (Version: - Nexon)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vulkan Run Time Libraries 1.0.8.1 (HKLM\...\VulkanRT1.0.8.1) (Version: 1.0.8.1 - LunarG, Inc.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.11-4 - Wacom Technology Corp.)
WebM Project Directshow Filters (HKU\S-1-5-21-4125750833-1635105260-2843386978-1002\...\webmdshow) (Version: - )
WebM Project Directshow Filters (HKU\S-1-5-21-4125750833-1635105260-2843386978-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\webmdshow) (Version: - )
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
フォト ギャラリー (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
معرض الصور (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
사진 갤러리 (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
影像中心 (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
照片库 (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4125750833-1635105260-2843386978-1002_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-A53DA100DCA5}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-4125750833-1635105260-2843386978-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0D3990B1-3ED3-488B-91DB-1A4047AD4B13} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {105E816B-C658-46BF-BCBC-0D32EB2DAD16} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {2AB05C58-06D5-49A7-8B72-D1E12C35A1D3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {2ACEB09F-D926-4C1A-8902-7C7F8C3BCB21} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {3161DD3E-57D6-4BAD-B0D1-10F58D1578C0} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {35A48EAE-865D-498D-988A-CF62D66EC38B} - System32\Tasks\Security Defrag Logon => C:\Users\User\AppData\Roaming\Security Defrag\Security Defrag.exe [2016-06-11] ()
Task: {37F3218C-18F7-4D82-ACC8-9E3E944719C9} - System32\Tasks\{FFCC9D63-EAE0-453E-81A7-5EA51047CC96} => Chrome.exe hxxp://ui.skype.com/ui/0/7.18.0.112/en/abandoninstall?page=tsMain
Task: {37F8F35E-3063-468F-A38A-7760116A5A29} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {448E56E2-66EA-424D-84D9-57609DB7DD19} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4BC453FF-DAB4-43B1-BA33-B6E47D6921E6} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {5F1D8331-000A-4921-AF35-7238F8899193} - System32\Tasks\{B1446394-71F7-4AD0-8879-C090F492125E} => pcalua.exe -a "C:\Program Files (x86)\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe" -c uninstall=all
Task: {68DE6ED9-20DD-42B1-B4F9-4638BBA5C3E4} - System32\Tasks\Security Defrag => C:\Users\User\AppData\Roaming\Security Defrag\Security Defrag.exe [2016-06-11] () <==== ATTENTION
Task: {7164677A-2FCF-4C4A-9A3A-92CB6ACA7705} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation)
Task: {7479A9FA-66D7-4455-94DC-3A94DB7BE2F7} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {7D2CA214-E484-4617-A422-66D9E21E5852} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-04-12] (Microsoft Corporation)
Task: {82CFB18F-C6D7-4933-93C4-4D9021F3159E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {890165D5-EAE0-4AC6-896E-A3BCCE4936D2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {8CC44243-06E1-454E-AC3F-8A4A4CA779BD} - System32\Tasks\MSI_Dragon Gaming Center => C:\Program Files (x86)\MSI\Dragon Gaming Center\mDispatch.exe [2014-01-23] (TODO: <公司名稱>)
Task: {95438A44-06FB-4601-8945-73EB8BD70FFF} - System32\Tasks\MSI_Reminder => C:\Program Files (x86)\MSI\MSI Remind Manager\MSI Reminder.exe [2014-04-09] ()
Task: {9F0BE4B8-3D1C-49E3-A9B8-B13548F328E9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {A3B4E5F2-609D-418C-8BB5-231A2158E4A3} - \Gamma Task Menager Worker -> No File <==== ATTENTION
Task: {A4F64FB7-FAAA-45DA-B8C5-5CF1547915F7} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {A8A3C5EE-837E-4E94-8C85-82670737A8D6} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-07-30] (Synaptics Incorporated)
Task: {B882D647-D46D-4C9D-856C-B858249BAC66} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B981112C-FF7D-4A30-957D-B76C8F2B1679} - \e02c4bd5-54d5-4470-9ea0-a68d88112c00 -> No File <==== ATTENTION
Task: {BAB39135-D58F-487F-BE5A-D540D5889124} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)
Task: {C858C6E0-BD35-4600-BC9D-B888C6205F0F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {CA9DDB6F-69C5-4336-BBF1-28C9A1D65B2A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D69994CD-C16E-4628-A844-ECAB8FA35572} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {DCBD1144-E436-44EA-A494-6FFF5F6B204D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation)
Task: {DEEB369C-5C21-47D6-AF42-5DC2467B1E16} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-10] (Microsoft Corporation)
Task: {E472F541-5C64-466C-8FF4-818DD3D93271} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-xxneontigerxx@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
Task: {EAF5AA72-6202-48C8-89C6-EEAFD41FA044} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\WebReg HP Photosmart C7200 series.job => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwrg.exe==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\FLV Player.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=dhogabmliblgpadclikpkjfnnipeebjm
==================== Loaded Modules (Whitelisted) ==============
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-02-10 22:10 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-02-04 19:24 - 2015-02-04 19:25 - 00187072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-03-23 15:39 - 2016-05-02 01:54 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-02-04 17:16 - 2016-05-02 01:55 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-04-17 01:16 - 2016-05-02 01:54 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-03-23 15:39 - 2016-05-02 01:55 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-04-17 01:16 - 2016-05-02 01:55 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-04-17 01:16 - 2016-05-02 01:55 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-04-17 01:16 - 2016-05-02 01:55 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-02-04 17:16 - 2016-05-02 01:55 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-02-25 02:42 - 2016-04-27 08:18 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-12-26 12:46 - 2015-02-26 18:16 - 01356568 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2016-04-12 21:36 - 2016-03-29 06:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-12 21:36 - 2016-03-29 06:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-14 14:03 - 2016-05-14 14:03 - 00959168 _____ () C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2015-10-27 18:18 - 2015-09-01 12:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-01-25 13:13 - 2016-01-25 13:13 - 00402344 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-02-25 05:32 - 2016-02-25 05:32 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-10 15:41 - 2016-04-23 00:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-10 15:41 - 2016-04-23 00:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-10 15:41 - 2016-04-22 23:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-10 15:42 - 2016-04-22 23:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-10 15:42 - 2016-04-23 00:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-08-28 11:18 - 2012-11-01 14:23 - 00089600 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2014-08-28 11:18 - 2012-11-01 14:21 - 00325120 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2014-06-26 14:39 - 2014-06-26 14:39 - 00504832 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineLib.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 09315328 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineWinGui.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00015872 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\Localization.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00011264 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\ISSPlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00011264 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\Utilities.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00115200 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DriverCommunication.dll
2014-05-16 11:57 - 2014-05-16 11:57 - 00047616 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesDrivers\x2api.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00034304 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DBUtils.dll
2014-05-16 11:57 - 2014-05-16 11:57 - 01102336 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\System.Data.SQLite.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00189440 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\MousePlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\D3MousePlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00031744 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\KKMousePlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SRawPlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00159744 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\MLGSenseiPlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00020992 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoWGoldPlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\GW2MousePlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00029696 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CSGOMousePlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00030208 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DOTA2MousePlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00023040 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoWWirelessPlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CODMousePlugin.dll
2014-06-26 14:39 - 2014-06-26 14:39 - 00030208 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoTMousePlugin.dll
2014-04-17 14:02 - 2014-04-17 14:02 - 00300544 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2016-04-17 01:16 - 2016-05-02 01:54 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-04-17 01:16 - 2016-05-02 01:54 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2014-01-22 13:44 - 2014-01-22 13:44 - 00075912 _____ () C:\Program Files (x86)\MSI\Dragon Gaming Center\WinIo64.dll
2014-08-28 10:55 - 2013-12-09 18:26 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-06-12 20:10 - 2016-06-12 20:10 - 00086528 _____ () C:\Program Files (x86)\Gamma Task Menager\mgwz.dll
2015-03-30 19:45 - 2016-05-02 02:02 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-06-08 17:23 - 2016-06-03 21:56 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\libglesv2.dll
2016-06-08 17:23 - 2016-06-03 21:56 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\libegl.dll
2015-06-14 17:49 - 2014-09-11 18:58 - 01498112 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll
2015-06-14 17:49 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll
2015-10-30 03:18 - 2015-10-30 03:18 - 00025088 _____ () C:\Windows\SYSTEM32\GamePanelExternalHook.dll==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4125750833-1635105260-2843386978-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\raven_bird_flying_smoke_black_white_92907_1920x1080.jpg
HKU\S-1-5-21-4125750833-1635105260-2843386978-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\raven_bird_flying_smoke_black_white_92907_1920x1080.jpg
DNS Servers: 10.0.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKU\S-1-5-21-4125750833-1635105260-2843386978-1002\...\StartupApproved\StartupFolder: => "Verizon Wireless Software Utility Application for Android – Samsung.lnk"
HKU\S-1-5-21-4125750833-1635105260-2843386978-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "Verizon Wireless Software Utility Application for Android – Samsung.lnk"==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{9898737C-1B7E-4142-9C54-3165718BD92B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{2D6DA28A-0295-402A-8EC8-6AB50385A6E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{8927F6D5-1C84-4441-909A-87069D4D2638}] => (Block) C:\users\user\appdata\local\temp\rar$exa0.474\megadownloader_ v1.21 pt-br.exe
FirewallRules: [{0EB85468-698D-4648-AEED-DAB30B7998C6}] => (Block) C:\users\user\appdata\local\temp\rar$exa0.474\megadownloader_ v1.21 pt-br.exe
FirewallRules: [UDP Query User{733161DA-010F-4F79-81B4-0CAA1F58F699}C:\users\user\appdata\local\temp\rar$exa0.474\megadownloader_ v1.21 pt-br.exe] => (Allow) C:\users\user\appdata\local\temp\rar$exa0.474\megadownloader_ v1.21 pt-br.exe
FirewallRules: [TCP Query User{516E9383-6DF4-407A-A7E0-F4477E2251E1}C:\users\user\appdata\local\temp\rar$exa0.474\megadownloader_ v1.21 pt-br.exe] => (Allow) C:\users\user\appdata\local\temp\rar$exa0.474\megadownloader_ v1.21 pt-br.exe
FirewallRules: [{7DD03EE3-DFC6-4CB9-B8C6-B6AFEA864C63}] => (Block) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe
FirewallRules: [{6074F445-8684-4861-B023-831B59470861}] => (Block) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe
FirewallRules: [UDP Query User{7139DC2A-B735-4A96-975A-61E3E45997F0}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe
FirewallRules: [TCP Query User{09501175-141B-405B-9DA2-5B2DC3A795FE}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe
FirewallRules: [{E565A15F-E835-484B-9348-DFAED0508968}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{70289DBB-B746-41CD-B9C0-14CB774A61F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{9132C523-B551-40BD-A200-4EA7BCD0A6A9}] => (Block) C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [{ADF65465-5D3D-4999-93F3-EDEAE1D22AE6}] => (Block) C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [UDP Query User{9AB360FA-E405-4BDA-B98C-94E2CE9847E5}C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [TCP Query User{5D37022E-C53B-4000-AD3F-BBB096CBDECB}C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [{3EA0F1D0-5EE8-41A2-BCE4-9E5AD18E18FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{30107008-182B-4E30-A3B7-5BBBE42A3674}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{3FCD8352-A684-4D64-8334-1867AC84304D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{68560C9F-4D85-4574-90D1-F8E625355BBC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{82328136-F543-4A8E-BA7B-1163433F76A9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{47C254E3-9925-4AE7-A2E4-A1A1D87EB790}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{4DC6E9C9-409A-41F4-B7E2-FDB6A8477B84}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{DBB2DCA5-EFDE-4F98-AE66-D197B6117B21}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{0C6070D6-A7BF-4F33-B7E1-78ECA86E3DBE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{002BD119-BB7E-4CE6-BF8D-B52BB683C621}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{18DF5BF0-60FF-4BA4-878C-9FA5DBB4476D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{6EEAB761-75A3-44F1-9401-91F8C19CD693}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{D8688F7C-712D-443C-B1C4-C8070147489F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{36B6CA12-CA51-46CB-A5EC-D4A4CC504CE6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{74AC81F2-55CA-46C2-80BC-C5F0495C81DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{8D6B2440-4FAA-407E-BA9D-47292E8C75A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{89ADEF39-4431-480B-A472-A04B7AB7F7C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{7B2D6871-D414-4D7B-B813-B4A1AB72197A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{B0372723-5691-4936-879C-5749AAA6B40E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{15F9E468-3F2A-409A-B298-58B4C00229C7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{9DB411A1-5452-40A6-89ED-C1F14F58A815}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{0762E87F-1548-418F-A65B-8362FAC43E0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{1D6C1C6E-A9E5-498C-9518-8A307A212F97}] => (Block) C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [{888EB34F-3824-421A-B9FF-EEE5C97CB329}] => (Block) C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{8BCEE687-B4D7-4D8D-8BBC-5F4D938CC3BF}C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [TCP Query User{020D9272-3826-412C-AAC4-EE1E15F9446A}C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [{F9634785-00D9-41B9-A426-3D411057F114}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [{66B306A3-7C6D-41D6-969E-BB41D62E59A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [{0028750A-1C79-4782-A44C-57FF64589766}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{DFF0AE8F-3276-4727-A0B8-091063879E61}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{D0F43222-0FF3-4638-AD30-3C84651658F7}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{57349266-7595-41CF-88DF-368C3B7A10E5}] => (Allow) LPort=2869
FirewallRules: [{6CE0FF85-5F02-4553-8A14-75A9F366A987}] => (Allow) LPort=1900
FirewallRules: [{9BB3BD88-83F7-4B6E-B014-28803AC754FD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{90434298-4E96-459C-A148-F21B40962CBF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{A5F79E94-BC1F-4E1F-B04C-00DB0BEFD906}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{24C891BF-27AA-4914-8E30-0CB22B01D447}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{6691C060-CDBE-4462-B901-209F9832323B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{61BE2F39-D488-4746-8372-8054AFEB8087}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{2FD542E8-A4CC-43B9-8AB6-1EA006DAAF14}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9F7E9E30-FAF3-4D0F-9F3B-2677AD88886E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7C747DF0-157E-4E5C-8D22-F1E8D834AD96}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{96E0535B-772D-42C5-81FE-FE4B38943008}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4BF4E79F-3ACD-48F8-B199-A007FC6A3E77}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{5C56DA2E-EBCD-4800-B854-9D44CD8BF2A2}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{95BD733B-C443-4F1B-AC93-7DEB2ADD184F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{64CA08BE-0173-4DCB-9BF1-502E0251B90F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{B124AC38-9F9B-4D6F-AE2D-BACDC9ACB9E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{AE4E2CF5-99C6-454D-98F6-F9D2E9878512}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{AD3700E3-B2BD-41F8-9EE0-8C3AD60317FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [TCP Query User{ED3E1FCB-93C5-411C-AFA4-76199949AEFF}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{DE2B4B9A-82AF-41F5-AE75-7D349BA5B4A3}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [TCP Query User{93743F97-2EB4-45D5-A3FA-A2F79D681FCA}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{A9D9D300-1D6D-4507-9F79-9C2CCE5D72BD}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{8233ADDF-A57D-4E73-A517-953212F19E68}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{D9B843F1-B126-446B-A331-BBD506538923}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{840637CC-ABF6-4E46-A8FD-F20150500B51}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{382CC6FA-32C8-42D3-A2A6-6EF9930A3C40}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{7B3209D4-E5CA-45F1-B7AB-12212A49C4CE}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{B3F3948D-8858-4EB2-A865-B48B92C06189}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{369EFCB3-338F-4B4D-ABE6-6FA0BD76B334}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{AA814CD9-6088-4E00-81A5-9D4EC0A3874C}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [TCP Query User{BC44AEAB-313E-4BA8-B8AD-AC1E349B11C6}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Block) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{F1C5484B-D2B2-4ECA-95E9-7DE74C25BDBA}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Block) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [{80B33AD8-B0E2-472F-97DF-AFA0E91820C4}] => (Allow) C:\Nexon\Library\vindictus\appdata\en-US\NMService.exe
FirewallRules: [{61380DC2-D066-4053-BFA5-EAB29F6C6237}] => (Allow) C:\Nexon\Library\vindictus\appdata\en-US\NMService.exe
FirewallRules: [TCP Query User{F84A5EC7-D7E6-4566-9D7D-5767A7EA9766}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{ADE49297-7A3F-4E01-904C-D4EE2E241478}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{D39082BD-B61C-4978-BDC4-43FEC96D2725}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{BC1B5D2A-9704-46B0-A6A5-B7971065129C}] => (Allow) C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{95C9C5A1-B46A-4C8A-A4A1-463144FCF3C3}] => (Allow) C:\Users\User\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{E145427E-E68C-46D4-B838-51CEF24F1196}] => (Allow) C:\Users\User\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{B6950167-FBC2-4D2D-BD09-F56FE7B94BED}] => (Allow) C:\Users\User\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{8EFA84E3-5B83-4C19-9D29-087A996BE6AC}] => (Allow) C:\Users\User\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{77F7BCEF-5B87-4E0E-93DF-EE5E6F8CED15}] => (Allow) C:\Users\User\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
FirewallRules: [{CD64F37C-4A17-44E3-97A0-2DF2B8933453}] => (Allow) C:\Users\User\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe
FirewallRules: [{01A4269C-BBF8-49BA-8B0A-708276886743}] => (Allow) C:\Users\User\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{EF1FD9DB-759D-4102-8F98-22322128A352}] => (Allow) C:\Users\User\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{A284D791-CDA1-4874-AA52-A40819278371}] => (Allow) C:\Users\User\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{94510B89-2D8D-4F79-AC98-6D4FAF7C2F65}] => (Allow) C:\Users\User\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{DC02FA33-721E-4080-BBA5-B1624598D74E}] => (Allow) C:\Users\User\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
FirewallRules: [{181A6505-E028-48C4-BD69-92C52D02CBFB}] => (Allow) C:\Users\User\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe
FirewallRules: [TCP Query User{8EE275CF-D3C1-4ECA-9049-887717ADAD8C}C:\program files\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{D234B0E4-BF5C-420B-8E88-1BCAA971719C}C:\program files\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [{1C2CD8CE-F574-441C-9E97-A22B206A05C9}] => (Block) C:\program files\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [{46C41ECD-CA6A-4A0A-BBFB-4A0D9F2A1062}] => (Block) C:\program files\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [{AC847531-642F-4E9B-840A-68D2FB7E103E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{D48C39DA-3883-4D9E-A41A-6A8B7D98497C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{52EB319A-C898-4E5A-9865-1BACA2295F97}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{538AE0AA-E6E8-4E8B-B8C3-FFBEEEEDB24F}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{DC61D160-D861-47AF-A5F4-9C9DBE06ACC2}] => (Block) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{9D39BD96-320D-4038-BA3F-9A59A47BD57B}] => (Block) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{1770876B-9A1A-4CEE-B2BB-EBFE6EFD11E8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F444EC8F-D811-4181-8910-1394B8721EA0}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [UDP Query User{72156473-21FA-4611-9AA0-5A29877E02E2}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [{6471AA76-DC1F-42CE-ADAD-605595CB0CDC}] => (Block) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [{D9701DE2-7A5A-432D-90DF-BB5B84A323C4}] => (Block) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [{AC4B729C-64C9-4EA4-B20F-D53954DF055C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{9BE72BF0-9051-4821-A603-5654D358AE35}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{BEF87F47-75A3-4A7E-A516-7E8E970C47A0}] => (Allow) C:\Program Files\CyberLink\PowerDirector13\PDR10.EXE
FirewallRules: [{BB85479F-AC3D-491D-B9D3-45BB6A1C8325}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS47B2\setup\hpznui40.exe
FirewallRules: [{11D5A2C7-9967-403F-BAD2-13F3BC0DC965}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{BD30ED9A-32BB-4926-809E-B048AC578607}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{E809FC5E-5B1B-469A-9BCB-A2D3CBFB66A9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{D5220BC0-B307-45C4-BEE9-F5258BA08BDC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{89CC04E6-E10D-47C0-BE2B-884B0BD038C3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{AB7C84C6-16C3-49F1-98E3-A434F188C342}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{8BBBC86E-3BB1-4623-9574-7A8DB14C0253}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{22B26313-BC23-489B-99EB-37BC14058244}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{67CD5031-6A30-4967-AD76-6322B0E6B132}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{7C1A7D9C-442D-4981-B8D9-DB9754CB6EAF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{8D478110-4B67-40BA-B1BD-4AA73C9B40A7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{90B14478-D77B-4D81-85E9-54FE41199DA2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{C3B9E12B-3C72-4E10-BA14-484973CCB2AC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{95643E25-716B-4DDF-BA3A-B2844CFD6D16}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{7A366A02-7C88-4BC1-AAD1-0621A1176B6E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{007B1664-6D27-4AC6-9E82-12C604F5DF5C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{32244484-0385-48BA-B01F-BFE58B90F865}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{C3EB3653-5B2E-4C39-B987-FA0CD615A954}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{FFA2C3D3-56E5-410F-A2E4-28B3F5E51341}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [TCP Query User{75FC727A-5985-4F91-AB22-5F92B45E78F6}C:\program files (x86)\toon boom animation\toon boom harmony 12 essentials\win64\bin\stageessentials.exe] => (Allow) C:\program files (x86)\toon boom animation\toon boom harmony 12 essentials\win64\bin\stageessentials.exe
FirewallRules: [UDP Query User{87E131C6-05B5-4C9B-83B0-801C01A1A086}C:\program files (x86)\toon boom animation\toon boom harmony 12 essentials\win64\bin\stageessentials.exe] => (Allow) C:\program files (x86)\toon boom animation\toon boom harmony 12 essentials\win64\bin\stageessentials.exe
FirewallRules: [{D9C87A17-9B46-45D5-BEC6-A2F501FB1EA0}] => (Block) C:\program files (x86)\toon boom animation\toon boom harmony 12 essentials\win64\bin\stageessentials.exe
FirewallRules: [{202C6D85-66D7-4D5A-A875-823C938F02E1}] => (Block) C:\program files (x86)\toon boom animation\toon boom harmony 12 essentials\win64\bin\stageessentials.exe
FirewallRules: [TCP Query User{2AFA2180-3828-437B-B0B1-A37FC0121D11}C:\program files (x86)\toon boom animation\toon boom harmony 12 premium\win64\bin\stage.exe] => (Allow) C:\program files (x86)\toon boom animation\toon boom harmony 12 premium\win64\bin\stage.exe
FirewallRules: [UDP Query User{2D788FC6-73AE-482F-944D-F40FE933E60A}C:\program files (x86)\toon boom animation\toon boom harmony 12 premium\win64\bin\stage.exe] => (Allow) C:\program files (x86)\toon boom animation\toon boom harmony 12 premium\win64\bin\stage.exe
FirewallRules: [{6F02A70B-B74A-4BB0-BF87-041671EC560A}] => (Block) C:\program files (x86)\toon boom animation\toon boom harmony 12 premium\win64\bin\stage.exe
FirewallRules: [{8901314A-5BA9-4B76-B350-085AEDD8E781}] => (Block) C:\program files (x86)\toon boom animation\toon boom harmony 12 premium\win64\bin\stage.exe
FirewallRules: [{A1DC3017-C97E-460F-9BC8-6CAC50A4D3AA}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{1F7F0187-C313-469A-845B-EED395308C1B}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{CE8DC230-F120-4F94-91F8-432A187FC9B7}C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{CA79D1D2-9651-4946-97CF-EB7A02EEF10B}C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
FirewallRules: [{7A50AE89-B1D3-47CC-9826-AF39ED7F97C4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{48714ED8-974A-4B7D-8FFE-C8177572CBB5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{BA48C6B8-5B87-412B-A585-708B23160C77}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{B08DF1EA-E6A8-4843-9ECB-6628A350D324}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CC6E50F4-39D7-47DA-A82E-54DA096C0C5A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2858AE2D-4C60-4225-9E69-45FFE9C7802A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{4AC3DC34-FBA0-4D12-9AD9-84A9C8BD62BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{0F51613E-30BD-41C9-A535-D8DCA66B57FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\NMService.exe
FirewallRules: [{D6EF3642-5CE8-4B3D-A76D-D8E57489357C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\NMService.exe
FirewallRules: [{54BD3966-FFE1-4611-B2E6-F7678F4A63AD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{604DCB2C-8360-43FB-A1FE-BCEB5B2FCB67}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{841690CA-BCCE-4886-AC7D-842A69A51CA3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7792CF6C-A313-434C-A2EE-9F58365BC6C0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{45D16418-6D86-4AAC-8C7C-F1D15BB1C104}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\nxsteam.exe
FirewallRules: [{34F1F7DB-01F8-46B7-B12A-B2DE2EE12E84}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\nxsteam.exe
FirewallRules: [TCP Query User{8C68D6E1-D31D-4DAF-BCA8-7A52BD88732A}C:\program files (x86)\steam\steamapps\common\vindictus\en-us\vindictus.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\vindictus\en-us\vindictus.exe
FirewallRules: [UDP Query User{8275D775-61BE-4CC0-A397-BFCB93137A4B}C:\program files (x86)\steam\steamapps\common\vindictus\en-us\vindictus.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\vindictus\en-us\vindictus.exe
FirewallRules: [{F42BFC55-2BF9-4EA8-85D5-B85C914DB9E7}] => (Block) C:\program files (x86)\steam\steamapps\common\vindictus\en-us\vindictus.exe
FirewallRules: [{378E4A45-2FCC-4264-B6F2-B1CB8F2BFAC1}] => (Block) C:\program files (x86)\steam\steamapps\common\vindictus\en-us\vindictus.exe
FirewallRules: [{3488B103-02B4-4D68-8212-2605EF911730}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [{D767C958-84D1-4CD3-A119-236CFA407EDE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [TCP Query User{4ED75432-A83D-4302-8D85-C61D6B2F5480}C:\program files (x86)\steam\steamapps\common\orcsmustdieunchained\binaries\win64\spitfiregame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\orcsmustdieunchained\binaries\win64\spitfiregame.exe
FirewallRules: [UDP Query User{97E8A746-C247-4E89-AAE2-A444041A6C02}C:\program files (x86)\steam\steamapps\common\orcsmustdieunchained\binaries\win64\spitfiregame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\orcsmustdieunchained\binaries\win64\spitfiregame.exe
FirewallRules: [{849F57D9-8AF2-406C-9FAA-0DFDE0B2FCD4}] => (Block) C:\program files (x86)\steam\steamapps\common\orcsmustdieunchained\binaries\win64\spitfiregame.exe
FirewallRules: [{77AD0172-CCBA-45D2-86D6-EE197759AD46}] => (Block) C:\program files (x86)\steam\steamapps\common\orcsmustdieunchained\binaries\win64\spitfiregame.exe
FirewallRules: [{9297A26B-A5FC-47DA-B340-47939C391997}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{E8F4FE83-F3E4-4271-9840-8ADAEB522AB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{A9D651E1-9040-4ECE-9009-0891B47B2386}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [{6890FB2F-BEC6-488C-A0AC-2F7B2D565735}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [TCP Query User{21EB2DD3-ED55-4F90-B309-354B5F44D3A2}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{0CB81D54-3140-483B-A284-D558F2D4423A}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{67F102D6-1176-4D6D-9965-2E662AD3B6FB}C:\program files\opentoonz 1.0\opentoonz_1.0.exe] => (Allow) C:\program files\opentoonz 1.0\opentoonz_1.0.exe
FirewallRules: [UDP Query User{E0F3158A-A7AD-47E7-8234-4D97B5E6E44C}C:\program files\opentoonz 1.0\opentoonz_1.0.exe] => (Allow) C:\program files\opentoonz 1.0\opentoonz_1.0.exe
FirewallRules: [{8B9C2D6D-23E5-4DE7-81D3-7F3827FF4093}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Remember Me\Binaries\Win32\RememberMe.exe
FirewallRules: [{08B42972-0D00-4727-B454-ED0815F715AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Remember Me\Binaries\Win32\RememberMe.exe
FirewallRules: [{2D283F9D-3C86-4310-9792-DF7C8B348E85}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{24C1B4D0-28F6-4247-81A1-A1E1E05543C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{2CEEA3CF-83FE-4AC5-9321-20DD27E53371}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Island\DeadIslandGame.exe
FirewallRules: [{F14139E2-C83B-4C8A-9132-BD6D63D99E33}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Island\DeadIslandGame.exe
FirewallRules: [{CD95AB8C-5F59-4CED-8159-F67FC1B6940D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\diriptide\DeadIslandGame_x86_rwdi.exe
FirewallRules: [{BEE4A31A-EC83-4D62-9A08-C89FE8EC456F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\diriptide\DeadIslandGame_x86_rwdi.exe
FirewallRules: [{3B95845F-546C-49A3-8F84-40BF680F2AAC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risen 2\system\Risen2.exe
FirewallRules: [{C864CEF1-5219-48D9-A117-64590A5F8194}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risen 2\system\Risen2.exe
FirewallRules: [{FCC6DDA4-ED17-4B56-B64E-65AA756FE5EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\nxsteam.exe
FirewallRules: [{83C5AF6B-DED9-41C0-B62F-2CE95D69738C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vindictus\en-US\nxsteam.exe
FirewallRules: [{7910DDA8-652D-4867-8120-6432BCFF221E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risen\bin\Risen.exe
FirewallRules: [{CAAD9D14-5B04-4F27-A058-D5460E743E43}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risen\bin\Risen.exe
FirewallRules: [{E5E293EF-9F3E-407D-A2AD-38B2A14B8175}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row 2\SR2_pc.exe
FirewallRules: [{D192DE8B-CD05-47EF-901E-7890157FF184}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row 2\SR2_pc.exe
FirewallRules: [{8E7CD2C5-3BB2-408E-A240-F73FB2C0536A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{237C298E-8E63-41F0-A838-F3E0C1D0F269}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{0418807E-89DF-461F-B98C-0C0ADDD66106}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sacred 3\sacred3.exe
FirewallRules: [{D0684BF7-91BB-4776-81D9-521DBC07D775}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sacred 3\sacred3.exe
FirewallRules: [{A7DD7AB2-90D7-47C0-A667-C78479B93702}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{110B74D3-3F45-4D68-A16A-FCEFCCAD1161}] => (Allow) C:\Program Files\iTunes\iTunes.exe==================== Restore Points =========================
06-06-2016 11:58:24 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
Name: Photosmart C7200 series
Description: Photosmart C7200 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================Application errors:
==================
Error: (06/13/2016 12:24:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esetonlinescanner_enu (1).exe, version: 2.0.8.0, time stamp: 0x573dab40
Faulting module name: esetonlinescanner_enu (1).exe, version: 2.0.8.0, time stamp: 0x573dab40
Exception code: 0xc000041d
Fault offset: 0x001a4894
Faulting process id: 0x17d0
Faulting application start time: 0xesetonlinescanner_enu (1).exe0
Faulting application path: esetonlinescanner_enu (1).exe1
Faulting module path: esetonlinescanner_enu (1).exe2
Report Id: esetonlinescanner_enu (1).exe3
Faulting package full name: esetonlinescanner_enu (1).exe4
Faulting package-relative application ID: esetonlinescanner_enu (1).exe5Error: (06/13/2016 12:24:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esetonlinescanner_enu (1).exe, version: 2.0.8.0, time stamp: 0x573dab40
Faulting module name: esetonlinescanner_enu (1).exe, version: 2.0.8.0, time stamp: 0x573dab40
Exception code: 0xc0000005
Fault offset: 0x001a4894
Faulting process id: 0x17d0
Faulting application start time: 0xesetonlinescanner_enu (1).exe0
Faulting application path: esetonlinescanner_enu (1).exe1
Faulting module path: esetonlinescanner_enu (1).exe2
Report Id: esetonlinescanner_enu (1).exe3
Faulting package full name: esetonlinescanner_enu (1).exe4
Faulting package-relative application ID: esetonlinescanner_enu (1).exe5Error: (06/12/2016 10:04:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6422Error: (06/12/2016 10:04:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6422Error: (06/12/2016 10:04:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a secondError: (06/12/2016 10:04:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5172Error: (06/12/2016 10:04:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5172Error: (06/12/2016 10:04:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a secondError: (06/12/2016 10:04:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3875Error: (06/12/2016 10:04:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3875
System errors:
=============
Error: (06/13/2016 12:29:09 PM) (Source: DCOM) (EventID: 10010) (User: MR-MERPS-ALOT)
Description: {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}Error: (06/13/2016 11:43:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275Error: (06/13/2016 11:43:14 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\User\AppData\Local\Temp\ehdrv.sysError: (06/13/2016 11:43:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275Error: (06/13/2016 11:43:14 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\User\AppData\Local\Temp\ehdrv.sysError: (06/13/2016 11:43:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275Error: (06/13/2016 11:43:14 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\User\AppData\Local\Temp\ehdrv.sysError: (06/13/2016 11:43:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275Error: (06/13/2016 11:43:13 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\User\AppData\Local\Temp\ehdrv.sysError: (06/13/2016 11:43:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275
CodeIntegrity:
===================================
Date: 2016-05-15 21:21:36.170
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.Date: 2016-05-14 15:33:43.924
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.Date: 2016-05-13 13:59:53.381
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.Date: 2016-05-10 21:21:52.858
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.Date: 2016-05-10 16:07:03.191
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.Date: 2016-04-18 21:21:34.219
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.Date: 2016-04-16 22:18:04.007
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.Date: 2016-04-13 20:52:30.708
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.Date: 2016-03-22 21:21:41.040
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.Date: 2016-03-11 21:21:39.594
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================Processor: Intel(R) Core(TM) i7-4810MQ CPU @ 2.80GHz
Percentage of memory in use: 48%
Total physical RAM: 8110.69 MB
Available physical RAM: 4152.57 MB
Total Virtual: 16814.69 MB
Available Virtual: 11831.6 MB==================== Drives ================================
Drive c: (OS_Install) (Fixed) (Total:568.43 GB) (Free:130.59 GB) NTFS
Drive d: (Data) (Fixed) (Total:345.64 GB) (Free:345.5 GB) NTFS==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 8BC3265B)Partition: GPT.
==================== End of Addition.txt ============================
-
I've been running it the past couple hours with no cpu spikes and svchost seems to be behaving. Thanks for the help!
-
-
Yes, a few minutes after posting the reply with just chrome open the computer was sitting at 100% cpu.
-
-
Hello, for awhile the computer has been having minor issues, mainly what I thought to be just hardware issues. Though due to recent escalation of issues(close to 100% cpu constantly, general lagginess, and overall lowering of quality), I felt that there has to be something more. Here are the copies of the things you asked for.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2014Ran by Timothy_Leis (administrator) on TIMOTHY_LEIS-PC on 07-08-2014 05:58:51Running from C:\Users\Timothy_Leis\DownloadsPlatform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: NormalThe only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe() C:\Program Files (x86)\ReducetheLag\reducethelag_v3_service.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Google Inc.) C:\Users\Timothy_Leis\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Timothy_Leis\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Timothy_Leis\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Timothy_Leis\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Timothy_Leis\AppData\Local\Google\Chrome\Application\chrome.exe(SQUARE ENIX CO., LTD.) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\game\ffxiv.exe(Google Inc.) C:\Users\Timothy_Leis\AppData\Local\Google\Chrome\Application\chrome.exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6611048 2011-02-18] (Realtek Semiconductor)HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayAppHKLM\...\Run: [intelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055816 2011-05-30] ()HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStartHKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-3710671165-609888541-3485745390-1001\...\Run: [Google Update] => C:\Users\Timothy_Leis\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-11-02] (Google Inc.)HKU\S-1-5-21-3710671165-609888541-3485745390-1001\...\Run: [DellSystemDetect] => C:\Users\Timothy_Leis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-msHKU\S-1-5-21-3710671165-609888541-3485745390-1001\...\Run: [Guildwork] => C:\Users\Timothy_Leis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Guildwork\Guildwork.appref-msAppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [174296 2014-03-04] (NVIDIA Corporation)AppInit_DLLs: , C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174296 2014-03-04] (NVIDIA Corporation)AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [148016 2014-03-04] (NVIDIA Corporation)AppInit_DLLs-x32: , C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [148016 2014-03-04] (NVIDIA Corporation)==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchURLSearchHook: HKCU - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}SearchScopes: HKLM - DefaultScope {49E9A046-44D9-89C5-F8F6-7DCF29A47759} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnld2msd&cd=2XzuyEtN2Y1L1Qzu0A0CyBtBzzzyyBtC0F0BzyyCyBtCyCzztN0D0Tzu0CyCtCzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=2094408640&ir=SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKLM - {49E9A046-44D9-89C5-F8F6-7DCF29A47759} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnld2msd&cd=2XzuyEtN2Y1L1Qzu0A0CyBtBzzzyyBtC0F0BzyyCyBtCyCzztN0D0Tzu0CyCtCzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=2094408640&ir=SearchScopes: HKLM-x32 - DefaultScope {3DDA1B1F-087E-AC5B-675E-2C94656DFD44} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnld2msd&cd=2XzuyEtN2Y1L1Qzu0A0CyBtBzzzyyBtC0F0BzyyCyBtCyCzztN0D0Tzu0CyCtCzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=2094408640&ir=SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKLM-x32 - {3DDA1B1F-087E-AC5B-675E-2C94656DFD44} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnld2msd&cd=2XzuyEtN2Y1L1Qzu0A0CyBtBzzzyyBtC0F0BzyyCyBtCyCzztN0D0Tzu0CyCtCzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=2094408640&ir=SearchScopes: HKCU - DefaultScope {077322EF-B0FA-4DD6-93B7-ECF90817B7AF} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnld2msd&cd=2XzuyEtN2Y1L1Qzu0A0CyBtBzzzyyBtC0F0BzyyCyBtCyCzztN0D0Tzu0CyCtCzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=2094408640&ir=SearchScopes: HKCU - {077322EF-B0FA-4DD6-93B7-ECF90817B7AF} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnld2msd&cd=2XzuyEtN2Y1L1Qzu0A0CyBtBzzzyyBtC0F0BzyyCyBtCyCzztN0D0Tzu0CyCtCzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=2094408640&ir=SearchScopes: HKCU - {49E9A046-44D9-89C5-F8F6-7DCF29A47759} URL = http://search.freecause.com/search?ourmark=4&fr=freecause&ei=utf-8&type=62133&p={searchTerms}BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Winsock: Catalog9 01 C:\Windows\SysWOW64\WTFastDrv.dll [72296] (Initex)Winsock: Catalog9 02 C:\Windows\SysWOW64\WTFastDrv.dll [72296] (Initex)Winsock: Catalog9 03 C:\Windows\SysWOW64\WTFastDrv.dll [72296] (Initex)Winsock: Catalog9 04 C:\Windows\SysWOW64\WTFastDrv.dll [72296] (Initex)Winsock: Catalog9 16 C:\Windows\SysWOW64\WTFastDrv.dll [72296] (Initex)Winsock: Catalog9-x64 01 %SystemRoot%\system32\WTFastDrv.dll [79464] (Initex)Winsock: Catalog9-x64 02 %SystemRoot%\system32\WTFastDrv.dll [79464] (Initex)Winsock: Catalog9-x64 03 %SystemRoot%\system32\WTFastDrv.dll [79464] (Initex)Winsock: Catalog9-x64 04 %SystemRoot%\system32\WTFastDrv.dll [79464] (Initex)Winsock: Catalog9-x64 16 %SystemRoot%\system32\WTFastDrv.dll [79464] (Initex)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1FireFox:========FF ProfilePath: C:\Users\Timothy_Leis\AppData\Roaming\Mozilla\Firefox\Profiles\2sb235vi.defaultFF SelectedSearchEngine: MysearchdialFF DefaultSearchEngine: MysearchdialFF Keyword.URL: user_pref("keyword.URL", "");FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No FileFF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No FileFF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Timothy_Leis\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Timothy_Leis\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Extension: No Name - C:\Users\Timothy_Leis\AppData\Roaming\Mozilla\Firefox\Profiles\2sb235vi.default\Extensions\staged [2013-09-11]Chrome:=======CHR HomePage:CHR StartupUrls: ""CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Timothy_Leis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]CHR Extension: (AdBlock) - C:\Users\Timothy_Leis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-12]CHR Extension: (Download Master) - C:\Users\Timothy_Leis\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcceagdollnkjlogmdckgjakjapmkdjf [2014-05-12]CHR Extension: (Google Wallet) - C:\Users\Timothy_Leis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]CHR StartMenuInternet: Google Chrome - C:\Users\Timothy_Leis\AppData\Local\Google\Chrome\Application\chrome.exe==================== Services (Whitelisted) =================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [901184 2010-12-14] (Intel Corporation) [File not signed]R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1298496 2010-12-14] (Intel Corporation) [File not signed]R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [974912 2010-12-14] (Intel Corporation) [File not signed]S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-05-01] (BlueStack Systems, Inc.)R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-01] (BlueStack Systems, Inc.)R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [774928 2014-05-01] (BlueStack Systems, Inc.)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-06-25] ()R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)R2 ReduceTheLag-v3; C:\Program Files (x86)\ReducetheLag\reducethelag_v3_service.exe [221696 2014-03-18] () [File not signed]R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation)S2 PowerMon; cmd /c start cmd /c "ping -n 300 127.0.0.1 & C:\Windows\Temp\PowerMon\PowerMon.exe -o http://mining.eligius.st:9337 -O 12jgfM7qaFhKBYEz7KRjqdjBcz22d48bNh" [X]==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [123152 2014-05-01] (BlueStack Systems)R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-12-21] (DT Soft Ltd)S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated) [File not signed]R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-07] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2014-03-04] (NVIDIA Corporation)R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)S3 catchme; \??\C:\ComboFix\catchme.sys [X]==================== NetSvcs (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)==================== One Month Created Files and Folders ========(If an entry is included in the fixlist, the file\folder will be moved.)2015-06-29 17:38 - 2015-06-29 17:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-06-29 17:38 - 2015-06-29 17:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2015-06-29 17:38 - 2014-08-07 04:13 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-06-29 17:38 - 2014-05-12 08:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2015-06-29 17:38 - 2014-05-12 08:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-08-07 05:58 - 2014-08-07 05:59 - 00021192 _____ () C:\Users\Timothy_Leis\Downloads\FRST.txt2014-08-07 05:58 - 2014-08-07 05:58 - 02094080 _____ (Farbar) C:\Users\Timothy_Leis\Downloads\FRST64.exe2014-08-07 05:58 - 2014-08-07 05:58 - 00000000 ____D () C:\FRST2014-08-07 02:18 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-08-07 02:18 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-08-07 02:18 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-08-07 02:18 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-08-07 02:18 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-08-07 02:18 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-08-07 02:18 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-08-07 02:18 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-08-07 02:18 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2014-08-07 02:18 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-08-07 02:18 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-08-07 02:18 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-08-07 02:18 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-08-07 02:18 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-08-07 02:18 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-08-07 02:18 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-08-07 02:18 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-08-07 02:18 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-08-07 02:18 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-08-07 02:18 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-08-07 02:18 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-08-07 02:18 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-08-07 02:18 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-08-07 02:18 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-08-07 02:18 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-08-07 02:18 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-08-07 02:18 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-08-07 02:18 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-08-07 02:18 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-08-07 02:18 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2014-08-07 02:18 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-08-07 02:18 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-08-07 02:18 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-08-07 02:18 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-08-07 02:18 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-08-07 02:18 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-08-07 02:18 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-08-07 02:18 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-08-07 02:18 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-08-07 02:18 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-08-07 02:18 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-08-07 02:18 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-08-07 02:18 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-08-07 02:18 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-08-07 02:18 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-08-07 02:18 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-08-07 02:18 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-08-07 02:18 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-08-07 02:18 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-08-07 02:18 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-08-07 02:18 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-08-07 02:18 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-08-07 02:18 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-08-07 02:18 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-08-07 02:18 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-08-07 02:18 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-08-07 02:18 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe2014-08-07 02:18 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe2014-08-07 02:18 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-08-07 02:18 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll2014-08-07 02:18 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll2014-08-07 02:18 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys2014-08-07 02:17 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2014-08-07 02:17 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2014-08-07 02:17 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2014-08-07 02:17 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2014-08-07 02:17 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2014-08-07 02:17 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2014-08-07 02:17 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll2014-08-07 02:17 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll2014-08-07 02:17 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2014-08-07 02:17 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2014-08-07 02:17 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2014-08-07 02:17 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll2014-08-07 02:17 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2014-08-07 02:17 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll2014-08-07 02:17 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll2014-08-07 02:17 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2014-08-07 02:17 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2014-08-05 05:21 - 2014-08-05 05:21 - 00074055 _____ () C:\Users\Timothy_Leis\Downloads\Pyskador_1_2_4.rar2014-08-05 05:21 - 2014-04-09 04:22 - 00174592 _____ (Cyber Research Systems) C:\Users\Timothy_Leis\Desktop\Pyskador.exe2014-08-05 04:22 - 2014-08-05 04:22 - 00000000 ____D () C:\ProgramData\Package Cache2014-08-05 04:19 - 2014-08-05 04:19 - 00387038 _____ () C:\Users\Timothy_Leis\Downloads\BolterV2_v1.2.9b.zip2014-08-01 00:50 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll2014-08-01 00:50 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll2014-08-01 00:50 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll2014-08-01 00:50 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe2014-08-01 00:50 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll2014-08-01 00:50 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll2014-08-01 00:50 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll2014-08-01 00:50 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll2014-08-01 00:50 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll2014-08-01 00:50 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll2014-08-01 00:49 - 2014-05-14 10:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll2014-08-01 00:49 - 2014-05-14 10:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll2014-08-01 00:49 - 2014-05-14 10:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe2014-08-01 00:49 - 2014-05-14 10:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe2014-07-25 22:51 - 2014-07-25 22:51 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log2014-07-25 22:51 - 2014-07-25 22:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2014-07-25 22:51 - 2014-07-11 04:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2014-07-25 22:51 - 2014-07-11 03:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2014-07-25 22:51 - 2014-07-11 03:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2014-07-25 22:51 - 2014-07-11 03:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2014-07-19 15:57 - 2014-07-19 15:57 - 00000000 __SHD () C:\Users\Timothy_Leis\AppData\Local\EmieUserList2014-07-19 15:57 - 2014-07-19 15:57 - 00000000 __SHD () C:\Users\Timothy_Leis\AppData\Local\EmieSiteList2014-07-19 15:44 - 2014-07-19 15:44 - 00046948 _____ () C:\Users\Timothy_Leis\Downloads\TS102919464.dotx2014-07-19 15:39 - 2014-07-19 15:39 - 00055415 _____ () C:\Users\Timothy_Leis\Downloads\TS102835057.dotx2014-07-17 01:10 - 2014-07-17 01:10 - 00000000 ____D () C:\ProgramData\Riot Games==================== One Month Modified Files and Folders =======(If an entry is included in the fixlist, the file\folder will be moved.)2015-06-29 17:38 - 2015-06-29 17:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-06-29 17:38 - 2015-06-29 17:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2015-06-29 17:38 - 2012-04-18 10:12 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-06-29 17:38 - 2011-11-02 16:38 - 00000000 ____D () C:\Users\Timothy_Leis\AppData\Roaming\Malwarebytes2015-06-29 17:38 - 2011-11-02 16:38 - 00000000 ____D () C:\ProgramData\Malwarebytes2015-06-29 17:38 - 2011-11-02 16:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware2014-08-07 05:59 - 2014-08-07 05:58 - 00021192 _____ () C:\Users\Timothy_Leis\Downloads\FRST.txt2014-08-07 05:58 - 2014-08-07 05:58 - 02094080 _____ (Farbar) C:\Users\Timothy_Leis\Downloads\FRST64.exe2014-08-07 05:58 - 2014-08-07 05:58 - 00000000 ____D () C:\FRST2014-08-07 05:49 - 2011-11-02 16:17 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3710671165-609888541-3485745390-1001UA.job2014-08-07 05:10 - 2014-05-19 19:47 - 00000000 ____D () C:\Program Files (x86)\BlueStacks2014-08-07 05:01 - 2012-08-18 22:34 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-08-07 04:16 - 2011-09-05 16:35 - 02044972 _____ () C:\Windows\WindowsUpdate.log2014-08-07 04:14 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI2014-08-07 04:13 - 2015-06-29 17:38 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-08-07 04:13 - 2009-07-14 00:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-08-07 04:13 - 2009-07-14 00:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-08-07 04:09 - 2011-11-02 16:17 - 00000000 ____D () C:\Users\Timothy_Leis\AppData\Local\Deployment2014-08-07 04:08 - 2014-07-04 23:59 - 00003244 _____ () C:\Windows\System32\Tasks\IORRT2014-08-07 04:08 - 2014-05-12 01:43 - 00024433 _____ () C:\Windows\setupact.log2014-08-07 04:08 - 2013-01-20 02:14 - 00000376 ____H () C:\Windows\Tasks\ZoomExUpdaterTask{39D96368-7F99-4AF7-9E3E-95376C9DB3C2}.job2014-08-07 04:07 - 2011-09-05 16:36 - 00000000 ____D () C:\ProgramData\NVIDIA2014-08-07 04:07 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-08-07 04:07 - 2009-07-14 00:45 - 00416688 _____ () C:\Windows\system32\FNTCACHE.DAT2014-08-07 04:05 - 2011-11-05 18:12 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-08-07 04:05 - 2010-11-21 03:17 - 00000000 ____D () C:\Program Files\Windows Journal2014-08-07 04:05 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism2014-08-07 04:05 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism2014-08-07 04:03 - 2013-08-03 04:01 - 00000000 ____D () C:\Windows\system32\MRT2014-08-07 03:58 - 2011-12-01 10:55 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-08-07 02:57 - 2013-03-14 04:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight2014-08-07 02:57 - 2013-03-14 04:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight2014-08-07 02:26 - 2013-03-14 04:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight2014-08-06 16:31 - 2014-03-12 05:30 - 00000000 ____D () C:\Users\Timothy_Leis\Desktop\DRG Parse2014-08-06 16:13 - 2011-11-02 16:17 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3710671165-609888541-3485745390-1001Core.job2014-08-05 23:47 - 2011-11-02 16:18 - 00000000 ____D () C:\Users\Timothy_Leis\AppData\Roaming\Skype2014-08-05 22:26 - 2014-03-07 16:26 - 00000000 ____D () C:\Users\Timothy_Leis\AppData\Roaming\Advanced Combat Tracker2014-08-05 22:21 - 2013-10-31 08:13 - 00000000 ____D () C:\Users\Timothy_Leis\AppData\Roaming\TS3Client2014-08-05 20:58 - 2013-10-31 08:12 - 00000000 ____D () C:\Users\Timothy_Leis\AppData\Local\TeamSpeak 3 Client2014-08-05 05:21 - 2014-08-05 05:21 - 00074055 _____ () C:\Users\Timothy_Leis\Downloads\Pyskador_1_2_4.rar2014-08-05 04:23 - 2014-06-08 01:48 - 00000000 ____D () C:\Users\Timothy_Leis\Desktop\BolterV2_v1.2.9b2014-08-05 04:22 - 2014-08-05 04:22 - 00000000 ____D () C:\ProgramData\Package Cache2014-08-05 04:19 - 2014-08-05 04:19 - 00387038 _____ () C:\Users\Timothy_Leis\Downloads\BolterV2_v1.2.9b.zip2014-07-25 23:11 - 2013-10-28 04:02 - 00000000 ____D () C:\ProgramData\Oracle2014-07-25 22:51 - 2014-07-25 22:51 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log2014-07-25 22:51 - 2014-07-25 22:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2014-07-25 22:51 - 2012-09-12 17:16 - 00000000 ____D () C:\Program Files (x86)\Java2014-07-23 10:52 - 2010-11-20 23:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe2014-07-19 15:57 - 2014-07-19 15:57 - 00000000 __SHD () C:\Users\Timothy_Leis\AppData\Local\EmieUserList2014-07-19 15:57 - 2014-07-19 15:57 - 00000000 __SHD () C:\Users\Timothy_Leis\AppData\Local\EmieSiteList2014-07-19 15:44 - 2014-07-19 15:44 - 00046948 _____ () C:\Users\Timothy_Leis\Downloads\TS102919464.dotx2014-07-19 15:39 - 2014-07-19 15:39 - 00055415 _____ () C:\Users\Timothy_Leis\Downloads\TS102835057.dotx2014-07-18 17:09 - 2011-11-02 16:30 - 00002410 _____ () C:\Users\Timothy_Leis\Desktop\Google Chrome.lnk2014-07-17 01:10 - 2014-07-17 01:10 - 00000000 ____D () C:\ProgramData\Riot Games2014-07-11 04:02 - 2014-07-25 22:51 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2014-07-11 03:56 - 2014-07-25 22:51 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2014-07-11 03:56 - 2014-07-25 22:51 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2014-07-11 03:55 - 2014-07-25 22:51 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2014-07-10 16:01 - 2012-08-18 22:34 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-07-10 16:01 - 2012-08-18 22:34 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-07-10 16:01 - 2011-09-05 14:45 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cplFiles to move or delete:====================C:\Users\Timothy_Leis\jagex_cl_runescape_LIVE.datC:\Users\Timothy_Leis\random.datSome content of TEMP:====================C:\Users\Timothy_Leis\AppData\Local\Temp\GURD27A.exeC:\Users\Timothy_Leis\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exeC:\Users\Timothy_Leis\AppData\Local\Temp\nvSCPAPI64.dllC:\Users\Timothy_Leis\AppData\Local\Temp\nvStereoApiI64.dllC:\Users\Timothy_Leis\AppData\Local\Temp\nvStInst.exeC:\Users\Timothy_Leis\AppData\Local\Temp\tmp308C.exe==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2014-07-31 14:17==================== End Of Log ============================Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-08-2014Ran by Timothy_Leis at 2014-08-07 06:00:59Running from C:\Users\Timothy_Leis\DownloadsBoot Mode: Normal============================================================================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}==================== Installed Programs ======================(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) HiddenAdobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)Advanced Combat Tracker (remove only) (HKLM-x32\...\Advanced Combat Tracker) (Version: - )Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)BlueStacks Notification Center (HKLM-x32\...\{4C02AFA8-074D-44FE-B0E1-A73D4AA65390}) (Version: 0.8.9.3088 - BlueStack Systems, Inc.)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0327 - DT Soft Ltd)Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version: - Microsoft)Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell Inc.)Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell Inc.)Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)Dell Stage (HKLM-x32\...\{39D06E77-8921-4056-8901-36D0035BAECA}) (Version: 1.5.420.0 - Fingertapps)Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.)Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)Dell VideoStage (x32 Version: 1.2.0.1712 - CyberLink Corp.) HiddenDell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)GameStop App (HKLM-x32\...\GameStop App) (Version: 4.00 - GameStop)GameStop App (x32 Version: 4.00 - GameStop) HiddenGeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) HiddenGoogle Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)Guildwork (HKCU\...\941445e80933424b) (Version: 1.0.0.70 - Guildwork)High-Definition Video Playback (x32 Version: 7.3.10000.0.0 - Nero AG) HiddenIntel PROSet Wireless (Version: - ) HiddenIntel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2345 - Intel Corporation)Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}) (Version: 15.2.0.0284 - Intel Corporation)Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{5A80B0BA-79AF-4B11-B851-CCB9F7977AC0}) (Version: 1.0.1.0489 - Intel Corporation)Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)Intel® WiDi (HKLM-x32\...\{03703CBB-563D-45CE-8B35-CB04CAB258BE}) (Version: 2.1.38.0 - Intel Corporation)Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )Intel® PROSet/Wireless WiFi Software (HKLM\...\{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}) (Version: 15.02.0000.1258 - Intel Corporation)iRip (HKLM-x32\...\{0F9224B1-9331-4D56-A21B-6D4747F6ACB4}) (Version: 1.2 - The Little App Factory)iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.650 - Oracle)Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) HiddenLeague of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) HiddenMicrosoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenMozilla Firefox 22.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 22.0 (x86 en-US)) (Version: 22.0 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 22.0 - Mozilla)MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) HiddenMSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) HiddenMSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)Mumble 1.2.5 (HKLM-x32\...\{C7BC557D-8C8B-4F5F-83AB-D20C58CF4575}) (Version: 1.2.5 - Thorvald Natvig)Nero 10 Movie ThemePack Basic (x32 Version: 10.2.10200.0.0 - Nero AG) HiddenNero Control Center 10 (x32 Version: 10.6.12500.0.5 - Nero AG) HiddenNero ControlCenter 10 Help (CHM) (x32 Version: 10.2.10800 - Nero AG) HiddenNero Core Components 10 (x32 Version: 2.0.20000.9.12 - Nero AG) HiddenNero Update (x32 Version: 11.0.10623.22.0 - Nero AG) HiddenNotepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.6 - )NVIDIA 3D Vision Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)NVIDIA Control Panel 335.23 (Version: 335.23 - NVIDIA Corporation) HiddenNVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) HiddenNVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) HiddenNVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) HiddenNVIDIA Optimus Update 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) HiddenNVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) HiddenNVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)NVIDIA ShadowPlay 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) HiddenNVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) HiddenNVIDIA Update 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) HiddenNVIDIA Update Core (Version: 11.10.13 - NVIDIA Corporation) HiddenNVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)Origin (HKLM-x32\...\Origin) (Version: 9.1.3.2637 - Electronic Arts, Inc.)Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenPlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.15 - Dell Inc.)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6312 - Realtek Semiconductor Corp.)Reducethelag (HKLM-x32\...\ReducetheLag) (Version: - )Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.27.0 - Renesas Electronics Corporation)Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.27.0 - Renesas Electronics Corporation) HiddenRevo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) HiddenSHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) HiddenShockwave (HKLM-x32\...\Shockwave) (Version: - )Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) HiddenTeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.15.1 - TeamSpeak Systems GmbH)TrustedID (HKLM-x32\...\{C16A92EF-017B-4839-9C75-FBADB5A1FA27}) (Version: 5.0 - TrustedID)Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version: - Microsoft)Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWinZip 16.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D5}) (Version: 16.5.10096 - WinZip Computing, S.L. )WTFast 3.1 (HKLM-x32\...\{12B4121D-5221-4AFC-9EDC-63B0CA139856}_is1) (Version: 3.1.1.3 - Initex & AAA Internet Publishing)ZoomEx (HKLM\...\{4D1D9E2B-CC34-44D5-A63E-841696FEBCDD}) (Version: 1.0 - )==================== Custom CLSID (selected items): ==========================(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)CustomCLSID: HKU\S-1-5-21-3710671165-609888541-3485745390-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Timothy_Leis\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-3710671165-609888541-3485745390-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Timothy_Leis\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-3710671165-609888541-3485745390-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Timothy_Leis\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-3710671165-609888541-3485745390-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Timothy_Leis\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File==================== Restore Points =========================29-06-2014 11:42:28 Scheduled Checkpoint26-07-2014 02:50:37 Installed Java 7 Update 6501-08-2014 04:49:26 Windows Update05-08-2014 08:21:48 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.2100507-08-2014 06:19:19 Windows Update07-08-2014 07:53:57 Windows Update07-08-2014 09:11:03 Removed BlueStacks Notification Center29-06-2015 21:59:19 Windows Update==================== Hosts content: ==========================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2009-07-13 22:34 - 2012-12-05 21:16 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost==================== Scheduled Tasks (whitelisted) =============(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)Task: {11220D3B-4B3D-40DD-BEC4-0FC746225558} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3710671165-609888541-3485745390-1001UA => C:\Users\Timothy_Leis\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-02] (Google Inc.)Task: {1CE62886-E0E7-4303-91D0-E3F0F22E9BA4} - System32\Tasks\{653B4094-3C82-4110-ACEC-7D14D85F53B7} => C:\Program Files (x86)\Bethesda Softworks\Morrowind\Morrowind Launcher.exeTask: {2C1B0004-7560-4185-ADB8-37107D459D6D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {3BA2AC19-825E-43B1-AD7C-FDE63E5572E3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-10] (Adobe Systems Incorporated)Task: {3D181061-B38A-42ED-B7E7-D4F677B53B4C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)Task: {432AB34B-DDE5-4067-B449-009CE3D506A4} - System32\Tasks\{E27FF263-8823-4823-992E-3CE0DD2D32CA} => C:\Program Files (x86)\3DO\Might and Magic VII\MM7Setup.ExeTask: {47337CE0-5754-4DA5-AAA0-9B2D63A42716} - System32\Tasks\Hybrid => C:\IORRT\IORRT.bat [2011-11-05] ()Task: {665644B3-6790-46ED-BA07-540C1B8B428F} - System32\Tasks\{7B7F817F-D236-4C8E-927F-944A24BE22CF} => C:\Riot Games\League of Legends\lol.launcher.exe [2012-10-29] ()Task: {7DD3C800-6890-4DD0-A8B7-648B00146017} - System32\Tasks\IORRT => C:\IORRT\IORRT.bat [2011-11-05] ()Task: {94EE6E2E-9EEB-42CF-AB76-072DB7F31ECD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3710671165-609888541-3485745390-1001Core => C:\Users\Timothy_Leis\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-02] (Google Inc.)Task: {A3A05DC6-6E20-4069-A2CE-D9D076DD1577} - System32\Tasks\{3949627B-15A6-4C71-AEEA-4E682B865D15} => E:\SETUP.EXETask: {C6106ADF-E15C-4C74-8778-401945156FF7} - System32\Tasks\ZoomExUpdaterTask{39D96368-7F99-4AF7-9E3E-95376C9DB3C2} => C:\ProgramData\Premium\ZoomEx\ZoomEx.exe <==== ATTENTIONTask: {E5C0DA18-8B50-4029-9542-9F6365F08BB7} - System32\Tasks\{780228C5-B83A-457A-9872-76966F1CADB5} => E:\SETUP.EXETask: {EAF58480-047B-482A-84A9-D2649379FF80} - \Your File Updater No Task File <==== ATTENTIONTask: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3710671165-609888541-3485745390-1001Core.job => C:\Users\Timothy_Leis\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3710671165-609888541-3485745390-1001UA.job => C:\Users\Timothy_Leis\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\ZoomExUpdaterTask{39D96368-7F99-4AF7-9E3E-95376C9DB3C2}.job => C:\ProgramData\Premium\ZoomEx\ZoomEx.exe <==== ATTENTION==================== Loaded Modules (whitelisted) =============2014-03-18 05:49 - 2014-03-18 05:49 - 00221696 _____ () C:\Program Files (x86)\ReducetheLag\reducethelag_v3_service.exe2012-01-10 20:14 - 2014-03-04 09:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll2013-09-05 02:17 - 2013-09-05 02:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll2011-09-05 16:10 - 2011-03-26 19:29 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2009-03-07 16:02 - 2009-03-07 16:02 - 00098304 _____ () C:\Program Files (x86)\ReducetheLag\EasyHook32.dll2012-01-10 20:13 - 2014-03-04 10:35 - 00014280 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll2013-09-05 02:14 - 2013-09-05 02:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll2014-07-18 17:09 - 2014-07-15 05:24 - 00718664 _____ () C:\Users\Timothy_Leis\AppData\Local\Google\Chrome\Application\36.0.1985.125\libglesv2.dll2014-07-18 17:09 - 2014-07-15 05:24 - 00126280 _____ () C:\Users\Timothy_Leis\AppData\Local\Google\Chrome\Application\36.0.1985.125\libegl.dll2014-07-18 17:09 - 2014-07-15 05:24 - 08537928 _____ () C:\Users\Timothy_Leis\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll2014-07-18 17:09 - 2014-07-15 05:24 - 00353096 _____ () C:\Users\Timothy_Leis\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll2014-07-18 17:09 - 2014-07-15 05:24 - 01732936 _____ () C:\Users\Timothy_Leis\AppData\Local\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll2014-03-18 05:49 - 2014-03-18 05:49 - 00133120 _____ () C:\Program Files (x86)\ReducetheLag\reducethelagv332.dll==================== Alternate Data Streams (whitelisted) =========(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)==================== Safe Mode (whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"==================== EXE Association (whitelisted) =============(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)==================== MSCONFIG/TASK MANAGER disabled items =========(Currently there is no automatic fix for this section.)MSCONFIG\startupfolder: C:^Users^Timothy_Leis^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GameStop Now.lnk => C:\Windows\pss\GameStop Now.lnk.StartupMSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startupMSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServicesMSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exeMSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorunMSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /backgroundMSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrunMSCONFIG\startupreg: uTorrent => "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZEDMSCONFIG\startupreg: WTFast Tray => "C:\Program Files (x86)\WTFast\WTFast.exe" trayonly==================== Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================Error: (08/07/2014 04:08:15 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (08/07/2014 04:08:14 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)Error: (08/07/2014 02:59:10 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (08/07/2014 02:59:04 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)Error: (08/07/2014 02:08:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 31306124Error: (08/07/2014 02:08:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 31306124Error: (08/07/2014 02:08:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a secondError: (08/06/2014 05:26:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 1263Error: (08/06/2014 05:26:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 1263Error: (08/06/2014 05:26:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a secondSystem errors:=============Error: (08/07/2014 04:08:14 AM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: The BlueStacks Android Service service terminated with the following error:%%1064Error: (08/07/2014 04:08:09 AM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Power Supply Monitor service to connect.Error: (08/07/2014 03:12:52 AM) (Source: Service Control Manager) (EventID: 7032) (User: )Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Modules Installer service, but this action failed with the following error:%%1056Error: (08/07/2014 03:08:03 AM) (Source: Service Control Manager) (EventID: 7032) (User: )Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Modules Installer service, but this action failed with the following error:%%1056Error: (08/07/2014 03:07:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The Windows Modules Installer service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.Error: (08/07/2014 03:06:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.Error: (08/07/2014 02:59:04 AM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: The BlueStacks Android Service service terminated with the following error:%%1064Error: (08/07/2014 02:58:58 AM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Power Supply Monitor service to connect.Error: (08/06/2014 04:18:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: The BlueStacks Android Service service terminated with the following error:%%1064Error: (08/06/2014 04:18:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Power Supply Monitor service to connect.Microsoft Office Sessions:=========================Error: (08/07/2014 04:08:15 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (08/07/2014 04:08:14 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)Error: (08/07/2014 02:59:10 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (08/07/2014 02:59:04 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)Error: (08/07/2014 02:08:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 31306124Error: (08/07/2014 02:08:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 31306124Error: (08/07/2014 02:08:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a secondError: (08/06/2014 05:26:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 1263Error: (08/06/2014 05:26:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 1263Error: (08/06/2014 05:26:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a secondCodeIntegrity Errors:===================================Date: 2014-05-09 17:34:33.958Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.Date: 2014-05-09 17:34:33.958Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.Date: 2014-05-09 17:34:33.958Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.Date: 2014-05-09 17:34:33.943Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.Date: 2014-05-09 17:34:33.943Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.Date: 2014-05-09 17:34:33.927Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.Date: 2014-05-01 10:24:49.692Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.Date: 2014-05-01 10:24:49.690Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.Date: 2014-05-01 10:24:49.687Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.Date: 2014-05-01 10:24:49.664Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.==================== Memory info ===========================Percentage of memory in use: 30%Total physical RAM: 12182.17 MBAvailable physical RAM: 8515.18 MBTotal Pagefile: 24362.52 MBAvailable Pagefile: 20286.45 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.84 MB==================== Drives ================================Drive c: (OS) (Fixed) (Total:576.54 GB) (Free:327.33 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: 07F2837E)Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)Partition 2: (Active) - (Size=20 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=577 GB) - (Type=07 NTFS)==================== End Of Log ============================Thank you for any help you're able to give. -
Tried multiple times to run combofix, but no matter what it always hangs on the final screen saying it's preparing a report. Sat there for 8 hours yesterday and never finished. No one touched the computer in this time.
-
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.01.16.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
terri :: TERRI-PC [administrator]
1/16/2013 12:33:30 PM
mbam-log-2013-01-16 (12-33-30).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 266162
Time elapsed: 3 minute(s), 48 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by terri at 12:38:12 on 2013-01-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2093 [GMT -6:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
C:\Program Files (x86)\iWin Games\iWinTrusted.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\terri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\terri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\terri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\terri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\terri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\terri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\terri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\terri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\terri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173602102216p0325v1j5r49m1s452
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173602102216p0325v1j5r49m1s452
mSearchAssistant = hxxp://www.google.com
uURLSearchHooks: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - <orphaned>
uURLSearchHooks: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - <orphaned>
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: IEHlprObj Class: {8CA5ED52-F3FB-4414-A105-2E3491156990} -
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
uRun: [incrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\terri\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\YAHOO!~1.LNK - C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{C61C7BDB-C7BF-43D9-BA92-45BF4C12003B} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{E1BD5EBB-804F-4881-9F04-E856EBF4BFCC} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{E1BD5EBB-804F-4881-9F04-E856EBF4BFCC}\2375942554032303 : DHCPNameServer = 192.168.1.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173602102216p0325v1j5r49m1s452
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\terri\AppData\Roaming\Mozilla\Firefox\Profiles\lzy9ybr7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/mb156/?loc=ff_address_bar&a=6OxWR7DJUn&search=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\terri\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\terri\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll
FF - plugin: C:\Users\terri\AppData\LocalLow\Sony Online Entertainment\npsoe.dll
FF - plugin: C:\Users\terri\AppData\LocalLow\Sony Online Entertainment\npsoeact.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-3-21 984144]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-2-11 370288]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-2-11 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-2-11 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-11-21 44808]
R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 iWinTrusted;iWinTrusted;C:\Program Files (x86)\iWin Games\iWinTrusted.exe [2011-4-8 176848]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-5-1 2666880]
R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-10-29 240160]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-23 344680]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;C:\Windows\System32\drivers\wg111v3.sys [2011-4-10 446976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\System32\drivers\netr7364.sys [2010-2-24 726816]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 128456]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-12 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-17 1255736]
.
=============== Created Last 30 ================
.
2013-01-15 17:13:23 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AA39F33A-D1B5-4481-BB3B-C50B034342CD}\mpengine.dll
2013-01-14 13:30:57 9125352 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-09 17:20:54 750592 ----a-w- C:\Windows\System32\win32spl.dll
2013-01-09 17:19:32 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-01-03 15:09:38 -------- d-----w- C:\Program Files\CCleaner
2013-01-01 23:26:23 -------- d-----w- C:\Program Files (x86)\Crabs and Penguins
2012-12-29 15:45:33 -------- d-sh--w- C:\$RECYCLE.BIN
2012-12-28 16:01:26 -------- d-----w- C:\ComboFix
2012-12-28 00:56:03 98816 ----a-w- C:\Windows\sed.exe
2012-12-28 00:56:03 256000 ----a-w- C:\Windows\PEV.exe
2012-12-28 00:56:03 208896 ----a-w- C:\Windows\MBR.exe
2012-12-28 00:35:12 -------- d-----w- C:\Users\terri\AppData\Local\Programs
2012-12-27 20:43:52 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2012-12-25 21:45:20 -------- d-----w- C:\Users\terri\AppData\Roaming\AzuazGames
2012-12-21 04:15:07 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-21 04:15:07 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-21 04:15:05 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-21 04:15:03 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-18 20:07:11 106240 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find3M ====================
.
2013-01-10 03:24:09 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-10 03:24:09 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-14 22:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe
2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-11-01 05:43:42 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2012-11-01 05:43:42 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2012-11-01 04:47:54 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-11-01 04:47:54 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-10-30 23:51:55 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-10-30 23:51:55 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-10-30 23:51:07 41224 ----a-w- C:\Windows\avastSS.scr
.
============= FINISH: 12:39:18.92 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/11/2010 2:58:56 PM
System Uptime: 1/16/2013 7:23:14 AM (5 hours ago)
.
Motherboard: eMachines | | EMCP73VT-PM
Processor: Pentium® Dual-Core CPU E5400 @ 2.70GHz | CPU 1 | 2700/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 686 GiB total, 627.089 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP442: 1/3/2013 9:24:58 AM - Revo Uninstaller's restore point - Yahoo! Messenger
RP443: 1/3/2013 9:30:18 AM - Revo Uninstaller's restore point - Yahoo! Install Manager
RP444: 1/3/2013 9:30:56 AM - Revo Uninstaller's restore point - Yahoo! Widgets
RP445: 1/5/2013 11:48:12 AM - Windows Update
RP446: 1/9/2013 9:47:24 AM - Windows Update
RP447: 1/9/2013 12:12:09 PM - Windows Update
RP448: 1/14/2013 7:30:16 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.3 MUI
Adobe Shockwave Player 11.6
Advertising Center
Angry Birds Rio
Angry Birds Seasons
Apple Application Support
Apple Software Update
avast! Free Antivirus
Beetle Bug 3 (remove only)
CCleaner
Compatibility Pack for the 2007 Office system
Crabs and Penguins
D3DX10
DivX Web Player
eMachines Games
eMachines Recovery Management
eMachines Registration
eMachines ScreenSaver
eMachines Updater
Fairy Island
Fluttabyes
Free Realms Installer
Google Chrome
Google Update Helper
Identity Card
ImagXpress
IncrediMail
IncrediMail 2.0
iWin Games (remove only)
Java 7 Update 9
Java Auto Updater
Junk Mail filter update
Linksys Compact Wireless-G USB Adapter Driver - WUSB54GC
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 18.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
NETGEAR WG111v3 wireless USB 2.0 adapter
NVIDIA Display Control Panel
NVIDIA Drivers
Photo Notifier and Animation Creator
PhotoMail Maker
PVSonyDll
QuickTime
Realtek High Definition Audio Driver
Revo Uninstaller 1.94
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
SOE Web Installer
swMSM
TeamViewer 7
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Welcome Center
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Yahoo! BrowserPlus 2.9.2
Yahoo! Install Manager
Yahoo! Software Update
Yahoo! Widgets
.
==== End Of File ===========================
-
Hello, sorry for the delay, as I said, not my personal computer so haven't had a chance to check it out. It was working from what they were telling me but however a new issue seems to have arised... upon doing a Google search, the results page comes up and it doesn't take you to the page that was searched... it redirects to a "related" page. Going to post the new scans now and see if we can find the issue, I'm back at their house with their computer so I can update quickly.
-
# AdwCleaner v2.104 - Logfile created 01/03/2013 at 09:02:23
# Updated 29/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : terri - TERRI-PC
# Boot Mode : Normal
# Running from : C:\Users\terri\Desktop\adwcleaner.exe
# Option [Delete]
***** [services] *****
***** [Files / Folders] *****
File Deleted : C:\END
File Deleted : C:\Users\terri\AppData\Roaming\Mozilla\Firefox\Profiles\lzy9ybr7.default\searchplugins\Askcom.xml
File Deleted : C:\Users\terri\AppData\Roaming\Mozilla\Firefox\Profiles\lzy9ybr7.default\searchplugins\Conduit.xml
File Deleted : C:\Users\terri\AppData\Roaming\Mozilla\Firefox\Profiles\lzy9ybr7.default\searchplugins\MyStart Search.xml
File Deleted : C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerTrust\UnifiedToolbar.cfg
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\{1CE72EFA-E2D1-48FA-A5EC-D7111C2C5BB6}
Folder Deleted : C:\Program Files (x86)\Perion
Folder Deleted : C:\Program Files (x86)\Yontoo Layers Client
Folder Deleted : C:\ProgramData\iWin
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\terri\AppData\Local\Conduit
Folder Deleted : C:\Users\terri\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Folder Deleted : C:\Users\terri\AppData\Local\Kiwee Toolbar
Folder Deleted : C:\Users\terri\AppData\LocalLow\AGI
Folder Deleted : C:\Users\terri\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\terri\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\terri\AppData\LocalLow\facemoods.com
Folder Deleted : C:\Users\terri\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\terri\AppData\Roaming\iWin
Folder Deleted : C:\Users\terri\AppData\Roaming\Mozilla\Firefox\Profiles\lzy9ybr7.default\Conduit
Folder Deleted : C:\Users\terri\AppData\Roaming\Mozilla\Firefox\Profiles\lzy9ybr7.default\ConduitCommon
Folder Deleted : C:\Users\terri\AppData\Roaming\Mozilla\Firefox\Profiles\lzy9ybr7.default\CT2438727
Folder Deleted : C:\Users\terri\AppData\Roaming\Mozilla\Firefox\Profiles\lzy9ybr7.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
Folder Deleted : C:\Users\terri\AppData\Roaming\Mozilla\Firefox\Profiles\lzy9ybr7.default\Smartbar
***** [Registry] *****
Key Deleted : HKCU\Software\AGI
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Babylon
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ebfmlbdgbekinmmpfmpjjkfclcgedhgj
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4260E0CC-0F75-462E-88A3-1E05C248BF4C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4260E0CC-0F75-462E-88A3-1E05C248BF4C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{86F14831-D88C-4BC8-B871-C8FB24D95D9B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKLM\Software\AGI
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AG.MediaPlayerCOM
Key Deleted : HKLM\SOFTWARE\Classes\agihelper.AGUtils
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A5461FCA-320C-4D6F-A150-A53823CE8142}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\contenthandler.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\BabyDict
Key Deleted : HKLM\SOFTWARE\Classes\BabyGloss
Key Deleted : HKLM\SOFTWARE\Classes\BabyOptFile
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\contenthandler.contentselection
Key Deleted : HKLM\SOFTWARE\Classes\contenthandler.contentselection.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1678857
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2438727
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2724386
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C7403C30-3644-43D8-A82F-4BD84B9682D9}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\dlQUE
Key Deleted : HKLM\Software\IB Updater
Key Deleted : HKLM\Software\ImInstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\Software\Web Assistant
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4260E0CC-0F75-462E-88A3-1E05C248BF4C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E6375F37-E4D1-4F51-B651-4658C27AC5BF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3E16A203-C0AA-4D44-ACC5-38A70A8C76DA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ebfmlbdgbekinmmpfmpjjkfclcgedhgj
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87A0B80B-5BA7-4CB0-9553-105D68777D60}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E16A203-C0AA-4D44-ACC5-38A70A8C76DA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Web Assistant
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}]
***** [internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16457
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=ppcb2&s={searchTerms}&f=4 --> hxxp://www.google.com
-\\ Mozilla Firefox v17.0.1 (en-US)
File : C:\Users\terri\AppData\Roaming\Mozilla\Firefox\Profiles\lzy9ybr7.default\prefs.js
C:\Users\terri\AppData\Roaming\Mozilla\Firefox\Profiles\lzy9ybr7.default\user.js ... Deleted !
Deleted : user_pref("CT2438727..clientLogIsEnabled", false);
Deleted : user_pref("CT2438727..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2438727..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2438727.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2438727.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2438727.CT2438727", "CT2438727");
Deleted : user_pref("CT2438727.CurrentServerDate", "3-1-2013");
Deleted : user_pref("CT2438727.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2438727.DialogsGetterLastCheckTime", "Wed Jan 02 2013 21:12:34 GMT-0600 (Central Standa[...]
Deleted : user_pref("CT2438727.DownloadReferralCookieData", "");
Deleted : user_pref("CT2438727.EnableSearchHistory", false);
Deleted : user_pref("CT2438727.EnableSearchSuggest", false);
Deleted : user_pref("CT2438727.FirstServerDate", "21-5-2011");
Deleted : user_pref("CT2438727.FirstTime", true);
Deleted : user_pref("CT2438727.FirstTimeFF3", true);
Deleted : user_pref("CT2438727.FixPageNotFoundErrors", false);
Deleted : user_pref("CT2438727.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2438727.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2438727.HasUserGlobalKeys", true);
Deleted : user_pref("CT2438727.Initialize", true);
Deleted : user_pref("CT2438727.InitializeCommonPrefs", true);
Deleted : user_pref("CT2438727.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2438727.InstalledDate", "Sat May 21 2011 13:57:02 GMT-0500 (Central Daylight Time)");
Deleted : user_pref("CT2438727.IsGrouping", false);
Deleted : user_pref("CT2438727.IsMulticommunity", false);
Deleted : user_pref("CT2438727.IsOpenThankYouPage", true);
Deleted : user_pref("CT2438727.IsOpenUninstallPage", true);
Deleted : user_pref("CT2438727.LanguagePackLastCheckTime", "Wed Jan 02 2013 21:12:34 GMT-0600 (Central Standar[...]
Deleted : user_pref("CT2438727.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2438727.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2438727.LastLogin_3.12.0.7", "Mon Apr 30 2012 15:15:04 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT2438727.LastLogin_3.12.2.3", "Wed May 30 2012 11:42:46 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT2438727.LastLogin_3.13.0.6", "Sun Jul 15 2012 14:51:45 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT2438727.LastLogin_3.14.1.0", "Wed Aug 22 2012 18:47:22 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT2438727.LastLogin_3.15.1.0", "Wed Nov 07 2012 10:56:03 GMT-0600 (Central Standard Time)[...]
Deleted : user_pref("CT2438727.LastLogin_3.16.0.3", "Wed Jan 02 2013 21:12:25 GMT-0600 (Central Standard Time)[...]
Deleted : user_pref("CT2438727.LastLogin_3.3.5.1", "Sat Jul 09 2011 09:05:53 GMT-0500 (Central Daylight Time)"[...]
Deleted : user_pref("CT2438727.LatestVersion", "3.16.0.3");
Deleted : user_pref("CT2438727.Locale", "en");
Deleted : user_pref("CT2438727.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2438727.MCDetectTooltipShow", false);
Deleted : user_pref("CT2438727.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2438727.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2438727.MyStuffEnabledAtInstallation", false);
Deleted : user_pref("CT2438727.RadioShrinked", "shrinked");
Deleted : user_pref("CT2438727.SHRINK_TOOLBAR", 0);
Deleted : user_pref("CT2438727.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2438727.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT243[...]
Deleted : user_pref("CT2438727.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2438727.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2438727.SearchInNewTabLastCheckTime", "Wed Jan 02 2013 21:12:12 GMT-0600 (Central Stand[...]
Deleted : user_pref("CT2438727.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2438727.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2438727.ServiceMapLastCheckTime", "Wed Jan 02 2013 21:12:12 GMT-0600 (Central Standard [...]
Deleted : user_pref("CT2438727.SettingsLastCheckTime", "Wed Jan 02 2013 21:12:12 GMT-0600 (Central Standard Ti[...]
Deleted : user_pref("CT2438727.SettingsLastUpdate", "1357167707");
Deleted : user_pref("CT2438727.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2438727.ThirdPartyComponentsLastCheck", "Sat Jul 02 2011 21:24:40 GMT-0500 (Central Day[...]
Deleted : user_pref("CT2438727.ThirdPartyComponentsLastUpdate", "1246786978");
Deleted : user_pref("CT2438727.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2438727");
Deleted : user_pref("CT2438727.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2438727.UserID", "UN19161047969712086");
Deleted : user_pref("CT2438727.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2438727.alertChannelId", "832836");
Deleted : user_pref("CT2438727.approveUntrustedApps", true);
Deleted : user_pref("CT2438727.components.1000034", false);
Deleted : user_pref("CT2438727.components.1000082", false);
Deleted : user_pref("CT2438727.components.1000234", false);
Deleted : user_pref("CT2438727.components.1000515", false);
Deleted : user_pref("CT2438727.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2438727.globalFirstTimeInfoLastCheckTime", "Sat Jul 09 2011 13:05:54 GMT-0500 (Central [...]
Deleted : user_pref("CT2438727.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2438727.initDone", true);
Deleted : user_pref("CT2438727.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2438727.myStuffEnabled", true);
Deleted : user_pref("CT2438727.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2438727.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2438727.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2438727.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2438727.oldAppsList", "129017707048431316,129017707048587567,129509324767711885,1290239[...]
Deleted : user_pref("CT2438727.revertSettingsEnabled", false);
Deleted : user_pref("CT2438727.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2438727.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2438727.testingCtid", "");
Deleted : user_pref("CT2438727.toolbarAppMetaDataLastCheckTime", "Wed Jan 02 2013 21:12:34 GMT-0600 (Central S[...]
Deleted : user_pref("CT2438727.toolbarContextMenuLastCheckTime", "Sat May 21 2011 13:57:06 GMT-0500 (Central D[...]
Deleted : user_pref("CT2438727.usagesFlag", 2);
Deleted : user_pref("CT2724386..clientLogIsEnabled", false);
Deleted : user_pref("CT2724386..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2724386..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2724386.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2724386.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2724386.BrowserCompStateIsOpen_129723002078767475", true);
Deleted : user_pref("CT2724386.BrowserCompStateIsOpen_129847484031223416", true);
Deleted : user_pref("CT2724386.BrowserCompStateIsOpen_129851871904280954", true);
Deleted : user_pref("CT2724386.BrowserCompStateIsOpen_129904362604336829", true);
Deleted : user_pref("CT2724386.BrowserCompStateIsOpen_129992833759124499", true);
Deleted : user_pref("CT2724386.CT2724407.CommunityChanged", true);
Deleted : user_pref("CT2724386.CT2724431.CommunityChanged", true);
Deleted : user_pref("CT2724386.CT2727162.CommunityChanged", true);
Deleted : user_pref("CT2724386.CT2727622.CommunityChanged", true);
Deleted : user_pref("CT2724386.CT2727646.CommunityChanged", true);
Deleted : user_pref("CT2724386.CT2727678.CommunityChanged", true);
Deleted : user_pref("CT2724386.CT2727750.CommunityChanged", true);
Deleted : user_pref("CT2724386.CTID", "CT2724386");
Deleted : user_pref("CT2724386.CommunitiesChangesLastCheckTime", "Mon Apr 30 2012 19:13:48 GMT-0500 (Central D[...]
Deleted : user_pref("CT2724386.CommunitiesChangesLastUrl", "hxxp://grouping.services.conduit.com/GroupingReque[...]
Deleted : user_pref("CT2724386.CommunityChanged", true);
Deleted : user_pref("CT2724386.CurrentServerDate", "9-12-2012");
Deleted : user_pref("CT2724386.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2724386.DialogsGetterLastCheckTime", "Sat Dec 08 2012 17:56:31 GMT-0600 (Central Standa[...]
Deleted : user_pref("CT2724386.DownloadReferralCookieData", "");
Deleted : user_pref("CT2724386.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2724386.FirstServerDate", "8-6-2011");
Deleted : user_pref("CT2724386.FirstTime", true);
Deleted : user_pref("CT2724386.FirstTimeFF3", true);
Deleted : user_pref("CT2724386.FixPageNotFoundErrors", false);
Deleted : user_pref("CT2724386.GroupingLastCheckTime", "Mon Apr 30 2012 19:13:48 GMT-0500 (Central Daylight Ti[...]
Deleted : user_pref("CT2724386.GroupingLastErrorCode", "");
Deleted : user_pref("CT2724386.GroupingLastResponse", false);
Deleted : user_pref("CT2724386.GroupingLastServerUpdateTime", "129514153850000000");
Deleted : user_pref("CT2724386.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2724386.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2724386.HasUserGlobalKeys", true);
Deleted : user_pref("CT2724386.Initialize", true);
Deleted : user_pref("CT2724386.InitializeCommonPrefs", true);
Deleted : user_pref("CT2724386.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2724386.InstallationId", "StubInstaller");
Deleted : user_pref("CT2724386.InstallationType", "ConduitIntegration");
Deleted : user_pref("CT2724386.InstalledDate", "Tue Jun 07 2011 16:12:09 GMT-0500 (Central Daylight Time)");
Deleted : user_pref("CT2724386.InvalidateCache", false);
Deleted : user_pref("CT2724386.IsGrouping", false);
Deleted : user_pref("CT2724386.IsMulticommunity", false);
Deleted : user_pref("CT2724386.IsOpenThankYouPage", false);
Deleted : user_pref("CT2724386.IsOpenUninstallPage", true);
Deleted : user_pref("CT2724386.LanguagePackLastCheckTime", "Sat Dec 08 2012 17:56:05 GMT-0600 (Central Standar[...]
Deleted : user_pref("CT2724386.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2724386.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2724386.LastLogin_3.12.2.3", "Wed May 30 2012 11:42:44 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT2724386.LastLogin_3.13.0.6", "Sun Jul 15 2012 14:51:54 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT2724386.LastLogin_3.14.1.0", "Wed Aug 22 2012 18:47:22 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT2724386.LastLogin_3.15.1.0", "Wed Nov 07 2012 10:55:57 GMT-0600 (Central Standard Time)[...]
Deleted : user_pref("CT2724386.LastLogin_3.16.0.3", "Sat Dec 08 2012 17:56:05 GMT-0600 (Central Standard Time)[...]
Deleted : user_pref("CT2724386.LastLogin_3.3.5.1", "Tue Jun 07 2011 16:12:08 GMT-0500 (Central Daylight Time)"[...]
Deleted : user_pref("CT2724386.LatestVersion", "3.16.0.3");
Deleted : user_pref("CT2724386.Locale", "en");
Deleted : user_pref("CT2724386.LoginRevertSettingsEnabled", false);
Deleted : user_pref("CT2724386.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2724386.MCDetectTooltipShow", false);
Deleted : user_pref("CT2724386.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2724386.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2724386.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2724386.RadioIsPodcast", false);
Deleted : user_pref("CT2724386.RadioLastCheckTime", "Tue Jun 07 2011 16:12:09 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT2724386.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2724386.RadioLastUpdateServer", "129249036863500000");
Deleted : user_pref("CT2724386.RadioMediaID", "21080102");
Deleted : user_pref("CT2724386.RadioMediaType", "Media Player");
Deleted : user_pref("CT2724386.RadioMenuSelectedID", "EBRadioMenu_CT272438621080102");
Deleted : user_pref("CT2724386.RadioStationName", "Mix%201620%20Am");
Deleted : user_pref("CT2724386.RadioStationURL", "hxxp://69.115.65.9:8000");
Deleted : user_pref("CT2724386.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2724386.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2724386.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT272[...]
Deleted : user_pref("CT2724386.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2724386.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2724386.SearchInNewTabLastCheckTime", "Sat Dec 08 2012 17:56:03 GMT-0600 (Central Stand[...]
Deleted : user_pref("CT2724386.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2724386.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2724386.SearchInNewTabUserEnabled", false);
Deleted : user_pref("CT2724386.ServiceMapLastCheckTime", "Sat Dec 08 2012 17:56:04 GMT-0600 (Central Standard [...]
Deleted : user_pref("CT2724386.SettingsLastCheckTime", "Sat Dec 08 2012 17:56:03 GMT-0600 (Central Standard Ti[...]
Deleted : user_pref("CT2724386.SettingsLastUpdate", "1354809800");
Deleted : user_pref("CT2724386.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2724386.ThirdPartyComponentsLastCheck", "Tue Jun 07 2011 16:12:07 GMT-0500 (Central Day[...]
Deleted : user_pref("CT2724386.ThirdPartyComponentsLastUpdate", "1246786978");
Deleted : user_pref("CT2724386.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2724386.UserID", "UN99100734519817247");
Deleted : user_pref("CT2724386.ValidationData_Toolbar", 0);
Deleted : user_pref("CT2724386.WeatherNetwork", "");
Deleted : user_pref("CT2724386.WeatherPollDate", "Tue Jun 07 2011 16:12:10 GMT-0500 (Central Daylight Time)");
Deleted : user_pref("CT2724386.WeatherUnit", "F");
Deleted : user_pref("CT2724386.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT2724386.alertChannelId", "1116652");
Deleted : user_pref("CT2724386.autoDisableScopes", 0);
Deleted : user_pref("CT2724386.components.1000048", false);
Deleted : user_pref("CT2724386.components.1000082", false);
Deleted : user_pref("CT2724386.components.1000234", false);
Deleted : user_pref("CT2724386.components.129248963349915487", false);
Deleted : user_pref("CT2724386.components.129248964061947202", false);
Deleted : user_pref("CT2724386.components.129248964422728031", false);
Deleted : user_pref("CT2724386.components.129464706887642629", false);
Deleted : user_pref("CT2724386.components.129464706887955131", false);
Deleted : user_pref("CT2724386.defaultSearch", "false");
Deleted : user_pref("CT2724386.enableAlerts", "true");
Deleted : user_pref("CT2724386.enableSearchFromAddressBar", "false");
Deleted : user_pref("CT2724386.firstTimeDialogOpened", true);
Deleted : user_pref("CT2724386.fixPageNotFoundError", "false");
Deleted : user_pref("CT2724386.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT2724386.fixUrls", true);
Deleted : user_pref("CT2724386.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2724386.globalFirstTimeInfoLastCheckTime", "Tue Jun 07 2011 16:12:16 GMT-0500 (Central [...]
Deleted : user_pref("CT2724386.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2724386.initDone", true);
Deleted : user_pref("CT2724386.installId", "conduitnsisintegration");
Deleted : user_pref("CT2724386.installType", "conduitnsisintegration");
Deleted : user_pref("CT2724386.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2724386.isCheckedStartAsHidden", true);
Deleted : user_pref("CT2724386.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2724386.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT2724386.isNewTabEnabled", false);
Deleted : user_pref("CT2724386.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT2724386.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT2724386.migrateAppsAndComponents", true);
Deleted : user_pref("CT2724386.myStuffEnabled", true);
Deleted : user_pref("CT2724386.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2724386.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2724386.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2724386.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2724386.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"about%3Aaddons\",\"EB_MAIN_FR[...]
Deleted : user_pref("CT2724386.openThankYouPage", "false");
Deleted : user_pref("CT2724386.openUninstallPage", "true");
Deleted : user_pref("CT2724386.revertSettingsEnabled", false);
Deleted : user_pref("CT2724386.searchInNewTabEnabled", false);
Deleted : user_pref("CT2724386.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT2724386.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2724386.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2724386.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2724386.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT2724386.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT2724386.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT2724386.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT2724386.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT2724386.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT2724386.serviceLayer_services_login_10.13.40.15_lastUpdate", "1356549468479");
Deleted : user_pref("CT2724386.serviceLayer_services_serviceMap_lastUpdate", "1356486996404");
Deleted : user_pref("CT2724386.serviceLayer_services_toolbarSettings_lastUpdate", "1356549469141");
Deleted : user_pref("CT2724386.serviceLayer_services_translation_lastUpdate", "1356486996467");
Deleted : user_pref("CT2724386.settingsINI", true);
Deleted : user_pref("CT2724386.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT2724386.smartbar.CTID", "CT2724386");
Deleted : user_pref("CT2724386.smartbar.Uninstall", "0");
Deleted : user_pref("CT2724386.smartbar.toolbarName", "IncrediMail MediaBar 2 ");
Deleted : user_pref("CT2724386.startPage", "userChanged");
Deleted : user_pref("CT2724386.testingCtid", "");
Deleted : user_pref("CT2724386.toolbarAppMetaDataLastCheckTime", "Sat Dec 08 2012 17:56:07 GMT-0600 (Central S[...]
Deleted : user_pref("CT2724386.toolbarBornServerTime", "8-6-2011");
Deleted : user_pref("CT2724386.toolbarContextMenuLastCheckTime", "Tue Jun 07 2011 16:12:14 GMT-0500 (Central D[...]
Deleted : user_pref("CT2724386.toolbarCurrentServerTime", "26-12-2012");
Deleted : user_pref("CT2724386.toolbarDisabled", "true");
Deleted : user_pref("CT2724386.usagesFlag", 2);
Deleted : user_pref("CT2724386_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2438727");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2438727/CT2438727[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2724386/CT2724386[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2438727", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2724386", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2438727",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2724386",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2438727/CT2438727[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2724386/CT2724386[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/27/243/CT2438727/Images/Blank.png", "\"2[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/7/176/CT1764407/Images/63421989998628125[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/images/skins/zynga/seperator.gif", "\"46[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"b2c[...]
Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", false);
Deleted : user_pref("CommunityToolbar.EngineOwner", "");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "incredimail_mediabar_2");
Deleted : user_pref("CommunityToolbar.IsEngineShown", false);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2724386");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "incredimail_mediabar_2");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://mystart.incredimail.com/?loc=ff_a[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2438727,CT2724386");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2438727,CT2724386");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun Jun 12 2011 21:34:46 GMT-05[...]
Deleted : user_pref("CommunityToolbar.alert.alertEnabled", false);
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Jul 21 2011 20:47:00 GMT-0500 (Central D[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "bfda7240-6828-4e22-a6ed-beef12f26ed2");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Jun 07 2011 16:13:43 GMT-0500 (Cen[...]
Deleted : user_pref("CommunityToolbar.globalUserId", "b62c9f93-27a3-4856-ae53-9f4ba963a881");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.killedEngine", true);
Deleted : user_pref("CommunityToolbar.undefined", "");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "MyStart Search");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.search.selectedEngine", "MyStart Search");
Deleted : user_pref("extensions.questbasic.init", true);
Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=too[...]
Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]
-\\ Google Chrome v23.0.1271.97
File : C:\Users\terri\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [38270 octets] - [02/01/2013 10:54:59]
AdwCleaner[s1].txt - [38407 octets] - [03/01/2013 09:02:23]
########## EOF - C:\AdwCleaner[s1].txt - [38468 octets] ##########
-
# AdwCleaner v2.104 - Logfile created 01/02/2013 at 10:54:59
# Updated 29/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : terri - TERRI-PC
# Boot Mode : Normal
# Running from : C:\Users\terri\Desktop\adwcleaner.exe
# Option [search]
***** [services] *****
***** [Files / Folders] *****
File Found : C:\END
File Found : C:\Users\terri\AppData\Roaming\Mozilla\Firefox\Profiles\lzy9ybr7.default\searchplugins\Askcom.xml
File Found : C:\Users\terri\AppData\Roaming\Mozilla\Firefox\Profiles\lzy9ybr7.default\searchplugins\Conduit.xml
File Found : C:\Users\terri\AppData\Roaming\Mozilla\Firefox\Profiles\lzy9ybr7.default\searchplugins\MyStart Search.xml
File Found : C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerTrust\UnifiedToolbar.cfg
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\{1CE72EFA-E2D1-48FA-A5EC-D7111C2C5BB6}
Folder Found : C:\Program Files (x86)\Perion
Folder Found : C:\Program Files (x86)\Yontoo Layers Client
Folder Found : C:\ProgramData\iWin
Folder Found : C:\ProgramData\Partner
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\terri\AppData\Local\Conduit
Folder Found : C:\Users\terri\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Folder Found : C:\Users\terri\AppData\Local\Kiwee Toolbar
Folder Found : C:\Users\terri\AppData\LocalLow\AGI
Folder Found : C:\Users\terri\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\terri\AppData\LocalLow\Conduit
Folder Found : C:\Users\terri\AppData\LocalLow\facemoods.com
Folder Found : C:\Users\terri\AppData\LocalLow\PriceGong
Folder Found : C:\Users\terri\AppData\Roaming\iWin
Folder Found : C:\Users\terri\AppData\Roaming\Mozilla\Firefox\Profiles\lzy9ybr7.default\Conduit
Folder Found : C:\Users\terri\AppData\Roaming\Mozilla\Firefox\Profiles\lzy9ybr7.default\ConduitCommon
Folder Found : C:\Users\terri\AppData\Roaming\Mozilla\Firefox\Profiles\lzy9ybr7.default\CT2438727
Folder Found : C:\Users\terri\AppData\Roaming\Mozilla\Firefox\Profiles\lzy9ybr7.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
Folder Found : C:\Users\terri\AppData\Roaming\Mozilla\Firefox\Profiles\lzy9ybr7.default\Smartbar
***** [Registry] *****
Key Found : HKCU\Software\AGI
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Babylon
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Google\Chrome\Extensions\ebfmlbdgbekinmmpfmpjjkfclcgedhgj
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4260E0CC-0F75-462E-88A3-1E05C248BF4C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4260E0CC-0F75-462E-88A3-1E05C248BF4C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{86F14831-D88C-4BC8-B871-C8FB24D95D9B}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Found : HKLM\Software\AGI
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AG.MediaPlayerCOM
Key Found : HKLM\SOFTWARE\Classes\agihelper.AGUtils
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{A5461FCA-320C-4D6F-A150-A53823CE8142}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\contenthandler.dll
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\BabyDict
Key Found : HKLM\SOFTWARE\Classes\BabyGloss
Key Found : HKLM\SOFTWARE\Classes\BabyOptFile
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\contenthandler.contentselection
Key Found : HKLM\SOFTWARE\Classes\contenthandler.contentselection.1
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1678857
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2438727
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2724386
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C7403C30-3644-43D8-A82F-4BD84B9682D9}
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\dlQUE
Key Found : HKLM\Software\IB Updater
Key Found : HKLM\Software\ImInstaller
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\Software\Web Assistant
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4260E0CC-0F75-462E-88A3-1E05C248BF4C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E6375F37-E4D1-4F51-B651-4658C27AC5BF}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3E16A203-C0AA-4D44-ACC5-38A70A8C76DA}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ebfmlbdgbekinmmpfmpjjkfclcgedhgj
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87A0B80B-5BA7-4CB0-9553-105D68777D60}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3E16A203-C0AA-4D44-ACC5-38A70A8C76DA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Web Assistant
Key Found : HKU\S-1-5-21-2238865308-3945283567-1467993303-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Found : HKU\S-1-5-21-2238865308-3945283567-1467993303-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Found : HKU\S-1-5-21-2238865308-3945283567-1467993303-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-2238865308-3945283567-1467993303-1000\Software\Microsoft\Internet Explorer\SearchScopes\{86F14831-D88C-4BC8-B871-C8FB24D95D9B}
Key Found : HKU\S-1-5-21-2238865308-3945283567-1467993303-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}]
***** [internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16457
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=ppcb2&s={searchTerms}&f=4
-\\ Mozilla Firefox v17.0.1 (en-US)
File : C:\Users\terri\AppData\Roaming\Mozilla\Firefox\Profiles\lzy9ybr7.default\prefs.js
Found : user_pref("CT2438727..clientLogIsEnabled", false);
Found : user_pref("CT2438727..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2438727..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2438727.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT2438727.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2438727.CT2438727", "CT2438727");
Found : user_pref("CT2438727.CurrentServerDate", "28-12-2012");
Found : user_pref("CT2438727.DialogsAlignMode", "LTR");
Found : user_pref("CT2438727.DialogsGetterLastCheckTime", "Fri Dec 28 2012 09:56:39 GMT-0600 (Central Standa[...]
Found : user_pref("CT2438727.DownloadReferralCookieData", "");
Found : user_pref("CT2438727.EnableSearchHistory", false);
Found : user_pref("CT2438727.EnableSearchSuggest", false);
Found : user_pref("CT2438727.FirstServerDate", "21-5-2011");
Found : user_pref("CT2438727.FirstTime", true);
Found : user_pref("CT2438727.FirstTimeFF3", true);
Found : user_pref("CT2438727.FixPageNotFoundErrors", false);
Found : user_pref("CT2438727.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2438727.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2438727.HasUserGlobalKeys", true);
Found : user_pref("CT2438727.Initialize", true);
Found : user_pref("CT2438727.InitializeCommonPrefs", true);
Found : user_pref("CT2438727.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2438727.InstalledDate", "Sat May 21 2011 13:57:02 GMT-0500 (Central Daylight Time)");
Found : user_pref("CT2438727.IsGrouping", false);
Found : user_pref("CT2438727.IsMulticommunity", false);
Found : user_pref("CT2438727.IsOpenThankYouPage", true);
Found : user_pref("CT2438727.IsOpenUninstallPage", true);
Found : user_pref("CT2438727.LanguagePackLastCheckTime", "Thu Dec 27 2012 14:36:34 GMT-0600 (Central Standar[...]
Found : user_pref("CT2438727.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2438727.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2438727.LastLogin_3.12.0.7", "Mon Apr 30 2012 15:15:04 GMT-0500 (Central Daylight Time)[...]
Found : user_pref("CT2438727.LastLogin_3.12.2.3", "Wed May 30 2012 11:42:46 GMT-0500 (Central Daylight Time)[...]
Found : user_pref("CT2438727.LastLogin_3.13.0.6", "Sun Jul 15 2012 14:51:45 GMT-0500 (Central Daylight Time)[...]
Found : user_pref("CT2438727.LastLogin_3.14.1.0", "Wed Aug 22 2012 18:47:22 GMT-0500 (Central Daylight Time)[...]
Found : user_pref("CT2438727.LastLogin_3.15.1.0", "Wed Nov 07 2012 10:56:03 GMT-0600 (Central Standard Time)[...]
Found : user_pref("CT2438727.LastLogin_3.16.0.3", "Fri Dec 28 2012 09:56:39 GMT-0600 (Central Standard Time)[...]
Found : user_pref("CT2438727.LastLogin_3.3.5.1", "Sat Jul 09 2011 09:05:53 GMT-0500 (Central Daylight Time)"[...]
Found : user_pref("CT2438727.LatestVersion", "3.16.0.3");
Found : user_pref("CT2438727.Locale", "en");
Found : user_pref("CT2438727.MCDetectTooltipHeight", "83");
Found : user_pref("CT2438727.MCDetectTooltipShow", false);
Found : user_pref("CT2438727.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2438727.MCDetectTooltipWidth", "295");
Found : user_pref("CT2438727.MyStuffEnabledAtInstallation", false);
Found : user_pref("CT2438727.RadioShrinked", "shrinked");
Found : user_pref("CT2438727.SHRINK_TOOLBAR", 0);
Found : user_pref("CT2438727.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2438727.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT243[...]
Found : user_pref("CT2438727.SearchInNewTabEnabled", true);
Found : user_pref("CT2438727.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2438727.SearchInNewTabLastCheckTime", "Thu Dec 27 2012 14:36:30 GMT-0600 (Central Stand[...]
Found : user_pref("CT2438727.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2438727.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2438727.ServiceMapLastCheckTime", "Thu Dec 27 2012 14:36:32 GMT-0600 (Central Standard [...]
Found : user_pref("CT2438727.SettingsLastCheckTime", "Fri Dec 28 2012 09:56:38 GMT-0600 (Central Standard Ti[...]
Found : user_pref("CT2438727.SettingsLastUpdate", "1356671436");
Found : user_pref("CT2438727.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2438727.ThirdPartyComponentsLastCheck", "Sat Jul 02 2011 21:24:40 GMT-0500 (Central Day[...]
Found : user_pref("CT2438727.ThirdPartyComponentsLastUpdate", "1246786978");
Found : user_pref("CT2438727.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2438727");
Found : user_pref("CT2438727.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2438727.UserID", "UN19161047969712086");
Found : user_pref("CT2438727.ValidationData_Toolbar", 2);
Found : user_pref("CT2438727.alertChannelId", "832836");
Found : user_pref("CT2438727.approveUntrustedApps", true);
Found : user_pref("CT2438727.components.1000034", false);
Found : user_pref("CT2438727.components.1000082", false);
Found : user_pref("CT2438727.components.1000234", false);
Found : user_pref("CT2438727.components.1000515", false);
Found : user_pref("CT2438727.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2438727.globalFirstTimeInfoLastCheckTime", "Sat Jul 09 2011 13:05:54 GMT-0500 (Central [...]
Found : user_pref("CT2438727.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2438727.initDone", true);
Found : user_pref("CT2438727.isAppTrackingManagerOn", true);
Found : user_pref("CT2438727.myStuffEnabled", true);
Found : user_pref("CT2438727.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2438727.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2438727.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2438727.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2438727.oldAppsList", "129017707048431316,129017707048587567,129509324767711885,1290239[...]
Found : user_pref("CT2438727.revertSettingsEnabled", false);
Found : user_pref("CT2438727.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2438727.searchProtectorEnableByLogin", true);
Found : user_pref("CT2438727.testingCtid", "");
Found : user_pref("CT2438727.toolbarAppMetaDataLastCheckTime", "Thu Dec 27 2012 14:36:35 GMT-0600 (Central S[...]
Found : user_pref("CT2438727.toolbarContextMenuLastCheckTime", "Sat May 21 2011 13:57:06 GMT-0500 (Central D[...]
Found : user_pref("CT2438727.usagesFlag", 2);
Found : user_pref("CT2724386..clientLogIsEnabled", false);
Found : user_pref("CT2724386..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2724386..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2724386.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT2724386.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2724386.BrowserCompStateIsOpen_129723002078767475", true);
Found : user_pref("CT2724386.BrowserCompStateIsOpen_129847484031223416", true);
Found : user_pref("CT2724386.BrowserCompStateIsOpen_129851871904280954", true);
Found : user_pref("CT2724386.BrowserCompStateIsOpen_129904362604336829", true);
Found : user_pref("CT2724386.BrowserCompStateIsOpen_129992833759124499", true);
Found : user_pref("CT2724386.CT2724407.CommunityChanged", true);
Found : user_pref("CT2724386.CT2724431.CommunityChanged", true);
Found : user_pref("CT2724386.CT2727162.CommunityChanged", true);
Found : user_pref("CT2724386.CT2727622.CommunityChanged", true);
Found : user_pref("CT2724386.CT2727646.CommunityChanged", true);
Found : user_pref("CT2724386.CT2727678.CommunityChanged", true);
Found : user_pref("CT2724386.CT2727750.CommunityChanged", true);
Found : user_pref("CT2724386.CTID", "CT2724386");
Found : user_pref("CT2724386.CommunitiesChangesLastCheckTime", "Mon Apr 30 2012 19:13:48 GMT-0500 (Central D[...]
Found : user_pref("CT2724386.CommunitiesChangesLastUrl", "hxxp://grouping.services.conduit.com/GroupingReque[...]
Found : user_pref("CT2724386.CommunityChanged", true);
Found : user_pref("CT2724386.CurrentServerDate", "9-12-2012");
Found : user_pref("CT2724386.DialogsAlignMode", "LTR");
Found : user_pref("CT2724386.DialogsGetterLastCheckTime", "Sat Dec 08 2012 17:56:31 GMT-0600 (Central Standa[...]
Found : user_pref("CT2724386.DownloadReferralCookieData", "");
Found : user_pref("CT2724386.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT2724386.FirstServerDate", "8-6-2011");
Found : user_pref("CT2724386.FirstTime", true);
Found : user_pref("CT2724386.FirstTimeFF3", true);
Found : user_pref("CT2724386.FixPageNotFoundErrors", false);
Found : user_pref("CT2724386.GroupingLastCheckTime", "Mon Apr 30 2012 19:13:48 GMT-0500 (Central Daylight Ti[...]
Found : user_pref("CT2724386.GroupingLastErrorCode", "");
Found : user_pref("CT2724386.GroupingLastResponse", false);
Found : user_pref("CT2724386.GroupingLastServerUpdateTime", "129514153850000000");
Found : user_pref("CT2724386.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2724386.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2724386.HasUserGlobalKeys", true);
Found : user_pref("CT2724386.Initialize", true);
Found : user_pref("CT2724386.InitializeCommonPrefs", true);
Found : user_pref("CT2724386.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2724386.InstallationId", "StubInstaller");
Found : user_pref("CT2724386.InstallationType", "ConduitIntegration");
Found : user_pref("CT2724386.InstalledDate", "Tue Jun 07 2011 16:12:09 GMT-0500 (Central Daylight Time)");
Found : user_pref("CT2724386.InvalidateCache", false);
Found : user_pref("CT2724386.IsGrouping", false);
Found : user_pref("CT2724386.IsMulticommunity", false);
Found : user_pref("CT2724386.IsOpenThankYouPage", false);
Found : user_pref("CT2724386.IsOpenUninstallPage", true);
Found : user_pref("CT2724386.LanguagePackLastCheckTime", "Sat Dec 08 2012 17:56:05 GMT-0600 (Central Standar[...]
Found : user_pref("CT2724386.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2724386.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2724386.LastLogin_3.12.2.3", "Wed May 30 2012 11:42:44 GMT-0500 (Central Daylight Time)[...]
Found : user_pref("CT2724386.LastLogin_3.13.0.6", "Sun Jul 15 2012 14:51:54 GMT-0500 (Central Daylight Time)[...]
Found : user_pref("CT2724386.LastLogin_3.14.1.0", "Wed Aug 22 2012 18:47:22 GMT-0500 (Central Daylight Time)[...]
Found : user_pref("CT2724386.LastLogin_3.15.1.0", "Wed Nov 07 2012 10:55:57 GMT-0600 (Central Standard Time)[...]
Found : user_pref("CT2724386.LastLogin_3.16.0.3", "Sat Dec 08 2012 17:56:05 GMT-0600 (Central Standard Time)[...]
Found : user_pref("CT2724386.LastLogin_3.3.5.1", "Tue Jun 07 2011 16:12:08 GMT-0500 (Central Daylight Time)"[...]
Found : user_pref("CT2724386.LatestVersion", "3.16.0.3");
Found : user_pref("CT2724386.Locale", "en");
Found : user_pref("CT2724386.LoginRevertSettingsEnabled", false);
Found : user_pref("CT2724386.MCDetectTooltipHeight", "83");
Found : user_pref("CT2724386.MCDetectTooltipShow", false);
Found : user_pref("CT2724386.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2724386.MCDetectTooltipWidth", "295");
Found : user_pref("CT2724386.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2724386.RadioIsPodcast", false);
Found : user_pref("CT2724386.RadioLastCheckTime", "Tue Jun 07 2011 16:12:09 GMT-0500 (Central Daylight Time)[...]
Found : user_pref("CT2724386.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2724386.RadioLastUpdateServer", "129249036863500000");
Found : user_pref("CT2724386.RadioMediaID", "21080102");
Found : user_pref("CT2724386.RadioMediaType", "Media Player");
Found : user_pref("CT2724386.RadioMenuSelectedID", "EBRadioMenu_CT272438621080102");
Found : user_pref("CT2724386.RadioStationName", "Mix%201620%20Am");
Found : user_pref("CT2724386.RadioStationURL", "hxxp://69.115.65.9:8000");
Found : user_pref("CT2724386.SHRINK_TOOLBAR", 1);
Found : user_pref("CT2724386.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2724386.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT272[...]
Found : user_pref("CT2724386.SearchInNewTabEnabled", true);
Found : user_pref("CT2724386.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2724386.SearchInNewTabLastCheckTime", "Sat Dec 08 2012 17:56:03 GMT-0600 (Central Stand[...]
Found : user_pref("CT2724386.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2724386.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2724386.SearchInNewTabUserEnabled", false);
Found : user_pref("CT2724386.ServiceMapLastCheckTime", "Sat Dec 08 2012 17:56:04 GMT-0600 (Central Standard [...]
Found : user_pref("CT2724386.SettingsLastCheckTime", "Sat Dec 08 2012 17:56:03 GMT-0600 (Central Standard Ti[...]
Found : user_pref("CT2724386.SettingsLastUpdate", "1354809800");
Found : user_pref("CT2724386.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2724386.ThirdPartyComponentsLastCheck", "Tue Jun 07 2011 16:12:07 GMT-0500 (Central Day[...]
Found : user_pref("CT2724386.ThirdPartyComponentsLastUpdate", "1246786978");
Found : user_pref("CT2724386.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2724386.UserID", "UN99100734519817247");
Found : user_pref("CT2724386.ValidationData_Toolbar", 0);
Found : user_pref("CT2724386.WeatherNetwork", "");
Found : user_pref("CT2724386.WeatherPollDate", "Tue Jun 07 2011 16:12:10 GMT-0500 (Central Daylight Time)");
Found : user_pref("CT2724386.WeatherUnit", "F");
Found : user_pref("CT2724386.addressBarTakeOverEnabledInHidden", "true");
Found : user_pref("CT2724386.alertChannelId", "1116652");
Found : user_pref("CT2724386.autoDisableScopes", 0);
Found : user_pref("CT2724386.components.1000048", false);
Found : user_pref("CT2724386.components.1000082", false);
Found : user_pref("CT2724386.components.1000234", false);
Found : user_pref("CT2724386.components.129248963349915487", false);
Found : user_pref("CT2724386.components.129248964061947202", false);
Found : user_pref("CT2724386.components.129248964422728031", false);
Found : user_pref("CT2724386.components.129464706887642629", false);
Found : user_pref("CT2724386.components.129464706887955131", false);
Found : user_pref("CT2724386.defaultSearch", "false");
Found : user_pref("CT2724386.enableAlerts", "true");
Found : user_pref("CT2724386.enableSearchFromAddressBar", "false");
Found : user_pref("CT2724386.firstTimeDialogOpened", true);
Found : user_pref("CT2724386.fixPageNotFoundError", "false");
Found : user_pref("CT2724386.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT2724386.fixUrls", true);
Found : user_pref("CT2724386.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2724386.globalFirstTimeInfoLastCheckTime", "Tue Jun 07 2011 16:12:16 GMT-0500 (Central [...]
Found : user_pref("CT2724386.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2724386.initDone", true);
Found : user_pref("CT2724386.installId", "conduitnsisintegration");
Found : user_pref("CT2724386.installType", "conduitnsisintegration");
Found : user_pref("CT2724386.isAppTrackingManagerOn", true);
Found : user_pref("CT2724386.isCheckedStartAsHidden", true);
Found : user_pref("CT2724386.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT2724386.isFirstTimeToolbarLoading", "false");
Found : user_pref("CT2724386.isNewTabEnabled", false);
Found : user_pref("CT2724386.isPerformedSmartBarTransition", "true");
Found : user_pref("CT2724386.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT2724386.migrateAppsAndComponents", true);
Found : user_pref("CT2724386.myStuffEnabled", true);
Found : user_pref("CT2724386.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2724386.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2724386.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2724386.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2724386.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"about%3Aaddons\",\"EB_MAIN_FR[...]
Found : user_pref("CT2724386.openThankYouPage", "false");
Found : user_pref("CT2724386.openUninstallPage", "true");
Found : user_pref("CT2724386.revertSettingsEnabled", false);
Found : user_pref("CT2724386.searchInNewTabEnabled", false);
Found : user_pref("CT2724386.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT2724386.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2724386.searchProtectorEnableByLogin", true);
Found : user_pref("CT2724386.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT2724386.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT2724386.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Found : user_pref("CT2724386.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT2724386.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT2724386.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT2724386.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT2724386.serviceLayer_services_login_10.13.40.15_lastUpdate", "1356549468479");
Found : user_pref("CT2724386.serviceLayer_services_serviceMap_lastUpdate", "1356486996404");
Found : user_pref("CT2724386.serviceLayer_services_toolbarSettings_lastUpdate", "1356549469141");
Found : user_pref("CT2724386.serviceLayer_services_translation_lastUpdate", "1356486996467");
Found : user_pref("CT2724386.settingsINI", true);
Found : user_pref("CT2724386.shouldFirstTimeDialog", "false");
Found : user_pref("CT2724386.smartbar.CTID", "CT2724386");
Found : user_pref("CT2724386.smartbar.Uninstall", "0");
Found : user_pref("CT2724386.smartbar.toolbarName", "IncrediMail MediaBar 2 ");
Found : user_pref("CT2724386.startPage", "userChanged");
Found : user_pref("CT2724386.testingCtid", "");
Found : user_pref("CT2724386.toolbarAppMetaDataLastCheckTime", "Sat Dec 08 2012 17:56:07 GMT-0600 (Central S[...]
Found : user_pref("CT2724386.toolbarBornServerTime", "8-6-2011");
Found : user_pref("CT2724386.toolbarContextMenuLastCheckTime", "Tue Jun 07 2011 16:12:14 GMT-0500 (Central D[...]
Found : user_pref("CT2724386.toolbarCurrentServerTime", "26-12-2012");
Found : user_pref("CT2724386.toolbarDisabled", "true");
Found : user_pref("CT2724386.usagesFlag", 2);
Found : user_pref("CT2724386_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Found : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2438727");
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2438727/CT2438727[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2724386/CT2724386[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2438727", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2724386", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2438727",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2724386",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2438727/CT2438727[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2724386/CT2724386[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/27/243/CT2438727/Images/Blank.png", "\"2[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/7/176/CT1764407/Images/63421989998628125[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/images/skins/zynga/seperator.gif", "\"46[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"b33[...]
Found : user_pref("CommunityToolbar.EngineHiddenByUser", false);
Found : user_pref("CommunityToolbar.EngineOwner", "");
Found : user_pref("CommunityToolbar.EngineOwnerGuid", "{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}");
Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "incredimail_mediabar_2");
Found : user_pref("CommunityToolbar.IsEngineShown", false);
Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2724386");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "incredimail_mediabar_2");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://mystart.incredimail.com/?loc=ff_a[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2438727,CT2724386");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2438727,CT2724386");
Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun Jun 12 2011 21:34:46 GMT-05[...]
Found : user_pref("CommunityToolbar.alert.alertEnabled", false);
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Jul 21 2011 20:47:00 GMT-0500 (Central D[...]
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "bfda7240-6828-4e22-a6ed-beef12f26ed2");
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Jun 07 2011 16:13:43 GMT-0500 (Cen[...]
Found : user_pref("CommunityToolbar.globalUserId", "b62c9f93-27a3-4856-ae53-9f4ba963a881");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.killedEngine", true);
Found : user_pref("CommunityToolbar.undefined", "");
Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("browser.search.defaultenginename", "MyStart Search");
Found : user_pref("browser.search.order.1", "Ask.com");
Found : user_pref("browser.search.selectedEngine", "MyStart Search");
Found : user_pref("extensions.questbasic.init", true);
Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=too[...]
Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]
-\\ Google Chrome v23.0.1271.97
File : C:\Users\terri\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [38171 octets] - [02/01/2013 10:54:59]
########## EOF - C:\AdwCleaner[R1].txt - [38232 octets] ##########
-
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2012.12.27.10
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
terri :: TERRI-PC [administrator]
12/27/2012 6:40:22 PM
mbam-log-2012-12-27 (18-40-22).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 275887
Time elapsed: 11 minute(s), 5 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by terri at 10:59:08 on 2012-12-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2366 [GMT -6:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
C:\Program Files (x86)\iWin Games\iWinTrusted.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173602102216p0325v1j5r49m1s452
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173602102216p0325v1j5r49m1s452
mSearchAssistant = hxxp://start.facemoods.com/?a=ppcb2&s={searchTerms}&f=4
uURLSearchHooks: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - <orphaned>
uURLSearchHooks: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - <orphaned>
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: IEHlprObj Class: {8CA5ED52-F3FB-4414-A105-2E3491156990} -
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - <orphaned>
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Client\YontooIEClient.dll
TB: facemoods Toolbar: {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} -
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
uRun: [incrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\terri\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\YAHOO!~1.LNK - C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{C61C7BDB-C7BF-43D9-BA92-45BF4C12003B} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{E1BD5EBB-804F-4881-9F04-E856EBF4BFCC} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{E1BD5EBB-804F-4881-9F04-E856EBF4BFCC}\2375942554032303 : DHCPNameServer = 192.168.1.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173602102216p0325v1j5r49m1s452
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\terri\AppData\Roaming\Mozilla\Firefox\Profiles\lzy9ybr7.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/mb156/?loc=ff_address_bar&a=6OxWR7DJUn&search=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\terri\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\terri\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll
FF - plugin: C:\Users\terri\AppData\LocalLow\Sony Online Entertainment\npsoe.dll
FF - plugin: C:\Users\terri\AppData\LocalLow\Sony Online Entertainment\npsoeact.dll
FF - plugin: C:\Users\terri\AppData\Roaming\Mozilla\Firefox\Profiles\lzy9ybr7.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-3-21 984144]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-2-11 370288]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-2-11 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-2-11 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-11-21 44808]
R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 iWinTrusted;iWinTrusted;C:\Program Files (x86)\iWin Games\iWinTrusted.exe [2011-4-8 176848]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-5-1 2666880]
R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-10-29 240160]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-23 344680]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;C:\Windows\System32\drivers\wg111v3.sys [2011-4-10 446976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\System32\drivers\netr7364.sys [2010-2-24 726816]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 128456]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-12 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-17 1255736]
.
=============== Created Last 30 ================
.
2012-12-28 16:01:26 -------- d-----w- C:\ComboFix
2012-12-28 00:56:03 98816 ----a-w- C:\Windows\sed.exe
2012-12-28 00:56:03 256000 ----a-w- C:\Windows\PEV.exe
2012-12-28 00:56:03 208896 ----a-w- C:\Windows\MBR.exe
2012-12-28 00:35:12 -------- d-----w- C:\Users\terri\AppData\Local\Programs
2012-12-27 20:43:52 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2012-12-27 17:28:27 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A334D8EF-D258-4D71-A780-07228A74FF09}\mpengine.dll
2012-12-26 14:37:47 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-12-25 21:45:20 -------- d-----w- C:\Users\terri\AppData\Roaming\AzuazGames
2012-12-21 04:15:07 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-21 04:15:07 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-21 04:15:05 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-21 04:15:03 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-12 19:57:03 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-12-12 19:57:02 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-12-12 19:57:01 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-12-12 19:57:01 304640 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2012-12-12 19:57:01 182816 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2012-12-12 19:57:01 149552 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2012-12-12 19:57:00 194048 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
2012-12-12 19:57:00 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-12-12 13:59:05 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-12-12 13:59:05 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-12-12 13:57:27 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-12-12 13:57:26 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-12-10 13:58:49 -------- d-----w- C:\Program Files (x86)\Perion
2012-12-05 14:51:34 -------- d-----w- C:\Users\terri\AppData\Local\{15CABC11-2DCC-425A-B575-37D8221A7899}
2012-11-28 17:49:56 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8DEB148D-ED73-48A9-BF29-4D5531B951B1}\gapaengine.dll
.
==================== Find3M ====================
.
2012-12-14 22:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-11 22:20:43 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-11 22:20:43 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-30 23:51:55 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-10-30 23:51:55 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-10-30 23:51:07 41224 ----a-w- C:\Windows\avastSS.scr
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-15 16:59:28 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
.
============= FINISH: 10:59:24.91 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/11/2010 2:58:56 PM
System Uptime: 12/28/2012 9:51:46 AM (1 hours ago)
.
Motherboard: eMachines | | EMCP73VT-PM
Processor: Pentium® Dual-Core CPU E5400 @ 2.70GHz | CPU 1 | 2700/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 686 GiB total, 631.751 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP436: 12/20/2012 7:47:20 PM - Scheduled Checkpoint
RP437: 12/20/2012 10:14:46 PM - Windows Update
RP438: 12/24/2012 7:48:43 PM - Windows Update
RP439: 12/27/2012 6:56:08 PM - ComboFix created restore point
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.2 MUI
Adobe Shockwave Player 11.6
Advertising Center
Angry Birds Rio
Angry Birds Seasons
Apple Application Support
Apple Software Update
avast! Free Antivirus
Beetle Bug 3 (remove only)
Compatibility Pack for the 2007 Office system
D3DX10
DivX Web Player
eMachines Games
eMachines Recovery Management
eMachines Registration
eMachines ScreenSaver
eMachines Updater
Fairy Island
Fluttabyes
Free Realms Installer
Google Chrome
Google Update Helper
Identity Card
ImagXpress
IncrediMail
IncrediMail 2.0
iWin Games (remove only)
Java 7 Update 9
Java Auto Updater
Junk Mail filter update
Letters from Nowhere (remove only)
Linksys Compact Wireless-G USB Adapter Driver - WUSB54GC
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery of Mortlake Mansion (remove only)
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
NETGEAR WG111v3 wireless USB 2.0 adapter
NVIDIA Display Control Panel
NVIDIA Drivers
Our Worst Fears: Stained Skin
Photo Notifier and Animation Creator
PhotoMail Maker
PVSonyDll
QuickTime
Realtek High Definition Audio Driver
Revo Uninstaller 1.94
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
SOE Web Installer
swMSM
TeamViewer 7
Time Riddles: The Mansion (remove only)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Welcome Center
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Yahoo! BrowserPlus 2.9.2
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Widgets
Yontoo Layers Client 1.10.01
.
==== Event Viewer Messages From Past Week ========
.
12/28/2012 10:08:19 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/27/2012 8:02:59 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
12/27/2012 8:02:59 PM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/27/2012 7:52:08 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
12/23/2012 8:24:39 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
.
==== End Of File ===========================
I tried to run Combofix but no matter how long I gave it, it always locked up at the preparing report screen and never gave a report.
-
Hey again, been asked to help a family member with their computer and this program/malware thing seems to have appeared. I've done all the things I know but haven't managed to be rid of it, any help would be much appreciated, thanks. Just as an added, there's probably all kinds of random things on this computer that need not be there, parents computers can be a mess.
MalwareBytes Log :
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.12.27.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
terri :: TERRI-PC [administrator]
12/27/2012 2:38:53 PM
mbam-log-2012-12-27 (14-38-53).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 276280
Time elapsed: 7 minute(s), 6 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
DDS.txt
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by terri at 14:55:22 on 2012-12-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.1853 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
C:\Program Files (x86)\iWin Games\iWinTrusted.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\terri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\terri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\terri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\terri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\terri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\terri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\terri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\terri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\terri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\terri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\terri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\terri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\terri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Windows\notepad.exe
C:\Users\terri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\terri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173602102216p0325v1j5r49m1s452
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173602102216p0325v1j5r49m1s452
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173602102216p0325v1j5r49m1s452
mSearchAssistant = hxxp://start.facemoods.com/?a=ppcb2&s={searchTerms}&f=4
uURLSearchHooks: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - <orphaned>
uURLSearchHooks: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - <orphaned>
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: IEHlprObj Class: {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - <orphaned>
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Client\YontooIEClient.dll
TB: facemoods Toolbar: {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} -
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
uRun: [Google Update] "C:\Users\terri\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [incrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\terri\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\YAHOO!~1.LNK - C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{C61C7BDB-C7BF-43D9-BA92-45BF4C12003B} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{E1BD5EBB-804F-4881-9F04-E856EBF4BFCC} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{E1BD5EBB-804F-4881-9F04-E856EBF4BFCC}\2375942554032303 : DHCPNameServer = 192.168.1.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173602102216p0325v1j5r49m1s452
x64-mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173602102216p0325v1j5r49m1s452
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\terri\AppData\Roaming\Mozilla\Firefox\Profiles\lzy9ybr7.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/mb156/?loc=ff_address_bar&a=6OxWR7DJUn&search=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\terri\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\terri\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll
FF - plugin: C:\Users\terri\AppData\LocalLow\Sony Online Entertainment\npsoe.dll
FF - plugin: C:\Users\terri\AppData\LocalLow\Sony Online Entertainment\npsoeact.dll
FF - plugin: C:\Users\terri\AppData\Roaming\Mozilla\Firefox\Profiles\lzy9ybr7.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-3-21 984144]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-2-11 370288]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-2-11 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-2-11 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-11-21 44808]
R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 iWinTrusted;iWinTrusted;C:\Program Files (x86)\iWin Games\iWinTrusted.exe [2011-4-8 176848]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 128456]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-5-1 2666880]
R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-10-29 240160]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-23 344680]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;C:\Windows\System32\drivers\wg111v3.sys [2011-4-10 446976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\System32\drivers\netr7364.sys [2010-2-24 726816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-12 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-17 1255736]
.
=============== Created Last 30 ================
.
2012-12-27 20:43:52 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2012-12-27 17:28:27 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A334D8EF-D258-4D71-A780-07228A74FF09}\mpengine.dll
2012-12-26 14:37:47 9125352 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-12-25 21:45:20 -------- d-----w- C:\Users\terri\AppData\Roaming\AzuazGames
2012-12-21 04:15:07 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-21 04:15:07 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-21 04:15:05 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-21 04:15:03 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-12 19:57:03 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-12-12 19:57:02 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-12-12 19:57:01 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-12-12 19:57:01 304640 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2012-12-12 19:57:01 182816 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2012-12-12 19:57:01 149552 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2012-12-12 19:57:00 194048 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
2012-12-12 19:57:00 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-12-12 13:59:05 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-12-12 13:59:05 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-12-12 13:57:27 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-12-12 13:57:26 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-12-10 13:58:49 -------- d-----w- C:\Program Files (x86)\Perion
2012-12-05 14:51:34 -------- d-----w- C:\Users\terri\AppData\Local\{15CABC11-2DCC-425A-B575-37D8221A7899}
2012-11-28 17:49:56 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8DEB148D-ED73-48A9-BF29-4D5531B951B1}\gapaengine.dll
.
==================== Find3M ====================
.
2012-12-11 22:20:43 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-11 22:20:43 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-30 23:51:55 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-10-30 23:51:55 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-10-30 23:51:07 41224 ----a-w- C:\Windows\avastSS.scr
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-15 16:59:28 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-09-30 01:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 14:56:46.96 ===============
Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/11/2010 2:58:56 PM
System Uptime: 12/27/2012 11:04:21 AM (3 hours ago)
.
Motherboard: eMachines | | EMCP73VT-PM
Processor: Pentium® Dual-Core CPU E5400 @ 2.70GHz | CPU 1 | 2700/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 686 GiB total, 630.86 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP436: 12/20/2012 7:47:20 PM - Scheduled Checkpoint
RP437: 12/20/2012 10:14:46 PM - Windows Update
RP438: 12/24/2012 7:48:43 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.2 MUI
Adobe Shockwave Player 11.6
Advertising Center
Angry Birds Rio
Angry Birds Seasons
Apple Application Support
Apple Software Update
avast! Free Antivirus
Beetle Bug 3 (remove only)
Compatibility Pack for the 2007 Office system
D3DX10
DivX Web Player
eMachines Games
eMachines Recovery Management
eMachines Registration
eMachines ScreenSaver
eMachines Updater
Fairy Island
Fluttabyes
Free Realms Installer
Google Chrome
Google Update Helper
Identity Card
ImagXpress
IncrediMail
IncrediMail 2.0
iWin Games (remove only)
Java 7 Update 9
Java Auto Updater
Junk Mail filter update
Letters from Nowhere (remove only)
Linksys Compact Wireless-G USB Adapter Driver - WUSB54GC
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery of Mortlake Mansion (remove only)
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
NETGEAR WG111v3 wireless USB 2.0 adapter
NVIDIA Display Control Panel
NVIDIA Drivers
Our Worst Fears: Stained Skin
Photo Notifier and Animation Creator
PhotoMail Maker
PVSonyDll
QuickTime
Realtek High Definition Audio Driver
Revo Uninstaller 1.94
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
SOE Web Installer
swMSM
TeamViewer 7
Time Riddles: The Mansion (remove only)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Welcome Center
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Yahoo! BrowserPlus 2.9.2
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Widgets
Yontoo Layers Client 1.10.01
.
==== Event Viewer Messages From Past Week ========
.
12/23/2012 8:24:39 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
12/21/2012 9:27:53 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
12/21/2012 9:27:53 AM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/20/2012 7:45:45 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
12/20/2012 7:45:45 PM, Error: nvstor64 [3] - Data error on device. Device: \Device\RaidPort0 Model: ST3750528AS Firmware Version: CC44 Serial Number: 9VP3NY78 Port: 0
.
==== End Of File ===========================
-
Thanks for the help, just a quick question before this gets locked.
What programs would you suggest to help out with proper security as well as in general for that would be ideal to run regularly.
I plan on getting a paid version of malwarebytes in the coming week or so, but any other programs you'd suggest to help out and be vigilante. As well as a heads up on which virus protection to run concurrently with malwarebytes would be much appreciate, thanks again for your help.
-
Nope, no issues, everything looks to be working well.
-
Just for easier viewing.
C:\Windows\system32>sc qc wscsvc
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: wscsvc
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START (DELAYED)
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Windows\System32\svchost.exe -k LocalServiceNetw
orkRestricted
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Security Center
DEPENDENCIES : RpcSs
: winmgmt
SERVICE_START_NAME : NT AUTHORITY\LocalService
C:\Windows\system32>sc queryex wscsvc
SERVICE_NAME: wscsvc
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 372
FLAGS : -
Adobe showed there was no updates available and here is the log.
C:\Windows\system32>sc qc wscsvc
[sC] QueryServiceConfig SUCCESS
SERVICE_NAME: wscsvc
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START (DELAYED)
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Windows\System32\svchost.exe -k LocalServiceNetw
orkRestricted
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Security Center
DEPENDENCIES : RpcSs
: winmgmt
SERVICE_START_NAME : NT AUTHORITY\LocalService
C:\Windows\system32>sc queryex wscsvc
SERVICE_NAME: wscsvc
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 372
FLAGS :
-
Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java 7 Update 9
Adobe Flash Player 11.5.502.135
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox 8.0 Firefox out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.91
Google Chrome 23.0.1271.95
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
-
Fixed it, log coming in a second. Windows updated today or sometime and I hadn't restarted to let them take effect.
-
I'm getting an error :
" UNSUPPORTED OPERATING SYSTEM! ABORTED!
"
-
The false positives are no issue and I have noticed any off the pop ups and babylon seems to be gone.
Numerous trojans/PUPs that keep coming back.
in Resolved Malware Removal Logs
Posted
Zemana AntiMalware 2.21.2.15 (Installed)
-------------------------------------------------------
Scan Result : Completed
Scan Date : 2016/6/19
Operating System : Windows 10 64-bit
Processor : 8X Intel(R) Core(TM) i7-4810MQ CPU @ 2.80GHz
BIOS Mode : UEFI
CUID : 125507D02439396FB3F275
Scan Type : Smart Scan
Duration : 1m 18s
Scanned Objects : 15514
Detected Objects : 5
Excluded Objects : 0
Read Level : Normal
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2
Detected Objects
-------------------------------------------------------
Edge Homepage
Status : Scanned
Object : search.mpc.am
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Edge Homepage
Chrome Shortcut
Status : Scanned
Object : --load-extension="C:\Program Files (x86)\Google\Chrome\Application\7416b758f99a3b204bb1fddf8ff624c1_2"
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Chrome Shortcut
Chrome Shortcut
Status : Scanned
Object : --load-extension="C:\Program Files (x86)\Google\Chrome\Application\7416b758f99a3b204bb1fddf8ff624c1_2"
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Chrome Shortcut
FLV Player
Status : Scanned
Object : %localappdata%\google\chrome\user data\default\extensions\dhogabmliblgpadclikpkjfnnipeebjm
MD5 : -
Publisher : -
Size : -
Version : -
Detection : PUA.ChromeExt!Gr
Cleaning Action : Repair
Related Objects :
Browser Extension - FLV Player
PCService.exe
Status : Scanned
Object : %programfiles%\pc service\pcservice.exe
MD5 : 7F8A8ECD6665D457C1373D226482A175
Publisher : -
Size : 722432
Version : 7.8.4.1
Detection : Adware:Win32/Vorniac.A!Krei
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\pc service\pcservice.exe
Scheduled Task - C:\WINDOWS\System32\Tasks\PC Service Worker
Cleaning Result
-------------------------------------------------------
Cleaned : 5
Reported as safe : 0
Failed : 0
First log, downloading other item now.