Jitter

Last summer I had an issue with Internet connection speed. I came here for help and got plenty of it, thanks again. I promised to come back if I had any new, positive information on this issue and that time has come. If interested please reference the original problem thread here: https://forums.malwarebytes.org/index.php?/topic/150237-internet-connection-speed-issue-iminent/ I had been using Mozilla Firefox since forever (8-10 years) and always loved and trusted it. More and more my Firefox had been off its game. Little things here and there. For one, the links on a page would sometimes all go dead, become unclickable. A quick refresh of the page would solve the problem so I gave it little thought, but there were a couple of other, very subtle issues with the Firefox performance. Since I had started using Chrome on my cell phone and liked it I decided to try it on my computer for the first time in many years. Chrome came with a bit of a learning curve, and there are some things I am not totally happy with and other things I miss from Firefox, but Chrome has come a long way since I last used it. For one thing I was impressed with how fast it is, and streamlined. I have been using it full time for a couple of weeks now and it appears to have become my full time browser. Now, for the connection to my previous Internet connection speed issue: Chrome seems to have solved it! After a fresh boot one day I decided to forego my usual workaround procedure to "turn off" my connection speed issue and went straight away to a speedtest.net. I was shocked to see my Net speed at full right out of the box. I tested that observation several times to confirm it, problem gone! Then, a few days ago, after a fresh boot I went to Firefox first and did a speed test without doing the workaround; speed was off by more than 90%. I switched to Chrome, tested again, and speed was back up to normal. I then went back to Firefox and found speed there also now tested normal. Hmmmm, so, just having started up Chrome had the same effect on my system as executing my previous workaround procedure. Huh. I am at a loss to understand this but facts are facts. Look at my original problem thread and in the first post I posted the results of an AdwCleaner scan and you will see, down under the Firefox browser results and you see the "prefs.js" file got listed. At the time this seemed to be nothing but could it be the source of the problem? I guess we still don't know and maybe we never will. For the time being, I think I can state that switching from Firefox to Chrome seems to have solved my problem. :-)

I understand. If I ever solve this I'll come back and post the solution in case anybody else runs into this issue. Thanks again for all the help.

Thanks. I already opened a thread there and took the liberty of sharing the results of our investigation with them. So far nobody has recognized the symptoms. It's been a while since I ran any of there tweaking tools so I will have an updated peek at those.

I rebooted and logged on to the new test user account (now with administrator privilege turned off). Internet connection speed came in at 28.48 down, 6.02 up. I logged off and then back on to my old admin user account; speed was 1.81 down, 1.94 up. After my workaround it was back up to normal. It's creepy. Since the new user account was pristine it can't have anything to do with settings made or corruption of the account. If you wanted to produce this effect, a choked connection speed, can you think of a network adapter setting you could change in order to do it?

I created a new user account with admin privileges. I rebooted and logged on to the new user account. To my surprise it acted exactly like my old, regular user account with a drastically slowed connection speed at 2/2. I logged off then logged on to the Guest account which does not have admin. privilege. Internet connection came in at full speed (28/5). I logged off then logged on to my old user account and Internet speed was back down to 2/2. Then after my workaround (turn off/on network adapter) connection speed was back up to my normal 28/5. I went and turned off the admin privilege for the new test user account and after my next boot I'll test it to see if it connects at full speed right away like the Guest account does. I guess it is now possible the problem is narrowed down to happening only when administrator privileges are loaded, if that makes any sense. Oddly, the "slowed" connection speed varies a lot more than my full speed does. Sometimes its 2/2, but sometimes it's 1.7/1.8, 2/4, 1.7/5, or even higher at 6/3. Makes no sense.

My motherboard does have an onboard network adapter, also an Intel part. I used that for the first 6 months of this computer's life but I started to feel I was had a slow-ping issue; two other computers connecting through the same hardware here were getting much better ping times than my main computer. At that time I installed a new PCIe Intel network adapter and though it didn't solve the ping issue it worked fine so I kept using it. Since that time the slow-ping issue has dissipated, maybe due to steps I took or maybe due to computer gremlins, but my ping times are fine now. When this new problem surfaced I tried switching back to the onboard NIC to see if that would help but this problem persisted on both NICs. I am currently using the PCIe part now. Over at Microsoft at least one helper seems to think I should create a new personal user account and port my files over to it and see if that doesn't solve the problem since it has already been shown that the Guest account does not suffer from this issue. Since I don't have anything to lose by trying that I suppose it's worth the effort but I'm a bit weary of the fight for now, and my workaround is a simple one. What I really want to find out is how the loading of my user account can affect my Internet connection speed and why simply disabling/re-enabling the network adapter reverses that affect. It's as if some software setting or preference executed during the load of the user account is doing it but if Intel doesn't know what that could be it's certainly over my head. Again, I'm very grateful for all the help, thank you.

I talked to Intel earlier. At their suggestion I removed the existing NIC software and installed the most recent version already. I want to thank you very much for all the work you have done helping me. I have learned much even though the one, odd problem persists. It is at least comforting to know I don't seem to have an active malware infection. I still wonder about some lingering Registry keys. I still have three sub-keys that refer to folder locations for "Iminent" but that folder no longer exist nor does any "Iminent" software. Can I assume it's all right to delete these Registry entries? Also, another POS came along with the former arrival of "Iminent" on my system, that being "Coupon Companion" and I still have keys relating to that. I'll post them here for you to see: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Coupon Companion Plugin_RASAPI32 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Coupon Companion Plugin_RASMANCS HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Coupon Companion Plugin-InternalInstaller_RASAPI32 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Coupon Companion Plugin-InternalInstaller_RASMANCS This following key contains AppData and AppPath sub-keys also relating to "Coupon Companion". That path is also nonexistent and there is no Coupon Companion software on my system: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211181104} All other "Iminent" keys appear to be gone and there were quite a few. After running DelFix I have just one of our programs left; ERUNT, which is fully installed in Windows. Shall I go ahead and uninstall it? DelFix # DelFix v10.7 - Logfile created 17/06/2014 at 23:05:15 # Updated 27/04/2014 by Xplode # Username : Jake Fin - JAKEFIN # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) ~ Removing disinfection tools ... Deleted : C:\Qoobox Deleted : C:\FRST Deleted : C:\AdwCleaner Deleted : C:\ComboFix.txt Deleted : C:\Users\Jake Fin\Desktop\Addition.txt Deleted : C:\Users\Jake Fin\Desktop\adwcleaner_3.212.exe Deleted : C:\Users\Jake Fin\Desktop\ComboFix.exe Deleted : C:\Users\Jake Fin\Desktop\FRST.txt Deleted : C:\Users\Jake Fin\Desktop\FRST64.exe Deleted : C:\Users\Jake Fin\Desktop\JRT.exe Deleted : C:\Users\Jake Fin\Desktop\JRT.txt Deleted : C:\Users\Jake Fin\Desktop\MiniToolBox.exe Deleted : C:\Users\Jake Fin\Desktop\Result.txt Deleted : C:\Users\Jake Fin\Desktop\rkill.exe Deleted : C:\Users\Jake Fin\Desktop\Rkill.txt Deleted : C:\Users\Jake Fin\Desktop\RogueKillerX64.exe Deleted : C:\Users\Jake Fin\Desktop\TFC.exe Deleted : C:\Windows\grep.exe Deleted : C:\Windows\PEV.exe Deleted : C:\Windows\NIRCMD.exe Deleted : C:\Windows\MBR.exe Deleted : C:\Windows\SED.exe Deleted : C:\Windows\SWREG.exe Deleted : C:\Windows\SWSC.exe Deleted : C:\Windows\SWXCACLS.exe Deleted : C:\Windows\Zip.exe Deleted : HKLM\SOFTWARE\OldTimer Tools Deleted : HKLM\SOFTWARE\AdwCleaner Deleted : HKLM\SOFTWARE\Swearware Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe ~ Creating registry backup ... OK ########## - EOF - ##########

Huh, funny thing is that I have had "Show hidden files" enabled many times, including recently, but never had the ghosted "desktop.ini" files show up on my desktop before. Odd. Anyway, yes, I am in my second year with Webroot and so far I am pleased with it, and of course I use the real time Pro version of MBAM. No, I don't see any evidence of active malware running around causing problems. And yes, as of my most recent boot the same Internet connection issue is still present. After a boot the speed is very low, then after disabling/re-enabling the network adapter connection speed jumps right back up to normal. I also think that if I were to log off, then log back on to my user account the "problem" would be back until I executed my little workaround. Have we run out of things to try and concluded there is no malware problem causing this issue?

I made the .ini files disappear. I checked and found my folder options was set to "View hidden files". I switched that back off and the ini. files went 'poof'.

BTW, after my little adventure with the TFC tool I am left with a pair of partially ghosted files on my desktop. Both are named desktop.ini. One is for my user account desktop (created when I made the user account) and the other is for the public desktop (created in 2009??) Never had them there before, odd, shouldn't they be hidden files? When should I reinstall Java?

Completed. There was some little excitement over the TFC tool. It immediately stopped responding and locked up my system. I got it to partially shut down with the 3-finger salute but was left with a black screen and a mouse cursor. Once I decided it was not going to complete the shutdown I had to force it to shut down with the power button. Once back to normal I downloaded a fresh copy of TFC and ran it without further drama. Re: Event Viewer issues, most or all are long-standing and known to me. There are one or two which are benign as far as I can tell. JavaRa User initialised redundant data purge. ...................... Removed registry subkey tree: JavaSoft Removed registry subkey tree: {5852F5EC-8BF4-11D4-A245-0080C6F74284} Removed registry subkey: application/java-deployment-toolkit Removed registry subkey: application/x-java-applet Removed registry subkey: application/x-java-jnlp-file Removed registry subkey tree: {5852F5E0-8BF4-11D4-A245-0080C6F74284} Removed registry subkey tree: JavaWebStart.isInstalled Removed registry subkey tree: JavaWebStart.isInstalled.1.7.0.0 Removed registry subkey tree: Browser Helper Objects Exception encountered in module [JavaRa] Message: Cannot delete a subkey tree because the subkey does not exist. at Microsoft.Win32.RegistryKey.DeleteSubKeyTreeInternal(String subkey) at Microsoft.Win32.RegistryKey.DeleteSubKeyTree(String subkey) at JavaRa.routines_registry.delete_key(String key) Removed registry subkey tree: JavaPlugin.10512 Removal routine completed successfully. 10 items have been deleted. == Cleaning JRE temporary files == Exception encountered in module [JavaRa] Message: Could not find a part of the path 'C:\Users\Jake Fin\AppData\LocalLow\Sun\Java\Deployment'. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.Directory.InternalGetFileDirectoryNames(String path, String userPathOriginal, String searchPattern, Boolean includeFiles, Boolean includeDirs, SearchOption searchOption) at System.IO.Directory.GetFiles(String path, String searchPattern, SearchOption searchOption) at JavaRa.routines_interface.clean_jre_temp_files() MiniToolBox MiniToolBox by Farbar Version: 13-06-2014 Ran by Jake Fin (administrator) on 17-06-2014 at 19:20:26 Running from "C:\Users\Jake Fin\Desktop" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is not enabled. No Proxy Server is set. "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= FF Proxy Settings: ============================== "Reset FF Proxy Settings": Firefox Proxy settings were reset. ========================= Hosts content: ================================= 127.0.0.1 localhost ========================= IP Configuration: ================================ Intel® Gigabit CT Desktop Adapter = Local Area Connection (Connected) Intel® 82579V Gigabit Network Connection = Local Area Connection 2 (Media disconnected) # ---------------------------------- # IPv4 Configuration # ---------------------------------- pushd interface ipv4 reset set global icmpredirects=enabled taskoffload=enabled popd # End of IPv4 configuration Windows IP Configuration Host Name . . . . . . . . . . . . : JakeFin Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter Local Area Connection 2: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel® 82579V Gigabit Network Connection Physical Address. . . . . . . . . : C8-60-00-CC-1D-0E DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel® Gigabit CT Desktop Adapter Physical Address. . . . . . . . . : 68-05-CA-12-1F-72 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::7972:8954:6811:e1d0%15(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Tuesday, June 17, 2014 7:15:55 PM Lease Expires . . . . . . . . . . : Wednesday, June 18, 2014 7:15:55 PM Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DHCPv6 IAID . . . . . . . . . . . : 258475466 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-0E-F9-6D-68-05-CA-12-1F-72 DNS Servers . . . . . . . . . . . : 192.168.1.1 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter isatap.{07C3C9BD-CB45-4683-943F-50E5DBF3B78F}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Teredo Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:10ca:283c:bde0:ff27(Preferred) Link-local IPv6 Address . . . . . : fe80::10ca:283c:bde0:ff27%11(Preferred) Default Gateway . . . . . . . . . : :: NetBIOS over Tcpip. . . . . . . . : Disabled Tunnel adapter isatap.{C06CC4D9-19FD-48A4-B58F-C6C5F68CE92B}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Server: UnKnown Address: 192.168.1.1 Name: google.com Addresses: 2607:f8b0:4006:803::1003 173.194.43.32 173.194.43.38 173.194.43.46 173.194.43.39 173.194.43.37 173.194.43.40 173.194.43.36 173.194.43.41 173.194.43.35 173.194.43.34 173.194.43.33 Pinging google.com [173.194.43.32] with 32 bytes of data: Reply from 173.194.43.32: bytes=32 time=57ms TTL=54 Reply from 173.194.43.32: bytes=32 time=62ms TTL=54 Ping statistics for 173.194.43.32: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 57ms, Maximum = 62ms, Average = 59ms Server: UnKnown Address: 192.168.1.1 Name: yahoo.com Addresses: 206.190.36.45 98.138.253.109 98.139.183.24 Pinging yahoo.com [206.190.36.45] with 32 bytes of data: Reply from 206.190.36.45: bytes=32 time=124ms TTL=48 Reply from 206.190.36.45: bytes=32 time=109ms TTL=48 Ping statistics for 206.190.36.45: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 109ms, Maximum = 124ms, Average = 116ms Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms =========================================================================== Interface List 16...c8 60 00 cc 1d 0e ......Intel® 82579V Gigabit Network Connection 15...68 05 ca 12 1f 72 ......Intel® Gigabit CT Desktop Adapter 1...........................Software Loopback Interface 1 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.3 20 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.1.0 255.255.255.0 On-link 192.168.1.3 276 192.168.1.3 255.255.255.255 On-link 192.168.1.3 276 192.168.1.255 255.255.255.255 On-link 192.168.1.3 276 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.1.3 276 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.1.3 276 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 11 58 ::/0 On-link 1 306 ::1/128 On-link 11 58 2001::/32 On-link 11 306 2001:0:9d38:90d7:10ca:283c:bde0:ff27/128 On-link 15 276 fe80::/64 On-link 11 306 fe80::/64 On-link 11 306 fe80::10ca:283c:bde0:ff27/128 On-link 15 276 fe80::7972:8954:6811:e1d0/128 On-link 1 306 ff00::/8 On-link 11 306 ff00::/8 On-link 15 276 ff00::/8 On-link =========================================================================== Persistent Routes: None ========================= Winsock entries ===================================== Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation) Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation) Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation) Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation) x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation) x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation) x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) ========================= Event log errors: =============================== Application errors: ================== Error: (06/17/2014 07:17:43 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/17/2014 07:02:03 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/17/2014 06:14:30 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/16/2014 07:29:13 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/16/2014 07:19:01 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/16/2014 07:02:50 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/16/2014 06:28:41 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/15/2014 08:13:10 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/15/2014 08:06:19 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/15/2014 05:33:00 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (06/17/2014 07:00:13 PM) (Source: EventLog) (User: ) Description: The previous system shutdown at 6:50:36 PM on ‎6/‎17/‎2014 was unexpected. Error: (06/16/2014 07:16:30 PM) (Source: Service Control Manager) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (06/16/2014 07:15:59 PM) (Source: Application Popup) (User: ) Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (06/16/2014 07:14:54 PM) (Source: Service Control Manager) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (06/15/2014 08:52:56 PM) (Source: Service Control Manager) (User: ) Description: The Steam Client Service service failed to start due to the following error: %%1053 Error: (06/15/2014 08:52:56 PM) (Source: Service Control Manager) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. Error: (06/15/2014 08:02:45 PM) (Source: Service Control Manager) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AMD External Events Utility service. Microsoft Office Sessions: ========================= Error: (06/17/2014 07:17:43 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/17/2014 07:02:03 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/17/2014 06:14:30 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/16/2014 07:29:13 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/16/2014 07:19:01 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/16/2014 07:02:50 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/16/2014 06:28:41 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/15/2014 08:13:10 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/15/2014 08:06:19 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/15/2014 05:33:00 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2014-06-16 19:15:59.367 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-06-16 19:15:59.336 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. =========================== Installed Programs ============================ Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated) Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated) Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.01.01 - ASUSTeK Computer Inc.) AMD Accelerated Video Transcoding (Version: 13.30.100.40417 - Advanced Micro Devices, Inc.) Hidden AMD Catalyst Control Center (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology) Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology) ASUS Product Register Program (HKLM-x32\...\{49BE9B8A-E858-4533-A74A-64306C13DB59}) (Version: 1.0.014 - ASUS) Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team) Batman: Arkham Asylum GOTY Edition (HKLM-x32\...\Steam App 35140) (Version: - Rocksteady Studios) Batman: Arkham City GOTY (HKLM-x32\...\Steam App 200260) (Version: - Rocksteady Studios) BCL easyConverter SDK 3 (Word Version) 64 (HKLM\...\{350CC85B-CA59-4F85-909D-8E4CDBF532FA}) (Version: 3.0.64 - BCL Technologies) BovadaPoker (HKLM-x32\...\{D7CA2DF8-95CE-4C80-9296-98E21219A1E5}}_is1) (Version: - ) Call of Duty® 4 - Modern Warfare (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.6 - Activision) Call of Duty® 4 - Modern Warfare (x32 Version: 1.6 - Activision) Hidden CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden Canon D400-450 (HKLM\...\{87AEED05-C717-47bc-93BB-F8E527D2690F}) (Version: - ) Canon MF Toolbox 4.9.1.1.mf13 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf13 - CANON INC.) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.0.3717 - CDBurnerXP) CPUID CPU-Z 1.68 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) Crysis (HKLM-x32\...\Steam App 17300) (Version: - Crytek) Desktop Restore (HKLM\...\{15D07D6F-E4CC-41D9-88A3-94115E5E5A10}) (Version: 1.6.3 - JOConnell) Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD) eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer) Family Tree Maker 2014 (HKLM-x32\...\Family Tree Maker 2014) (Version: 22.0.207 - Ancestry.com, Inc.) Family Tree Maker 2014 (Version: 22.0.207 - Ancestry.com, Inc.) Hidden Far Cry (HKLM-x32\...\InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}) (Version: 1.00.0000 - Ubisoft) Far Cry (Patch 1.4) (x32 Version: 1.00.0000 - Ubisoft) Hidden Far Cry (x32 Version: 1.00.0000 - Ubisoft) Hidden FileZilla Client 3.7.3 (HKCU\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse) GameSpy Comrade (HKLM-x32\...\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}) (Version: 1.5.0.156 - GameSpy) Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version: - Square Enix) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel® Network Connections 19.1.51.0 (HKLM\...\PROSetDX) (Version: 19.1.51.0 - Intel) Intel® Network Connections 19.1.51.0 (Version: 19.1.51.0 - Intel) Hidden Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation) Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) LibreOffice 3.6 Help Pack (English) (HKLM-x32\...\{4236F0C5-21D7-45FB-A3BF-762C0ED8CC28}) (Version: 3.6.3.2 - The Document Foundation) LibreOffice 4.1.3.2 (HKLM-x32\...\{4F3722AD-197D-4DBB-BDFB-D2F0D6776354}) (Version: 4.1.3.2 - The Document Foundation) Logitech SetPoint 6.52 (HKLM\...\sp6) (Version: 6.52.74 - Logitech) Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.) LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden LWS Gallery (x32 Version: 13.51.827.0 - Logitech) Hidden LWS Help_main (x32 Version: 13.51.828.0 - Logitech) Hidden LWS Launcher (x32 Version: 13.51.828.0 - Logitech) Hidden LWS Pictures And Video (x32 Version: 13.51.815.0 - Logitech) Hidden LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden LWS Webcam Software (x32 Version: 13.51.815.0 - Logitech) Hidden LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Games for Windows - LIVE (HKLM-x32\...\{B45FABE7-D101-4D99-A671-E16DA40AF7F0}) (Version: 3.0.86.0 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{B578C85A-A84C-4230-A177-C5B2AF565B8C}) (Version: 3.0.17.0 - Microsoft Corporation) Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden Mozilla Firefox 16.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 16.0.2 (x86 en-US)) (Version: 16.0.2 - Mozilla) Mozilla Firefox 29.0.1 (x86 en-US) (HKCU\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 16.0.2 - Mozilla) Mozilla Thunderbird 16.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 16.0.2 (x86 en-US)) (Version: 16.0.2 - Mozilla) Mozilla Thunderbird 24.6.0 (x86 en-US) (HKCU\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NVIDIA PhysX (HKLM-x32\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation) PokerStars.net (HKLM-x32\...\PokerStars.net) (Version: - PokerStars.net) Presto! PageManager 7.15.35 (HKLM-x32\...\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}) (Version: 7.15.35 - NewSoft Technology Corporation) QQ International (HKLM-x32\...\{3CA54984-A14B-42FE-9FF1-7EA90151D725}) (Version: 1.91.1369.0 - Tencent Technology(Shenzhen) Company Limited) Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit) Raptr (HKLM-x32\...\Raptr) (Version: - ) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.) Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.3.0 - Samsung Electronics) Skype™ 6.0 (HKLM-x32\...\{EA17F4FC-FDBF-4CF8-A529-2D983132D053}) (Version: 6.0.126 - Skype Technologies S.A.) Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version: - Square Enix) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc) TurboTax 2013 WinPerFedFormset (x32 Version: 013.000.2166 - Intuit Inc.) Hidden TurboTax 2013 WinPerReleaseEngine (x32 Version: 013.000.0492 - Intuit Inc.) Hidden TurboTax 2013 WinPerTaxSupport (x32 Version: 013.000.0169 - Intuit Inc.) Hidden TurboTax 2013 wmaiper (x32 Version: 013.000.1523 - Intuit Inc.) Hidden TurboTax 2013 wrapper (x32 Version: 013.000.0135 - Intuit Inc.) Hidden Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.) Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 8.0.4.84 - Webroot) ========================= Devices: ================================ ========================= Memory info: =================================== Percentage of memory in use: 12% Total physical RAM: 16330.86 MB Available physical RAM: 14296.23 MB Total Pagefile: 17353.04 MB Available Pagefile: 15021.01 MB Total Virtual: 4095.88 MB Available Virtual: 3966.09 MB ========================= Partitions: ===================================== 1 Drive c: () (Fixed) (Total:238.37 GB) (Free:202.96 GB) NTFS 4 Drive f: (Jake Fin Files) (Fixed) (Total:97.66 GB) (Free:74.21 GB) NTFS 5 Drive g: (Games) (Fixed) (Total:196.29 GB) (Free:37.44 GB) NTFS 6 Drive h: (Storage) (Fixed) (Total:49.8 GB) (Free:35.57 GB) NTFS 7 Drive i: (Boot Image) (Fixed) (Total:537.11 GB) (Free:494.83 GB) NTFS 8 Drive j: (Archives) (Fixed) (Total:394.4 GB) (Free:393.51 GB) NTFS ========================= Users: ======================================== User accounts for \\JAKEFIN Administrator ASPNET Guest Jake Fin ========================= Minidump Files ================================== No minidump file found **** End of log **** I'm starting to feel quite naked and exposed

Just completed the ComboFix scan. So far nothing appears to have been unduly molested. I just tested my connection speed issue and that, too, is unchanged. It took a second reboot to get everything up and running. Speed tested at 2/2, then after the Disable/Enable of the network adapter speed came back at 28/5. ComboFix log below; I don't think even the NSA knows this much about me now :-) ComboFix 14-06-16.01 - Jake Fin 06/16/2014 19:13:58.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16331.14172 [GMT -4:00] Running from: c:\users\Jake Fin\Desktop\ComboFix.exe AV: Webroot SecureAnywhere *Disabled/Updated* {66A6FE14-08CB-F415-3742-517201416109} SP: Webroot SecureAnywhere *Disabled/Updated* {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Jake Fin\AppData\Roaming\Local c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\af_ZA\af_ZA.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\ar_EG\ar_EG.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\ar_SA\ar_SA.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\az_AZ\az_AZ.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\be_BY\be_BY.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\bg_BG\bg_BG.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\bn_BD\bn_BD.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\bs_BA\bs_BA.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\ca_ES\ca_ES.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\cs_CZ\cs_CZ.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\da_DK\da_DK.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\de_DE\de_DE.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\de_DE\messages.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\de_DE\wxstd.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\el_GR\el_GR.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\en_AU\en_AU.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\en_GB\en_GB.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\en_US\en_US.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\eo_US\eo_US.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\es_ES\es_ES.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\es_MX\es_MX.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\et_EE\et_EE.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\fa_IR\fa_IR.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\fa_IR\messages.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\fi_FI\fi_FI.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\fr_CA\fr_CA.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\fr_FR\fr_FR.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\fr_FR\messages.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\ga_IE\ga_IE.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\gl_ES\gl_ES.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\gu_IN\gu_IN.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\he_IL\he_IL.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\he_IL\messages.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\hi_IN\hi_IN.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\hr_HR\hr_HR.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\hu_HU\hu_HU.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\id_ID\id_ID.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\is_IS\is_IS.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\it_IT\it_IT.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\ja_JP\ja_JP.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\ka_GE\ka_GE.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\kn_IN\kn_IN.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\ko_KR\ko_KR.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\lt_LT\lt_LT.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\lv_LV\lv_LV.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\mg_MG\mg_MG.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\mk_MK\mk_MK.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\ml_IN\ml_IN.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\mr_IN\mr_IN.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\ms_MY\ms_MY.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\nb_NO\nb_NO.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\nl_NL\junk.html c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\nl_NL\messages.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\nl_NL\nl_NL.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\nn_NO\nn_NO.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\pa_IN\pa_IN.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\pl_PL\pl_PL.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\pt_BR\pt_BR.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\pt_PT\pt_PT.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\ro_RO\ro_RO.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\ru_RU\ru_RU.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\si_LK\si_LK.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\sk_SK\sk_SK.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\sl_SI\sl_SI.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\sq_AL\sq_AL.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\sr_RS\sr_RS.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\sv_SE\messages.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\sv_SE\sv_SE.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\ta_IN\ta_IN.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\th_TH\th_TH.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\tl_PH\tl_PH.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\tr_TR\tr_TR.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\uk_UA\uk_UA.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\ur_PK\ur_PK.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\vi_VN\vi_VN.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\zh_CN\zh_CN.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\zh_TW\zh_TW.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\lp_languages.zip c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\af_ZA\af_ZA.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\af_ZA\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\ar_EG\ar_EG.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\ar_EG\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\ar_SA\ar_SA.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\ar_SA\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\az_AZ\az_AZ.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\az_AZ\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\be_BY\be_BY.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\be_BY\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\bg_BG\bg_BG.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\bg_BG\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\bn_BD\bn_BD.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\bn_BD\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\bs_BA\bs_BA.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\bs_BA\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\ca_ES\ca_ES.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\ca_ES\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\cs_CZ\cs_CZ.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\cs_CZ\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\da_DK\da_DK.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\da_DK\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\de_DE\de_DE.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\de_DE\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\de_DE\messages.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\de_DE\wxstd.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\el_GR\el_GR.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\el_GR\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\en_AU\en_AU.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\en_AU\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\en_GB\en_GB.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\en_GB\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\en_US\en_US.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\en_US\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\eo_US\eo_US.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\eo_US\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\es_ES\es_ES.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\es_ES\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\es_MX\es_MX.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\es_MX\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\et_EE\et_EE.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\et_EE\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\fa_IR\fa_IR.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\fa_IR\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\fa_IR\messages.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\fi_FI\fi_FI.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\fi_FI\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\fr_CA\fr_CA.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\fr_CA\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\fr_FR\fr_FR.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\fr_FR\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\fr_FR\messages.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\ga_IE\ga_IE.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\ga_IE\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\gl_ES\gl_ES.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\gl_ES\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\gu_IN\gu_IN.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\gu_IN\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\he_IL\he_IL.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\he_IL\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\he_IL\messages.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\hi_IN\hi_IN.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\hi_IN\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\hr_HR\hr_HR.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\hr_HR\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\hu_HU\hu_HU.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\hu_HU\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\id_ID\id_ID.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\id_ID\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\is_IS\is_IS.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\is_IS\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\it_IT\it_IT.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\it_IT\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\ja_JP\ja_JP.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\ja_JP\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\ka_GE\ka_GE.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\ka_GE\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\kn_IN\kn_IN.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\kn_IN\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\ko_KR\ko_KR.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\ko_KR\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\lt_LT\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\lt_LT\lt_LT.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\lv_LV\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\lv_LV\lv_LV.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\mg_MG\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\mg_MG\mg_MG.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\mk_MK\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\mk_MK\mk_MK.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\ml_IN\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\ml_IN\ml_IN.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\mr_IN\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\mr_IN\mr_IN.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\ms_MY\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\ms_MY\ms_MY.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\nb_NO\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\nb_NO\nb_NO.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\nl_NL\junk.html c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\nl_NL\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\nl_NL\messages.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\nl_NL\nl_NL.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\nn_NO\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\nn_NO\nn_NO.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\pa_IN\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\pa_IN\pa_IN.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\pl_PL\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\pl_PL\pl_PL.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\pt_BR\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\pt_BR\pt_BR.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\pt_PT\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\pt_PT\pt_PT.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\ro_RO\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\ro_RO\ro_RO.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\ru_RU\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\ru_RU\ru_RU.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\si_LK\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\si_LK\si_LK.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\sk_SK\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\sk_SK\sk_SK.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\sl_SI\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\sl_SI\sl_SI.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\sq_AL\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\sq_AL\sq_AL.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\sr_RS\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\sr_RS\sr_RS.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\sv_SE\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\sv_SE\messages.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\sv_SE\sv_SE.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\ta_IN\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\ta_IN\ta_IN.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\th_TH\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\th_TH\th_TH.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\tl_PH\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\tl_PH\tl_PH.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\tr_TR\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\tr_TR\tr_TR.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\uk_UA\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\uk_UA\uk_UA.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\ur_PK\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\ur_PK\ur_PK.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\vi_VN\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\vi_VN\vi_VN.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\zh_CN\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\zh_CN\zh_CN.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\zh_TW\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\zh_TW\zh_TW.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\lp_languages.zip c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\af_ZA\af_ZA.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\ar_EG\ar_EG.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\ar_SA\ar_SA.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\az_AZ\az_AZ.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\be_BY\be_BY.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\bg_BG\bg_BG.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\bn_BD\bn_BD.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\bs_BA\bs_BA.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\ca_ES\ca_ES.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\cs_CZ\cs_CZ.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\da_DK\da_DK.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\de_DE\de_DE.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\de_DE\messages.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\de_DE\wxstd.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\el_GR\el_GR.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\en_AU\en_AU.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\en_GB\en_GB.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\en_US\en_US.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\eo_US\eo_US.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\es_ES\es_ES.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\es_MX\es_MX.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\et_EE\et_EE.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\fa_IR\fa_IR.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\fa_IR\messages.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\fi_FI\fi_FI.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\fr_CA\fr_CA.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\fr_FR\fr_FR.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\fr_FR\messages.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\ga_IE\ga_IE.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\gl_ES\gl_ES.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\gu_IN\gu_IN.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\he_IL\he_IL.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\he_IL\messages.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\hi_IN\hi_IN.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\hr_HR\hr_HR.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\hu_HU\hu_HU.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\id_ID\id_ID.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\is_IS\is_IS.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\it_IT\it_IT.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\ja_JP\ja_JP.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\ka_GE\ka_GE.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\kn_IN\kn_IN.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\ko_KR\ko_KR.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\lt_LT\lt_LT.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\lv_LV\lv_LV.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\mg_MG\mg_MG.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\mk_MK\mk_MK.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\ml_IN\ml_IN.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\mr_IN\mr_IN.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\ms_MY\ms_MY.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\nb_NO\nb_NO.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\nl_NL\junk.html c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\nl_NL\messages.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\nl_NL\nl_NL.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\nn_NO\nn_NO.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\pa_IN\pa_IN.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\pl_PL\pl_PL.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\pt_BR\pt_BR.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\pt_PT\pt_PT.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\ro_RO\ro_RO.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\ru_RU\ru_RU.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\si_LK\si_LK.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\sk_SK\sk_SK.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\sl_SI\sl_SI.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\sq_AL\sq_AL.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\sr_RS\sr_RS.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\sv_SE\messages.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\sv_SE\sv_SE.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\ta_IN\ta_IN.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\th_TH\th_TH.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\tl_PH\tl_PH.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\tr_TR\tr_TR.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\uk_UA\uk_UA.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\ur_PK\ur_PK.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\vi_VN\vi_VN.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\zh_CN\zh_CN.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\zh_TW\zh_TW.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\lp_languages.zip c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp628635217\lp_languages.zip c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\af_ZA\af_ZA.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\af_ZA\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\ar_EG\ar_EG.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\ar_EG\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\ar_SA\ar_SA.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\ar_SA\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\az_AZ\az_AZ.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\az_AZ\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\be_BY\be_BY.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\be_BY\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\bg_BG\bg_BG.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\bg_BG\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\bn_BD\bn_BD.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\bn_BD\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\bs_BA\bs_BA.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\bs_BA\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\ca_ES\ca_ES.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\ca_ES\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\cs_CZ\cs_CZ.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\cs_CZ\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\da_DK\da_DK.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\da_DK\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\de_DE\de_DE.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\de_DE\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\de_DE\messages.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\de_DE\wxstd.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\el_GR\el_GR.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\el_GR\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\en_AU\en_AU.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\en_AU\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\en_GB\en_GB.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\en_GB\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\en_US\en_US.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\en_US\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\eo_US\eo_US.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\eo_US\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\es_ES\es_ES.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\es_ES\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\es_MX\es_MX.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\es_MX\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\et_EE\et_EE.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\et_EE\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\fa_IR\fa_IR.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\fa_IR\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\fa_IR\messages.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\fi_FI\fi_FI.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\fi_FI\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\fr_CA\fr_CA.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\fr_CA\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\fr_FR\fr_FR.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\fr_FR\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\fr_FR\messages.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\ga_IE\ga_IE.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\ga_IE\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\gl_ES\gl_ES.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\gl_ES\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\gu_IN\gu_IN.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\gu_IN\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\he_IL\he_IL.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\he_IL\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\he_IL\messages.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\hi_IN\hi_IN.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\hi_IN\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\hr_HR\hr_HR.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\hr_HR\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\hu_HU\hu_HU.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\hu_HU\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\id_ID\id_ID.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\id_ID\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\is_IS\is_IS.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\is_IS\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\it_IT\it_IT.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\it_IT\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\ja_JP\ja_JP.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\ja_JP\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\ka_GE\ka_GE.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\ka_GE\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\kn_IN\kn_IN.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\kn_IN\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\ko_KR\ko_KR.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\ko_KR\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\lt_LT\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\lt_LT\lt_LT.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\lv_LV\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\lv_LV\lv_LV.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\mg_MG\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\mg_MG\mg_MG.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\mk_MK\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\mk_MK\mk_MK.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\ml_IN\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\ml_IN\ml_IN.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\mr_IN\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\mr_IN\mr_IN.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\ms_MY\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\ms_MY\ms_MY.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\nb_NO\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\nb_NO\nb_NO.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\nl_NL\junk.html c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\nl_NL\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\nl_NL\messages.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\nl_NL\nl_NL.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\nn_NO\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\nn_NO\nn_NO.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\pa_IN\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\pa_IN\pa_IN.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\pl_PL\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\pl_PL\pl_PL.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\pt_BR\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\pt_BR\pt_BR.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\pt_PT\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\pt_PT\pt_PT.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\ro_RO\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\ro_RO\ro_RO.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\ru_RU\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\ru_RU\ru_RU.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\si_LK\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\si_LK\si_LK.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\sk_SK\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\sk_SK\sk_SK.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\sl_SI\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\sl_SI\sl_SI.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\sq_AL\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\sq_AL\sq_AL.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\sr_RS\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\sr_RS\sr_RS.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\sv_SE\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\sv_SE\messages.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\sv_SE\sv_SE.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\ta_IN\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\ta_IN\ta_IN.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\th_TH\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\th_TH\th_TH.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\tl_PH\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\tl_PH\tl_PH.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\tr_TR\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\tr_TR\tr_TR.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\uk_UA\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\uk_UA\uk_UA.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\ur_PK\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\ur_PK\ur_PK.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\vi_VN\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\vi_VN\vi_VN.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\zh_CN\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\zh_CN\zh_CN.xpm c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\zh_TW\lastpass.mo c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\zh_TW\zh_TW.xpm f:\my documents\OBJLIST.TMP . . ((((((((((((((((((((((((( Files Created from 2014-05-16 to 2014-06-16 ))))))))))))))))))))))))))))))) . . 2014-06-16 00:11 . 2014-06-16 00:11 -------- d-----w- c:\programdata\ATI 2014-06-16 00:10 . 2014-06-16 00:10 -------- d-----w- c:\users\Jake Fin\AppData\Roaming\library_dir 2014-06-16 00:10 . 2014-06-16 22:27 -------- d-----w- c:\users\Jake Fin\AppData\Roaming\Raptr 2014-06-16 00:10 . 2014-06-16 00:10 -------- d-----w- c:\program files (x86)\Raptr 2014-06-16 00:10 . 2014-06-16 00:10 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies 2014-06-16 00:10 . 2014-06-16 00:10 -------- d-----w- c:\program files (x86)\AMD AVT 2014-06-16 00:09 . 2014-06-16 00:09 -------- d-----w- c:\program files (x86)\ATI Technologies 2014-06-16 00:09 . 2014-06-16 00:09 -------- d-----w- c:\program files\ATI 2014-06-16 00:08 . 2014-06-16 00:09 -------- d-----w- c:\program files\ATI Technologies 2014-06-15 00:47 . 2014-06-15 00:47 -------- d-----w- c:\users\Jake Fin\AppData\Roaming\Tencent 2014-06-14 22:06 . 2014-06-14 22:06 -------- d-----w- c:\users\Jake Fin\AppData\Local\Adobe 2014-06-14 03:56 . 2014-06-14 03:56 -------- d-----w- C:\FRST 2014-06-14 02:39 . 2014-06-14 02:39 -------- d-----w- c:\windows\ERUNT 2014-06-14 02:38 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C1C08FDD-8692-45E1-BEEF-63008F622705}\mpengine.dll 2014-06-12 18:57 . 2014-06-12 18:57 -------- d-----w- c:\programdata\RogueKiller 2014-06-12 18:39 . 2014-06-12 18:39 -------- d-----w- c:\program files (x86)\ERUNT 2014-06-07 02:04 . 2014-06-07 02:04 -------- d-----w- c:\users\Jake Fin\AppData\Local\ElevatedDiagnostics 2014-06-06 23:26 . 2014-03-12 20:16 403256 ----a-w- c:\windows\system32\PROUnstl.exe 2014-06-05 06:16 . 2014-06-05 06:16 -------- d-----w- c:\users\Jake Fin\AppData\Roaming\Oracle 2014-06-05 06:15 . 2014-06-05 06:15 -------- d-----w- c:\program files (x86)\Common Files\Java 2014-05-21 23:50 . 2014-05-22 03:55 -------- d-----w- c:\users\Jake Fin\AppData\Local\lptmp893559275 2014-05-21 23:48 . 2014-06-14 04:10 153256 ----a-w- c:\windows\SysWow64\WRusr.dll 2014-05-21 23:48 . 2014-06-14 04:10 114176 ----a-w- c:\windows\system32\drivers\WRkrn.sys 2014-05-21 23:48 . 2014-06-14 04:10 103816 ----a-w- c:\windows\system32\WRusr.dll 2014-05-21 23:48 . 2014-06-16 22:38 -------- d-----w- c:\programdata\WRData 2014-05-19 03:44 . 2014-05-19 03:44 -------- d-----w- c:\users\Guest\AppData\Local\Macromedia 2014-05-19 03:44 . 2014-05-19 03:44 -------- d-----w- c:\users\Guest\AppData\Local\Mozilla 2014-05-19 00:34 . 2014-06-16 23:17 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-05-19 00:34 . 2014-05-31 00:55 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2014-05-19 00:34 . 2014-05-12 11:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-05-19 00:34 . 2014-05-12 11:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-06-12 03:15 . 2012-11-18 05:28 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-06-12 03:15 . 2012-11-18 05:28 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-06-10 21:01 . 2012-11-17 14:06 95414520 ----a-w- c:\windows\system32\MRT.exe 2014-06-09 22:25 . 2013-11-16 00:57 1048576 ----a-w- c:\windows\PE_Rom.dll 2014-05-21 23:50 . 2012-11-17 13:25 10395072 ----a-w- c:\program files (x86)\Common Files\wruninstall.exe 2014-05-12 11:25 . 2012-12-10 03:43 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-05-09 06:14 . 2014-05-14 03:40 477184 ----a-w- c:\windows\system32\aepdu.dll 2014-05-09 06:11 . 2014-05-14 03:40 424448 ----a-w- c:\windows\system32\aeinv.dll 2014-05-07 19:02 . 2013-10-22 23:44 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2014-04-18 02:43 . 2014-04-18 02:43 127872 ----a-w- c:\windows\system32\amdhcp64.dll 2014-04-18 02:43 . 2014-04-18 02:43 78432 ----a-w- c:\windows\system32\atimpc64.dll 2014-04-18 02:43 . 2014-04-18 02:43 78432 ----a-w- c:\windows\system32\amdpcom64.dll 2014-04-18 02:43 . 2014-04-18 02:43 117560 ----a-w- c:\windows\SysWow64\amdhcp32.dll 2014-04-18 02:43 . 2014-04-18 02:43 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll 2014-04-18 02:43 . 2014-04-18 02:43 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll 2014-04-18 02:43 . 2014-04-18 02:43 143304 ----a-w- c:\windows\system32\atiuxp64.dll 2014-04-18 02:42 . 2014-04-18 02:42 126336 ----a-w- c:\windows\SysWow64\atiuxpag.dll 2014-04-18 02:42 . 2014-04-18 02:42 117584 ----a-w- c:\windows\system32\atiu9p64.dll 2014-04-18 02:42 . 2014-04-18 02:42 99520 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2014-04-18 02:42 . 2014-04-18 02:42 1343272 ----a-w- c:\windows\system32\aticfx64.dll 2014-04-18 02:42 . 2014-04-18 02:42 1117184 ----a-w- c:\windows\SysWow64\aticfx32.dll 2014-04-18 02:42 . 2014-04-18 02:42 10335208 ----a-w- c:\windows\system32\atidxx64.dll 2014-04-18 02:42 . 2014-04-18 02:42 8866928 ----a-w- c:\windows\SysWow64\atidxx32.dll 2014-04-18 02:42 . 2014-04-18 02:42 6796592 ----a-w- c:\windows\SysWow64\atiumdva.dll 2014-04-18 02:42 . 2014-04-18 02:42 6799688 ----a-w- c:\windows\SysWow64\atiumdag.dll 2014-04-18 02:42 . 2014-04-18 02:42 7520200 ----a-w- c:\windows\system32\atiumd6a.dll 2014-04-18 02:42 . 2014-04-18 02:42 8010968 ----a-w- c:\windows\system32\atiumd64.dll 2014-04-18 02:39 . 2014-04-18 02:39 274656 ----a-w- c:\windows\system32\drivers\amdacpksd.sys 2014-04-18 02:36 . 2014-04-18 02:36 15376384 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2014-04-18 02:33 . 2014-04-18 02:33 51200 ----a-w- c:\windows\system32\kdbsdk64.dll 2014-04-18 02:28 . 2014-04-18 02:28 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll 2014-04-18 02:23 . 2014-04-18 02:23 231424 ----a-w- c:\windows\system32\clinfo.exe 2014-04-18 02:22 . 2014-04-18 02:22 98816 ----a-w- c:\windows\system32\OpenVideo64.dll 2014-04-18 02:22 . 2014-04-18 02:22 83456 ----a-w- c:\windows\SysWow64\OpenVideo.dll 2014-04-18 02:22 . 2014-04-18 02:22 86528 ----a-w- c:\windows\system32\OVDecode64.dll 2014-04-18 02:22 . 2014-04-18 02:22 73216 ----a-w- c:\windows\SysWow64\OVDecode.dll 2014-04-18 02:22 . 2014-04-18 02:22 28685824 ----a-w- c:\windows\system32\amdocl64.dll 2014-04-18 02:19 . 2014-04-18 02:19 24107520 ----a-w- c:\windows\SysWow64\amdocl.dll 2014-04-18 02:17 . 2014-04-18 02:17 65024 ----a-w- c:\windows\system32\OpenCL.dll 2014-04-18 02:17 . 2014-04-18 02:17 58880 ----a-w- c:\windows\SysWow64\OpenCL.dll 2014-04-18 02:13 . 2014-04-18 02:13 127488 ----a-w- c:\windows\system32\mantle64.dll 2014-04-18 02:13 . 2014-04-18 02:13 113664 ----a-w- c:\windows\SysWow64\mantle32.dll 2014-04-18 02:12 . 2014-04-18 02:12 27907584 ----a-w- c:\windows\system32\atio6axx.dll 2014-04-18 02:12 . 2014-04-18 02:12 5442048 ----a-w- c:\windows\system32\amdmantle64.dll 2014-04-18 01:58 . 2014-04-18 01:58 4358656 ----a-w- c:\windows\SysWow64\amdmantle32.dll 2014-04-18 01:51 . 2014-04-18 01:51 23409152 ----a-w- c:\windows\SysWow64\atioglxx.dll 2014-04-18 01:46 . 2014-04-18 01:46 368128 ----a-w- c:\windows\system32\atiapfxx.exe 2014-04-18 01:46 . 2014-04-18 01:46 62464 ----a-w- c:\windows\system32\aticalrt64.dll 2014-04-18 01:46 . 2014-04-18 01:46 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll 2014-04-18 01:46 . 2014-04-18 01:46 55808 ----a-w- c:\windows\system32\aticalcl64.dll 2014-04-18 01:46 . 2014-04-18 01:46 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll 2014-04-18 01:46 . 2014-04-18 01:46 15716352 ----a-w- c:\windows\system32\aticaldd64.dll 2014-04-18 01:45 . 2014-04-18 01:45 91136 ----a-w- c:\windows\system32\mantleaxl64.dll 2014-04-18 01:45 . 2014-04-18 01:45 85504 ----a-w- c:\windows\SysWow64\mantleaxl32.dll 2014-04-18 01:42 . 2014-04-18 01:42 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll 2014-04-18 01:33 . 2014-04-18 01:33 48128 ----a-w- c:\windows\system32\amdmmcl6.dll 2014-04-18 01:33 . 2014-04-18 01:33 37888 ----a-w- c:\windows\SysWow64\amdmmcl.dll 2014-04-18 01:30 . 2014-04-18 01:30 442368 ----a-w- c:\windows\system32\atidemgy.dll 2014-04-18 01:30 . 2014-04-18 01:30 31232 ----a-w- c:\windows\system32\atimuixx.dll 2014-04-18 01:29 . 2014-04-18 01:29 586240 ----a-w- c:\windows\system32\atieclxx.exe 2014-04-18 01:29 . 2014-04-18 01:29 239616 ----a-w- c:\windows\system32\atiesrxx.exe 2014-04-18 01:28 . 2014-04-18 01:28 190976 ----a-w- c:\windows\system32\atitmm64.dll 2014-04-18 01:21 . 2014-04-18 01:21 806912 ----a-w- c:\windows\system32\coinst_14.100.dll 2014-04-18 01:09 . 2014-04-18 01:09 1177600 ----a-w- c:\windows\system32\atiadlxx.dll 2014-04-18 01:09 . 2014-04-18 01:09 848896 ----a-w- c:\windows\SysWow64\atiadlxy.dll 2014-04-18 01:08 . 2014-04-18 01:08 95744 ----a-w- c:\windows\system32\amdave64.dll 2014-04-18 01:08 . 2014-04-18 01:08 90112 ----a-w- c:\windows\SysWow64\amdave32.dll 2014-04-18 01:08 . 2014-04-18 01:08 89088 ----a-w- c:\windows\system32\atisamu64.dll 2014-04-18 01:08 . 2014-04-18 01:08 80896 ----a-w- c:\windows\SysWow64\atisamu32.dll 2014-04-18 01:07 . 2014-04-18 01:07 75264 ----a-w- c:\windows\system32\atig6pxx.dll 2014-04-18 01:07 . 2014-04-18 01:07 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll 2014-04-18 01:07 . 2014-04-18 01:07 69632 ----a-w- c:\windows\system32\atiglpxx.dll 2014-04-18 01:07 . 2014-04-18 01:07 146944 ----a-w- c:\windows\system32\atig6txx.dll 2014-04-18 01:07 . 2014-04-18 01:07 133632 ----a-w- c:\windows\SysWow64\atigktxx.dll 2014-04-18 01:07 . 2014-04-18 01:07 638976 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2014-04-18 01:04 . 2014-04-18 01:04 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2014-04-12 02:22 . 2014-05-14 03:40 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2014-04-12 02:22 . 2014-05-14 03:40 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2014-04-12 02:19 . 2014-05-14 03:40 29184 ----a-w- c:\windows\system32\sspisrv.dll 2014-04-12 02:19 . 2014-05-14 03:40 136192 ----a-w- c:\windows\system32\sspicli.dll 2014-04-12 02:19 . 2014-05-14 03:40 28160 ----a-w- c:\windows\system32\secur32.dll 2014-04-12 02:19 . 2014-05-14 03:40 1460736 ----a-w- c:\windows\system32\lsasrv.dll 2014-04-12 02:19 . 2014-05-14 03:40 31232 ----a-w- c:\windows\system32\lsass.exe 2014-04-12 02:12 . 2014-05-14 03:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2014-04-12 02:10 . 2014-05-14 03:40 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2014-03-31 13:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe 2014-03-25 02:43 . 2014-05-14 03:40 14175744 ----a-w- c:\windows\system32\shell32.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-11-19 291648] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440] "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "WRSVC"="c:\program files\Webroot\WRSA.exe" [2014-06-13 763512] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-04-18 767200] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Install Webroot FF RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe -q -name=webroot -ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} --disablenotes --disableidentities --disablevault --disablecontext [2012-11-17 10395072] Install Webroot IE RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe -p -name=webroot -ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} --disablenotes --disableidentities --disablevault --disablecontext [2012-11-17 10395072] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoDevMgrUpdate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoEncryptOnMove"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDevMgrUpdate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoEncryptOnMove"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "DisableLocalMachineRun"= 0 (0x0) "DisableLocalMachineRunOnce"= 0 (0x0) "DisableCurrentUserRun"= 0 (0x0) "DisableCurrentUserRunOnce"= 0 (0x0) "NoFile"= 0 (0x0) "HideClock"= 0 (0x0) "NoDevMgrUpdate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoEncryptOnMove"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x] R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] R3 AiCharger;AiCharger;SysWow64\drivers\AiCharger.sys;SysWow64\drivers\AiCharger.sys [x] R3 becldr3Service;BCL EasyConverter SDK 3 Loader;c:\program files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe;c:\program files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [x] R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS;c:\windows\SYSNATIVE\drivers\BVRPMPR5a64.SYS [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x] S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys;c:\windows\SYSNATIVE\drivers\WRkrn.sys [x] S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x] S1 ndisrd;WinpkFilter LightWeight Filter;c:\windows\system32\DRIVERS\ndisrd.sys;c:\windows\SYSNATIVE\DRIVERS\ndisrd.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [x] S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [x] S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [x] S2 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.01.17\AsusFanControlService.exe;c:\program files (x86)\ASUS\AsusFanControlService\1.01.17\AsusFanControlService.exe [x] S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x] S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x] S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] S2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe;c:\program files\Webroot\WRSA.exe [x] S3 AiChargerPlus;AiChargerPlus;SysWow64\drivers\AiChargerPlus.sys;SysWow64\drivers\AiChargerPlus.sys [x] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x] S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys;SysWow64\drivers\ASUSFILTER.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x] S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x] S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x] S3 LVUVC64;Logitech Webcam 600(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MBAMSWISSARMY *NewlyCreated* - NAL *NewlyCreated* - WS2IFSL . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_WrSyncExcl] @="{8D7FC74C-E409-42DF-8EEE-69D45FAE2F30}" [HKEY_CLASSES_ROOT\CLSID\{8D7FC74C-E409-42DF-8EEE-69D45FAE2F30}] 2014-06-14 04:10 103816 ----a-w- c:\windows\System32\WRusr.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_WrSyncGreen] @="{6DA1ED92-315E-4D0B-B354-9D5F519DBA95}" [HKEY_CLASSES_ROOT\CLSID\{6DA1ED92-315E-4D0B-B354-9D5F519DBA95}] 2014-06-14 04:10 103816 ----a-w- c:\windows\System32\WRusr.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_WrSyncRed] @="{1914B27A-33C8-46F8-A1C2-F993268D4564}" [HKEY_CLASSES_ROOT\CLSID\{1914B27A-33C8-46F8-A1C2-F993268D4564}] 2014-06-14 04:10 103816 ----a-w- c:\windows\System32\WRusr.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_WrSyncYellow] @="{C14874EA-ACE4-4A47-8A81-18C4D1C40868}" [HKEY_CLASSES_ROOT\CLSID\{C14874EA-ACE4-4A47-8A81-18C4D1C40868}] 2014-06-14 04:10 103816 ----a-w- c:\windows\System32\WRusr.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-02-21 2991856] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-11-19 6827664] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://my.yahoo.com/ mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Jake Fin\AppData\Roaming\Mozilla\Firefox\Profiles\kvk73lgd.default\ FF - prefs.js: browser.startup.homepage - hxxp://cm.my.yahoo.com/ . . ------- File Associations ------- . inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1 JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %* txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1 . - - - - ORPHANS REMOVED - - - - . HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1214427210-3062087193-2343943159-1002\Software\SecuROM\License information*] "datasecu"=hex:8e,71,d4,09,0d,be,1f,00,ee,80,13,37,f4,3d,54,ac,7d,30,b1,59,35, 84,28,26,50,97,92,d8,5b,6d,75,a4,a8,bd,68,3d,f0,be,a9,a4,fa,1d,93,f6,65,83,\ "rkeysecu"=hex:7d,40,10,cb,c7,39,e0,67,0a,69,a8,47,07,da,5b,5c . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe c:\program files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe c:\program files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe c:\program files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe c:\program files (x86)\ASUS\AI Suite II\AI Suite II.exe c:\program files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe c:\program files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe c:\program files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe . ************************************************************************** . Completion time: 2014-06-16 19:18:54 - machine was rebooted ComboFix-quarantined-files.txt 2014-06-16 23:18 . Pre-Run: 215,239,397,376 bytes free Post-Run: 215,449,292,800 bytes free . - - End Of File - - 17D8A759817D406C6BB4E396B5BE22C2

Before I run ComboFix, do you know if it might delete all or part of Tencent/QQ? If it will mess with the QQ/Tencent installation I would want to save certain files from that program and possibly even delete it myself before running ComboFix. I know somem scanners flag Tencent as adware but I have been using that software for over 3 years on 3 different machines of my own and 3 different machines of my lady friend. It does try to install junkware but it can be largely avoided and I have not found it to be actually malicious. Probably no worse than things like Skype or Facebook.

OK, I allowed AdwCleaner to delete all but the few keys listed. Those keys, TENCENT, were all present before this problem cropped up and Tencent/QQ is a program I use . After the reboot I did the speed tests with the same results: 2.04 down/1.08 up. After doing the Disable/Re-enable of the NIC the speed returned to my peaks of 28.49 down/5.95 up. I'll post the AdwCleaner report below. If I don't do the ComboFix routine now I may not be able to get to it until tomorrow or Sunday. Again, thanks for this help. AdwCleaner Report # AdwCleaner v3.212 - Report created 14/06/2014 at 02:27:24 # Updated 05/06/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Jake Fin - JAKEFIN # Running from : C:\Users\Jake Fin\Desktop\adwcleaner_3.212.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** [x] Not Deleted : C:\Program Files (x86)\Common Files\Tencent [x] Not Deleted : C:\Users\Jake Fin\AppData\Local\PackageAware ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} [x] Not Deleted : HKCU\Software\TENCENT [x] Not Deleted : HKLM\Software\TENCENT [x] Not Deleted : [x64] HKCU\Software\TENCENT Key Deleted : [x64] HKLM\SOFTWARE\systweak ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17126 -\\ Mozilla Firefox v16.0.2 (en-US) [ File : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\9fn29s0t.default\prefs.js ] [ File : C:\Users\Jake Fin\AppData\Roaming\Mozilla\Firefox\Profiles\kvk73lgd.default\prefs.js ] -\\ Google Chrome v ************************* AdwCleaner[R0].txt - [9701 octets] - [17/05/2014 01:14:29] AdwCleaner[R1].txt - [9810 octets] - [28/05/2014 18:39:12] AdwCleaner[R2].txt - [9809 octets] - [05/06/2014 01:24:47] AdwCleaner[R3].txt - [9869 octets] - [05/06/2014 02:06:29] AdwCleaner[R4].txt - [9888 octets] - [07/06/2014 22:11:48] AdwCleaner[R5].txt - [9948 octets] - [10/06/2014 01:34:49] AdwCleaner[R6].txt - [10008 octets] - [11/06/2014 19:57:34] AdwCleaner[R7].txt - [9331 octets] - [13/06/2014 22:50:31] AdwCleaner[R8].txt - [9391 octets] - [14/06/2014 02:23:23] AdwCleaner[s0].txt - [9336 octets] - [14/06/2014 02:27:24] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [9396 octets] ##########

When all that dust settled I did a re-boot and then a speed test. No improvement yet, actually it was a tad lower: 1.8 down/1.2 up. In Device Manager I a "Disable" then "Enable" of the network adapter and voila, connection speed was 28.4 down/5.9 up. Perhaps the upcoming cleaning will be helpful.

I am finished with the latest instructions except I have not yet allowed AdwCleaner remove all the stuff it lists. I am waiting for a little guidance before I green-light all of that. Jeez, you got yourself buried in results here, I hope this offers some light. Junkware Removal Tool (This one caught me off guard and quickly made deletions without asking first) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Home Premium x64 Ran by Jake Fin on Fri 06/13/2014 at 22:39:22.48 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\cr_installer Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iminent_nonsearch_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iminent_nonsearch_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iminent_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iminent_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchthewebarp Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181104} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181104} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\Jake Fin\AppData\Roaming\getrighttogo" Successfully deleted: [Folder] "C:\Users\Jake Fin\AppData\Roaming\tencent" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Fri 06/13/2014 at 22:42:29.52 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ___________________________________________________________________________________________________________ AdwCleaner (This is a new scan, done after the JRT "fixes") # AdwCleaner v3.212 - Report created 13/06/2014 at 22:50:31 # Updated 05/06/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Jake Fin - JAKEFIN # Running from : C:\Users\Jake Fin\Desktop\adwcleaner_3.212.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Found : C:\Program Files (x86)\Common Files\Tencent Folder Found : C:\Users\Jake Fin\AppData\Local\PackageAware ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\TENCENT Key Found : [x64] HKCU\Software\TENCENT Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761} Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF} Key Found : HKLM\Software\TENCENT Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Key Found : [x64] HKLM\SOFTWARE\systweak ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17126 -\\ Mozilla Firefox v16.0.2 (en-US) [ File : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\9fn29s0t.default\prefs.js ] [ File : C:\Users\Jake Fin\AppData\Roaming\Mozilla\Firefox\Profiles\kvk73lgd.default\prefs.js ] -\\ Google Chrome v ************************* AdwCleaner[R0].txt - [9701 octets] - [17/05/2014 01:14:29] AdwCleaner[R1].txt - [9810 octets] - [28/05/2014 18:39:12] AdwCleaner[R2].txt - [9809 octets] - [05/06/2014 01:24:47] AdwCleaner[R3].txt - [9869 octets] - [05/06/2014 02:06:29] AdwCleaner[R4].txt - [9888 octets] - [07/06/2014 22:11:48] AdwCleaner[R5].txt - [9948 octets] - [10/06/2014 01:34:49] AdwCleaner[R6].txt - [10008 octets] - [11/06/2014 19:57:34] AdwCleaner[R7].txt - [9011 octets] - [13/06/2014 22:50:31] ########## EOF - C:\AdwCleaner\AdwCleaner[R7].txt - [9071 octets] ########## ____________________________________________________________________________________________________________ MBAM (New scan result) Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 6/13/2014 Scan Time: 10:57:23 PM Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.06.13.09 Rootkit Database: v2014.06.02.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Jake Fin Scan Type: Threat Scan Result: Completed Objects Scanned: 307233 Time Elapsed: 2 min, 41 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) ____________________________________________________________________________________________________________ ESET (Looks like the CPU-Z installer had a piggyback, it was not allowed during installation) C:\Users\Jake Fin\Downloads\cpu-z_1.62-setup-en.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application H:\CPU-Z\cbsidlm-tr1_8-CPUZ-SEO2-10050423.exe Win32/DownloadAdmin.E potentially unwanted application Farbar Recovery Scan Tool (FRST.txt) Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014 02 Ran by Jake Fin (administrator) on JAKEFIN on 13-06-2014 23:56:15 Running from C:\Users\Jake Fin\Desktop Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.17\AsusFanControlService.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2991856 2013-02-20] (Logitech, Inc.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6827664 2012-11-18] (Realtek Semiconductor) HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-11-18] (Intel Corporation) HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation) HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [763512 2014-06-13] (Webroot) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoViewOnDrive] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKLM\...\Policies\Explorer: [NoViewContextMenu] 0 HKLM\...\Policies\Explorer: [NoShellSearchButton] 0 HKLM\...\Policies\Explorer: [NoFind] 0 HKLM\...\Policies\Explorer: [NoFile] 0 HKLM\...\Policies\Explorer: [HideClock] 0 HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0 HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKLM\...\Policies\Explorer: [NoSetFolders] 0 HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKLM\...\Policies\Explorer: [NoSetTaskbar] 0 HKLM\...\Policies\Explorer: [NoDeletePrinter] 0 HKLM\...\Policies\Explorer: [NoDFSTab] 0 HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0 HKLM\...\Policies\Explorer: [NoLogoff] 0 HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0 HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0 HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKLM\...\Policies\Explorer: [NoResolveSearch] 0 HKLM\...\Policies\Explorer: [NoSaveSettings] 0 HKLM\...\Policies\Explorer: [NoHardwareTab] 0 HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKLM\...\Policies\Explorer: [NoDesktop] 0 HKU\.DEFAULT\...\Policies\system: [DisableCMD] 0 HKU\.DEFAULT\...\Policies\system: [NoDispAppearancePage] 0 HKU\.DEFAULT\...\Policies\system: [NoDispBackgroundPage] 0 HKU\.DEFAULT\...\Policies\system: [NoDispSettingsPage] 0 HKU\.DEFAULT\...\Policies\Explorer: [NoFolderOptions] 0 HKU\.DEFAULT\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\.DEFAULT\...\Policies\Explorer: [NoControlPanel] 0 HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\.DEFAULT\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\.DEFAULT\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\.DEFAULT\...\Policies\Explorer: [NoFind] 0 HKU\.DEFAULT\...\Policies\Explorer: [NoFile] 0 HKU\.DEFAULT\...\Policies\Explorer: [HideClock] 0 HKU\.DEFAULT\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\.DEFAULT\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\.DEFAULT\...\Policies\Explorer: [NoSetFolders] 0 HKU\.DEFAULT\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\.DEFAULT\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\.DEFAULT\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\.DEFAULT\...\Policies\Explorer: [NoDFSTab] 0 HKU\.DEFAULT\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\.DEFAULT\...\Policies\Explorer: [NoLogoff] 0 HKU\.DEFAULT\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\.DEFAULT\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\.DEFAULT\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\.DEFAULT\...\Policies\Explorer: [NoResolveSearch] 0 HKU\.DEFAULT\...\Policies\Explorer: [NoSaveSettings] 0 HKU\.DEFAULT\...\Policies\Explorer: [NoHardwareTab] 0 HKU\.DEFAULT\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0 HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0 HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\system: [NoDispBackgroundPage] 0 HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\MountPoints2: {3cebf1a5-3212-11e2-af96-806e6f6e6963} - E:\FarCryAutoCD.exe SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD9695CDE8AD6CD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.) BHO: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot) BHO: Webroot Filtering Extension - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll (Webroot) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.) BHO-x32: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar.dll (Webroot) BHO-x32: Webroot Filtering Extension - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll (Webroot) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot) Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll (Webroot) DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Jake Fin\AppData\Roaming\Mozilla\Firefox\Profiles\kvk73lgd.default FF Homepage: hxxp://cm.my.yahoo.com/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @qq.com/npchrome - C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll (Tencent) FF Plugin-x32: @qq.com/npqscall - C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll (Tencent) FF Plugin-x32: @qq.com/TXSSO - C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\npSSOAxCtrlForPTLogin.dll (Tencent) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File FF Extension: Webroot Password Manager - C:\Users\Jake Fin\AppData\Roaming\Mozilla\Firefox\Profiles\kvk73lgd.default\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2014-05-21] FF Extension: DownloadHelper - C:\Users\Jake Fin\AppData\Roaming\Mozilla\Firefox\Profiles\kvk73lgd.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25] FF Extension: Classic Theme Restorer - C:\Users\Jake Fin\AppData\Roaming\Mozilla\Firefox\Profiles\kvk73lgd.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-05-11] FF Extension: Microsoft .NET Framework Assistant - C:\Users\Jake Fin\AppData\Roaming\Mozilla\Firefox\Profiles\kvk73lgd.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-11-19] FF Extension: NoScript - C:\Users\Jake Fin\AppData\Roaming\Mozilla\Firefox\Profiles\kvk73lgd.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-11-19] FF Extension: ImTranslator - C:\Users\Jake Fin\AppData\Roaming\Mozilla\Firefox\Profiles\kvk73lgd.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2012-11-19] FF Extension: Adblock Plus - C:\Users\Jake Fin\AppData\Roaming\Mozilla\Firefox\Profiles\kvk73lgd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-11-19] FF Extension: Theme Font & Size Changer - C:\Users\Jake Fin\AppData\Roaming\Mozilla\Firefox\Profiles\kvk73lgd.default\Extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}.xpi [2013-11-29] FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2014-05-21] FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-03-19] FF HKLM-x32\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2014-05-21] FF StartMenuInternet: FIREFOX.EXE - C:\Jake Fin Programs\Mozilla Firefox\firefox.exe Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2012-11-18] CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2014-05-21] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-11-18] () R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-02-02] (ASUSTeK Computer Inc.) R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.) R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.17\AsusFanControlService.exe [381824 2012-11-18] (ASUSTeK Computer Inc.) S3 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [263168 2013-07-03] () [File not signed] R3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160768 2011-05-27] (Intel Corporation) [File not signed] R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S2 WRSVC; C:\Program Files\Webroot\WRSA.exe [763512 2014-06-13] (Webroot) ==================== Drivers (Whitelisted) ==================== S3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14592 2010-10-20] (ASUSTek Computer Inc.) R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2012-04-19] (ASUSTek Computer Inc.) R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-11-18] () R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] () R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2012-11-18] (MCCI Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-13] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [114176 2014-06-13] (Webroot) U0 SR; U2 srservice; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-13 23:56 - 2014-06-13 23:56 - 00025159 _____ () C:\Users\Jake Fin\Desktop\FRST.txt 2014-06-13 23:56 - 2014-06-13 23:56 - 00000000 ____D () C:\FRST 2014-06-13 23:45 - 2014-06-13 23:45 - 00000225 _____ () C:\Users\Jake Fin\Desktop\estscn.txt 2014-06-13 23:11 - 2014-06-13 23:11 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-06-13 22:42 - 2014-06-13 22:42 - 00002134 _____ () C:\Users\Jake Fin\Desktop\JRT.txt 2014-06-13 22:39 - 2014-06-13 22:39 - 00000000 ____D () C:\Windows\ERUNT 2014-06-13 18:30 - 2014-06-13 18:30 - 02081792 _____ (Farbar) C:\Users\Jake Fin\Desktop\FRST64.exe 2014-06-13 18:29 - 2014-06-13 18:29 - 00000223 _____ () C:\Users\Jake Fin\Desktop\Free Virus Scan Online Virus Scanner from ESET.URL 2014-06-13 18:21 - 2014-06-13 18:21 - 01016261 _____ (Thisisu) C:\Users\Jake Fin\Desktop\JRT.exe 2014-06-12 14:57 - 2014-06-12 14:57 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-06-12 14:41 - 2014-06-12 14:41 - 00000000 ____D () C:\Windows\ERDNT 2014-06-12 14:39 - 2014-06-12 14:39 - 00000928 _____ () C:\Users\Jake Fin\Desktop\NTREGOPT.lnk 2014-06-12 14:39 - 2014-06-12 14:39 - 00000928 _____ () C:\Users\Guest\Desktop\NTREGOPT.lnk 2014-06-12 14:39 - 2014-06-12 14:39 - 00000909 _____ () C:\Users\Jake Fin\Desktop\ERUNT.lnk 2014-06-12 14:39 - 2014-06-12 14:39 - 00000909 _____ () C:\Users\Guest\Desktop\ERUNT.lnk 2014-06-12 14:39 - 2014-06-12 14:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT 2014-06-12 14:39 - 2014-06-12 14:39 - 00000000 ____D () C:\Program Files (x86)\ERUNT 2014-06-12 14:36 - 2014-06-12 14:36 - 00002380 _____ () C:\Users\Jake Fin\Desktop\Rkill.txt 2014-06-12 02:27 - 2014-06-12 02:27 - 05245952 _____ () C:\Users\Jake Fin\Desktop\RogueKillerX64.exe 2014-06-12 02:22 - 2014-06-12 02:22 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Jake Fin\Desktop\rkill.exe 2014-06-12 00:49 - 2014-06-12 00:49 - 00000236 _____ () C:\Users\Jake Fin\Desktop\Can the prefs.js file become infected with malware Firefox Support Forum Mozilla Support.URL 2014-06-11 02:14 - 2014-06-11 02:14 - 00000243 _____ () C:\Users\Jake Fin\Desktop\Internet connection speed issue Iminent - Malware Removal Help - Malwarebytes Forum.URL 2014-06-10 17:00 - 2014-05-30 06:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-06-10 17:00 - 2014-05-30 06:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-06-10 17:00 - 2014-05-30 06:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-06-10 17:00 - 2014-05-30 05:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-06-10 17:00 - 2014-05-30 05:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-06-10 17:00 - 2014-05-30 05:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-06-10 17:00 - 2014-05-30 05:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-06-10 17:00 - 2014-05-30 05:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-06-10 17:00 - 2014-05-30 05:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-06-10 17:00 - 2014-05-30 05:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-06-10 17:00 - 2014-05-30 05:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-06-10 17:00 - 2014-05-30 05:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-06-10 17:00 - 2014-05-30 05:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-06-10 17:00 - 2014-05-30 05:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-06-10 17:00 - 2014-05-30 05:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-06-10 17:00 - 2014-05-30 05:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-06-10 17:00 - 2014-05-30 05:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-06-10 17:00 - 2014-05-30 05:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-06-10 17:00 - 2014-05-30 04:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-06-10 17:00 - 2014-05-30 04:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-06-10 17:00 - 2014-05-30 04:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-06-10 17:00 - 2014-05-30 04:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-06-10 17:00 - 2014-05-30 04:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-06-10 17:00 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-06-10 17:00 - 2014-05-30 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-06-10 17:00 - 2014-05-30 04:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-06-10 17:00 - 2014-05-30 04:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-06-10 17:00 - 2014-05-30 04:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-06-10 17:00 - 2014-05-30 04:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-06-10 17:00 - 2014-05-30 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-06-10 17:00 - 2014-05-30 04:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-06-10 17:00 - 2014-05-30 04:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-06-10 17:00 - 2014-05-30 04:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-06-10 17:00 - 2014-05-30 04:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-06-10 17:00 - 2014-05-30 04:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-06-10 17:00 - 2014-05-30 04:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-06-10 17:00 - 2014-05-30 04:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-06-10 17:00 - 2014-05-30 04:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-06-10 17:00 - 2014-05-30 04:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-06-10 17:00 - 2014-05-30 04:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-06-10 17:00 - 2014-05-30 03:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-06-10 17:00 - 2014-05-30 03:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-06-10 17:00 - 2014-05-30 03:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-06-10 17:00 - 2014-05-30 03:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-06-10 17:00 - 2014-05-30 03:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-06-10 17:00 - 2014-05-30 03:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-06-10 17:00 - 2014-05-30 03:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-06-10 17:00 - 2014-05-30 03:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-06-10 17:00 - 2014-05-30 03:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-06-10 17:00 - 2014-05-30 03:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-06-10 17:00 - 2014-05-30 03:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-06-10 17:00 - 2014-05-30 03:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-06-10 17:00 - 2014-05-08 05:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-06-10 17:00 - 2014-05-08 05:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2014-06-10 17:00 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-06-10 17:00 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2014-06-10 17:00 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-06-10 17:00 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-06-10 17:00 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-06-10 17:00 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-06-10 17:00 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2014-06-10 17:00 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-06-10 17:00 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2014-06-10 17:00 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-06-10 17:00 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll 2014-06-10 17:00 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-06-07 22:11 - 2014-06-07 22:11 - 01333465 _____ () C:\Users\Jake Fin\Desktop\adwcleaner_3.212.exe 2014-06-06 19:26 - 2014-03-12 16:16 - 00403256 _____ (Intel Corporation) C:\Windows\system32\PROUnstl.exe 2014-06-05 02:16 - 2014-06-05 02:16 - 00000000 ____D () C:\Users\Jake Fin\AppData\Roaming\Oracle 2014-06-05 02:14 - 2014-06-05 02:14 - 00004416 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log 2014-06-05 02:14 - 2014-06-05 02:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-06-05 01:22 - 2014-06-05 01:22 - 00001436 _____ () C:\Users\Jake Fin\Desktop\AsusSetup.exe - Shortcut.lnk 2014-06-02 20:44 - 2014-06-02 20:44 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2014-05-22 23:53 - 2014-05-22 23:53 - 00000285 _____ () C:\Users\Jake Fin\Desktop\Best Medicare Advantage Plans 2014 - US News.URL 2014-05-21 19:50 - 2014-05-21 23:55 - 00000000 ____D () C:\Users\Jake Fin\AppData\Local\lptmp893559275 2014-05-21 19:48 - 2014-06-13 18:38 - 00000000 ____D () C:\ProgramData\WRData 2014-05-21 19:48 - 2014-06-13 17:19 - 00153256 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll 2014-05-21 19:48 - 2014-06-13 17:19 - 00114176 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys 2014-05-21 19:48 - 2014-06-13 17:19 - 00103816 _____ (Webroot) C:\Windows\system32\WRusr.dll 2014-05-21 19:48 - 2014-05-21 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere 2014-05-19 19:02 - 2014-06-04 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2014-05-18 23:44 - 2014-05-18 23:44 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Mozilla 2014-05-18 23:44 - 2014-05-18 23:44 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Macromedia 2014-05-18 23:44 - 2014-05-18 23:44 - 00000000 ____D () C:\Users\Guest\AppData\Local\Mozilla 2014-05-18 23:44 - 2014-05-18 23:44 - 00000000 ____D () C:\Users\Guest\AppData\Local\Macromedia 2014-05-18 20:34 - 2014-06-13 23:36 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-18 20:34 - 2014-05-30 20:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-05-18 20:34 - 2014-05-30 20:54 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-05-18 20:34 - 2014-05-30 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-05-18 20:34 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-18 20:34 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-17 01:14 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-05-17 01:13 - 2014-06-13 22:50 - 00000000 ____D () C:\AdwCleaner 2014-05-17 00:09 - 2014-05-17 00:09 - 00000000 ____D () C:\Windows\Sun 2014-05-16 21:32 - 2014-05-17 00:01 - 00000000 ____D () C:\Windows\pss ==================== One Month Modified Files and Folders ======= 2014-06-13 23:56 - 2014-06-13 23:56 - 00025159 _____ () C:\Users\Jake Fin\Desktop\FRST.txt 2014-06-13 23:56 - 2014-06-13 23:56 - 00000000 ____D () C:\FRST 2014-06-13 23:56 - 2012-11-18 04:56 - 00000000 ____D () C:\Users\Jake Fin\AppData\Local\Temp 2014-06-13 23:45 - 2014-06-13 23:45 - 00000225 _____ () C:\Users\Jake Fin\Desktop\estscn.txt 2014-06-13 23:36 - 2014-05-18 20:34 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-13 23:11 - 2014-06-13 23:11 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-06-13 22:50 - 2014-05-17 01:13 - 00000000 ____D () C:\AdwCleaner 2014-06-13 22:42 - 2014-06-13 22:42 - 00002134 _____ () C:\Users\Jake Fin\Desktop\JRT.txt 2014-06-13 22:39 - 2014-06-13 22:39 - 00000000 ____D () C:\Windows\ERUNT 2014-06-13 22:38 - 2012-11-17 11:01 - 01831483 _____ () C:\Windows\WindowsUpdate.log 2014-06-13 22:22 - 2009-07-14 00:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-13 22:22 - 2009-07-14 00:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-13 21:19 - 2012-12-09 17:30 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs 2014-06-13 18:38 - 2014-05-21 19:48 - 00000000 ____D () C:\ProgramData\WRData 2014-06-13 18:30 - 2014-06-13 18:30 - 02081792 _____ (Farbar) C:\Users\Jake Fin\Desktop\FRST64.exe 2014-06-13 18:29 - 2014-06-13 18:29 - 00000223 _____ () C:\Users\Jake Fin\Desktop\Free Virus Scan Online Virus Scanner from ESET.URL 2014-06-13 18:21 - 2014-06-13 18:21 - 01016261 _____ (Thisisu) C:\Users\Jake Fin\Desktop\JRT.exe 2014-06-13 17:23 - 2009-07-14 01:13 - 00795794 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-06-13 17:19 - 2014-05-21 19:48 - 00153256 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll 2014-06-13 17:19 - 2014-05-21 19:48 - 00114176 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys 2014-06-13 17:19 - 2014-05-21 19:48 - 00103816 _____ (Webroot) C:\Windows\system32\WRusr.dll 2014-06-13 17:14 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-13 17:14 - 2009-07-14 00:51 - 00108809 _____ () C:\Windows\setupact.log 2014-06-12 14:57 - 2014-06-12 14:57 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-06-12 14:41 - 2014-06-12 14:41 - 00000000 ____D () C:\Windows\ERDNT 2014-06-12 14:39 - 2014-06-12 14:39 - 00000928 _____ () C:\Users\Jake Fin\Desktop\NTREGOPT.lnk 2014-06-12 14:39 - 2014-06-12 14:39 - 00000928 _____ () C:\Users\Guest\Desktop\NTREGOPT.lnk 2014-06-12 14:39 - 2014-06-12 14:39 - 00000909 _____ () C:\Users\Jake Fin\Desktop\ERUNT.lnk 2014-06-12 14:39 - 2014-06-12 14:39 - 00000909 _____ () C:\Users\Guest\Desktop\ERUNT.lnk 2014-06-12 14:39 - 2014-06-12 14:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT 2014-06-12 14:39 - 2014-06-12 14:39 - 00000000 ____D () C:\Program Files (x86)\ERUNT 2014-06-12 14:36 - 2014-06-12 14:36 - 00002380 _____ () C:\Users\Jake Fin\Desktop\Rkill.txt 2014-06-12 02:27 - 2014-06-12 02:27 - 05245952 _____ () C:\Users\Jake Fin\Desktop\RogueKillerX64.exe 2014-06-12 02:22 - 2014-06-12 02:22 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Jake Fin\Desktop\rkill.exe 2014-06-12 00:49 - 2014-06-12 00:49 - 00000236 _____ () C:\Users\Jake Fin\Desktop\Can the prefs.js file become infected with malware Firefox Support Forum Mozilla Support.URL 2014-06-11 23:15 - 2012-11-18 01:28 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-06-11 23:15 - 2012-11-18 01:28 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-06-11 23:13 - 2013-08-14 21:37 - 00000000 ____D () C:\Users\Guest\AppData\Local\Temp 2014-06-11 02:14 - 2014-06-11 02:14 - 00000243 _____ () C:\Users\Jake Fin\Desktop\Internet connection speed issue Iminent - Malware Removal Help - Malwarebytes Forum.URL 2014-06-11 01:06 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache 2014-06-10 18:23 - 2012-11-21 16:56 - 00000000 ____D () C:\Users\Jake Fin\AppData\Local\PokerStars.NET 2014-06-10 17:01 - 2013-07-09 18:32 - 00000000 ____D () C:\Windows\system32\MRT 2014-06-10 17:01 - 2012-11-17 10:06 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-06-10 00:23 - 2012-11-17 08:52 - 00000000 _____ () C:\Windows\Path.idx 2014-06-09 23:53 - 2012-11-17 09:59 - 00003235 _____ () C:\Windows\MB.idx 2014-06-09 18:25 - 2013-11-15 20:57 - 01048576 _____ () C:\Windows\PE_Rom.dll 2014-06-07 22:11 - 2014-06-07 22:11 - 01333465 _____ () C:\Users\Jake Fin\Desktop\adwcleaner_3.212.exe 2014-06-06 21:57 - 2010-11-20 23:47 - 00179314 _____ () C:\Windows\PFRO.log 2014-06-06 19:28 - 2012-11-17 08:51 - 00000000 ____D () C:\Program Files\Intel 2014-06-05 02:16 - 2014-06-05 02:16 - 00000000 ____D () C:\Users\Jake Fin\AppData\Roaming\Oracle 2014-06-05 02:15 - 2013-10-22 19:45 - 00000000 ____D () C:\ProgramData\Oracle 2014-06-05 02:14 - 2014-06-05 02:14 - 00004416 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log 2014-06-05 02:14 - 2014-06-05 02:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-06-05 02:14 - 2013-10-22 19:44 - 00000000 ____D () C:\Program Files (x86)\Java 2014-06-05 01:22 - 2014-06-05 01:22 - 00001436 _____ () C:\Users\Jake Fin\Desktop\AsusSetup.exe - Shortcut.lnk 2014-06-04 19:50 - 2014-05-19 19:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2014-06-02 20:44 - 2014-06-02 20:44 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2014-05-30 20:55 - 2014-05-18 20:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-05-30 20:54 - 2014-05-18 20:34 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-05-30 20:54 - 2014-05-18 20:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-05-30 06:21 - 2014-06-10 17:00 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-30 06:02 - 2014-06-10 17:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-30 06:02 - 2014-06-10 17:00 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-05-30 05:45 - 2014-06-10 17:00 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-05-30 05:39 - 2014-06-10 17:00 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-05-30 05:39 - 2014-06-10 17:00 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-05-30 05:38 - 2014-06-10 17:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-05-30 05:28 - 2014-06-10 17:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-05-30 05:27 - 2014-06-10 17:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-05-30 05:24 - 2014-06-10 17:00 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-05-30 05:21 - 2014-06-10 17:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-05-30 05:21 - 2014-06-10 17:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-05-30 05:20 - 2014-06-10 17:00 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-05-30 05:18 - 2014-06-10 17:00 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-30 05:11 - 2014-06-10 17:00 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-05-30 05:08 - 2014-06-10 17:00 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-05-30 05:06 - 2014-06-10 17:00 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-05-30 05:02 - 2014-06-10 17:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-30 04:55 - 2014-06-10 17:00 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-05-30 04:49 - 2014-06-10 17:00 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-05-30 04:46 - 2014-06-10 17:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-30 04:44 - 2014-06-10 17:00 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-05-30 04:44 - 2014-06-10 17:00 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-05-30 04:43 - 2014-06-10 17:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-05-30 04:42 - 2014-06-10 17:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-05-30 04:38 - 2014-06-10 17:00 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-05-30 04:35 - 2014-06-10 17:00 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-05-30 04:34 - 2014-06-10 17:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-05-30 04:33 - 2014-06-10 17:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-05-30 04:30 - 2014-06-10 17:00 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-05-30 04:29 - 2014-06-10 17:00 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-05-30 04:28 - 2014-06-10 17:00 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-05-30 04:27 - 2014-06-10 17:00 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-05-30 04:24 - 2014-06-10 17:00 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-05-30 04:23 - 2014-06-10 17:00 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-05-30 04:16 - 2014-06-10 17:00 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-05-30 04:10 - 2014-06-10 17:00 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-05-30 04:06 - 2014-06-10 17:00 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-05-30 04:04 - 2014-06-10 17:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-30 04:02 - 2014-06-10 17:00 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-05-30 03:56 - 2014-06-10 17:00 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-05-30 03:56 - 2014-06-10 17:00 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-05-30 03:54 - 2014-06-10 17:00 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-05-30 03:50 - 2014-06-10 17:00 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-05-30 03:49 - 2014-06-10 17:00 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-05-30 03:43 - 2014-06-10 17:00 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-05-30 03:40 - 2014-06-10 17:00 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-05-30 03:30 - 2014-06-10 17:00 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-05-30 03:21 - 2014-06-10 17:00 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-05-30 03:15 - 2014-06-10 17:00 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-05-30 03:13 - 2014-06-10 17:00 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-05-30 03:13 - 2014-06-10 17:00 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-05-22 23:53 - 2014-05-22 23:53 - 00000285 _____ () C:\Users\Jake Fin\Desktop\Best Medicare Advantage Plans 2014 - US News.URL 2014-05-21 23:55 - 2014-05-21 19:50 - 00000000 ____D () C:\Users\Jake Fin\AppData\Local\lptmp893559275 2014-05-21 19:50 - 2013-08-14 21:37 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-21 19:50 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-21 19:49 - 2012-11-17 09:25 - 00000000 ____D () C:\Program Files\Webroot 2014-05-21 19:48 - 2014-05-21 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere 2014-05-19 19:45 - 2012-11-30 01:06 - 00000600 _____ () C:\Users\Jake Fin\AppData\Local\PUTTY.RND 2014-05-18 23:44 - 2014-05-18 23:44 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Mozilla 2014-05-18 23:44 - 2014-05-18 23:44 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Macromedia 2014-05-18 23:44 - 2014-05-18 23:44 - 00000000 ____D () C:\Users\Guest\AppData\Local\Mozilla 2014-05-18 23:44 - 2014-05-18 23:44 - 00000000 ____D () C:\Users\Guest\AppData\Local\Macromedia 2014-05-18 23:44 - 2013-08-14 21:38 - 00074256 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT 2014-05-18 23:44 - 2013-08-14 21:37 - 00001413 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-05-18 23:44 - 2013-08-14 21:37 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-18 20:34 - 2012-12-06 17:59 - 00000000 ____D () C:\Users\Jake Fin\AppData\Roaming\Malwarebytes 2014-05-18 20:34 - 2012-12-06 17:59 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-17 00:09 - 2014-05-17 00:09 - 00000000 ____D () C:\Windows\Sun 2014-05-17 00:01 - 2014-05-16 21:32 - 00000000 ____D () C:\Windows\pss 2014-05-16 22:11 - 2012-11-18 04:56 - 00000000 ___RD () C:\Users\Jake Fin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-16 21:58 - 2012-11-27 03:18 - 00007618 _____ () C:\Users\Jake Fin\AppData\Local\Resmon.ResmonCfg 2014-05-14 20:48 - 2012-11-18 01:27 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk Some content of TEMP: ==================== C:\Users\Jake Fin\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-08 01:23 ==================== End Of Log ============================ ___________________________________________________________________________________________________________ Farbar Recovery Scan Tool (Addition.txt) Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-06-2014 02 Ran by Jake Fin at 2014-06-13 23:56:27 Running from C:\Users\Jake Fin\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Webroot SecureAnywhere (Disabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109} AS: Webroot SecureAnywhere (Disabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated) Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated) Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.01.01 - ASUSTeK Computer Inc.) AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology) Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology) ASUS Product Register Program (HKLM-x32\...\{49BE9B8A-E858-4533-A74A-64306C13DB59}) (Version: 1.0.014 - ASUS) Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team) Batman: Arkham Asylum GOTY Edition (HKLM-x32\...\Steam App 35140) (Version: - Rocksteady Studios) Batman: Arkham City GOTY (HKLM-x32\...\Steam App 200260) (Version: - Rocksteady Studios) BCL easyConverter SDK 3 (Word Version) 64 (HKLM\...\{350CC85B-CA59-4F85-909D-8E4CDBF532FA}) (Version: 3.0.64 - BCL Technologies) BovadaPoker (HKLM-x32\...\{D7CA2DF8-95CE-4C80-9296-98E21219A1E5}}_is1) (Version: - ) Call of Duty® 4 - Modern Warfare (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.6 - Activision) Call of Duty® 4 - Modern Warfare (x32 Version: 1.6 - Activision) Hidden CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden Canon D400-450 (HKLM\...\{87AEED05-C717-47bc-93BB-F8E527D2690F}) (Version: - ) Canon MF Toolbox 4.9.1.1.mf13 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf13 - CANON INC.) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.0.3717 - CDBurnerXP) CPUID CPU-Z 1.68 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) Crysis (HKLM-x32\...\Steam App 17300) (Version: - Crytek) Desktop Restore (HKLM\...\{15D07D6F-E4CC-41D9-88A3-94115E5E5A10}) (Version: 1.6.3 - JOConnell) Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD) eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer) Family Tree Maker 2014 (HKLM-x32\...\Family Tree Maker 2014) (Version: 22.0.207 - Ancestry.com, Inc.) Family Tree Maker 2014 (Version: 22.0.207 - Ancestry.com, Inc.) Hidden Far Cry (HKLM-x32\...\InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}) (Version: 1.00.0000 - Ubisoft) Far Cry (Patch 1.4) (x32 Version: 1.00.0000 - Ubisoft) Hidden Far Cry (x32 Version: 1.00.0000 - Ubisoft) Hidden FileZilla Client 3.7.3 (HKCU\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse) GameSpy Comrade (HKLM-x32\...\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}) (Version: 1.5.0.156 - GameSpy) Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version: - Square Enix) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel® Network Connections 19.1.51.0 (HKLM\...\PROSetDX) (Version: 19.1.51.0 - Intel) Intel® Network Connections 19.1.51.0 (Version: 19.1.51.0 - Intel) Hidden Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation) Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan) Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.600 - Oracle) Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) LibreOffice 3.6 Help Pack (English) (HKLM-x32\...\{4236F0C5-21D7-45FB-A3BF-762C0ED8CC28}) (Version: 3.6.3.2 - The Document Foundation) LibreOffice 4.1.3.2 (HKLM-x32\...\{4F3722AD-197D-4DBB-BDFB-D2F0D6776354}) (Version: 4.1.3.2 - The Document Foundation) Logitech SetPoint 6.52 (HKLM\...\sp6) (Version: 6.52.74 - Logitech) Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.) LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden LWS Gallery (x32 Version: 13.51.827.0 - Logitech) Hidden LWS Help_main (x32 Version: 13.51.828.0 - Logitech) Hidden LWS Launcher (x32 Version: 13.51.828.0 - Logitech) Hidden LWS Pictures And Video (x32 Version: 13.51.815.0 - Logitech) Hidden LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden LWS Webcam Software (x32 Version: 13.51.815.0 - Logitech) Hidden LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Games for Windows - LIVE (HKLM-x32\...\{B45FABE7-D101-4D99-A671-E16DA40AF7F0}) (Version: 3.0.86.0 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{B578C85A-A84C-4230-A177-C5B2AF565B8C}) (Version: 3.0.17.0 - Microsoft Corporation) Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden Mozilla Firefox 16.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 16.0.2 (x86 en-US)) (Version: 16.0.2 - Mozilla) Mozilla Firefox 29.0.1 (x86 en-US) (HKCU\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 16.0.2 - Mozilla) Mozilla Thunderbird 16.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 16.0.2 (x86 en-US)) (Version: 16.0.2 - Mozilla) Mozilla Thunderbird 24.6.0 (x86 en-US) (HKCU\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NVIDIA PhysX (HKLM-x32\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation) PokerStars.net (HKLM-x32\...\PokerStars.net) (Version: - PokerStars.net) Presto! PageManager 7.15.35 (HKLM-x32\...\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}) (Version: 7.15.35 - NewSoft Technology Corporation) QQ International (HKLM-x32\...\{3CA54984-A14B-42FE-9FF1-7EA90151D725}) (Version: 1.91.1369.0 - Tencent Technology(Shenzhen) Company Limited) Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.) Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.3.0 - Samsung Electronics) Skype™ 6.0 (HKLM-x32\...\{EA17F4FC-FDBF-4CF8-A529-2D983132D053}) (Version: 6.0.126 - Skype Technologies S.A.) Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version: - Square Enix) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc) TurboTax 2013 WinPerFedFormset (x32 Version: 013.000.2166 - Intuit Inc.) Hidden TurboTax 2013 WinPerReleaseEngine (x32 Version: 013.000.0492 - Intuit Inc.) Hidden TurboTax 2013 WinPerTaxSupport (x32 Version: 013.000.0169 - Intuit Inc.) Hidden TurboTax 2013 wmaiper (x32 Version: 013.000.1523 - Intuit Inc.) Hidden TurboTax 2013 wrapper (x32 Version: 013.000.0135 - Intuit Inc.) Hidden Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.) Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 8.0.4.84 - Webroot) ==================== Restore Points ========================= 21-05-2014 22:48:00 Windows Update 29-05-2014 05:41:20 Scheduled Checkpoint 30-05-2014 22:05:20 Windows Update 04-06-2014 21:10:15 Windows Update 05-06-2014 06:14:43 Installed Java 7 Update 60 06-06-2014 23:26:27 Installed Intel® Network Connections. 10-06-2014 21:00:33 Windows Update 14-06-2014 02:38:24 Windows Update ==================== Hosts content: ========================== 2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {470AA80C-75F6-41FC-9BE8-EBE309FAA433} - System32\Tasks\ASUS\ASUS Network iControl Help Execute => C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelpEntry.exe [2012-05-02] (ASUSTeK Computer Inc.) Task: {5F2D7E2D-2CC4-48F8-AD25-605E347B760F} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.) Task: {98FD1F69-7EAC-43B2-BEE2-B565CBB49A94} - System32\Tasks\ASUS\ASUS DigiPowerControl Help => C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe [2012-08-14] (ASUSTeK Computer Inc.) Task: {A14A6E08-D2D7-4028-AAF4-2A597F818ADE} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe [2011-09-10] () Task: {DA1F8022-91BA-47E7-9B94-DE3501FDA446} - System32\Tasks\ASUS\Easy Update => C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe [2012-10-24] () ==================== Loaded Modules (whitelisted) ============= 2012-11-18 22:33 - 2012-11-18 22:33 - 00920736 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe 2012-11-18 22:34 - 2012-10-24 18:53 - 01404800 _____ () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe 2010-01-02 10:42 - 2010-01-02 10:42 - 00098304 _____ () C:\Jake Fin Programs\FileZilla\FileZilla FTP Client\fzshellext_64.dll 2012-11-18 22:33 - 2014-06-13 17:14 - 00033280 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll 2012-11-18 22:33 - 2012-11-18 22:31 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll 2012-11-18 22:34 - 2012-10-25 12:34 - 04594503 _____ () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzULIB.dll 2012-11-18 22:34 - 2010-06-21 16:21 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\ImageHelper.dll 2012-11-18 22:36 - 2012-11-18 22:32 - 00043520 ____N () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll 2012-11-18 22:36 - 2012-07-05 13:05 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll 2012-11-18 22:34 - 2011-07-12 20:14 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll 2012-11-18 22:34 - 2010-10-05 09:22 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll 2012-11-18 22:34 - 2011-09-26 20:36 - 00869376 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dll 2012-11-18 22:34 - 2012-03-21 13:07 - 00972288 _____ () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll 2012-11-18 22:34 - 2012-08-01 11:51 - 01040896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EasyUpdt.dll 2012-11-18 22:35 - 2012-06-19 13:56 - 01305600 _____ () C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll 2012-11-18 22:35 - 2012-08-14 12:14 - 01123840 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\Network iControl.dll 2012-11-18 22:34 - 2012-05-25 11:33 - 00883712 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll 2012-11-18 22:34 - 2012-05-28 22:27 - 01622528 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll 2012-11-18 22:34 - 2011-09-19 21:18 - 01243136 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll 2012-11-18 22:34 - 2011-07-21 10:06 - 00846848 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll 2012-11-18 22:34 - 2011-10-14 21:03 - 00885248 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll 2012-11-18 22:35 - 2011-06-08 12:15 - 00651264 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Thermal Radar\ThermalRadar.dll 2012-11-17 08:28 - 2010-08-22 22:17 - 00662016 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll 2012-11-18 22:34 - 2010-10-05 09:22 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll 2012-11-18 22:34 - 2009-08-12 21:15 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll 2012-11-18 22:35 - 2012-07-31 16:21 - 00152064 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\gep.dll 2012-11-18 22:35 - 2012-08-15 15:42 - 00786432 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\func.dll 2012-11-18 22:35 - 2010-10-05 09:22 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\pngio.dll 2014-02-14 22:40 - 2014-02-14 22:40 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b162055347700182d96325676dd591c4\IsdiInterop.ni.dll 2012-11-17 09:04 - 2011-11-29 21:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll 2012-11-18 22:36 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service" ==================== EXE Association (whitelisted) ============= HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION! HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION! HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION! HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION! HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION! HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION! ==================== MSCONFIG/TASK MANAGER disabled items ========= MSCONFIG\startupfolder: C:^Users^Jake Fin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Magician.lnk => C:\Windows\pss\Samsung Magician.lnk.Startup MSCONFIG\startupreg: ASUS AiChargerPlus Execute => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide MSCONFIG\startupreg: WrtMon.exe => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 20% Total physical RAM: 16330.86 MB Available physical RAM: 13047.21 MB Total Pagefile: 17353.04 MB Available Pagefile: 13931.05 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:238.37 GB) (Free:202.75 GB) NTFS Drive f: (Jake Fin Files) (Fixed) (Total:97.66 GB) (Free:74.21 GB) NTFS Drive g: (Games) (Fixed) (Total:196.29 GB) (Free:37.29 GB) NTFS Drive h: (Storage) (Fixed) (Total:49.8 GB) (Free:35.82 GB) NTFS Drive i: (Boot Image) (Fixed) (Total:537.11 GB) (Free:494.83 GB) NTFS Drive j: (Archives) (Fixed) (Total:394.4 GB) (Free:393.51 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 0CCA3F54) Partition 1: (Not Active) - (Size=98 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=196 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 238 GB) (Disk ID: 752F4E20) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=238 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 0CCA3F55) Partition 1: (Not Active) - (Size=537 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=394 GB) - (Type=07 NTFS) ==================== End Of Log ============================ ___________________________________________________________________________________________________________ That's all of it.

Thanks, I am back at my computer now, but before I actually do these new scans and any "cleaning", if you have time could you glance at the AdwCleaner scan result I posted at the top of the thread and give me a heads-up about anything I should avoid cleaning and items that can be safely cleaned without risk? The folders found appear safe enough to keep. PackageAware is empty right now and TENCENT is the maker of QQ which is often flagged as adware but I have been able to use it for a few years now without problems. They do take a stab at installing unwanted stuff at first but a little vigilance goes a long way toward avoiding it and that which might sneak in is easily uninstalled. I wonder about the Firefox files "*.prefs.js", I always considered Firefox stuff safe but I'm not exactly sure what those files are. I know much less about Cr_Installer, Systweak, SearchTheWeb, and all those Interface's, TypeLib's, and Tracing's. Thanks again. I'll start working on new scans soon. JK

NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO. First, I was mistaken. My sleepy brain must have confused "Start Menu" with "Startup folder". When I went to install ERUNT I realized my error. Installation was completed without placing ERUNT into the Startup folder. Now for those scan results. (My apologies in advance, I will not be able to reply to further messages until Friday night) RKill Rkill 2.6.6 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2014 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 06/12/2014 02:36:06 PM in x64 mode. Windows Version: Windows 7 Home Premium Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. * HKCU\SOFTWARE\Classes\.exe "@" exists and is set to exefile! * HKCU\SOFTWARE\Classes\.exe has been deleted! * HKCU\SOFTWARE\Classes\exefile has been deleted! Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * No issues found. Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. Program finished at: 06/12/2014 02:36:16 PM Execution time: 0 hours(s), 0 minute(s), and 9 seconds(s) ERUNT I installed this program as instructed. It created it's backup files as expected. Did that complete the registry backup automatically or do I still have to go back and specifically run the program to make the registry backup? MBAM Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 6/12/2014 Scan Time: 2:47:30 PM Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.06.12.10 Rootkit Database: v2014.06.02.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Jake Fin Scan Type: Threat Scan Result: Completed Objects Scanned: 306685 Time Elapsed: 2 min, 48 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) RogueKiller RogueKiller V9.0.2.0 (x64) [Jun 3 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Jake Fin [Admin rights] Mode : Scan -- Date : 06/12/2014 14:59:44 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 52 ¤¤¤ [PUM.Policies] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableCMD : 0 -> FOUND [PUM.Policies] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND [PUM.Policies] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND [PUM.Policies] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableCMD : 0 -> FOUND [PUM.Policies] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND [PUM.Policies] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND [PUM.Policies] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableCMD : 0 -> FOUND [PUM.Policies] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND [PUM.Policies] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND [PUM.Policies] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableCMD : 0 -> FOUND [PUM.Policies] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND [PUM.Policies] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND [PUM.Policies] (X64) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableCMD : 0 -> FOUND [PUM.Policies] (X64) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND [PUM.Policies] (X64) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND [PUM.Policies] (X86) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableCMD : 0 -> FOUND [PUM.Policies] (X86) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND [PUM.Policies] (X86) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND [PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1214427210-3062087193-2343943159-1002\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableCMD : 0 -> FOUND [PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1214427210-3062087193-2343943159-1002\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND [PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1214427210-3062087193-2343943159-1002\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND [PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1214427210-3062087193-2343943159-1002\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableCMD : 0 -> FOUND [PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1214427210-3062087193-2343943159-1002\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND [PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1214427210-3062087193-2343943159-1002\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND [PUM.Policies] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableCMD : 0 -> FOUND [PUM.Policies] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND [PUM.Policies] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND [PUM.Policies] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableCMD : 0 -> FOUND [PUM.Policies] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND [PUM.Policies] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableCMD : 0 -> FOUND [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableCMD : 0 -> FOUND [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND [PUM.Desktop] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0 -> FOUND [PUM.Desktop] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0 -> FOUND [PUM.Desktop] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0 -> FOUND [PUM.Desktop] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0 -> FOUND [PUM.Desktop] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0 -> FOUND [PUM.Desktop] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0 -> FOUND [PUM.Desktop] (X64) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0 -> FOUND [PUM.Desktop] (X86) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0 -> FOUND [PUM.Desktop] (X64) HKEY_USERS\S-1-5-21-1214427210-3062087193-2343943159-1002\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0 -> FOUND [PUM.Desktop] (X86) HKEY_USERS\S-1-5-21-1214427210-3062087193-2343943159-1002\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0 -> FOUND [PUM.Desktop] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0 -> FOUND [PUM.Desktop] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0 -> FOUND [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: Jake_Fin +++++ --- User --- [MBR] 3e2c021e116f5e8e5ae4ac2ae7f227cc [bSP] 3d4f3171dc769e8c2ed95b8d77d35e6d : Windows Vista/7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100000 MB 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 204802048 | Size: 201000 MB 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 616450048 | Size: 51000 MB User = LL1 ... OK Error reading LL2 MBR! ([57] The parameter is incorrect. ) +++++ PhysicalDrive1: SAMSUNG SSD 830 Series +++++ --- User --- [MBR] a52b60ef9eb279fe6248752ef30bf801 [bSP] 210280776297098551cc4a07bc1fa18a : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 244096 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive2: WDC WD10EURX-73FH1Y0 ATA Device +++++ --- User --- [MBR] a1e4a349b6bbb7e9a032776b88781d82 [bSP] 4a10f5e31344b439e7938c2b514bed8f : Windows Vista/7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 550000 MB 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1126402048 | Size: 403866 MB User = LL1 ... OK User = LL2 ... OK I think I remembered everything. Let me know, and thanks again for helping!

Ron, Thank you very much for the reply. As it is well past my bedtime and I need to get up early tomorrow I will have to follow your full instructions tomorrow night. I did notice one slight discrepancy. Re: ERUNT NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO. I am using Win 7 x64. I am unable to comply with this instruction because my system insists upon making the entry in the STARTUP folder, there is no "NO" option. I tried to erase the location from the window and go to "Next" but it balked and insisted so I stopped. If that is OK I will continue tomorrow night and allow the STARTUP entry to be made. Thanks again. JK

Sorry, I hit <Post> by mistake. The new evidence is that this problem does not present itself if I first log in to my "Guest" account following a fresh boot. I tried a reboot and logged into the Guest account and INternet connection speed was full normal. I then logged off the Guest account and logged in to my own user account and connection speed was again impaired. After Disabling/Renabling the NIC connection speed jumped back up to full normal. It now appears the problem is localized to my user account. Is this helpful or only a distraction?

Update: New evidence.

Update: I have reached out to both ASUS (Sabertooth Z77 mobo) and Intel (Intel CT Gigabit NIC). They each took at stab at this problem but they both struck out. I'm still at a loss as to what might be executing during boot-up that may be causing the drastic slowdown in connection speed yet is reversed absolutely by simply disabling/reenabling teh network adapter. And this machine ran extremely well without any hint of this problem for almost a year and a half.

Hello. Some months ago I had to deal with a Conduit problem and it appeares to have been resolved successfully. In Mid-May I discovered my Internet connection speed was way off. An MBAM scan turned up a dozen PUPs all related to Iminent: Optional.Iminent.A, Optional.CrossRider.A, Optional.CouponCompanion.A, etc. The scan also turned up two Extension.Mismatch files. All of these problems seemed to have been dealt with by MBAM successfully. I never seemed to have a full blown infection, no toolbars, popups, etc. The only lingering evidence are a half dozen (give or take) registry entries that include the word "Iminent" but I imagined they are all orphaned keys. I do have a lingering problem with Internet connection speed (hardware problems have been pretty much ruled out). After a fresh boot my connection speed is 2 down and 2 up. My normal connection speed is 28 down and 5 up. If I boot into safe mode this problem does not occur. The only startups I have running are few and all trusted. Task manager is not showing any unknown network activity on my computer. Now, I have discovered a workaround: After a fresh boot, I go to device manager and disable my network adapter. Then I enable the network adapter. The computer then connects to the Internet at my normal speed of 28/5 and performs that way for the duration of the session. Problem returns after the next boot. Wash, rinse, repeat. Does this issue ring any familiar bells with anybody? It seems something happens during a normal boot-up that throttles my NIC but does not reoccur after the boot-up. I am posting a fresh AdwCleaner log in advance of being asked to do so. The folders Tencent and PackageAware are known to me and go with programs I installed (QQ and Family Tree Maker). The list includes 4 of the registry keys relating to Iminent. The SearchTheWeb key looks suspicious and I have no clue about all those "Interface" keys or the Cr_Installer keys. I also have two results of teh scan under the Firefox tab, both pref.js files. Not sure why those are flagged. So, here it is. Thanks for having a look. # AdwCleaner v3.212 - Report created 07/06/2014 at 22:11:48 # Updated 05/06/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Jake Fin - JAKEFIN # Running from : C:\Users\Jake Fin\Desktop\adwcleaner_3.212.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Found : C:\Program Files (x86)\Common Files\Tencent Folder Found : C:\Users\Jake Fin\AppData\Local\PackageAware Folder Found : C:\Users\Jake Fin\AppData\Roaming\Tencent ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\Cr_Installer Key Found : HKCU\Software\TENCENT Key Found : [x64] HKCU\Software\Cr_Installer Key Found : [x64] HKCU\Software\TENCENT Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761} Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF} Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_nonsearch_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_nonsearch_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP Key Found : HKLM\Software\TENCENT Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Key Found : [x64] HKLM\SOFTWARE\systweak ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17041 -\\ Mozilla Firefox v16.0.2 (en-US) [ File : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\9fn29s0t.default\prefs.js ] [ File : C:\Users\Jake Fin\AppData\Roaming\Mozilla\Firefox\Profiles\kvk73lgd.default\prefs.js ] -\\ Google Chrome v ************************* AdwCleaner[R0].txt - [9701 octets] - [17/05/2014 01:14:29] AdwCleaner[R1].txt - [9810 octets] - [28/05/2014 18:39:12] AdwCleaner[R2].txt - [9809 octets] - [05/06/2014 01:24:47] AdwCleaner[R3].txt - [9869 octets] - [05/06/2014 02:06:29] AdwCleaner[R4].txt - [9564 octets] - [07/06/2014 22:11:48] ########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [9624 octets] ##########

Hello. A couple of weeks ago I noticed my 4 month old computer had a sub-par ping. Example: Ping to router = 4ms Ping to 127.0.0.1 = 4ms All other pings and traceroutes show higher latency with this machine. This is a Win 7 x64 desktop. I also have a Win 7 x64 laptop (wireless) and an older XP Pro desktop. Both of the other machines can ping both the router and 127.0.0.1 in sub-1ms times as I might expect. Machine runs super and most people would ignore this little issue but I could not. Over time I have ruled out just about everything through trial and error, until tonight. I tried booting into safe mode and voila, ping times to router and to 127.0.0.1 were a normal sub-1ms. The most obvious difference I could see was that MBAM was not started in safe mode. After getting back to normal Windows I disabled MBAM for a test and got normal pings. Then I turned MBAM back on and pings once again got longer. I went back and forth again with the same results. The odd thing is that all three machines are running the same AV software, and the old XP Pro machine is also running MBAM Pro, yet only this newer machine has a laggy ping. And that lagginess seems to go away while MBAM is disabled. What might be going on here? Might a reinstall of MBAM be the cure? A change in some settings? Or does something need to be white-listed? Oh, one more odd clue; With MBAM Pro running, if I ping to "127.0.0.1" I get about 4ms average ping times, BUT, if I ping to "localhost" I get sub-1ms ping times. Shouldn't those results be the same either way? :/