Internet connection speed issue: Iminent?

[Jitter]

Hello.

Some months ago I had to deal with a Conduit problem and it appeares to have been resolved successfully.

 

In Mid-May I discovered my Internet connection speed was way off. An MBAM scan turned up a dozen PUPs all related to Iminent: Optional.Iminent.A, Optional.CrossRider.A, Optional.CouponCompanion.A, etc. The scan also turned up two Extension.Mismatch files. All of these problems seemed to have been dealt with by MBAM successfully. I never seemed to have a full blown infection, no toolbars, popups, etc. The only lingering evidence are a half dozen (give or take) registry entries that include the word "Iminent" but I imagined they are all orphaned keys.

 

I do have a lingering problem with Internet connection speed (hardware problems have been pretty much ruled out). After a fresh boot my connection speed is 2 down and 2 up. My normal connection speed is 28 down and 5 up. If I boot into safe mode this problem does not occur. The only startups I have running are few and all trusted. Task manager is not showing any unknown network activity on my computer.

 

Now, I have discovered a workaround: After a fresh boot, I go to device manager and disable my network adapter. Then I enable the network adapter. The computer then connects to the Internet at my normal speed of 28/5 and performs that way for the duration of the session. Problem returns after the next boot. Wash, rinse, repeat.

 

Does this issue ring any familiar bells with anybody? It seems something happens during a normal boot-up that throttles my NIC but does not reoccur after the boot-up.

 

I am posting a fresh AdwCleaner log in advance of being asked to do so. The folders Tencent and PackageAware are known to me and go with programs I installed (QQ and Family Tree Maker).

 

The list includes 4 of the registry keys relating to Iminent. The SearchTheWeb key looks suspicious and I have no clue about all those "Interface" keys or the Cr_Installer keys.

 

I also have two results of teh scan under the Firefox tab, both pref.js files. Not sure why those are flagged. So, here it is. Thanks for having a look.

 

 

# AdwCleaner v3.212 - Report created 07/06/2014 at 22:11:48
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jake Fin - JAKEFIN
# Running from : C:\Users\Jake Fin\Desktop\adwcleaner_3.212.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\Program Files (x86)\Common Files\Tencent
Folder Found : C:\Users\Jake Fin\AppData\Local\PackageAware
Folder Found : C:\Users\Jake Fin\AppData\Roaming\Tencent

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\TENCENT
Key Found : [x64] HKCU\Software\Cr_Installer
Key Found : [x64] HKCU\Software\TENCENT
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_nonsearch_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_nonsearch_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Found : HKLM\Software\TENCENT
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Found : [x64] HKLM\SOFTWARE\systweak

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v16.0.2 (en-US)

[ File : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\9fn29s0t.default\prefs.js ]


[ File : C:\Users\Jake Fin\AppData\Roaming\Mozilla\Firefox\Profiles\kvk73lgd.default\prefs.js ]


-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [9701 octets] - [17/05/2014 01:14:29]
AdwCleaner[R1].txt - [9810 octets] - [28/05/2014 18:39:12]
AdwCleaner[R2].txt - [9809 octets] - [05/06/2014 01:24:47]
AdwCleaner[R3].txt - [9869 octets] - [05/06/2014 02:06:29]
AdwCleaner[R4].txt - [9564 octets] - [07/06/2014 22:11:48]

########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [9624 octets] ##########
 

[Jitter]

Update: I have reached out to both ASUS (Sabertooth Z77 mobo) and Intel (Intel CT Gigabit NIC). They each took at stab at this problem but they both struck out. I'm still at a loss as to what might be executing during boot-up that may be causing the drastic slowdown in connection speed yet is reversed absolutely by simply disabling/reenabling teh network adapter. And this machine ran extremely well without any hint of this problem for almost a year and a half.

[Jitter]

Update: New evidence.

[Jitter]

Sorry, I hit <Post> by mistake.

 

The new evidence is that this problem does not present itself if I first log in to my "Guest" account following a fresh boot.

 

I tried a reboot and logged into the Guest account and INternet connection speed was full normal. I then logged off the Guest account and logged in to my own user account and connection speed was again impaired. After Disabling/Renabling the NIC connection speed jumped back up to full normal.

 

It now appears the problem is localized to my user account. Is this helpful or only a distraction?

[AdvancedSetup]

Hello and

Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

General P2P/Piracy Warning:
 
 

 

If you're using

Peer 2 Peer

software such as

uTorrent, BitTorrent

or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have

illegal/cracked software, cracks, keygens etc

. on the system, please remove or uninstall them now and read the policy on

Piracy

.

 
Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.

• Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
• If the log is too large then you can use attachments by clicking on the More Reply Options button.
• Please enable your system to show hidden files: How to see hidden files in Windows
• Make sure you're subscribed to this topic:
  
  • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
    

  [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)
  

 
STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.
 

Link 1

Link 2

• On Windows XP double-click on the Rkill desktop icon to run the tool.
• On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• If the tool does not run from any of the links provided, please let me know.
• Do not reboot the computer, you will need to run the application again.
  

STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

• Please download ERUNT from one of the following links: Link1 | Link2 | Link3
• ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
• Double click on erunt-setup.exe to Install ERUNT by following the prompts.
• NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
• Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
• Choose a location for the backup.
  
  • Note: the default location is C:\Windows\ERDNT which is acceptable.
    

  [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe
  

STEP 02
Please run a Threat Scan with MBAM.  If you're unable to run or complete the scan as shown below please see the following:  MBAM Clean Removal Process 2x
When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
 
 
STEP 03
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

• RogueKiller 32-bit | RogueKiller 64-bit
• Quit all running programs.
• For Windows XP, double-click to start.
• For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
• Read and accept the EULA (End User Licene Agreement)
• Click Scan to scan the system.
• When the scan completes Close the program > Don't Fix anything!
• Don't run any other options, they're not all bad!!
• Post back the report which should be located on your desktop.
  

Thank you
 

[Jitter]

Ron,

 

Thank you very much for the reply. As it is well past my bedtime and I need to get up early tomorrow I will have to follow your full instructions tomorrow night.

 

I did notice one slight discrepancy. Re: ERUNT

NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.

 

I am using Win 7 x64. I am unable to comply with this instruction because my system insists upon making the entry in the STARTUP folder, there is no "NO" option. I tried to erase the location from the window and go to "Next" but it balked and insisted so I stopped.

If that is OK I will continue tomorrow night and allow the STARTUP entry to be made.

 

Thanks again.

 

JK

[AdvancedSetup]

You can ignore it and let it install and we'll take care of it as we go along. For now it will just give an error when the computer starts up.

Thanks

[Jitter]

NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.

 

First, I was mistaken. My sleepy brain must have confused "Start Menu" with "Startup folder". When I went to install ERUNT I realized my error. Installation was completed without placing ERUNT into the Startup folder.

 

Now for those scan results. (My apologies in advance, I will not be able to reply to further messages until Friday night)

 

RKill

 

Rkill 2.6.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 06/12/2014 02:36:06 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
  * HKCU\SOFTWARE\Classes\.exe "@" exists and is set to exefile!
  * HKCU\SOFTWARE\Classes\.exe has been deleted!
  * HKCU\SOFTWARE\Classes\exefile has been deleted!


Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 06/12/2014 02:36:16 PM
Execution time: 0 hours(s), 0 minute(s), and 9 seconds(s)
 

 

ERUNT

 

I installed this program as instructed. It created it's backup files as expected. Did that complete the registry backup automatically or do I still have to go back and specifically run the program to make the registry backup?

 

 

MBAM

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/12/2014
Scan Time: 2:47:30 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.12.10
Rootkit Database: v2014.06.02.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jake Fin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 306685
Time Elapsed: 2 min, 48 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

RogueKiller

 

RogueKiller V9.0.2.0 (x64) [Jun  3 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jake Fin [Admin rights]
Mode : Scan -- Date : 06/12/2014  14:59:44

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 52 ¤¤¤
[PUM.Policies] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableCMD : 0  -> FOUND
[PUM.Policies] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableCMD : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableCMD : 0  -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableCMD : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableCMD : 0  -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableCMD : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1214427210-3062087193-2343943159-1002\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableCMD : 0  -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1214427210-3062087193-2343943159-1002\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1214427210-3062087193-2343943159-1002\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1214427210-3062087193-2343943159-1002\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableCMD : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1214427210-3062087193-2343943159-1002\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1214427210-3062087193-2343943159-1002\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableCMD : 0  -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableCMD : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableCMD : 0  -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableCMD : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Desktop] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0  -> FOUND
[PUM.Desktop] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0  -> FOUND
[PUM.Desktop] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0  -> FOUND
[PUM.Desktop] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0  -> FOUND
[PUM.Desktop] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0  -> FOUND
[PUM.Desktop] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0  -> FOUND
[PUM.Desktop] (X64) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0  -> FOUND
[PUM.Desktop] (X86) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0  -> FOUND
[PUM.Desktop] (X64) HKEY_USERS\S-1-5-21-1214427210-3062087193-2343943159-1002\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0  -> FOUND
[PUM.Desktop] (X86) HKEY_USERS\S-1-5-21-1214427210-3062087193-2343943159-1002\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0  -> FOUND
[PUM.Desktop] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0  -> FOUND
[PUM.Desktop] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Jake_Fin +++++
--- User ---
[MBR] 3e2c021e116f5e8e5ae4ac2ae7f227cc
[bSP] 3d4f3171dc769e8c2ed95b8d77d35e6d : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100000 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 204802048 | Size: 201000 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 616450048 | Size: 51000 MB
User = LL1 ... OK
Error reading LL2 MBR! ([57] The parameter is incorrect. )

+++++ PhysicalDrive1: SAMSUNG SSD 830 Series +++++
--- User ---
[MBR] a52b60ef9eb279fe6248752ef30bf801
[bSP] 210280776297098551cc4a07bc1fa18a : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 244096 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: WDC WD10EURX-73FH1Y0 ATA Device +++++
--- User ---
[MBR] a1e4a349b6bbb7e9a032776b88781d82
[bSP] 4a10f5e31344b439e7938c2b514bed8f : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 550000 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1126402048 | Size: 403866 MB
User = LL1 ... OK
User = LL2 ... OK
 

 

I think I remembered everything. Let me know, and thanks again for helping!

[AdvancedSetup]

Thanks, Please go ahead and run through the following steps and post back the logs when ready.
 
STEP 04
Please download Junkware Removal Tool to your desktop.

• Shutdown your antivirus to avoid any conflicts.
• Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next reply message
• When completed make sure to re-enable your antivirus
  

STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• When it's done you'll see: Pending: Please uncheck elements you don't want removed.
• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
• Look over the log especially under Files/Folders for any program you want to save.
• If there's a program you may want to save, just uncheck it from AdwCleaner.
• If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
• If you're ready to clean it all up.....click the Clean button.
• After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
• To restore an item that has been deleted:
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
  

STEP 06
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.


STEP 07


Please go here to run the online antivirus scannner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked
• Click on Advanced Settings and ensure these options are ticked:
  
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
    

  
  [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.
  

STEP 08
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press the Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.
  

[Jitter]

Thanks, I am back at my computer now, but before I actually do these new scans and any "cleaning", if you have time could you glance at the AdwCleaner scan result I posted at the top of the thread and give me a heads-up about anything I should avoid cleaning and items that can be safely cleaned without risk?

 

The folders found appear safe enough to keep. PackageAware is empty right now and TENCENT is the maker of QQ which is often flagged as adware but I have been able to use it for a few years now without problems. They do take a stab at installing unwanted stuff at first but a little vigilance goes a long way toward avoiding it and that which might sneak in is easily uninstalled.

 

I wonder about the Firefox files "*.prefs.js", I always considered Firefox stuff safe but I'm not exactly sure what those files are.

 

I know much less about Cr_Installer, Systweak, SearchTheWeb, and all those Interface's, TypeLib's, and Tracing's.

 

Thanks again. I'll start working on new scans soon.

 

JK

[Jitter]

I am finished with the latest instructions except I have not yet allowed AdwCleaner remove all the stuff it lists. I am waiting for a little guidance before I green-light all of that. Jeez, you got yourself buried in results here, I hope this offers some light.

 

 

Junkware Removal Tool   (This one caught me off guard and quickly made deletions without asking first)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Jake Fin on Fri 06/13/2014 at 22:39:22.48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\cr_installer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iminent_nonsearch_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iminent_nonsearch_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iminent_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iminent_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchthewebarp
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181104}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181104}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Jake Fin\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\Jake Fin\AppData\Roaming\tencent"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 06/13/2014 at 22:42:29.52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
___________________________________________________________________________________________________________

 

AdwCleaner    (This is a new scan, done after the JRT "fixes")

 

# AdwCleaner v3.212 - Report created 13/06/2014 at 22:50:31
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jake Fin - JAKEFIN
# Running from : C:\Users\Jake Fin\Desktop\adwcleaner_3.212.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\Program Files (x86)\Common Files\Tencent
Folder Found : C:\Users\Jake Fin\AppData\Local\PackageAware

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\TENCENT
Key Found : [x64] HKCU\Software\TENCENT
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Found : HKLM\Software\TENCENT
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Found : [x64] HKLM\SOFTWARE\systweak

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v16.0.2 (en-US)

[ File : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\9fn29s0t.default\prefs.js ]


[ File : C:\Users\Jake Fin\AppData\Roaming\Mozilla\Firefox\Profiles\kvk73lgd.default\prefs.js ]


-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [9701 octets] - [17/05/2014 01:14:29]
AdwCleaner[R1].txt - [9810 octets] - [28/05/2014 18:39:12]
AdwCleaner[R2].txt - [9809 octets] - [05/06/2014 01:24:47]
AdwCleaner[R3].txt - [9869 octets] - [05/06/2014 02:06:29]
AdwCleaner[R4].txt - [9888 octets] - [07/06/2014 22:11:48]
AdwCleaner[R5].txt - [9948 octets] - [10/06/2014 01:34:49]
AdwCleaner[R6].txt - [10008 octets] - [11/06/2014 19:57:34]
AdwCleaner[R7].txt - [9011 octets] - [13/06/2014 22:50:31]

########## EOF - C:\AdwCleaner\AdwCleaner[R7].txt - [9071 octets] ##########
____________________________________________________________________________________________________________

 

MBAM   (New scan result)

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/13/2014
Scan Time: 10:57:23 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.13.09
Rootkit Database: v2014.06.02.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jake Fin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 307233
Time Elapsed: 2 min, 41 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

____________________________________________________________________________________________________________

 

ESET   (Looks like the CPU-Z installer had a piggyback, it was not allowed during installation)

 

C:\Users\Jake Fin\Downloads\cpu-z_1.62-setup-en.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
H:\CPU-Z\cbsidlm-tr1_8-CPUZ-SEO2-10050423.exe    Win32/DownloadAdmin.E potentially unwanted application
 

 

Farbar Recovery Scan Tool   (FRST.txt)

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014 02
Ran by Jake Fin (administrator) on JAKEFIN on 13-06-2014 23:56:15
Running from C:\Users\Jake Fin\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.17\AsusFanControlService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
() C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2991856 2013-02-20] (Logitech, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6827664 2012-11-18] (Realtek Semiconductor)
HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-11-18] (Intel Corporation)
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [763512 2014-06-13] (Webroot)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\.DEFAULT\...\Policies\system: [DisableCMD] 0
HKU\.DEFAULT\...\Policies\system: [NoDispAppearancePage] 0
HKU\.DEFAULT\...\Policies\system: [NoDispBackgroundPage] 0
HKU\.DEFAULT\...\Policies\system: [NoDispSettingsPage] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFolderOptions] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFind] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFile] 0
HKU\.DEFAULT\...\Policies\Explorer: [HideClock] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetFolders] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDFSTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoLogoff] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoResolveSearch] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSaveSettings] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoHardwareTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-1214427210-3062087193-2343943159-1002\...\MountPoints2: {3cebf1a5-3212-11e2-af96-806e6f6e6963} - E:\FarCryAutoCD.exe
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD9695CDE8AD6CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot)
BHO: Webroot Filtering Extension - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll (Webroot)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar.dll (Webroot)
BHO-x32: Webroot Filtering Extension - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll (Webroot)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll (Webroot)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Jake Fin\AppData\Roaming\Mozilla\Firefox\Profiles\kvk73lgd.default
FF Homepage: hxxp://cm.my.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @qq.com/npchrome - C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll (Tencent)
FF Plugin-x32: @qq.com/npqscall - C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll (Tencent)
FF Plugin-x32: @qq.com/TXSSO - C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\npSSOAxCtrlForPTLogin.dll (Tencent)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Extension: Webroot Password Manager - C:\Users\Jake Fin\AppData\Roaming\Mozilla\Firefox\Profiles\kvk73lgd.default\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2014-05-21]
FF Extension: DownloadHelper - C:\Users\Jake Fin\AppData\Roaming\Mozilla\Firefox\Profiles\kvk73lgd.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25]
FF Extension: Classic Theme Restorer - C:\Users\Jake Fin\AppData\Roaming\Mozilla\Firefox\Profiles\kvk73lgd.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-05-11]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Jake Fin\AppData\Roaming\Mozilla\Firefox\Profiles\kvk73lgd.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-11-19]
FF Extension: NoScript - C:\Users\Jake Fin\AppData\Roaming\Mozilla\Firefox\Profiles\kvk73lgd.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-11-19]
FF Extension: ImTranslator - C:\Users\Jake Fin\AppData\Roaming\Mozilla\Firefox\Profiles\kvk73lgd.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2012-11-19]
FF Extension: Adblock Plus - C:\Users\Jake Fin\AppData\Roaming\Mozilla\Firefox\Profiles\kvk73lgd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-11-19]
FF Extension: Theme Font & Size Changer - C:\Users\Jake Fin\AppData\Roaming\Mozilla\Firefox\Profiles\kvk73lgd.default\Extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}.xpi [2013-11-29]
FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2014-05-21]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-03-19]
FF HKLM-x32\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2014-05-21]
FF StartMenuInternet: FIREFOX.EXE - C:\Jake Fin Programs\Mozilla Firefox\firefox.exe

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2012-11-18]
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2014-05-21]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-11-18] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-02-02] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.17\AsusFanControlService.exe [381824 2012-11-18] (ASUSTeK Computer Inc.)
S3 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [263168 2013-07-03] () [File not signed]
R3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160768 2011-05-27] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S2 WRSVC; C:\Program Files\Webroot\WRSA.exe [763512 2014-06-13] (Webroot)

==================== Drivers (Whitelisted) ====================

S3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14592 2010-10-20] (ASUSTek Computer Inc.)
R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2012-04-19] (ASUSTek Computer Inc.)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-11-18] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2012-11-18] (MCCI Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-13] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [114176 2014-06-13] (Webroot)
U0 SR;
U2 srservice;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-13 23:56 - 2014-06-13 23:56 - 00025159 _____ () C:\Users\Jake Fin\Desktop\FRST.txt
2014-06-13 23:56 - 2014-06-13 23:56 - 00000000 ____D () C:\FRST
2014-06-13 23:45 - 2014-06-13 23:45 - 00000225 _____ () C:\Users\Jake Fin\Desktop\estscn.txt
2014-06-13 23:11 - 2014-06-13 23:11 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-13 22:42 - 2014-06-13 22:42 - 00002134 _____ () C:\Users\Jake Fin\Desktop\JRT.txt
2014-06-13 22:39 - 2014-06-13 22:39 - 00000000 ____D () C:\Windows\ERUNT
2014-06-13 18:30 - 2014-06-13 18:30 - 02081792 _____ (Farbar) C:\Users\Jake Fin\Desktop\FRST64.exe
2014-06-13 18:29 - 2014-06-13 18:29 - 00000223 _____ () C:\Users\Jake Fin\Desktop\Free Virus Scan Online Virus Scanner from ESET.URL
2014-06-13 18:21 - 2014-06-13 18:21 - 01016261 _____ (Thisisu) C:\Users\Jake Fin\Desktop\JRT.exe
2014-06-12 14:57 - 2014-06-12 14:57 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-12 14:41 - 2014-06-12 14:41 - 00000000 ____D () C:\Windows\ERDNT
2014-06-12 14:39 - 2014-06-12 14:39 - 00000928 _____ () C:\Users\Jake Fin\Desktop\NTREGOPT.lnk
2014-06-12 14:39 - 2014-06-12 14:39 - 00000928 _____ () C:\Users\Guest\Desktop\NTREGOPT.lnk
2014-06-12 14:39 - 2014-06-12 14:39 - 00000909 _____ () C:\Users\Jake Fin\Desktop\ERUNT.lnk
2014-06-12 14:39 - 2014-06-12 14:39 - 00000909 _____ () C:\Users\Guest\Desktop\ERUNT.lnk
2014-06-12 14:39 - 2014-06-12 14:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-12 14:39 - 2014-06-12 14:39 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-06-12 14:36 - 2014-06-12 14:36 - 00002380 _____ () C:\Users\Jake Fin\Desktop\Rkill.txt
2014-06-12 02:27 - 2014-06-12 02:27 - 05245952 _____ () C:\Users\Jake Fin\Desktop\RogueKillerX64.exe
2014-06-12 02:22 - 2014-06-12 02:22 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Jake Fin\Desktop\rkill.exe
2014-06-12 00:49 - 2014-06-12 00:49 - 00000236 _____ () C:\Users\Jake Fin\Desktop\Can the prefs.js file become infected with malware Firefox Support Forum Mozilla Support.URL
2014-06-11 02:14 - 2014-06-11 02:14 - 00000243 _____ () C:\Users\Jake Fin\Desktop\Internet connection speed issue Iminent - Malware Removal Help - Malwarebytes Forum.URL
2014-06-10 17:00 - 2014-05-30 06:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-10 17:00 - 2014-05-30 06:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-10 17:00 - 2014-05-30 06:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-10 17:00 - 2014-05-30 05:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-10 17:00 - 2014-05-30 05:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-10 17:00 - 2014-05-30 05:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-10 17:00 - 2014-05-30 05:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-10 17:00 - 2014-05-30 05:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-10 17:00 - 2014-05-30 05:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-10 17:00 - 2014-05-30 05:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-10 17:00 - 2014-05-30 05:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-10 17:00 - 2014-05-30 05:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-10 17:00 - 2014-05-30 05:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-10 17:00 - 2014-05-30 05:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-10 17:00 - 2014-05-30 05:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-10 17:00 - 2014-05-30 05:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-10 17:00 - 2014-05-30 05:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-10 17:00 - 2014-05-30 05:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-10 17:00 - 2014-05-30 04:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-10 17:00 - 2014-05-30 04:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-10 17:00 - 2014-05-30 04:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-10 17:00 - 2014-05-30 04:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-10 17:00 - 2014-05-30 04:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-10 17:00 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-10 17:00 - 2014-05-30 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-10 17:00 - 2014-05-30 04:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-10 17:00 - 2014-05-30 04:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-10 17:00 - 2014-05-30 04:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-10 17:00 - 2014-05-30 04:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-10 17:00 - 2014-05-30 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-10 17:00 - 2014-05-30 04:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-10 17:00 - 2014-05-30 04:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-10 17:00 - 2014-05-30 04:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-10 17:00 - 2014-05-30 04:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-10 17:00 - 2014-05-30 04:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-10 17:00 - 2014-05-30 04:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-10 17:00 - 2014-05-30 04:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-10 17:00 - 2014-05-30 04:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-10 17:00 - 2014-05-30 04:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-10 17:00 - 2014-05-30 04:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-10 17:00 - 2014-05-30 03:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-10 17:00 - 2014-05-30 03:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-10 17:00 - 2014-05-30 03:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-10 17:00 - 2014-05-30 03:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-10 17:00 - 2014-05-30 03:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-10 17:00 - 2014-05-30 03:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-10 17:00 - 2014-05-30 03:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-10 17:00 - 2014-05-30 03:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-10 17:00 - 2014-05-30 03:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-10 17:00 - 2014-05-30 03:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-10 17:00 - 2014-05-30 03:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-10 17:00 - 2014-05-30 03:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-10 17:00 - 2014-05-08 05:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-10 17:00 - 2014-05-08 05:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-10 17:00 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-10 17:00 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-10 17:00 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-10 17:00 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-10 17:00 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-10 17:00 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-10 17:00 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-10 17:00 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-10 17:00 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-10 17:00 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-10 17:00 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-10 17:00 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-07 22:11 - 2014-06-07 22:11 - 01333465 _____ () C:\Users\Jake Fin\Desktop\adwcleaner_3.212.exe
2014-06-06 19:26 - 2014-03-12 16:16 - 00403256 _____ (Intel Corporation) C:\Windows\system32\PROUnstl.exe
2014-06-05 02:16 - 2014-06-05 02:16 - 00000000 ____D () C:\Users\Jake Fin\AppData\Roaming\Oracle
2014-06-05 02:14 - 2014-06-05 02:14 - 00004416 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-06-05 02:14 - 2014-06-05 02:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-05 01:22 - 2014-06-05 01:22 - 00001436 _____ () C:\Users\Jake Fin\Desktop\AsusSetup.exe - Shortcut.lnk
2014-06-02 20:44 - 2014-06-02 20:44 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-05-22 23:53 - 2014-05-22 23:53 - 00000285 _____ () C:\Users\Jake Fin\Desktop\Best Medicare Advantage Plans 2014 - US News.URL
2014-05-21 19:50 - 2014-05-21 23:55 - 00000000 ____D () C:\Users\Jake Fin\AppData\Local\lptmp893559275
2014-05-21 19:48 - 2014-06-13 18:38 - 00000000 ____D () C:\ProgramData\WRData
2014-05-21 19:48 - 2014-06-13 17:19 - 00153256 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2014-05-21 19:48 - 2014-06-13 17:19 - 00114176 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys
2014-05-21 19:48 - 2014-06-13 17:19 - 00103816 _____ (Webroot) C:\Windows\system32\WRusr.dll
2014-05-21 19:48 - 2014-05-21 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
2014-05-19 19:02 - 2014-06-04 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-05-18 23:44 - 2014-05-18 23:44 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Mozilla
2014-05-18 23:44 - 2014-05-18 23:44 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Macromedia
2014-05-18 23:44 - 2014-05-18 23:44 - 00000000 ____D () C:\Users\Guest\AppData\Local\Mozilla
2014-05-18 23:44 - 2014-05-18 23:44 - 00000000 ____D () C:\Users\Guest\AppData\Local\Macromedia
2014-05-18 20:34 - 2014-06-13 23:36 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-18 20:34 - 2014-05-30 20:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-18 20:34 - 2014-05-30 20:54 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-18 20:34 - 2014-05-30 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-18 20:34 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-18 20:34 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-17 01:14 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-17 01:13 - 2014-06-13 22:50 - 00000000 ____D () C:\AdwCleaner
2014-05-17 00:09 - 2014-05-17 00:09 - 00000000 ____D () C:\Windows\Sun
2014-05-16 21:32 - 2014-05-17 00:01 - 00000000 ____D () C:\Windows\pss

==================== One Month Modified Files and Folders =======

2014-06-13 23:56 - 2014-06-13 23:56 - 00025159 _____ () C:\Users\Jake Fin\Desktop\FRST.txt
2014-06-13 23:56 - 2014-06-13 23:56 - 00000000 ____D () C:\FRST
2014-06-13 23:56 - 2012-11-18 04:56 - 00000000 ____D () C:\Users\Jake Fin\AppData\Local\Temp
2014-06-13 23:45 - 2014-06-13 23:45 - 00000225 _____ () C:\Users\Jake Fin\Desktop\estscn.txt
2014-06-13 23:36 - 2014-05-18 20:34 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-13 23:11 - 2014-06-13 23:11 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-13 22:50 - 2014-05-17 01:13 - 00000000 ____D () C:\AdwCleaner
2014-06-13 22:42 - 2014-06-13 22:42 - 00002134 _____ () C:\Users\Jake Fin\Desktop\JRT.txt
2014-06-13 22:39 - 2014-06-13 22:39 - 00000000 ____D () C:\Windows\ERUNT
2014-06-13 22:38 - 2012-11-17 11:01 - 01831483 _____ () C:\Windows\WindowsUpdate.log
2014-06-13 22:22 - 2009-07-14 00:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-13 22:22 - 2009-07-14 00:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-13 21:19 - 2012-12-09 17:30 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-06-13 18:38 - 2014-05-21 19:48 - 00000000 ____D () C:\ProgramData\WRData
2014-06-13 18:30 - 2014-06-13 18:30 - 02081792 _____ (Farbar) C:\Users\Jake Fin\Desktop\FRST64.exe
2014-06-13 18:29 - 2014-06-13 18:29 - 00000223 _____ () C:\Users\Jake Fin\Desktop\Free Virus Scan Online Virus Scanner from ESET.URL
2014-06-13 18:21 - 2014-06-13 18:21 - 01016261 _____ (Thisisu) C:\Users\Jake Fin\Desktop\JRT.exe
2014-06-13 17:23 - 2009-07-14 01:13 - 00795794 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-13 17:19 - 2014-05-21 19:48 - 00153256 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2014-06-13 17:19 - 2014-05-21 19:48 - 00114176 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys
2014-06-13 17:19 - 2014-05-21 19:48 - 00103816 _____ (Webroot) C:\Windows\system32\WRusr.dll
2014-06-13 17:14 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-13 17:14 - 2009-07-14 00:51 - 00108809 _____ () C:\Windows\setupact.log
2014-06-12 14:57 - 2014-06-12 14:57 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-12 14:41 - 2014-06-12 14:41 - 00000000 ____D () C:\Windows\ERDNT
2014-06-12 14:39 - 2014-06-12 14:39 - 00000928 _____ () C:\Users\Jake Fin\Desktop\NTREGOPT.lnk
2014-06-12 14:39 - 2014-06-12 14:39 - 00000928 _____ () C:\Users\Guest\Desktop\NTREGOPT.lnk
2014-06-12 14:39 - 2014-06-12 14:39 - 00000909 _____ () C:\Users\Jake Fin\Desktop\ERUNT.lnk
2014-06-12 14:39 - 2014-06-12 14:39 - 00000909 _____ () C:\Users\Guest\Desktop\ERUNT.lnk
2014-06-12 14:39 - 2014-06-12 14:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-12 14:39 - 2014-06-12 14:39 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-06-12 14:36 - 2014-06-12 14:36 - 00002380 _____ () C:\Users\Jake Fin\Desktop\Rkill.txt
2014-06-12 02:27 - 2014-06-12 02:27 - 05245952 _____ () C:\Users\Jake Fin\Desktop\RogueKillerX64.exe
2014-06-12 02:22 - 2014-06-12 02:22 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Jake Fin\Desktop\rkill.exe
2014-06-12 00:49 - 2014-06-12 00:49 - 00000236 _____ () C:\Users\Jake Fin\Desktop\Can the prefs.js file become infected with malware Firefox Support Forum Mozilla Support.URL
2014-06-11 23:15 - 2012-11-18 01:28 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-11 23:15 - 2012-11-18 01:28 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-11 23:13 - 2013-08-14 21:37 - 00000000 ____D () C:\Users\Guest\AppData\Local\Temp
2014-06-11 02:14 - 2014-06-11 02:14 - 00000243 _____ () C:\Users\Jake Fin\Desktop\Internet connection speed issue Iminent - Malware Removal Help - Malwarebytes Forum.URL
2014-06-11 01:06 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-06-10 18:23 - 2012-11-21 16:56 - 00000000 ____D () C:\Users\Jake Fin\AppData\Local\PokerStars.NET
2014-06-10 17:01 - 2013-07-09 18:32 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-10 17:01 - 2012-11-17 10:06 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-10 00:23 - 2012-11-17 08:52 - 00000000 _____ () C:\Windows\Path.idx
2014-06-09 23:53 - 2012-11-17 09:59 - 00003235 _____ () C:\Windows\MB.idx
2014-06-09 18:25 - 2013-11-15 20:57 - 01048576 _____ () C:\Windows\PE_Rom.dll
2014-06-07 22:11 - 2014-06-07 22:11 - 01333465 _____ () C:\Users\Jake Fin\Desktop\adwcleaner_3.212.exe
2014-06-06 21:57 - 2010-11-20 23:47 - 00179314 _____ () C:\Windows\PFRO.log
2014-06-06 19:28 - 2012-11-17 08:51 - 00000000 ____D () C:\Program Files\Intel
2014-06-05 02:16 - 2014-06-05 02:16 - 00000000 ____D () C:\Users\Jake Fin\AppData\Roaming\Oracle
2014-06-05 02:15 - 2013-10-22 19:45 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-05 02:14 - 2014-06-05 02:14 - 00004416 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-06-05 02:14 - 2014-06-05 02:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-05 02:14 - 2013-10-22 19:44 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-05 01:22 - 2014-06-05 01:22 - 00001436 _____ () C:\Users\Jake Fin\Desktop\AsusSetup.exe - Shortcut.lnk
2014-06-04 19:50 - 2014-05-19 19:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-06-02 20:44 - 2014-06-02 20:44 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-05-30 20:55 - 2014-05-18 20:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-30 20:54 - 2014-05-18 20:34 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-30 20:54 - 2014-05-18 20:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-30 06:21 - 2014-06-10 17:00 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 06:02 - 2014-06-10 17:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 06:02 - 2014-06-10 17:00 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 05:45 - 2014-06-10 17:00 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 05:39 - 2014-06-10 17:00 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 05:39 - 2014-06-10 17:00 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 05:38 - 2014-06-10 17:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 05:28 - 2014-06-10 17:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 05:27 - 2014-06-10 17:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 05:24 - 2014-06-10 17:00 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 05:21 - 2014-06-10 17:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 05:21 - 2014-06-10 17:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 05:20 - 2014-06-10 17:00 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 05:18 - 2014-06-10 17:00 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 05:11 - 2014-06-10 17:00 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 05:08 - 2014-06-10 17:00 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 05:06 - 2014-06-10 17:00 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 05:02 - 2014-06-10 17:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 04:55 - 2014-06-10 17:00 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 04:49 - 2014-06-10 17:00 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 04:46 - 2014-06-10 17:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 04:44 - 2014-06-10 17:00 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 04:44 - 2014-06-10 17:00 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 04:43 - 2014-06-10 17:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 04:42 - 2014-06-10 17:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 04:38 - 2014-06-10 17:00 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 04:35 - 2014-06-10 17:00 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 04:34 - 2014-06-10 17:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 04:33 - 2014-06-10 17:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 04:30 - 2014-06-10 17:00 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 04:29 - 2014-06-10 17:00 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 04:28 - 2014-06-10 17:00 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 04:27 - 2014-06-10 17:00 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 04:24 - 2014-06-10 17:00 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 04:23 - 2014-06-10 17:00 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 04:16 - 2014-06-10 17:00 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 04:10 - 2014-06-10 17:00 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 04:06 - 2014-06-10 17:00 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 04:04 - 2014-06-10 17:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 04:02 - 2014-06-10 17:00 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 03:56 - 2014-06-10 17:00 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 03:56 - 2014-06-10 17:00 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 03:54 - 2014-06-10 17:00 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 03:50 - 2014-06-10 17:00 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 03:49 - 2014-06-10 17:00 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 03:43 - 2014-06-10 17:00 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 03:40 - 2014-06-10 17:00 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 03:30 - 2014-06-10 17:00 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 03:21 - 2014-06-10 17:00 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 03:15 - 2014-06-10 17:00 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 03:13 - 2014-06-10 17:00 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 03:13 - 2014-06-10 17:00 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-22 23:53 - 2014-05-22 23:53 - 00000285 _____ () C:\Users\Jake Fin\Desktop\Best Medicare Advantage Plans 2014 - US News.URL
2014-05-21 23:55 - 2014-05-21 19:50 - 00000000 ____D () C:\Users\Jake Fin\AppData\Local\lptmp893559275
2014-05-21 19:50 - 2013-08-14 21:37 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-21 19:50 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-21 19:49 - 2012-11-17 09:25 - 00000000 ____D () C:\Program Files\Webroot
2014-05-21 19:48 - 2014-05-21 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
2014-05-19 19:45 - 2012-11-30 01:06 - 00000600 _____ () C:\Users\Jake Fin\AppData\Local\PUTTY.RND
2014-05-18 23:44 - 2014-05-18 23:44 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Mozilla
2014-05-18 23:44 - 2014-05-18 23:44 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Macromedia
2014-05-18 23:44 - 2014-05-18 23:44 - 00000000 ____D () C:\Users\Guest\AppData\Local\Mozilla
2014-05-18 23:44 - 2014-05-18 23:44 - 00000000 ____D () C:\Users\Guest\AppData\Local\Macromedia
2014-05-18 23:44 - 2013-08-14 21:38 - 00074256 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-18 23:44 - 2013-08-14 21:37 - 00001413 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-18 23:44 - 2013-08-14 21:37 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-18 20:34 - 2012-12-06 17:59 - 00000000 ____D () C:\Users\Jake Fin\AppData\Roaming\Malwarebytes
2014-05-18 20:34 - 2012-12-06 17:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-17 00:09 - 2014-05-17 00:09 - 00000000 ____D () C:\Windows\Sun
2014-05-17 00:01 - 2014-05-16 21:32 - 00000000 ____D () C:\Windows\pss
2014-05-16 22:11 - 2012-11-18 04:56 - 00000000 ___RD () C:\Users\Jake Fin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 21:58 - 2012-11-27 03:18 - 00007618 _____ () C:\Users\Jake Fin\AppData\Local\Resmon.ResmonCfg
2014-05-14 20:48 - 2012-11-18 01:27 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

Some content of TEMP:
====================
C:\Users\Jake Fin\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-08 01:23

==================== End Of Log ============================

___________________________________________________________________________________________________________

 

Farbar Recovery Scan Tool    (Addition.txt)

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-06-2014 02
Ran by Jake Fin at 2014-06-13 23:56:27
Running from C:\Users\Jake Fin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Webroot SecureAnywhere (Disabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}
AS: Webroot SecureAnywhere (Disabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.01.01 - ASUSTeK Computer Inc.)
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology)
ASUS Product Register Program (HKLM-x32\...\{49BE9B8A-E858-4533-A74A-64306C13DB59}) (Version: 1.0.014 - ASUS)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Batman: Arkham Asylum GOTY Edition (HKLM-x32\...\Steam App 35140) (Version:  - Rocksteady Studios)
Batman: Arkham City GOTY (HKLM-x32\...\Steam App 200260) (Version:  - Rocksteady Studios)
BCL easyConverter SDK 3 (Word Version) 64 (HKLM\...\{350CC85B-CA59-4F85-909D-8E4CDBF532FA}) (Version: 3.0.64 - BCL Technologies)
BovadaPoker (HKLM-x32\...\{D7CA2DF8-95CE-4C80-9296-98E21219A1E5}}_is1) (Version:   -  )
Call of Duty® 4 - Modern Warfare (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.6 - Activision)
Call of Duty® 4 - Modern Warfare (x32 Version: 1.6 - Activision) Hidden
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Canon D400-450 (HKLM\...\{87AEED05-C717-47bc-93BB-F8E527D2690F}) (Version:  - )
Canon MF Toolbox 4.9.1.1.mf13 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf13 - CANON INC.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.0.3717 - CDBurnerXP)
CPUID CPU-Z 1.68 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Crysis (HKLM-x32\...\Steam App 17300) (Version:  - Crytek)
Desktop Restore (HKLM\...\{15D07D6F-E4CC-41D9-88A3-94115E5E5A10}) (Version: 1.6.3 - JOConnell)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
Family Tree Maker 2014 (HKLM-x32\...\Family Tree Maker 2014) (Version: 22.0.207 - Ancestry.com, Inc.)
Family Tree Maker 2014 (Version: 22.0.207 - Ancestry.com, Inc.) Hidden
Far Cry (HKLM-x32\...\InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}) (Version: 1.00.0000 - Ubisoft)
Far Cry (Patch 1.4) (x32 Version: 1.00.0000 - Ubisoft) Hidden
Far Cry (x32 Version: 1.00.0000 - Ubisoft) Hidden
FileZilla Client 3.7.3 (HKCU\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
GameSpy Comrade (HKLM-x32\...\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}) (Version: 1.5.0.156 - GameSpy)
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version:  - Square Enix)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Network Connections 19.1.51.0 (HKLM\...\PROSetDX) (Version: 19.1.51.0 - Intel)
Intel® Network Connections 19.1.51.0 (Version: 19.1.51.0 - Intel) Hidden
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LibreOffice 3.6 Help Pack (English) (HKLM-x32\...\{4236F0C5-21D7-45FB-A3BF-762C0ED8CC28}) (Version: 3.6.3.2 - The Document Foundation)
LibreOffice 4.1.3.2 (HKLM-x32\...\{4F3722AD-197D-4DBB-BDFB-D2F0D6776354}) (Version: 4.1.3.2 - The Document Foundation)
Logitech SetPoint 6.52 (HKLM\...\sp6) (Version: 6.52.74 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.51.827.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{B45FABE7-D101-4D99-A671-E16DA40AF7F0}) (Version: 3.0.86.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{B578C85A-A84C-4230-A177-C5B2AF565B8C}) (Version: 3.0.17.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Mozilla Firefox 16.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 16.0.2 (x86 en-US)) (Version: 16.0.2 - Mozilla)
Mozilla Firefox 29.0.1 (x86 en-US) (HKCU\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 16.0.2 - Mozilla)
Mozilla Thunderbird 16.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 16.0.2 (x86 en-US)) (Version: 16.0.2 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-US) (HKCU\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA PhysX (HKLM-x32\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
PokerStars.net (HKLM-x32\...\PokerStars.net) (Version:  - PokerStars.net)
Presto! PageManager 7.15.35 (HKLM-x32\...\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}) (Version: 7.15.35 - NewSoft Technology Corporation)
QQ International (HKLM-x32\...\{3CA54984-A14B-42FE-9FF1-7EA90151D725}) (Version: 1.91.1369.0 - Tencent Technology(Shenzhen) Company Limited)
Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.3.0 - Samsung Electronics)
Skype™ 6.0 (HKLM-x32\...\{EA17F4FC-FDBF-4CF8-A529-2D983132D053}) (Version: 6.0.126 - Skype Technologies S.A.)
Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version:  - Square Enix)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2013 WinPerFedFormset (x32 Version: 013.000.2166 - Intuit Inc.) Hidden
TurboTax 2013 WinPerReleaseEngine (x32 Version: 013.000.0492 - Intuit Inc.) Hidden
TurboTax 2013 WinPerTaxSupport (x32 Version: 013.000.0169 - Intuit Inc.) Hidden
TurboTax 2013 wmaiper (x32 Version: 013.000.1523 - Intuit Inc.) Hidden
TurboTax 2013 wrapper (x32 Version: 013.000.0135 - Intuit Inc.) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 8.0.4.84 - Webroot)

==================== Restore Points  =========================

21-05-2014 22:48:00 Windows Update
29-05-2014 05:41:20 Scheduled Checkpoint
30-05-2014 22:05:20 Windows Update
04-06-2014 21:10:15 Windows Update
05-06-2014 06:14:43 Installed Java 7 Update 60
06-06-2014 23:26:27 Installed Intel® Network Connections.
10-06-2014 21:00:33 Windows Update
14-06-2014 02:38:24 Windows Update

==================== Hosts content: ==========================

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {470AA80C-75F6-41FC-9BE8-EBE309FAA433} - System32\Tasks\ASUS\ASUS Network iControl Help Execute => C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelpEntry.exe [2012-05-02] (ASUSTeK Computer Inc.)
Task: {5F2D7E2D-2CC4-48F8-AD25-605E347B760F} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
Task: {98FD1F69-7EAC-43B2-BEE2-B565CBB49A94} - System32\Tasks\ASUS\ASUS DigiPowerControl Help => C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe [2012-08-14] (ASUSTeK Computer Inc.)
Task: {A14A6E08-D2D7-4028-AAF4-2A597F818ADE} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe [2011-09-10] ()
Task: {DA1F8022-91BA-47E7-9B94-DE3501FDA446} - System32\Tasks\ASUS\Easy Update => C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe [2012-10-24] ()

==================== Loaded Modules (whitelisted) =============

2012-11-18 22:33 - 2012-11-18 22:33 - 00920736 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2012-11-18 22:34 - 2012-10-24 18:53 - 01404800 _____ () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe
2010-01-02 10:42 - 2010-01-02 10:42 - 00098304 _____ () C:\Jake Fin Programs\FileZilla\FileZilla FTP Client\fzshellext_64.dll
2012-11-18 22:33 - 2014-06-13 17:14 - 00033280 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2012-11-18 22:33 - 2012-11-18 22:31 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2012-11-18 22:34 - 2012-10-25 12:34 - 04594503 _____ () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzULIB.dll
2012-11-18 22:34 - 2010-06-21 16:21 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\ImageHelper.dll
2012-11-18 22:36 - 2012-11-18 22:32 - 00043520 ____N () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
2012-11-18 22:36 - 2012-07-05 13:05 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
2012-11-18 22:34 - 2011-07-12 20:14 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
2012-11-18 22:34 - 2010-10-05 09:22 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
2012-11-18 22:34 - 2011-09-26 20:36 - 00869376 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dll
2012-11-18 22:34 - 2012-03-21 13:07 - 00972288 _____ () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
2012-11-18 22:34 - 2012-08-01 11:51 - 01040896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EasyUpdt.dll
2012-11-18 22:35 - 2012-06-19 13:56 - 01305600 _____ () C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
2012-11-18 22:35 - 2012-08-14 12:14 - 01123840 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\Network iControl.dll
2012-11-18 22:34 - 2012-05-25 11:33 - 00883712 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
2012-11-18 22:34 - 2012-05-28 22:27 - 01622528 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
2012-11-18 22:34 - 2011-09-19 21:18 - 01243136 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
2012-11-18 22:34 - 2011-07-21 10:06 - 00846848 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
2012-11-18 22:34 - 2011-10-14 21:03 - 00885248 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
2012-11-18 22:35 - 2011-06-08 12:15 - 00651264 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Thermal Radar\ThermalRadar.dll
2012-11-17 08:28 - 2010-08-22 22:17 - 00662016 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll
2012-11-18 22:34 - 2010-10-05 09:22 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
2012-11-18 22:34 - 2009-08-12 21:15 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll
2012-11-18 22:35 - 2012-07-31 16:21 - 00152064 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\gep.dll
2012-11-18 22:35 - 2012-08-15 15:42 - 00786432 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\func.dll
2012-11-18 22:35 - 2010-10-05 09:22 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\pngio.dll
2014-02-14 22:40 - 2014-02-14 22:40 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b162055347700182d96325676dd591c4\IsdiInterop.ni.dll
2012-11-17 09:04 - 2011-11-29 21:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-11-18 22:36 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (whitelisted) =============

HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!

==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupfolder: C:^Users^Jake Fin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Magician.lnk => C:\Windows\pss\Samsung Magician.lnk.Startup
MSCONFIG\startupreg: ASUS AiChargerPlus Execute => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: WrtMon.exe => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 20%
Total physical RAM: 16330.86 MB
Available physical RAM: 13047.21 MB
Total Pagefile: 17353.04 MB
Available Pagefile: 13931.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:238.37 GB) (Free:202.75 GB) NTFS
Drive f: (Jake Fin Files) (Fixed) (Total:97.66 GB) (Free:74.21 GB) NTFS
Drive g: (Games) (Fixed) (Total:196.29 GB) (Free:37.29 GB) NTFS
Drive h: (Storage) (Fixed) (Total:49.8 GB) (Free:35.82 GB) NTFS
Drive i: (Boot Image) (Fixed) (Total:537.11 GB) (Free:494.83 GB) NTFS
Drive j: (Archives) (Fixed) (Total:394.4 GB) (Free:393.51 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 0CCA3F54)
Partition 1: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=196 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 238 GB) (Disk ID: 752F4E20)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 0CCA3F55)
Partition 1: (Not Active) - (Size=537 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=394 GB) - (Type=07 NTFS)

==================== End Of Log ============================

___________________________________________________________________________________________________________

 

That's all of it.

[Jitter]

When all that dust settled I did a re-boot and then a speed test. No improvement yet, actually it was a tad lower: 1.8 down/1.2 up.

In Device Manager I a "Disable" then "Enable" of the network adapter and voila, connection speed was 28.4 down/5.9 up.

 

Perhaps the upcoming cleaning will be helpful.

[AdvancedSetup]

Go ahead and have AdwCleaner remove all of the found items.

 

Please visit this webpage and read the ComboFix User's Guide:

• Once you've read the article and are ready to use the program you can download it directly from the link below.
• Important! - Please make sure you save combofix to your desktop and do not run it from your browser
• Direct download link for: ComboFix.exe
• Please make sure you disable your security applications before running ComboFix.
• Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
• Please attach that log file to your next reply.
• If needed the file can be located here:  C:\combofix.txt
• NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
  

 

[Jitter]

OK, I allowed AdwCleaner to delete all but the few keys listed. Those keys, TENCENT, were all present before this problem cropped up and Tencent/QQ is a program I use

.

After the reboot I did the speed tests with the same results: 2.04 down/1.08 up. After doing the Disable/Re-enable of the NIC the speed returned to my peaks of 28.49 down/5.95 up. I'll post the AdwCleaner report below.

 

If I don't do the ComboFix routine now I may not be able to get to it until tomorrow or Sunday. Again, thanks for this help.

 

AdwCleaner Report

 

# AdwCleaner v3.212 - Report created 14/06/2014 at 02:27:24
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jake Fin - JAKEFIN
# Running from : C:\Users\Jake Fin\Desktop\adwcleaner_3.212.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[x] Not Deleted : C:\Program Files (x86)\Common Files\Tencent
[x] Not Deleted : C:\Users\Jake Fin\AppData\Local\PackageAware

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
[x] Not Deleted : HKCU\Software\TENCENT
[x] Not Deleted : HKLM\Software\TENCENT
[x] Not Deleted : [x64] HKCU\Software\TENCENT
Key Deleted : [x64] HKLM\SOFTWARE\systweak

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v16.0.2 (en-US)

[ File : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\9fn29s0t.default\prefs.js ]


[ File : C:\Users\Jake Fin\AppData\Roaming\Mozilla\Firefox\Profiles\kvk73lgd.default\prefs.js ]


-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [9701 octets] - [17/05/2014 01:14:29]
AdwCleaner[R1].txt - [9810 octets] - [28/05/2014 18:39:12]
AdwCleaner[R2].txt - [9809 octets] - [05/06/2014 01:24:47]
AdwCleaner[R3].txt - [9869 octets] - [05/06/2014 02:06:29]
AdwCleaner[R4].txt - [9888 octets] - [07/06/2014 22:11:48]
AdwCleaner[R5].txt - [9948 octets] - [10/06/2014 01:34:49]
AdwCleaner[R6].txt - [10008 octets] - [11/06/2014 19:57:34]
AdwCleaner[R7].txt - [9331 octets] - [13/06/2014 22:50:31]
AdwCleaner[R8].txt - [9391 octets] - [14/06/2014 02:23:23]
AdwCleaner[s0].txt - [9336 octets] - [14/06/2014 02:27:24]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [9396 octets] ##########
 

[Jitter]

Before I run ComboFix, do you know if it might delete all or part of Tencent/QQ?

 

If it will mess with the QQ/Tencent installation I would want to save certain files from that program and possibly even delete it myself before running ComboFix. I know somem scanners flag Tencent as adware but I have been using that software for over 3 years on 3 different machines of my own and 3 different machines of my lady friend. It does try to install junkware but it can be largely avoided and I have not found it to be actually malicious. Probably no worse than things like Skype or Facebook.

[AdvancedSetup]

I have no idea if it will or not but if it does we can have combfix restore it.

[Jitter]

Just completed the ComboFix scan. So far nothing appears to have been unduly molested. I just tested my connection speed issue and that, too, is unchanged. It took a second reboot to get everything up and running. Speed tested at 2/2, then after the Disable/Enable of the network adapter speed came back at 28/5. ComboFix log below; I don't think even the NSA knows this much about me now :-)

 

 

ComboFix 14-06-16.01 - Jake Fin 06/16/2014  19:13:58.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16331.14172 [GMT -4:00]
Running from: c:\users\Jake Fin\Desktop\ComboFix.exe
AV: Webroot SecureAnywhere *Disabled/Updated* {66A6FE14-08CB-F415-3742-517201416109}
SP: Webroot SecureAnywhere *Disabled/Updated* {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jake Fin\AppData\Roaming\Local
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\af_ZA\af_ZA.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\ar_EG\ar_EG.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\ar_SA\ar_SA.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\az_AZ\az_AZ.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\be_BY\be_BY.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\bg_BG\bg_BG.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\bn_BD\bn_BD.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\bs_BA\bs_BA.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\ca_ES\ca_ES.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\cs_CZ\cs_CZ.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\da_DK\da_DK.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\de_DE\de_DE.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\de_DE\messages.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\de_DE\wxstd.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\el_GR\el_GR.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\en_AU\en_AU.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\en_GB\en_GB.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\en_US\en_US.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\eo_US\eo_US.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\es_ES\es_ES.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\es_MX\es_MX.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\et_EE\et_EE.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\fa_IR\fa_IR.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\fa_IR\messages.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\fi_FI\fi_FI.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\fr_CA\fr_CA.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\fr_FR\fr_FR.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\fr_FR\messages.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\ga_IE\ga_IE.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\gl_ES\gl_ES.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\gu_IN\gu_IN.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\he_IL\he_IL.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\he_IL\messages.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\hi_IN\hi_IN.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\hr_HR\hr_HR.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\hu_HU\hu_HU.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\id_ID\id_ID.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\is_IS\is_IS.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\it_IT\it_IT.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\ja_JP\ja_JP.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\ka_GE\ka_GE.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\kn_IN\kn_IN.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\ko_KR\ko_KR.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\lt_LT\lt_LT.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\lv_LV\lv_LV.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\mg_MG\mg_MG.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\mk_MK\mk_MK.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\ml_IN\ml_IN.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\mr_IN\mr_IN.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\ms_MY\ms_MY.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\nb_NO\nb_NO.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\nl_NL\junk.html
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\nl_NL\messages.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\nl_NL\nl_NL.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\nn_NO\nn_NO.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\pa_IN\pa_IN.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\pl_PL\pl_PL.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\pt_BR\pt_BR.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\pt_PT\pt_PT.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\ro_RO\ro_RO.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\ru_RU\ru_RU.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\si_LK\si_LK.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\sk_SK\sk_SK.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\sl_SI\sl_SI.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\sq_AL\sq_AL.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\sr_RS\sr_RS.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\sv_SE\messages.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\sv_SE\sv_SE.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\ta_IN\ta_IN.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\th_TH\th_TH.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\tl_PH\tl_PH.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\tr_TR\tr_TR.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\uk_UA\uk_UA.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\ur_PK\ur_PK.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\vi_VN\vi_VN.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\zh_CN\zh_CN.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\languages\zh_TW\zh_TW.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1333983715\lp_languages.zip
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\af_ZA\af_ZA.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\af_ZA\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\ar_EG\ar_EG.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\ar_EG\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\ar_SA\ar_SA.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\ar_SA\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\az_AZ\az_AZ.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\az_AZ\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\be_BY\be_BY.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\be_BY\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\bg_BG\bg_BG.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\bg_BG\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\bn_BD\bn_BD.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\bn_BD\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\bs_BA\bs_BA.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\bs_BA\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\ca_ES\ca_ES.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\ca_ES\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\cs_CZ\cs_CZ.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\cs_CZ\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\da_DK\da_DK.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\da_DK\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\de_DE\de_DE.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\de_DE\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\de_DE\messages.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\de_DE\wxstd.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\el_GR\el_GR.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\el_GR\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\en_AU\en_AU.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\en_AU\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\en_GB\en_GB.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\en_GB\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\en_US\en_US.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\en_US\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\eo_US\eo_US.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\eo_US\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\es_ES\es_ES.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\es_ES\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\es_MX\es_MX.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\es_MX\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\et_EE\et_EE.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\et_EE\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\fa_IR\fa_IR.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\fa_IR\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\fa_IR\messages.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\fi_FI\fi_FI.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\fi_FI\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\fr_CA\fr_CA.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\fr_CA\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\fr_FR\fr_FR.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\fr_FR\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\fr_FR\messages.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\ga_IE\ga_IE.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\ga_IE\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\gl_ES\gl_ES.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\gl_ES\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\gu_IN\gu_IN.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\gu_IN\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\he_IL\he_IL.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\he_IL\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\he_IL\messages.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\hi_IN\hi_IN.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\hi_IN\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\hr_HR\hr_HR.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\hr_HR\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\hu_HU\hu_HU.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\hu_HU\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\id_ID\id_ID.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\id_ID\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\is_IS\is_IS.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\is_IS\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\it_IT\it_IT.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\it_IT\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\ja_JP\ja_JP.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\ja_JP\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\ka_GE\ka_GE.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\ka_GE\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\kn_IN\kn_IN.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\kn_IN\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\ko_KR\ko_KR.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\ko_KR\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\lt_LT\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\lt_LT\lt_LT.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\lv_LV\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\lv_LV\lv_LV.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\mg_MG\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\mg_MG\mg_MG.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\mk_MK\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\mk_MK\mk_MK.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\ml_IN\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\ml_IN\ml_IN.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\mr_IN\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\mr_IN\mr_IN.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\ms_MY\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\ms_MY\ms_MY.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\nb_NO\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\nb_NO\nb_NO.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\nl_NL\junk.html
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\nl_NL\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\nl_NL\messages.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\nl_NL\nl_NL.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\nn_NO\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\nn_NO\nn_NO.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\pa_IN\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\pa_IN\pa_IN.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\pl_PL\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\pl_PL\pl_PL.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\pt_BR\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\pt_BR\pt_BR.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\pt_PT\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\pt_PT\pt_PT.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\ro_RO\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\ro_RO\ro_RO.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\ru_RU\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\ru_RU\ru_RU.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\si_LK\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\si_LK\si_LK.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\sk_SK\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\sk_SK\sk_SK.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\sl_SI\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\sl_SI\sl_SI.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\sq_AL\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\sq_AL\sq_AL.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\sr_RS\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\sr_RS\sr_RS.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\sv_SE\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\sv_SE\messages.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\sv_SE\sv_SE.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\ta_IN\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\ta_IN\ta_IN.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\th_TH\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\th_TH\th_TH.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\tl_PH\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\tl_PH\tl_PH.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\tr_TR\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\tr_TR\tr_TR.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\uk_UA\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\uk_UA\uk_UA.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\ur_PK\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\ur_PK\ur_PK.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\vi_VN\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\vi_VN\vi_VN.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\zh_CN\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\zh_CN\zh_CN.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\zh_TW\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\languages\zh_TW\zh_TW.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp1910570364\lp_languages.zip
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\af_ZA\af_ZA.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\ar_EG\ar_EG.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\ar_SA\ar_SA.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\az_AZ\az_AZ.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\be_BY\be_BY.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\bg_BG\bg_BG.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\bn_BD\bn_BD.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\bs_BA\bs_BA.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\ca_ES\ca_ES.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\cs_CZ\cs_CZ.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\da_DK\da_DK.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\de_DE\de_DE.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\de_DE\messages.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\de_DE\wxstd.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\el_GR\el_GR.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\en_AU\en_AU.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\en_GB\en_GB.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\en_US\en_US.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\eo_US\eo_US.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\es_ES\es_ES.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\es_MX\es_MX.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\et_EE\et_EE.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\fa_IR\fa_IR.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\fa_IR\messages.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\fi_FI\fi_FI.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\fr_CA\fr_CA.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\fr_FR\fr_FR.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\fr_FR\messages.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\ga_IE\ga_IE.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\gl_ES\gl_ES.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\gu_IN\gu_IN.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\he_IL\he_IL.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\he_IL\messages.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\hi_IN\hi_IN.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\hr_HR\hr_HR.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\hu_HU\hu_HU.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\id_ID\id_ID.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\is_IS\is_IS.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\it_IT\it_IT.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\ja_JP\ja_JP.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\ka_GE\ka_GE.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\kn_IN\kn_IN.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\ko_KR\ko_KR.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\lt_LT\lt_LT.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\lv_LV\lv_LV.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\mg_MG\mg_MG.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\mk_MK\mk_MK.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\ml_IN\ml_IN.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\mr_IN\mr_IN.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\ms_MY\ms_MY.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\nb_NO\nb_NO.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\nl_NL\junk.html
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\nl_NL\messages.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\nl_NL\nl_NL.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\nn_NO\nn_NO.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\pa_IN\pa_IN.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\pl_PL\pl_PL.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\pt_BR\pt_BR.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\pt_PT\pt_PT.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\ro_RO\ro_RO.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\ru_RU\ru_RU.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\si_LK\si_LK.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\sk_SK\sk_SK.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\sl_SI\sl_SI.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\sq_AL\sq_AL.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\sr_RS\sr_RS.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\sv_SE\messages.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\sv_SE\sv_SE.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\ta_IN\ta_IN.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\th_TH\th_TH.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\tl_PH\tl_PH.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\tr_TR\tr_TR.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\uk_UA\uk_UA.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\ur_PK\ur_PK.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\vi_VN\vi_VN.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\zh_CN\zh_CN.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\languages\zh_TW\zh_TW.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp624566213\lp_languages.zip
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp628635217\lp_languages.zip
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\af_ZA\af_ZA.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\af_ZA\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\ar_EG\ar_EG.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\ar_EG\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\ar_SA\ar_SA.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\ar_SA\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\az_AZ\az_AZ.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\az_AZ\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\be_BY\be_BY.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\be_BY\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\bg_BG\bg_BG.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\bg_BG\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\bn_BD\bn_BD.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\bn_BD\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\bs_BA\bs_BA.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\bs_BA\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\ca_ES\ca_ES.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\ca_ES\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\cs_CZ\cs_CZ.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\cs_CZ\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\da_DK\da_DK.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\da_DK\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\de_DE\de_DE.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\de_DE\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\de_DE\messages.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\de_DE\wxstd.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\el_GR\el_GR.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\el_GR\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\en_AU\en_AU.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\en_AU\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\en_GB\en_GB.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\en_GB\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\en_US\en_US.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\en_US\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\eo_US\eo_US.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\eo_US\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\es_ES\es_ES.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\es_ES\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\es_MX\es_MX.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\es_MX\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\et_EE\et_EE.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\et_EE\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\fa_IR\fa_IR.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\fa_IR\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\fa_IR\messages.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\fi_FI\fi_FI.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\fi_FI\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\fr_CA\fr_CA.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\fr_CA\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\fr_FR\fr_FR.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\fr_FR\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\fr_FR\messages.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\ga_IE\ga_IE.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\ga_IE\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\gl_ES\gl_ES.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\gl_ES\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\gu_IN\gu_IN.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\gu_IN\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\he_IL\he_IL.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\he_IL\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\he_IL\messages.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\hi_IN\hi_IN.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\hi_IN\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\hr_HR\hr_HR.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\hr_HR\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\hu_HU\hu_HU.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\hu_HU\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\id_ID\id_ID.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\id_ID\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\is_IS\is_IS.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\is_IS\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\it_IT\it_IT.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\it_IT\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\ja_JP\ja_JP.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\ja_JP\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\ka_GE\ka_GE.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\ka_GE\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\kn_IN\kn_IN.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\kn_IN\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\ko_KR\ko_KR.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\ko_KR\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\lt_LT\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\lt_LT\lt_LT.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\lv_LV\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\lv_LV\lv_LV.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\mg_MG\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\mg_MG\mg_MG.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\mk_MK\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\mk_MK\mk_MK.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\ml_IN\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\ml_IN\ml_IN.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\mr_IN\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\mr_IN\mr_IN.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\ms_MY\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\ms_MY\ms_MY.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\nb_NO\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\nb_NO\nb_NO.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\nl_NL\junk.html
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\nl_NL\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\nl_NL\messages.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\nl_NL\nl_NL.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\nn_NO\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\nn_NO\nn_NO.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\pa_IN\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\pa_IN\pa_IN.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\pl_PL\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\pl_PL\pl_PL.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\pt_BR\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\pt_BR\pt_BR.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\pt_PT\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\pt_PT\pt_PT.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\ro_RO\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\ro_RO\ro_RO.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\ru_RU\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\ru_RU\ru_RU.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\si_LK\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\si_LK\si_LK.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\sk_SK\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\sk_SK\sk_SK.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\sl_SI\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\sl_SI\sl_SI.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\sq_AL\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\sq_AL\sq_AL.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\sr_RS\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\sr_RS\sr_RS.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\sv_SE\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\sv_SE\messages.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\sv_SE\sv_SE.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\ta_IN\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\ta_IN\ta_IN.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\th_TH\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\th_TH\th_TH.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\tl_PH\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\tl_PH\tl_PH.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\tr_TR\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\tr_TR\tr_TR.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\uk_UA\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\uk_UA\uk_UA.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\ur_PK\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\ur_PK\ur_PK.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\vi_VN\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\vi_VN\vi_VN.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\zh_CN\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\zh_CN\zh_CN.xpm
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\zh_TW\lastpass.mo
c:\users\Jake Fin\AppData\Roaming\Local\Temp\lptmp709734481\languages\zh_TW\zh_TW.xpm
f:\my documents\OBJLIST.TMP
.
.
(((((((((((((((((((((((((   Files Created from 2014-05-16 to 2014-06-16  )))))))))))))))))))))))))))))))
.
.
2014-06-16 00:11 . 2014-06-16 00:11    --------    d-----w-    c:\programdata\ATI
2014-06-16 00:10 . 2014-06-16 00:10    --------    d-----w-    c:\users\Jake Fin\AppData\Roaming\library_dir
2014-06-16 00:10 . 2014-06-16 22:27    --------    d-----w-    c:\users\Jake Fin\AppData\Roaming\Raptr
2014-06-16 00:10 . 2014-06-16 00:10    --------    d-----w-    c:\program files (x86)\Raptr
2014-06-16 00:10 . 2014-06-16 00:10    --------    d-----w-    c:\program files (x86)\Common Files\ATI Technologies
2014-06-16 00:10 . 2014-06-16 00:10    --------    d-----w-    c:\program files (x86)\AMD AVT
2014-06-16 00:09 . 2014-06-16 00:09    --------    d-----w-    c:\program files (x86)\ATI Technologies
2014-06-16 00:09 . 2014-06-16 00:09    --------    d-----w-    c:\program files\ATI
2014-06-16 00:08 . 2014-06-16 00:09    --------    d-----w-    c:\program files\ATI Technologies
2014-06-15 00:47 . 2014-06-15 00:47    --------    d-----w-    c:\users\Jake Fin\AppData\Roaming\Tencent
2014-06-14 22:06 . 2014-06-14 22:06    --------    d-----w-    c:\users\Jake Fin\AppData\Local\Adobe
2014-06-14 03:56 . 2014-06-14 03:56    --------    d-----w-    C:\FRST
2014-06-14 02:39 . 2014-06-14 02:39    --------    d-----w-    c:\windows\ERUNT
2014-06-14 02:38 . 2014-04-30 23:20    10702536    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{C1C08FDD-8692-45E1-BEEF-63008F622705}\mpengine.dll
2014-06-12 18:57 . 2014-06-12 18:57    --------    d-----w-    c:\programdata\RogueKiller
2014-06-12 18:39 . 2014-06-12 18:39    --------    d-----w-    c:\program files (x86)\ERUNT
2014-06-07 02:04 . 2014-06-07 02:04    --------    d-----w-    c:\users\Jake Fin\AppData\Local\ElevatedDiagnostics
2014-06-06 23:26 . 2014-03-12 20:16    403256    ----a-w-    c:\windows\system32\PROUnstl.exe
2014-06-05 06:16 . 2014-06-05 06:16    --------    d-----w-    c:\users\Jake Fin\AppData\Roaming\Oracle
2014-06-05 06:15 . 2014-06-05 06:15    --------    d-----w-    c:\program files (x86)\Common Files\Java
2014-05-21 23:50 . 2014-05-22 03:55    --------    d-----w-    c:\users\Jake Fin\AppData\Local\lptmp893559275
2014-05-21 23:48 . 2014-06-14 04:10    153256    ----a-w-    c:\windows\SysWow64\WRusr.dll
2014-05-21 23:48 . 2014-06-14 04:10    114176    ----a-w-    c:\windows\system32\drivers\WRkrn.sys
2014-05-21 23:48 . 2014-06-14 04:10    103816    ----a-w-    c:\windows\system32\WRusr.dll
2014-05-21 23:48 . 2014-06-16 22:38    --------    d-----w-    c:\programdata\WRData
2014-05-19 03:44 . 2014-05-19 03:44    --------    d-----w-    c:\users\Guest\AppData\Local\Macromedia
2014-05-19 03:44 . 2014-05-19 03:44    --------    d-----w-    c:\users\Guest\AppData\Local\Mozilla
2014-05-19 00:34 . 2014-06-16 23:17    122584    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-19 00:34 . 2014-05-31 00:55    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-05-19 00:34 . 2014-05-12 11:26    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-05-19 00:34 . 2014-05-12 11:26    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-12 03:15 . 2012-11-18 05:28    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-12 03:15 . 2012-11-18 05:28    699056    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-10 21:01 . 2012-11-17 14:06    95414520    ----a-w-    c:\windows\system32\MRT.exe
2014-06-09 22:25 . 2013-11-16 00:57    1048576    ----a-w-    c:\windows\PE_Rom.dll
2014-05-21 23:50 . 2012-11-17 13:25    10395072    ----a-w-    c:\program files (x86)\Common Files\wruninstall.exe
2014-05-12 11:25 . 2012-12-10 03:43    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-05-09 06:14 . 2014-05-14 03:40    477184    ----a-w-    c:\windows\system32\aepdu.dll
2014-05-09 06:11 . 2014-05-14 03:40    424448    ----a-w-    c:\windows\system32\aeinv.dll
2014-05-07 19:02 . 2013-10-22 23:44    98216    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-18 02:43 . 2014-04-18 02:43    127872    ----a-w-    c:\windows\system32\amdhcp64.dll
2014-04-18 02:43 . 2014-04-18 02:43    78432    ----a-w-    c:\windows\system32\atimpc64.dll
2014-04-18 02:43 . 2014-04-18 02:43    78432    ----a-w-    c:\windows\system32\amdpcom64.dll
2014-04-18 02:43 . 2014-04-18 02:43    117560    ----a-w-    c:\windows\SysWow64\amdhcp32.dll
2014-04-18 02:43 . 2014-04-18 02:43    71704    ----a-w-    c:\windows\SysWow64\atimpc32.dll
2014-04-18 02:43 . 2014-04-18 02:43    71704    ----a-w-    c:\windows\SysWow64\amdpcom32.dll
2014-04-18 02:43 . 2014-04-18 02:43    143304    ----a-w-    c:\windows\system32\atiuxp64.dll
2014-04-18 02:42 . 2014-04-18 02:42    126336    ----a-w-    c:\windows\SysWow64\atiuxpag.dll
2014-04-18 02:42 . 2014-04-18 02:42    117584    ----a-w-    c:\windows\system32\atiu9p64.dll
2014-04-18 02:42 . 2014-04-18 02:42    99520    ----a-w-    c:\windows\SysWow64\atiu9pag.dll
2014-04-18 02:42 . 2014-04-18 02:42    1343272    ----a-w-    c:\windows\system32\aticfx64.dll
2014-04-18 02:42 . 2014-04-18 02:42    1117184    ----a-w-    c:\windows\SysWow64\aticfx32.dll
2014-04-18 02:42 . 2014-04-18 02:42    10335208    ----a-w-    c:\windows\system32\atidxx64.dll
2014-04-18 02:42 . 2014-04-18 02:42    8866928    ----a-w-    c:\windows\SysWow64\atidxx32.dll
2014-04-18 02:42 . 2014-04-18 02:42    6796592    ----a-w-    c:\windows\SysWow64\atiumdva.dll
2014-04-18 02:42 . 2014-04-18 02:42    6799688    ----a-w-    c:\windows\SysWow64\atiumdag.dll
2014-04-18 02:42 . 2014-04-18 02:42    7520200    ----a-w-    c:\windows\system32\atiumd6a.dll
2014-04-18 02:42 . 2014-04-18 02:42    8010968    ----a-w-    c:\windows\system32\atiumd64.dll
2014-04-18 02:39 . 2014-04-18 02:39    274656    ----a-w-    c:\windows\system32\drivers\amdacpksd.sys
2014-04-18 02:36 . 2014-04-18 02:36    15376384    ----a-w-    c:\windows\system32\drivers\atikmdag.sys
2014-04-18 02:33 . 2014-04-18 02:33    51200    ----a-w-    c:\windows\system32\kdbsdk64.dll
2014-04-18 02:28 . 2014-04-18 02:28    38912    ----a-w-    c:\windows\SysWow64\kdbsdk32.dll
2014-04-18 02:23 . 2014-04-18 02:23    231424    ----a-w-    c:\windows\system32\clinfo.exe
2014-04-18 02:22 . 2014-04-18 02:22    98816    ----a-w-    c:\windows\system32\OpenVideo64.dll
2014-04-18 02:22 . 2014-04-18 02:22    83456    ----a-w-    c:\windows\SysWow64\OpenVideo.dll
2014-04-18 02:22 . 2014-04-18 02:22    86528    ----a-w-    c:\windows\system32\OVDecode64.dll
2014-04-18 02:22 . 2014-04-18 02:22    73216    ----a-w-    c:\windows\SysWow64\OVDecode.dll
2014-04-18 02:22 . 2014-04-18 02:22    28685824    ----a-w-    c:\windows\system32\amdocl64.dll
2014-04-18 02:19 . 2014-04-18 02:19    24107520    ----a-w-    c:\windows\SysWow64\amdocl.dll
2014-04-18 02:17 . 2014-04-18 02:17    65024    ----a-w-    c:\windows\system32\OpenCL.dll
2014-04-18 02:17 . 2014-04-18 02:17    58880    ----a-w-    c:\windows\SysWow64\OpenCL.dll
2014-04-18 02:13 . 2014-04-18 02:13    127488    ----a-w-    c:\windows\system32\mantle64.dll
2014-04-18 02:13 . 2014-04-18 02:13    113664    ----a-w-    c:\windows\SysWow64\mantle32.dll
2014-04-18 02:12 . 2014-04-18 02:12    27907584    ----a-w-    c:\windows\system32\atio6axx.dll
2014-04-18 02:12 . 2014-04-18 02:12    5442048    ----a-w-    c:\windows\system32\amdmantle64.dll
2014-04-18 01:58 . 2014-04-18 01:58    4358656    ----a-w-    c:\windows\SysWow64\amdmantle32.dll
2014-04-18 01:51 . 2014-04-18 01:51    23409152    ----a-w-    c:\windows\SysWow64\atioglxx.dll
2014-04-18 01:46 . 2014-04-18 01:46    368128    ----a-w-    c:\windows\system32\atiapfxx.exe
2014-04-18 01:46 . 2014-04-18 01:46    62464    ----a-w-    c:\windows\system32\aticalrt64.dll
2014-04-18 01:46 . 2014-04-18 01:46    52224    ----a-w-    c:\windows\SysWow64\aticalrt.dll
2014-04-18 01:46 . 2014-04-18 01:46    55808    ----a-w-    c:\windows\system32\aticalcl64.dll
2014-04-18 01:46 . 2014-04-18 01:46    49152    ----a-w-    c:\windows\SysWow64\aticalcl.dll
2014-04-18 01:46 . 2014-04-18 01:46    15716352    ----a-w-    c:\windows\system32\aticaldd64.dll
2014-04-18 01:45 . 2014-04-18 01:45    91136    ----a-w-    c:\windows\system32\mantleaxl64.dll
2014-04-18 01:45 . 2014-04-18 01:45    85504    ----a-w-    c:\windows\SysWow64\mantleaxl32.dll
2014-04-18 01:42 . 2014-04-18 01:42    14302208    ----a-w-    c:\windows\SysWow64\aticaldd.dll
2014-04-18 01:33 . 2014-04-18 01:33    48128    ----a-w-    c:\windows\system32\amdmmcl6.dll
2014-04-18 01:33 . 2014-04-18 01:33    37888    ----a-w-    c:\windows\SysWow64\amdmmcl.dll
2014-04-18 01:30 . 2014-04-18 01:30    442368    ----a-w-    c:\windows\system32\atidemgy.dll
2014-04-18 01:30 . 2014-04-18 01:30    31232    ----a-w-    c:\windows\system32\atimuixx.dll
2014-04-18 01:29 . 2014-04-18 01:29    586240    ----a-w-    c:\windows\system32\atieclxx.exe
2014-04-18 01:29 . 2014-04-18 01:29    239616    ----a-w-    c:\windows\system32\atiesrxx.exe
2014-04-18 01:28 . 2014-04-18 01:28    190976    ----a-w-    c:\windows\system32\atitmm64.dll
2014-04-18 01:21 . 2014-04-18 01:21    806912    ----a-w-    c:\windows\system32\coinst_14.100.dll
2014-04-18 01:09 . 2014-04-18 01:09    1177600    ----a-w-    c:\windows\system32\atiadlxx.dll
2014-04-18 01:09 . 2014-04-18 01:09    848896    ----a-w-    c:\windows\SysWow64\atiadlxy.dll
2014-04-18 01:08 . 2014-04-18 01:08    95744    ----a-w-    c:\windows\system32\amdave64.dll
2014-04-18 01:08 . 2014-04-18 01:08    90112    ----a-w-    c:\windows\SysWow64\amdave32.dll
2014-04-18 01:08 . 2014-04-18 01:08    89088    ----a-w-    c:\windows\system32\atisamu64.dll
2014-04-18 01:08 . 2014-04-18 01:08    80896    ----a-w-    c:\windows\SysWow64\atisamu32.dll
2014-04-18 01:07 . 2014-04-18 01:07    75264    ----a-w-    c:\windows\system32\atig6pxx.dll
2014-04-18 01:07 . 2014-04-18 01:07    69632    ----a-w-    c:\windows\SysWow64\atiglpxx.dll
2014-04-18 01:07 . 2014-04-18 01:07    69632    ----a-w-    c:\windows\system32\atiglpxx.dll
2014-04-18 01:07 . 2014-04-18 01:07    146944    ----a-w-    c:\windows\system32\atig6txx.dll
2014-04-18 01:07 . 2014-04-18 01:07    133632    ----a-w-    c:\windows\SysWow64\atigktxx.dll
2014-04-18 01:07 . 2014-04-18 01:07    638976    ----a-w-    c:\windows\system32\drivers\atikmpag.sys
2014-04-18 01:04 . 2014-04-18 01:04    43520    ----a-w-    c:\windows\system32\drivers\ati2erec.dll
2014-04-12 02:22 . 2014-05-14 03:40    95680    ----a-w-    c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:22 . 2014-05-14 03:40    155072    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:19 . 2014-05-14 03:40    29184    ----a-w-    c:\windows\system32\sspisrv.dll
2014-04-12 02:19 . 2014-05-14 03:40    136192    ----a-w-    c:\windows\system32\sspicli.dll
2014-04-12 02:19 . 2014-05-14 03:40    28160    ----a-w-    c:\windows\system32\secur32.dll
2014-04-12 02:19 . 2014-05-14 03:40    1460736    ----a-w-    c:\windows\system32\lsasrv.dll
2014-04-12 02:19 . 2014-05-14 03:40    31232    ----a-w-    c:\windows\system32\lsass.exe
2014-04-12 02:12 . 2014-05-14 03:40    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2014-04-12 02:10 . 2014-05-14 03:40    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
2014-03-31 13:35 . 2010-11-21 03:27    270496    ------w-    c:\windows\system32\MpSigStub.exe
2014-03-25 02:43 . 2014-05-14 03:40    14175744    ----a-w-    c:\windows\system32\shell32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-11-19 291648]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"WRSVC"="c:\program files\Webroot\WRSA.exe" [2014-06-13 763512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-04-18 767200]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Install Webroot FF RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe -q -name=webroot -ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} --disablenotes --disableidentities --disablevault --disablecontext [2012-11-17 10395072]
Install Webroot IE RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe -p -name=webroot -ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} --disablenotes --disableidentities --disablevault --disablecontext [2012-11-17 10395072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"= 0 (0x0)
"DisableLocalMachineRunOnce"= 0 (0x0)
"DisableCurrentUserRun"= 0 (0x0)
"DisableCurrentUserRunOnce"= 0 (0x0)
"NoFile"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R3 AiCharger;AiCharger;SysWow64\drivers\AiCharger.sys;SysWow64\drivers\AiCharger.sys [x]
R3 becldr3Service;BCL EasyConverter SDK 3 Loader;c:\program files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe;c:\program files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS;c:\windows\SYSNATIVE\drivers\BVRPMPR5a64.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys;c:\windows\SYSNATIVE\drivers\WRkrn.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 ndisrd;WinpkFilter LightWeight Filter;c:\windows\system32\DRIVERS\ndisrd.sys;c:\windows\SYSNATIVE\DRIVERS\ndisrd.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [x]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [x]
S2 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.01.17\AsusFanControlService.exe;c:\program files (x86)\ASUS\AsusFanControlService\1.01.17\AsusFanControlService.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe;c:\program files\Webroot\WRSA.exe [x]
S3 AiChargerPlus;AiChargerPlus;SysWow64\drivers\AiChargerPlus.sys;SysWow64\drivers\AiChargerPlus.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys;SysWow64\drivers\ASUSFILTER.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech Webcam 600(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - NAL
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_WrSyncExcl]
@="{8D7FC74C-E409-42DF-8EEE-69D45FAE2F30}"
[HKEY_CLASSES_ROOT\CLSID\{8D7FC74C-E409-42DF-8EEE-69D45FAE2F30}]
2014-06-14 04:10    103816    ----a-w-    c:\windows\System32\WRusr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_WrSyncGreen]
@="{6DA1ED92-315E-4D0B-B354-9D5F519DBA95}"
[HKEY_CLASSES_ROOT\CLSID\{6DA1ED92-315E-4D0B-B354-9D5F519DBA95}]
2014-06-14 04:10    103816    ----a-w-    c:\windows\System32\WRusr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_WrSyncRed]
@="{1914B27A-33C8-46F8-A1C2-F993268D4564}"
[HKEY_CLASSES_ROOT\CLSID\{1914B27A-33C8-46F8-A1C2-F993268D4564}]
2014-06-14 04:10    103816    ----a-w-    c:\windows\System32\WRusr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_WrSyncYellow]
@="{C14874EA-ACE4-4A47-8A81-18C4D1C40868}"
[HKEY_CLASSES_ROOT\CLSID\{C14874EA-ACE4-4A47-8A81-18C4D1C40868}]
2014-06-14 04:10    103816    ----a-w-    c:\windows\System32\WRusr.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-02-21 2991856]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-11-19 6827664]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://my.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Jake Fin\AppData\Roaming\Mozilla\Firefox\Profiles\kvk73lgd.default\
FF - prefs.js: browser.startup.homepage - hxxp://cm.my.yahoo.com/
.
.
------- File Associations -------
.
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1214427210-3062087193-2343943159-1002\Software\SecuROM\License information*]
"datasecu"=hex:8e,71,d4,09,0d,be,1f,00,ee,80,13,37,f4,3d,54,ac,7d,30,b1,59,35,
   84,28,26,50,97,92,d8,5b,6d,75,a4,a8,bd,68,3d,f0,be,a9,a4,fa,1d,93,f6,65,83,\
"rkeysecu"=hex:7d,40,10,cb,c7,39,e0,67,0a,69,a8,47,07,da,5b,5c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe
c:\program files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe
c:\program files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
c:\program files (x86)\ASUS\AI Suite II\AI Suite II.exe
c:\program files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
c:\program files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe
c:\program files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe
.
**************************************************************************
.
Completion time: 2014-06-16  19:18:54 - machine was rebooted
ComboFix-quarantined-files.txt  2014-06-16 23:18
.
Pre-Run: 215,239,397,376 bytes free
Post-Run: 215,449,292,800 bytes free
.
- - End Of File - - 17D8A759817D406C6BB4E396B5BE22C2
 

[AdvancedSetup]

Please go into your Control Panel, Add/Remove and uninstall ALL versions of Java and then run the following.
 
Next please run JavaRa.

• Please download JavaRa 2.6 and unzip it to your desktop.
• Double-click on JavaRa.exe to start the program.
• Choose Remove JRE and since you already uninstalled JAVA skip step 1 and click on the next button.
• Now click on Perform Removal Routine to remove the older versions of Java installed on your computer.
• When that's successfully done, please click OK to close the message.
• Click on Next and skip the downloading process. Click Next and now click on Close this wizard and click Finish.
• From the main menu please choose Additional tasks
• Place a checkmark beside Remove startup entry, Remove Outdated JRE Firefox Extentions and Clean JRE Temp Files and click Run. The browsers should be closed before running this task.
• When that's succesfully done you will see a message at the top saying: "Selected tasks completed successfully".
• A log file should be created in the same directory as JavaRa.
• Please attach the log to your next reply.
• Close JavaRa by clicking the red cross button.

 

 

 

Next, Please Run TFC by OldTimer to clear temporary files:

• Download TFC from here and save it to your desktop.
• http://oldtimer.geekstogo.com/TFC.exe
• Close any open programs and Internet browsers.
• Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
• Please be patient as clearing out temp files may take a while.
• Once it completes you may be prompted to restart your computer, please do so.
• Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.
• Then RESTART THE COMPUTER

 

 

 

Next, Please download MiniToolBox save it to your desktop and run it.

Checkmark the following check-boxes:

• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• Report FF Proxy Settings
• Reset FF Proxy Settings
• List content of Hosts
• List IP configuration
• List Winsock Entries
• List last 10 Event Viewer log
• List Installed Programs
• List Devices
• List Users, Partitions and Memory size.
• List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using Reset FF Proxy Settings option Firefox should be closed.
 

 

 

[Jitter]

Completed. There was some little excitement over the TFC tool. It immediately stopped responding and locked up my system. I got it to partially shut down with the 3-finger salute but was left with a black screen and a mouse cursor. Once I decided it was not going to complete the shutdown I had to force it to shut down with the power button. Once back to normal I downloaded a fresh copy of TFC and ran it without further  drama.

 

Re: Event Viewer issues, most or all are long-standing and known to me. There are one or two which are benign as far as I can tell.

 

JavaRa

 

User initialised redundant data purge.
......................

Removed registry subkey tree: JavaSoft
Removed registry subkey tree: {5852F5EC-8BF4-11D4-A245-0080C6F74284}
Removed registry subkey: application/java-deployment-toolkit
Removed registry subkey: application/x-java-applet
Removed registry subkey: application/x-java-jnlp-file
Removed registry subkey tree: {5852F5E0-8BF4-11D4-A245-0080C6F74284}
Removed registry subkey tree: JavaWebStart.isInstalled
Removed registry subkey tree: JavaWebStart.isInstalled.1.7.0.0
Removed registry subkey tree: Browser Helper Objects
Exception encountered in module [JavaRa]
Message: Cannot delete a subkey tree because the subkey does not exist.
   at Microsoft.Win32.RegistryKey.DeleteSubKeyTreeInternal(String subkey)
   at Microsoft.Win32.RegistryKey.DeleteSubKeyTree(String subkey)
   at JavaRa.routines_registry.delete_key(String key)

Removed registry subkey tree: JavaPlugin.10512
Removal routine completed successfully. 10 items have been deleted.
== Cleaning JRE temporary files ==
Exception encountered in module [JavaRa]
Message: Could not find a part of the path 'C:\Users\Jake Fin\AppData\LocalLow\Sun\Java\Deployment'.
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.Directory.InternalGetFileDirectoryNames(String path, String userPathOriginal, String searchPattern, Boolean includeFiles, Boolean includeDirs, SearchOption searchOption)
   at System.IO.Directory.GetFiles(String path, String searchPattern, SearchOption searchOption)
   at JavaRa.routines_interface.clean_jre_temp_files()

 
MiniToolBox

 

MiniToolBox by Farbar  Version: 13-06-2014
Ran by Jake Fin (administrator) on 17-06-2014 at 19:20:26
Running from "C:\Users\Jake Fin\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

Intel® Gigabit CT Desktop Adapter = Local Area Connection (Connected)
Intel® 82579V Gigabit Network Connection = Local Area Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled taskoffload=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : JakeFin
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel® 82579V Gigabit Network Connection
   Physical Address. . . . . . . . . : C8-60-00-CC-1D-0E
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel® Gigabit CT Desktop Adapter
   Physical Address. . . . . . . . . : 68-05-CA-12-1F-72
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::7972:8954:6811:e1d0%15(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, June 17, 2014 7:15:55 PM
   Lease Expires . . . . . . . . . . : Wednesday, June 18, 2014 7:15:55 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 258475466
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-0E-F9-6D-68-05-CA-12-1F-72
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{07C3C9BD-CB45-4683-943F-50E5DBF3B78F}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:10ca:283c:bde0:ff27(Preferred)
   Link-local IPv6 Address . . . . . : fe80::10ca:283c:bde0:ff27%11(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{C06CC4D9-19FD-48A4-B58F-C6C5F68CE92B}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.1.1

Name:    google.com
Addresses:  2607:f8b0:4006:803::1003
      173.194.43.32
      173.194.43.38
      173.194.43.46
      173.194.43.39
      173.194.43.37
      173.194.43.40
      173.194.43.36
      173.194.43.41
      173.194.43.35
      173.194.43.34
      173.194.43.33


Pinging google.com [173.194.43.32] with 32 bytes of data:
Reply from 173.194.43.32: bytes=32 time=57ms TTL=54
Reply from 173.194.43.32: bytes=32 time=62ms TTL=54

Ping statistics for 173.194.43.32:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 57ms, Maximum = 62ms, Average = 59ms
Server:  UnKnown
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  206.190.36.45
      98.138.253.109
      98.139.183.24


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=124ms TTL=48
Reply from 206.190.36.45: bytes=32 time=109ms TTL=48

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 109ms, Maximum = 124ms, Average = 116ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 16...c8 60 00 cc 1d 0e ......Intel® 82579V Gigabit Network Connection
 15...68 05 ca 12 1f 72 ......Intel® Gigabit CT Desktop Adapter
  1...........................Software Loopback Interface 1
 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.3     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.3    276
      192.168.1.3  255.255.255.255         On-link       192.168.1.3    276
    192.168.1.255  255.255.255.255         On-link       192.168.1.3    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.3    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.3    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 11     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 11     58 2001::/32                On-link
 11    306 2001:0:9d38:90d7:10ca:283c:bde0:ff27/128
                                    On-link
 15    276 fe80::/64                On-link
 11    306 fe80::/64                On-link
 11    306 fe80::10ca:283c:bde0:ff27/128
                                    On-link
 15    276 fe80::7972:8954:6811:e1d0/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    306 ff00::/8                 On-link
 15    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/17/2014 07:17:43 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/17/2014 07:02:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/17/2014 06:14:30 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/16/2014 07:29:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/16/2014 07:19:01 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/16/2014 07:02:50 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/16/2014 06:28:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/15/2014 08:13:10 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/15/2014 08:06:19 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/15/2014 05:33:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/17/2014 07:00:13 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 6:50:36 PM on ‎6/‎17/‎2014 was unexpected.

Error: (06/16/2014 07:16:30 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (06/16/2014 07:15:59 PM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/16/2014 07:14:54 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (06/15/2014 08:52:56 PM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (06/15/2014 08:52:56 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (06/15/2014 08:02:45 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AMD External Events Utility service.


Microsoft Office Sessions:
=========================
Error: (06/17/2014 07:17:43 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/17/2014 07:02:03 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/17/2014 06:14:30 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/16/2014 07:29:13 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/16/2014 07:19:01 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/16/2014 07:02:50 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/16/2014 06:28:41 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/15/2014 08:13:10 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/15/2014 08:06:19 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/15/2014 05:33:00 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-06-16 19:15:59.367
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-06-16 19:15:59.336
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.



=========================== Installed Programs ============================
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.01.01 - ASUSTeK Computer Inc.)
AMD Accelerated Video Transcoding (Version: 13.30.100.40417 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology)
ASUS Product Register Program (HKLM-x32\...\{49BE9B8A-E858-4533-A74A-64306C13DB59}) (Version: 1.0.014 - ASUS)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Batman: Arkham Asylum GOTY Edition (HKLM-x32\...\Steam App 35140) (Version:  - Rocksteady Studios)
Batman: Arkham City GOTY (HKLM-x32\...\Steam App 200260) (Version:  - Rocksteady Studios)
BCL easyConverter SDK 3 (Word Version) 64 (HKLM\...\{350CC85B-CA59-4F85-909D-8E4CDBF532FA}) (Version: 3.0.64 - BCL Technologies)
BovadaPoker (HKLM-x32\...\{D7CA2DF8-95CE-4C80-9296-98E21219A1E5}}_is1) (Version:   -  )
Call of Duty® 4 - Modern Warfare (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.6 - Activision)
Call of Duty® 4 - Modern Warfare (x32 Version: 1.6 - Activision) Hidden
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Canon D400-450 (HKLM\...\{87AEED05-C717-47bc-93BB-F8E527D2690F}) (Version:  - )
Canon MF Toolbox 4.9.1.1.mf13 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf13 - CANON INC.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.0.3717 - CDBurnerXP)
CPUID CPU-Z 1.68 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Crysis (HKLM-x32\...\Steam App 17300) (Version:  - Crytek)
Desktop Restore (HKLM\...\{15D07D6F-E4CC-41D9-88A3-94115E5E5A10}) (Version: 1.6.3 - JOConnell)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
Family Tree Maker 2014 (HKLM-x32\...\Family Tree Maker 2014) (Version: 22.0.207 - Ancestry.com, Inc.)
Family Tree Maker 2014 (Version: 22.0.207 - Ancestry.com, Inc.) Hidden
Far Cry (HKLM-x32\...\InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}) (Version: 1.00.0000 - Ubisoft)
Far Cry (Patch 1.4) (x32 Version: 1.00.0000 - Ubisoft) Hidden
Far Cry (x32 Version: 1.00.0000 - Ubisoft) Hidden
FileZilla Client 3.7.3 (HKCU\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
GameSpy Comrade (HKLM-x32\...\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}) (Version: 1.5.0.156 - GameSpy)
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version:  - Square Enix)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Network Connections 19.1.51.0 (HKLM\...\PROSetDX) (Version: 19.1.51.0 - Intel)
Intel® Network Connections 19.1.51.0 (Version: 19.1.51.0 - Intel) Hidden
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LibreOffice 3.6 Help Pack (English) (HKLM-x32\...\{4236F0C5-21D7-45FB-A3BF-762C0ED8CC28}) (Version: 3.6.3.2 - The Document Foundation)
LibreOffice 4.1.3.2 (HKLM-x32\...\{4F3722AD-197D-4DBB-BDFB-D2F0D6776354}) (Version: 4.1.3.2 - The Document Foundation)
Logitech SetPoint 6.52 (HKLM\...\sp6) (Version: 6.52.74 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.51.827.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{B45FABE7-D101-4D99-A671-E16DA40AF7F0}) (Version: 3.0.86.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{B578C85A-A84C-4230-A177-C5B2AF565B8C}) (Version: 3.0.17.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Mozilla Firefox 16.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 16.0.2 (x86 en-US)) (Version: 16.0.2 - Mozilla)
Mozilla Firefox 29.0.1 (x86 en-US) (HKCU\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 16.0.2 - Mozilla)
Mozilla Thunderbird 16.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 16.0.2 (x86 en-US)) (Version: 16.0.2 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-US) (HKCU\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA PhysX (HKLM-x32\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
PokerStars.net (HKLM-x32\...\PokerStars.net) (Version:  - PokerStars.net)
Presto! PageManager 7.15.35 (HKLM-x32\...\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}) (Version: 7.15.35 - NewSoft Technology Corporation)
QQ International (HKLM-x32\...\{3CA54984-A14B-42FE-9FF1-7EA90151D725}) (Version: 1.91.1369.0 - Tencent Technology(Shenzhen) Company Limited)
Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.3.0 - Samsung Electronics)
Skype™ 6.0 (HKLM-x32\...\{EA17F4FC-FDBF-4CF8-A529-2D983132D053}) (Version: 6.0.126 - Skype Technologies S.A.)
Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version:  - Square Enix)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2013 WinPerFedFormset (x32 Version: 013.000.2166 - Intuit Inc.) Hidden
TurboTax 2013 WinPerReleaseEngine (x32 Version: 013.000.0492 - Intuit Inc.) Hidden
TurboTax 2013 WinPerTaxSupport (x32 Version: 013.000.0169 - Intuit Inc.) Hidden
TurboTax 2013 wmaiper (x32 Version: 013.000.1523 - Intuit Inc.) Hidden
TurboTax 2013 wrapper (x32 Version: 013.000.0135 - Intuit Inc.) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 8.0.4.84 - Webroot)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 12%
Total physical RAM: 16330.86 MB
Available physical RAM: 14296.23 MB
Total Pagefile: 17353.04 MB
Available Pagefile: 15021.01 MB
Total Virtual: 4095.88 MB
Available Virtual: 3966.09 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:238.37 GB) (Free:202.96 GB) NTFS
4 Drive f: (Jake Fin Files) (Fixed) (Total:97.66 GB) (Free:74.21 GB) NTFS
5 Drive g: (Games) (Fixed) (Total:196.29 GB) (Free:37.44 GB) NTFS
6 Drive h: (Storage) (Fixed) (Total:49.8 GB) (Free:35.57 GB) NTFS
7 Drive i: (Boot Image) (Fixed) (Total:537.11 GB) (Free:494.83 GB) NTFS
8 Drive j: (Archives) (Fixed) (Total:394.4 GB) (Free:393.51 GB) NTFS

========================= Users: ========================================

User accounts for \\JAKEFIN

Administrator            ASPNET                   Guest                    
Jake Fin                 

========================= Minidump Files ==================================

No minidump file found


**** End of log ****
 

 

I'm starting to feel quite naked and exposed

[Jitter]

BTW, after my little adventure with the TFC tool I am left with a pair of partially ghosted files on my desktop. Both are named desktop.ini.

One is for my user account desktop (created when I made the user account) and the other is for the public desktop (created in 2009??)

 

Never had them there before, odd, shouldn't they be hidden files?

 

When should I reinstall Java?

[Jitter]

I made the .ini files disappear. I checked and found my folder options was set to "View hidden files". I switched that back off and the ini. files went 'poof'.

[AdvancedSetup]

That was due to a setting that I asked you to do when I first started helping you so that it would show hidden files. By default yes they are hidden from view and it's okay to hide them now.

 

As for your other question:  "When should I reinstall Java?"

If at all possible NEVER. Has to be the #1 compromised software that helps to allow infection onto your computer. But if you're certain you need it you can reinstall it now.

 

So at this point in time do you have an active up to date antivirus running on the computer?

Are you seeing any other signs of an infection or still having an Internet slow down issue?

[Jitter]

Huh, funny thing is that I have had "Show hidden files" enabled many times, including recently, but never had the ghosted "desktop.ini" files show up on my desktop before. Odd.

 

Anyway, yes, I am in my second year with Webroot and so far I am pleased with it, and of course I use the real time Pro version of MBAM.

 

No, I don't see any evidence of active malware running around causing problems.

 

And yes, as of my most recent boot the same Internet connection issue is still present. After a boot the speed is very low, then after disabling/re-enabling the network adapter connection speed jumps right back up to normal. I also think that if I were to log off, then log back on to my user account the "problem" would be back until I executed my little workaround.

 

Have we run out of things to try and concluded there is no malware problem causing this issue?

[AdvancedSetup]

The current logs are not showing an infection. I would suggest possibly getting the latest network drivers for your network card and install them and see if that makes any difference.

[AdvancedSetup]

At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.
 
Download Delfix from here and save it to your desktop. (you may already have this)

• Ensure Remove disinfection tools is checked.
• Click the Run button.
• Reboot
  

Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.
 
 
If there are any other left over Folders, Files, Logs then you can delete them on your own.
 
Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP


As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.

• How Malware Spreads - How did I get infected
• Best Practices for Safe Computing - Prevention of Malware Infection
• Avoiding those unwanted free applications
• A close look at how Oracle installs deceptive software with Java updates
• IAC / Ask.com toolbars
• Malwarebytes Unpacked Blog
  

If you're not currently using Malwarebytes Premium then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.