Jump to content

I'm infected - What do I do now? 8/15/14


Recommended Posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-08-2014

Ran by Amy (administrator) on AMY on 15-08-2014 18:18:55

Running from C:\Users\Amy\Downloads

Platform: Windows 8.1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:



Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE

(Sendori) C:\Program Files (x86)\PureLeads\plsapp.exe

() C:\Program Files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe

(PureLeads) C:\Program Files (x86)\PureLeads\PureLeadsSvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe

(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe

(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(AWS Convergence Technologies, Inc.) C:\Program Files (x86)\AWS\WeatherBug\Weather.exe

(Google Inc.) C:\Users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe

(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe

() C:\Program Files (x86)\Lenovo EasyCamera\Monitor.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe

(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe

(PureLeads) C:\Program Files (x86)\PureLeads\PureLeadsTray.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\Creative Cloud Helper.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Adobe Systems Inc.) C:\Users\Amy\AppData\Roaming\Adobe\AIR\Updater\Background\updater

(Adobe Systems Inc.) C:\Users\Amy\AppData\Local\Temp\AIR360B.tmp\Adobe AIR Installer.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-02] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-06-13] (Realtek Semiconductor)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2864016 2012-08-09] (ELAN Microelectronics Corp.)

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [366720 2012-06-26] (Alcor Micro Corp.)

HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2012-10-20] (Lenovo (Beijing) Limited)

HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2012-10-20] (Lenovo(beijing) Limited)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508256 2012-04-23] (Dolby Laboratories Inc.)

HKLM-x32\...\Run: [Lenovo EasyCamera_Monitor] => C:\Program Files (x86)\Lenovo EasyCamera\monitor.exe [257224 2010-08-24] ()

HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)

HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)

HKLM-x32\...\Run: [updateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)

HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)

HKLM-x32\...\Run: [intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)

HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-22] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499896 2014-05-08] (Adobe Systems Inc.)

HKLM-x32\...\Run: [PureLeads Tray] => C:\Program Files (x86)\PureLeads\PureLeadsTray.exe [83232 2014-01-23] (PureLeads)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)

Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKU\S-1-5-21-3948811954-352045940-1238658349-1001\...\Run: [Weather] => C:\Program Files (x86)\AWS\WeatherBug\Weather.exe [1653760 2013-03-04] (AWS Convergence Technologies, Inc.)

HKU\S-1-5-21-3948811954-352045940-1238658349-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [18643560 2013-03-01] (Skype Technologies S.A.)

HKU\S-1-5-21-3948811954-352045940-1238658349-1001\...\Run: [AdobeBridge] => [X]

HKU\S-1-5-21-3948811954-352045940-1238658349-1001\...\Run: [speech Recognition] => C:\WINDOWS\Speech\Common\sapisvr.exe [44544 2013-08-22] (Microsoft Corporation)

HKU\S-1-5-21-3948811954-352045940-1238658349-1001\...\Run: [spotify Web Helper] => C:\Users\Amy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-29] (Spotify Ltd)

HKU\S-1-5-21-3948811954-352045940-1238658349-1001\...\Run: [spotify] => C:\Users\Amy\AppData\Roaming\Spotify\Spotify.exe [6162488 2014-07-29] (Spotify Ltd)

HKU\S-1-5-21-3948811954-352045940-1238658349-1001\...\Run: [TWC.Win7] => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe [48640 2014-04-13] ()

HKU\S-1-5-21-3948811954-352045940-1238658349-1001\...\Run: [Google Update] => C:\Users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-05-08] (Google Inc.)

HKU\S-1-5-21-3948811954-352045940-1238658349-1001\...\MountPoints2: {9279e1ad-eb41-11e2-be96-3c970e3a695e} - "G:\LGAutoRun.exe" 

ShellIconOverlayIdentifiers:  AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()

ShellIconOverlayIdentifiers:  AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()

ShellIconOverlayIdentifiers:  AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()

ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} =>  No File

ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} =>  No File

ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} =>  No File

ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} =>  No File

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com

SearchScopes: HKLM - DefaultScope {3728E3C4-5F83-4573-9054-941BF0267289} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS

SearchScopes: HKLM - {3728E3C4-5F83-4573-9054-941BF0267289} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS

SearchScopes: HKLM-x32 - DefaultScope {9B5E3A3B-557B-4424-975F-B0D077758D0D} URL = 

SearchScopes: HKLM-x32 - {3728E3C4-5F83-4573-9054-941BF0267289} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS

SearchScopes: HKCU - {3728E3C4-5F83-4573-9054-941BF0267289} URL = 

BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKCU - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File

DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} 

DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\plsapp.dll [354592] (Sendori)

Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\plsapp.dll [354592] (Sendori)

Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\plsapp.dll [354592] (Sendori)

Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\plsapp.dll [354592] (Sendori)

Winsock: Catalog9 15 C:\WINDOWS\SysWOW64\plsapp.dll [354592] (Sendori)

Winsock: Catalog9-x64 01 C:\WINDOWS\system32\plsapp64.dll [439296] (Sendori)

Winsock: Catalog9-x64 02 C:\WINDOWS\system32\plsapp64.dll [439296] (Sendori)

Winsock: Catalog9-x64 03 C:\WINDOWS\system32\plsapp64.dll [439296] (Sendori)

Winsock: Catalog9-x64 04 C:\WINDOWS\system32\plsapp64.dll [439296] (Sendori)

Winsock: Catalog9-x64 15 C:\WINDOWS\system32\plsapp64.dll [439296] (Sendori)

Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112

 

FireFox:

========

FF ProfilePath: C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\fkjlsnsj.default

FF NewTab: about:newtab

FF DefaultSearchEngine: Conduit Search

FF SelectedSearchEngine: Conduit Search

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 -> C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)

FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)

FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Amy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Amy\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Amy\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Amy\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF user.js: detected! => C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\fkjlsnsj.default\user.js

FF Plugin ProgramFiles/Appdata: C:\Users\Amy\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\Amy\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)

FF SearchPlugin: C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\fkjlsnsj.default\searchplugins\askcom.xml

FF SearchPlugin: C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\fkjlsnsj.default\searchplugins\safeguard-secure-search.xml

FF Extension: appmarket-  - C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\fkjlsnsj.default\Extensions\{64d64833-9296-421b-a362-83cfbd6291b6} [2013-12-12]

FF Extension: xVidly1  - C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\fkjlsnsj.default\Extensions\{8c58b088-1159-4ad9-a411-c7d3ae7edb28} [2013-07-12]

FF Extension: Firebug - C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\fkjlsnsj.default\Extensions\firebug@software.joehewitt.com.xpi [2013-03-07]

FF Extension: FreeHDSport.TV - C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\fkjlsnsj.default\Extensions\freehdsport@freehdsport.tv.xpi [2013-04-08]

FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn

FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-12-29]

FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox

FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2014-01-11]

FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

 

Chrome: 

=======

CHR HomePage: hxxp://search.conduit.com/?gd=&ctid=CT3326285&octid=EB_ORIGINAL_CTID&ISID=MA45B1311-13E2-448C-A758-89339C9A7B61&SearchSource=55&CUI=&UM=5&UP=SP39284524-52FF-4D6B-A549-EAC984F79BF6&SSPV=

CHR StartupUrls: "hxxp://currently.com/"

CHR NewTab: "chrome-extension://ojhmphdkpgbibohbnpbfiefkgieacjmh/index.html"

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]

CHR Extension: (xVidly1) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dachbokeklmhlikpklnkmmealjdfanoh [2013-07-12]

CHR Extension: (Upromise RewardU Toolbar) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddpocmpoechljihmgemoaahhmadaenbc [2014-06-05]

CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2013-12-29]

CHR Extension: (appmarket-) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekjmlcgpmcjigljdiagaibfjfaideal [2014-03-05]

CHR Extension: (Freemake Video Converter) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2014-01-17]

CHR Extension: (Google Wallet) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]

CHR Extension: (Currently) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojhmphdkpgbibohbnpbfiefkgieacjmh [2014-03-09]

CHR HKCU\...\Chrome\Extension: [dachbokeklmhlikpklnkmmealjdfanoh] - C:\Users\Amy\AppData\Local\CRE\dachbokeklmhlikpklnkmmealjdfanoh.crx [2013-05-06]

CHR HKCU\...\Chrome\Extension: [iekjmlcgpmcjigljdiagaibfjfaideal] - C:\Users\Amy\AppData\Local\CRE\iekjmlcgpmcjigljdiagaibfjfaideal.crx [2013-10-29]

CHR HKCU\...\Chrome\Extension: [khdbjicdngoonodcjggkioffhjlpicbp] - C:\Users\Amy\AppData\Local\CRE\khdbjicdngoonodcjggkioffhjlpicbp.crx [2013-10-29]

CHR HKLM-x32\...\Chrome\Extension: [dachbokeklmhlikpklnkmmealjdfanoh] - C:\Users\Amy\AppData\Local\CRE\dachbokeklmhlikpklnkmmealjdfanoh.crx [2013-05-06]

CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]

CHR HKLM-x32\...\Chrome\Extension: [iekjmlcgpmcjigljdiagaibfjfaideal] - C:\Users\Amy\AppData\Local\CRE\iekjmlcgpmcjigljdiagaibfjfaideal.crx [2013-10-29]

CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2014-01-11]

CHR HKLM-x32\...\Chrome\Extension: [khdbjicdngoonodcjggkioffhjlpicbp] - C:\Users\Amy\AppData\Local\CRE\khdbjicdngoonodcjggkioffhjlpicbp.crx [2014-01-11]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-12-09] (Freemake) [File not signed]

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)

S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-06] ()

R2 plsapp; C:\Program Files (x86)\PureLeads\plsapp.exe [3690784 2014-01-23] (Sendori)

R2 PlsvcV1; C:\Program Files (x86)\PureLeads\PureLeadsSvc.exe [91936 2014-01-23] (PureLeads)

S2 PlsvcV2; C:\Program Files (x86)\PureLeads\PureLeads.Service.exe [24352 2014-01-23] (sendori)

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

R2 UDisk Monitor; C:\Program Files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe [512000 2011-05-12] () [File not signed]

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)

R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)

R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1059064 2012-08-24] (Sunplus)

R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)

S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-02] (Exent Technologies Ltd.)

S3 AndNetDiag; \SystemRoot\system32\DRIVERS\lgandnetdiag64.sys [X]

S3 ANDNetModem; \SystemRoot\system32\DRIVERS\lgandnetmodem64.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-08-15 18:18 - 2014-08-15 18:20 - 00025722 ____C () C:\Users\Amy\Downloads\FRST.txt

2014-08-15 18:17 - 2014-08-15 18:19 - 00000000 ___DC () C:\FRST

2014-08-15 18:17 - 2014-08-15 18:17 - 02100224 ____C (Farbar) C:\Users\Amy\Downloads\FRST64.exe

2014-08-15 18:11 - 2014-08-15 18:12 - 00688992 ____C (Swearware) C:\Users\Amy\Downloads\dds.scr

2014-08-13 22:38 - 2014-08-13 22:40 - 00018397 ____C () C:\WINDOWS\DirectX.log

2014-08-13 22:38 - 2014-08-13 22:38 - 00001293 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Edge Animate CC 2014.lnk

2014-08-13 22:37 - 2014-08-13 22:37 - 00050012 ____C () C:\Users\Amy\Downloads\test (1).tif

2014-08-13 22:28 - 2014-08-13 22:28 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-08-13 22:28 - 2014-07-25 12:55 - 00098216 ____C (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

2014-08-13 22:28 - 2014-07-25 12:49 - 00272808 ____C (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe

2014-08-13 22:28 - 2014-07-25 12:49 - 00175528 ____C (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe

2014-08-13 22:28 - 2014-07-25 12:49 - 00175528 ____C (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe

2014-08-13 22:27 - 2014-08-13 22:28 - 00004162 ____C () C:\WINDOWS\SysWOW64\jupdate-1.7.0_67-b01.log

2014-08-13 22:23 - 2014-08-13 22:23 - 00918440 ____C (Oracle Corporation) C:\Users\Amy\Downloads\chromeinstall-7u67.exe

2014-08-13 22:21 - 2014-08-13 22:21 - 00000000 ___DC () C:\Users\Amy\AppData\Roaming\Oracle

2014-08-13 22:02 - 2014-08-13 22:02 - 00050012 ____C () C:\Users\Amy\Downloads\test.tif

2014-08-11 19:32 - 2014-08-11 19:37 - 17292760 ____C (Malwarebytes Corporation ) C:\Users\Amy\Downloads\mbam-setup-2.0.2.1012.exe

2014-08-07 23:19 - 2014-08-07 23:19 - 00023709 ____C () C:\Users\Amy\Downloads\dhg-Skeleton-7ab6820 (1).tar.gz

2014-08-05 22:32 - 2014-08-05 22:32 - 00023709 ____C () C:\Users\Amy\Downloads\dhg-Skeleton-7ab6820.tar.gz

2014-08-05 22:32 - 2014-08-05 22:32 - 00007916 ____C () C:\Users\Amy\Downloads\CSS_onlyLoading.html

2014-08-05 22:32 - 2014-08-05 22:32 - 00005995 ____C () C:\Users\Amy\Downloads\Skeleton-Grid.psd.zip

2014-08-05 22:32 - 2014-08-05 22:32 - 00003778 ____C () C:\Users\Amy\Downloads\CSS_onlyBounceZoomSlideshow.html

2014-08-03 17:55 - 2014-08-03 17:55 - 00001270 ____C () C:\Users\Amy\Downloads\test1.php

2014-08-03 12:41 - 2014-08-13 22:51 - 00013872 ____C () C:\WINDOWS\PFRO.log

2014-07-29 22:35 - 2014-08-15 17:42 - 00006232 ____C () C:\WINDOWS\setupact.log

2014-07-29 22:35 - 2014-07-29 22:35 - 00000000 ____C () C:\WINDOWS\setuperr.log

2014-07-29 18:26 - 2014-07-29 18:26 - 00000816 ____C () C:\Users\Amy\Downloads\proPlayerForm_data (1).fdf

2014-07-29 18:24 - 2014-07-29 18:24 - 00000816 ____C () C:\Users\Amy\Downloads\proPlayerForm_data.fdf

2014-07-25 17:54 - 2014-07-25 17:54 - 00001340 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk

2014-07-25 17:54 - 2014-07-25 17:54 - 00001328 ____C () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk

2014-07-23 12:19 - 2014-07-23 12:19 - 00001868 ____C () C:\Users\Public\Desktop\QuickTime Player.lnk

2014-07-23 12:19 - 2014-07-23 12:19 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

2014-07-23 12:18 - 2014-07-23 12:19 - 00000000 ___DC () C:\Program Files (x86)\QuickTime

2014-07-22 18:34 - 2014-07-22 18:34 - 00025592 ____C () C:\Users\Amy\Downloads\covered_by_your_grace.zip

2014-07-22 18:23 - 2014-07-22 18:23 - 00001124 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk

2014-07-20 16:00 - 2014-07-20 16:00 - 00000000 ___DC () C:\Users\Amy\Documents\Bible Study

2014-07-19 16:44 - 2014-07-20 19:31 - 00000034 ____C () C:\Users\Amy\AppData\Roaming\AdobeWLCMCache.dat

2014-07-16 21:13 - 2014-07-16 21:13 - 00007626 ____C () C:\Users\Amy\Downloads\RWST.css

2014-07-16 21:12 - 2014-07-16 21:12 - 00005308 ____C () C:\Users\Amy\Downloads\events.php

2014-07-16 20:10 - 2014-07-17 19:32 - 14418017 ____C () C:\Users\Amy\Downloads\rwstFlyer (1).psd

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-08-15 18:20 - 2014-08-15 18:18 - 00025722 ____C () C:\Users\Amy\Downloads\FRST.txt

2014-08-15 18:19 - 2014-08-15 18:17 - 00000000 ___DC () C:\FRST

2014-08-15 18:17 - 2014-08-15 18:17 - 02100224 ____C (Farbar) C:\Users\Amy\Downloads\FRST64.exe

2014-08-15 18:15 - 2014-07-13 17:17 - 01615487 ____C () C:\WINDOWS\WindowsUpdate.log

2014-08-15 18:12 - 2014-08-15 18:11 - 00688992 ____C (Swearware) C:\Users\Amy\Downloads\dds.scr

2014-08-15 18:09 - 2013-08-22 11:36 - 00000000 ___DC () C:\WINDOWS\AppReadiness

2014-08-15 18:09 - 2012-12-16 16:35 - 00000000 ___DC () C:\Users\Amy\AppData\Local\Adobe

2014-08-15 18:08 - 2013-12-09 21:03 - 00003898 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7A6E0A37-13D4-425B-9D12-7D475E75E096}

2014-08-15 18:07 - 2012-12-16 16:56 - 00000900 ____C () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2014-08-15 18:02 - 2013-08-22 11:36 - 00000000 ___DC () C:\WINDOWS\system32\sru

2014-08-15 17:42 - 2014-07-29 22:35 - 00006232 ____C () C:\WINDOWS\setupact.log

2014-08-15 00:24 - 2013-03-14 18:42 - 00000830 ____C () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2014-08-14 20:00 - 2014-05-20 18:41 - 00000000 ___DC () C:\Users\Amy\AppData\Roaming\LSC

2014-08-13 22:58 - 2012-12-16 16:39 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3948811954-352045940-1238658349-1001

2014-08-13 22:57 - 2014-02-14 21:59 - 00002214 ____C () C:\Users\Public\Desktop\Google Chrome.lnk

2014-08-13 22:56 - 2012-12-16 16:56 - 00000896 ____C () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2014-08-13 22:52 - 2013-08-22 10:45 - 00000006 ___HC () C:\WINDOWS\Tasks\SA.DAT

2014-08-13 22:51 - 2014-08-03 12:41 - 00013872 ____C () C:\WINDOWS\PFRO.log

2014-08-13 22:51 - 2013-08-22 09:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI

2014-08-13 22:40 - 2014-08-13 22:38 - 00018397 ____C () C:\WINDOWS\DirectX.log

2014-08-13 22:38 - 2014-08-13 22:38 - 00001293 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Edge Animate CC 2014.lnk

2014-08-13 22:38 - 2012-10-20 21:07 - 00000000 ___DC () C:\Program Files (x86)\Adobe

2014-08-13 22:37 - 2014-08-13 22:37 - 00050012 ____C () C:\Users\Amy\Downloads\test (1).tif

2014-08-13 22:28 - 2014-08-13 22:28 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-08-13 22:28 - 2014-08-13 22:27 - 00004162 ____C () C:\WINDOWS\SysWOW64\jupdate-1.7.0_67-b01.log

2014-08-13 22:28 - 2013-11-08 20:08 - 00000000 ___DC () C:\ProgramData\Oracle

2014-08-13 22:28 - 2013-04-07 19:26 - 00000000 ___DC () C:\Program Files (x86)\Java

2014-08-13 22:23 - 2014-08-13 22:23 - 00918440 ____C (Oracle Corporation) C:\Users\Amy\Downloads\chromeinstall-7u67.exe

2014-08-13 22:21 - 2014-08-13 22:21 - 00000000 ___DC () C:\Users\Amy\AppData\Roaming\Oracle

2014-08-13 22:13 - 2012-10-20 20:49 - 00000000 __HDC () C:\Program Files (x86)\InstallShield Installation Information

2014-08-13 22:02 - 2014-08-13 22:02 - 00050012 ____C () C:\Users\Amy\Downloads\test.tif

2014-08-12 21:35 - 2013-08-22 11:36 - 00000000 ___DC () C:\WINDOWS\PLA

2014-08-12 21:31 - 2012-10-20 21:09 - 00000000 ___DC () C:\Program Files (x86)\Amazon

2014-08-11 21:21 - 2014-05-05 19:14 - 00122584 ____C (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2014-08-11 19:46 - 2014-05-05 19:14 - 00001125 ____C () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-08-11 19:46 - 2014-05-05 19:14 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-08-11 19:46 - 2014-05-05 19:14 - 00000000 ___DC () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-08-11 19:37 - 2014-08-11 19:32 - 17292760 ____C (Malwarebytes Corporation ) C:\Users\Amy\Downloads\mbam-setup-2.0.2.1012.exe

2014-08-10 17:54 - 2012-12-30 18:13 - 00000000 ___DC () C:\Users\Amy\Teaching

2014-08-10 17:23 - 2012-12-21 23:46 - 02176000 __SHC () C:\Users\Amy\Downloads\Thumbs.db

2014-08-10 17:22 - 2013-12-07 21:30 - 00000000 ___DC () C:\Users\Amy

2014-08-09 00:14 - 2013-03-27 08:30 - 00000000 ___DC () C:\Users\Amy\AppData\Local\WeatherBug

2014-08-07 23:19 - 2014-08-07 23:19 - 00023709 ____C () C:\Users\Amy\Downloads\dhg-Skeleton-7ab6820 (1).tar.gz

2014-08-07 22:19 - 2013-01-09 01:03 - 00001456 ____C () C:\Users\Amy\AppData\Local\Adobe Save for Web 13.0 Prefs

2014-08-05 22:32 - 2014-08-05 22:32 - 00023709 ____C () C:\Users\Amy\Downloads\dhg-Skeleton-7ab6820.tar.gz

2014-08-05 22:32 - 2014-08-05 22:32 - 00007916 ____C () C:\Users\Amy\Downloads\CSS_onlyLoading.html

2014-08-05 22:32 - 2014-08-05 22:32 - 00005995 ____C () C:\Users\Amy\Downloads\Skeleton-Grid.psd.zip

2014-08-05 22:32 - 2014-08-05 22:32 - 00003778 ____C () C:\Users\Amy\Downloads\CSS_onlyBounceZoomSlideshow.html

2014-08-03 17:55 - 2014-08-03 17:55 - 00001270 ____C () C:\Users\Amy\Downloads\test1.php

2014-08-03 14:20 - 2013-07-28 15:41 - 00000000 ___DC () C:\Users\Amy\Documents\Adobe

2014-08-03 12:43 - 2013-03-17 10:47 - 00089600 __SHC () C:\Users\Amy\Desktop\Thumbs.db

2014-08-03 12:41 - 2014-02-09 21:14 - 00000000 ___DC () C:\Program Files\Microsoft Silverlight

2014-08-03 12:41 - 2014-02-09 21:14 - 00000000 ___DC () C:\Program Files (x86)\Microsoft Silverlight

2014-08-01 21:29 - 2013-11-30 21:59 - 00007623 ____C () C:\Users\Amy\AppData\Local\resmon.resmoncfg

2014-07-30 19:53 - 2013-12-19 17:36 - 00000000 ___DC () C:\Users\Amy\Documents\eryn

2014-07-29 22:35 - 2014-07-29 22:35 - 00000000 ____C () C:\WINDOWS\setuperr.log

2014-07-29 18:26 - 2014-07-29 18:26 - 00000816 ____C () C:\Users\Amy\Downloads\proPlayerForm_data (1).fdf

2014-07-29 18:24 - 2014-07-29 18:24 - 00000816 ____C () C:\Users\Amy\Downloads\proPlayerForm_data.fdf

2014-07-29 18:24 - 2014-02-27 11:26 - 00000000 ___DC () C:\Users\Amy\AppData\Roaming\Spotify

2014-07-29 12:30 - 2014-02-27 11:26 - 00000000 ___DC () C:\Users\Amy\AppData\Local\Spotify

2014-07-25 22:01 - 2014-02-09 21:15 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2014-07-25 17:54 - 2014-07-25 17:54 - 00001340 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk

2014-07-25 17:54 - 2014-07-25 17:54 - 00001328 ____C () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk

2014-07-25 12:55 - 2014-08-13 22:28 - 00098216 ____C (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

2014-07-25 12:49 - 2014-08-13 22:28 - 00272808 ____C (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe

2014-07-25 12:49 - 2014-08-13 22:28 - 00175528 ____C (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe

2014-07-25 12:49 - 2014-08-13 22:28 - 00175528 ____C (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe

2014-07-23 23:30 - 2012-12-30 18:13 - 00000000 ___DC () C:\Users\Amy\Resumes

2014-07-23 21:43 - 2013-08-22 10:44 - 05245592 ____C () C:\WINDOWS\system32\FNTCACHE.DAT

2014-07-23 12:19 - 2014-07-23 12:19 - 00001868 ____C () C:\Users\Public\Desktop\QuickTime Player.lnk

2014-07-23 12:19 - 2014-07-23 12:19 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

2014-07-23 12:19 - 2014-07-23 12:18 - 00000000 ___DC () C:\Program Files (x86)\QuickTime

2014-07-22 18:34 - 2014-07-22 18:34 - 00025592 ____C () C:\Users\Amy\Downloads\covered_by_your_grace.zip

2014-07-22 18:23 - 2014-07-22 18:23 - 00001124 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk

2014-07-21 19:56 - 2013-09-30 00:04 - 00863592 ____C () C:\WINDOWS\system32\PerfStringBackup.INI

2014-07-20 19:31 - 2014-07-19 16:44 - 00000034 ____C () C:\Users\Amy\AppData\Roaming\AdobeWLCMCache.dat

2014-07-20 16:00 - 2014-07-20 16:00 - 00000000 ___DC () C:\Users\Amy\Documents\Bible Study

2014-07-20 13:30 - 2012-12-30 18:03 - 00000000 ___DC () C:\Users\Amy\Finances

2014-07-17 19:32 - 2014-07-16 20:10 - 14418017 ____C () C:\Users\Amy\Downloads\rwstFlyer (1).psd

2014-07-16 21:13 - 2014-07-16 21:13 - 00007626 ____C () C:\Users\Amy\Downloads\RWST.css

2014-07-16 21:12 - 2014-07-16 21:12 - 00005308 ____C () C:\Users\Amy\Downloads\events.php

 

Some content of TEMP:

====================

C:\Users\Amy\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-08-07 23:04

 

==================== End Of Log ============================

 


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-08-2014

Ran by Amy at 2014-08-15 18:21:15

Running from C:\Users\Amy\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.07 - Adobe Systems)

Adobe After Effects CC 2014 (HKLM-x32\...\{2B22C750-5C3B-4738-B621-BA786AC7A494}) (Version: 13.0.2 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)

Adobe AIR (x32 Version: 14.0.0.178 - Adobe Systems Incorporated) Hidden

Adobe Audition CC 2014 (HKLM-x32\...\{F3388E10-EFA9-4A80-B28E-2E647F8D00C4}) (Version: 7.0.1 - Adobe Systems Incorporated)

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.7.1.418 - Adobe Systems Incorporated)

Adobe Dreamweaver CC 2014 (HKLM-x32\...\{766255CE-D156-11E3-8DBC-A136EB52ACCF}) (Version: 14.0.0 - Adobe Systems Incorporated)

Adobe Edge Animate CC 2014 (HKLM-x32\...\{F1BFBED6-2779-4A4D-B401-5C08F813B0F2}) (Version: 4.0 - Adobe Systems Incorporated)

Adobe Edge Reflow CC Preview (HKLM\...\{AC41E46F-969F-439B-84C9-D5DA8C783E9D}) (Version: 0.32.13658 - Adobe Systems Incorporated)

Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)

Adobe Flash Professional CC 2014 (HKLM-x32\...\{AA704223-E11C-11E3-8A38-C09A633B72AF}) (Version: 14.0.1 - Adobe Systems Incorporated)

Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.0 - Adobe Systems Incorporated)

Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.0 - Adobe Systems Incorporated)

Adobe Media Encoder CC 2014 (HKLM-x32\...\{663DEEEF-EF34-4DCB-8687-73A7AA146E02}) (Version: 8.0.1 - Adobe Systems Incorporated)

Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.1 - Adobe Systems Incorporated)

Adobe Photoshop Lightroom 4.1 64-bit (HKLM\...\{F7ADB493-B913-4D61-9A63-DA736C20C3F2}) (Version: 4.1.2 - Adobe)

Adobe Photoshop Lightroom 5.5 64-bit (HKLM\...\{19BBD0F3-7A31-480D-8A23-19AE28035E9C}) (Version: 5.5.0 - Adobe Systems Incorporated)

Adobe Prelude CC 2014 (HKLM-x32\...\{2A054E48-0A75-42BD-8738-EC9AB4E2207A}) (Version: 3.0.1 - Adobe Systems Incorporated)

Adobe Premiere Pro CC 2014 (HKLM-x32\...\{07BE616F-9E42-4C90-AF4F-0F32A5B088E7}) (Version: 8.0.1 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)

Adobe SpeedGrade CC 2014 (HKLM-x32\...\{8EFF28F0-9DFD-4208-9E04-4D49A4812CF3}) (Version: 8.0.1 - Adobe Systems Incorporated)

Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)

Adobe® Content Viewer (x32 Version: 3.4.3 - Adobe Systems, Incorporated) Hidden

Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)

bl (x32 Version: 1.0.0 - Your Company Name) Hidden

Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.59.20 - Broadcom Corporation)

CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)

ETDWare PS/2-X64 11.4.4.2_WHQL (HKLM\...\Elantech) (Version: 11.4.4.2 - ELAN Microelectronic Corp.)

GitHub (HKCU\...\5f7eb300e2ea4ebf) (Version: 1.2.3.0 - GitHub, Inc.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)

Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)

Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

GoToMeeting 5.5.0.1132 (HKCU\...\GoToMeeting) (Version: 5.5.0.1132 - CitrixOnline)

Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden

Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden

Lenovo OneKey Recovery (Version: 8.0.0.0710 - CyberLink Corp.) Hidden

Lenovo Solution Center (HKLM\...\{2F45A217-E9C7-4984-B0AC-5BE31FF4712B}) (Version: 2.4.003.00 - Lenovo Group Limited)

LG PC Suite (HKLM-x32\...\LG PC Suite) (Version: 5.3.16.20140414 - LG Electronics)

LG United Mobile Drivers (HKLM-x32\...\{55031CEF-CE75-4A5C-8DEA-60577820529B}) (Version: 3.10.1.0 - LG Electronics)

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)

Microsoft Mouse and Keyboard Center (Version: 2.3.188.0 - Microsoft Corporation) Hidden

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710F4C1C-CC18-4C49-8CBF-51240C89A1A2}) (Version:  - )

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052B-02A4-4627-81F2-1818DA5D550D}) (Version:  - )

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version:  - )

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden

Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)

MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden

ph (x32 Version: 1.0.0 - Your Company Name) Hidden

QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)

Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)

Spotify (HKCU\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)

Upromise RewardU Toolbar (HKCU\...\Upromise RewardU Toolbar) (Version:  - Upromise.com)

Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)

Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)

Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-3948811954-352045940-1238658349-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1132\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

CustomCLSID: HKU\S-1-5-21-3948811954-352045940-1238658349-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Amy\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3948811954-352045940-1238658349-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Amy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3948811954-352045940-1238658349-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Amy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3948811954-352045940-1238658349-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Amy\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3948811954-352045940-1238658349-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Amy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3948811954-352045940-1238658349-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Amy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

 

==================== Restore Points  =========================

 

09-08-2014 00:29:22 Scheduled Checkpoint

14-08-2014 02:26:41 Installed Java 7 Update 67

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ___AC C:\WINDOWS\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask

Task: {055FF4B1-98F1-4B9F-85B0-D505A957FC3F} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics

Task: {073EC780-9890-4BF0-977C-51BD02FF3168} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)

Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

Task: {1C0C8D7C-318D-43CB-B668-F957A2770E36} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-amyldonohue@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)

Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask

Task: {22B65D29-672D-473C-AA30-C74D2BF0F9D1} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)

Task: {2849F956-5B91-4D62-B6F6-16C151F1EA24} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-16] (Google Inc.)

Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate

Task: {33CF7934-4DEB-4D7C-A437-6ADA2C690CE0} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)

Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)

Task: {39AD63E1-FD81-435C-B150-DD974096D346} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv

Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)

Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance

Task: {55687480-89CE-45A3-9A7A-66884B4CFFAA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-13] (Microsoft Corporation)

Task: {562928BD-2B5D-4DFE-866F-1C24D61A2FFF} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-05-06] (Lenovo)

Task: {5E9F2D86-E6CC-4B03-9E2D-C35A80919908} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)

Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup

Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task

Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask

Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState

Task: {791E77D4-94CF-4384-A004-6E6705A3011E} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)

Task: {798C48A8-6488-4200-8840-7D8F1CADA80E} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()

Task: {7DD698BC-151A-463E-AAC2-3B0C22FE7C88} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\WINDOWS\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"

Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task

Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask

Task: {975F7E55-614D-4E0B-A720-F76E20BE4CBE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-16] (Google Inc.)

Task: {9AF203C9-BFCB-4E6C-A61E-3F29BD56B73B} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-05-06] (Lenovo)

Task: {9E9F84B2-B7A3-4FD0-BDAB-1BD9D8BBEFD3} - System32\Tasks\OFFICE2010ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()

Task: {9EBB9ED1-3265-40B7-8BAE-4FF4966159CB} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()

Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work

Task: {AF66401C-A0AF-4CFB-A141-F93F9431E91A} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)

Task: {B66DF1D3-4EC8-40B2-AAE9-613891ED3EB5} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)

Task: {C11B36A6-4B24-4D42-A6AB-BFBDF6A902E8} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)

Task: {CCD183A4-4F08-4F6F-8EF8-0B756A8E0E58} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management

Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask

Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing

Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization

Task: {E20D5181-2879-47DB-BE3F-333F6A2BF3D3} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation

Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE

Task: {EA872851-6228-4F10-BF9E-DC67F981E912} - \Advanced System Protector_startup No Task File <==== ATTENTION

Task: {EDA2E878-4D3A-4A09-A6C1-F0874DC13909} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {F6B5677B-B3EE-419C-918A-F4C2D3CB41C5} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload

Task: {FC73AB38-4215-4C38-8D31-493F659854BA} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-05-06] ()

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\APSnotifierCA.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3948811954-352045940-1238658349-1001Core1cf8dd5cba5919f.job => C:\Users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2013-02-01 19:22 - 2011-05-12 15:23 - 00512000 _____ () C:\Program Files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe

2014-07-16 11:06 - 2014-07-16 11:06 - 00672416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll

2012-08-27 02:13 - 2012-08-23 04:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2010-08-24 10:44 - 2010-08-24 10:44 - 00257224 _____ () C:\Program Files (x86)\Lenovo EasyCamera\Monitor.exe

2014-07-16 11:05 - 2014-07-16 11:05 - 05558432 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe

2014-07-25 17:49 - 2014-07-03 06:45 - 32733056 ____N () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll

2014-08-13 21:25 - 2014-08-06 23:20 - 00718152 ____C () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll

2014-08-13 21:25 - 2014-08-06 23:20 - 00126280 ____C () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll

2014-08-13 21:25 - 2014-08-06 23:20 - 08537928 ____C () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll

2014-08-13 21:25 - 2014-08-06 23:20 - 00353096 ____C () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll

2014-08-13 21:25 - 2014-08-06 23:20 - 01732936 ____C () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll

2014-07-25 17:49 - 2014-07-03 06:45 - 00742784 ____N () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libglesv2.dll

2014-07-25 17:49 - 2014-07-03 06:45 - 00136576 ____N () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libegl.dll

2012-10-20 20:50 - 2012-06-24 22:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\Users\Amy\SkyDrive:ms-properties

AlternateDataStreams: C:\Users\Amy_2\OneDrive:ms-properties

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

HKLM\...\StartupApproved\Run32: => "YouCam Tray"

HKLM\...\StartupApproved\Run32: => "mcui_exe"

HKLM\...\StartupApproved\Run32: => "RemoteControl10"

HKLM\...\StartupApproved\Run32: => "YouCam Mirage"

HKLM\...\StartupApproved\Run32: => "APSDaemon"

HKCU\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk"

HKCU\...\StartupApproved\Run: => "ooVoo.exe"

HKCU\...\StartupApproved\Run: => "Spotify"

HKCU\...\StartupApproved\Run: => "Spotify Web Helper"

HKCU\...\StartupApproved\Run: => "BitTorrent"

HKCU\...\StartupApproved\Run: => "Skype"

HKCU\...\StartupApproved\Run: => "Speech Recognition"

HKCU\...\StartupApproved\Run: => "TWC.Win7"

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (08/15/2014 06:06:24 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: backgroundTaskHost.exe, version: 6.3.9600.16384, time stamp: 0x52157d67

Faulting module name: combase.dll, version: 6.3.9600.17031, time stamp: 0x53086d7c

Exception code: 0xc000027b

Fault offset: 0x000fb1d7

Faulting process id: 0x2e58

Faulting application start time: 0xbackgroundTaskHost.exe0

Faulting application path: backgroundTaskHost.exe1

Faulting module path: backgroundTaskHost.exe2

Report Id: backgroundTaskHost.exe3

Faulting package full name: backgroundTaskHost.exe4

Faulting package-relative application ID: backgroundTaskHost.exe5

 

Error: (08/15/2014 06:01:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Amy)

Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (08/15/2014 05:39:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Amy)

Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (08/15/2014 05:38:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Amy)

Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (08/14/2014 08:16:10 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 80070005

 

Error: (08/14/2014 08:06:34 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

 

Error: (08/13/2014 10:54:39 PM) (Source: MsiInstaller) (EventID: 1024) (User: Amy)

Description: Product: Adobe Acrobat XI Pro - Update '{AC76BA86-A440-FFFF-A440-7A8C40011008}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

 

Error: (08/13/2014 10:24:58 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)

Description: There was an error with the Windows Location Provider database

 

Error: (08/13/2014 08:41:10 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

 

Error: (08/13/2014 08:32:23 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 80070005

 

 

System errors:

=============

Error: (08/15/2014 06:01:40 PM) (Source: DCOM) (EventID: 10010) (User: Amy)

Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa

 

Error: (08/15/2014 05:42:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The PlsvcV2 service failed to start due to the following error: 

%%1053

 

Error: (08/15/2014 05:42:04 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the PlsvcV2 service to connect.

 

Error: (08/15/2014 05:40:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The PlsvcV2 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

 

Error: (08/15/2014 05:39:04 PM) (Source: DCOM) (EventID: 10010) (User: Amy)

Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa

 

Error: (08/15/2014 05:38:56 PM) (Source: DCOM) (EventID: 10010) (User: Amy)

Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa

 

Error: (08/14/2014 11:55:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The PlsvcV2 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

 

Error: (08/14/2014 07:54:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The PlsvcV2 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

 

Error: (08/13/2014 10:11:52 PM) (Source: DCOM) (EventID: 10010) (User: Amy)

Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

 

Error: (08/13/2014 08:37:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The PlsvcV2 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

 

 

Microsoft Office Sessions:

=========================

Error: (01/21/2014 10:51:32 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 150827 seconds with 60 seconds of active time.  This session ended with a crash.

 

Error: (01/05/2014 08:47:34 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 89694 seconds with 600 seconds of active time.  This session ended with a crash.

 

Error: (07/16/2013 06:47:22 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 204 seconds with 0 seconds of active time.  This session ended with a crash.

 

 

CodeIntegrity Errors:

===================================

  Date: 2014-08-03 14:02:25.761

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-08-03 14:02:25.614

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-08-03 14:02:25.446

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-08-03 14:02:25.042

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-08-03 14:02:24.870

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-08-03 14:02:24.729

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-08-03 14:02:18.106

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-08-03 14:02:17.783

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-08-03 14:02:17.571

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-08-03 14:02:17.401

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i3-3110M CPU @ 2.40GHz

Percentage of memory in use: 53%

Total physical RAM: 3943.41 MB

Available physical RAM: 1825.32 MB

Total Pagefile: 11111.41 MB

Available Pagefile: 7770.33 MB

Total Virtual: 131072 MB

Available Virtual: 131071.78 MB

 

==================== Drives ================================

 

Drive c: (Windows8_OS) (Fixed) (Total:418.09 GB) (Free:204.87 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.93 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 466 GB) (Disk ID: FF669BDE)

 

Partition: GPT Partition Type.

 

==================== End Of Log ============================


 

 

Link to post
Share on other sites

Hi & :welcome:
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully. :excl:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.

P2P/Piracy Warning:

  • If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
  • Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now and read the policy on Piracy.


Step 1

Scan with mbam.pngMalwarebytes Antimalware

  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" and go to "Detection and Protection"
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard, then click on Scan Now to start the scan.
    (If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.)
  • A window with an option to view the detailed log will appear. Click on "View Detailed Log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.
Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 8/15/2014

Scan Time: 6:48:48 PM

Logfile: 

Administrator: No

 

Version: 2.00.2.1012

Malware Database: v2014.08.15.11

Rootkit Database: v2014.08.04.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 8.1

CPU: x64

File System: NTFS

User: Amy

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 354104

Time Elapsed: 35 min, 44 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Warn

PUM: Warn

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 3

PUP.Optional.Superfish.A, C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Delete-on-Reboot, [d51211b5e893cb6b21865c98a062c33d], 

PUP.Optional.Superfish.A, C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Delete-on-Reboot, [9057b90d64172016c4e330c4ad557987], 

PUP.Optional.Conduit.A, C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (   "homepage": "http://search.conduit.com/?gd=&ctid=CT3326285&octid=EB_ORIGINAL_CTID&ISID=MA45B1311-13E2-448C-A758-89339C9A7B61&SearchSource=55&CUI=&UM=5&UP=SP39284524-52FF-4D6B-A549-EAC984F79BF6&SSPV=",), Replaced,[03e4814586f5cc6a2abe7093778e31cf]

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

Hi,

to get rid of this

PUP.Optional.Superfish.A, C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Delete-on-Reboot, [d51211b5e893cb6b21865c98a062c33d], PUP.Optional.Superfish.A, C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Delete-on-Reboot, [9057b90d64172016c4e330c4ad557987], 
you must normally un- and reinstall chrome. But before we do so...

 

Let's do a final check up:

 

 

Step 1

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select "Run As Administrator"

  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[s#].txt) will open automatically.

    Copy and paste the contents of that logfile in your next reply.

Step 2

Please download the eset.pngESET Online Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.

    Note: This scan might take a long time! Please be patient.

  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

    Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!

Step 3

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.

    Please copy and paste the log in your next reply.

Link to post
Share on other sites

Hello,

 

Still working on step 2.

It seemed to be stuck so I stopped and  restarted it. This time it has made it to 34% and scanned almost 225K files so far and it looks like it is still moving. Last night it said 13 hours total scan time now it says only 9, but the file number continues to increase.

Link to post
Share on other sites

Ok, now my computer decided it needed to restart so I have launched Step 2 for a third time. This time it has reached 33% and almost 45K files scanned in just under 1 hour total scan time. Hopefully it will finish tonight and I will be able to finish the other steps and move on.

Link to post
Share on other sites


# AdwCleaner v3.306 - Report created 15/08/2014 at 22:32:07

# Updated 15/08/2014 by Xplode

# Operating System : Windows 8.1  (64 bits)

# Username : Amy - AMY

# Running from : C:\Users\Amy\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\SearchProtect

Folder Deleted : C:\ProgramData\apn

Folder Deleted : C:\ProgramData\Ask

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\ProgramData\Conduit

Folder Deleted : C:\ProgramData\Systweak

Folder Deleted : C:\ProgramData\Tarma Installer

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlvPlayer

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue

Folder Deleted : C:\Program Files (x86)\AnyProtectEx

Folder Deleted : C:\Program Files (x86)\Bench

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Program Files (x86)\RegClean Pro

Folder Deleted : C:\Program Files (x86)\Surf Canyon

Folder Deleted : C:\WINDOWS\SysWOW64\SearchProtect

Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\Users\Amy\AppData\Local\apn

Folder Deleted : C:\Users\Amy\AppData\Local\Conduit

Folder Deleted : C:\Users\Amy\AppData\Local\NativeMessaging

Folder Deleted : C:\Users\Amy\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Amy\AppData\LocalLow\Delta

Folder Deleted : C:\Users\Amy\AppData\Roaming\Babylon

Folder Deleted : C:\Users\Amy\AppData\Roaming\Systweak

Folder Deleted : C:\Users\Amy\AppData\Roaming\ValueApps

Folder Deleted : C:\Users\Amy\AppData\Roaming\xVidly

Folder Deleted : C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\fkjlsnsj.default\Smartbar

Folder Deleted : C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\fkjlsnsj.default\CT3307181

Folder Deleted : C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\fkjlsnsj.default\CT3300237

Folder Deleted : C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\fkjlsnsj.default\Extensions\{64d64833-9296-421b-a362-83cfbd6291b6}

Folder Deleted : C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\fkjlsnsj.default\Extensions\{8c58b088-1159-4ad9-a411-c7d3ae7edb28}

Folder Deleted : C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj

Folder Deleted : C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dachbokeklmhlikpklnkmmealjdfanoh

Folder Deleted : C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekjmlcgpmcjigljdiagaibfjfaideal

File Deleted : C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\fkjlsnsj.default\Extensions\freehdsport@freehdsport.tv.xpi

File Deleted : C:\Users\Amy\AppData\Local\CRE\dachbokeklmhlikpklnkmmealjdfanoh.crx

File Deleted : C:\Users\Amy\AppData\Local\CRE\iekjmlcgpmcjigljdiagaibfjfaideal.crx

File Deleted : C:\END

File Deleted : C:\Users\Amy\AppData\Roaming\aps.scan.quick.results

File Deleted : C:\Users\Amy\Desktop\AnyProtect.lnk

File Deleted : C:\Users\Amy\Desktop\Continue VuuPC Installation.lnk

File Deleted : C:\Program Files (x86)\Mozilla Firefox\nsprotector.js

File Deleted : C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\fkjlsnsj.default\searchplugins\Askcom.xml

File Deleted : C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\fkjlsnsj.default\searchplugins\safeguard-secure-search.xml

File Deleted : C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\fkjlsnsj.default\user.js

File Deleted : C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage

File Deleted : C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

 

***** [ Scheduled Tasks ] *****

 

Task Deleted : Advanced System Protector_startup

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj

Key Deleted : HKCU\Software\Google\Chrome\Extensions\dachbokeklmhlikpklnkmmealjdfanoh

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dachbokeklmhlikpklnkmmealjdfanoh

Key Deleted : HKCU\Software\Google\Chrome\Extensions\iekjmlcgpmcjigljdiagaibfjfaideal

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\iekjmlcgpmcjigljdiagaibfjfaideal

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com

Key Deleted : HKLM\SOFTWARE\Classes\driverscanner

Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataContainer

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}

Key Deleted : HKCU\Software\fedcd9b638e817

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}

Key Deleted : HKCU\Software\AnyProtect

Key Deleted : HKCU\Software\APN PIP

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\SmartBar

Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKLM\SOFTWARE\Babylon

Key Deleted : HKLM\SOFTWARE\Bench

Key Deleted : HKLM\SOFTWARE\Conduit

Key Deleted : HKLM\SOFTWARE\FlvPlayer

Key Deleted : HKLM\SOFTWARE\PIP

Key Deleted : HKLM\SOFTWARE\systweak

Key Deleted : HKLM\SOFTWARE\Uniblue

Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17126

 

 

-\\ Mozilla Firefox v27.0.1 (en-US)

 

[ File : C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\fkjlsnsj.default\prefs.js ]

 

Line Deleted : user_pref("CT3300236.FF19Solved", "true");

Line Deleted : user_pref("CT3300236.UserID", "UN65307577720504304");

Line Deleted : user_pref("CT3300236.addressUrlXPETakeover", "true");

Line Deleted : user_pref("CT3300236.autoDisableScopes", 14);

Line Deleted : user_pref("CT3300236.browser.search.defaultthis.engineName", "true");

Line Deleted : user_pref("CT3300236.defaultSearchXPETakeover", "true");

Line Deleted : user_pref("CT3300236.installDate", "12/7/2013 0:36:28");

Line Deleted : user_pref("CT3300236.installSessionId", "{EE23A489-23DA-4147-A2D2-56DC40C6EA24}");

Line Deleted : user_pref("CT3300236.installSp", "TRUE");

Line Deleted : user_pref("CT3300236.installerVersion", "1.4.2.3");

Line Deleted : user_pref("CT3300236.keyword", "true");

Line Deleted : user_pref("CT3300236.originalHomepage", "about:home");

Line Deleted : user_pref("CT3300236.originalSearchAddressUrl", "");

Line Deleted : user_pref("CT3300236.originalSearchEngine", "Ask.com");

Line Deleted : user_pref("CT3300236.searchRevert", "false");

Line Deleted : user_pref("CT3300236.searchUserMode", "2");

Line Deleted : user_pref("CT3300236.smartbar.homepage", "true");

Line Deleted : user_pref("CT3300236.startPageXPETakeover", "true");

Line Deleted : user_pref("CT3300236.versionFromInstaller", "10.15.2.23");

Line Deleted : user_pref("CT3300237.FF19Solved", "true");

Line Deleted : user_pref("CT3300237.UserID", "UN62980654114896584");

Line Deleted : user_pref("CT3300237.addressUrlXPETakeover", "true");

Line Deleted : user_pref("CT3300237.autoDisableScopes", 10);

Line Deleted : user_pref("CT3300237.browser.search.defaultthis.engineName", "true");

Line Deleted : user_pref("CT3300237.defaultSearchXPETakeover", "true");

Line Deleted : user_pref("CT3300237.installDate", "12/7/2013 8:49:27");

Line Deleted : user_pref("CT3300237.installSessionId", "{C037EAAE-95BB-48E3-BE75-93141DAB933E}");

Line Deleted : user_pref("CT3300237.installSp", "TRUE");

Line Deleted : user_pref("CT3300237.installUsage", "12/7/2013 8:49:18");

Line Deleted : user_pref("CT3300237.installUsageEarly", "12/7/2013 8:49:18");

Line Deleted : user_pref("CT3300237.installerVersion", "1.4.2.3");

Line Deleted : user_pref("CT3300237.keyword", "true");

Line Deleted : user_pref("CT3300237.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3300236&octid=CT3300236&SearchSource=61&CUI=UN65307577720504304&UM=2&UP=SPF0665CC8-7838-4D77-9588-F498A8A0DAE9");

Line Deleted : user_pref("CT3300237.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3300236&SearchSource=2&CUI=UN65307577720504304&UM=2&q=");

Line Deleted : user_pref("CT3300237.originalSearchEngine", "xVidly1 Customized Web Search");

Line Deleted : user_pref("CT3300237.searchRevert", "false");

Line Deleted : user_pref("CT3300237.searchUserMode", "2");

Line Deleted : user_pref("CT3300237.smartbar.homepage", "true");

Line Deleted : user_pref("CT3300237.startPageXPETakeover", "true");

Line Deleted : user_pref("CT3300237.versionFromInstaller", "10.15.2.23");

Line Deleted : user_pref("CT3307181.1000082.isPlayDisplay", "true");

Line Deleted : user_pref("CT3307181.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx\"}");

Line Deleted : user_pref("CT3307181.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

Line Deleted : user_pref("CT3307181.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");

Line Deleted : user_pref("CT3307181.FF19Solved", "true");

Line Deleted : user_pref("CT3307181.FirstTime", "true");

Line Deleted : user_pref("CT3307181.FirstTimeFF3", "true");

Line Deleted : user_pref("CT3307181.TopHitsConfig.enc", "ew0KICAgICJzcHJpdGVVcmwiOiAiaHR0cDovL3N0b3JhZ2UuY29uZHVpdC5jb20vcHMvVG9wSGl0c0dlbmVyaWNBcHAvY29uZmlncy9VUy1VSy1EYW5jZS1Sb2NrLVJhcC9zcHJpdGUucG5nIiwNCiAgICAiaX[...]

Line Deleted : user_pref("CT3307181.UserID", "UN57077000328576231");

Line Deleted : user_pref("CT3307181.addressBarTakeOverEnabledInHidden", "true");

Line Deleted : user_pref("CT3307181.browser.search.defaultthis.engineName", "true");

Line Deleted : user_pref("CT3307181.countryCode", "US");

Line Deleted : user_pref("CT3307181.defaultSearch", "true");

Line Deleted : user_pref("CT3307181.embeddedsData", "[{\"appId\":\"130166768271741233\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]

Line Deleted : user_pref("CT3307181.enableAlerts", "true");

Line Deleted : user_pref("CT3307181.enableSearchFromAddressBar", "true");

Line Deleted : user_pref("CT3307181.firstTimeDialogOpened", "true");

Line Deleted : user_pref("CT3307181.fixPageNotFoundError", "true");

Line Deleted : user_pref("CT3307181.fixPageNotFoundErrorByUser", "true");

Line Deleted : user_pref("CT3307181.fixPageNotFoundErrorInHidden", "true");

Line Deleted : user_pref("CT3307181.fullUserID", "UN57077000328576231.IN.20131030164526");

Line Deleted : user_pref("CT3307181.installDate", "30/10/2013 16:45:31");

Line Deleted : user_pref("CT3307181.installId", "cideoo");

Line Deleted : user_pref("CT3307181.installSessionId", "{A76DDAF8-4D35-4DFD-AB99-59DE833010A0}");

Line Deleted : user_pref("CT3307181.installSp", "TRUE");

Line Deleted : user_pref("CT3307181.installType", "conduitnsisintegration");

Line Deleted : user_pref("CT3307181.installUsage", "30/10/2013 16:59:17");

Line Deleted : user_pref("CT3307181.installUsageEarly", "30/10/2013 16:59:17");

Line Deleted : user_pref("CT3307181.installerVersion", "1.8.0.14");

Line Deleted : user_pref("CT3307181.isCheckedStartAsHidden", true);

Line Deleted : user_pref("CT3307181.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

Line Deleted : user_pref("CT3307181.isFirstTimeToolbarLoading", "false");

Line Deleted : user_pref("CT3307181.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Line Deleted : user_pref("CT3307181.keyword", "true");

Line Deleted : user_pref("CT3307181.lastVersion", "10.23.0.822");

Line Deleted : user_pref("CT3307181.mam_gk_installer_preapproved.enc", "ZmFsc2U=");

Line Deleted : user_pref("CT3307181.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_SEARCH_TERM\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://appmarketToolbar.OurToolbar.com/\",\"E[...]

Line Deleted : user_pref("CT3307181.openThankYouPage", "false");

Line Deleted : user_pref("CT3307181.openUninstallPage", "true");

Line Deleted : user_pref("CT3307181.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3300237&octid=CT3300237&SearchSource=61&CUI=UN62980654114896584&UM=2&UP=SPF0665CC8-7838-4D77-9588-F498A8A0DAE9");

Line Deleted : user_pref("CT3307181.originalSearchAddressUrl", "");

Line Deleted : user_pref("CT3307181.originalSearchEngine", "AVG Secure Search");

Line Deleted : user_pref("CT3307181.originalSearchEngineName", "AVG Secure Search");

Line Deleted : user_pref("CT3307181.revertSettingsEnabled", "false");

Line Deleted : user_pref("CT3307181.search.searchAppId", "130166768271741233");

Line Deleted : user_pref("CT3307181.search.searchCount", "0");

Line Deleted : user_pref("CT3307181.searchFromAddressBarEnabledByUser", "true");

Line Deleted : user_pref("CT3307181.searchInNewTabEnabledByUser", "true");

Line Deleted : user_pref("CT3307181.searchInNewTabEnabledInHidden", "true");

Line Deleted : user_pref("CT3307181.searchRevert", "false");

Line Deleted : user_pref("CT3307181.searchSuggestEnabledByUser", "true");

Line Deleted : user_pref("CT3307181.searchUserMode", "2");

Line Deleted : user_pref("CT3307181.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

Line Deleted : user_pref("CT3307181.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

Line Deleted : user_pref("CT3307181.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");

Line Deleted : user_pref("CT3307181.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3307181\"}");

Line Deleted : user_pref("CT3307181.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://appmarketToolbar.OurToolbar.com//xpi\"}");

Line Deleted : user_pref("CT3307181.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"appmarket- \"}");

Line Deleted : user_pref("CT3307181.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");

Line Deleted : user_pref("CT3307181.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");

Line Deleted : user_pref("CT3307181.serviceLayer_services_Configuration_lastUpdate", "1396162337112");

Line Deleted : user_pref("CT3307181.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1396162336711");

Line Deleted : user_pref("CT3307181.serviceLayer_services_appsMetadata_lastUpdate", "1396162336775");

Line Deleted : user_pref("CT3307181.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1396162336655");

Line Deleted : user_pref("CT3307181.serviceLayer_services_login_10.21.1.7_lastUpdate", "1385341270851");

Line Deleted : user_pref("CT3307181.serviceLayer_services_login_10.22.5.510_lastUpdate", "1386732953855");

Line Deleted : user_pref("CT3307181.serviceLayer_services_login_10.23.0.822_lastUpdate", "1396162336799");

Line Deleted : user_pref("CT3307181.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1396162336744");

Line Deleted : user_pref("CT3307181.serviceLayer_services_searchAPI_lastUpdate", "1396162336912");

Line Deleted : user_pref("CT3307181.serviceLayer_services_serviceMap_lastUpdate", "1396162336645");

Line Deleted : user_pref("CT3307181.serviceLayer_services_toolbarContextMenu_lastUpdate", "1396162336584");

Line Deleted : user_pref("CT3307181.serviceLayer_services_toolbarSettings_lastUpdate", "1396162336717");

Line Deleted : user_pref("CT3307181.serviceLayer_services_translation_lastUpdate", "1396162336699");

Line Deleted : user_pref("CT3307181.settingsINI", true);

Line Deleted : user_pref("CT3307181.shouldFirstTimeDialog", "false");

Line Deleted : user_pref("CT3307181.showToolbarPermission", "false");

Line Deleted : user_pref("CT3307181.smartbar.CTID", "CT3307181");

Line Deleted : user_pref("CT3307181.smartbar.Uninstall", "0");

Line Deleted : user_pref("CT3307181.smartbar.homepage", "true");

Line Deleted : user_pref("CT3307181.smartbar.toolbarName", "appmarket- ");

Line Deleted : user_pref("CT3307181.startPage", "true");

Line Deleted : user_pref("CT3307181.toolbarBornServerTime", "25-11-2013");

Line Deleted : user_pref("CT3307181.toolbarCurrentServerTime", "30-3-2014");

Line Deleted : user_pref("CT3307181.toolbarInstallDate", "30-10-2013 16:45:26");

Line Deleted : user_pref("CT3307181.toolbarLoginClientTime", "Sun Nov 24 2013 20:01:10 GMT-0500 (Eastern Standard Time)");

Line Deleted : user_pref("CT3307181.versionFromInstaller", "10.21.1.7");

Line Deleted : user_pref("CT3307181.xpeMode", "0");

Line Deleted : user_pref("CT3307181_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1396162379275,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");

Line Deleted : user_pref("CT3309350.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");

Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "");

Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "Conduit Search");

Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com&CUI=UN57077000328576231");

Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");

Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3307181");

Line Deleted : user_pref("browser.search.defaultenginename", "Conduit Search");

Line Deleted : user_pref("browser.search.defaultthis.engineName", "appmarket- Customized Web Search");

Line Deleted : user_pref("browser.search.selectedEngine", "Conduit Search");

Line Deleted : user_pref("iminent.enabledAds", "false");

Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);

Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3307181");

Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3300236&CUI=UN65307577720504304&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3300236&octid=CT3300236&SearchSource[...]

Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3300236&SearchSource=2&CUI=UN65307577720504304&UM=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?cti[...]

Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3307181");

Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3307181");

Line Deleted : user_pref("smartbar.machineId", "YZXY1JAKW3IGJ81ZDXHWGHPKGHRVCBNNWIHSPZPIRQAPCGTXQ5UPDX/CE3R6YGS5JPPAW41WZESAVA3IUE2K+A");

Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3300236&CUI=UN65307577720504304&UM=2&SearchSource=13");

Line Deleted : user_pref("valueApps.CT3307181./9B+7E+x305.storedInFile", true);

Line Deleted : user_pref("valueApps.CT3307181./9B+7E,x305.storedInFile", true);

Line Deleted : user_pref("valueApps.CT3307181./9B+7E-x305.storedInFile", true);

Line Deleted : user_pref("valueApps.CT3307181./9B+7E.:2z527", "247E4035422A363879453A7C36412C742E20213128335449563E4A4C2E58583D263F2E324247");

Line Deleted : user_pref("valueApps.CT3307181./9B+7E.:2z527.storedInFile", true);

Line Deleted : user_pref("valueApps.CT3307181./9B+7E.x305.storedInFile", true);

Line Deleted : user_pref("valueApps.CT3307181./9B+7E/x305.storedInFile", true);

Line Deleted : user_pref("valueApps.CT3307181./9B+7E06CG5EL8:", "6E6D686C726E73737177");

Line Deleted : user_pref("valueApps.CT3307181./9B+7E06CG5EL8:.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181./9B+7E06CG5EL;8I:K", "247E2D2F226A74736E7278747979777D242F4B49474F42357D5D5C3D");

Line Deleted : user_pref("valueApps.CT3307181./9B+7E06CG5EL;8I:K.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181./9B+7E0x305.storedInFile", true);

Line Deleted : user_pref("valueApps.CT3307181./9B+7E1x305.storedInFile", true);

Line Deleted : user_pref("valueApps.CT3307181./9B+7E2x305.storedInFile", true);

Line Deleted : user_pref("valueApps.CT3307181./9B+7E31;CJ7FK;KG#8QKEF)TIL.storedInFile", true);

Line Deleted : user_pref("valueApps.CT3307181./9B+7E31;CJ7FK;KG#NCEP@MC+VKN.storedInFile", true);

Line Deleted : user_pref("valueApps.CT3307181./9B+7E31;CJ8FED;;K?%PEH.storedInFile", true);

Line Deleted : user_pref("valueApps.CT3307181./9B+7E31;CJ=2:HGF==MAOQCNDT-XMP", "247E61393F236B2574767771792B222D6F4250454E337B354A3F475554534A4A5A4E5C5E505B51613A655A5D4A414C595D64503958536371705740596071786568716F[...]

Line Deleted : user_pref("valueApps.CT3307181./9B+7E31;CJ=2:HGF==MAOQCNDT-XMP.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181./9B+7E31;CJC<=FBJ#NCF.storedInFile", true);

Line Deleted : user_pref("valueApps.CT3307181./9B+7E3x305.storedInFile", true);

Line Deleted : user_pref("valueApps.CT3307181./9B+7E4x305.storedInFile", true);

Line Deleted : user_pref("valueApps.CT3307181./9B+7E5x305.storedInFile", true);

Line Deleted : user_pref("valueApps.CT3307181./9B+7E6x305.storedInFile", true);

Line Deleted : user_pref("valueApps.CT3307181./9B+7E7x305.storedInFile", true);

Line Deleted : user_pref("valueApps.CT3307181./9B+7E8x305.storedInFile", true);

Line Deleted : user_pref("valueApps.CT3307181./9B+7E9x305.storedInFile", true);

Line Deleted : user_pref("valueApps.CT3307181./9B+7E:x305.storedInFile", true);

Line Deleted : user_pref("valueApps.CT3307181./9B+7E;x305.storedInFile", true);

Line Deleted : user_pref("valueApps.CT3307181./9B+7E<x305.storedInFile", true);

Line Deleted : user_pref("valueApps.CT3307181./9B+7E=x305.storedInFile", true);

Line Deleted : user_pref("valueApps.CT3307181./9B+7E>x305.storedInFile", true);

Line Deleted : user_pref("valueApps.CT3307181./9B+7E?x305.storedInFile", true);

Line Deleted : user_pref("valueApps.CT3307181./9B+7E@x305.storedInFile", true);

Line Deleted : user_pref("valueApps.CT3307181./9B+7EAx305.storedInFile", true);

Line Deleted : user_pref("valueApps.CT3307181./9B+7EBE3G=;D9N9=D", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");

Line Deleted : user_pref("valueApps.CT3307181./9B+7EBE3G=;D9N9=D.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181./9B+7EBx305.storedInFile", true);

Line Deleted : user_pref("valueApps.CT3307181./9B+7ECx305.storedInFile", true);

Line Deleted : user_pref("valueApps.CT3307181./9B+7EDx305.storedInFile", true);

Line Deleted : user_pref("valueApps.CT3307181./9B+7Etx305.storedInFile", true);

Line Deleted : user_pref("valueApps.CT3307181./9B-0?3G>D", "663E696C6D7144427A76447973207C7B4A7A2522247D7D2A565558225726262C2B5F2D31");

Line Deleted : user_pref("valueApps.CT3307181./9B-0?3G>D.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181./9B-0?3G@6:5;", "");

Line Deleted : user_pref("valueApps.CT3307181./9B-0?3G@6:5;.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181./9B-0?3GFA7EF", "2B2E2C3D");

Line Deleted : user_pref("valueApps.CT3307181./9B-0?3GFA7EF.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181./9B-3=3ECCJA=F>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A23282E2E3132333435363B466068576C5E6857705A6C60606B6668563F73796F697861");

Line Deleted : user_pref("valueApps.CT3307181./9B-3=3ECCJA=F>.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181./9B/>01=9A6K6<IM;KRIE@PDAWM", "6A696B7273747576");

Line Deleted : user_pref("valueApps.CT3307181./9B/>01=9A6K6<IM;KRIE@PDAWM.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181./9B3=>@44I48?", "372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");

Line Deleted : user_pref("valueApps.CT3307181./9B3=>@44I48?.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181./9B5BA==9CJAG", "693E6A706C4275727A4646464A767C494B21204C23");

Line Deleted : user_pref("valueApps.CT3307181./9B5BA==9CJAG.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181./9B6B11G4C56B>F;P;ANR@P", "6E6D686C726E73737074707A7B");

Line Deleted : user_pref("valueApps.CT3307181./9B6B11G4C56B>F;P;ANR@P.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181./9B90E@.3C;7B=?OFB>>RHIQS", "393F352F3E");

Line Deleted : user_pref("valueApps.CT3307181./9B90E@.3C;7B=?OFB>>RHIQS.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181./9B9643G3/9E", "6A");

Line Deleted : user_pref("valueApps.CT3307181./9B9643G3/9E.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181./9B;45>:BI9I7IE", "2B2E2C3D");

Line Deleted : user_pref("valueApps.CT3307181./9B;45>:BI9I7IE.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181./9B<:222H64<", "393F352F3E");

Line Deleted : user_pref("valueApps.CT3307181./9B<:222H64<.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181./9B<:222H64<L8DAJ", "6D70706F7673737977752A7A7A72787A757D7C");

Line Deleted : user_pref("valueApps.CT3307181./9B<:222H64<L8DAJ.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181./9B=+03EH8H8J?:", "4443");

Line Deleted : user_pref("valueApps.CT3307181./9B=+03EH8H8J?:.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181./9B?+E2A52D8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");

Line Deleted : user_pref("valueApps.CT3307181./9B?+E2A52D8.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181./9B?B0D:8AJ62<H", "6D");

Line Deleted : user_pref("valueApps.CT3307181./9B?B0D:8AJ62<H.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181./9BA@0<0BI6A7GN:6@L?", "6C");

Line Deleted : user_pref("valueApps.CT3307181./9BA@0<0BI6A7GN:6@L?.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181.PG_ENABLE", "74727565");

Line Deleted : user_pref("valueApps.CT3307181.PG_ENABLE.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181.SF_JUST_INSTALLED", "46414C5345");

Line Deleted : user_pref("valueApps.CT3307181.SF_JUST_INSTALLED.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181.SF_STATUS", "454E41424C4544");

Line Deleted : user_pref("valueApps.CT3307181.SF_STATUS.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181.SF_USER_ID", "6369645F3231323230313332303534333836333438333931");

Line Deleted : user_pref("valueApps.CT3307181.SF_USER_ID.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181._key_cl_active", "33343034316135332D646136382D346361312D393165652D376261306563353463303636");

Line Deleted : user_pref("valueApps.CT3307181._key_cl_active.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181._key_edilia__uID", "64306266386532372D323830622D343338342D383230372D656538616463323338326361");

Line Deleted : user_pref("valueApps.CT3307181._key_edilia__uID.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181.cb_experience_000", "34");

Line Deleted : user_pref("valueApps.CT3307181.cb_experience_000.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181.cb_firstuse0100", "31");

Line Deleted : user_pref("valueApps.CT3307181.cb_firstuse0100.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181.cb_user_id_000", "43423938353032303433333434365F313338363832343631333539345F46697265666F78");

Line Deleted : user_pref("valueApps.CT3307181.cb_user_id_000.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181.cbfirsttime", "4D6F6E2044656320303220323031332032303A35343A353120474D542D3035303020284561737465726E205374616E646172642054696D6529");

Line Deleted : user_pref("valueApps.CT3307181.cbfirsttime.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181.impression_session_counter", "33");

Line Deleted : user_pref("valueApps.CT3307181.impression_session_counter.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181.impression_session_id", "2266343735643865652D646231642D343633642D613562652D64636330323365616465326122");

Line Deleted : user_pref("valueApps.CT3307181.impression_session_id.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181.impression_session_last_active", "31333932343238363231353636");

Line Deleted : user_pref("valueApps.CT3307181.impression_session_last_active.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_appStateReportTime", "34363336363636333235393336");

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_appStateReportTime.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_appState_Clarity_Active", "6F6E");

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_appState_Clarity_Active.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_appState_CouponBuddy", "6F6E");

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_appState_CouponBuddy.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_appState_Discover", "6F6E");

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_appState_Discover.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_appState_Easytobook", "6F6E");

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_appState_Easytobook.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_appState_Easytobook_targeted", "6F6E");

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_appState_Easytobook_targeted.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_appState_Find-a-Pro", "6F6E");

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_appState_Find-a-Pro.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_appState_JobsMiner", "6F6E");

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_appState_JobsMiner.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_appState_PriceGong", "6F6E");

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_appState_PriceGong.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_appState_WindowShopper", "6F6E");

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_appState_WindowShopper.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_appsConfig.storedInFile", true);

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_appsDefaultEnabled", "6E756C6C");

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_appsDefaultEnabled.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_calledSetupService", "31");

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_calledSetupService.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_currentBadgeValue", "31");

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_currentBadgeValue.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_currentVersion", "312E31332E302E3137");

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_currentVersion.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_existingUsersRecoveryDone", "31");

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_existingUsersRecoveryDone.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_first_time", "31");

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_first_time.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_globalKeysMigratedToLocalStorage", "31");

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_globalKeysMigratedToLocalStorage.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_lastLoginTime", "34363336363636333330393931");

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_lastLoginTime.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_localization.storedInFile", true);

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_mamEnabled", "74727565");

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_mamEnabled.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_migrated_from_ls", "31");

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_migrated_from_ls.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_newApps", "5B5D");

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_newApps.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_new_welcome_experience", "31");

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_new_welcome_experience.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_settings1.11.5.1.storedInFile", true);

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_settings1.12.0.5.storedInFile", true);

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_settings1.13.0.17.storedInFile", true);

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_showWelcomeGadget", "66616C7365");

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_showWelcomeGadget.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_stamp", "313034335F30");

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_stamp.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_userBornDate", "4E2F41");

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_userBornDate.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_userId", "37656363396532352D646239382D346263392D396538622D313935356338616337346539");

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_userId.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_user_approval_interacted", "31");

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_user_approval_interacted.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_welcomeDialogMode", "31");

Line Deleted : user_pref("valueApps.CT3307181.mam_gk_welcomeDialogMode.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181.rematchGround-country-code", "22555322");

Line Deleted : user_pref("valueApps.CT3307181.rematchGround-country-code.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181.rematchGround.upstairs", "7B22687474703A2F2F66617374636F6E74656E742E636F6E647569742E636F6D2F646F776E6C6F61645F6F66666572732E68746D6C3F637469643D4354333330373138317E62313[...]

Line Deleted : user_pref("valueApps.CT3307181.rematchGround.upstairs.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181.rematchagent-is-test-user", "66616C7365");

Line Deleted : user_pref("valueApps.CT3307181.rematchagent-is-test-user.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181.rematchagent-matkot-user-id", "22313338393936353136373436303634323334353622");

Line Deleted : user_pref("valueApps.CT3307181.rematchagent-matkot-user-id.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181.rematchagent-periodic-reports", "7B2270696E675F30223A5B313339363136323337303930362C31343430303030305D7D");

Line Deleted : user_pref("valueApps.CT3307181.rematchagent-periodic-reports.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181.rematchagent-user-id", "2237636365653735612D333539382D343764632D383033312D34633161353933373030333922");

Line Deleted : user_pref("valueApps.CT3307181.rematchagent-user-id.storedInFile", false);

Line Deleted : user_pref("valueApps.CT3307181.url_history0001", "73746172743A3A3A636C69636B68616E646C65723A3A3A313338363832343631333831382C2C2C73746172743A3A3A636C69636B68616E646C65723A3A3A31333836383234363135393537[...]

Line Deleted : user_pref("valueApps.CT3307181.url_history0001.storedInFile", true);

Line Deleted : user_pref("valueApps.ct3323245./9B+7E+x305.storedInFile", true);

Line Deleted : user_pref("valueApps.ct3323245./9B+7E,x305.storedInFile", true);

Line Deleted : user_pref("valueApps.ct3323245./9B+7E-x305.storedInFile", true);

Line Deleted : user_pref("valueApps.ct3323245./9B+7E.:2z527.storedInFile", true);

Line Deleted : user_pref("valueApps.ct3323245./9B+7E.x305.storedInFile", true);

Line Deleted : user_pref("valueApps.ct3323245./9B+7E/x305.storedInFile", true);

Line Deleted : user_pref("valueApps.ct3323245./9B+7E06CG5EL8:", "6E6D686C726E73737176");

Line Deleted : user_pref("valueApps.ct3323245./9B+7E06CG5EL8:.storedInFile", false);

Line Deleted : user_pref("valueApps.ct3323245./9B+7E06CG5EL;8I:K", "247E2D2F226A74736E7278747979777C242F4B49474F42357D5D5C3D");

Line Deleted : user_pref("valueApps.ct3323245./9B+7E06CG5EL;8I:K.storedInFile", false);

Line Deleted : user_pref("valueApps.ct3323245./9B+7E0x305.storedInFile", true);

Line Deleted : user_pref("valueApps.ct3323245./9B+7E1x305.storedInFile", true);

Line Deleted : user_pref("valueApps.ct3323245./9B+7E2x305.storedInFile", true);

Line Deleted : user_pref("valueApps.ct3323245./9B+7E3x305.storedInFile", true);

Line Deleted : user_pref("valueApps.ct3323245./9B+7E4x305.storedInFile", true);

Line Deleted : user_pref("valueApps.ct3323245./9B+7E5x305.storedInFile", true);

Line Deleted : user_pref("valueApps.ct3323245./9B+7E6x305.storedInFile", true);

Line Deleted : user_pref("valueApps.ct3323245./9B+7E7x305.storedInFile", true);

Line Deleted : user_pref("valueApps.ct3323245./9B+7E8x305.storedInFile", true);

Line Deleted : user_pref("valueApps.ct3323245./9B+7E9x305.storedInFile", true);

Line Deleted : user_pref("valueApps.ct3323245./9B+7E:x305.storedInFile", true);

Line Deleted : user_pref("valueApps.ct3323245./9B+7E;x305.storedInFile", true);

Line Deleted : user_pref("valueApps.ct3323245./9B+7E<x305.storedInFile", true);

Line Deleted : user_pref("valueApps.ct3323245./9B+7E=x305.storedInFile", true);

Line Deleted : user_pref("valueApps.ct3323245./9B+7E>x305.storedInFile", true);

Line Deleted : user_pref("valueApps.ct3323245./9B+7E?x305.storedInFile", true);

Line Deleted : user_pref("valueApps.ct3323245./9B+7E@x305.storedInFile", true);

Line Deleted : user_pref("valueApps.ct3323245./9B+7EAx305.storedInFile", true);

Line Deleted : user_pref("valueApps.ct3323245./9B+7EBE3G=;D9N9=D", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");

Line Deleted : user_pref("valueApps.ct3323245./9B+7EBE3G=;D9N9=D.storedInFile", false);

Line Deleted : user_pref("valueApps.ct3323245./9B+7EBx305.storedInFile", true);

Line Deleted : user_pref("valueApps.ct3323245./9B+7ECx305.storedInFile", true);

Line Deleted : user_pref("valueApps.ct3323245./9B+7EDx305.storedInFile", true);

Line Deleted : user_pref("valueApps.ct3323245./9B+7Etx305.storedInFile", true);

Line Deleted : user_pref("valueApps.ct3323245./9B-0?3G>D", "6D686E3F404170717A7678764920764D767C25217D7C522A2355552B26562C585D5F2B2D");

Line Deleted : user_pref("valueApps.ct3323245./9B-0?3G>D.storedInFile", false);

Line Deleted : user_pref("valueApps.ct3323245./9B-0?3G@6:5;", "");

Line Deleted : user_pref("valueApps.ct3323245./9B-0?3G@6:5;.storedInFile", false);

Line Deleted : user_pref("valueApps.ct3323245./9B-0?3GFA7EF", "2B2E2C3D");

Line Deleted : user_pref("valueApps.ct3323245./9B-0?3GFA7EF.storedInFile", false);

Line Deleted : user_pref("valueApps.ct3323245./9B-3=3ECCJA=F>", "247E333D2C452F4135276F297B7E7D21202F26313E4249357D37382F3A494D5D513F283338435D6554695B65546D57695D5D686365533C70766C66755E");

Line Deleted : user_pref("valueApps.ct3323245./9B-3=3ECCJA=F>.storedInFile", false);

Line Deleted : user_pref("valueApps.ct3323245./9B/>01=9A6K6<IM;KRIE@PDAWM", "6A696B7273747576");

Line Deleted : user_pref("valueApps.ct3323245./9B/>01=9A6K6<IM;KRIE@PDAWM.storedInFile", false);

Line Deleted : user_pref("valueApps.ct3323245./9B3=>@44I48?", "372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");

Line Deleted : user_pref("valueApps.ct3323245./9B3=>@44I48?.storedInFile", false);

Line Deleted : user_pref("valueApps.ct3323245./9B5BA==9CJAG", "3B673D6F3F70406D7A457049787A77757D2079207C");

Line Deleted : user_pref("valueApps.ct3323245./9B5BA==9CJAG.storedInFile", false);

Line Deleted : user_pref("valueApps.ct3323245./9B6B11G4C56B>F;P;ANR@P", "6E6D686C726E73737072757275");

Line Deleted : user_pref("valueApps.ct3323245./9B6B11G4C56B>F;P;ANR@P.storedInFile", false);

Line Deleted : user_pref("valueApps.ct3323245./9B90E@.3C;7B=?OFB>>RHIQS", "393F352F3E");

Line Deleted : user_pref("valueApps.ct3323245./9B90E@.3C;7B=?OFB>>RHIQS.storedInFile", false);

Line Deleted : user_pref("valueApps.ct3323245./9B9643G3/9E", "6A");

Line Deleted : user_pref("valueApps.ct3323245./9B9643G3/9E.storedInFile", false);

Line Deleted : user_pref("valueApps.ct3323245./9B;45>:BI9I7IE", "2B2E2C3D");

Line Deleted : user_pref("valueApps.ct3323245./9B;45>:BI9I7IE.storedInFile", false);

Line Deleted : user_pref("valueApps.ct3323245./9B<:222H64<", "393F352F3E");

Line Deleted : user_pref("valueApps.ct3323245./9B<:222H64<.storedInFile", false);

Line Deleted : user_pref("valueApps.ct3323245./9B<:222H64<L8DAJ", "6D70706E7674727974782A7A7572787C757C20");

Line Deleted : user_pref("valueApps.ct3323245./9B<:222H64<L8DAJ.storedInFile", false);

Line Deleted : user_pref("valueApps.ct3323245./9B=+03EH8H8J?:", "4443");

Line Deleted : user_pref("valueApps.ct3323245./9B=+03EH8H8J?:.storedInFile", false);

Line Deleted : user_pref("valueApps.ct3323245./9B?+E2A52D8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");

Line Deleted : user_pref("valueApps.ct3323245./9B?+E2A52D8.storedInFile", false);

Line Deleted : user_pref("valueApps.ct3323245./9B?B0D:8AJ62<H", "6D");

Line Deleted : user_pref("valueApps.ct3323245./9B?B0D:8AJ62<H.storedInFile", false);

Line Deleted : user_pref("valueApps.ct3323245./9BA@0<0BI6A7GN:6@L?", "6C");

Line Deleted : user_pref("valueApps.ct3323245./9BA@0<0BI6A7GN:6@L?.storedInFile", false);

Line Deleted : user_pref("valueApps.ct3323245.PG_ENABLE", "74727565");

Line Deleted : user_pref("valueApps.ct3323245.PG_ENABLE.storedInFile", false);

Line Deleted : user_pref("valueApps.ct3323245.SF_JUST_INSTALLED", "46414C5345");

Line Deleted : user_pref("valueApps.ct3323245.SF_JUST_INSTALLED.storedInFile", false);

Line Deleted : user_pref("valueApps.ct3323245.SF_STATUS", "454E41424C4544");

Line Deleted : user_pref("valueApps.ct3323245.SF_STATUS.storedInFile", false);

Line Deleted : user_pref("valueApps.ct3323245.SF_USER_ID", "6369645F33303332303134323532353433373933373833");

Line Deleted : user_pref("valueApps.ct3323245.SF_USER_ID.storedInFile", false);

Line Deleted : user_pref("valueApps.ct3323245._key_cl_active", "37643964633530332D343665372D343830372D626636312D653565353336323732376262");

Line Deleted : user_pref("valueApps.ct3323245._key_cl_active.storedInFile", false);

Line Deleted : user_pref("valueApps.ct3323245.cbfirsttime", "53756E204D617220333020323031342030323A35323A353320474D542D3034303020284561737465726E205374616E646172642054696D6529");

Line Deleted : user_pref("valueApps.ct3323245.cbfirsttime.storedInFile", false);

Line Deleted : user_pref("valueApps.ct3323245.mam_gk_appStateReportTime", "31333936313632333431323438");

Line Deleted : user_pref("valueApps.ct3323245.mam_gk_appStateReportTime.storedInFile", false);

Line Deleted : user_pref("valueApps.ct3323245.mam_gk_appState_Clarity_Active", "6F6E");

Line Deleted : user_pref("valueApps.ct3323245.mam_gk_appState_Clarity_Active.storedInFile", false);

Line Deleted : user_pref("valueApps.ct3323245.mam_gk_appsConfig.storedInFile", true);

Line Deleted : user_pref("valueApps.ct3323245.mam_gk_appsDefaultEnabled", "74727565");

Line Deleted : user_pref("valueApps.ct3323245.mam_gk_appsDefaultEnabled.storedInFile", false);

Line Deleted : user_pref("valueApps.ct3323245.mam_gk_calledSetupService", "31");

Line Deleted : user_pref("valueApps.ct3323245.mam_gk_calledSetupService.storedInFile", false);

Line Deleted : user_pref("valueApps.ct3323245.mam_gk_currentVersion", "312E31332E302E3137");

Line Deleted : user_pref("valueApps.ct3323245.mam_gk_currentVersion.storedInFile", false);

Line Deleted : user_pref("valueApps.ct3323245.mam_gk_first_time", "31");

Line Deleted : user_pref("valueApps.ct3323245.mam_gk_first_time.storedInFile", false);

Line Deleted : user_pref("valueApps.ct3323245.mam_gk_lastInstallationSessionGuid", "7B65656466666537352D313762652D343735632D383263652D3461353038616535623534377D");

Line Deleted : user_pref("valueApps.ct3323245.mam_gk_lastInstallationSessionGuid.storedInFile", false);

Line Deleted : user_pref("valueApps.ct3323245.mam_gk_lastLoginTime", "31333936313632333432393231");

Line Deleted : user_pref("valueApps.ct3323245.mam_gk_lastLoginTime.storedInFile", false);

Line Deleted : user_pref("valueApps.ct3323245.mam_gk_localization.storedInFile", true);

Line Deleted : user_pref("valueApps.ct3323245.mam_gk_mamEnabled", "74727565");

Line Deleted : user_pref("valueApps.ct3323245.mam_gk_mamEnabled.storedInFile", false);

Line Deleted : user_pref("valueApps.ct3323245.mam_gk_settings1.13.0.17.storedInFile", true);

Line Deleted : user_pref("valueApps.ct3323245.mam_gk_showWelcomeGadget", "66616C7365");

Line Deleted : user_pref("valueApps.ct3323245.mam_gk_showWelcomeGadget.storedInFile", false);

Line Deleted : user_pref("valueApps.ct3323245.mam_gk_stamp", "313034335F30");

Line Deleted : user_pref("valueApps.ct3323245.mam_gk_stamp.storedInFile", false);

Line Deleted : user_pref("valueApps.ct3323245.mam_gk_userBornDate", "3230313430333330");

Line Deleted : user_pref("valueApps.ct3323245.mam_gk_userBornDate.storedInFile", false);

Line Deleted : user_pref("valueApps.ct3323245.mam_gk_userId", "37656363396532352D646239382D346263392D396538622D313935356338616337346539");

Line Deleted : user_pref("valueApps.ct3323245.mam_gk_userId.storedInFile", false);

Line Deleted : user_pref("valueApps.ct3323245.mam_gk_user_approval_interacted", "");

Line Deleted : user_pref("valueApps.ct3323245.mam_gk_user_approval_interacted.storedInFile", false);

Line Deleted : user_pref("valueApps.ct3323245.rematchGround.upstairs", "7B22687474703A2F2F66617374636F6E74656E742E636F6E647569742E636F6D2F646F776E6C6F61645F6F66666572732E68746D6C3F637469643D6374333332333234357E62313[...]

Line Deleted : user_pref("valueApps.ct3323245.rematchGround.upstairs.storedInFile", false);

Line Deleted : user_pref("valueApps.ct3323245.rematchagent-is-test-user", "66616C7365");

Line Deleted : user_pref("valueApps.ct3323245.rematchagent-is-test-user.storedInFile", false);

Line Deleted : user_pref("valueApps.ct3323245.rematchagent-matkot-user-id", "22313338393936353136373436303634323334353622");

Line Deleted : user_pref("valueApps.ct3323245.rematchagent-matkot-user-id.storedInFile", false);

Line Deleted : user_pref("valueApps.ct3323245.rematchagent-periodic-reports", "7B2270696E675F30223A5B313339363136323337303930362C31343430303030305D7D");

Line Deleted : user_pref("valueApps.ct3323245.rematchagent-periodic-reports.storedInFile", false);

 

-\\ Google Chrome v36.0.1985.143

 

[ File : C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Deleted [Homepage] : hxxp://search.conduit.com/?gd=&ctid=CT3326285&octid=EB_ORIGINAL_CTID&ISID=MA45B1311-13E2-448C-A758-89339C9A7B61&SearchSource=55&CUI=&UM=5&UP=SP39284524-52FF-4D6B-A549-EAC984F79BF6&SSPV=

Deleted [Extension] : bcjagnifjocnddgeknajocbkkhlgibem

Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl

Deleted [Extension] : dachbokeklmhlikpklnkmmealjdfanoh

Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb

Deleted [Extension] : iekjmlcgpmcjigljdiagaibfjfaideal

Deleted [Extension] : jbolfgndggfhhpbnkgnpjkfhinclbigj

 

*************************

 

AdwCleaner[R0].txt - [52056 octets] - [15/08/2014 22:25:54]

AdwCleaner[s0].txt - [52866 octets] - [15/08/2014 22:32:07]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [52927 octets] ##########


Link to post
Share on other sites


ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=b2f7a3061d2dc54b86024d445d9fdaf1

# engine=19700

# end=stopped

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2014-08-18 12:36:21

# local_time=2014-08-18 08:36:21 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=6.2.9200 NT 

# compatibility_mode_1=''

# compatibility_mode=5893 16776574 100 94 0 11823702 0 0

# scanned=61405

# found=20

# cleaned=0

# scan_time=75703

sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"

sh=93510E07EBD463BE51052EC8114EC16C5423103E ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mozilla Firefox\nsprotector.js.vir"

sh=9896DAB927F232F334AAC794EE39E4741E8560AD ft=1 fh=20cdc242a13dadda vn="MSIL/AdvancedSystemProtector.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RegClean Pro\systweakasp.exe.vir"

sh=1E3FF58866D59D4658FE8ED7DCA3E9B73F86BD83 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.7z.vir"

sh=D6356361CB5D33E62695230274A8C219D18884A5 ft=1 fh=758f4dd0748812c4 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.dll.vir"

sh=3AEF532A0211CE7869F0EB51E940D9E0C7CAE321 ft=1 fh=c7560653d3ee2314 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir"

sh=D86451022DDD8348105C1D52FBFD2ADB1E2DCC30 ft=1 fh=d3e706a6307522ba vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Amy\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll.vir"

sh=314F703F0F190BF70F0386509C10998D4E2BD10B ft=1 fh=2f9f46df1834d950 vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Amy\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll.vir"

sh=D3CBDD7C6ED2C9D81DA4FCF9AF57CDD5D3711ED3 ft=1 fh=86dbe26399c3d0fa vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Amy\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll.vir"

sh=D77E1AE2D98312618E6F295448444F5B569A055A ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Amy\AppData\Local\CRE\dachbokeklmhlikpklnkmmealjdfanoh.crx.vir"

sh=76893D55C6CBF70A2FD0115B641BE01F72E86EAE ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Amy\AppData\Local\CRE\iekjmlcgpmcjigljdiagaibfjfaideal.crx.vir"

sh=2B9A1340BEC2FE2694C333ACD77F0E12EF9550D1 ft=1 fh=fcbeb3ad261a92d1 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dachbokeklmhlikpklnkmmealjdfanoh\10.31.4.510_0\APISupport\APISupport.dll.vir"

sh=675526C1B3CB27C6635233B62EDB8ECEEBFE1556 ft=1 fh=8382eeac10eb278f vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dachbokeklmhlikpklnkmmealjdfanoh\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe.vir"

sh=C0114483C9E2C1271B0D594AB6A6BF1E4F383D63 ft=1 fh=e2607344a0894545 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dachbokeklmhlikpklnkmmealjdfanoh\10.31.4.510_0\plugins\ChromeApiPlugin.dll.vir"

sh=2B9A1340BEC2FE2694C333ACD77F0E12EF9550D1 ft=1 fh=fcbeb3ad261a92d1 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekjmlcgpmcjigljdiagaibfjfaideal\10.31.4.510_0\APISupport\APISupport.dll.vir"

sh=675526C1B3CB27C6635233B62EDB8ECEEBFE1556 ft=1 fh=8382eeac10eb278f vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekjmlcgpmcjigljdiagaibfjfaideal\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe.vir"

sh=C0114483C9E2C1271B0D594AB6A6BF1E4F383D63 ft=1 fh=e2607344a0894545 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekjmlcgpmcjigljdiagaibfjfaideal\10.31.4.510_0\plugins\ChromeApiPlugin.dll.vir"

sh=E60FD5CB7D2CB265078625E7A72BDB71A5552E8A ft=1 fh=8483eb2d3942bac6 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Amy\AppData\Local\NativeMessaging\CT3307181\1_0_0_2\TBMessagingHost.exe.vir"

sh=A011DFD8D93BBA7B75833C0F85FF6E1D25594B84 ft=1 fh=049679d5506e563e vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\fkjlsnsj.default\Extensions\{64d64833-9296-421b-a362-83cfbd6291b6}\Plugins\npConduitFirefoxPlugin.dll.vir"

sh=64AC7AAD1FF357D84BA287892B7E95099CC43F40 ft=1 fh=710ded7bacb8d5d1 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\fkjlsnsj.default\Extensions\{8c58b088-1159-4ad9-a411-c7d3ae7edb28}\Plugins\npConduitFirefoxPlugin.dll.vir"

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=b2f7a3061d2dc54b86024d445d9fdaf1

# engine=19739

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2014-08-20 09:15:34

# local_time=2014-08-20 05:15:34 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=6.2.9200 NT 

# compatibility_mode_1=''

# compatibility_mode=5893 16776574 100 94 0 11984454 0 0

# scanned=561530

# found=170

# cleaned=0

# scan_time=31949

sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"

sh=93510E07EBD463BE51052EC8114EC16C5423103E ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mozilla Firefox\nsprotector.js.vir"

sh=9896DAB927F232F334AAC794EE39E4741E8560AD ft=1 fh=20cdc242a13dadda vn="MSIL/AdvancedSystemProtector.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RegClean Pro\systweakasp.exe.vir"

sh=1E3FF58866D59D4658FE8ED7DCA3E9B73F86BD83 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.7z.vir"

sh=D6356361CB5D33E62695230274A8C219D18884A5 ft=1 fh=758f4dd0748812c4 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.dll.vir"

sh=3AEF532A0211CE7869F0EB51E940D9E0C7CAE321 ft=1 fh=c7560653d3ee2314 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir"

sh=D86451022DDD8348105C1D52FBFD2ADB1E2DCC30 ft=1 fh=d3e706a6307522ba vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Amy\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll.vir"

sh=314F703F0F190BF70F0386509C10998D4E2BD10B ft=1 fh=2f9f46df1834d950 vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Amy\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll.vir"

sh=D3CBDD7C6ED2C9D81DA4FCF9AF57CDD5D3711ED3 ft=1 fh=86dbe26399c3d0fa vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Amy\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll.vir"

sh=D77E1AE2D98312618E6F295448444F5B569A055A ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Amy\AppData\Local\CRE\dachbokeklmhlikpklnkmmealjdfanoh.crx.vir"

sh=76893D55C6CBF70A2FD0115B641BE01F72E86EAE ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Amy\AppData\Local\CRE\iekjmlcgpmcjigljdiagaibfjfaideal.crx.vir"

sh=2B9A1340BEC2FE2694C333ACD77F0E12EF9550D1 ft=1 fh=fcbeb3ad261a92d1 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dachbokeklmhlikpklnkmmealjdfanoh\10.31.4.510_0\APISupport\APISupport.dll.vir"

sh=675526C1B3CB27C6635233B62EDB8ECEEBFE1556 ft=1 fh=8382eeac10eb278f vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dachbokeklmhlikpklnkmmealjdfanoh\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe.vir"

sh=C0114483C9E2C1271B0D594AB6A6BF1E4F383D63 ft=1 fh=e2607344a0894545 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dachbokeklmhlikpklnkmmealjdfanoh\10.31.4.510_0\plugins\ChromeApiPlugin.dll.vir"

sh=2B9A1340BEC2FE2694C333ACD77F0E12EF9550D1 ft=1 fh=fcbeb3ad261a92d1 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekjmlcgpmcjigljdiagaibfjfaideal\10.31.4.510_0\APISupport\APISupport.dll.vir"

sh=675526C1B3CB27C6635233B62EDB8ECEEBFE1556 ft=1 fh=8382eeac10eb278f vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekjmlcgpmcjigljdiagaibfjfaideal\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe.vir"

sh=C0114483C9E2C1271B0D594AB6A6BF1E4F383D63 ft=1 fh=e2607344a0894545 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekjmlcgpmcjigljdiagaibfjfaideal\10.31.4.510_0\plugins\ChromeApiPlugin.dll.vir"

sh=E60FD5CB7D2CB265078625E7A72BDB71A5552E8A ft=1 fh=8483eb2d3942bac6 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Amy\AppData\Local\NativeMessaging\CT3307181\1_0_0_2\TBMessagingHost.exe.vir"

sh=A011DFD8D93BBA7B75833C0F85FF6E1D25594B84 ft=1 fh=049679d5506e563e vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\fkjlsnsj.default\Extensions\{64d64833-9296-421b-a362-83cfbd6291b6}\Plugins\npConduitFirefoxPlugin.dll.vir"

sh=64AC7AAD1FF357D84BA287892B7E95099CC43F40 ft=1 fh=710ded7bacb8d5d1 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\fkjlsnsj.default\Extensions\{8c58b088-1159-4ad9-a411-c7d3ae7edb28}\Plugins\npConduitFirefoxPlugin.dll.vir"

sh=5638CFEBC6EAC7C0352DF1D1D3635278E47ECE12 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Program Files (x86)\WeatherBugSetup.msi"

sh=F8784954DFC694C571790BF89883F4A1862A33F6 ft=1 fh=f82196dd82c57dde vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\Program Files (x86)\Lexmark\Productivity_3_1.exe"

sh=EC07EFDECB7E21A63C8C04EA962FCB890A10B095 ft=1 fh=fe97b9e94f015df8 vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\Program Files (x86)\PureLeads\DynLib.dll"

sh=C25F1644335B36F951127F189FE8D6A4E4C777F7 ft=1 fh=e0f6c291f03c3401 vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\Program Files (x86)\PureLeads\freebl3.dll"

sh=DEE37FEEDFC899D114D1EA309A53D54B9CF7ADE9 ft=1 fh=6b14507ee99bfcd6 vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\Program Files (x86)\PureLeads\Interop.PCProxyLib.dll"

sh=4B8954393F8527A3BD23CD68FAA408419C7DA8CE ft=1 fh=60e8201d2360b900 vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\Program Files (x86)\PureLeads\libnspr4.dll"

sh=F1AB9AAF566D24504E418A7170172D161E346262 ft=1 fh=2579781865657782 vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\Program Files (x86)\PureLeads\libplc4.dll"

sh=DF3B34883B3D88E222056DAE59CC590BCF0F208C ft=1 fh=08415faeed726e5e vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\Program Files (x86)\PureLeads\libplds4.dll"

sh=AD25F05D22234F0D999603B63B069F3C8A861E31 ft=1 fh=8accfed37675d04c vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\Program Files (x86)\PureLeads\nss3.dll"

sh=9E1A8A8F1CD35363443DA9C518B28A20960918ED ft=1 fh=0a854fe44f6c7423 vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\Program Files (x86)\PureLeads\nssckbi.dll"

sh=84CA775EE4BF2432DC1DCB1DABBB8E4AEA0F9D49 ft=1 fh=e27d31575a756b17 vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\Program Files (x86)\PureLeads\nssdbm3.dll"

sh=18D3CF3052F31805BD6C5F2E717DC02E5B5C1AC8 ft=1 fh=004ca2ea96de821e vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\Program Files (x86)\PureLeads\nssutil3.dll"

sh=BB8C196BCDBED01EA857168CF4F563B43E8705D5 ft=1 fh=42c680e3bdbef60e vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\Program Files (x86)\PureLeads\plsapp.dll"

sh=D0AA9C701934B9542ECF42B6A4BC8FB34EB16D7B ft=1 fh=596014eaf56cdff3 vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\Program Files (x86)\PureLeads\plsapp.exe"

sh=7DF6F58A0F3D132AC3A783C1577514BEB5B5CFB3 ft=1 fh=8db6f252aca83a8e vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\Program Files (x86)\PureLeads\plsappDLL.dll"

sh=949278AD486EC7A944E973B34853540D28425830 ft=1 fh=cd89e5d05ae676d1 vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\Program Files (x86)\PureLeads\plsappLSP.exe"

sh=6AD98A7FC6481D18C2E56B88E6A7C9AD416FCD88 ft=1 fh=a9e6365a93eeb504 vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\Program Files (x86)\PureLeads\plsappLSP64.exe"

sh=F9C40AC0A15FBFA82BC23F7BD18865DC0F8CCC6B ft=1 fh=de25579848ab9b9a vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\Program Files (x86)\PureLeads\pureleads-win-upgrader.exe"

sh=D1070DE23272B1CB8F3B1A80ED916D66E647E320 ft=1 fh=5c0459887bbb20ee vn="a variant of MSIL/Adware.Sendori.A application" ac=I fn="C:\Program Files (x86)\PureLeads\PureLeads.Library.dll"

sh=867E32C5083C4F90C4C704EB03AC29EF0A7C378D ft=1 fh=365cb828a737e390 vn="a variant of MSIL/Adware.Sendori.A application" ac=I fn="C:\Program Files (x86)\PureLeads\PureLeads.Service.exe"

sh=64BBD9350BB37656A8F86ADF6DD600EB3B81BC96 ft=1 fh=04eb6b75246b48ed vn="Win32/AdWare.Sendori.C application" ac=I fn="C:\Program Files (x86)\PureLeads\PureLeadsControl.exe"

sh=7598DD84CF1C4089AF7554F2C23D8C69A72F49DC ft=1 fh=f043bde41a608e9d vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\Program Files (x86)\PureLeads\PureLeadsSvc.exe"

sh=626D9C60D6781860759E6D0D6F453DA9CF8283FE ft=1 fh=b4a101a55b0e176d vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\Program Files (x86)\PureLeads\PureLeadsTray.exe"

sh=C804A3FBCD8C0B483B496390C4C3C8F3DDCE958D ft=1 fh=1b7f5ddaab29cd8a vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\Program Files (x86)\PureLeads\PureLeadsUp.exe"

sh=8640527BC6A29F560C897FA03B78661959E4EE11 ft=1 fh=b75028ea8a3634f2 vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\Program Files (x86)\PureLeads\smime3.dll"

sh=7A020DB00FEF0B8C24F2F8FA405D42E812EC56C3 ft=1 fh=cb44948ca650be70 vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\Program Files (x86)\PureLeads\softokn3.dll"

sh=051C8B6762CE840D73BE6FA5C931D6CE11E1128D ft=1 fh=230ca997ad7646c0 vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\Program Files (x86)\PureLeads\sqlite3.dll"

sh=E9F0913915C4CADACB4ABC18102D2236E9216FB4 ft=1 fh=ce29536aa690dcf5 vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\Program Files (x86)\PureLeads\ssl3.dll"

sh=B7B1CF8C994B9535A6802A982D6FCA849FA8D220 ft=1 fh=38d0056c581af38e vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\Program Files (x86)\PureLeads\Uninstall.exe"

sh=3D4F16D76F5C1E68CE4D25B1F0049396FCE2ACCB ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Users\Amy\AppData\Local\Downloaded Installations\{05B91CE4-CA5C-4607-9729-372F8CB3AD30}\The Weather Channel App.msi"

sh=1795B188ED97226926DBB26B6498CDCAE970F442 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\background.js"

sh=F9203179223E717A2A652FF1CF112133B82955C2 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\background.unit.js"

sh=C3F4412040FF27C67B098FB4356A986C4DE1FB90 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\SOAP.js"

sh=DF0913B6B39E3F2ED9EE99B40D38FAA78E8B0FB3 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\lib\config.js"

sh=90188DF504D2F05A9EB382E9D161092C79E073A9 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\lib\context.js"

sh=00E44FDE380EB0368673B4FE160AA737F02F29CF ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\lib\tinifying.js"

sh=65A3A5498628FA435A1CF64C59AE826A49561B2A ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\minibar.min.js"

sh=5E8F24E827A07A87EFF25015F27A044460E6F9DB ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\minibar.translations.js"

sh=D018BF4D10728048DBBD89412F15EDA02143D3F5 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\minibar.unit.js"

sh=16503909D21C7CCAE6BB8EE5CD7DC481BBBC1D8D ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\minibar.vars.js"

sh=07773E48E6F949BA871ACD417BF9C369D12ABF3E ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\abril.js"

sh=A55DFCA4DBCB0C85C5761F0053563A65D72E2573 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\amazon.js"

sh=60BE8F92703FBCE1944099D136E609E2168D5B9A ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\aol.js"

sh=08BD98BFD1605070520E8C2DFEBA14F114A38DFD ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\ask.js"

sh=55FA1C11B49FBA1D14453C5D7117C9C11543A5CF ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\autoscout24.js"

sh=B5F9479615DE1091AD53FE763CC36ED255814346 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\autosottocosto.js"

sh=618D2CAC8B23EB8E0CC4F1CACC7EA787A6510B65 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\baixaki.js"

sh=33558B5189CCCA9F18F8701745578DEE53A853AD ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\bomnegocio.js"

sh=2C76F28EFD81D51D1065F33146D8AE4956DD53BB ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\chip.js"

sh=9BCAE09999D39B6C0BFB9E1E7AC912DB71F2145A ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\ciao.js"

sh=BB1F23D34D18938C5B21E3C484231996CD049506 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\conduit.js"

sh=2FFA257F724647F269A99033FB89A8ACE5588A85 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\corriere.js"

sh=54A1954E9CB628378D7054489AE314A9248E0C43 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\craigslist.js"

sh=CFBE5A13F632E4A279738D8E7D3EFF53668F04E6 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\dailymotion.js"

sh=F514221253D2C7350B1AE413FD1265EDCFDCA43F ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\default_adapter.js"

sh=460B38D435D95856B0A1CF6D4664045F1DABA4E6 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\delta-search.js"

sh=214C92C818C7D054353629D50EAA146CEA2B84A3 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\diretta.js"

sh=2656CA9B44D557D0F72E9802917D93D699ACC137 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\ebay.js"

sh=6F28EAFAE1B73E6109DB66C9530484C2ECEBA0A7 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\ehow.js"

sh=BBA10A9C2857CC5BBE42A44A410E19883FC55E58 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\elmundo.js"

sh=112819CD343318762773A1EC4C7F13B51AB4E807 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\elpais.js"

sh=4EACDE2449F69DC2235DD3091FB83D274AFCC0DD ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\facebook.js"

sh=770A7B28877460F7FF971816D8E61C4167483E39 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\foxsports.js"

sh=805689443342098E6EB174836CD1AA9D0C7FC959 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\friv.js"

sh=9D9F4FCCFB308B85C98F48DCFFACE9EAAFBB0C5B ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\funutilities.js"

sh=4A188F0A2808AFBB66B52D3889A33597A7FAE263 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\globo.js"

sh=C3395ECA1630C98A31202B8FAEA6426830B9A8D0 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\gmx.js"

sh=30835B27BC12C659CC39922A0792EC44C24718CF ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\go.js"

sh=2D90F7BF38D1E97E8338DC52B92DC0CB173546FF ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\google.js"

sh=77F15F7DF28D30C04D70974F110A32D16DB0307F ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\gumtree.js"

sh=02780CC79456BF0793A9A11E4A6B3B0F9FC9EB74 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\huffingtonpost.js"

sh=A13D2CD10CC7E1ACCA5D7F5CC67588C202120876 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\ilmeteo.js"

sh=B983AAEB2D0D413D677F452A2E750FC974E94988 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\imdb.js"

sh=35BB824A4AA845FA5BB968DF0824A50C220F29E2 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\inbox.js"

sh=DDD4F1DA7B4749A770911948751054C95D9306C3 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\indeed.js"

sh=09E92AEC9B7E28D3E1E6E8DB18AD903A69EE4364 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\instagram.js"

sh=AB7EA1051AD1FDBF92BFB4DB11D9A160B6A5167D ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\jappy.js"

sh=64B7AFE419D34C576E3B326A9365978C8472099C ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\leboncoin.js"

sh=13958A95749B932F39852898B31D31550618F49F ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\libero.js"

sh=22127D788730A3FDFAA4413AFFB4F254201A9442 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\live.js"

sh=D2F73DE130CF2E0DB94C9F964F058CF76FAA6F4F ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\marca.js"

sh=854BF24D22B8120BFA2EFC2960D7A0ABDFE8C9E1 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\mediaset.js"

sh=DD1DABE6A6DB32EBC7A49DD963DE197AF6B496AD ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\mercadolivre.js"

sh=3287EDFE107F42BD54464354F7EDD0D5EC1F62BD ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\milanuncios.js"

sh=E55A9A86D46D05BEA0BB5E0696C2F787DE80A40B ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\msn.js"

sh=7F635F177D4FD8369EE48E5FC46D2903E225A273 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\mundoanuncio.js"

sh=EA56F90FD2A7809E666610FDD49EB36634000210 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\netlog.js"

sh=E386E67E52129451462EF3D414D47A10F79B710E ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\nirvam.js"

sh=93F41F741F606D7B70A44E4F2C8A8A68B2A0D954 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\okcupid.js"

sh=57E22CB21E4BFA61E6BC2F222A017AE46BF5DE26 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\olx.js"

sh=25BDAED3477D2E7BD966D5BBC88E37BDF9662D21 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\orange.js"

sh=D8CB42161AD13F6E228B2BE104C393A5CE8288D3 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\pagesjaunes.js"

sh=1328E1B00D3C3038F870A9C4D22BFE86AC431111 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\photobucket.js"

sh=4AE7DDB7775FC5D8B19F44976C7CCD768A65B2CD ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\pinterest.js"

sh=F86FF8B0F128B670AFD94C1F188B3D76B6D8FFB3 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\pof.js"

sh=851E4B4E67D19CE13E1683C992ABE5A2B6F6DA7B ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\repubblica.js"

sh=2ABBC85C521ABA13D4ADB62AA0D538A071507A01 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\roblox.js"

sh=FD9CBF76BC7ACE5CFCB75F09620BAA0504CFFBCC ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\segundamano.js"

sh=E92EB72284117635B3FAEC873655509702715DBF ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\sfr.js"

sh=A4FC63BD4CBCA3F515E25FC9D9877247CF23F23F ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\shopping.js"

sh=69CD881D1C4F419498E84A92978F3CEEF5FB26D5 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\skyrock.js"

sh=2D909465824F3E1D00FAF3E906CCF6A0B75D0000 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\spiegel.js"

sh=B4F81BC96FE21A96786AAA2413BC146BEA25B404 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\subito.js"

sh=71ACBB209164D063AE33CEF2D0FA83A7DAE47D77 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\t-online.js"

sh=EF862D796553B410820FD472DF2AEB55B0D8A8CB ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\tagged.js"

sh=059ECD1F9057055D01D301FAB021AC97716A7FDD ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\terra.js"

sh=DF27BF67631D1BB38B93D428AC678D7F7F0EBB43 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\tiscali.js"

sh=ABD3AE9C08DCC229A69CC07FA5D80FA6F5F526D0 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\tripadvisor.js"

sh=0BF31826473EE5EA3B5F1129A9525DA36E0B1223 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\twitpic.js"

sh=83ABF13F4561B5E8F7A8E53619B7448E63F50FE7 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\twitter.js"

sh=D49596B6E66ED28A0EC4AC5AD09B83F666F1567F ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\uol.js"

sh=49E73E7FEF6FE6FC8EFFB96F189D21993F98D674 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\v9.js"

sh=4C81B196E0DCF0CD39809C3DCE0136E3C8597387 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\virgilio.js"

sh=2C35DA0C6DA24B135474E099E74B6351492E34C0 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\voila.js"

sh=9D95B3EFB40673560EE8F2249E9EA8F3C2D3FDDC ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\walmart.js"

sh=DBBB101460491E2EDC3A8CD696A8997B14EFB1F0 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\weather.js"

sh=44F0E12C750818C8BD052BCEAA2A7FE740C5C9AC ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\web.js"

sh=311102EEC0D1CAFF31CF56D5003223271732A425 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\yahoo.js"

sh=552E2F2C29B0E2EC76831638424913B52107FDF9 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\yelp.js"

sh=ED426D3C0C541D6C462BA06CF6B36920D44F47C1 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\adapters\youtube.js"

sh=BB5B26BE9E0B4ADB1A684EEA3A8813CE88822F87 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\services\bhp.js"

sh=BF7C810EC3ED34076EDAAEDD9FD1559679C6999C ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I potentially unwanted application" ac=I fn="C:\Users\Amy\AppData\Local\Google\Chrome\User Data\BackupDefault\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\8.1.2.3_0\scripts\minibar\services\favlinks.js"

sh=2807F64B749DF114F021593F2F4D60195A51F987 ft=1 fh=a40243e1e458f2f1 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Users\Amy\Documents\From Rented Comp\ccsetup325 (1).exe"

sh=2807F64B749DF114F021593F2F4D60195A51F987 ft=1 fh=a40243e1e458f2f1 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Users\Amy\Documents\From Rented Comp\ccsetup325 (2).exe"

sh=2807F64B749DF114F021593F2F4D60195A51F987 ft=1 fh=a40243e1e458f2f1 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Users\Amy\Documents\From Rented Comp\ccsetup325 (3).exe"

sh=2807F64B749DF114F021593F2F4D60195A51F987 ft=1 fh=a40243e1e458f2f1 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Users\Amy\Documents\From Rented Comp\ccsetup325 (4).exe"

sh=2807F64B749DF114F021593F2F4D60195A51F987 ft=1 fh=a40243e1e458f2f1 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Users\Amy\Documents\From Rented Comp\ccsetup325.exe"

sh=CFE0A6987D29FEA5CCDAE4DDBA886BB26D0B0E25 ft=1 fh=36c3b165df7d3cd7 vn="a variant of Win32/Adware.iBryte.D application" ac=I fn="C:\Users\Amy\Documents\From Rented Comp\Office_Setup.exe"

sh=686FFA84B518F63667B17939C4F8B475226C06C6 ft=1 fh=ef34117524fb94cb vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\Amy\Downloads\cbsidlm-cbsi176-eSpeaking_Voice_and_Speech_Recognition-SEO-10371457.exe"

sh=180C8ED7C81E3AE7B0507B26C927EA93584B017C ft=1 fh=b0b83453fcc7b480 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Amy\Downloads\ccsetup327.exe"

sh=DD72ACAA5B7D3FFA024A46D3A8723BD4A7E06120 ft=1 fh=f81195f4f0eeae36 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Amy\Downloads\ccsetup327pro.exe"

sh=ADF2AD3B94EB35DC371AB7A1A49B004B7C76BFA5 ft=1 fh=f95766f30bc4ebc6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Amy\Downloads\ccsetup406.exe"

sh=6585F3BCD797EFC2F81599CDE50115668B677D52 ft=1 fh=c4c5afd1d69feff3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Amy\Downloads\ccsetup408.exe"

sh=932E042070F1567ED5A116E98E3C04D7D07E0681 ft=1 fh=3bf8f6c29b1c29c3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Amy\Downloads\ccsetup409.exe"

sh=C133DB147FA578119F34B675D45B477E110761B2 ft=1 fh=9272027fde077ca7 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Amy\Downloads\ccsetup412.exe"

sh=DA0FB77CECB4247F067294DA5E54E0020844FECE ft=1 fh=96c9faddf1c23368 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Amy\Downloads\ccsetup413.exe"

sh=F83855D2F4CB2063085A6A66A6A1C7CB377C28CB ft=1 fh=bcd5e45444e76df6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Amy\Downloads\ccsetup414.exe"

sh=CE76B7DFDF035C49AB58637D7ECC6E59A9908104 ft=1 fh=691732646e18ff2a vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\Amy\Downloads\ezvid.exe"

sh=83FF23DBBB0C488246919824D20F22DFCAA8ED04 ft=1 fh=2b32a25a8041611d vn="Win32/DomaIQ.C potentially unwanted application" ac=I fn="C:\Users\Amy\Downloads\FlashPlayer_transaction_id=102afa81a8678f750d48bee8b821b7.exe"

sh=401FA25B94EE60F9BEE83545B506478496D8DBF2 ft=1 fh=319e04bcc91e377f vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\Amy\Downloads\FreeAudioConverter.exe"

sh=A48EE4F33DB6CBB0E11F1857F71946CD2915A18E ft=1 fh=a60d7c6b99f819b8 vn="Win32/DownWare.S potentially unwanted application" ac=I fn="C:\Users\Amy\Downloads\iTunes (1).exe"

sh=A48EE4F33DB6CBB0E11F1857F71946CD2915A18E ft=1 fh=a60d7c6b99f819b8 vn="Win32/DownWare.S potentially unwanted application" ac=I fn="C:\Users\Amy\Downloads\iTunes.exe"

sh=8FF6EED4CD94E83BCD10D1F01581DA304544CE19 ft=1 fh=fb6645b2a768660e vn="a variant of Win32/AirAdInstaller.A potentially unwanted application" ac=I fn="C:\Users\Amy\Downloads\Upgrade.exe"

sh=5F54D82D964FFD710F1119BCD92C504116D9A02C ft=1 fh=6e877bb14a09976f vn="a variant of Win32/OpenInstall potentially unwanted application" ac=I fn="C:\Users\Amy\Downloads\WinZip170.exe"

sh=10AE61C5A576D4EE648B2AFEBA04C9F72EF143C7 ft=0 fh=0000000000000000 vn="JS/Iframe.IH trojan" ac=I fn="C:\Users\Amy\Web Design\backup-barkparkdogdaycare.com-12-28-2011.tar.gz"

sh=3D4F16D76F5C1E68CE4D25B1F0049396FCE2ACCB ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Windows\Installer\21b0f2.msi"

sh=FF4F6980F362E4BCDBAA85E2CF474A268BC7CD80 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Windows\Installer\26718080.msi"

sh=BB8C196BCDBED01EA857168CF4F563B43E8705D5 ft=1 fh=42c680e3bdbef60e vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\Windows\System32\plsapp.dll"

sh=BB8C196BCDBED01EA857168CF4F563B43E8705D5 ft=1 fh=42c680e3bdbef60e vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="C:\Windows\SysWOW64\plsapp.dll"

sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/AdWare.Sendori.A application" ac=I fn="${Memory}"

Link to post
Share on other sites

 

*************************************************************************************************************************************************************

*************************************************************************************************************************************************************

I cannot restart Windows Defender. I get the following error 

 

Error 577: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

*************************************************************************************************************************************************************

*************************************************************************************************************************************************************

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01

Ran by Amy (administrator) on AMY on 20-08-2014 21:26:04

Running from C:\Users\Amy\Downloads

Platform: Windows 8.1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:



Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE

() C:\Program Files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe

(PureLeads) C:\Program Files (x86)\PureLeads\PureLeadsSvc.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(sendori) C:\Program Files (x86)\PureLeads\PureLeads.Service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe

(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(AWS Convergence Technologies, Inc.) C:\Program Files (x86)\AWS\WeatherBug\Weather.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Google Inc.) C:\Users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe

(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe

() C:\Program Files (x86)\Lenovo EasyCamera\Monitor.exe

(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe

(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe

(PureLeads) C:\Program Files (x86)\PureLeads\PureLeadsTray.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe

(Microsoft Corporation) C:\Windows\System32\prevhost.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-02] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-06-13] (Realtek Semiconductor)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2864016 2012-08-09] (ELAN Microelectronics Corp.)

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [366720 2012-06-26] (Alcor Micro Corp.)

HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2012-10-20] (Lenovo (Beijing) Limited)

HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2012-10-20] (Lenovo(beijing) Limited)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508256 2012-04-23] (Dolby Laboratories Inc.)

HKLM-x32\...\Run: [Lenovo EasyCamera_Monitor] => C:\Program Files (x86)\Lenovo EasyCamera\monitor.exe [257224 2010-08-24] ()

HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)

HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)

HKLM-x32\...\Run: [updateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)

HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)

HKLM-x32\...\Run: [intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)

HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)

HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-22] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499896 2014-05-08] (Adobe Systems Inc.)

HKLM-x32\...\Run: [PureLeads Tray] => C:\Program Files (x86)\PureLeads\PureLeadsTray.exe [83232 2014-01-23] (PureLeads)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)

Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKU\S-1-5-21-3948811954-352045940-1238658349-1001\...\Run: [Weather] => C:\Program Files (x86)\AWS\WeatherBug\Weather.exe [1653760 2013-03-04] (AWS Convergence Technologies, Inc.)

HKU\S-1-5-21-3948811954-352045940-1238658349-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [18643560 2013-03-01] (Skype Technologies S.A.)

HKU\S-1-5-21-3948811954-352045940-1238658349-1001\...\Run: [AdobeBridge] => [X]

HKU\S-1-5-21-3948811954-352045940-1238658349-1001\...\Run: [speech Recognition] => C:\WINDOWS\Speech\Common\sapisvr.exe [44544 2013-08-22] (Microsoft Corporation)

HKU\S-1-5-21-3948811954-352045940-1238658349-1001\...\Run: [spotify Web Helper] => C:\Users\Amy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-29] (Spotify Ltd)

HKU\S-1-5-21-3948811954-352045940-1238658349-1001\...\Run: [spotify] => C:\Users\Amy\AppData\Roaming\Spotify\Spotify.exe [6162488 2014-07-29] (Spotify Ltd)

HKU\S-1-5-21-3948811954-352045940-1238658349-1001\...\Run: [TWC.Win7] => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe [48640 2014-04-13] ()

HKU\S-1-5-21-3948811954-352045940-1238658349-1001\...\Run: [Google Update] => C:\Users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-05-08] (Google Inc.)

HKU\S-1-5-21-3948811954-352045940-1238658349-1001\...\MountPoints2: {9279e1ad-eb41-11e2-be96-3c970e3a695e} - "G:\LGAutoRun.exe" 

ShellIconOverlayIdentifiers:  AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()

ShellIconOverlayIdentifiers:  AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()

ShellIconOverlayIdentifiers:  AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()

ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} =>  No File

ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} =>  No File

ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} =>  No File

ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} =>  No File

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com

SearchScopes: HKLM - {3728E3C4-5F83-4573-9054-941BF0267289} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS

SearchScopes: HKLM-x32 - {3728E3C4-5F83-4573-9054-941BF0267289} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS

SearchScopes: HKCU - {3728E3C4-5F83-4573-9054-941BF0267289} URL = 

BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKCU - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)

DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} 

DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112

 

FireFox:

========

FF ProfilePath: C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\fkjlsnsj.default

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 -> C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)

FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)

FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Amy\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Amy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Amy\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Amy\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Amy\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\Amy\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\Amy\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)

FF Extension: Firebug - C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\fkjlsnsj.default\Extensions\firebug@software.joehewitt.com.xpi [2013-03-07]

FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn

FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-12-29]

FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox

FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2014-01-11]

FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

 

Chrome: 

=======

CHR HomePage: hxxp://www.google.com/

CHR StartupUrls: "hxxp://currently.com/"

CHR NewTab: "chrome-extension://ojhmphdkpgbibohbnpbfiefkgieacjmh/index.html"


CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]

CHR Extension: (Upromise RewardU Toolbar) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddpocmpoechljihmgemoaahhmadaenbc [2014-06-05]

CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2013-12-29]

CHR Extension: (Google Wallet) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]

CHR Extension: (Currently) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojhmphdkpgbibohbnpbfiefkgieacjmh [2014-03-09]

CHR HKCU\...\Chrome\Extension: [khdbjicdngoonodcjggkioffhjlpicbp] - C:\Users\Amy\AppData\Local\CRE\khdbjicdngoonodcjggkioffhjlpicbp.crx [2014-03-09]

CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]

CHR HKLM-x32\...\Chrome\Extension: [khdbjicdngoonodcjggkioffhjlpicbp] - C:\Users\Amy\AppData\Local\CRE\khdbjicdngoonodcjggkioffhjlpicbp.crx [2014-05-08]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-12-09] (Freemake) [File not signed]

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)

S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-06] ()

S2 plsapp; C:\Program Files (x86)\PureLeads\plsapp.exe [3690784 2014-01-23] (Sendori)

R2 PlsvcV1; C:\Program Files (x86)\PureLeads\PureLeadsSvc.exe [91936 2014-01-23] (PureLeads)

R2 PlsvcV2; C:\Program Files (x86)\PureLeads\PureLeads.Service.exe [24352 2014-01-23] (sendori)

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

R2 UDisk Monitor; C:\Program Files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe [512000 2011-05-12] () [File not signed]

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)

R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)

R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1059064 2012-08-24] (Sunplus)

R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)

S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-02] (Exent Technologies Ltd.)

S3 AndNetDiag; \SystemRoot\system32\DRIVERS\lgandnetdiag64.sys [X]

S3 ANDNetModem; \SystemRoot\system32\DRIVERS\lgandnetmodem64.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-08-20 21:25 - 2014-08-20 21:25 - 00000000 ___DC () C:\Users\Amy\Downloads\FRST-OlderVersion

2014-08-20 15:56 - 2014-08-20 15:56 - 00000000 ___DC () C:\Users\Amy\Desktop\New folder (2)

2014-08-20 15:54 - 2014-08-20 15:55 - 00000000 ___DC () C:\Users\Amy\MyBuckets

2014-08-20 10:14 - 2014-08-20 10:15 - 00013885 ____C () C:\Users\Amy\Downloads\apigee-bucketlist (1).zip

2014-08-20 10:09 - 2014-08-20 10:12 - 00759345 ____C () C:\Users\Amy\Downloads\apigee-bucketlist.zip

2014-08-19 23:40 - 2014-08-19 23:40 - 00000000 ___DC () C:\Users\Amy\.cordova

2014-08-19 23:39 - 2014-08-20 16:18 - 00000000 ___DC () C:\Users\Amy\Zero_to_App

2014-08-19 23:35 - 2014-08-19 23:46 - 00000000 ___DC () C:\Users\Amy\AppData\Roaming\npm

2014-08-19 23:35 - 2014-08-19 23:45 - 00000000 ___DC () C:\Users\Amy\AppData\Roaming\npm-cache

2014-08-19 23:35 - 2014-08-19 23:35 - 00000000 ____C () C:\Users\Amy\npm

2014-08-19 23:27 - 2014-08-19 23:27 - 00000000 ___DC () C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Node.js

2014-08-19 23:27 - 2014-08-19 23:27 - 00000000 ___DC () C:\Program Files\nodejs

2014-08-19 23:05 - 2014-08-19 23:05 - 06103040 ____C () C:\Users\Amy\Downloads\node-v0.10.31-x64.msi

2014-08-19 19:51 - 2014-08-20 21:18 - 00000558 ____C () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3948811954-352045940-1238658349-1001.job

2014-08-19 19:51 - 2014-08-19 19:51 - 00003544 ____C () C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-3948811954-352045940-1238658349-1001

2014-08-19 19:50 - 2014-08-19 19:51 - 00000000 ___DC () C:\Users\Amy\AppData\Local\Citrix

2014-08-18 19:55 - 2014-08-18 19:55 - 00000000 ___DC () C:\Users\Amy\GCA

2014-08-17 11:29 - 2014-08-17 11:29 - 00000000 ___DC () C:\Program Files (x86)\ESET

2014-08-16 11:35 - 2014-08-16 11:35 - 02347384 ____C (ESET) C:\Users\Amy\Downloads\esetsmartinstaller_enu.exe

2014-08-16 01:21 - 2014-08-16 01:21 - 00001806 ____C () C:\Users\Public\Desktop\iTunes.lnk

2014-08-16 01:21 - 2014-08-16 01:21 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2014-08-16 01:18 - 2012-08-21 13:01 - 00033240 ____C (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

2014-08-16 01:17 - 2014-08-16 01:18 - 00000000 ___DC () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-08-16 01:17 - 2014-08-16 01:18 - 00000000 ___DC () C:\Program Files\iTunes

2014-08-16 01:17 - 2014-08-16 01:18 - 00000000 ___DC () C:\Program Files (x86)\iTunes

2014-08-16 01:17 - 2014-08-16 01:17 - 00000000 ___DC () C:\Program Files\iPod

2014-08-16 01:13 - 2014-08-16 01:13 - 00000000 ___DC () C:\Program Files\Common Files\Apple

2014-08-16 01:12 - 2014-08-16 01:12 - 00000000 ___DC () C:\Program Files\Bonjour

2014-08-16 01:12 - 2014-08-16 01:12 - 00000000 ___DC () C:\Program Files (x86)\Bonjour

2014-08-16 01:06 - 2014-08-16 01:07 - 113492816 ____C (Apple Inc.) C:\Users\Amy\Downloads\iTunes64Setup (1).exe

2014-08-16 00:53 - 2014-08-16 00:55 - 111978832 ____C (Apple Inc.) C:\Users\Amy\Downloads\iTunesSetup.exe

2014-08-15 23:26 - 2014-07-25 09:25 - 02774528 ____C (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2014-08-15 23:26 - 2014-07-25 08:59 - 00758272 ____C (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll

2014-08-15 23:26 - 2014-07-25 08:40 - 00452096 ____C (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll

2014-08-15 23:26 - 2014-07-25 08:28 - 05824512 ____C (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2014-08-15 23:26 - 2014-07-25 08:21 - 02184704 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2014-08-15 23:26 - 2014-07-25 08:17 - 00085504 ____C (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2014-08-15 23:26 - 2014-07-25 08:10 - 00292864 ____C (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll

2014-08-15 23:26 - 2014-07-25 08:06 - 04204032 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2014-08-15 23:26 - 2014-07-25 07:52 - 00367104 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll

2014-08-15 23:26 - 2014-07-25 07:47 - 00631808 ____C (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2014-08-15 23:26 - 2014-07-25 07:43 - 00333312 ____C (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2014-08-15 23:26 - 2014-07-25 07:42 - 00692736 ____C (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2014-08-15 23:26 - 2014-07-25 07:39 - 02087936 ____C (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2014-08-15 23:26 - 2014-07-25 07:29 - 00239616 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll

2014-08-15 23:26 - 2014-07-25 07:23 - 13547008 ____C (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2014-08-15 23:26 - 2014-07-25 07:13 - 00526336 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2014-08-15 23:26 - 2014-07-25 07:09 - 00291840 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll

2014-08-15 23:26 - 2014-07-25 07:07 - 02001920 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2014-08-15 23:26 - 2014-07-25 07:03 - 11772928 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2014-08-15 23:26 - 2014-07-25 06:26 - 01431040 ____C (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2014-08-15 23:26 - 2014-07-25 06:17 - 00846336 ____C (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2014-08-15 23:26 - 2014-07-25 06:09 - 00704512 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2014-08-15 23:26 - 2014-07-25 06:00 - 01169920 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2014-08-15 23:25 - 2014-07-25 10:52 - 23645696 ____C (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2014-08-15 23:25 - 2014-07-25 09:51 - 17524224 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2014-08-15 23:25 - 2014-07-25 09:28 - 00548352 ____C (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2014-08-15 23:25 - 2014-07-25 09:25 - 00083968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll

2014-08-15 23:25 - 2014-07-25 08:34 - 00455168 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2014-08-15 23:25 - 2014-07-25 08:30 - 00061952 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll

2014-08-15 23:25 - 2014-07-25 08:28 - 00072704 ____C (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll

2014-08-15 23:25 - 2014-07-25 08:08 - 00597504 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll

2014-08-15 23:25 - 2014-07-25 07:43 - 00060416 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll

2014-08-15 23:25 - 2014-07-25 07:34 - 00069632 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll

2014-08-15 23:25 - 2014-07-25 06:52 - 02266624 ____C (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2014-08-15 23:25 - 2014-07-25 06:05 - 01792512 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2014-08-15 23:24 - 2014-06-19 21:48 - 01273184 ____C (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll

2014-08-15 23:24 - 2014-06-19 19:52 - 00710144 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll

2014-08-15 23:24 - 2014-06-09 18:13 - 00035480 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe

2014-08-15 23:24 - 2014-06-09 18:13 - 00035480 ____C (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe

2014-08-15 23:24 - 2014-05-31 02:27 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys

2014-08-15 23:20 - 2014-07-15 14:16 - 03048880 ____C (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe

2014-08-15 23:20 - 2014-07-15 04:29 - 03118080 ____C (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll

2014-08-15 23:20 - 2014-07-15 04:22 - 02861056 ____C (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll

2014-08-15 23:20 - 2014-07-15 04:03 - 02344448 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll

2014-08-15 23:20 - 2014-07-10 00:16 - 00716800 ____C (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll

2014-08-15 23:20 - 2014-07-10 00:03 - 04756992 ____C (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll

2014-08-15 23:20 - 2014-07-09 23:33 - 01120256 ____C (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe

2014-08-15 23:20 - 2014-06-12 21:15 - 00517528 ____C (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll

2014-08-15 23:20 - 2014-06-12 21:14 - 01557848 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys

2014-08-15 23:20 - 2014-06-12 20:10 - 00406400 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll

2014-08-15 23:20 - 2014-06-06 07:34 - 02133504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll

2014-08-15 23:20 - 2014-05-13 03:01 - 00076800 ____C (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe

2014-08-15 23:20 - 2014-05-13 01:07 - 02844160 ____C (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll

2014-08-15 23:20 - 2014-05-13 00:41 - 00118272 ____C (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll

2014-08-15 23:20 - 2014-05-13 00:26 - 00285696 ____C (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll

2014-08-15 23:20 - 2014-05-12 23:59 - 01035264 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll

2014-08-15 23:20 - 2014-05-12 23:31 - 00265216 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll

2014-08-15 23:20 - 2014-05-03 07:29 - 01726224 ____C (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll

2014-08-15 23:20 - 2014-05-03 05:20 - 01473080 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll

2014-08-15 23:20 - 2014-05-03 01:36 - 00997888 ____C (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll

2014-08-15 23:20 - 2014-05-03 01:19 - 00071168 ____C (Microsoft Corporation) C:\WINDOWS\system32\ncobjapi.dll

2014-08-15 23:20 - 2014-05-03 01:08 - 00301056 ____C (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll

2014-08-15 23:20 - 2014-05-03 01:07 - 00262656 ____C (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll

2014-08-15 23:20 - 2014-05-03 00:46 - 00052736 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncobjapi.dll

2014-08-15 23:20 - 2014-05-03 00:37 - 00235008 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedynos.dll

2014-08-15 23:20 - 2014-05-03 00:37 - 00207360 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedyn.dll

2014-08-15 23:20 - 2014-05-02 19:26 - 00050745 ____C () C:\WINDOWS\system32\srms.dat

2014-08-15 23:20 - 2014-05-01 01:44 - 01025536 ____C (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll

2014-08-15 23:20 - 2014-04-30 02:43 - 00071680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys

2014-08-15 23:20 - 2014-04-30 02:41 - 00402432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys

2014-08-15 23:20 - 2014-04-30 02:41 - 00096768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys

2014-08-15 23:20 - 2014-04-30 02:41 - 00038912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys

2014-08-15 23:20 - 2014-04-30 01:45 - 00123392 ____C (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe

2014-08-15 23:20 - 2014-04-30 00:48 - 00106496 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe

2014-08-15 23:20 - 2014-04-30 00:24 - 00065024 ____C (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll

2014-08-15 23:20 - 2014-04-30 00:23 - 00353280 ____C (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll

2014-08-15 23:20 - 2014-04-30 00:23 - 00271872 ____C (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll

2014-08-15 23:20 - 2014-04-30 00:23 - 00087552 ____C (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll

2014-08-15 23:20 - 2014-04-30 00:14 - 00827392 ____C (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL

2014-08-15 23:20 - 2014-04-29 23:59 - 01063424 ____C (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL

2014-08-15 23:20 - 2014-04-29 23:46 - 00285696 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll

2014-08-15 23:20 - 2014-04-29 23:46 - 00229888 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll

2014-08-15 23:20 - 2014-04-29 23:46 - 00056320 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll

2014-08-15 23:20 - 2014-04-29 23:45 - 00062976 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll

2014-08-15 23:20 - 2014-04-29 23:42 - 00403968 ____C (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll

2014-08-15 23:20 - 2014-04-28 18:40 - 00721408 ____C (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll

2014-08-15 23:20 - 2014-04-26 18:03 - 02140888 ____C (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll

2014-08-15 23:20 - 2014-04-26 16:14 - 02144984 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll

2014-08-15 23:20 - 2014-04-26 12:39 - 00339456 ____C (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll

2014-08-15 23:20 - 2014-04-14 05:37 - 02125344 ____C (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll

2014-08-15 23:20 - 2014-04-14 04:08 - 01797896 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll

2014-08-15 23:20 - 2014-04-14 01:18 - 00011776 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll

2014-08-15 23:20 - 2014-04-09 02:11 - 00226816 ____C (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll

2014-08-15 23:20 - 2014-04-09 01:20 - 00198656 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll

2014-08-15 23:19 - 2014-08-06 18:38 - 00697856 ____C (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll

2014-08-15 23:19 - 2014-08-02 01:44 - 00527360 ____C (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll

2014-08-15 23:19 - 2014-08-01 23:11 - 00918528 ____C (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll

2014-08-15 23:19 - 2014-07-12 00:17 - 00623616 ____C (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe

2014-08-15 23:19 - 2014-06-05 10:13 - 00216368 ____C (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll

2014-08-15 23:19 - 2014-06-05 09:14 - 00189016 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll

2014-08-15 23:19 - 2014-06-04 05:27 - 00114520 ____C (Microsoft Corporation) C:\WINDOWS\system32\consent.exe

2014-08-15 23:19 - 2014-06-04 01:31 - 00356352 ____C (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll

2014-08-15 23:19 - 2014-06-04 01:22 - 02790912 ____C (Microsoft Corporation) C:\WINDOWS\system32\msi.dll

2014-08-15 23:19 - 2014-06-04 00:43 - 00281088 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll

2014-08-15 23:19 - 2014-06-04 00:38 - 03304448 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll

2014-08-15 23:19 - 2014-06-03 22:15 - 02642944 ____C (Microsoft Corporation) C:\WINDOWS\system32\authui.dll

2014-08-15 23:19 - 2014-06-03 22:14 - 02318336 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll

2014-08-15 23:19 - 2014-06-01 22:10 - 00423768 ____C (Microsoft Corporation) C:\WINDOWS\system32\hal.dll

2014-08-15 23:19 - 2014-05-31 06:07 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS

2014-08-15 23:19 - 2014-05-31 06:07 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys

2014-08-15 23:19 - 2014-05-31 06:07 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys

2014-08-15 23:19 - 2014-05-31 06:07 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys

2014-08-15 23:19 - 2014-05-31 06:07 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys

2014-08-15 23:19 - 2014-05-31 02:30 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys

2014-08-15 23:19 - 2014-05-31 02:27 - 00110592 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys

2014-08-15 23:19 - 2014-05-31 02:26 - 00227840 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys

2014-08-15 23:19 - 2014-05-31 00:01 - 00284672 ____C (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe

2014-08-15 23:19 - 2014-05-31 00:01 - 00209408 ____C (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll

2014-08-15 23:19 - 2014-05-31 00:01 - 00099840 ____C (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll

2014-08-15 23:19 - 2014-05-27 11:53 - 02518360 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys

2014-08-15 23:19 - 2014-05-27 05:56 - 00323584 ____C (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll

2014-08-15 23:19 - 2014-05-27 05:53 - 00270848 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll

2014-08-15 23:19 - 2014-05-17 00:59 - 16871936 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll

2014-08-15 23:19 - 2014-05-17 00:13 - 12711424 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll

2014-08-15 22:27 - 2010-08-30 08:34 - 00536576 ____C (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll

2014-08-15 22:25 - 2014-08-15 22:33 - 00000000 ___DC () C:\AdwCleaner

2014-08-15 22:23 - 2014-08-15 22:24 - 01361203 ____C () C:\Users\Amy\Downloads\AdwCleaner.exe

2014-08-15 18:21 - 2014-08-15 18:22 - 00035020 ____C () C:\Users\Amy\Downloads\Addition.txt

2014-08-15 18:18 - 2014-08-20 21:26 - 00022670 ____C () C:\Users\Amy\Downloads\FRST.txt

2014-08-15 18:17 - 2014-08-20 21:26 - 00000000 ___DC () C:\FRST

2014-08-15 18:17 - 2014-08-20 21:25 - 02101760 ____C (Farbar) C:\Users\Amy\Downloads\FRST64.exe

2014-08-15 18:11 - 2014-08-15 18:12 - 00688992 ____C (Swearware) C:\Users\Amy\Downloads\dds.scr

2014-08-13 22:38 - 2014-08-13 22:40 - 00018397 ____C () C:\WINDOWS\DirectX.log

2014-08-13 22:38 - 2014-08-13 22:38 - 00001293 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Edge Animate CC 2014.lnk

2014-08-13 22:37 - 2014-08-13 22:37 - 00050012 ____C () C:\Users\Amy\Downloads\test (1).tif

2014-08-13 22:28 - 2014-08-13 22:28 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-08-13 22:28 - 2014-07-25 12:55 - 00098216 ____C (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

2014-08-13 22:28 - 2014-07-25 12:49 - 00272808 ____C (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe

2014-08-13 22:28 - 2014-07-25 12:49 - 00175528 ____C (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe

2014-08-13 22:28 - 2014-07-25 12:49 - 00175528 ____C (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe

2014-08-13 22:27 - 2014-08-13 22:28 - 00004162 ____C () C:\WINDOWS\SysWOW64\jupdate-1.7.0_67-b01.log

2014-08-13 22:23 - 2014-08-13 22:23 - 00918440 ____C (Oracle Corporation) C:\Users\Amy\Downloads\chromeinstall-7u67.exe

2014-08-13 22:21 - 2014-08-13 22:21 - 00000000 ___DC () C:\Users\Amy\AppData\Roaming\Oracle

2014-08-13 22:02 - 2014-08-13 22:02 - 00050012 ____C () C:\Users\Amy\Downloads\test.tif

2014-08-11 19:32 - 2014-08-11 19:37 - 17292760 ____C (Malwarebytes Corporation ) C:\Users\Amy\Downloads\mbam-setup-2.0.2.1012.exe

2014-08-07 23:19 - 2014-08-07 23:19 - 00023709 ____C () C:\Users\Amy\Downloads\dhg-Skeleton-7ab6820 (1).tar.gz

2014-08-05 22:32 - 2014-08-05 22:32 - 00023709 ____C () C:\Users\Amy\Downloads\dhg-Skeleton-7ab6820.tar.gz

2014-08-05 22:32 - 2014-08-05 22:32 - 00007916 ____C () C:\Users\Amy\Downloads\CSS_onlyLoading.html

2014-08-05 22:32 - 2014-08-05 22:32 - 00005995 ____C () C:\Users\Amy\Downloads\Skeleton-Grid.psd.zip

2014-08-05 22:32 - 2014-08-05 22:32 - 00003778 ____C () C:\Users\Amy\Downloads\CSS_onlyBounceZoomSlideshow.html

2014-08-03 17:55 - 2014-08-03 17:55 - 00001270 ____C () C:\Users\Amy\Downloads\test1.php

2014-08-03 12:41 - 2014-08-15 22:35 - 00015164 ____C () C:\WINDOWS\PFRO.log

2014-07-29 22:35 - 2014-08-20 21:18 - 00007761 ____C () C:\WINDOWS\setupact.log

2014-07-29 22:35 - 2014-07-29 22:35 - 00000000 ____C () C:\WINDOWS\setuperr.log

2014-07-29 18:26 - 2014-07-29 18:26 - 00000816 ____C () C:\Users\Amy\Downloads\proPlayerForm_data (1).fdf

2014-07-29 18:24 - 2014-07-29 18:24 - 00000816 ____C () C:\Users\Amy\Downloads\proPlayerForm_data.fdf

2014-07-25 17:54 - 2014-07-25 17:54 - 00001340 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk

2014-07-25 17:54 - 2014-07-25 17:54 - 00001328 ____C () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk

2014-07-23 12:19 - 2014-07-23 12:19 - 00001868 ____C () C:\Users\Public\Desktop\QuickTime Player.lnk

2014-07-23 12:19 - 2014-07-23 12:19 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

2014-07-23 12:18 - 2014-07-23 12:19 - 00000000 ___DC () C:\Program Files (x86)\QuickTime

2014-07-22 18:34 - 2014-07-22 18:34 - 00025592 ____C () C:\Users\Amy\Downloads\covered_by_your_grace.zip

2014-07-22 18:23 - 2014-07-22 18:23 - 00001124 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-08-20 21:26 - 2014-08-15 18:18 - 00022670 ____C () C:\Users\Amy\Downloads\FRST.txt

2014-08-20 21:26 - 2014-08-15 18:17 - 00000000 ___DC () C:\FRST

2014-08-20 21:25 - 2014-08-20 21:25 - 00000000 ___DC () C:\Users\Amy\Downloads\FRST-OlderVersion

2014-08-20 21:25 - 2014-08-15 18:17 - 02101760 ____C (Farbar) C:\Users\Amy\Downloads\FRST64.exe

2014-08-20 21:24 - 2013-03-14 18:42 - 00000830 ____C () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2014-08-20 21:18 - 2014-08-19 19:51 - 00000558 ____C () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3948811954-352045940-1238658349-1001.job

2014-08-20 21:18 - 2014-07-29 22:35 - 00007761 ____C () C:\WINDOWS\setupact.log

2014-08-20 21:13 - 2012-12-16 16:39 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3948811954-352045940-1238658349-1001

2014-08-20 21:12 - 2014-02-14 21:59 - 00002214 ____C () C:\Users\Public\Desktop\Google Chrome.lnk

2014-08-20 21:12 - 2013-12-09 21:03 - 00003898 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7A6E0A37-13D4-425B-9D12-7D475E75E096}

2014-08-20 21:11 - 2012-12-16 16:56 - 00000896 ____C () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2014-08-20 21:11 - 2012-12-16 16:35 - 00000000 ___DC () C:\Users\Amy\AppData\Local\Adobe

2014-08-20 21:06 - 2013-03-17 10:47 - 00124416 __SHC () C:\Users\Amy\Desktop\Thumbs.db

2014-08-20 21:06 - 2012-12-16 16:56 - 00000900 ____C () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2014-08-20 21:04 - 2013-08-22 11:36 - 00000000 ___DC () C:\WINDOWS\AppReadiness

2014-08-20 21:02 - 2013-08-22 11:36 - 00000000 ___DC () C:\WINDOWS\system32\sru

2014-08-20 16:18 - 2014-08-19 23:39 - 00000000 ___DC () C:\Users\Amy\Zero_to_App

2014-08-20 15:56 - 2014-08-20 15:56 - 00000000 ___DC () C:\Users\Amy\Desktop\New folder (2)

2014-08-20 15:55 - 2014-08-20 15:54 - 00000000 ___DC () C:\Users\Amy\MyBuckets

2014-08-20 15:54 - 2013-12-07 21:30 - 00000000 ___DC () C:\Users\Amy

2014-08-20 15:31 - 2014-07-13 17:17 - 01522409 ____C () C:\WINDOWS\WindowsUpdate.log

2014-08-20 10:15 - 2014-08-20 10:14 - 00013885 ____C () C:\Users\Amy\Downloads\apigee-bucketlist (1).zip

2014-08-20 10:12 - 2014-08-20 10:09 - 00759345 ____C () C:\Users\Amy\Downloads\apigee-bucketlist.zip

2014-08-19 23:46 - 2014-08-19 23:35 - 00000000 ___DC () C:\Users\Amy\AppData\Roaming\npm

2014-08-19 23:45 - 2014-08-19 23:35 - 00000000 ___DC () C:\Users\Amy\AppData\Roaming\npm-cache

2014-08-19 23:40 - 2014-08-19 23:40 - 00000000 ___DC () C:\Users\Amy\.cordova

2014-08-19 23:35 - 2014-08-19 23:35 - 00000000 ____C () C:\Users\Amy\npm

2014-08-19 23:27 - 2014-08-19 23:27 - 00000000 ___DC () C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Node.js

2014-08-19 23:27 - 2014-08-19 23:27 - 00000000 ___DC () C:\Program Files\nodejs

2014-08-19 23:05 - 2014-08-19 23:05 - 06103040 ____C () C:\Users\Amy\Downloads\node-v0.10.31-x64.msi

2014-08-19 20:23 - 2013-09-30 00:04 - 00863592 ____C () C:\WINDOWS\system32\PerfStringBackup.INI

2014-08-19 20:16 - 2013-08-22 10:45 - 00000006 ___HC () C:\WINDOWS\Tasks\SA.DAT

2014-08-19 20:14 - 2013-08-22 09:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI

2014-08-19 20:12 - 2013-08-22 11:36 - 00000000 ___DC () C:\WINDOWS\PolicyDefinitions

2014-08-19 20:11 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData

2014-08-19 20:11 - 2013-08-22 11:36 - 00000000 ___DC () C:\WINDOWS\MediaViewer

2014-08-19 20:11 - 2013-08-22 11:36 - 00000000 ___DC () C:\WINDOWS\FileManager

2014-08-19 20:11 - 2013-08-22 11:36 - 00000000 ___DC () C:\WINDOWS\Camera

2014-08-19 19:51 - 2014-08-19 19:51 - 00003544 ____C () C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-3948811954-352045940-1238658349-1001

2014-08-19 19:51 - 2014-08-19 19:50 - 00000000 ___DC () C:\Users\Amy\AppData\Local\Citrix

2014-08-19 18:06 - 2014-05-05 19:14 - 00122584 ____C (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2014-08-18 19:55 - 2014-08-18 19:55 - 00000000 ___DC () C:\Users\Amy\GCA

2014-08-17 11:29 - 2014-08-17 11:29 - 00000000 ___DC () C:\Program Files (x86)\ESET

2014-08-16 11:35 - 2014-08-16 11:35 - 02347384 ____C (ESET) C:\Users\Amy\Downloads\esetsmartinstaller_enu.exe

2014-08-16 01:48 - 2013-02-24 18:37 - 00000000 ___DC () C:\Users\Amy\AppData\Roaming\Apple Computer

2014-08-16 01:21 - 2014-08-16 01:21 - 00001806 ____C () C:\Users\Public\Desktop\iTunes.lnk

2014-08-16 01:21 - 2014-08-16 01:21 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2014-08-16 01:21 - 2013-02-24 18:37 - 00000000 ___DC () C:\Users\Amy\AppData\Local\Apple Computer

2014-08-16 01:18 - 2014-08-16 01:17 - 00000000 ___DC () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-08-16 01:18 - 2014-08-16 01:17 - 00000000 ___DC () C:\Program Files\iTunes

2014-08-16 01:18 - 2014-08-16 01:17 - 00000000 ___DC () C:\Program Files (x86)\iTunes

2014-08-16 01:17 - 2014-08-16 01:17 - 00000000 ___DC () C:\Program Files\iPod

2014-08-16 01:17 - 2013-02-24 18:35 - 00000000 ___DC () C:\ProgramData\Apple Computer

2014-08-16 01:13 - 2014-08-16 01:13 - 00000000 ___DC () C:\Program Files\Common Files\Apple

2014-08-16 01:13 - 2013-02-24 18:34 - 00000000 ___DC () C:\ProgramData\Apple

2014-08-16 01:12 - 2014-08-16 01:12 - 00000000 ___DC () C:\Program Files\Bonjour

2014-08-16 01:12 - 2014-08-16 01:12 - 00000000 ___DC () C:\Program Files (x86)\Bonjour

2014-08-16 01:07 - 2014-08-16 01:06 - 113492816 ____C (Apple Inc.) C:\Users\Amy\Downloads\iTunes64Setup (1).exe

2014-08-16 00:55 - 2014-08-16 00:53 - 111978832 ____C (Apple Inc.) C:\Users\Amy\Downloads\iTunesSetup.exe

2014-08-15 23:51 - 2012-12-16 23:25 - 00000000 ___DC () C:\ProgramData\Microsoft Help

2014-08-15 23:51 - 2012-07-26 03:59 - 00000000 ___DC () C:\WINDOWS\CbsTemp

2014-08-15 23:50 - 2013-07-24 21:38 - 00000000 ___DC () C:\WINDOWS\system32\MRT

2014-08-15 23:44 - 2012-12-17 20:57 - 99218768 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2014-08-15 23:40 - 2014-07-13 15:42 - 00000000 __SDC () C:\WINDOWS\system32\CompatTel

2014-08-15 23:16 - 2014-04-30 13:08 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll

2014-08-15 23:06 - 2014-06-11 19:15 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS

2014-08-15 23:05 - 2014-04-30 19:51 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll

2014-08-15 23:04 - 2014-06-16 01:02 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe

2014-08-15 23:04 - 2014-06-16 01:02 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll

2014-08-15 23:04 - 2014-06-16 00:34 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll

2014-08-15 23:04 - 2014-06-16 00:34 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll

2014-08-15 23:04 - 2014-06-16 00:33 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe

2014-08-15 23:04 - 2014-05-03 12:53 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll

2014-08-15 23:04 - 2014-05-03 12:40 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll

2014-08-15 23:04 - 2014-04-30 19:51 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll

2014-08-15 23:04 - 2014-04-30 13:08 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe

2014-08-15 23:04 - 2014-04-30 13:08 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll

2014-08-15 23:04 - 2014-04-30 13:08 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll

2014-08-15 23:04 - 2014-04-30 13:08 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll

2014-08-15 23:04 - 2014-04-09 08:26 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb

2014-08-15 23:04 - 2014-04-09 08:26 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb

2014-08-15 22:35 - 2014-08-03 12:41 - 00015164 ____C () C:\WINDOWS\PFRO.log

2014-08-15 22:35 - 2013-08-22 11:36 - 00000000 ___DC () C:\WINDOWS\tracing

2014-08-15 22:33 - 2014-08-15 22:25 - 00000000 ___DC () C:\AdwCleaner

2014-08-15 22:33 - 2014-02-23 20:07 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Firefox

2014-08-15 22:33 - 2013-07-12 00:44 - 00000000 ___DC () C:\Users\Amy\AppData\Local\CRE

2014-08-15 22:24 - 2014-08-15 22:23 - 01361203 ____C () C:\Users\Amy\Downloads\AdwCleaner.exe

2014-08-15 21:55 - 2013-01-09 01:03 - 00001456 ____C () C:\Users\Amy\AppData\Local\Adobe Save for Web 13.0 Prefs

2014-08-15 18:22 - 2014-08-15 18:21 - 00035020 ____C () C:\Users\Amy\Downloads\Addition.txt

2014-08-15 18:12 - 2014-08-15 18:11 - 00688992 ____C (Swearware) C:\Users\Amy\Downloads\dds.scr

2014-08-14 20:00 - 2014-05-20 18:41 - 00000000 ___DC () C:\Users\Amy\AppData\Roaming\LSC

2014-08-13 22:40 - 2014-08-13 22:38 - 00018397 ____C () C:\WINDOWS\DirectX.log

2014-08-13 22:38 - 2014-08-13 22:38 - 00001293 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Edge Animate CC 2014.lnk

2014-08-13 22:38 - 2012-10-20 21:07 - 00000000 ___DC () C:\Program Files (x86)\Adobe

2014-08-13 22:37 - 2014-08-13 22:37 - 00050012 ____C () C:\Users\Amy\Downloads\test (1).tif

2014-08-13 22:28 - 2014-08-13 22:28 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-08-13 22:28 - 2014-08-13 22:27 - 00004162 ____C () C:\WINDOWS\SysWOW64\jupdate-1.7.0_67-b01.log

2014-08-13 22:28 - 2013-11-08 20:08 - 00000000 ___DC () C:\ProgramData\Oracle

2014-08-13 22:28 - 2013-04-07 19:26 - 00000000 ___DC () C:\Program Files (x86)\Java

2014-08-13 22:23 - 2014-08-13 22:23 - 00918440 ____C (Oracle Corporation) C:\Users\Amy\Downloads\chromeinstall-7u67.exe

2014-08-13 22:21 - 2014-08-13 22:21 - 00000000 ___DC () C:\Users\Amy\AppData\Roaming\Oracle

2014-08-13 22:13 - 2012-10-20 20:49 - 00000000 __HDC () C:\Program Files (x86)\InstallShield Installation Information

2014-08-13 22:02 - 2014-08-13 22:02 - 00050012 ____C () C:\Users\Amy\Downloads\test.tif

2014-08-12 21:35 - 2013-08-22 11:36 - 00000000 ___DC () C:\WINDOWS\PLA

2014-08-12 21:31 - 2012-10-20 21:09 - 00000000 ___DC () C:\Program Files (x86)\Amazon

2014-08-11 19:46 - 2014-05-05 19:14 - 00001125 ____C () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-08-11 19:46 - 2014-05-05 19:14 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-08-11 19:46 - 2014-05-05 19:14 - 00000000 ___DC () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-08-11 19:37 - 2014-08-11 19:32 - 17292760 ____C (Malwarebytes Corporation ) C:\Users\Amy\Downloads\mbam-setup-2.0.2.1012.exe

2014-08-10 17:54 - 2012-12-30 18:13 - 00000000 ___DC () C:\Users\Amy\Teaching

2014-08-10 17:23 - 2012-12-21 23:46 - 02176000 __SHC () C:\Users\Amy\Downloads\Thumbs.db

2014-08-09 00:14 - 2013-03-27 08:30 - 00000000 ___DC () C:\Users\Amy\AppData\Local\WeatherBug

2014-08-07 23:19 - 2014-08-07 23:19 - 00023709 ____C () C:\Users\Amy\Downloads\dhg-Skeleton-7ab6820 (1).tar.gz

2014-08-06 18:38 - 2014-08-15 23:19 - 00697856 ____C (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll

2014-08-05 22:32 - 2014-08-05 22:32 - 00023709 ____C () C:\Users\Amy\Downloads\dhg-Skeleton-7ab6820.tar.gz

2014-08-05 22:32 - 2014-08-05 22:32 - 00007916 ____C () C:\Users\Amy\Downloads\CSS_onlyLoading.html

2014-08-05 22:32 - 2014-08-05 22:32 - 00005995 ____C () C:\Users\Amy\Downloads\Skeleton-Grid.psd.zip

2014-08-05 22:32 - 2014-08-05 22:32 - 00003778 ____C () C:\Users\Amy\Downloads\CSS_onlyBounceZoomSlideshow.html

2014-08-03 17:55 - 2014-08-03 17:55 - 00001270 ____C () C:\Users\Amy\Downloads\test1.php

2014-08-03 14:20 - 2013-07-28 15:41 - 00000000 ___DC () C:\Users\Amy\Documents\Adobe

2014-08-03 12:41 - 2014-02-09 21:14 - 00000000 ___DC () C:\Program Files\Microsoft Silverlight

2014-08-03 12:41 - 2014-02-09 21:14 - 00000000 ___DC () C:\Program Files (x86)\Microsoft Silverlight

2014-08-02 01:44 - 2014-08-15 23:19 - 00527360 ____C (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll

2014-08-01 23:11 - 2014-08-15 23:19 - 00918528 ____C (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll

2014-08-01 21:29 - 2013-11-30 21:59 - 00007623 ____C () C:\Users\Amy\AppData\Local\resmon.resmoncfg

2014-08-01 20:17 - 2014-07-13 15:49 - 00704480 ____C (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2014-08-01 20:17 - 2014-07-13 15:49 - 00105440 ____C (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2014-07-30 19:53 - 2013-12-19 17:36 - 00000000 ___DC () C:\Users\Amy\Documents\eryn

2014-07-29 22:35 - 2014-07-29 22:35 - 00000000 ____C () C:\WINDOWS\setuperr.log

2014-07-29 18:26 - 2014-07-29 18:26 - 00000816 ____C () C:\Users\Amy\Downloads\proPlayerForm_data (1).fdf

2014-07-29 18:24 - 2014-07-29 18:24 - 00000816 ____C () C:\Users\Amy\Downloads\proPlayerForm_data.fdf

2014-07-29 18:24 - 2014-02-27 11:26 - 00000000 ___DC () C:\Users\Amy\AppData\Roaming\Spotify

2014-07-29 12:30 - 2014-02-27 11:26 - 00000000 ___DC () C:\Users\Amy\AppData\Local\Spotify

2014-07-25 22:01 - 2014-02-09 21:15 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2014-07-25 17:54 - 2014-07-25 17:54 - 00001340 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk

2014-07-25 17:54 - 2014-07-25 17:54 - 00001328 ____C () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk

2014-07-25 12:55 - 2014-08-13 22:28 - 00098216 ____C (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

2014-07-25 12:49 - 2014-08-13 22:28 - 00272808 ____C (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe

2014-07-25 12:49 - 2014-08-13 22:28 - 00175528 ____C (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe

2014-07-25 12:49 - 2014-08-13 22:28 - 00175528 ____C (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe

2014-07-25 10:52 - 2014-08-15 23:25 - 23645696 ____C (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2014-07-25 09:51 - 2014-08-15 23:25 - 17524224 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2014-07-25 09:28 - 2014-08-15 23:25 - 00548352 ____C (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2014-07-25 09:25 - 2014-08-15 23:26 - 02774528 ____C (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2014-07-25 09:25 - 2014-08-15 23:25 - 00083968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll

2014-07-25 08:59 - 2014-08-15 23:26 - 00758272 ____C (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll

2014-07-25 08:40 - 2014-08-15 23:26 - 00452096 ____C (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll

2014-07-25 08:34 - 2014-08-15 23:25 - 00455168 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2014-07-25 08:30 - 2014-08-15 23:25 - 00061952 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll

2014-07-25 08:28 - 2014-08-15 23:26 - 05824512 ____C (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2014-07-25 08:28 - 2014-08-15 23:25 - 00072704 ____C (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll

2014-07-25 08:21 - 2014-08-15 23:26 - 02184704 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2014-07-25 08:17 - 2014-08-15 23:26 - 00085504 ____C (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2014-07-25 08:10 - 2014-08-15 23:26 - 00292864 ____C (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll

2014-07-25 08:08 - 2014-08-15 23:25 - 00597504 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll

2014-07-25 08:06 - 2014-08-15 23:26 - 04204032 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2014-07-25 07:52 - 2014-08-15 23:26 - 00367104 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll

2014-07-25 07:47 - 2014-08-15 23:26 - 00631808 ____C (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2014-07-25 07:43 - 2014-08-15 23:26 - 00333312 ____C (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2014-07-25 07:43 - 2014-08-15 23:25 - 00060416 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll

2014-07-25 07:42 - 2014-08-15 23:26 - 00692736 ____C (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2014-07-25 07:39 - 2014-08-15 23:26 - 02087936 ____C (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2014-07-25 07:34 - 2014-08-15 23:25 - 00069632 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll

2014-07-25 07:29 - 2014-08-15 23:26 - 00239616 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll

2014-07-25 07:23 - 2014-08-15 23:26 - 13547008 ____C (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2014-07-25 07:13 - 2014-08-15 23:26 - 00526336 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2014-07-25 07:09 - 2014-08-15 23:26 - 00291840 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll

2014-07-25 07:07 - 2014-08-15 23:26 - 02001920 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2014-07-25 07:03 - 2014-08-15 23:26 - 11772928 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2014-07-25 06:52 - 2014-08-15 23:25 - 02266624 ____C (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2014-07-25 06:26 - 2014-08-15 23:26 - 01431040 ____C (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2014-07-25 06:17 - 2014-08-15 23:26 - 00846336 ____C (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2014-07-25 06:09 - 2014-08-15 23:26 - 00704512 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2014-07-25 06:05 - 2014-08-15 23:25 - 01792512 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2014-07-25 06:00 - 2014-08-15 23:26 - 01169920 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2014-07-23 23:30 - 2012-12-30 18:13 - 00000000 ___DC () C:\Users\Amy\Resumes

2014-07-23 21:43 - 2013-08-22 10:44 - 05245592 ____C () C:\WINDOWS\system32\FNTCACHE.DAT

2014-07-23 12:19 - 2014-07-23 12:19 - 00001868 ____C () C:\Users\Public\Desktop\QuickTime Player.lnk

2014-07-23 12:19 - 2014-07-23 12:19 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

2014-07-23 12:19 - 2014-07-23 12:18 - 00000000 ___DC () C:\Program Files (x86)\QuickTime

2014-07-22 18:34 - 2014-07-22 18:34 - 00025592 ____C () C:\Users\Amy\Downloads\covered_by_your_grace.zip

2014-07-22 18:23 - 2014-07-22 18:23 - 00001124 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk

 

Some content of TEMP:

====================

C:\Users\Amy\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe

C:\Users\Amy\AppData\Local\Temp\Quarantine.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-08-20 12:27

 

==================== End Of Log ============================

Link to post
Share on other sites

Hi,

Please download fss.pngFarbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
Link to post
Share on other sites

Farbar Service Scanner Version: 21-07-2014

Ran by Amy (administrator) on 21-08-2014 at 21:53:47

Running from "C:\Users\Amy\Downloads"

Microsoft Windows 8.1  (X64)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo.com is accessible.

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy: 

==================

 

 

System Restore:

============

 

System Restore Disabled Policy: 

========================

 

 

Action Center:

============

 

 

Windows Update:

============

 

Windows Autoupdate Disabled Policy: 

============================

 

 

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".

 

 

Windows Defender Disabled Policy: 

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

 

 

Other Services:

==============

 

 

File Check:

========

C:\Windows\System32\nsisvc.dll => File is digitally signed

C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed

C:\Windows\System32\dhcpcore.dll => File is digitally signed

C:\Windows\System32\drivers\afd.sys => File is digitally signed

C:\Windows\System32\drivers\tdx.sys => File is digitally signed

C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed

C:\Windows\System32\dnsrslvr.dll => File is digitally signed

C:\Windows\System32\mpssvc.dll => File is digitally signed

C:\Windows\System32\bfe.dll => File is digitally signed

C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed

C:\Windows\System32\wscsvc.dll => File is digitally signed

C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed

C:\Windows\System32\wuaueng.dll => File is digitally signed

C:\Windows\System32\qmgr.dll => File is digitally signed

C:\Windows\System32\es.dll => File is digitally signed

C:\Windows\System32\cryptsvc.dll => File is digitally signed

C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed

C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

 

 

**** End of log ****

Link to post
Share on other sites

Hi,

before we fix the Windows Defender issue, please perform the following steps:

Step 1

frst.pngfrstfix.png

Please download the attached fixlist txt.gif and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.

    Please copy and paste its contents in your next reply.

fixlist.txt

After Reboot:

Step 2

  • Please click the 45ug4zkv.pngChrome menu 2p7uouek.png on the browser toolbar.
  • Select Settings.
  • Click Show advanced settings and find the "Reset browser settings” section.
  • Click Reset browser settings.
  • In the dialog that appears, click Reset.
Step 3

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.

    Please copy and paste these logs in your next reply.

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-08-2014

Ran by Amy at 2014-08-23 11:01:51 Run:1

Running from C:\Users\Amy\Downloads

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

HKU\S-1-5-21-3655513571-3204461518-4247198270-1000\...\Run: [AS2014] - C:\ProgramData\6XDvn37n\6XDvn37n.exe

C:\ProgramData\6XDvn37n

S2 vToolbarUpdater18.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [X]

*****************

 

HKU\S-1-5-21-3655513571-3204461518-4247198270-1000\Software\Microsoft\Windows\CurrentVersion\Run\\HKU\S-1-5-21-3655513571-3204461518-4247198270-1000\...\Run: [AS2014] - C:\ProgramData\6XDvn37n\6XDvn37n.exe => Value not found.

"C:\ProgramData\6XDvn37n" => File/Directory not found.

vToolbarUpdater18.0.0 => Service not found.

 

==== End of Fixlog ====


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-08-2014

Ran by Amy (administrator) on AMY on 23-08-2014 18:41:32

Running from C:\Users\Amy\Downloads

Platform: Windows 8.1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:



Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE

() C:\Program Files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe

(PureLeads) C:\Program Files (x86)\PureLeads\PureLeadsSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(sendori) C:\Program Files (x86)\PureLeads\PureLeads.Service.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe

(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

(AWS Convergence Technologies, Inc.) C:\Program Files (x86)\AWS\WeatherBug\Weather.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe

(Google Inc.) C:\Users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe

(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe

() C:\Program Files (x86)\Lenovo EasyCamera\Monitor.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe

(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe

(PureLeads) C:\Program Files (x86)\PureLeads\PureLeadsTray.exe

(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe

() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\prevhost.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-02] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-06-13] (Realtek Semiconductor)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2864016 2012-08-09] (ELAN Microelectronics Corp.)

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [366720 2012-06-26] (Alcor Micro Corp.)

HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2012-10-20] (Lenovo (Beijing) Limited)

HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2012-10-20] (Lenovo(beijing) Limited)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508256 2012-04-23] (Dolby Laboratories Inc.)

HKLM-x32\...\Run: [Lenovo EasyCamera_Monitor] => C:\Program Files (x86)\Lenovo EasyCamera\monitor.exe [257224 2010-08-24] ()

HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)

HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)

HKLM-x32\...\Run: [updateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)

HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)

HKLM-x32\...\Run: [intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)

HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)

HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-22] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499896 2014-05-08] (Adobe Systems Inc.)

HKLM-x32\...\Run: [PureLeads Tray] => C:\Program Files (x86)\PureLeads\PureLeadsTray.exe [83232 2014-01-23] (PureLeads)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)

Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKU\S-1-5-21-3948811954-352045940-1238658349-1001\...\Run: [Weather] => C:\Program Files (x86)\AWS\WeatherBug\Weather.exe [1653760 2013-03-04] (AWS Convergence Technologies, Inc.)

HKU\S-1-5-21-3948811954-352045940-1238658349-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [18643560 2013-03-01] (Skype Technologies S.A.)

HKU\S-1-5-21-3948811954-352045940-1238658349-1001\...\Run: [AdobeBridge] => [X]

HKU\S-1-5-21-3948811954-352045940-1238658349-1001\...\Run: [speech Recognition] => C:\WINDOWS\Speech\Common\sapisvr.exe [44544 2013-08-22] (Microsoft Corporation)

HKU\S-1-5-21-3948811954-352045940-1238658349-1001\...\Run: [spotify Web Helper] => C:\Users\Amy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-29] (Spotify Ltd)

HKU\S-1-5-21-3948811954-352045940-1238658349-1001\...\Run: [spotify] => C:\Users\Amy\AppData\Roaming\Spotify\Spotify.exe [6162488 2014-07-29] (Spotify Ltd)

HKU\S-1-5-21-3948811954-352045940-1238658349-1001\...\Run: [TWC.Win7] => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe [48640 2014-04-13] ()

HKU\S-1-5-21-3948811954-352045940-1238658349-1001\...\Run: [Google Update] => C:\Users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-05-08] (Google Inc.)

HKU\S-1-5-21-3948811954-352045940-1238658349-1001\...\MountPoints2: {9279e1ad-eb41-11e2-be96-3c970e3a695e} - "G:\LGAutoRun.exe" 

ShellIconOverlayIdentifiers:  AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()

ShellIconOverlayIdentifiers:  AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()

ShellIconOverlayIdentifiers:  AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()

ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} =>  No File

ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} =>  No File

ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} =>  No File

ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} =>  No File

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com

SearchScopes: HKLM - {3728E3C4-5F83-4573-9054-941BF0267289} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS

SearchScopes: HKLM-x32 - {3728E3C4-5F83-4573-9054-941BF0267289} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS

SearchScopes: HKCU - {3728E3C4-5F83-4573-9054-941BF0267289} URL = 

BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKCU - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)

DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} 

DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112

 

FireFox:

========

FF ProfilePath: C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\fkjlsnsj.default

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 -> C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)

FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)

FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Amy\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Amy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Amy\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Amy\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Amy\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\Amy\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\Amy\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)

FF Extension: Firebug - C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\fkjlsnsj.default\Extensions\firebug@software.joehewitt.com.xpi [2013-03-07]

FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn

FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-12-29]

FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox

FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2014-01-11]

FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

 

Chrome: 

=======

CHR HomePage: hxxp://www.google.com/

CHR StartupUrls: "hxxp://currently.com/"


CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]

CHR Extension: (Upromise RewardU Toolbar) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddpocmpoechljihmgemoaahhmadaenbc [2014-06-05]

CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2013-12-29]

CHR Extension: (Google Wallet) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]

CHR Extension: (Currently) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojhmphdkpgbibohbnpbfiefkgieacjmh [2014-03-09]

CHR HKCU\...\Chrome\Extension: [khdbjicdngoonodcjggkioffhjlpicbp] - C:\Users\Amy\AppData\Local\CRE\khdbjicdngoonodcjggkioffhjlpicbp.crx []

CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]

CHR HKLM-x32\...\Chrome\Extension: [khdbjicdngoonodcjggkioffhjlpicbp] - C:\Users\Amy\AppData\Local\CRE\khdbjicdngoonodcjggkioffhjlpicbp.crx [2014-05-08]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-12-09] (Freemake) [File not signed]

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)

S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-06] ()

S2 plsapp; C:\Program Files (x86)\PureLeads\plsapp.exe [3690784 2014-01-23] (Sendori)

R2 PlsvcV1; C:\Program Files (x86)\PureLeads\PureLeadsSvc.exe [91936 2014-01-23] (PureLeads)

R2 PlsvcV2; C:\Program Files (x86)\PureLeads\PureLeads.Service.exe [24352 2014-01-23] (sendori)

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

R2 UDisk Monitor; C:\Program Files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe [512000 2011-05-12] () [File not signed]

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)

R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)

R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1059064 2012-08-24] (Sunplus)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)

S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-02] (Exent Technologies Ltd.)

S3 AndNetDiag; \SystemRoot\system32\DRIVERS\lgandnetdiag64.sys [X]

S3 ANDNetModem; \SystemRoot\system32\DRIVERS\lgandnetmodem64.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-08-22 00:28 - 2014-08-22 00:28 - 00000905 ____C () C:\Users\Amy\Documents\Downloads - Shortcut.lnk

2014-08-21 21:53 - 2014-08-21 21:53 - 00415232 ____C (Farbar) C:\Users\Amy\Downloads\FSS.exe

2014-08-21 21:53 - 2014-08-21 21:53 - 00002552 ____C () C:\Users\Amy\Downloads\FSS.txt

2014-08-20 22:58 - 2014-08-20 22:58 - 01154242 ____C () C:\Users\Amy\Zero_to_App.zip

2014-08-20 21:25 - 2014-08-23 11:00 - 00000000 ___DC () C:\Users\Amy\Downloads\FRST-OlderVersion

2014-08-20 15:56 - 2014-08-20 15:56 - 00000000 ___DC () C:\Users\Amy\Desktop\New folder (2)

2014-08-20 15:54 - 2014-08-20 15:55 - 00000000 ___DC () C:\Users\Amy\MyBuckets

2014-08-20 10:14 - 2014-08-20 10:15 - 00013885 ____C () C:\Users\Amy\Downloads\apigee-bucketlist (1).zip

2014-08-20 10:09 - 2014-08-20 10:12 - 00759345 ____C () C:\Users\Amy\Downloads\apigee-bucketlist.zip

2014-08-19 23:40 - 2014-08-19 23:40 - 00000000 ___DC () C:\Users\Amy\.cordova

2014-08-19 23:39 - 2014-08-21 22:02 - 00000000 ___DC () C:\Users\Amy\Zero_to_App

2014-08-19 23:35 - 2014-08-19 23:46 - 00000000 ___DC () C:\Users\Amy\AppData\Roaming\npm

2014-08-19 23:35 - 2014-08-19 23:45 - 00000000 ___DC () C:\Users\Amy\AppData\Roaming\npm-cache

2014-08-19 23:35 - 2014-08-19 23:35 - 00000000 ____C () C:\Users\Amy\npm

2014-08-19 23:27 - 2014-08-19 23:27 - 00000000 ___DC () C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Node.js

2014-08-19 23:27 - 2014-08-19 23:27 - 00000000 ___DC () C:\Program Files\nodejs

2014-08-19 23:05 - 2014-08-19 23:05 - 06103040 ____C () C:\Users\Amy\Downloads\node-v0.10.31-x64.msi

2014-08-19 19:51 - 2014-08-23 11:18 - 00000558 ____C () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3948811954-352045940-1238658349-1001.job

2014-08-19 19:51 - 2014-08-19 19:51 - 00003544 ____C () C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-3948811954-352045940-1238658349-1001

2014-08-19 19:50 - 2014-08-19 19:51 - 00000000 ___DC () C:\Users\Amy\AppData\Local\Citrix

2014-08-18 19:55 - 2014-08-18 19:55 - 00000000 ___DC () C:\Users\Amy\GCA

2014-08-17 11:29 - 2014-08-17 11:29 - 00000000 ___DC () C:\Program Files (x86)\ESET

2014-08-16 11:35 - 2014-08-16 11:35 - 02347384 ____C (ESET) C:\Users\Amy\Downloads\esetsmartinstaller_enu.exe

2014-08-16 01:21 - 2014-08-16 01:21 - 00001806 ____C () C:\Users\Public\Desktop\iTunes.lnk

2014-08-16 01:21 - 2014-08-16 01:21 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2014-08-16 01:18 - 2012-08-21 13:01 - 00033240 ____C (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

2014-08-16 01:17 - 2014-08-16 01:18 - 00000000 ___DC () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-08-16 01:17 - 2014-08-16 01:18 - 00000000 ___DC () C:\Program Files\iTunes

2014-08-16 01:17 - 2014-08-16 01:18 - 00000000 ___DC () C:\Program Files (x86)\iTunes

2014-08-16 01:17 - 2014-08-16 01:17 - 00000000 ___DC () C:\Program Files\iPod

2014-08-16 01:13 - 2014-08-16 01:13 - 00000000 ___DC () C:\Program Files\Common Files\Apple

2014-08-16 01:12 - 2014-08-16 01:12 - 00000000 ___DC () C:\Program Files\Bonjour

2014-08-16 01:12 - 2014-08-16 01:12 - 00000000 ___DC () C:\Program Files (x86)\Bonjour

2014-08-16 01:06 - 2014-08-16 01:07 - 113492816 ____C (Apple Inc.) C:\Users\Amy\Downloads\iTunes64Setup (1).exe

2014-08-16 00:53 - 2014-08-16 00:55 - 111978832 ____C (Apple Inc.) C:\Users\Amy\Downloads\iTunesSetup.exe

2014-08-15 23:26 - 2014-07-25 09:25 - 02774528 ____C (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2014-08-15 23:26 - 2014-07-25 08:59 - 00758272 ____C (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll

2014-08-15 23:26 - 2014-07-25 08:40 - 00452096 ____C (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll

2014-08-15 23:26 - 2014-07-25 08:28 - 05824512 ____C (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2014-08-15 23:26 - 2014-07-25 08:21 - 02184704 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2014-08-15 23:26 - 2014-07-25 08:17 - 00085504 ____C (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2014-08-15 23:26 - 2014-07-25 08:10 - 00292864 ____C (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll

2014-08-15 23:26 - 2014-07-25 08:06 - 04204032 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2014-08-15 23:26 - 2014-07-25 07:52 - 00367104 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll

2014-08-15 23:26 - 2014-07-25 07:47 - 00631808 ____C (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2014-08-15 23:26 - 2014-07-25 07:43 - 00333312 ____C (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2014-08-15 23:26 - 2014-07-25 07:42 - 00692736 ____C (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2014-08-15 23:26 - 2014-07-25 07:39 - 02087936 ____C (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2014-08-15 23:26 - 2014-07-25 07:29 - 00239616 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll

2014-08-15 23:26 - 2014-07-25 07:23 - 13547008 ____C (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2014-08-15 23:26 - 2014-07-25 07:13 - 00526336 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2014-08-15 23:26 - 2014-07-25 07:09 - 00291840 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll

2014-08-15 23:26 - 2014-07-25 07:07 - 02001920 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2014-08-15 23:26 - 2014-07-25 07:03 - 11772928 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2014-08-15 23:26 - 2014-07-25 06:26 - 01431040 ____C (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2014-08-15 23:26 - 2014-07-25 06:17 - 00846336 ____C (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2014-08-15 23:26 - 2014-07-25 06:09 - 00704512 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2014-08-15 23:26 - 2014-07-25 06:00 - 01169920 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2014-08-15 23:25 - 2014-07-25 10:52 - 23645696 ____C (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2014-08-15 23:25 - 2014-07-25 09:51 - 17524224 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2014-08-15 23:25 - 2014-07-25 09:28 - 00548352 ____C (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2014-08-15 23:25 - 2014-07-25 09:25 - 00083968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll

2014-08-15 23:25 - 2014-07-25 08:34 - 00455168 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2014-08-15 23:25 - 2014-07-25 08:30 - 00061952 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll

2014-08-15 23:25 - 2014-07-25 08:28 - 00072704 ____C (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll

2014-08-15 23:25 - 2014-07-25 08:08 - 00597504 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll

2014-08-15 23:25 - 2014-07-25 07:43 - 00060416 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll

2014-08-15 23:25 - 2014-07-25 07:34 - 00069632 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll

2014-08-15 23:25 - 2014-07-25 06:52 - 02266624 ____C (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2014-08-15 23:25 - 2014-07-25 06:05 - 01792512 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2014-08-15 23:24 - 2014-06-19 21:48 - 01273184 ____C (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll

2014-08-15 23:24 - 2014-06-19 19:52 - 00710144 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll

2014-08-15 23:24 - 2014-06-09 18:13 - 00035480 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe

2014-08-15 23:24 - 2014-06-09 18:13 - 00035480 ____C (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe

2014-08-15 23:24 - 2014-05-31 02:27 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys

2014-08-15 23:20 - 2014-07-15 14:16 - 03048880 ____C (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe

2014-08-15 23:20 - 2014-07-15 04:29 - 03118080 ____C (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll

2014-08-15 23:20 - 2014-07-15 04:22 - 02861056 ____C (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll

2014-08-15 23:20 - 2014-07-15 04:03 - 02344448 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll

2014-08-15 23:20 - 2014-07-10 00:16 - 00716800 ____C (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll

2014-08-15 23:20 - 2014-07-10 00:03 - 04756992 ____C (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll

2014-08-15 23:20 - 2014-07-09 23:33 - 01120256 ____C (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe

2014-08-15 23:20 - 2014-06-12 21:15 - 00517528 ____C (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll

2014-08-15 23:20 - 2014-06-12 21:14 - 01557848 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys

2014-08-15 23:20 - 2014-06-12 20:10 - 00406400 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll

2014-08-15 23:20 - 2014-06-06 07:34 - 02133504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll

2014-08-15 23:20 - 2014-05-13 03:01 - 00076800 ____C (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe

2014-08-15 23:20 - 2014-05-13 01:07 - 02844160 ____C (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll

2014-08-15 23:20 - 2014-05-13 00:41 - 00118272 ____C (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll

2014-08-15 23:20 - 2014-05-13 00:26 - 00285696 ____C (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll

2014-08-15 23:20 - 2014-05-12 23:59 - 01035264 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll

2014-08-15 23:20 - 2014-05-12 23:31 - 00265216 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll

2014-08-15 23:20 - 2014-05-03 07:29 - 01726224 ____C (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll

2014-08-15 23:20 - 2014-05-03 05:20 - 01473080 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll

2014-08-15 23:20 - 2014-05-03 01:36 - 00997888 ____C (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll

2014-08-15 23:20 - 2014-05-03 01:19 - 00071168 ____C (Microsoft Corporation) C:\WINDOWS\system32\ncobjapi.dll

2014-08-15 23:20 - 2014-05-03 01:08 - 00301056 ____C (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll

2014-08-15 23:20 - 2014-05-03 01:07 - 00262656 ____C (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll

2014-08-15 23:20 - 2014-05-03 00:46 - 00052736 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncobjapi.dll

2014-08-15 23:20 - 2014-05-03 00:37 - 00235008 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedynos.dll

2014-08-15 23:20 - 2014-05-03 00:37 - 00207360 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedyn.dll

2014-08-15 23:20 - 2014-05-02 19:26 - 00050745 ____C () C:\WINDOWS\system32\srms.dat

2014-08-15 23:20 - 2014-05-01 01:44 - 01025536 ____C (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll

2014-08-15 23:20 - 2014-04-30 02:43 - 00071680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys

2014-08-15 23:20 - 2014-04-30 02:41 - 00402432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys

2014-08-15 23:20 - 2014-04-30 02:41 - 00096768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys

2014-08-15 23:20 - 2014-04-30 02:41 - 00038912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys

2014-08-15 23:20 - 2014-04-30 01:45 - 00123392 ____C (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe

2014-08-15 23:20 - 2014-04-30 00:48 - 00106496 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe

2014-08-15 23:20 - 2014-04-30 00:24 - 00065024 ____C (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll

2014-08-15 23:20 - 2014-04-30 00:23 - 00353280 ____C (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll

2014-08-15 23:20 - 2014-04-30 00:23 - 00271872 ____C (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll

2014-08-15 23:20 - 2014-04-30 00:23 - 00087552 ____C (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll

2014-08-15 23:20 - 2014-04-30 00:14 - 00827392 ____C (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL

2014-08-15 23:20 - 2014-04-29 23:59 - 01063424 ____C (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL

2014-08-15 23:20 - 2014-04-29 23:46 - 00285696 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll

2014-08-15 23:20 - 2014-04-29 23:46 - 00229888 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll

2014-08-15 23:20 - 2014-04-29 23:46 - 00056320 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll

2014-08-15 23:20 - 2014-04-29 23:45 - 00062976 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll

2014-08-15 23:20 - 2014-04-29 23:42 - 00403968 ____C (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll

2014-08-15 23:20 - 2014-04-28 18:40 - 00721408 ____C (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll

2014-08-15 23:20 - 2014-04-26 18:03 - 02140888 ____C (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll

2014-08-15 23:20 - 2014-04-26 16:14 - 02144984 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll

2014-08-15 23:20 - 2014-04-26 12:39 - 00339456 ____C (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll

2014-08-15 23:20 - 2014-04-14 05:37 - 02125344 ____C (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll

2014-08-15 23:20 - 2014-04-14 04:08 - 01797896 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll

2014-08-15 23:20 - 2014-04-14 01:18 - 00011776 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll

2014-08-15 23:20 - 2014-04-09 02:11 - 00226816 ____C (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll

2014-08-15 23:20 - 2014-04-09 01:20 - 00198656 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll

2014-08-15 23:19 - 2014-08-06 18:38 - 00697856 ____C (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll

2014-08-15 23:19 - 2014-08-02 01:44 - 00527360 ____C (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll

2014-08-15 23:19 - 2014-08-01 23:11 - 00918528 ____C (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll

2014-08-15 23:19 - 2014-07-12 00:17 - 00623616 ____C (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe

2014-08-15 23:19 - 2014-06-05 10:13 - 00216368 ____C (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll

2014-08-15 23:19 - 2014-06-05 09:14 - 00189016 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll

2014-08-15 23:19 - 2014-06-04 05:27 - 00114520 ____C (Microsoft Corporation) C:\WINDOWS\system32\consent.exe

2014-08-15 23:19 - 2014-06-04 01:31 - 00356352 ____C (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll

2014-08-15 23:19 - 2014-06-04 01:22 - 02790912 ____C (Microsoft Corporation) C:\WINDOWS\system32\msi.dll

2014-08-15 23:19 - 2014-06-04 00:43 - 00281088 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll

2014-08-15 23:19 - 2014-06-04 00:38 - 03304448 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll

2014-08-15 23:19 - 2014-06-03 22:15 - 02642944 ____C (Microsoft Corporation) C:\WINDOWS\system32\authui.dll

2014-08-15 23:19 - 2014-06-03 22:14 - 02318336 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll

2014-08-15 23:19 - 2014-06-01 22:10 - 00423768 ____C (Microsoft Corporation) C:\WINDOWS\system32\hal.dll

2014-08-15 23:19 - 2014-05-31 06:07 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS

2014-08-15 23:19 - 2014-05-31 06:07 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys

2014-08-15 23:19 - 2014-05-31 06:07 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys

2014-08-15 23:19 - 2014-05-31 06:07 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys

2014-08-15 23:19 - 2014-05-31 06:07 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys

2014-08-15 23:19 - 2014-05-31 02:30 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys

2014-08-15 23:19 - 2014-05-31 02:27 - 00110592 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys

2014-08-15 23:19 - 2014-05-31 02:26 - 00227840 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys

2014-08-15 23:19 - 2014-05-31 00:01 - 00284672 ____C (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe

2014-08-15 23:19 - 2014-05-31 00:01 - 00209408 ____C (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll

2014-08-15 23:19 - 2014-05-31 00:01 - 00099840 ____C (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll

2014-08-15 23:19 - 2014-05-27 11:53 - 02518360 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys

2014-08-15 23:19 - 2014-05-27 05:56 - 00323584 ____C (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll

2014-08-15 23:19 - 2014-05-27 05:53 - 00270848 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll

2014-08-15 23:19 - 2014-05-17 00:59 - 16871936 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll

2014-08-15 23:19 - 2014-05-17 00:13 - 12711424 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll

2014-08-15 22:27 - 2010-08-30 08:34 - 00536576 ____C (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll

2014-08-15 22:25 - 2014-08-15 22:33 - 00000000 ___DC () C:\AdwCleaner

2014-08-15 22:23 - 2014-08-15 22:24 - 01361203 ____C () C:\Users\Amy\Downloads\AdwCleaner.exe

2014-08-15 18:21 - 2014-08-15 18:22 - 00035020 ____C () C:\Users\Amy\Downloads\Addition.txt

2014-08-15 18:18 - 2014-08-23 18:42 - 00022496 ____C () C:\Users\Amy\Downloads\FRST.txt

2014-08-15 18:17 - 2014-08-23 18:41 - 00000000 ___DC () C:\FRST

2014-08-15 18:17 - 2014-08-23 11:00 - 02103296 ____C (Farbar) C:\Users\Amy\Downloads\FRST64.exe

2014-08-15 18:11 - 2014-08-15 18:12 - 00688992 ____C (Swearware) C:\Users\Amy\Downloads\dds.scr

2014-08-13 22:38 - 2014-08-13 22:40 - 00018397 ____C () C:\WINDOWS\DirectX.log

2014-08-13 22:38 - 2014-08-13 22:38 - 00001293 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Edge Animate CC 2014.lnk

2014-08-13 22:37 - 2014-08-13 22:37 - 00050012 ____C () C:\Users\Amy\Downloads\test (1).tif

2014-08-13 22:28 - 2014-08-13 22:28 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-08-13 22:28 - 2014-07-25 12:55 - 00098216 ____C (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

2014-08-13 22:28 - 2014-07-25 12:49 - 00272808 ____C (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe

2014-08-13 22:28 - 2014-07-25 12:49 - 00175528 ____C (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe

2014-08-13 22:28 - 2014-07-25 12:49 - 00175528 ____C (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe

2014-08-13 22:27 - 2014-08-13 22:28 - 00004162 ____C () C:\WINDOWS\SysWOW64\jupdate-1.7.0_67-b01.log

2014-08-13 22:23 - 2014-08-13 22:23 - 00918440 ____C (Oracle Corporation) C:\Users\Amy\Downloads\chromeinstall-7u67.exe

2014-08-13 22:21 - 2014-08-13 22:21 - 00000000 ___DC () C:\Users\Amy\AppData\Roaming\Oracle

2014-08-13 22:02 - 2014-08-13 22:02 - 00050012 ____C () C:\Users\Amy\Downloads\test.tif

2014-08-11 19:32 - 2014-08-11 19:37 - 17292760 ____C (Malwarebytes Corporation ) C:\Users\Amy\Downloads\mbam-setup-2.0.2.1012.exe

2014-08-07 23:19 - 2014-08-07 23:19 - 00023709 ____C () C:\Users\Amy\Downloads\dhg-Skeleton-7ab6820 (1).tar.gz

2014-08-05 22:32 - 2014-08-05 22:32 - 00023709 ____C () C:\Users\Amy\Downloads\dhg-Skeleton-7ab6820.tar.gz

2014-08-05 22:32 - 2014-08-05 22:32 - 00007916 ____C () C:\Users\Amy\Downloads\CSS_onlyLoading.html

2014-08-05 22:32 - 2014-08-05 22:32 - 00005995 ____C () C:\Users\Amy\Downloads\Skeleton-Grid.psd.zip

2014-08-05 22:32 - 2014-08-05 22:32 - 00003778 ____C () C:\Users\Amy\Downloads\CSS_onlyBounceZoomSlideshow.html

2014-08-03 17:55 - 2014-08-03 17:55 - 00001270 ____C () C:\Users\Amy\Downloads\test1.php

2014-08-03 12:41 - 2014-08-23 11:20 - 00016582 ____C () C:\WINDOWS\PFRO.log

2014-07-29 22:35 - 2014-08-23 10:51 - 00008208 ____C () C:\WINDOWS\setupact.log

2014-07-29 22:35 - 2014-07-29 22:35 - 00000000 ____C () C:\WINDOWS\setuperr.log

2014-07-29 18:26 - 2014-07-29 18:26 - 00000816 ____C () C:\Users\Amy\Downloads\proPlayerForm_data (1).fdf

2014-07-29 18:24 - 2014-07-29 18:24 - 00000816 ____C () C:\Users\Amy\Downloads\proPlayerForm_data.fdf

2014-07-25 17:54 - 2014-07-25 17:54 - 00001340 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk

2014-07-25 17:54 - 2014-07-25 17:54 - 00001328 ____C () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-08-23 18:42 - 2014-08-15 18:18 - 00022496 ____C () C:\Users\Amy\Downloads\FRST.txt

2014-08-23 18:41 - 2014-08-15 18:17 - 00000000 ___DC () C:\FRST

2014-08-23 18:39 - 2012-12-16 16:39 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3948811954-352045940-1238658349-1001

2014-08-23 18:36 - 2012-12-16 16:35 - 00000000 ___DC () C:\Users\Amy\AppData\Local\Adobe

2014-08-23 18:35 - 2014-02-14 21:59 - 00002214 ____C () C:\Users\Public\Desktop\Google Chrome.lnk

2014-08-23 18:34 - 2014-07-13 17:17 - 01673472 ____C () C:\WINDOWS\WindowsUpdate.log

2014-08-23 18:34 - 2012-12-16 16:56 - 00000896 ____C () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2014-08-23 18:33 - 2013-08-22 11:36 - 00000000 ___DC () C:\WINDOWS\system32\sru

2014-08-23 11:24 - 2013-03-14 18:42 - 00000830 ____C () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2014-08-23 11:20 - 2014-08-03 12:41 - 00016582 ____C () C:\WINDOWS\PFRO.log

2014-08-23 11:20 - 2013-08-22 10:45 - 00000006 ___HC () C:\WINDOWS\Tasks\SA.DAT

2014-08-23 11:19 - 2013-08-22 09:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI

2014-08-23 11:18 - 2014-08-19 19:51 - 00000558 ____C () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3948811954-352045940-1238658349-1001.job

2014-08-23 11:07 - 2013-12-09 21:03 - 00003898 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7A6E0A37-13D4-425B-9D12-7D475E75E096}

2014-08-23 11:06 - 2012-12-16 16:56 - 00000900 ____C () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2014-08-23 11:00 - 2014-08-20 21:25 - 00000000 ___DC () C:\Users\Amy\Downloads\FRST-OlderVersion

2014-08-23 11:00 - 2014-08-15 18:17 - 02103296 ____C (Farbar) C:\Users\Amy\Downloads\FRST64.exe

2014-08-23 10:51 - 2014-07-29 22:35 - 00008208 ____C () C:\WINDOWS\setupact.log

2014-08-22 21:50 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache

2014-08-22 20:32 - 2013-01-09 01:03 - 00001456 ____C () C:\Users\Amy\AppData\Local\Adobe Save for Web 13.0 Prefs

2014-08-22 00:42 - 2013-12-07 21:30 - 00000000 ___DC () C:\Users\Amy

2014-08-22 00:28 - 2014-08-22 00:28 - 00000905 ____C () C:\Users\Amy\Documents\Downloads - Shortcut.lnk

2014-08-21 22:02 - 2014-08-19 23:39 - 00000000 ___DC () C:\Users\Amy\Zero_to_App

2014-08-21 21:53 - 2014-08-21 21:53 - 00415232 ____C (Farbar) C:\Users\Amy\Downloads\FSS.exe

2014-08-21 21:53 - 2014-08-21 21:53 - 00002552 ____C () C:\Users\Amy\Downloads\FSS.txt

2014-08-20 22:59 - 2012-12-30 18:12 - 00000000 ___DC () C:\Users\Amy\Positive Parenting

2014-08-20 22:58 - 2014-08-20 22:58 - 01154242 ____C () C:\Users\Amy\Zero_to_App.zip

2014-08-20 21:06 - 2013-03-17 10:47 - 00124416 __SHC () C:\Users\Amy\Desktop\Thumbs.db

2014-08-20 21:04 - 2013-08-22 11:36 - 00000000 ___DC () C:\WINDOWS\AppReadiness

2014-08-20 15:56 - 2014-08-20 15:56 - 00000000 ___DC () C:\Users\Amy\Desktop\New folder (2)

2014-08-20 15:55 - 2014-08-20 15:54 - 00000000 ___DC () C:\Users\Amy\MyBuckets

2014-08-20 10:15 - 2014-08-20 10:14 - 00013885 ____C () C:\Users\Amy\Downloads\apigee-bucketlist (1).zip

2014-08-20 10:12 - 2014-08-20 10:09 - 00759345 ____C () C:\Users\Amy\Downloads\apigee-bucketlist.zip

2014-08-19 23:46 - 2014-08-19 23:35 - 00000000 ___DC () C:\Users\Amy\AppData\Roaming\npm

2014-08-19 23:45 - 2014-08-19 23:35 - 00000000 ___DC () C:\Users\Amy\AppData\Roaming\npm-cache

2014-08-19 23:40 - 2014-08-19 23:40 - 00000000 ___DC () C:\Users\Amy\.cordova

2014-08-19 23:35 - 2014-08-19 23:35 - 00000000 ____C () C:\Users\Amy\npm

2014-08-19 23:27 - 2014-08-19 23:27 - 00000000 ___DC () C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Node.js

2014-08-19 23:27 - 2014-08-19 23:27 - 00000000 ___DC () C:\Program Files\nodejs

2014-08-19 23:05 - 2014-08-19 23:05 - 06103040 ____C () C:\Users\Amy\Downloads\node-v0.10.31-x64.msi

2014-08-19 20:23 - 2013-09-30 00:04 - 00863592 ____C () C:\WINDOWS\system32\PerfStringBackup.INI

2014-08-19 20:12 - 2013-08-22 11:36 - 00000000 ___DC () C:\WINDOWS\PolicyDefinitions

2014-08-19 20:11 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData

2014-08-19 20:11 - 2013-08-22 11:36 - 00000000 ___DC () C:\WINDOWS\MediaViewer

2014-08-19 20:11 - 2013-08-22 11:36 - 00000000 ___DC () C:\WINDOWS\FileManager

2014-08-19 20:11 - 2013-08-22 11:36 - 00000000 ___DC () C:\WINDOWS\Camera

2014-08-19 19:51 - 2014-08-19 19:51 - 00003544 ____C () C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-3948811954-352045940-1238658349-1001

2014-08-19 19:51 - 2014-08-19 19:50 - 00000000 ___DC () C:\Users\Amy\AppData\Local\Citrix

2014-08-19 18:06 - 2014-05-05 19:14 - 00122584 ____C (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2014-08-18 19:55 - 2014-08-18 19:55 - 00000000 ___DC () C:\Users\Amy\GCA

2014-08-17 11:29 - 2014-08-17 11:29 - 00000000 ___DC () C:\Program Files (x86)\ESET

2014-08-16 11:35 - 2014-08-16 11:35 - 02347384 ____C (ESET) C:\Users\Amy\Downloads\esetsmartinstaller_enu.exe

2014-08-16 01:48 - 2013-02-24 18:37 - 00000000 ___DC () C:\Users\Amy\AppData\Roaming\Apple Computer

2014-08-16 01:21 - 2014-08-16 01:21 - 00001806 ____C () C:\Users\Public\Desktop\iTunes.lnk

2014-08-16 01:21 - 2014-08-16 01:21 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2014-08-16 01:21 - 2013-02-24 18:37 - 00000000 ___DC () C:\Users\Amy\AppData\Local\Apple Computer

2014-08-16 01:18 - 2014-08-16 01:17 - 00000000 ___DC () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-08-16 01:18 - 2014-08-16 01:17 - 00000000 ___DC () C:\Program Files\iTunes

2014-08-16 01:18 - 2014-08-16 01:17 - 00000000 ___DC () C:\Program Files (x86)\iTunes

2014-08-16 01:17 - 2014-08-16 01:17 - 00000000 ___DC () C:\Program Files\iPod

2014-08-16 01:17 - 2013-02-24 18:35 - 00000000 ___DC () C:\ProgramData\Apple Computer

2014-08-16 01:13 - 2014-08-16 01:13 - 00000000 ___DC () C:\Program Files\Common Files\Apple

2014-08-16 01:13 - 2013-02-24 18:34 - 00000000 ___DC () C:\ProgramData\Apple

2014-08-16 01:12 - 2014-08-16 01:12 - 00000000 ___DC () C:\Program Files\Bonjour

2014-08-16 01:12 - 2014-08-16 01:12 - 00000000 ___DC () C:\Program Files (x86)\Bonjour

2014-08-16 01:07 - 2014-08-16 01:06 - 113492816 ____C (Apple Inc.) C:\Users\Amy\Downloads\iTunes64Setup (1).exe

2014-08-16 00:55 - 2014-08-16 00:53 - 111978832 ____C (Apple Inc.) C:\Users\Amy\Downloads\iTunesSetup.exe

2014-08-15 23:51 - 2012-12-16 23:25 - 00000000 ___DC () C:\ProgramData\Microsoft Help

2014-08-15 23:51 - 2012-07-26 03:59 - 00000000 ___DC () C:\WINDOWS\CbsTemp

2014-08-15 23:50 - 2013-07-24 21:38 - 00000000 ___DC () C:\WINDOWS\system32\MRT

2014-08-15 23:44 - 2012-12-17 20:57 - 99218768 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2014-08-15 23:40 - 2014-07-13 15:42 - 00000000 __SDC () C:\WINDOWS\system32\CompatTel

2014-08-15 23:16 - 2014-04-30 13:08 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll

2014-08-15 23:06 - 2014-06-11 19:15 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS

2014-08-15 23:05 - 2014-04-30 19:51 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll

2014-08-15 23:04 - 2014-06-16 01:02 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe

2014-08-15 23:04 - 2014-06-16 01:02 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll

2014-08-15 23:04 - 2014-06-16 00:34 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll

2014-08-15 23:04 - 2014-06-16 00:34 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll

2014-08-15 23:04 - 2014-06-16 00:33 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe

2014-08-15 23:04 - 2014-05-03 12:53 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll

2014-08-15 23:04 - 2014-05-03 12:40 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll

2014-08-15 23:04 - 2014-04-30 19:51 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll

2014-08-15 23:04 - 2014-04-30 13:08 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe

2014-08-15 23:04 - 2014-04-30 13:08 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll

2014-08-15 23:04 - 2014-04-30 13:08 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll

2014-08-15 23:04 - 2014-04-30 13:08 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll

2014-08-15 23:04 - 2014-04-09 08:26 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb

2014-08-15 23:04 - 2014-04-09 08:26 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb

2014-08-15 22:35 - 2013-08-22 11:36 - 00000000 ___DC () C:\WINDOWS\tracing

2014-08-15 22:33 - 2014-08-15 22:25 - 00000000 ___DC () C:\AdwCleaner

2014-08-15 22:33 - 2014-02-23 20:07 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Firefox

2014-08-15 22:33 - 2013-07-12 00:44 - 00000000 ___DC () C:\Users\Amy\AppData\Local\CRE

2014-08-15 22:24 - 2014-08-15 22:23 - 01361203 ____C () C:\Users\Amy\Downloads\AdwCleaner.exe

2014-08-15 18:22 - 2014-08-15 18:21 - 00035020 ____C () C:\Users\Amy\Downloads\Addition.txt

2014-08-15 18:12 - 2014-08-15 18:11 - 00688992 ____C (Swearware) C:\Users\Amy\Downloads\dds.scr

2014-08-14 20:00 - 2014-05-20 18:41 - 00000000 ___DC () C:\Users\Amy\AppData\Roaming\LSC

2014-08-13 22:40 - 2014-08-13 22:38 - 00018397 ____C () C:\WINDOWS\DirectX.log

2014-08-13 22:38 - 2014-08-13 22:38 - 00001293 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Edge Animate CC 2014.lnk

2014-08-13 22:38 - 2012-10-20 21:07 - 00000000 ___DC () C:\Program Files (x86)\Adobe

2014-08-13 22:37 - 2014-08-13 22:37 - 00050012 ____C () C:\Users\Amy\Downloads\test (1).tif

2014-08-13 22:28 - 2014-08-13 22:28 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-08-13 22:28 - 2014-08-13 22:27 - 00004162 ____C () C:\WINDOWS\SysWOW64\jupdate-1.7.0_67-b01.log

2014-08-13 22:28 - 2013-11-08 20:08 - 00000000 ___DC () C:\ProgramData\Oracle

2014-08-13 22:28 - 2013-04-07 19:26 - 00000000 ___DC () C:\Program Files (x86)\Java

2014-08-13 22:23 - 2014-08-13 22:23 - 00918440 ____C (Oracle Corporation) C:\Users\Amy\Downloads\chromeinstall-7u67.exe

2014-08-13 22:21 - 2014-08-13 22:21 - 00000000 ___DC () C:\Users\Amy\AppData\Roaming\Oracle

2014-08-13 22:13 - 2012-10-20 20:49 - 00000000 __HDC () C:\Program Files (x86)\InstallShield Installation Information

2014-08-13 22:02 - 2014-08-13 22:02 - 00050012 ____C () C:\Users\Amy\Downloads\test.tif

2014-08-12 21:35 - 2013-08-22 11:36 - 00000000 ___DC () C:\WINDOWS\PLA

2014-08-12 21:31 - 2012-10-20 21:09 - 00000000 ___DC () C:\Program Files (x86)\Amazon

2014-08-11 19:46 - 2014-05-05 19:14 - 00001125 ____C () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-08-11 19:46 - 2014-05-05 19:14 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-08-11 19:46 - 2014-05-05 19:14 - 00000000 ___DC () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-08-11 19:37 - 2014-08-11 19:32 - 17292760 ____C (Malwarebytes Corporation ) C:\Users\Amy\Downloads\mbam-setup-2.0.2.1012.exe

2014-08-10 17:54 - 2012-12-30 18:13 - 00000000 ___DC () C:\Users\Amy\Teaching

2014-08-10 17:23 - 2012-12-21 23:46 - 02176000 __SHC () C:\Users\Amy\Downloads\Thumbs.db

2014-08-09 00:14 - 2013-03-27 08:30 - 00000000 ___DC () C:\Users\Amy\AppData\Local\WeatherBug

2014-08-07 23:19 - 2014-08-07 23:19 - 00023709 ____C () C:\Users\Amy\Downloads\dhg-Skeleton-7ab6820 (1).tar.gz

2014-08-06 18:38 - 2014-08-15 23:19 - 00697856 ____C (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll

2014-08-05 22:32 - 2014-08-05 22:32 - 00023709 ____C () C:\Users\Amy\Downloads\dhg-Skeleton-7ab6820.tar.gz

2014-08-05 22:32 - 2014-08-05 22:32 - 00007916 ____C () C:\Users\Amy\Downloads\CSS_onlyLoading.html

2014-08-05 22:32 - 2014-08-05 22:32 - 00005995 ____C () C:\Users\Amy\Downloads\Skeleton-Grid.psd.zip

2014-08-05 22:32 - 2014-08-05 22:32 - 00003778 ____C () C:\Users\Amy\Downloads\CSS_onlyBounceZoomSlideshow.html

2014-08-03 17:55 - 2014-08-03 17:55 - 00001270 ____C () C:\Users\Amy\Downloads\test1.php

2014-08-03 14:20 - 2013-07-28 15:41 - 00000000 ___DC () C:\Users\Amy\Documents\Adobe

2014-08-03 12:41 - 2014-02-09 21:14 - 00000000 ___DC () C:\Program Files\Microsoft Silverlight

2014-08-03 12:41 - 2014-02-09 21:14 - 00000000 ___DC () C:\Program Files (x86)\Microsoft Silverlight

2014-08-02 01:44 - 2014-08-15 23:19 - 00527360 ____C (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll

2014-08-01 23:11 - 2014-08-15 23:19 - 00918528 ____C (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll

2014-08-01 21:29 - 2013-11-30 21:59 - 00007623 ____C () C:\Users\Amy\AppData\Local\resmon.resmoncfg

2014-08-01 20:17 - 2014-07-13 15:49 - 00704480 ____C (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2014-08-01 20:17 - 2014-07-13 15:49 - 00105440 ____C (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2014-07-30 19:53 - 2013-12-19 17:36 - 00000000 ___DC () C:\Users\Amy\Documents\eryn

2014-07-29 22:35 - 2014-07-29 22:35 - 00000000 ____C () C:\WINDOWS\setuperr.log

2014-07-29 18:26 - 2014-07-29 18:26 - 00000816 ____C () C:\Users\Amy\Downloads\proPlayerForm_data (1).fdf

2014-07-29 18:24 - 2014-07-29 18:24 - 00000816 ____C () C:\Users\Amy\Downloads\proPlayerForm_data.fdf

2014-07-29 18:24 - 2014-02-27 11:26 - 00000000 ___DC () C:\Users\Amy\AppData\Roaming\Spotify

2014-07-29 12:30 - 2014-02-27 11:26 - 00000000 ___DC () C:\Users\Amy\AppData\Local\Spotify

2014-07-25 22:01 - 2014-02-09 21:15 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2014-07-25 17:54 - 2014-07-25 17:54 - 00001340 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk

2014-07-25 17:54 - 2014-07-25 17:54 - 00001328 ____C () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk

2014-07-25 12:55 - 2014-08-13 22:28 - 00098216 ____C (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

2014-07-25 12:49 - 2014-08-13 22:28 - 00272808 ____C (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe

2014-07-25 12:49 - 2014-08-13 22:28 - 00175528 ____C (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe

2014-07-25 12:49 - 2014-08-13 22:28 - 00175528 ____C (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe

2014-07-25 10:52 - 2014-08-15 23:25 - 23645696 ____C (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2014-07-25 09:51 - 2014-08-15 23:25 - 17524224 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2014-07-25 09:28 - 2014-08-15 23:25 - 00548352 ____C (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2014-07-25 09:25 - 2014-08-15 23:26 - 02774528 ____C (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2014-07-25 09:25 - 2014-08-15 23:25 - 00083968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll

2014-07-25 08:59 - 2014-08-15 23:26 - 00758272 ____C (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll

2014-07-25 08:40 - 2014-08-15 23:26 - 00452096 ____C (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll

2014-07-25 08:34 - 2014-08-15 23:25 - 00455168 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2014-07-25 08:30 - 2014-08-15 23:25 - 00061952 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll

2014-07-25 08:28 - 2014-08-15 23:26 - 05824512 ____C (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2014-07-25 08:28 - 2014-08-15 23:25 - 00072704 ____C (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll

2014-07-25 08:21 - 2014-08-15 23:26 - 02184704 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2014-07-25 08:17 - 2014-08-15 23:26 - 00085504 ____C (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2014-07-25 08:10 - 2014-08-15 23:26 - 00292864 ____C (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll

2014-07-25 08:08 - 2014-08-15 23:25 - 00597504 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll

2014-07-25 08:06 - 2014-08-15 23:26 - 04204032 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2014-07-25 07:52 - 2014-08-15 23:26 - 00367104 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll

2014-07-25 07:47 - 2014-08-15 23:26 - 00631808 ____C (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2014-07-25 07:43 - 2014-08-15 23:26 - 00333312 ____C (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2014-07-25 07:43 - 2014-08-15 23:25 - 00060416 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll

2014-07-25 07:42 - 2014-08-15 23:26 - 00692736 ____C (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2014-07-25 07:39 - 2014-08-15 23:26 - 02087936 ____C (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2014-07-25 07:34 - 2014-08-15 23:25 - 00069632 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll

2014-07-25 07:29 - 2014-08-15 23:26 - 00239616 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll

2014-07-25 07:23 - 2014-08-15 23:26 - 13547008 ____C (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2014-07-25 07:13 - 2014-08-15 23:26 - 00526336 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2014-07-25 07:09 - 2014-08-15 23:26 - 00291840 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll

2014-07-25 07:07 - 2014-08-15 23:26 - 02001920 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2014-07-25 07:03 - 2014-08-15 23:26 - 11772928 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2014-07-25 06:52 - 2014-08-15 23:25 - 02266624 ____C (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2014-07-25 06:26 - 2014-08-15 23:26 - 01431040 ____C (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2014-07-25 06:17 - 2014-08-15 23:26 - 00846336 ____C (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2014-07-25 06:09 - 2014-08-15 23:26 - 00704512 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2014-07-25 06:05 - 2014-08-15 23:25 - 01792512 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2014-07-25 06:00 - 2014-08-15 23:26 - 01169920 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

 

Some content of TEMP:

====================

C:\Users\Amy\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe

C:\Users\Amy\AppData\Local\Temp\Quarantine.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-08-22 22:45

 

==================== End Of Log ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-08-2014

Ran by Amy at 2014-08-23 18:43:05

Running from C:\Users\Amy\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.08 - Adobe Systems)

Adobe After Effects CC 2014 (HKLM-x32\...\{2B22C750-5C3B-4738-B621-BA786AC7A494}) (Version: 13.0.2 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)

Adobe AIR (x32 Version: 14.0.0.178 - Adobe Systems Incorporated) Hidden

Adobe Audition CC 2014 (HKLM-x32\...\{F3388E10-EFA9-4A80-B28E-2E647F8D00C4}) (Version: 7.0.1 - Adobe Systems Incorporated)

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.7.1.418 - Adobe Systems Incorporated)

Adobe Dreamweaver CC 2014 (HKLM-x32\...\{766255CE-D156-11E3-8DBC-A136EB52ACCF}) (Version: 14.0.0 - Adobe Systems Incorporated)

Adobe Edge Animate CC 2014 (HKLM-x32\...\{F1BFBED6-2779-4A4D-B401-5C08F813B0F2}) (Version: 4.0 - Adobe Systems Incorporated)

Adobe Edge Reflow CC Preview (HKLM\...\{AC41E46F-969F-439B-84C9-D5DA8C783E9D}) (Version: 0.32.13658 - Adobe Systems Incorporated)

Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)

Adobe Flash Professional CC 2014 (HKLM-x32\...\{AA704223-E11C-11E3-8A38-C09A633B72AF}) (Version: 14.0.1 - Adobe Systems Incorporated)

Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.0 - Adobe Systems Incorporated)

Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.0 - Adobe Systems Incorporated)

Adobe Media Encoder CC 2014 (HKLM-x32\...\{663DEEEF-EF34-4DCB-8687-73A7AA146E02}) (Version: 8.0.1 - Adobe Systems Incorporated)

Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.1 - Adobe Systems Incorporated)

Adobe Photoshop Lightroom 4.1 64-bit (HKLM\...\{F7ADB493-B913-4D61-9A63-DA736C20C3F2}) (Version: 4.1.2 - Adobe)

Adobe Photoshop Lightroom 5.5 64-bit (HKLM\...\{19BBD0F3-7A31-480D-8A23-19AE28035E9C}) (Version: 5.5.0 - Adobe Systems Incorporated)

Adobe Prelude CC 2014 (HKLM-x32\...\{2A054E48-0A75-42BD-8738-EC9AB4E2207A}) (Version: 3.0.1 - Adobe Systems Incorporated)

Adobe Premiere Pro CC 2014 (HKLM-x32\...\{07BE616F-9E42-4C90-AF4F-0F32A5B088E7}) (Version: 8.0.1 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)

Adobe SpeedGrade CC 2014 (HKLM-x32\...\{8EFF28F0-9DFD-4208-9E04-4D49A4812CF3}) (Version: 8.0.1 - Adobe Systems Incorporated)

Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)

Adobe® Content Viewer (x32 Version: 3.4.3 - Adobe Systems, Incorporated) Hidden

Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)

bl (x32 Version: 1.0.0 - Your Company Name) Hidden

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.59.20 - Broadcom Corporation)

CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)

Citrix Online Launcher (HKLM-x32\...\{3D5F07C3-1B93-47F8-9F8A-DE8E47BF1669}) (Version: 1.0.209 - Citrix)

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )

ETDWare PS/2-X64 11.4.4.2_WHQL (HKLM\...\Elantech) (Version: 11.4.4.2 - ELAN Microelectronic Corp.)

GitHub (HKCU\...\5f7eb300e2ea4ebf) (Version: 1.2.3.0 - GitHub, Inc.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)

Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)

Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

GoToMeeting 6.3.0.1468 (HKCU\...\GoToMeeting) (Version: 6.3.0.1468 - CitrixOnline)

Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden

iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)

Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden

Lenovo OneKey Recovery (Version: 8.0.0.0710 - CyberLink Corp.) Hidden

Lenovo Solution Center (HKLM\...\{2F45A217-E9C7-4984-B0AC-5BE31FF4712B}) (Version: 2.4.003.00 - Lenovo Group Limited)

LG PC Suite (HKLM-x32\...\LG PC Suite) (Version: 5.3.16.20140414 - LG Electronics)

LG United Mobile Drivers (HKLM-x32\...\{55031CEF-CE75-4A5C-8DEA-60577820529B}) (Version: 3.10.1.0 - LG Electronics)

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)

Microsoft Mouse and Keyboard Center (Version: 2.3.188.0 - Microsoft Corporation) Hidden

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710F4C1C-CC18-4C49-8CBF-51240C89A1A2}) (Version:  - )

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052B-02A4-4627-81F2-1818DA5D550D}) (Version:  - )

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version:  - )

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden

Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)

MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden

Node.js (HKLM\...\{A744EE31-693F-43F2-AF73-A093264A9E1B}) (Version: 0.10.31 - Joyent, Inc. and other Node contributors)

ph (x32 Version: 1.0.0 - Your Company Name) Hidden

QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)

Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)

Spotify (HKCU\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)

Upromise RewardU Toolbar (HKCU\...\Upromise RewardU Toolbar) (Version:  - Upromise.com)

Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)

Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)

Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-3948811954-352045940-1238658349-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1132\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

CustomCLSID: HKU\S-1-5-21-3948811954-352045940-1238658349-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Amy\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3948811954-352045940-1238658349-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Amy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3948811954-352045940-1238658349-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Amy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3948811954-352045940-1238658349-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Amy\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3948811954-352045940-1238658349-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Amy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3948811954-352045940-1238658349-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Amy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

 

==================== Restore Points  =========================

 

09-08-2014 00:29:22 Scheduled Checkpoint

14-08-2014 02:26:41 Installed Java 7 Update 67

16-08-2014 05:13:36 Installed iTunes

20-08-2014 03:07:37 Installed Node.js

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ___AC C:\WINDOWS\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask

Task: {055FF4B1-98F1-4B9F-85B0-D505A957FC3F} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics

Task: {073EC780-9890-4BF0-977C-51BD02FF3168} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)

Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

Task: {1C0C8D7C-318D-43CB-B668-F957A2770E36} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-amyldonohue@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)

Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask

Task: {22B65D29-672D-473C-AA30-C74D2BF0F9D1} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)

Task: {2849F956-5B91-4D62-B6F6-16C151F1EA24} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-16] (Google Inc.)

Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate

Task: {33CF7934-4DEB-4D7C-A437-6ADA2C690CE0} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)

Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)

Task: {39AD63E1-FD81-435C-B150-DD974096D346} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv

Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)

Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance

Task: {562928BD-2B5D-4DFE-866F-1C24D61A2FFF} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-05-06] (Lenovo)

Task: {5E9F2D86-E6CC-4B03-9E2D-C35A80919908} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)

Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup

Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task

Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask

Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState

Task: {791E77D4-94CF-4384-A004-6E6705A3011E} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)

Task: {798C48A8-6488-4200-8840-7D8F1CADA80E} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()

Task: {7DD698BC-151A-463E-AAC2-3B0C22FE7C88} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\WINDOWS\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"

Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task

Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask

Task: {975F7E55-614D-4E0B-A720-F76E20BE4CBE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-16] (Google Inc.)

Task: {9AF203C9-BFCB-4E6C-A61E-3F29BD56B73B} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-05-06] (Lenovo)

Task: {9E9F84B2-B7A3-4FD0-BDAB-1BD9D8BBEFD3} - System32\Tasks\OFFICE2010ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()

Task: {9EBB9ED1-3265-40B7-8BAE-4FF4966159CB} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()

Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work

Task: {AF66401C-A0AF-4CFB-A141-F93F9431E91A} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)

Task: {B66DF1D3-4EC8-40B2-AAE9-613891ED3EB5} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)

Task: {C11B36A6-4B24-4D42-A6AB-BFBDF6A902E8} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)

Task: {C5369E8C-DBB2-4DA1-9836-FE9CB224E7D6} - System32\Tasks\G2MUpdateTask-S-1-5-21-3948811954-352045940-1238658349-1001 => C:\Users\Amy\AppData\Local\Citrix\GoToMeeting\1468\g2mupdate.exe [2014-08-19] (Citrix Online, a division of Citrix Systems, Inc.)

Task: {CCD183A4-4F08-4F6F-8EF8-0B756A8E0E58} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management

Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask

Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing

Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization

Task: {E20D5181-2879-47DB-BE3F-333F6A2BF3D3} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation

Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE

Task: {EDA2E878-4D3A-4A09-A6C1-F0874DC13909} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {F6B5677B-B3EE-419C-918A-F4C2D3CB41C5} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload

Task: {FBAB3A33-8C50-48FC-9E27-C5706225C3AC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-08-15] (Microsoft Corporation)

Task: {FC73AB38-4215-4C38-8D31-493F659854BA} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-05-06] ()

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\APSnotifierCA.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION

Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3948811954-352045940-1238658349-1001.job => C:\Users\Amy\AppData\Local\Citrix\GoToMeeting\1468\g2mupdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3948811954-352045940-1238658349-1001Core1cf8dd5cba5919f.job => C:\Users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2013-02-01 19:22 - 2011-05-12 15:23 - 00512000 _____ () C:\Program Files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe

2014-07-16 11:06 - 2014-07-16 11:06 - 00672416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll

2012-08-27 02:13 - 2012-08-23 04:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2010-08-24 10:44 - 2010-08-24 10:44 - 00257224 _____ () C:\Program Files (x86)\Lenovo EasyCamera\Monitor.exe

2014-07-16 11:05 - 2014-07-16 11:05 - 05558432 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe

2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 ____C () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 ____C () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2012-10-20 20:50 - 2012-06-24 22:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

2014-07-25 17:49 - 2014-07-03 06:45 - 32733056 ____N () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll

2014-08-13 21:25 - 2014-08-06 23:20 - 00718152 ____C () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll

2014-08-13 21:25 - 2014-08-06 23:20 - 00126280 ____C () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll

2014-08-13 21:25 - 2014-08-06 23:20 - 08537928 ____C () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll

2014-08-13 21:25 - 2014-08-06 23:20 - 00353096 ____C () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll

2014-08-13 21:25 - 2014-08-06 23:20 - 01732936 ____C () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll

2014-07-25 17:49 - 2014-07-03 06:45 - 00742784 ____N () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libglesv2.dll

2014-07-25 17:49 - 2014-07-03 06:45 - 00136576 ____N () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libegl.dll

2014-08-13 21:25 - 2014-08-06 23:20 - 14669128 ____C () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\Users\Amy\SkyDrive:ms-properties

AlternateDataStreams: C:\Users\Amy_2\OneDrive:ms-properties

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

HKLM\...\StartupApproved\Run32: => "YouCam Tray"

HKLM\...\StartupApproved\Run32: => "mcui_exe"

HKLM\...\StartupApproved\Run32: => "RemoteControl10"

HKLM\...\StartupApproved\Run32: => "YouCam Mirage"

HKLM\...\StartupApproved\Run32: => "APSDaemon"

HKCU\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk"

HKCU\...\StartupApproved\Run: => "ooVoo.exe"

HKCU\...\StartupApproved\Run: => "Spotify"

HKCU\...\StartupApproved\Run: => "Spotify Web Helper"

HKCU\...\StartupApproved\Run: => "BitTorrent"

HKCU\...\StartupApproved\Run: => "Skype"

HKCU\...\StartupApproved\Run: => "Speech Recognition"

HKCU\...\StartupApproved\Run: => "TWC.Win7"

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (08/23/2014 11:28:14 AM) (Source: PlsvcV2) (EventID: 99) (User: )

Description: In the enable methodRetrieving the COM class factory for component with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error: 80040154 Class not registered (Exception from HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG)).

 

Error: (08/23/2014 11:23:11 AM) (Source: PlsvcV2) (EventID: 99) (User: )

Description: In the enable methodRetrieving the COM class factory for component with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error: 80040154 Class not registered (Exception from HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG)).

 

Error: (08/23/2014 11:02:01 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: delegate_execute.exe, version: 36.0.1985.143, time stamp: 0x53e2e0f9

Faulting module name: delegate_execute.exe, version: 36.0.1985.143, time stamp: 0x53e2e0f9

Exception code: 0xc0000005

Fault offset: 0x000463bf

Faulting process id: 0xd78

Faulting application start time: 0xdelegate_execute.exe0

Faulting application path: delegate_execute.exe1

Faulting module path: delegate_execute.exe2

Report Id: delegate_execute.exe3

Faulting package full name: delegate_execute.exe4

Faulting package-relative application ID: delegate_execute.exe5

 

Error: (08/23/2014 10:49:07 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Amy)

Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (08/23/2014 10:48:58 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Amy)

Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (08/22/2014 11:13:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 10375

 

Error: (08/22/2014 11:13:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 10375

 

Error: (08/22/2014 11:13:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (08/22/2014 11:13:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 9219

 

Error: (08/22/2014 11:13:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 9219

 

 

System errors:

=============

Error: (08/23/2014 06:40:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The plsapp service failed to start due to the following error: 

%%1053

 

Error: (08/23/2014 06:40:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the plsapp service to connect.

 

Error: (08/23/2014 06:35:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The plsapp service failed to start due to the following error: 

%%1053

 

Error: (08/23/2014 06:35:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the plsapp service to connect.

 

Error: (08/23/2014 11:21:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The plsapp service failed to start due to the following error: 

%%1053

 

Error: (08/23/2014 11:21:03 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the plsapp service to connect.

 

Error: (08/23/2014 11:18:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The plsapp service failed to start due to the following error: 

%%1053

 

Error: (08/23/2014 11:18:41 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the plsapp service to connect.

 

Error: (08/23/2014 11:13:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The plsapp service failed to start due to the following error: 

%%1053

 

Error: (08/23/2014 11:13:41 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the plsapp service to connect.

 

 

Microsoft Office Sessions:

=========================

Error: (01/21/2014 10:51:32 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 150827 seconds with 60 seconds of active time.  This session ended with a crash.

 

Error: (01/05/2014 08:47:34 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 89694 seconds with 600 seconds of active time.  This session ended with a crash.

 

Error: (07/16/2013 06:47:22 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 204 seconds with 0 seconds of active time.  This session ended with a crash.

 

 

CodeIntegrity Errors:

===================================

  Date: 2014-08-20 21:12:01.336

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2014-08-20 21:05:11.177

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files\Windows Defender\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-08-20 21:04:34.463

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2014-08-20 12:52:59.462

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2014-08-20 12:52:08.943

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2014-08-03 14:02:25.761

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-08-03 14:02:25.614

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-08-03 14:02:25.446

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-08-03 14:02:25.042

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-08-03 14:02:24.870

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i3-3110M CPU @ 2.40GHz

Percentage of memory in use: 39%

Total physical RAM: 3943.41 MB

Available physical RAM: 2387.84 MB

Total Pagefile: 11111.41 MB

Available Pagefile: 9398.52 MB

Total Virtual: 131072 MB

Available Virtual: 131071.84 MB

 

==================== Drives ================================

 

Drive c: (Windows8_OS) (Fixed) (Total:418.09 GB) (Free:201.93 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.93 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 465.8 GB) (Disk ID: FF669BDE)

 

Partition: GPT Partition Type.

 

==================== End Of Log ============================

Link to post
Share on other sites

Hi,

somehow you get the wrong fixlist. I am sure that I have uploaded the right one. :blink:

 

Please repeat the steps. Make sure that the fixlist has this content:

(PureLeads) C:\Program Files (x86)\PureLeads\PureLeadsSvc.exe(sendori) C:\Program Files (x86)\PureLeads\PureLeads.Service.exePureLeads) C:\Program Files (x86)\PureLeads\PureLeadsTray.exeHKLM-x32\...\Run: [PureLeads Tray] => C:\Program Files (x86)\PureLeads\PureLeadsTray.exe [83232 2014-01-23] (PureLeads)S2 plsapp; C:\Program Files (x86)\PureLeads\plsapp.exe [3690784 2014-01-23] (Sendori)R2 PlsvcV1; C:\Program Files (x86)\PureLeads\PureLeadsSvc.exe [91936 2014-01-23] (PureLeads)R2 PlsvcV2; C:\Program Files (x86)\PureLeads\PureLeads.Service.exe [24352 2014-01-23] (sendori)C:\Program Files (x86)\PureLeads\C:\Windows\System32\plsapp.dllC:\Windows\SysWOW64\plsapp.dllC:\Users\Amy\Web Design\backup-barkparkdogdaycare.com-12-28-2011.tar.gzC:\Users\Amy\Documents\From Rented Comp\Office_Setup.exeEmptyTemp:
Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-08-2014

Ran by Amy at 2014-08-24 17:20:13 Run:2

Running from C:\Users\Amy\Downloads

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

(PureLeads) C:\Program Files (x86)\PureLeads\PureLeadsSvc.exe

(sendori) C:\Program Files (x86)\PureLeads\PureLeads.Service.exe

PureLeads) C:\Program Files (x86)\PureLeads\PureLeadsTray.exe

HKLM-x32\...\Run: [PureLeads Tray] => C:\Program Files (x86)\PureLeads\PureLeadsTray.exe [83232 2014-01-23] (PureLeads)

S2 plsapp; C:\Program Files (x86)\PureLeads\plsapp.exe [3690784 2014-01-23] (Sendori)

R2 PlsvcV1; C:\Program Files (x86)\PureLeads\PureLeadsSvc.exe [91936 2014-01-23] (PureLeads)

R2 PlsvcV2; C:\Program Files (x86)\PureLeads\PureLeads.Service.exe [24352 2014-01-23] (sendori)

C:\Program Files (x86)\PureLeads\

C:\Windows\System32\plsapp.dll

C:\Windows\SysWOW64\plsapp.dll

C:\Users\Amy\Web Design\backup-barkparkdogdaycare.com-12-28-2011.tar.gz

C:\Users\Amy\Documents\From Rented Comp\Office_Setup.exe

EmptyTemp:

 

*****************

 

[1916] C:\Program Files (x86)\PureLeads\PureLeadsSvc.exe => Process closed successfully.

[2904] C:\Program Files (x86)\PureLeads\PureLeads.Service.exe => Process closed successfully.

PureLeads) C:\Program Files (x86)\PureLeads\PureLeadsTray.exe => Error: No automatic fix found for this entry.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\PureLeads Tray => value deleted successfully.

plsapp => Service deleted successfully.

PlsvcV1 => Service deleted successfully.

PlsvcV2 => Service deleted successfully.

C:\Program Files (x86)\PureLeads => Moved successfully.

"C:\Windows\System32\plsapp.dll" => File/Directory not found.

C:\Windows\SysWOW64\plsapp.dll => Moved successfully.

C:\Users\Amy\Web Design\backup-barkparkdogdaycare.com-12-28-2011.tar.gz => Moved successfully.

C:\Users\Amy\Documents\From Rented Comp\Office_Setup.exe => Moved successfully.

EmptyTemp: => Removed 1.3 GB temporary data.

 

 

The system needed a reboot. 

 

==== End of Fixlog ====

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-08-2014

Ran by Amy (administrator) on AMY on 24-08-2014 17:45:01

Running from C:\Users\Amy\Downloads

Platform: Windows 8.1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:



Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE

() C:\Program Files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe

(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(AWS Convergence Technologies, Inc.) C:\Program Files (x86)\AWS\WeatherBug\Weather.exe

(Google Inc.) C:\Users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe

(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe

(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe

() C:\Program Files (x86)\Lenovo EasyCamera\Monitor.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe

(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\prevhost.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-02] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-06-13] (Realtek Semiconductor)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2864016 2012-08-09] (ELAN Microelectronics Corp.)

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [366720 2012-06-26] (Alcor Micro Corp.)

HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2012-10-20] (Lenovo (Beijing) Limited)

HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2012-10-20] (Lenovo(beijing) Limited)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508256 2012-04-23] (Dolby Laboratories Inc.)

HKLM-x32\...\Run: [Lenovo EasyCamera_Monitor] => C:\Program Files (x86)\Lenovo EasyCamera\monitor.exe [257224 2010-08-24] ()

HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)

HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)

HKLM-x32\...\Run: [updateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)

HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)

HKLM-x32\...\Run: [intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)

HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)

HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-22] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499896 2014-05-08] (Adobe Systems Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)

Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKU\S-1-5-21-3948811954-352045940-1238658349-1001\...\Run: [Weather] => C:\Program Files (x86)\AWS\WeatherBug\Weather.exe [1653760 2013-03-04] (AWS Convergence Technologies, Inc.)

HKU\S-1-5-21-3948811954-352045940-1238658349-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [18643560 2013-03-01] (Skype Technologies S.A.)

HKU\S-1-5-21-3948811954-352045940-1238658349-1001\...\Run: [AdobeBridge] => [X]

HKU\S-1-5-21-3948811954-352045940-1238658349-1001\...\Run: [speech Recognition] => C:\WINDOWS\Speech\Common\sapisvr.exe [44544 2013-08-22] (Microsoft Corporation)

HKU\S-1-5-21-3948811954-352045940-1238658349-1001\...\Run: [spotify Web Helper] => C:\Users\Amy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-29] (Spotify Ltd)

HKU\S-1-5-21-3948811954-352045940-1238658349-1001\...\Run: [spotify] => C:\Users\Amy\AppData\Roaming\Spotify\Spotify.exe [6162488 2014-07-29] (Spotify Ltd)

HKU\S-1-5-21-3948811954-352045940-1238658349-1001\...\Run: [TWC.Win7] => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe [48640 2014-04-13] ()

HKU\S-1-5-21-3948811954-352045940-1238658349-1001\...\Run: [Google Update] => C:\Users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-05-08] (Google Inc.)

HKU\S-1-5-21-3948811954-352045940-1238658349-1001\...\MountPoints2: {9279e1ad-eb41-11e2-be96-3c970e3a695e} - "G:\LGAutoRun.exe" 

ShellIconOverlayIdentifiers:  AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()

ShellIconOverlayIdentifiers:  AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()

ShellIconOverlayIdentifiers:  AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()

ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} =>  No File

ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} =>  No File

ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} =>  No File

ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} =>  No File

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com

SearchScopes: HKLM - {3728E3C4-5F83-4573-9054-941BF0267289} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS

SearchScopes: HKLM-x32 - {3728E3C4-5F83-4573-9054-941BF0267289} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS

SearchScopes: HKCU - {3728E3C4-5F83-4573-9054-941BF0267289} URL = 

BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKCU - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)

DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} 

DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112

 

FireFox:

========

FF ProfilePath: C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\fkjlsnsj.default

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 -> C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)

FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)

FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Amy\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Amy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Amy\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Amy\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Amy\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\Amy\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\Amy\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)

FF Extension: Firebug - C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\fkjlsnsj.default\Extensions\firebug@software.joehewitt.com.xpi [2013-03-07]

FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn

FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-12-29]

FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox

FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2014-01-11]

FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

 

Chrome: 

=======

CHR HomePage: hxxp://www.google.com/

CHR StartupUrls: "hxxp://currently.com/"


CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]

CHR Extension: (Upromise RewardU Toolbar) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddpocmpoechljihmgemoaahhmadaenbc [2014-06-05]

CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2013-12-29]

CHR Extension: (Google Wallet) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]

CHR Extension: (Currently) - C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojhmphdkpgbibohbnpbfiefkgieacjmh [2014-03-09]

CHR HKCU\...\Chrome\Extension: [khdbjicdngoonodcjggkioffhjlpicbp] - C:\Users\Amy\AppData\Local\CRE\khdbjicdngoonodcjggkioffhjlpicbp.crx []

CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]

CHR HKLM-x32\...\Chrome\Extension: [khdbjicdngoonodcjggkioffhjlpicbp] - C:\Users\Amy\AppData\Local\CRE\khdbjicdngoonodcjggkioffhjlpicbp.crx [2014-05-08]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 Freemake Improver; C: