jimeee Posted October 24, 2014 ID:895625 Share Posted October 24, 2014 I thought my laptop computer was running okay, except for maybe a few extra popups, until I tried to my usual weekly scan with "MalwareBytes Antimalware" (MBAM) when it wouldn't update. After much searching and reading I did everything i could find suggested to get it working again but to no avail. I ran "eset" which found a lot of "conduit" stuff on my computer. I did all I could to get rid of all of that stuff including cleaning the registry of all conduit stuff. I did a search of the "C" drive and there is still stuff of "conduit" and I am still unable to get MBAM to do its update. I need some good help with my problem as I am unable to solve this problem myself.. Here are the FRST and Addition files requested: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-10-2014Ran by JimSr (administrator) on PC on 24-10-2014 09:42:48Running from C:\Users\JimSr\DesktopLoaded Profile: JimSr (Available profiles: JimSr & Guest)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe(Green Parrots Software) C:\Program Files (x86)\1st Clock\1stClockAdjustTimeSvc.exe(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe(TechSmith Corporation) C:\Program Files (x86)\Snagit 11 by TechSmith\Snagit32.exe(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe(Green Parrots Software) C:\Program Files (x86)\1st Clock\1stClock.exe(Green Parrots Software) C:\Program Files (x86)\1st Clock\ClockApi64.exe(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(TechSmith Corporation) C:\Program Files (x86)\Snagit 11 by TechSmith\TscHelp.exe(TechSmith Corporation) C:\Program Files (x86)\Snagit 11 by TechSmith\SnagPriv.exe(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe(Intel Corporation) C:\Windows\System32\igfxext.exe(TechSmith Corporation) C:\Program Files (x86)\Snagit 11 by TechSmith\SnagitEditor.exe(Microsoft Corporation) C:\Windows\splwow64.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Avanquest Software USA, Inc.) C:\Program Files (x86)\PowerDesk\PDExplo.exe(Avanquest Software USA, Inc.) C:\Program Files (x86)\PowerDesk\pdfind.exe(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [] => [X]HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-26] (Realtek Semiconductor)HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logonHKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-05-24] (TOSHIBA Corporation)HKLM\...\Run: [intelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-06-01] (Intel® Corporation)HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation)HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)HKLM-x32\...\Run: [sVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2010-11-09] (TOSHIBA CORPORATION)HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2011-03-10] (TOSHIBA Electronics, Inc.)HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-16] (TOSHIBA CORPORATION)HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)HKLM\...\Policies\Explorer: [HideSCAHealth] 1HKU\S-1-5-21-4081394799-3261339810-3636942153-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)HKU\S-1-5-21-4081394799-3261339810-3636942153-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [111320 2014-10-10] (Siber Systems)HKU\S-1-5-21-4081394799-3261339810-3636942153-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)HKU\S-1-5-21-4081394799-3261339810-3636942153-1000\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7767832 2014-10-01] (SUPERAntiSpyware)HKU\S-1-5-21-4081394799-3261339810-3636942153-1000\...\Policies\system: [DisableLockWorkstation] 0HKU\S-1-5-21-4081394799-3261339810-3636942153-1000\...\Policies\Explorer: [HideSCAHealth] 1HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 1Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 11.lnkShortcutTarget: Snagit 11.lnk -> C:\Program Files (x86)\Snagit 11 by TechSmith\Snagit32.exe (TechSmith Corporation)Startup: C:\Users\JimSr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1st Clock.lnkShortcutTarget: 1st Clock.lnk -> C:\Program Files (x86)\1st Clock\1stClock.exe (Green Parrots Software)Startup: C:\Users\JimSr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.refdesk.comSearchScopes: HKLM - {71A7F33B-5FE3-45D2-B2BA-0B12ED7D1E21} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNPSearchScopes: HKLM - {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSESearchScopes: HKLM-x32 - {71A7F33B-5FE3-45D2-B2BA-0B12ED7D1E21} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNPSearchScopes: HKCU - DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSESearchScopes: HKCU - {510BD638-1264-4262-A259-F629EE982162} URL =SearchScopes: HKCU - {71A7F33B-5FE3-45D2-B2BA-0B12ED7D1E21} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNPSearchScopes: HKCU - {75B246F8-A801-4EF0-A084-9DB88193C01A} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS457SearchScopes: HKCU - {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSESearchScopes: HKCU - {8E76B471-8CB9-4CC7-9420-084BF7338FF0} URL =BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabHandler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No FileHandler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1Tcpip\..\Interfaces\{8EDF71BD-CEFE-42A7-83EB-E40A7FBAE00A}: [NameServer] 0.0.0.0FireFox:========FF ProfilePath: C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.defaultFF DefaultSearchEngine: AOL SearchFF DefaultSearchUrl: hxxp://search.aol.com/search/search?q={searchTerms}&s_it=outbrowseaol-ff&s_qt=sb&tb_uuid=20130313213208813&tb_oid=13-03-2013&tb_mrud=14-03-2013FF SearchEngineOrder.1: Black Box - GoogleFF SearchEngineOrder.10: Creative CommonsFF SearchEngineOrder.11: DogpileFF SearchEngineOrder.12: eBayFF SearchEngineOrder.13: IMDBFF SearchEngineOrder.14: IxquickFF SearchEngineOrder.15: YahooFF SearchEngineOrder.16: Yahoo! AnswersFF SearchEngineOrder.17: Ask.comFF SearchEngineOrder.2: Black Box - MSNFF SearchEngineOrder.20: Ask.comFF SearchEngineOrder.3: BingFF SearchEngineOrder.4: GoogleFF SearchEngineOrder.5: Wikipedia (English)FF SearchEngineOrder.6: A9FF SearchEngineOrder.7: AskJeevesFF SearchEngineOrder.8: Amazon.comFF SearchEngineOrder.9: Answers.comFF Homepage: hxxp://search.conduit.com/?ctid=CT3289075&CUI=UN28802607355421254&UM=2&SearchSource=13FF NetworkProxy: "http", "58.56.33.99:8088"FF NetworkProxy: "http_port", 80FF NetworkProxy: "type", 0FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ ()FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ ()FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VLC by VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\JimSr\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\JimSr\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)FF SearchPlugin: C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\searchplugins\IMDB.xmlFF SearchPlugin: C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\searchplugins\jeeves.xmlFF SearchPlugin: C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\searchplugins\searchplugins-backupFF SearchPlugin: C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\searchplugins\youtube.xmlFF Extension: Flash Video Downloader - YouTube Full HD Download - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\artur.dubovoy@gmail.com [2014-08-03]FF Extension: Link Alert - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\linkalert.conlan@addons.mozilla.com [2012-03-14]FF Extension: No Name - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\nostmp [2012-03-14]FF Extension: Analytics - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\plugin@analytic-s.com [2013-11-04]FF Extension: Shorten URL - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\ShortenURL@loucypher [2012-03-14]FF Extension: Toolbar Buttons - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688} [2012-03-14]FF Extension: ColorfulTabs - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-09-26]FF Extension: MouseZoom - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\{28FAD68E-4001-48d5-B994-68069F7CFB1D} [2012-03-14]FF Extension: PDF Download - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2012-03-14]FF Extension: Flashblock - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2013-04-15]FF Extension: FEBE - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2014-06-14]FF Extension: Compact Menu 2 - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\{57068FBE-1506-42ee-AB02-BD183E7999E4} [2012-03-14]FF Extension: Cookies Manager+ - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [2013-07-25]FF Extension: Answers - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51} [2012-03-14]FF Extension: User Agent Switcher - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1} [2012-03-14]FF Extension: Adblock Plus Pop-up Addon - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\adblockpopups@jessehakanen.net.xpi [2013-11-04]FF Extension: Add to Search Bar - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\add-to-searchbox@maltekraus.de.xpi [2013-03-09]FF Extension: Personal Menu - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\CompactMenuCE@Merci.chao.xpi [2013-03-09]FF Extension: Morning Coffee - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\morningCoffee@shaneliesegang.xpi [2012-03-14]FF Extension: Sort and Search Customization Dialogs - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\sortcustomizationdialog@mozdev.org.xpi [2013-03-09]FF Extension: عارض PDF - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\uriloader@pdf.js.xpi [2012-05-18]FF Extension: Console² - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe80}.xpi [2012-03-14]FF Extension: Print/Print Preview - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1}.xpi [2012-03-14]FF Extension: Image Zoom - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2013-05-23]FF Extension: PDFescape Extension - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\{2A1D5949-B519-4924-BF62-8522FE0D5274}.xpi [2012-03-14]FF Extension: Stylish - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2013-03-09]FF Extension: IE View - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}.xpi [2012-03-14]FF Extension: Live IP Address - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\{7C9AE782-DB21-4e40-81FB-AD8A53A6233A}.xpi [2013-02-14]FF Extension: View Cookies - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\{8F6A6FD9-0619-459f-B9D0-81DE065D4E21}.xpi [2013-03-09]FF Extension: CoolPreviews - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi [2012-08-28]FF Extension: Adblock Plus - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-03-14]FF Extension: BetterPrivacy - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012-03-14]FF Extension: Download Statusbar - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2013-08-03]FF Extension: Tab Mix Plus - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012-03-14]FF Extension: DownThemAll! - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012-03-14]FF Extension: Menu Editor - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi [2013-03-09]FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-05]FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-28]FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\FirefoxFF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2011-12-25]FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExtFF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-10-11]FF HKCU\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\FirefoxChrome:=======CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3289847&SearchSource=48&CUI=UN10509465478422378&UM=2&UP=SP37D93716-1209-468E-826A-A9738E35D631&SSPV=CHR StartupUrls: Default -> "hxxp://calvarycch.org/media_center.php", "hxxp://td-ee.tdn.com/eedition/", "https://www.netflix.com/ProfilesGate?nextpage=http%3A%2F%2Fwww.netflix.com%2FDefault"CHR DefaultSearchKeyword: Default -> conduit.searchCHR DefaultSearchURL: Default -> http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&cui=UN10509465478422378&ctid=CT3289847&UM=2&UP=SP37D93716-1209-468E-826A-A9738E35D631&SSPV=CHR DefaultSuggestURL: Default -> http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\gcswf32.dll No FileCHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll No FileCHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No FileCHR Plugin: (Java Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No FileCHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No FileCHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ppGoogleNaClPluginChrome.dll No FileCHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll ()CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll No FileCHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll No FileCHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (Default Plug-in) - default_plugin No FileCHR Profile: C:\Users\JimSr\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\JimSr\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-31]CHR Extension: (YouTube) - C:\Users\JimSr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-27]CHR Extension: (Google Cast) - C:\Users\JimSr\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2013-12-20]CHR Extension: (uTorrentControl_v6) - C:\Users\JimSr\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp [2013-06-13]CHR Extension: (Google Search) - C:\Users\JimSr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-27]CHR Extension: (Logitech Smooth Scrolling) - C:\Users\JimSr\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-10-11]CHR Extension: (Google Wallet) - C:\Users\JimSr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-07]CHR Extension: (Gmail) - C:\Users\JimSr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-27]CHR Extension: (RoboForm) - C:\Users\JimSr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-02-20]CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-02-20]CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-02-20]==================== Services (Whitelisted) =================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)R2 GPAdjustTimeService; C:\Program Files (x86)\1st Clock\1stClockAdjustTimeSvc.exe [467968 2009-11-09] (Green Parrots Software) [File not signed]R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-06-01] ()R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)R2 Thpsrv; C:\windows\system32\ThpSrv.exe [558592 2011-04-20] (TOSHIBA Corporation) [File not signed]S4 pcregservice; C:\Program Files\pcreg\pcreg.exe [X]==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R3 easytether; C:\Windows\System32\DRIVERS\easytthr.sys [20784 2012-10-28] (Mobile Stream)S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-22] (Malwarebytes Corporation)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-09-17] (Anchorfree Inc.)==================== NetSvcs (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)==================== One Month Created Files and Folders ========(If an entry is included in the fixlist, the file\folder will be moved.)2014-10-24 09:42 - 2014-10-24 09:43 - 00033592 _____ () C:\Users\JimSr\Desktop\FRST.txt2014-10-24 09:42 - 2014-10-24 09:42 - 00000000 ____D () C:\FRST2014-10-24 09:42 - 2014-10-24 09:41 - 02112000 _____ (Farbar) C:\Users\JimSr\Desktop\FRST64.exe2014-10-24 09:05 - 2014-10-24 09:29 - 00023699 _____ () C:\Users\JimSr\Desktop\dds.txt2014-10-24 09:05 - 2014-10-24 09:29 - 00013705 _____ () C:\Users\JimSr\Desktop\attach.txt2014-10-24 09:03 - 2014-10-24 09:03 - 00688992 ____R (Swearware) C:\Users\JimSr\Downloads\dds.com2014-10-23 07:17 - 2014-10-23 07:17 - 00001182 _____ () C:\Users\JimSr\Downloads\adwcleaner_4.001.exe - Shortcut.lnk2014-10-23 07:09 - 2014-10-24 07:59 - 00000336 _____ () C:\windows\setupact.log2014-10-23 07:09 - 2014-10-23 07:37 - 00001562 _____ () C:\windows\PFRO.log2014-10-23 07:09 - 2014-10-23 07:09 - 00000000 _____ () C:\windows\setuperr.log2014-10-23 07:01 - 2014-10-23 07:37 - 00000000 ____D () C:\AdwCleaner2014-10-23 07:01 - 2014-10-23 07:01 - 01962496 _____ () C:\Users\JimSr\Desktop\adwcleaner_4.001.exe2014-10-23 06:27 - 2014-10-23 06:27 - 00001800 _____ () C:\Users\JimSr\Documents\cc_20141023_062751.reg2014-10-22 21:54 - 2014-10-22 22:01 - 00001610 _____ () C:\Users\JimSr\Desktop\Eset Scan 102214.txt2014-10-22 21:35 - 2014-10-24 08:00 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware2014-10-22 21:35 - 2014-10-22 21:35 - 00001810 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk2014-10-22 21:35 - 2014-10-22 21:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware2014-10-22 21:31 - 2014-10-22 21:30 - 19942304 _____ (SUPERAntiSpyware) C:\Users\JimSr\Downloads\SUPERAntiSpywareProV 6.0.1158 .exe2014-10-22 18:03 - 2014-10-22 22:14 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2014-10-22 18:03 - 2014-10-22 18:03 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-10-22 18:03 - 2014-10-22 18:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-10-22 18:02 - 2014-10-22 22:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-10-22 18:02 - 2014-10-22 18:02 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-10-22 18:02 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys2014-10-22 18:02 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys2014-10-22 18:02 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys2014-10-22 14:02 - 2014-10-22 14:02 - 00002174 _____ () C:\Users\Public\Desktop\Google Earth.lnk2014-10-22 14:02 - 2014-10-22 14:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth2014-10-22 12:46 - 2014-10-22 12:46 - 00000000 ____D () C:\Program Files (x86)\Autoruns2014-10-22 12:46 - 2014-09-11 08:57 - 00593080 _____ (Sysinternals - www.sysinternals.com) C:\Users\JimSr\Desktop\Autoruns.exe2014-10-22 08:52 - 2014-10-22 08:52 - 00000000 ____D () C:\Users\JimSr\Downloads\Autoruns2014-10-22 08:51 - 2014-10-22 08:51 - 00511633 _____ () C:\Users\JimSr\Downloads\Autoruns.zip2014-10-21 22:23 - 2014-10-21 22:23 - 00004402 _____ () C:\Users\JimSr\Documents\cc_20141021_222346.reg2014-10-19 05:55 - 2014-10-19 05:55 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe2014-10-19 05:55 - 2014-10-19 05:55 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe2014-10-19 05:55 - 2014-10-19 05:55 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe2014-10-19 05:55 - 2014-10-19 05:55 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll2014-10-19 05:55 - 2014-10-19 05:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2014-10-17 18:43 - 2014-10-17 18:43 - 00000856 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4081394799-3261339810-3636942153-1000Core1cfea74daf75369.job2014-10-17 09:02 - 2014-10-17 09:02 - 00000798 _____ () C:\Users\Public\Desktop\Speccy.lnk2014-10-17 09:02 - 2014-10-17 09:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy2014-10-17 09:02 - 2014-10-17 09:02 - 00000000 ____D () C:\Program Files\Speccy2014-10-17 08:43 - 2014-10-17 08:43 - 00002098 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk2014-10-17 08:43 - 2014-10-17 08:43 - 00002086 _____ () C:\Users\Public\Desktop\Belarc Advisor.lnk2014-10-17 08:43 - 2014-10-17 08:43 - 00000000 ____D () C:\Program Files (x86)\Belarc2014-10-17 08:41 - 2014-10-17 08:41 - 03551296 _____ () C:\Users\JimSr\Downloads\Belarcadvisorinstaller.exe2014-10-17 08:24 - 2014-10-17 08:24 - 00000448 _____ () C:\OS © - Shortcut.lnk2014-10-17 07:52 - 2014-10-17 07:52 - 00000000 ____D () C:\Users\JimSr\Downloads\ProcessExplorer2014-10-17 07:51 - 2014-10-17 07:50 - 01188194 _____ () C:\Users\JimSr\Downloads\ProcessExplorer.zip2014-10-13 16:08 - 2014-10-13 16:07 - 00880272 _____ (Google Inc.) C:\Users\JimSr\Downloads\GoogleEupdatesetup.exe2014-10-13 15:56 - 2014-10-13 15:56 - 00880272 _____ (Google Inc.) C:\Users\JimSr\Downloads\googleearthupdatesetup.exe2014-10-13 15:56 - 2014-10-13 15:56 - 00000892 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore1cfe738fb84baef.job2014-10-13 08:44 - 2014-10-13 08:44 - 00001722 _____ () C:\Users\JimSr\Documents\cc_20141013_084422.reg2014-10-12 11:58 - 2014-10-12 11:58 - 00001037 _____ () C:\Users\JimSr\Desktop\Dropbox.lnk2014-10-11 11:43 - 2014-10-11 11:43 - 00000000 ____D () C:\Users\Public\Documents\Logishrd2014-10-11 11:43 - 2014-10-11 11:43 - 00000000 ____D () C:\ProgramData\Logitech2014-10-11 11:40 - 2014-10-11 11:40 - 00018960 _____ (Logitech, Inc.) C:\windows\system32\Drivers\LNonPnP.sys2014-10-11 11:38 - 2014-10-11 11:38 - 00000000 ____D () C:\Program Files\Logitech2014-10-11 11:36 - 2014-10-11 11:36 - 81533904 _____ (Logitech Inc.) C:\Users\JimSr\Downloads\Logitech SetPoint6.65.62_64.exe2014-10-11 11:32 - 2014-10-11 11:32 - 00000436 _____ () C:\windows\Tasks\DriverNavigator Scheduled Scan.job2014-10-11 11:32 - 2014-10-11 11:32 - 00000000 ____D () C:\Users\JimSr\AppData\Roaming\Easeware2014-10-11 11:31 - 2014-10-11 11:30 - 02067680 _____ (Easeware ) C:\Users\JimSr\Downloads\Logiteh DriversDownloader_for_setpoint6.61.15_64.exe2014-10-11 11:26 - 2014-10-11 11:43 - 00000000 ____D () C:\Users\JimSr\AppData\Roaming\Logitech2014-10-11 11:26 - 2014-10-11 11:26 - 03677488 _____ (Logitech Inc.) C:\Users\JimSr\Downloads\Logitech SetPoint6.65.62_smart.exe2014-10-11 11:26 - 2014-10-11 11:26 - 00000000 ____D () C:\Users\JimSr\AppData\Roaming\Logishrd2014-10-10 07:57 - 2014-10-10 07:57 - 16256832 _____ (Siber Systems) C:\Users\JimSr\Downloads\RoboForm7.9.10-Setup.exe2014-10-08 19:47 - 2014-10-08 19:47 - 31766208 _____ (Microsoft Corporation) C:\Users\JimSr\Downloads\Windows-KB890830-x64-V5.16.exe2014-10-08 19:45 - 2014-10-08 19:45 - 00179466 _____ () C:\Users\JimSr\AppData\Local\ars.cache2014-10-08 19:45 - 2014-10-08 19:45 - 00115976 _____ () C:\Users\JimSr\AppData\Local\census.cache2014-10-08 19:44 - 2014-10-08 19:44 - 00000010 _____ () C:\Users\JimSr\AppData\Local\sponge.last.runtime.cache2014-10-08 19:39 - 2014-10-08 19:39 - 02476596 _____ (Trend Micro Inc.) C:\Users\JimSr\Downloads\HousecallLauncher64.exe2014-10-08 19:39 - 2014-10-08 19:39 - 00000036 _____ () C:\Users\JimSr\AppData\Local\housecall.guid.cache2014-10-08 19:39 - 2013-09-02 00:58 - 00175528 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmcomm.sys2014-10-08 19:30 - 2014-10-08 19:30 - 05176232 _____ (F-Secure Corporation) C:\Users\JimSr\Downloads\F-SecureOnlineScanner.exe2014-10-08 19:30 - 2014-10-08 19:30 - 00000000 ____D () C:\ProgramData\F-Secure2014-10-08 19:08 - 2014-10-08 19:08 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\JimSr\Downloads\mbam-setup-2.0.2.1012.exe2014-10-08 19:06 - 2014-10-08 19:06 - 06970168 _____ (Malwarebytes Corporation) C:\Users\JimSr\Downloads\Myfile.exe2014-10-08 12:48 - 2014-10-08 12:48 - 00321848 _____ (Malwarebytes Corporation) C:\Users\JimSr\Desktop\mbam-clean-2.1.1.1001.exe2014-10-08 12:25 - 2014-10-08 12:25 - 00000000 ____D () C:\Users\Guest\AppData\Local\Logitech® Webcam Software2014-10-08 12:25 - 2014-10-08 12:25 - 00000000 ____D () C:\Users\Guest\AppData\Local\CrashDumps2014-10-08 12:24 - 2014-10-08 12:24 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Toshiba2014-10-08 12:23 - 2014-10-08 12:23 - 00000000 ____D () C:\Users\Guest\Documents\Snagit2014-10-08 12:22 - 2014-10-08 12:22 - 00107520 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT2014-10-08 12:22 - 2014-10-08 12:22 - 00001415 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2014-10-08 12:22 - 2014-10-08 12:22 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe2014-10-08 12:22 - 2014-10-08 12:22 - 00000000 ____D () C:\Users\Guest\AppData\Local\TOSHIBA2014-10-08 12:22 - 2014-10-08 12:22 - 00000000 ____D () C:\Users\Guest\AppData\Local\TechSmith2014-10-08 12:22 - 2014-10-08 12:22 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google2014-10-08 12:21 - 2014-10-08 12:22 - 00000000 ____D () C:\Users\Guest2014-10-08 12:21 - 2014-10-08 12:21 - 00000020 ___SH () C:\Users\Guest\ntuser.ini2014-10-08 12:21 - 2014-10-08 12:21 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Intel2014-10-08 12:21 - 2011-07-27 00:11 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Macromedia2014-10-08 12:21 - 2009-07-13 21:54 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2014-10-08 12:21 - 2009-07-13 21:49 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2014-10-08 11:07 - 2014-10-08 11:19 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-10-08 11:06 - 2014-10-08 11:19 - 00000000 ____D () C:\Users\JimSr\Desktop\mbar2014-10-08 09:53 - 2014-10-08 09:53 - 00000000 ____D () C:\Users\JimSr\Downloads\mbam-chameleon-3.1.4.02014-10-08 09:52 - 2014-10-08 09:52 - 04872677 _____ () C:\Users\JimSr\Downloads\mbam-chameleon-3.1.4.0.zip2014-10-08 09:37 - 2014-10-08 09:37 - 00000504 _____ () C:\Users\JimSr\Documents\cc_20141008_093717.reg2014-10-08 09:03 - 2014-10-08 09:03 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\JimSr\Downloads\rkill.exe2014-10-08 07:49 - 2014-10-08 17:44 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\JimSr\Downloads\STOPZILLA.EXE2014-10-08 07:22 - 2014-10-08 07:22 - 00106578 _____ () C:\Users\JimSr\Documents\cc_20141008_072232.reg2014-10-06 21:42 - 2014-10-24 08:03 - 01731462 _____ () C:\windows\WindowsUpdate.log2014-10-06 21:35 - 2014-10-06 21:35 - 04965896 _____ (Piriform Ltd) C:\Users\JimSr\Downloads\ccsetup418.exe2014-09-30 07:38 - 2014-10-03 06:46 - 00003370 _____ () C:\windows\System32\Tasks\BackgroundContainer Startup Task==================== One Month Modified Files and Folders =======(If an entry is included in the fixlist, the file\folder will be moved.)2014-10-24 09:41 - 2013-12-20 17:47 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4081394799-3261339810-3636942153-1000UA.job2014-10-24 09:00 - 2011-11-13 10:46 - 00000000 ____D () C:\Users\JimSr\AppData\Roaming\Skype2014-10-24 08:53 - 2011-10-09 09:58 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job2014-10-24 08:50 - 2012-07-02 18:44 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job2014-10-24 08:07 - 2009-07-13 21:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-10-24 08:07 - 2009-07-13 21:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-10-24 07:59 - 2011-10-09 09:58 - 00000892 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job2014-10-24 07:59 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT2014-10-24 07:41 - 2013-12-20 17:47 - 00000856 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4081394799-3261339810-3636942153-1000Core.job2014-10-24 07:21 - 2013-11-04 09:21 - 00000510 _____ () C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 11be9e3b-324e-4dc4-8b02-eaec02193844.job2014-10-24 01:00 - 2013-11-04 09:21 - 00000510 _____ () C:\windows\Tasks\SUPERAntiSpyware Scheduled Task cbdb692a-7baa-4eac-b012-9a0b63160470.job2014-10-23 06:26 - 2011-12-26 10:01 - 00000000 ____D () C:\Users\JimSr\AppData\Local\CrashDumps2014-10-23 06:12 - 2012-08-09 12:56 - 00000000 ___RD () C:\Users\JimSr\Dropbox2014-10-22 22:18 - 2012-08-09 12:53 - 00000000 ____D () C:\Users\JimSr\AppData\Roaming\Dropbox2014-10-22 21:49 - 2013-04-11 13:40 - 00000000 ____D () C:\Users\JimSr\AppData\Local\CRE2014-10-22 21:49 - 2012-03-14 13:23 - 00000000 ____D () C:\Firefox Backups2014-10-22 18:26 - 2012-11-22 10:15 - 00000000 ____D () C:\Program Files (x86)\Nova Development2014-10-22 14:17 - 2012-06-20 10:41 - 00000000 ____D () C:\Program Files\sSUPERAntiSpyware2014-10-22 14:02 - 2011-11-12 19:17 - 00000000 ____D () C:\Users\JimSr\AppData\Local\Google2014-10-21 06:18 - 2014-09-19 04:44 - 00000000 ____D () C:\Users\JimSr\AppData\Local\Adobe2014-10-21 06:18 - 2012-04-03 07:34 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe2014-10-21 06:18 - 2011-07-27 00:11 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl2014-10-19 05:56 - 2013-10-23 21:51 - 00000000 ____D () C:\ProgramData\Oracle2014-10-19 05:55 - 2011-07-27 00:11 - 00000000 ____D () C:\Program Files (x86)\Java2014-10-17 08:42 - 2013-11-11 07:16 - 00000000 ____D () C:\Users\JimSr\Downloads Working2014-10-16 06:07 - 2013-11-07 23:05 - 00000000 ____D () C:\windows\pss2014-10-13 10:28 - 2012-05-12 12:35 - 00000000 ____D () C:\Users\JimSr\AppData\Roaming\vlc2014-10-11 11:40 - 2013-04-01 00:33 - 00000000 ____D () C:\ProgramData\LogiShrd2014-10-11 11:40 - 2013-04-01 00:32 - 00000000 ____D () C:\Program Files\Common Files\logishrd2014-10-11 11:40 - 2013-04-01 00:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech2014-10-10 07:58 - 2011-12-25 10:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm2014-10-08 18:43 - 2011-11-12 17:12 - 00000000 ____D () C:\Users\JimSr2014-10-08 11:24 - 2012-05-22 09:53 - 00000000 ____D () C:\Users\JimSr\AppData\Roaming\uTorrent2014-10-08 09:27 - 2012-10-13 07:42 - 00000000 ____D () C:\Users\JimSr\Downloads\1INSTALLS since 11.12.20112014-10-06 21:37 - 2011-07-27 16:07 - 00000000 ____D () C:\windows\Panther2014-10-06 21:36 - 2012-08-19 09:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner2014-10-06 21:36 - 2012-08-19 09:11 - 00000000 ____D () C:\Program Files\CCleaner2014-10-06 20:57 - 2014-05-04 21:58 - 00000000 ____D () C:\temp2014-10-06 20:10 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\rescache2014-10-06 20:10 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\PolicyDefinitions2014-10-06 20:09 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\servicing2014-10-06 20:08 - 2012-05-31 06:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client2014-10-06 20:08 - 2011-12-26 09:38 - 00000000 ____D () C:\Users\JimSr\AppData\Roaming\Winamp2014-10-06 20:08 - 2011-11-13 12:20 - 00000000 ____D () C:\Program Files (x86)\PowerDesk2014-10-06 20:08 - 2011-11-12 19:22 - 00000000 ____D () C:\Program Files\Microsoft Security Client2014-10-06 20:08 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\AppCompat2014-10-06 20:08 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared2014-10-06 20:06 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\registration2014-10-03 07:20 - 2013-10-01 06:53 - 00000000 ____D () C:\windows\system32\MRTSome content of TEMP:====================C:\Users\JimSr\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3cexf_.dllC:\Users\JimSr\AppData\Local\Temp\Quarantine.exeC:\Users\JimSr\AppData\Local\Temp\sqlite3.dll==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2014-10-16 00:27==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-10-2014Ran by JimSr at 2014-10-24 09:43:31Running from C:\Users\JimSr\DesktopBoot Mode: Normal============================================================================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}==================== Installed Programs ======================(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)1st Clock Pro 5.0 (Full) (HKLM-x32\...\1st Clock_is1) (Version: 5.0 - Green Parrots Software)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)Adobe AIR (x32 Version: 2.6.0.19140 - Adobe Systems Incorporated) HiddenAdobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)Adobe Reader X (10.1.3) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)Adobe Reader X (10.1.8) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)Bing Maps 3D (HKLM\...\{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}) (Version: 4.0.903.16005 - Microsoft Corporation)Bulk Rename Utility 2.7.1.2 (HKLM-x32\...\Bulk Rename Utility_is1) (Version: - TGRMN Software)CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) HiddenCCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)ChromecastApp (HKCU\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.316.0 - Google Inc.)Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.6.430 - Corel Inc.)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)EasyTether (HKLM-x32\...\{8d3ac0f3-14ee-49ab-9193-a8dbdc6fec0c}) (Version: 1.1.17 - Mobile Stream)EasyTether (Version: 1.1.17 - Mobile Stream) HiddenEasyTether ADB USB driver (HKLM\...\{7DD41AE3-10F5-4C46-961C-FAE786519FFF}) (Version: 1.0.0 - Mobile Stream)erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) HiddenESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )Free YouTube Downloader 3.5.128 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version: - HOW Inc.)Freecorder 5 (HKLM-x32\...\Freecorder5.11) (Version: 5.11 - Applian Technologies Inc.)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) HiddenGPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.05) (Version: 9.05 - Artifex Software Inc.)GTK+ 2.10.13 runtime environment (HKLM-x32\...\WinGTK-2_is1) (Version: - Tor Lillqvist)Inkscape 0.48.2 (HKLM-x32\...\Inkscape) (Version: 0.48.2 - )Intel PROSet Wireless (Version: - ) HiddenIntel PROSet Wireless (x32 Version: - ) HiddenIntel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2430 - Intel Corporation)Intel® PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)Intel® WiDi (HKLM-x32\...\{781A93CD-1608-427D-B7F0-D05C07795B25}) (Version: 2.1.41.0 - Intel Corporation)Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)Java Auto Updater (x32 Version: 2.1.71.14 - Oracle, Inc.) HiddenJMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.57.2 - JMicron Technology Corp.)Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenLabel@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)LibreOffice 3.6 (HKLM-x32\...\{60B2F25C-22CB-4CD9-9168-8C63708DC1A1}) (Version: 3.6.4.3 - The Document Foundation)LibreOffice 3.6 Help Pack (English) (HKLM-x32\...\{39AF2BD0-A69F-4597-8349-790B9F7A8589}) (Version: 3.6.4.3 - The Document Foundation)Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)LWS Facebook (x32 Version: 13.50.854.0 - Logitech) HiddenLWS Gallery (x32 Version: 13.51.827.0 - Logitech) HiddenLWS Help_main (x32 Version: 13.51.828.0 - Logitech) HiddenLWS Launcher (x32 Version: 13.51.828.0 - Logitech) HiddenLWS Motion Detection (x32 Version: 13.51.815.0 - Logitech) HiddenLWS Pictures And Video (x32 Version: 13.51.815.0 - Logitech) HiddenLWS Twitter (x32 Version: 13.30.1346.0 - Logitech) HiddenLWS Webcam Software (x32 Version: 13.51.815.0 - Logitech) HiddenLWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) HiddenLWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) HiddenMailWasher Pro (HKLM-x32\...\MailWasher Pro_is1) (Version: - FireTrust Limited)Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)Monkey's Audio (HKLM-x32\...\Monkey's Audio_is1) (Version: - )Mozilla Firefox 21.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 21.0 (x86 en-US)) (Version: 21.0 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 21.0 - Mozilla)MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)PowerDesk 7 (HKLM-x32\...\{B93251B5-9209-4DAB-867C-AA98D91584CD}) (Version: 7.0.1.1 - Avanquest Publishing USA, Inc.)QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6305 - Realtek Semiconductor Corp.)Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) HiddenRoboForm 7-9-10-1 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-10-1 - Siber Systems)SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.15.0 - SAMSUNG Electronics Co., Ltd.)Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)Snagit 11 (HKLM-x32\...\{F8E3C768-71F3-11E1-9DF7-70804824019B}) (Version: 11.0.1 - TechSmith Corporation)Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1158 - SUPERAntiSpyware.com)Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)theWord (HKLM-x32\...\The Word) (Version: 4.0.0.1342 - Costas Stergiou)Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)Toshiba Book Place (HKLM-x32\...\{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}) (Version: 2.2.7530 - K-NFB Reading Technology, Inc.)TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)TOSHIBA Bulletin Board (Version: 1.6.08.64 - TOSHIBA Corporation) HiddenTOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)TOSHIBA eco Utility (HKLM\...\{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}) (Version: 1.3.5.64 - TOSHIBA Corporation)TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.17.64 - TOSHIBA Corporation)TOSHIBA Face Recognition (Version: 3.1.17.64 - TOSHIBA Corporation) HiddenTOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.12C - TOSHIBA CORPORATION)TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.12C - TOSHIBA CORPORATION) HiddenTOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.1.37C - TOSHIBA CORPORATION)TOSHIBA Hardware Setup (x32 Version: 1.63.1.37C - TOSHIBA CORPORATION) HiddenTOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.2.15 - TOSHIBA Corporation)TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.13.11 - )TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.31 - Toshiba)TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.9.64 - TOSHIBA Corporation)TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)TOSHIBA ReelTime (Version: 1.7.21.64 - TOSHIBA Corporation) HiddenTOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2001 - TOSHIBA Corporation)TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.12 - TOSHIBA)TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.8 - TOSHIBA Corporation)TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.51.2C - TOSHIBA CORPORATION)TOSHIBA Supervisor Password (x32 Version: 1.63.51.2C - TOSHIBA CORPORATION) HiddenTOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.1.64 - TOSHIBA Corporation)TOSHIBA Value Added Package (Version: 1.6.1.64 - TOSHIBA Corporation) HiddenTOSHIBA Value Added Package (x32 Version: 1.6.1.64 - TOSHIBA Corporation) HiddenTOSHIBA VIDEO PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 4.00.7.06-A - TOSHIBA Corporation)TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.3 - TOSHIBA Corporation)TOSHIBA Web Camera Application (x32 Version: 2.0.3.3 - TOSHIBA Corporation) HiddenTOSHIBA Wireless Display Monitor (HKLM-x32\...\{617773AE-ADBA-4479-BB04-65FE7758B35C}) (Version: 1.0.1 - TOSHIBA CORPORATION)TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5B01BCB7-A5D3-476F-AF11-E515BA206591}) (Version: 1.0.5 - TOSHIBA CORPORATION)TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.6 - TOSHIBA)Utility Common Driver (x32 Version: 1.0.52.3C - TOSHIBA) HiddenVLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) HiddenWindows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) HiddenWindows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden==================== Custom CLSID (selected items): ==========================(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)CustomCLSID: HKU\S-1-5-21-4081394799-3261339810-3636942153-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\JimSr\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-4081394799-3261339810-3636942153-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\JimSr\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-4081394799-3261339810-3636942153-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\JimSr\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-4081394799-3261339810-3636942153-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JimSr\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-4081394799-3261339810-3636942153-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JimSr\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-4081394799-3261339810-3636942153-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JimSr\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-4081394799-3261339810-3636942153-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JimSr\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-4081394799-3261339810-3636942153-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JimSr\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-4081394799-3261339810-3636942153-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JimSr\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-4081394799-3261339810-3636942153-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JimSr\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-4081394799-3261339810-3636942153-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JimSr\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)==================== Restore Points =========================22-10-2014 16:25:39 Scheduled Checkpoint22-10-2014 20:57:35 Removed Google Earth.23-10-2014 01:23:39 Removed Print Artist Platinum 24.24-10-2014 07:58:54 Windows Update==================== Hosts content: ==========================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts==================== Scheduled Tasks (whitelisted) =============(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)Task: {084F5945-7C67-451C-BEF8-8A08ACCA5C13} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-13] (Google Inc.)Task: {10ED8DFA-7F99-400A-A91E-A6B49D3D8BB5} - System32\Tasks\SUPERAntiSpyware Scheduled Task cbdb692a-7baa-4eac-b012-9a0b63160470 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)Task: {3F82D891-4BB9-4EA0-B968-798D9E8FB22C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)Task: {4E8AF8B8-DEB6-43C7-978D-41E6F758240C} - System32\Tasks\TOSHIBA Wireless Display Monitor => C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe [2010-12-25] (TOSHIBA CORPORATION)Task: {60BDD09F-2977-4C8A-AE46-4FCAF9156163} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-21] (Adobe Systems Incorporated)Task: {65E440AB-4E1A-45EC-AB1F-21A066EC6033} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4081394799-3261339810-3636942153-1000Core => C:\Users\JimSr\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-20] (Google Inc.)Task: {6D66462C-04D9-4224-8F8E-004E959428C4} - System32\Tasks\SUPERAntiSpyware Scheduled Task 11be9e3b-324e-4dc4-8b02-eaec02193844 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)Task: {99AD46B7-FEC2-465E-AF7E-B5C34F6C9D8C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-13] (Google Inc.)Task: {C92A676A-C84C-4D98-BDF3-D79C2A4C5514} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe <==== ATTENTIONTask: {F01F068C-E016-4C09-894D-EADC1BDC587A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4081394799-3261339810-3636942153-1000UA => C:\Users\JimSr\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-20] (Google Inc.)Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\windows\Tasks\DriverNavigator Scheduled Scan.job => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineCore1cfe738fb84baef.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4081394799-3261339810-3636942153-1000Core.job => C:\Users\JimSr\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4081394799-3261339810-3636942153-1000Core1cfea74daf75369.job => C:\Users\JimSr\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4081394799-3261339810-3636942153-1000UA.job => C:\Users\JimSr\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 11be9e3b-324e-4dc4-8b02-eaec02193844.job => C:\Program Files\SUPERAntiSpyware\SASTask.exeTask: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task cbdb692a-7baa-4eac-b012-9a0b63160470.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe==================== Loaded Modules (whitelisted) =============2011-05-31 17:32 - 2011-05-31 17:32 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll2011-06-27 09:16 - 2011-06-27 09:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2010-11-18 17:18 - 2010-11-18 17:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll2011-02-22 19:22 - 2011-02-22 19:22 - 00429432 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe2010-12-15 15:19 - 2010-12-15 15:19 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll2011-05-31 17:32 - 2011-05-31 17:32 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll2011-06-09 21:09 - 2011-06-09 21:09 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll2008-02-13 09:28 - 2008-02-13 09:28 - 00106496 _____ () C:\Program Files (x86)\PowerDesk\APMLR.dll2008-02-13 09:31 - 2008-02-13 09:31 - 00073728 _____ () C:\Program Files (x86)\PowerDesk\ThumView.dll2013-07-02 22:20 - 2013-05-23 06:37 - 03128728 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll==================== Alternate Data Streams (whitelisted) =========(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)==================== Safe Mode (whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"==================== EXE Association (whitelisted) =============(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)==================== MSCONFIG/TASK MANAGER disabled items =========(Currently there is no automatic fix for this section.)MSCONFIG\startupfolder: C:^Users^JimSr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\windows\pss\Dropbox.lnk.StartupMSCONFIG\startupfolder: C:^Users^JimSr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\windows\pss\OpenOffice.org 3.4.1.lnk.StartupMSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITORMSCONFIG\startupreg: EasyTether => "C:\Program Files\Mobile Stream\EasyTether\easytthr.exe"MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGamingMSCONFIG\startupreg: Freecorder FLV Service => "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /runMSCONFIG\startupreg: Google Update => "C:\Users\JimSr\AppData\Local\Google\Update\GoogleUpdate.exe" /cMSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hideMSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDEDMSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimeMSCONFIG\startupreg: ReminderApp_EEAC3053-7055-4143-B8A0-306758055099 => C:\Program Files (x86)\Nova Development\Print Artist Platinum 24\ReminderApp.exe========================= Accounts: ==========================Administrator (S-1-5-21-4081394799-3261339810-3636942153-500 - Administrator - Disabled)Guest (S-1-5-21-4081394799-3261339810-3636942153-501 - Limited - Disabled) => C:\Users\GuestHomeGroupUser$ (S-1-5-21-4081394799-3261339810-3636942153-1003 - Limited - Enabled)JimSr (S-1-5-21-4081394799-3261339810-3636942153-1000 - Administrator - Enabled) => C:\Users\JimSr==================== Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================Error: (10/24/2014 08:00:20 AM) (Source: SideBySide) (EventID: 80) (User: )Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.Error: (10/24/2014 08:00:20 AM) (Source: SideBySide) (EventID: 80) (User: )Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.Error: (10/24/2014 08:00:06 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (10/24/2014 00:34:02 AM) (Source: SideBySide) (EventID: 80) (User: )Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.Error: (10/23/2014 07:38:26 AM) (Source: SideBySide) (EventID: 80) (User: )Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.Error: (10/23/2014 07:38:26 AM) (Source: SideBySide) (EventID: 80) (User: )Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.Error: (10/23/2014 07:38:14 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (10/23/2014 07:26:08 AM) (Source: SideBySide) (EventID: 80) (User: )Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.Error: (10/23/2014 07:26:08 AM) (Source: SideBySide) (EventID: 80) (User: )Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.Error: (10/23/2014 07:25:56 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003System errors:=============Error: (10/22/2014 10:14:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error:%%1068Error: (10/22/2014 10:14:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error:%%1068Error: (10/22/2014 10:14:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error:%%1068Error: (10/22/2014 10:14:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error:%%1068Error: (10/22/2014 10:14:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error:%%1068Error: (10/22/2014 10:14:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error:%%1068Error: (10/22/2014 10:13:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error:%%1068Error: (10/22/2014 10:13:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error:%%1068Error: (10/22/2014 10:13:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error:%%1068Error: (10/22/2014 10:13:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error:%%1068Microsoft Office Sessions:=========================Error: (10/24/2014 08:00:20 AM) (Source: SideBySide) (EventID: 80) (User: )Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exeError: (10/24/2014 08:00:20 AM) (Source: SideBySide) (EventID: 80) (User: )Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exeError: (10/24/2014 08:00:06 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (10/24/2014 00:34:02 AM) (Source: SideBySide) (EventID: 80) (User: )Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exeError: (10/23/2014 07:38:26 AM) (Source: SideBySide) (EventID: 80) (User: )Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exeError: (10/23/2014 07:38:26 AM) (Source: SideBySide) (EventID: 80) (User: )Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exeError: (10/23/2014 07:38:14 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (10/23/2014 07:26:08 AM) (Source: SideBySide) (EventID: 80) (User: )Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exeError: (10/23/2014 07:26:08 AM) (Source: SideBySide) (EventID: 80) (User: )Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exeError: (10/23/2014 07:25:56 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003==================== Memory info ===========================Processor: Intel® Core i7-2670QM CPU @ 2.20GHzPercentage of memory in use: 49%Total physical RAM: 6050.69 MBAvailable physical RAM: 3027.88 MBTotal Pagefile: 12099.56 MBAvailable Pagefile: 9068.19 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.82 MB==================== Drives ================================Drive c: (OS) (Fixed) (Total:682.07 GB) (Free:389.66 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive f: () (Removable) (Total:59.71 GB) (Free:0.21 GB) exFAT==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: 4FE3BE95)Partition 1: (Active) - (Size=1.5 GB) - (Type=27)Partition 2: (Not Active) - (Size=682.1 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=15.1 GB) - (Type=17)========================================================Disk: 1 (Size: 59.7 GB) (Disk ID: 00000000)Partition: GPT Partition Type.==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Maniac Posted October 24, 2014 ID:895762 Share Posted October 24, 2014 Hello jimeee and ! My name is Borislav and I will be glad to help you solve your malware problem. Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.Step 1 Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.Step 2 Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Scan button. Wait until is finished.Click on Clean.Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.In your next reply, post the following log files:Junkware Removal Tool logAdwCleaner log Link to post Share on other sites More sharing options...
jimeee Posted October 25, 2014 Author ID:895826 Share Posted October 25, 2014 Borislav thank you very much for your help. Here are the text files you asked for. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.3.3 (10.21.2014:1)OS: Windows 7 Home Premium x64Ran by JimSr on Fri 10/24/2014 at 17:09:42.35~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ServicesSuccessfully stopped: [service] pcregserviceSuccessfully deleted: [service] pcregservice~~~ Registry Values~~~ Registry KeysSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby-20120809_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby-20120809_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby-20120809_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby-20120809_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby_RASMANCSSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{510BD638-1264-4262-A259-F629EE982162}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8E76B471-8CB9-4CC7-9420-084BF7338FF0}~~~ FilesSuccessfully deleted: [File] C:\windows\Tasks\DriverNavigator Scheduled Scan.job~~~ FoldersSuccessfully deleted: [Folder] "C:\Users\JimSr\appdata\local\cre"Successfully deleted: [Folder] "C:\Program Files (x86)\free youtube downloader"~~~ FireFoxSuccessfully deleted the following from C:\Users\JimSr\AppData\Roaming\mozilla\firefox\profiles\66wtze36.default\prefs.jsuser_pref("CT3289075.BT_Stats.enc", "eyJsYXN0X2xvZyI6MTQxMzk1NTU1OSwidXVpZCI6NDIxODE0MDMyMDIyMjQwLCJzZXFfaWQiOjIsInNzYiI6MTM2NzI2NzYxNH0=");user_pref("CT3289075.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");user_pref("CT3289075.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");user_pref("CT3289075.FirstTime", "true");user_pref("CT3289075.FirstTimeFF3", "true");user_pref("CT3289075.PG_ENABLE", "dHJ1ZQ==");user_pref("CT3289075.PG_ENABLE.enc", "dHJ1ZQ==");user_pref("CT3289075.RestartDialogFirstTime", "false");user_pref("CT3289075.RestartDialogShouldDisplay", "false");user_pref("CT3289075.UserID", "UN28802607355421254");user_pref("CT3289075.addressBarTakeOverEnabledInHidden", "true");user_pref("CT3289075.autoDisableScopes", -1);user_pref("CT3289075.countryCode", "US");user_pref("CT3289075.defaultSearch", "false");user_pref("CT3289075.enableFix404ByUser", "FALSE");user_pref("CT3289075.enableSearchFromAddressBar", "false");user_pref("CT3289075.firstTimeDialogOpened", "true");user_pref("CT3289075.fixPageNotFoundErrorByUser", "TRUE");user_pref("CT3289075.fixPageNotFoundErrorInHidden", "true");user_pref("CT3289075.fixUrls", true);user_pref("CT3289075.fullUserID", "UN28802607355421254.UP.20130710074122");user_pref("CT3289075.homepageuserchanged", true);user_pref("CT3289075.installType", "xpe");user_pref("CT3289075.installUsage", "2013-04-30T00:24:21.2890676+03:00");user_pref("CT3289075.installUsageEarly", "2013-04-30T00:24:21.2942058+03:00");user_pref("CT3289075.installerVersion", "1.3.7.3");user_pref("CT3289075.isCheckedStartAsHidden", true);user_pref("CT3289075.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");user_pref("CT3289075.isFirstTimeToolbarLoading", "false");user_pref("CT3289075.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");user_pref("CT3289075.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");user_pref("CT3289075.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.conduit.com/?gd=&ctid=CT3289075&octid=CT3289075&ISID=ISID_ID&SearchSource=15&CUI=user_pref("CT3289075.lastVersion", "10.34.0.503");user_pref("CT3289075.mam_gk_appStateReportTime.enc", "MTM2NzM0MjY0NTk4Nw==");user_pref("CT3289075.mam_gk_appState_CouponBuddy.enc", "b24=");user_pref("CT3289075.mam_gk_appState_PiclickV2-WebSearch.enc", "b24=");user_pref("CT3289075.mam_gk_appState_PriceGong.enc", "b24=");user_pref("CT3289075.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnNuser_pref("CT3289075.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");user_pref("CT3289075.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkNvdXBvbkJ1ZGR5IiwiY3JpdGVyaWFzIjpbeyJjcml0ZXJpYUlkIjoiNzg3YTE4OGItMDdlZS00YTZkLTliYjQtOWY0MGuser_pref("CT3289075.mam_gk_currentVersion.enc", "MS41LjAuMw==");user_pref("CT3289075.mam_gk_eventsCache.enc", "eyJlMjc3YzYxZS1lMWFkLTQxYmYtOWU4Yi1hZWY0OWU1OWI0ZGYiOnsidG9waWMiOiJzZW5kVXNhZ2UiLCJkYXRhIjp7ImNhdGVnb3J5IjoiV2VsY29tZSIsImFjdGlvuser_pref("CT3289075.mam_gk_first_time.enc", "MQ==");user_pref("CT3289075.mam_gk_gadgetOpen.enc", "MA==");user_pref("CT3289075.mam_gk_installer_preapproved.enc", "ZmFsc2U=");user_pref("CT3289075.mam_gk_lastLoginTime.enc", "MTM2NzM0MjY0NzE3OA==");user_pref("CT3289075.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMuser_pref("CT3289075.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");user_pref("CT3289075.mam_gk_settings1.5.0.3.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMTc5XzIiLCJpc1Rlc3QiOnRydWUsImlzV2VsY29tZUV4cGVyaWVuuser_pref("CT3289075.mam_gk_showCloseButton.enc", "dHJ1ZQ==");user_pref("CT3289075.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");user_pref("CT3289075.mam_gk_userId.enc", "NGVhYThlMDgtOGQ5OC00YWFkLWI2MjMtYWMxMDJjNzBhYjZh");user_pref("CT3289075.migrateAppsAndComponents", true);user_pref("CT3289075.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fvonunov.nu%2Fvocation%2Ftips%2Fmbam.php\",\"EB_MAIN_FRAME_TITLE\":\"MBAM%20(Malwarebytes'%2user_pref("CT3289075.openThankYouPage", "true");user_pref("CT3289075.openUninstallPage", "false");user_pref("CT3289075.originalHomepage", "hxxp://www.speedtest.net/|hxxp://testmy.net/|hxxp://www.oil-price.net/|hxxp://www.washingtongasprices.com/GasPriceSearch.aspx?mss=1591user_pref("CT3289075.performedDomainChangesMigration", "true");user_pref("CT3289075.revertSettingsEnabled", "FALSE");user_pref("CT3289075.search.searchAppId", "130064539389933152");user_pref("CT3289075.search.searchCount", "0");user_pref("CT3289075.searchInNewTabEnabledByUser", "false");user_pref("CT3289075.searchInNewTabEnabledInHidden", "true");user_pref("CT3289075.searchSuggestEnabledByUser", "false");user_pref("CT3289075.searchUserMode", "2");user_pref("CT3289075.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");user_pref("CT3289075.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");user_pref("CT3289075.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");user_pref("CT3289075.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3289075\"}");user_pref("CT3289075.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://uTorrentControlv6.OurToolbar.com//xpi\"}");user_pref("CT3289075.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"uTorrentControl_v6 \"}");user_pref("CT3289075.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");user_pref("CT3289075.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");user_pref("CT3289075.serviceLayer_services_Configuration_lastUpdate", "1413989657501");user_pref("CT3289075.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1413955558132");user_pref("CT3289075.serviceLayer_services_appsMetadata_lastUpdate", "1413955558040");user_pref("CT3289075.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1413955558103");user_pref("CT3289075.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1367270663425");user_pref("CT3289075.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1367270663430");user_pref("CT3289075.serviceLayer_services_location_lastUpdate", "1373295664690");user_pref("CT3289075.serviceLayer_services_login_10.15.0.562_lastUpdate", "1369537738544");user_pref("CT3289075.serviceLayer_services_login_10.15.0.62_lastUpdate", "1367296414032");user_pref("CT3289075.serviceLayer_services_login_10.16.2.509_lastUpdate", "1373331542435");user_pref("CT3289075.serviceLayer_services_login_10.16.4.519_lastUpdate", "1374972435223");user_pref("CT3289075.serviceLayer_services_login_10.16.70.505_lastUpdate", "1379307329466");user_pref("CT3289075.serviceLayer_services_login_10.20.0.513_lastUpdate", "1386045358486");user_pref("CT3289075.serviceLayer_services_login_10.34.0.503_lastUpdate", "1414070942657");user_pref("CT3289075.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1413955558138");user_pref("CT3289075.serviceLayer_services_searchAPI_lastUpdate", "1413989656311");user_pref("CT3289075.serviceLayer_services_serviceMap_lastUpdate", "1413989655463");user_pref("CT3289075.serviceLayer_services_setupAPI_lastUpdate", "1367267604879");user_pref("CT3289075.serviceLayer_services_toolbarContextMenu_lastUpdate", "1413955558075");user_pref("CT3289075.serviceLayer_services_toolbarSettings_lastUpdate", "1414070942982");user_pref("CT3289075.serviceLayer_services_translation_lastUpdate", "1413989654458");user_pref("CT3289075.settingsINI", true);user_pref("CT3289075.shouldFirstTimeDialog", "false");user_pref("CT3289075.showToolbarPermission", "false");user_pref("CT3289075.smartbar.CTID", "CT3289075");user_pref("CT3289075.smartbar.Uninstall", "0");user_pref("CT3289075.smartbar.homepage", true);user_pref("CT3289075.smartbar.isHidden", true);user_pref("CT3289075.smartbar.toolbarName", "uTorrentControl_v6 ");user_pref("CT3289075.startPage", "false");user_pref("CT3289075.toolbarBornServerTime", "29-4-2013");user_pref("CT3289075.toolbarCurrentServerTime", "23-10-2014");user_pref("CT3289075.toolbarLoginClientTime", "Mon Apr 29 2013 13:33:30 GMT-0700 (Pacific Daylight Time)");user_pref("CT3289075.url_history0001.enc", "aHR0cDovL3RvcnJlbnRzLnRoZXBpcmF0ZWJheS5pcy84MzA2OTQ0L1VuZGVyc3RhbmRpbmdfVGhlX0VuZF9UaW1lXy1fRW5kVGltZV9NaW5pc3RyaWVzX0RWRF9TZXJpZXMuser_pref("CT3289075_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1414071777012,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}user_pref("CT3289847.installerVersion", "1.3.7.3");user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource=61&CUI=UN24292931124034531&UM=2&UP=SP5EF22879-5BFB-4C66-A9FAuser_pref("Smartbar.TBHomepagesList", "hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource=61&CUI=UN24292931124034531&UM=2&UP=SP5EF22879-5BFB-4C66-A9FA-F98Fuser_pref("adblock.patterns", "!Filterset.G[hxxp://www.pierceive.com/]=2008-03-08a-MERGED .adquest.nl .adreporting.com .geldrace.nl .site-id.nl /(\\Wadv|banner|promo)s?(\\.(?!user_pref("browser.search.defaulturl", "hxxp://search.aol.com/search/search?q={searchTerms}&s_it=outbrowseaol-ff&s_qt=sb&tb_uuid=20130313213208813&tb_oid=13-03-2013&tb_mrud=14user_pref("browser.search.order.11", "Dogpile");user_pref("browser.search.order.14", "Ixquick");user_pref("browser.search.order.17", "Ask.com");user_pref("browser.search.order.20", "Ask.com");user_pref("browser.search.searchbox.width", 211);user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3289075&CUI=UN28802607355421254&UM=2&SearchSource=13");user_pref("extensions.508575687d6eb.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.locatiouser_pref("extensions.SortCustomizationDialog.existingButtons", "{\"navigator-toolbox\":[\"BetterPrivacyButton\",\"about-application\",\"about-disk-cache\",\"about-mem-cache\"user_pref("extensions.adblockplus.synch.Filterset.G.patterns", "!Filterset.G[hxxp://www.pierceive.com/]=2008-03-08a-MERGED .adquest.nl .adreporting.com .geldrace.nl .site-id.nuser_pref("extensions.gophoto@gophoto.it.install-event-fired", true);user_pref("fgupdater.patterns", "!Filterset.G[hxxp://www.pierceive.com/]=2008-03-08a-MERGED .adquest.nl .adreporting.com .geldrace.nl .site-id.nl /(\\Wadv|banner|promo)s?(\\.(user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource=61&CUI=UN24292931124034531&UM=2&UP=SPCEF4612F-30F5-44AB-A70B-user_pref("smartbar.homePageOwnerCTID", "CT3289075");user_pref("smartbar.homepageList", "hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource=61&CUI=UN24292931124034531&UM=2&UP=SPCEF4612F-30F5-44AB-A70B-93D5F82user_pref("smartbar.machineId", "QZYUI+7FONE9AJ+/EXE+RXEUPJJHCRVBUHA+PZ28YM6YDX0WIT1LZD0JXTNS57KXXAXXXYIV++P51TNJ9CCRBQ");user_pref("valueApps.CT3289075./9B+7E+x305.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E,x305.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E-x305.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E.:2z527.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E.x305.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E/x305.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E06CG5EL8:", "6E6C706E736D756D7275");user_pref("valueApps.CT3289075./9B+7E06CG5EL8:.storedInFile", false);user_pref("valueApps.CT3289075./9B+7E06CG5EL;8I:K", "247E2D2F226A7472767479737B73787B242F4B49474F42357D5D5C3D");user_pref("valueApps.CT3289075./9B+7E06CG5EL;8I:K.storedInFile", false);user_pref("valueApps.CT3289075./9B+7E0x305.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E1x305.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E2x305.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E31;CJ3J@F<JKC?&QFI.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E31;CJ7FK;;\"MBE.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E31;CJ:6:D:NB$ODG.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E31;CJ:F8J?\"MBE.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E31;CJ=F:J?CO$ODG", "247E61393F236B25747679727B2B222D6F4250454E337B354A5347574C505C315C5154413843266358535B5659534C354E7B7E5148533673766458user_pref("valueApps.CT3289075./9B+7E31;CJ=F:J?CO$ODG.storedInFile", false);user_pref("valueApps.CT3289075./9B+7E31;CJ=J@6M=KO9?OB)HFR", "247E61393F236B2575717573792B222D6F4250454E337B354A574D435A4A585C464C5C4F3655535F463D482B686B594D364F4043524954376user_pref("valueApps.CT3289075./9B+7E31;CJ=J@6M=KO9?OB)HFR.storedInFile", false);user_pref("valueApps.CT3289075./9B+7E31;CJ@6CJIKH8PAKQ)TIL", "247E61393F236B2575787871732B222D6F4250454E337B354D435057565855455D4E585E36615659463D482B685D58605B5E58513A5321245user_pref("valueApps.CT3289075./9B+7E31;CJ@6CJIKH8PAKQ)TIL.storedInFile", false);user_pref("valueApps.CT3289075./9B+7E31;CJBJ:K?=J?MJMMB*UJM.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E31;CJEIK4!LAD.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E31;CJEIK4!LO.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E31;CJF<@AM=<?MN'RGJ.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E31;CJFF@9MLA$ODG", "247E61393F236B25757778717A2B222D6F4250454E337B3553534D465A594E315C5154413843266358535B5659534C354E7B7E5148536564687464user_pref("valueApps.CT3289075./9B+7E31;CJFF@9MLA$ODG.storedInFile", false);user_pref("valueApps.CT3289075./9B+7E31;CJG=G9!LAD", "247E61393F236B256E747329202B6D404E434C317933524852442C574C4F3C333E214D4E57432C4534473E49565A614D365550606E6D543D565D68657user_pref("valueApps.CT3289075./9B+7E31;CJG=G9!LAD.storedInFile", false);user_pref("valueApps.CT3289075./9B+7E31;CJGJ:GM7#NCF", "247E61393F236B256E74757A2A212C6E414F444D327A345356465359432F5A4F523F364124615651595457514A334C797C4F465134717462563F584user_pref("valueApps.CT3289075./9B+7E31;CJGJ:GM7#NCF.storedInFile", false);user_pref("valueApps.CT3289075./9B+7E31;CJGJJHBN=$ODG.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E31;CJHB2;M;K$ODG", "247E61393F236B2576727171772B222D6F4250454E337B35554F3F485A4858315C5154413843266358535B5659534C354E7B7E5148533662636C58user_pref("valueApps.CT3289075./9B+7E31;CJHB2;M;K$ODG.storedInFile", false);user_pref("valueApps.CT3289075./9B+7E31;CJI68>:=OMMA'RGJ.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E31;CJI>K3?A#NCF.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E31;CJIG=KI\"MBE.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E3x305.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E4x305.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E5x305.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E6x305.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E7x305.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E8x305.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E9x305.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E:x305.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E;x305.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E<x305.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E=x305.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E>x305.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E?x305.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E@x305.storedInFile", true);user_pref("valueApps.CT3289075./9B+7EAx305.storedInFile", true);user_pref("valueApps.CT3289075./9B+7EBE3G=;D9N9=D", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");user_pref("valueApps.CT3289075./9B+7EBE3G=;D9N9=D.storedInFile", false);user_pref("valueApps.CT3289075./9B+7EBx305.storedInFile", true);user_pref("valueApps.CT3289075./9B+7ECx305.storedInFile", true);user_pref("valueApps.CT3289075./9B+7EDx305.storedInFile", true);user_pref("valueApps.CT3289075./9B+7Etx305.storedInFile", true);user_pref("valueApps.CT3289075./9B-0?3G>D", "666D4070734370437A43744678204C7A7C4D25235121502A2753575855562B265C2F5F31");user_pref("valueApps.CT3289075./9B-0?3G>D.storedInFile", false);user_pref("valueApps.CT3289075./9B-0?3G@6:5;", "");user_pref("valueApps.CT3289075./9B-0?3G@6:5;.storedInFile", false);user_pref("valueApps.CT3289075./9B-0?3GFA7EF", "2B2E2C3D");user_pref("valueApps.CT3289075./9B-0?3GFA7EF.storedInFile", false);user_pref("valueApps.CT3289075./9B-3=3ECCJA=F>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A2329282A31323334353A455F67566B5D67566F596B5F5F6A6567553E72786E68776user_pref("valueApps.CT3289075./9B-3=3ECCJA=F>.storedInFile", false);user_pref("valueApps.CT3289075./9B/>01=9A6K6<IM;KRIE@PDAWM", "6A696B7273747576");user_pref("valueApps.CT3289075./9B/>01=9A6K6<IM;KRIE@PDAWM.storedInFile", false);user_pref("valueApps.CT3289075./9B3=>@44I48?", "372C2D32697576334236334148474C213F3E484F4E4D4648502B564B4E2E5959595F4C564F3764535750");user_pref("valueApps.CT3289075./9B3=>@44I48?.storedInFile", false);user_pref("valueApps.CT3289075./9B5BA==9CJAG", "3B3F6B3F3F6C3F6D7A4271767B73797B7E7B4B797A");user_pref("valueApps.CT3289075./9B5BA==9CJAG.storedInFile", false);user_pref("valueApps.CT3289075./9B6B11G4C56B>F;P;ANR@P", "6E6C706E736D756D7370767A7A");user_pref("valueApps.CT3289075./9B6B11G4C56B>F;P;ANR@P.storedInFile", false);user_pref("valueApps.CT3289075./9B90E@.3C;7B=?OFB>>RHIQS", "393F352F3E");user_pref("valueApps.CT3289075./9B90E@.3C;7B=?OFB>>RHIQS.storedInFile", false);user_pref("valueApps.CT3289075./9B9643G3/9E", "6A");user_pref("valueApps.CT3289075./9B9643G3/9E.storedInFile", false);user_pref("valueApps.CT3289075./9B;45>:BI9I7IE", "2B2E2C3D");user_pref("valueApps.CT3289075./9B;45>:BI9I7IE.storedInFile", false);user_pref("valueApps.CT3289075./9B<:222H64<", "393F352F3E");user_pref("valueApps.CT3289075./9B<:222H64<.storedInFile", false);user_pref("valueApps.CT3289075./9B<:222H64<L8DAJ", "6D70706E7673757975782A7979727C7E757D7D");user_pref("valueApps.CT3289075./9B<:222H64<L8DAJ.storedInFile", false);user_pref("valueApps.CT3289075./9B=+03EH8H8J?:", "4443");user_pref("valueApps.CT3289075./9B=+03EH8H8J?:.storedInFile", false);user_pref("valueApps.CT3289075./9B?+E2A52D8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");user_pref("valueApps.CT3289075./9B?+E2A52D8.storedInFile", false);user_pref("valueApps.CT3289075./9B?B0D:8AJ62<H", "6D");user_pref("valueApps.CT3289075./9B?B0D:8AJ62<H.storedInFile", false);user_pref("valueApps.CT3289075./9BA@0<0BI6A7GN:6@L?", "6C");user_pref("valueApps.CT3289075./9BA@0<0BI6A7GN:6@L?.storedInFile", false);user_pref("valueApps.CT3289075.PG_ENABLE", "74727565");user_pref("valueApps.CT3289075.PG_ENABLE.storedInFile", false);user_pref("valueApps.CT3289075.SF_JUST_INSTALLED", "46414C5345");user_pref("valueApps.CT3289075.SF_JUST_INSTALLED.storedInFile", false);user_pref("valueApps.CT3289075.SF_STATUS", "454E41424C4544");user_pref("valueApps.CT3289075.SF_STATUS.storedInFile", false);user_pref("valueApps.CT3289075.SF_USER_ID", "6369645F3230313032303134353130333131303332383335");user_pref("valueApps.CT3289075.SF_USER_ID.storedInFile", false);user_pref("valueApps.CT3289075.cb_experience_000", "3937");user_pref("valueApps.CT3289075.cb_experience_000.storedInFile", false);user_pref("valueApps.CT3289075.cb_firstuse0100", "31");user_pref("valueApps.CT3289075.cb_firstuse0100.storedInFile", false);user_pref("valueApps.CT3289075.cb_user_id_000", "43423337323130383039303636365F313431333830373033333233365F46697265666F78");user_pref("valueApps.CT3289075.cb_user_id_000.storedInFile", false);user_pref("valueApps.CT3289075.cbfirsttime", "4D6F6E204F637420323020323031342030353A31303A333320474D542D30373030202850616369666963205374616E646172642054696D6529");user_pref("valueApps.CT3289075.cbfirsttime.storedInFile", false);user_pref("valueApps.CT3289075.mam_gk_appStateReportTime", "31343134303730393436323935");user_pref("valueApps.CT3289075.mam_gk_appStateReportTime.storedInFile", false);user_pref("valueApps.CT3289075.mam_gk_appState_CouponBuddy", "6F6E");user_pref("valueApps.CT3289075.mam_gk_appState_CouponBuddy.storedInFile", false);user_pref("valueApps.CT3289075.mam_gk_appState_Easytobook", "6F6E");user_pref("valueApps.CT3289075.mam_gk_appState_Easytobook.storedInFile", false);user_pref("valueApps.CT3289075.mam_gk_appState_Easytobook_targeted", "6F6E");user_pref("valueApps.CT3289075.mam_gk_appState_Easytobook_targeted.storedInFile", false);user_pref("valueApps.CT3289075.mam_gk_appState_Find-a-Pro", "6F6E");user_pref("valueApps.CT3289075.mam_gk_appState_Find-a-Pro.storedInFile", false);user_pref("valueApps.CT3289075.mam_gk_appState_PopBITGames", "6F6E");user_pref("valueApps.CT3289075.mam_gk_appState_PopBITGames.storedInFile", false);user_pref("valueApps.CT3289075.mam_gk_appState_PriceGong", "6F6E");user_pref("valueApps.CT3289075.mam_gk_appState_PriceGong.storedInFile", false);user_pref("valueApps.CT3289075.mam_gk_appState_WindowShopper", "6F6E");user_pref("valueApps.CT3289075.mam_gk_appState_WindowShopper.storedInFile", false);user_pref("valueApps.CT3289075.mam_gk_appsConfig.storedInFile", true);user_pref("valueApps.CT3289075.mam_gk_appsDefaultEnabled", "6E756C6C");user_pref("valueApps.CT3289075.mam_gk_appsDefaultEnabled.storedInFile", false);user_pref("valueApps.CT3289075.mam_gk_calledSetupService", "31");user_pref("valueApps.CT3289075.mam_gk_calledSetupService.storedInFile", false);user_pref("valueApps.CT3289075.mam_gk_currentVersion", "312E31332E302E3137");user_pref("valueApps.CT3289075.mam_gk_currentVersion.storedInFile", false);user_pref("valueApps.CT3289075.mam_gk_existingUsersRecoveryDone", "31");user_pref("valueApps.CT3289075.mam_gk_existingUsersRecoveryDone.storedInFile", false);user_pref("valueApps.CT3289075.mam_gk_first_time", "31");user_pref("valueApps.CT3289075.mam_gk_first_time.storedInFile", false);user_pref("valueApps.CT3289075.mam_gk_lastLoginTime", "31343134303730393436353930");user_pref("valueApps.CT3289075.mam_gk_lastLoginTime.storedInFile", false);user_pref("valueApps.CT3289075.mam_gk_localization.storedInFile", true);user_pref("valueApps.CT3289075.mam_gk_mamEnabled", "74727565");user_pref("valueApps.CT3289075.mam_gk_mamEnabled.storedInFile", false);user_pref("valueApps.CT3289075.mam_gk_migrated_from_ls", "31");user_pref("valueApps.CT3289075.mam_gk_migrated_from_ls.storedInFile", false);user_pref("valueApps.CT3289075.mam_gk_new_welcome_experience", "31");user_pref("valueApps.CT3289075.mam_gk_new_welcome_experience.storedInFile", false);user_pref("valueApps.CT3289075.mam_gk_settings1.13.0.17.storedInFile", true);user_pref("valueApps.CT3289075.mam_gk_showWelcomeGadget", "66616C7365");user_pref("valueApps.CT3289075.mam_gk_showWelcomeGadget.storedInFile", false);user_pref("valueApps.CT3289075.mam_gk_stamp", "313139395F30");user_pref("valueApps.CT3289075.mam_gk_stamp.storedInFile", false);user_pref("valueApps.CT3289075.mam_gk_userBornDate", "4E2F41");user_pref("valueApps.CT3289075.mam_gk_userBornDate.storedInFile", false);user_pref("valueApps.CT3289075.mam_gk_userId", "61643731313130662D356433372D343336322D383635302D613164613164613638613862");user_pref("valueApps.CT3289075.mam_gk_userId.storedInFile", false);user_pref("valueApps.CT3289075.mam_gk_user_approval_interacted", "31");user_pref("valueApps.CT3289075.mam_gk_user_approval_interacted.storedInFile", false);user_pref("valueApps.CT3289075.mam_gk_welcomeDialogMode", "31");user_pref("valueApps.CT3289075.mam_gk_welcomeDialogMode.storedInFile", false);user_pref("valueApps.CT3289075.url_history0001", "68747470733A2F2F7777772E676F6F676C652E636F6D3A3A3A636C69636B68616E646C65723A3A3A313431333830373730323431312C2C2C68747470733A2user_pref("valueApps.CT3289075.url_history0001.storedInFile", true);user_pref("valueApps.storage.mam_gk_userId", "61643731313130662D356433372D343336322D383635302D613164613164613638613862");user_pref("winamp_toolbar.search.searchtype", "web");Emptied folder: C:\Users\JimSr\AppData\Roaming\mozilla\firefox\profiles\66wtze36.default\minidumps [71 files]~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Fri 10/24/2014 at 17:12:24.73End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v4.001 - Report created 24/10/2014 at 17:23:31# DB v2014-10-23.2# Updated 20/10/2014 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : JimSr - PC# Running from : C:\Users\JimSr\Laptop\AdwCleaner.exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] *****Folder Deleted : C:\Users\JimSr\AppData\Local\Browser GuardianFolder Deleted : C:\Users\JimSr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Guardian***** [ Scheduled Tasks ] ********** [ Shortcuts ] ********** [ Registry ] *****Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}***** [ Browsers ] *****-\\ Internet Explorer v11.0.9600.17207-\\ Mozilla Firefox v21.0 (en-US)-\\ Google Chrome v38.0.2125.104*************************AdwCleaner[R0].txt - [7061 octets] - [23/10/2014 07:01:46]AdwCleaner[R1].txt - [7121 octets] - [23/10/2014 07:04:10]AdwCleaner[R2].txt - [1081 octets] - [23/10/2014 07:12:02]AdwCleaner[R3].txt - [1077 octets] - [23/10/2014 07:17:49]AdwCleaner[R4].txt - [1198 octets] - [23/10/2014 07:22:12]AdwCleaner[R5].txt - [1318 octets] - [23/10/2014 07:27:27]AdwCleaner[R6].txt - [1676 octets] - [24/10/2014 17:20:58]AdwCleaner[s0].txt - [6863 octets] - [23/10/2014 07:07:24]AdwCleaner[s1].txt - [1137 octets] - [23/10/2014 07:13:49]AdwCleaner[s2].txt - [1132 octets] - [23/10/2014 07:20:04]AdwCleaner[s3].txt - [1253 octets] - [23/10/2014 07:24:45]AdwCleaner[s4].txt - [1373 octets] - [23/10/2014 07:37:08]AdwCleaner[s5].txt - [1596 octets] - [24/10/2014 17:23:31]########## EOF - C:\AdwCleaner\AdwCleaner[s5].txt - [1656 octets] ########## Link to post Share on other sites More sharing options...
jimeee Posted October 25, 2014 Author ID:895827 Share Posted October 25, 2014 Borislav thank you very much for your help. By the way I had ran Adwcleaner very recently before I posted for help Here are the text files you asked for. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.3.3 (10.21.2014:1)OS: Windows 7 Home Premium x64Ran by JimSr on Fri 10/24/2014 at 17:09:42.35~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ServicesSuccessfully stopped: [service] pcregserviceSuccessfully deleted: [service] pcregservice~~~ Registry Values~~~ Registry KeysSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby-20120809_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby-20120809_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby-20120809_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby-20120809_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby_RASMANCSSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{510BD638-1264-4262-A259-F629EE982162}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8E76B471-8CB9-4CC7-9420-084BF7338FF0}~~~ FilesSuccessfully deleted: [File] C:\windows\Tasks\DriverNavigator Scheduled Scan.job~~~ FoldersSuccessfully deleted: [Folder] "C:\Users\JimSr\appdata\local\cre"Successfully deleted: [Folder] "C:\Program Files (x86)\free youtube downloader"~~~ FireFoxSuccessfully deleted the following from C:\Users\JimSr\AppData\Roaming\mozilla\firefox\profiles\66wtze36.default\prefs.jsuser_pref("CT3289075.BT_Stats.enc", "eyJsYXN0X2xvZyI6MTQxMzk1NTU1OSwidXVpZCI6NDIxODE0MDMyMDIyMjQwLCJzZXFfaWQiOjIsInNzYiI6MTM2NzI2NzYxNH0=");user_pref("CT3289075.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");user_pref("CT3289075.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");user_pref("CT3289075.FirstTime", "true");user_pref("CT3289075.FirstTimeFF3", "true");user_pref("CT3289075.PG_ENABLE", "dHJ1ZQ==");user_pref("CT3289075.PG_ENABLE.enc", "dHJ1ZQ==");user_pref("CT3289075.RestartDialogFirstTime", "false");user_pref("CT3289075.RestartDialogShouldDisplay", "false");user_pref("CT3289075.UserID", "UN28802607355421254");user_pref("CT3289075.addressBarTakeOverEnabledInHidden", "true");user_pref("CT3289075.autoDisableScopes", -1);user_pref("CT3289075.countryCode", "US");user_pref("CT3289075.defaultSearch", "false");user_pref("CT3289075.enableFix404ByUser", "FALSE");user_pref("CT3289075.enableSearchFromAddressBar", "false");user_pref("CT3289075.firstTimeDialogOpened", "true");user_pref("CT3289075.fixPageNotFoundErrorByUser", "TRUE");user_pref("CT3289075.fixPageNotFoundErrorInHidden", "true");user_pref("CT3289075.fixUrls", true);user_pref("CT3289075.fullUserID", "UN28802607355421254.UP.20130710074122");user_pref("CT3289075.homepageuserchanged", true);user_pref("CT3289075.installType", "xpe");user_pref("CT3289075.installUsage", "2013-04-30T00:24:21.2890676+03:00");user_pref("CT3289075.installUsageEarly", "2013-04-30T00:24:21.2942058+03:00");user_pref("CT3289075.installerVersion", "1.3.7.3");user_pref("CT3289075.isCheckedStartAsHidden", true);user_pref("CT3289075.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");user_pref("CT3289075.isFirstTimeToolbarLoading", "false");user_pref("CT3289075.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");user_pref("CT3289075.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");user_pref("CT3289075.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.conduit.com/?gd=&ctid=CT3289075&octid=CT3289075&ISID=ISID_ID&SearchSource=15&CUI=user_pref("CT3289075.lastVersion", "10.34.0.503");user_pref("CT3289075.mam_gk_appStateReportTime.enc", "MTM2NzM0MjY0NTk4Nw==");user_pref("CT3289075.mam_gk_appState_CouponBuddy.enc", "b24=");user_pref("CT3289075.mam_gk_appState_PiclickV2-WebSearch.enc", "b24=");user_pref("CT3289075.mam_gk_appState_PriceGong.enc", "b24=");user_pref("CT3289075.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnNuser_pref("CT3289075.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");user_pref("CT3289075.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkNvdXBvbkJ1ZGR5IiwiY3JpdGVyaWFzIjpbeyJjcml0ZXJpYUlkIjoiNzg3YTE4OGItMDdlZS00YTZkLTliYjQtOWY0MGuser_pref("CT3289075.mam_gk_currentVersion.enc", "MS41LjAuMw==");user_pref("CT3289075.mam_gk_eventsCache.enc", "eyJlMjc3YzYxZS1lMWFkLTQxYmYtOWU4Yi1hZWY0OWU1OWI0ZGYiOnsidG9waWMiOiJzZW5kVXNhZ2UiLCJkYXRhIjp7ImNhdGVnb3J5IjoiV2VsY29tZSIsImFjdGlvuser_pref("CT3289075.mam_gk_first_time.enc", "MQ==");user_pref("CT3289075.mam_gk_gadgetOpen.enc", "MA==");user_pref("CT3289075.mam_gk_installer_preapproved.enc", "ZmFsc2U=");user_pref("CT3289075.mam_gk_lastLoginTime.enc", "MTM2NzM0MjY0NzE3OA==");user_pref("CT3289075.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMuser_pref("CT3289075.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");user_pref("CT3289075.mam_gk_settings1.5.0.3.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMTc5XzIiLCJpc1Rlc3QiOnRydWUsImlzV2VsY29tZUV4cGVyaWVuuser_pref("CT3289075.mam_gk_showCloseButton.enc", "dHJ1ZQ==");user_pref("CT3289075.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");user_pref("CT3289075.mam_gk_userId.enc", "NGVhYThlMDgtOGQ5OC00YWFkLWI2MjMtYWMxMDJjNzBhYjZh");user_pref("CT3289075.migrateAppsAndComponents", true);user_pref("CT3289075.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fvonunov.nu%2Fvocation%2Ftips%2Fmbam.php\",\"EB_MAIN_FRAME_TITLE\":\"MBAM%20(Malwarebytes'%2user_pref("CT3289075.openThankYouPage", "true");user_pref("CT3289075.openUninstallPage", "false");user_pref("CT3289075.originalHomepage", "hxxp://www.speedtest.net/|hxxp://testmy.net/|hxxp://www.oil-price.net/|hxxp://www.washingtongasprices.com/GasPriceSearch.aspx?mss=1591user_pref("CT3289075.performedDomainChangesMigration", "true");user_pref("CT3289075.revertSettingsEnabled", "FALSE");user_pref("CT3289075.search.searchAppId", "130064539389933152");user_pref("CT3289075.search.searchCount", "0");user_pref("CT3289075.searchInNewTabEnabledByUser", "false");user_pref("CT3289075.searchInNewTabEnabledInHidden", "true");user_pref("CT3289075.searchSuggestEnabledByUser", "false");user_pref("CT3289075.searchUserMode", "2");user_pref("CT3289075.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");user_pref("CT3289075.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");user_pref("CT3289075.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");user_pref("CT3289075.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3289075\"}");user_pref("CT3289075.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://uTorrentControlv6.OurToolbar.com//xpi\"}");user_pref("CT3289075.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"uTorrentControl_v6 \"}");user_pref("CT3289075.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");user_pref("CT3289075.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");user_pref("CT3289075.serviceLayer_services_Configuration_lastUpdate", "1413989657501");user_pref("CT3289075.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1413955558132");user_pref("CT3289075.serviceLayer_services_appsMetadata_lastUpdate", "1413955558040");user_pref("CT3289075.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1413955558103");user_pref("CT3289075.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1367270663425");user_pref("CT3289075.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1367270663430");user_pref("CT3289075.serviceLayer_services_location_lastUpdate", "1373295664690");user_pref("CT3289075.serviceLayer_services_login_10.15.0.562_lastUpdate", "1369537738544");user_pref("CT3289075.serviceLayer_services_login_10.15.0.62_lastUpdate", "1367296414032");user_pref("CT3289075.serviceLayer_services_login_10.16.2.509_lastUpdate", "1373331542435");user_pref("CT3289075.serviceLayer_services_login_10.16.4.519_lastUpdate", "1374972435223");user_pref("CT3289075.serviceLayer_services_login_10.16.70.505_lastUpdate", "1379307329466");user_pref("CT3289075.serviceLayer_services_login_10.20.0.513_lastUpdate", "1386045358486");user_pref("CT3289075.serviceLayer_services_login_10.34.0.503_lastUpdate", "1414070942657");user_pref("CT3289075.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1413955558138");user_pref("CT3289075.serviceLayer_services_searchAPI_lastUpdate", "1413989656311");user_pref("CT3289075.serviceLayer_services_serviceMap_lastUpdate", "1413989655463");user_pref("CT3289075.serviceLayer_services_setupAPI_lastUpdate", "1367267604879");user_pref("CT3289075.serviceLayer_services_toolbarContextMenu_lastUpdate", "1413955558075");user_pref("CT3289075.serviceLayer_services_toolbarSettings_lastUpdate", "1414070942982");user_pref("CT3289075.serviceLayer_services_translation_lastUpdate", "1413989654458");user_pref("CT3289075.settingsINI", true);user_pref("CT3289075.shouldFirstTimeDialog", "false");user_pref("CT3289075.showToolbarPermission", "false");user_pref("CT3289075.smartbar.CTID", "CT3289075");user_pref("CT3289075.smartbar.Uninstall", "0");user_pref("CT3289075.smartbar.homepage", true);user_pref("CT3289075.smartbar.isHidden", true);user_pref("CT3289075.smartbar.toolbarName", "uTorrentControl_v6 ");user_pref("CT3289075.startPage", "false");user_pref("CT3289075.toolbarBornServerTime", "29-4-2013");user_pref("CT3289075.toolbarCurrentServerTime", "23-10-2014");user_pref("CT3289075.toolbarLoginClientTime", "Mon Apr 29 2013 13:33:30 GMT-0700 (Pacific Daylight Time)");user_pref("CT3289075.url_history0001.enc", "aHR0cDovL3RvcnJlbnRzLnRoZXBpcmF0ZWJheS5pcy84MzA2OTQ0L1VuZGVyc3RhbmRpbmdfVGhlX0VuZF9UaW1lXy1fRW5kVGltZV9NaW5pc3RyaWVzX0RWRF9TZXJpZXMuser_pref("CT3289075_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1414071777012,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}user_pref("CT3289847.installerVersion", "1.3.7.3");user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource=61&CUI=UN24292931124034531&UM=2&UP=SP5EF22879-5BFB-4C66-A9FAuser_pref("Smartbar.TBHomepagesList", "hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource=61&CUI=UN24292931124034531&UM=2&UP=SP5EF22879-5BFB-4C66-A9FA-F98Fuser_pref("adblock.patterns", "!Filterset.G[hxxp://www.pierceive.com/]=2008-03-08a-MERGED .adquest.nl .adreporting.com .geldrace.nl .site-id.nl /(\\Wadv|banner|promo)s?(\\.(?!user_pref("browser.search.defaulturl", "hxxp://search.aol.com/search/search?q={searchTerms}&s_it=outbrowseaol-ff&s_qt=sb&tb_uuid=20130313213208813&tb_oid=13-03-2013&tb_mrud=14user_pref("browser.search.order.11", "Dogpile");user_pref("browser.search.order.14", "Ixquick");user_pref("browser.search.order.17", "Ask.com");user_pref("browser.search.order.20", "Ask.com");user_pref("browser.search.searchbox.width", 211);user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3289075&CUI=UN28802607355421254&UM=2&SearchSource=13");user_pref("extensions.508575687d6eb.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.locatiouser_pref("extensions.SortCustomizationDialog.existingButtons", "{\"navigator-toolbox\":[\"BetterPrivacyButton\",\"about-application\",\"about-disk-cache\",\"about-mem-cache\"user_pref("extensions.adblockplus.synch.Filterset.G.patterns", "!Filterset.G[hxxp://www.pierceive.com/]=2008-03-08a-MERGED .adquest.nl .adreporting.com .geldrace.nl .site-id.nuser_pref("extensions.gophoto@gophoto.it.install-event-fired", true);user_pref("fgupdater.patterns", "!Filterset.G[hxxp://www.pierceive.com/]=2008-03-08a-MERGED .adquest.nl .adreporting.com .geldrace.nl .site-id.nl /(\\Wadv|banner|promo)s?(\\.(user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource=61&CUI=UN24292931124034531&UM=2&UP=SPCEF4612F-30F5-44AB-A70B-user_pref("smartbar.homePageOwnerCTID", "CT3289075");user_pref("smartbar.homepageList", "hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource=61&CUI=UN24292931124034531&UM=2&UP=SPCEF4612F-30F5-44AB-A70B-93D5F82user_pref("smartbar.machineId", "QZYUI+7FONE9AJ+/EXE+RXEUPJJHCRVBUHA+PZ28YM6YDX0WIT1LZD0JXTNS57KXXAXXXYIV++P51TNJ9CCRBQ");user_pref("valueApps.CT3289075./9B+7E+x305.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E,x305.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E-x305.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E.:2z527.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E.x305.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E/x305.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E06CG5EL8:", "6E6C706E736D756D7275");user_pref("valueApps.CT3289075./9B+7E06CG5EL8:.storedInFile", false);user_pref("valueApps.CT3289075./9B+7E06CG5EL;8I:K", "247E2D2F226A7472767479737B73787B242F4B49474F42357D5D5C3D");user_pref("valueApps.CT3289075./9B+7E06CG5EL;8I:K.storedInFile", false);user_pref("valueApps.CT3289075./9B+7E0x305.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E1x305.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E2x305.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E31;CJ3J@F<JKC?&QFI.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E31;CJ7FK;;\"MBE.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E31;CJ:6:D:NB$ODG.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E31;CJ:F8J?\"MBE.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E31;CJ=F:J?CO$ODG", "247E61393F236B25747679727B2B222D6F4250454E337B354A5347574C505C315C5154413843266358535B5659534C354E7B7E5148533673766458user_pref("valueApps.CT3289075./9B+7E31;CJ=F:J?CO$ODG.storedInFile", false);user_pref("valueApps.CT3289075./9B+7E31;CJ=J@6M=KO9?OB)HFR", "247E61393F236B2575717573792B222D6F4250454E337B354A574D435A4A585C464C5C4F3655535F463D482B686B594D364F4043524954376user_pref("valueApps.CT3289075./9B+7E31;CJ=J@6M=KO9?OB)HFR.storedInFile", false);user_pref("valueApps.CT3289075./9B+7E31;CJ@6CJIKH8PAKQ)TIL", "247E61393F236B2575787871732B222D6F4250454E337B354D435057565855455D4E585E36615659463D482B685D58605B5E58513A5321245user_pref("valueApps.CT3289075./9B+7E31;CJ@6CJIKH8PAKQ)TIL.storedInFile", false);user_pref("valueApps.CT3289075./9B+7E31;CJBJ:K?=J?MJMMB*UJM.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E31;CJEIK4!LAD.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E31;CJEIK4!LO.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E31;CJF<@AM=<?MN'RGJ.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E31;CJFF@9MLA$ODG", "247E61393F236B25757778717A2B222D6F4250454E337B3553534D465A594E315C5154413843266358535B5659534C354E7B7E5148536564687464user_pref("valueApps.CT3289075./9B+7E31;CJFF@9MLA$ODG.storedInFile", false);user_pref("valueApps.CT3289075./9B+7E31;CJG=G9!LAD", "247E61393F236B256E747329202B6D404E434C317933524852442C574C4F3C333E214D4E57432C4534473E49565A614D365550606E6D543D565D68657user_pref("valueApps.CT3289075./9B+7E31;CJG=G9!LAD.storedInFile", false);user_pref("valueApps.CT3289075./9B+7E31;CJGJ:GM7#NCF", "247E61393F236B256E74757A2A212C6E414F444D327A345356465359432F5A4F523F364124615651595457514A334C797C4F465134717462563F584user_pref("valueApps.CT3289075./9B+7E31;CJGJ:GM7#NCF.storedInFile", false);user_pref("valueApps.CT3289075./9B+7E31;CJGJJHBN=$ODG.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E31;CJHB2;M;K$ODG", "247E61393F236B2576727171772B222D6F4250454E337B35554F3F485A4858315C5154413843266358535B5659534C354E7B7E5148533662636C58user_pref("valueApps.CT3289075./9B+7E31;CJHB2;M;K$ODG.storedInFile", false);user_pref("valueApps.CT3289075./9B+7E31;CJI68>:=OMMA'RGJ.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E31;CJI>K3?A#NCF.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E31;CJIG=KI\"MBE.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E3x305.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E4x305.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E5x305.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E6x305.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E7x305.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E8x305.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E9x305.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E:x305.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E;x305.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E<x305.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E=x305.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E>x305.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E?x305.storedInFile", true);user_pref("valueApps.CT3289075./9B+7E@x305.storedInFile", true);user_pref("valueApps.CT3289075./9B+7EAx305.storedInFile", true);user_pref("valueApps.CT3289075./9B+7EBE3G=;D9N9=D", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");user_pref("valueApps.CT3289075./9B+7EBE3G=;D9N9=D.storedInFile", false);user_pref("valueApps.CT3289075./9B+7EBx305.storedInFile", true);user_pref("valueApps.CT3289075./9B+7ECx305.storedInFile", true);user_pref("valueApps.CT3289075./9B+7EDx305.storedInFile", true);user_pref("valueApps.CT3289075./9B+7Etx305.storedInFile", true);user_pref("valueApps.CT3289075./9B-0?3G>D", "666D4070734370437A43744678204C7A7C4D25235121502A2753575855562B265C2F5F31");user_pref("valueApps.CT3289075./9B-0?3G>D.storedInFile", false);user_pref("valueApps.CT3289075./9B-0?3G@6:5;", "");user_pref("valueApps.CT3289075./9B-0?3G@6:5;.storedInFile", false);user_pref("valueApps.CT3289075./9B-0?3GFA7EF", "2B2E2C3D");user_pref("valueApps.CT3289075./9B-0?3GFA7EF.storedInFile", false);user_pref("valueApps.CT3289075./9B-3=3ECCJA=F>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A2329282A31323334353A455F67566B5D67566F596B5F5F6A6567553E72786E68776user_pref("valueApps.CT3289075./9B-3=3ECCJA=F>.storedInFile", false);user_pref("valueApps.CT3289075./9B/>01=9A6K6<IM;KRIE@PDAWM", "6A696B7273747576");user_pref("valueApps.CT3289075./9B/>01=9A6K6<IM;KRIE@PDAWM.storedInFile", false);user_pref("valueApps.CT3289075./9B3=>@44I48?", "372C2D32697576334236334148474C213F3E484F4E4D4648502B564B4E2E5959595F4C564F3764535750");user_pref("valueApps.CT3289075./9B3=>@44I48?.storedInFile", false);user_pref("valueApps.CT3289075./9B5BA==9CJAG", "3B3F6B3F3F6C3F6D7A4271767B73797B7E7B4B797A");user_pref("valueApps.CT3289075./9B5BA==9CJAG.storedInFile", false);user_pref("valueApps.CT3289075./9B6B11G4C56B>F;P;ANR@P", "6E6C706E736D756D7370767A7A");user_pref("valueApps.CT3289075./9B6B11G4C56B>F;P;ANR@P.storedInFile", false);user_pref("valueApps.CT3289075./9B90E@.3C;7B=?OFB>>RHIQS", "393F352F3E");user_pref("valueApps.CT3289075./9B90E@.3C;7B=?OFB>>RHIQS.storedInFile", false);user_pref("valueApps.CT3289075./9B9643G3/9E", "6A");user_pref("valueApps.CT3289075./9B9643G3/9E.storedInFile", false);user_pref("valueApps.CT3289075./9B;45>:BI9I7IE", "2B2E2C3D");user_pref("valueApps.CT3289075./9B;45>:BI9I7IE.storedInFile", false);user_pref("valueApps.CT3289075./9B<:222H64<", "393F352F3E");user_pref("valueApps.CT3289075./9B<:222H64<.storedInFile", false);user_pref("valueApps.CT3289075./9B<:222H64<L8DAJ", "6D70706E7673757975782A7979727C7E757D7D");user_pref("valueApps.CT3289075./9B<:222H64<L8DAJ.storedInFile", false);user_pref("valueApps.CT3289075./9B=+03EH8H8J?:", "4443");user_pref("valueApps.CT3289075./9B=+03EH8H8J?:.storedInFile", false);user_pref("valueApps.CT3289075./9B?+E2A52D8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");user_pref("valueApps.CT3289075./9B?+E2A52D8.storedInFile", false);user_pref("valueApps.CT3289075./9B?B0D:8AJ62<H", "6D");user_pref("valueApps.CT3289075./9B?B0D:8AJ62<H.storedInFile", false);user_pref("valueApps.CT3289075./9BA@0<0BI6A7GN:6@L?", "6C");user_pref("valueApps.CT3289075./9BA@0<0BI6A7GN:6@L?.storedInFile", false);user_pref("valueApps.CT3289075.PG_ENABLE", "74727565");user_pref("valueApps.CT3289075.PG_ENABLE.storedInFile", false);user_pref("valueApps.CT3289075.SF_JUST_INSTALLED", "46414C5345");user_pref("valueApps.CT3289075.SF_JUST_INSTALLED.storedInFile", false);user_pref("valueApps.CT3289075.SF_STATUS", "454E41424C4544");user_pref("valueApps.CT3289075.SF_STATUS.storedInFile", false);user_pref("valueApps.CT3289075.SF_USER_ID", "6369645F3230313032303134353130333131303332383335");user_pref("valueApps.CT3289075.SF_USER_ID.storedInFile", false);user_pref("valueApps.CT3289075.cb_experience_000", "3937");user_pref("valueApps.CT3289075.cb_experience_000.storedInFile", false);user_pref("valueApps.CT3289075.cb_firstuse0100", "31");user_pref("valueApps.CT3289075.cb_firstuse0100.storedInFile", false);user_pref("valueApps.CT3289075.cb_user_id_000", "43423337323130383039303636365F313431333830373033333233365F46697265666F78");user_pref("valueApps.CT3289075.cb_user_id_000.storedInFile", false);user_pref("valueApps.CT3289075.cbfirsttime", "4D6F6E204F637420323020323031342030353A31303A333320474D542D30373030202850616369666963205374616E646172642054696D6529");user_pref("valueApps.CT3289075.cbfirsttime.storedInFile", false);user_pref("valueApps.CT3289075.mam_gk_appStateReportTime", "31343134303730393436323935");user_pref("valueApps.CT3289075.mam_gk_appStateReportTime.storedInFile", false);user_pref("valueApps.CT3289075.mam_gk_appState_CouponBuddy", "6F6E");user_pref("valueApps.CT3289075.mam_gk_appState_CouponBuddy.storedInFile", false);user_pref("valueApps.CT3289075.mam_gk_appState_Easytobook", "6F6E");user_pref("valueApps.CT3289075.mam_gk_appState_Easytobook.storedInFile", false);user_pref("valueApps.CT3289075.mam_gk_appState_Easytobook_targeted", "6F6E");user_pref("valueApps.CT3289075.mam_gk_appState_Easytobook_targeted.storedInFile", false);user_pref("valueApps.CT3289075.mam_gk_appState_Find-a-Pro", "6F6E");user_pref("valueApps.CT3289075.mam_gk_appState_Find-a-Pro.storedInFile", false);user_pref("valueApps.CT3289075.mam_gk_appState_PopBITGames", "6F6E");user_pref("valueApps.CT3289075.mam_gk_appState_PopBITGames.storedInFile", false);user_pref("valueApps.CT3289075.mam_gk_appState_PriceGong", "6F6E");user_pref("valueApps.CT3289075.mam_gk_appState_PriceGong.storedInFile", false);user_pref("valueApps.CT3289075.mam_gk_appState_WindowShopper", "6F6E");user_pref("valueApps.CT3289075.mam_gk_appState_WindowShopper.storedInFile", false);user_pref("valueApps.CT3289075.mam_gk_appsConfig.storedInFile", true);user_pref("valueApps.CT3289075.mam_gk_appsDefaultEnabled", "6E756C6C");user_pref("valueApps.CT3289075.mam_gk_appsDefaultEnabled.storedInFile", false);user_pref("valueApps.CT3289075.mam_gk_calledSetupService", "31");user_pref("valueApps.CT3289075.mam_gk_calledSetupService.storedInFile", false);user_pref("valueApps.CT3289075.mam_gk_currentVersion", "312E31332E302E3137");user_pref("valueApps.CT3289075.mam_gk_currentVersion.storedInFile", false);user_pref("valueApps.CT3289075.mam_gk_existingUsersRecoveryDone", "31");user_pref("valueApps.CT3289075.mam_gk_existingUsersRecoveryDone.storedInFile", false);user_pref("valueApps.CT3289075.mam_gk_first_time", "31");user_pref("valueApps.CT3289075.mam_gk_first_time.storedInFile", false);user_pref("valueApps.CT3289075.mam_gk_lastLoginTime", "31343134303730393436353930");user_pref("valueApps.CT3289075.mam_gk_lastLoginTime.storedInFile", false);user_pref("valueApps.CT3289075.mam_gk_localization.storedInFile", true);user_pref("valueApps.CT3289075.mam_gk_mamEnabled", "74727565");user_pref("valueApps.CT3289075.mam_gk_mamEnabled.storedInFile", false);user_pref("valueApps.CT3289075.mam_gk_migrated_from_ls", "31");user_pref("valueApps.CT3289075.mam_gk_migrated_from_ls.storedInFile", false);user_pref("valueApps.CT3289075.mam_gk_new_welcome_experience", "31");user_pref("valueApps.CT3289075.mam_gk_new_welcome_experience.storedInFile", false);user_pref("valueApps.CT3289075.mam_gk_settings1.13.0.17.storedInFile", true);user_pref("valueApps.CT3289075.mam_gk_showWelcomeGadget", "66616C7365");user_pref("valueApps.CT3289075.mam_gk_showWelcomeGadget.storedInFile", false);user_pref("valueApps.CT3289075.mam_gk_stamp", "313139395F30");user_pref("valueApps.CT3289075.mam_gk_stamp.storedInFile", false);user_pref("valueApps.CT3289075.mam_gk_userBornDate", "4E2F41");user_pref("valueApps.CT3289075.mam_gk_userBornDate.storedInFile", false);user_pref("valueApps.CT3289075.mam_gk_userId", "61643731313130662D356433372D343336322D383635302D613164613164613638613862");user_pref("valueApps.CT3289075.mam_gk_userId.storedInFile", false);user_pref("valueApps.CT3289075.mam_gk_user_approval_interacted", "31");user_pref("valueApps.CT3289075.mam_gk_user_approval_interacted.storedInFile", false);user_pref("valueApps.CT3289075.mam_gk_welcomeDialogMode", "31");user_pref("valueApps.CT3289075.mam_gk_welcomeDialogMode.storedInFile", false);user_pref("valueApps.CT3289075.url_history0001", "68747470733A2F2F7777772E676F6F676C652E636F6D3A3A3A636C69636B68616E646C65723A3A3A313431333830373730323431312C2C2C68747470733A2user_pref("valueApps.CT3289075.url_history0001.storedInFile", true);user_pref("valueApps.storage.mam_gk_userId", "61643731313130662D356433372D343336322D383635302D613164613164613638613862");user_pref("winamp_toolbar.search.searchtype", "web");Emptied folder: C:\Users\JimSr\AppData\Roaming\mozilla\firefox\profiles\66wtze36.default\minidumps [71 files]~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Fri 10/24/2014 at 17:12:24.73End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v4.001 - Report created 24/10/2014 at 17:23:31# DB v2014-10-23.2# Updated 20/10/2014 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : JimSr - PC# Running from : C:\Users\JimSr\Laptop\AdwCleaner.exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] *****Folder Deleted : C:\Users\JimSr\AppData\Local\Browser GuardianFolder Deleted : C:\Users\JimSr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Guardian***** [ Scheduled Tasks ] ********** [ Shortcuts ] ********** [ Registry ] *****Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}***** [ Browsers ] *****-\\ Internet Explorer v11.0.9600.17207-\\ Mozilla Firefox v21.0 (en-US)-\\ Google Chrome v38.0.2125.104*************************AdwCleaner[R0].txt - [7061 octets] - [23/10/2014 07:01:46]AdwCleaner[R1].txt - [7121 octets] - [23/10/2014 07:04:10]AdwCleaner[R2].txt - [1081 octets] - [23/10/2014 07:12:02]AdwCleaner[R3].txt - [1077 octets] - [23/10/2014 07:17:49]AdwCleaner[R4].txt - [1198 octets] - [23/10/2014 07:22:12]AdwCleaner[R5].txt - [1318 octets] - [23/10/2014 07:27:27]AdwCleaner[R6].txt - [1676 octets] - [24/10/2014 17:20:58]AdwCleaner[s0].txt - [6863 octets] - [23/10/2014 07:07:24]AdwCleaner[s1].txt - [1137 octets] - [23/10/2014 07:13:49]AdwCleaner[s2].txt - [1132 octets] - [23/10/2014 07:20:04]AdwCleaner[s3].txt - [1253 octets] - [23/10/2014 07:24:45]AdwCleaner[s4].txt - [1373 octets] - [23/10/2014 07:37:08]AdwCleaner[s5].txt - [1596 octets] - [24/10/2014 17:23:31]########## EOF - C:\AdwCleaner\AdwCleaner[s5].txt - [1656 octets] ########## Link to post Share on other sites More sharing options...
Maniac Posted October 25, 2014 ID:896051 Share Posted October 25, 2014 Looks good. Please try to update Malwarebytes' Anti-Malware again and perform a threat scan. Next, please generate a new fresh FRST log and post it in your next reply. Link to post Share on other sites More sharing options...
jimeee Posted October 25, 2014 Author ID:896121 Share Posted October 25, 2014 Good Morning Borislav: Thank you so much for your help. It is good to have MBAM working again. I ran it and it found a lot of stuff including a lot of the "conduit" remnants. I ran FRST and here are the log: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-10-2014Ran by JimSr (administrator) on PC on 25-10-2014 08:24:11Running from C:\Users\JimSr\LaptopLoaded Profile: JimSr (Available profiles: JimSr & Guest)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(Green Parrots Software) C:\Program Files (x86)\1st Clock\1stClockAdjustTimeSvc.exe(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe(TechSmith Corporation) C:\Program Files (x86)\Snagit 11 by TechSmith\Snagit32.exe(Green Parrots Software) C:\Program Files (x86)\1st Clock\1stClock.exe(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe(Green Parrots Software) C:\Program Files (x86)\1st Clock\ClockApi64.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(TechSmith Corporation) C:\Program Files (x86)\Snagit 11 by TechSmith\TscHelp.exe(TechSmith Corporation) C:\Program Files (x86)\Snagit 11 by TechSmith\SnagPriv.exe(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe(Intel Corporation) C:\Windows\System32\igfxext.exe(TechSmith Corporation) C:\Program Files (x86)\Snagit 11 by TechSmith\SnagitEditor.exe(Microsoft Corporation) C:\Windows\splwow64.exe(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Firetrust Ltd) C:\Program Files (x86)\FireTrust\MailWasher Pro v2.54\MailWasher.exe(Avanquest Software USA, Inc.) C:\Program Files (x86)\PowerDesk\PDExplo.exe(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [] => [X]HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-26] (Realtek Semiconductor)HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logonHKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-05-24] (TOSHIBA Corporation)HKLM\...\Run: [intelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-06-01] (Intel® Corporation)HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation)HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)HKLM-x32\...\Run: [sVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2010-11-09] (TOSHIBA CORPORATION)HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2011-03-10] (TOSHIBA Electronics, Inc.)HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-16] (TOSHIBA CORPORATION)HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)HKLM\...\Policies\Explorer: [HideSCAHealth] 1HKU\S-1-5-21-4081394799-3261339810-3636942153-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)HKU\S-1-5-21-4081394799-3261339810-3636942153-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [111320 2014-10-10] (Siber Systems)HKU\S-1-5-21-4081394799-3261339810-3636942153-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)HKU\S-1-5-21-4081394799-3261339810-3636942153-1000\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7767832 2014-10-01] (SUPERAntiSpyware)HKU\S-1-5-21-4081394799-3261339810-3636942153-1000\...\Policies\system: [DisableLockWorkstation] 0HKU\S-1-5-21-4081394799-3261339810-3636942153-1000\...\Policies\Explorer: [HideSCAHealth] 1HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 1Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 11.lnkShortcutTarget: Snagit 11.lnk -> C:\Program Files (x86)\Snagit 11 by TechSmith\Snagit32.exe (TechSmith Corporation)Startup: C:\Users\JimSr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1st Clock.lnkShortcutTarget: 1st Clock.lnk -> C:\Program Files (x86)\1st Clock\1stClock.exe (Green Parrots Software)Startup: C:\Users\JimSr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.refdesk.comSearchScopes: HKLM - {71A7F33B-5FE3-45D2-B2BA-0B12ED7D1E21} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNPSearchScopes: HKLM - {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSESearchScopes: HKLM-x32 - {71A7F33B-5FE3-45D2-B2BA-0B12ED7D1E21} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNPSearchScopes: HKCU - DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSESearchScopes: HKCU - {71A7F33B-5FE3-45D2-B2BA-0B12ED7D1E21} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNPSearchScopes: HKCU - {75B246F8-A801-4EF0-A084-9DB88193C01A} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS457SearchScopes: HKCU - {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSEBHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabHandler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No FileHandler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1Tcpip\..\Interfaces\{8EDF71BD-CEFE-42A7-83EB-E40A7FBAE00A}: [NameServer] 0.0.0.0FireFox:========FF ProfilePath: C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.defaultFF DefaultSearchEngine: AOL SearchFF SearchEngineOrder.1: Black Box - GoogleFF SearchEngineOrder.10: Creative CommonsFF SearchEngineOrder.12: eBayFF SearchEngineOrder.13: IMDBFF SearchEngineOrder.15: YahooFF SearchEngineOrder.16: Yahoo! AnswersFF SearchEngineOrder.2: Black Box - MSNFF SearchEngineOrder.3: BingFF SearchEngineOrder.4: GoogleFF SearchEngineOrder.5: Wikipedia (English)FF SearchEngineOrder.6: A9FF SearchEngineOrder.7: AskJeevesFF SearchEngineOrder.8: Amazon.comFF SearchEngineOrder.9: Answers.comFF NetworkProxy: "http", "58.56.33.99:8088"FF NetworkProxy: "http_port", 80FF NetworkProxy: "type", 0FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ ()FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ ()FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VLC by VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\JimSr\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\JimSr\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)FF SearchPlugin: C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\searchplugins\IMDB.xmlFF SearchPlugin: C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\searchplugins\jeeves.xmlFF SearchPlugin: C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\searchplugins\searchplugins-backupFF SearchPlugin: C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\searchplugins\youtube.xmlFF Extension: Flash Video Downloader - YouTube Full HD Download - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\artur.dubovoy@gmail.com [2014-08-03]FF Extension: Link Alert - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\linkalert.conlan@addons.mozilla.com [2012-03-14]FF Extension: No Name - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\nostmp [2012-03-14]FF Extension: Analytics - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\plugin@analytic-s.com [2013-11-04]FF Extension: Shorten URL - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\ShortenURL@loucypher [2012-03-14]FF Extension: Toolbar Buttons - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688} [2012-03-14]FF Extension: ColorfulTabs - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-09-26]FF Extension: MouseZoom - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\{28FAD68E-4001-48d5-B994-68069F7CFB1D} [2012-03-14]FF Extension: PDF Download - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2012-03-14]FF Extension: Flashblock - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2013-04-15]FF Extension: FEBE - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2014-06-14]FF Extension: Compact Menu 2 - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\{57068FBE-1506-42ee-AB02-BD183E7999E4} [2012-03-14]FF Extension: Cookies Manager+ - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [2013-07-25]FF Extension: Answers - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51} [2012-03-14]FF Extension: User Agent Switcher - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1} [2012-03-14]FF Extension: Adblock Plus Pop-up Addon - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\adblockpopups@jessehakanen.net.xpi [2013-11-04]FF Extension: Add to Search Bar - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\add-to-searchbox@maltekraus.de.xpi [2013-03-09]FF Extension: Personal Menu - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\CompactMenuCE@Merci.chao.xpi [2013-03-09]FF Extension: Morning Coffee - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\morningCoffee@shaneliesegang.xpi [2012-03-14]FF Extension: Sort and Search Customization Dialogs - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\sortcustomizationdialog@mozdev.org.xpi [2013-03-09]FF Extension: عارض PDF - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\uriloader@pdf.js.xpi [2012-05-18]FF Extension: Console² - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe80}.xpi [2012-03-14]FF Extension: Print/Print Preview - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1}.xpi [2012-03-14]FF Extension: Image Zoom - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2013-05-23]FF Extension: PDFescape Extension - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\{2A1D5949-B519-4924-BF62-8522FE0D5274}.xpi [2012-03-14]FF Extension: Stylish - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2013-03-09]FF Extension: IE View - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}.xpi [2012-03-14]FF Extension: Live IP Address - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\{7C9AE782-DB21-4e40-81FB-AD8A53A6233A}.xpi [2013-02-14]FF Extension: View Cookies - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\{8F6A6FD9-0619-459f-B9D0-81DE065D4E21}.xpi [2013-03-09]FF Extension: CoolPreviews - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi [2012-08-28]FF Extension: Adblock Plus - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-03-14]FF Extension: BetterPrivacy - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012-03-14]FF Extension: Download Statusbar - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2013-08-03]FF Extension: Tab Mix Plus - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012-03-14]FF Extension: DownThemAll! - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012-03-14]FF Extension: Menu Editor - C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\Extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi [2013-03-09]FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-05]FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-28]FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\FirefoxFF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2011-12-25]FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExtFF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-10-11]FF HKCU\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\FirefoxChrome:=======CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3289847&SearchSource=48&CUI=UN10509465478422378&UM=2&UP=SP37D93716-1209-468E-826A-A9738E35D631&SSPV=CHR StartupUrls: Default -> "hxxp://calvarycch.org/media_center.php", "hxxp://td-ee.tdn.com/eedition/", "https://www.netflix.com/ProfilesGate?nextpage=http%3A%2F%2Fwww.netflix.com%2FDefault"CHR DefaultSearchKeyword: Default -> conduit.searchCHR DefaultSearchURL: Default -> http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&cui=UN10509465478422378&ctid=CT3289847&UM=2&UP=SP37D93716-1209-468E-826A-A9738E35D631&SSPV=CHR DefaultSuggestURL: Default -> http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\gcswf32.dll No FileCHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll No FileCHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No FileCHR Plugin: (Java Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No FileCHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No FileCHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ppGoogleNaClPluginChrome.dll No FileCHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll ()CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll No FileCHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll No FileCHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (Default Plug-in) - default_plugin No FileCHR Profile: C:\Users\JimSr\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\JimSr\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-31]CHR Extension: (YouTube) - C:\Users\JimSr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-27]CHR Extension: (Google Cast) - C:\Users\JimSr\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2013-12-20]CHR Extension: (Google Search) - C:\Users\JimSr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-27]CHR Extension: (Logitech Smooth Scrolling) - C:\Users\JimSr\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-10-11]CHR Extension: (Google Wallet) - C:\Users\JimSr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-07]CHR Extension: (Gmail) - C:\Users\JimSr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-27]CHR Extension: (RoboForm) - C:\Users\JimSr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-02-20]CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-02-20]CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-02-20]==================== Services (Whitelisted) =================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)R2 GPAdjustTimeService; C:\Program Files (x86)\1st Clock\1stClockAdjustTimeSvc.exe [467968 2009-11-09] (Green Parrots Software) [File not signed]R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-06-01] ()R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)R2 Thpsrv; C:\windows\system32\ThpSrv.exe [558592 2011-04-20] (TOSHIBA Corporation) [File not signed]==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R3 easytether; C:\Windows\System32\DRIVERS\easytthr.sys [20784 2012-10-28] (Mobile Stream)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-09-17] (Anchorfree Inc.)==================== NetSvcs (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)==================== One Month Created Files and Folders ========(If an entry is included in the fixlist, the file\folder will be moved.)2014-10-25 08:24 - 2014-10-25 08:25 - 00032738 _____ () C:\Users\JimSr\Laptop\FRST.txt2014-10-25 08:23 - 2014-10-25 08:23 - 00000000 ____D () C:\Users\JimSr\Laptop\FRST-OlderVersion2014-10-25 08:15 - 2014-10-25 08:15 - 00000218 _____ () C:\Users\JimSr\.recently-used.xbel2014-10-25 08:08 - 2014-10-25 08:08 - 00000000 ____D () C:\Users\JimSr\Downloads\mbar2014-10-25 06:51 - 2014-10-25 06:51 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\JimSr\Downloads\mbam-setup-2.0.3.1025.exe2014-10-24 19:09 - 2014-10-24 19:09 - 00002092 _____ () C:\Users\JimSr\Documents\MBAM Borislav help.txt2014-10-24 17:18 - 2014-10-24 17:18 - 01962496 _____ () C:\Users\JimSr\Laptop\AdwCleaner.exe2014-10-24 17:09 - 2014-10-24 17:09 - 00000000 ____D () C:\windows\ERUNT2014-10-24 17:05 - 2014-10-24 17:05 - 01706144 _____ (Thisisu) C:\Users\JimSr\Laptop\JRT.exe2014-10-24 09:42 - 2014-10-25 08:24 - 00000000 ____D () C:\FRST2014-10-24 09:42 - 2014-10-25 08:23 - 02112512 _____ (Farbar) C:\Users\JimSr\Laptop\FRST64.exe2014-10-24 09:03 - 2014-10-24 09:03 - 00688992 ____R (Swearware) C:\Users\JimSr\Downloads\dds.com2014-10-23 07:17 - 2014-10-23 07:17 - 00001182 _____ () C:\Users\JimSr\Downloads\adwcleaner_4.001.exe - Shortcut.lnk2014-10-23 07:09 - 2014-10-25 07:26 - 00059520 _____ () C:\windows\PFRO.log2014-10-23 07:09 - 2014-10-25 07:26 - 00000504 _____ () C:\windows\setupact.log2014-10-23 07:09 - 2014-10-23 07:09 - 00000000 _____ () C:\windows\setuperr.log2014-10-23 07:01 - 2014-10-24 17:23 - 00000000 ____D () C:\AdwCleaner2014-10-23 06:27 - 2014-10-23 06:27 - 00001800 _____ () C:\Users\JimSr\Documents\cc_20141023_062751.reg2014-10-22 21:35 - 2014-10-25 07:27 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware2014-10-22 21:35 - 2014-10-22 21:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware2014-10-22 21:31 - 2014-10-22 21:30 - 19942304 _____ (SUPERAntiSpyware) C:\Users\JimSr\Downloads\SUPERAntiSpywareProV 6.0.1158 .exe2014-10-22 18:03 - 2014-10-25 06:53 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2014-10-22 18:03 - 2014-10-25 06:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-10-22 18:02 - 2014-10-25 06:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-10-22 18:02 - 2014-10-22 18:02 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-10-22 18:02 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys2014-10-22 18:02 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys2014-10-22 18:02 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys2014-10-22 14:02 - 2014-10-22 14:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth2014-10-22 12:46 - 2014-10-22 12:46 - 00000000 ____D () C:\Program Files (x86)\Autoruns2014-10-22 12:46 - 2014-09-11 08:57 - 00593080 _____ (Sysinternals - www.sysinternals.com) C:\Users\JimSr\Laptop\Autoruns.exe2014-10-22 08:52 - 2014-10-22 08:52 - 00000000 ____D () C:\Users\JimSr\Downloads\Autoruns2014-10-22 08:51 - 2014-10-22 08:51 - 00511633 _____ () C:\Users\JimSr\Downloads\Autoruns.zip2014-10-21 22:23 - 2014-10-21 22:23 - 00004402 _____ () C:\Users\JimSr\Documents\cc_20141021_222346.reg2014-10-19 05:55 - 2014-10-19 05:55 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe2014-10-19 05:55 - 2014-10-19 05:55 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe2014-10-19 05:55 - 2014-10-19 05:55 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe2014-10-19 05:55 - 2014-10-19 05:55 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll2014-10-19 05:55 - 2014-10-19 05:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2014-10-17 18:43 - 2014-10-17 18:43 - 00000856 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4081394799-3261339810-3636942153-1000Core1cfea74daf75369.job2014-10-17 09:02 - 2014-10-17 09:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy2014-10-17 09:02 - 2014-10-17 09:02 - 00000000 ____D () C:\Program Files\Speccy2014-10-17 08:43 - 2014-10-17 08:43 - 00002098 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk2014-10-17 08:43 - 2014-10-17 08:43 - 00000000 ____D () C:\Program Files (x86)\Belarc2014-10-17 08:41 - 2014-10-17 08:41 - 03551296 _____ () C:\Users\JimSr\Downloads\Belarcadvisorinstaller.exe2014-10-17 08:24 - 2014-10-17 08:24 - 00000448 _____ () C:\OS © - Shortcut.lnk2014-10-17 07:52 - 2014-10-17 07:52 - 00000000 ____D () C:\Users\JimSr\Downloads\ProcessExplorer2014-10-17 07:51 - 2014-10-17 07:50 - 01188194 _____ () C:\Users\JimSr\Downloads\ProcessExplorer.zip2014-10-13 16:08 - 2014-10-13 16:07 - 00880272 _____ (Google Inc.) C:\Users\JimSr\Downloads\GoogleEupdatesetup.exe2014-10-13 15:56 - 2014-10-13 15:56 - 00880272 _____ (Google Inc.) C:\Users\JimSr\Downloads\googleearthupdatesetup.exe2014-10-13 15:56 - 2014-10-13 15:56 - 00000892 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore1cfe738fb84baef.job2014-10-13 08:44 - 2014-10-13 08:44 - 00001722 _____ () C:\Users\JimSr\Documents\cc_20141013_084422.reg2014-10-11 11:43 - 2014-10-11 11:43 - 00000000 ____D () C:\Users\Public\Documents\Logishrd2014-10-11 11:43 - 2014-10-11 11:43 - 00000000 ____D () C:\ProgramData\Logitech2014-10-11 11:40 - 2014-10-11 11:40 - 00018960 _____ (Logitech, Inc.) C:\windows\system32\Drivers\LNonPnP.sys2014-10-11 11:38 - 2014-10-11 11:38 - 00000000 ____D () C:\Program Files\Logitech2014-10-11 11:36 - 2014-10-11 11:36 - 81533904 _____ (Logitech Inc.) C:\Users\JimSr\Downloads\Logitech SetPoint6.65.62_64.exe2014-10-11 11:32 - 2014-10-11 11:32 - 00000000 ____D () C:\Users\JimSr\AppData\Roaming\Easeware2014-10-11 11:31 - 2014-10-11 11:30 - 02067680 _____ (Easeware ) C:\Users\JimSr\Downloads\Logiteh DriversDownloader_for_setpoint6.61.15_64.exe2014-10-11 11:26 - 2014-10-11 11:43 - 00000000 ____D () C:\Users\JimSr\AppData\Roaming\Logitech2014-10-11 11:26 - 2014-10-11 11:26 - 03677488 _____ (Logitech Inc.) C:\Users\JimSr\Downloads\Logitech SetPoint6.65.62_smart.exe2014-10-11 11:26 - 2014-10-11 11:26 - 00000000 ____D () C:\Users\JimSr\AppData\Roaming\Logishrd2014-10-10 07:57 - 2014-10-10 07:57 - 16256832 _____ (Siber Systems) C:\Users\JimSr\Downloads\RoboForm7.9.10-Setup.exe2014-10-08 19:47 - 2014-10-08 19:47 - 31766208 _____ (Microsoft Corporation) C:\Users\JimSr\Downloads\Windows-KB890830-x64-V5.16.exe2014-10-08 19:45 - 2014-10-08 19:45 - 00179466 _____ () C:\Users\JimSr\AppData\Local\ars.cache2014-10-08 19:45 - 2014-10-08 19:45 - 00115976 _____ () C:\Users\JimSr\AppData\Local\census.cache2014-10-08 19:44 - 2014-10-08 19:44 - 00000010 _____ () C:\Users\JimSr\AppData\Local\sponge.last.runtime.cache2014-10-08 19:39 - 2014-10-08 19:39 - 02476596 _____ (Trend Micro Inc.) C:\Users\JimSr\Downloads\HousecallLauncher64.exe2014-10-08 19:39 - 2014-10-08 19:39 - 00000036 _____ () C:\Users\JimSr\AppData\Local\housecall.guid.cache2014-10-08 19:39 - 2013-09-02 00:58 - 00175528 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmcomm.sys2014-10-08 19:30 - 2014-10-08 19:30 - 05176232 _____ (F-Secure Corporation) C:\Users\JimSr\Downloads\F-SecureOnlineScanner.exe2014-10-08 19:30 - 2014-10-08 19:30 - 00000000 ____D () C:\ProgramData\F-Secure2014-10-08 19:08 - 2014-10-08 19:08 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\JimSr\Downloads\mbam-setup-2.0.2.1012.exe2014-10-08 19:06 - 2014-10-08 19:06 - 06970168 _____ (Malwarebytes Corporation) C:\Users\JimSr\Downloads\Myfile.exe2014-10-08 12:48 - 2014-10-08 12:48 - 00321848 _____ (Malwarebytes Corporation) C:\Users\JimSr\Downloads\mbam-clean-2.1.1.1001.exe2014-10-08 12:25 - 2014-10-08 12:25 - 00000000 ____D () C:\Users\Guest\AppData\Local\Logitech® Webcam Software2014-10-08 12:25 - 2014-10-08 12:25 - 00000000 ____D () C:\Users\Guest\AppData\Local\CrashDumps2014-10-08 12:24 - 2014-10-08 12:24 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Toshiba2014-10-08 12:23 - 2014-10-08 12:23 - 00000000 ____D () C:\Users\Guest\Documents\Snagit2014-10-08 12:22 - 2014-10-08 12:22 - 00107520 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT2014-10-08 12:22 - 2014-10-08 12:22 - 00001415 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2014-10-08 12:22 - 2014-10-08 12:22 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe2014-10-08 12:22 - 2014-10-08 12:22 - 00000000 ____D () C:\Users\Guest\AppData\Local\TOSHIBA2014-10-08 12:22 - 2014-10-08 12:22 - 00000000 ____D () C:\Users\Guest\AppData\Local\TechSmith2014-10-08 12:22 - 2014-10-08 12:22 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google2014-10-08 12:21 - 2014-10-08 12:22 - 00000000 ____D () C:\Users\Guest2014-10-08 12:21 - 2014-10-08 12:21 - 00000020 ___SH () C:\Users\Guest\ntuser.ini2014-10-08 12:21 - 2014-10-08 12:21 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Intel2014-10-08 12:21 - 2011-07-27 00:11 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Macromedia2014-10-08 12:21 - 2009-07-13 21:54 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2014-10-08 12:21 - 2009-07-13 21:49 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2014-10-08 11:07 - 2014-10-08 11:19 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-10-08 11:06 - 2014-10-08 11:19 - 00000000 ____D () C:\Users\JimSr\Laptop\mbar2014-10-08 09:53 - 2014-10-08 09:53 - 00000000 ____D () C:\Users\JimSr\Downloads\mbam-chameleon-3.1.4.02014-10-08 09:52 - 2014-10-08 09:52 - 04872677 _____ () C:\Users\JimSr\Downloads\mbam-chameleon-3.1.4.0.zip2014-10-08 09:37 - 2014-10-08 09:37 - 00000504 _____ () C:\Users\JimSr\Documents\cc_20141008_093717.reg2014-10-08 09:03 - 2014-10-08 09:03 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\JimSr\Downloads\rkill.exe2014-10-08 07:49 - 2014-10-08 17:44 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\JimSr\Downloads\STOPZILLA.EXE2014-10-08 07:22 - 2014-10-08 07:22 - 00106578 _____ () C:\Users\JimSr\Documents\cc_20141008_072232.reg2014-10-06 21:42 - 2014-10-25 07:31 - 01820631 _____ () C:\windows\WindowsUpdate.log2014-10-06 21:35 - 2014-10-06 21:35 - 04965896 _____ (Piriform Ltd) C:\Users\JimSr\Downloads\ccsetup418.exe==================== One Month Modified Files and Folders =======(If an entry is included in the fixlist, the file\folder will be moved.)2014-10-25 08:24 - 2011-11-12 17:12 - 00000000 ___RD () C:\Users\JimSr\Laptop2014-10-25 08:15 - 2011-11-12 17:12 - 00000000 ____D () C:\Users\JimSr2014-10-25 08:14 - 2012-10-15 15:57 - 00000000 ____D () C:\Users\JimSr\AppData\Roaming\inkscape2014-10-25 07:53 - 2011-10-09 09:58 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job2014-10-25 07:50 - 2012-07-02 18:44 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job2014-10-25 07:41 - 2013-12-20 17:47 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4081394799-3261339810-3636942153-1000UA.job2014-10-25 07:41 - 2013-12-20 17:47 - 00000856 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4081394799-3261339810-3636942153-1000Core.job2014-10-25 07:34 - 2009-07-13 21:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-10-25 07:34 - 2009-07-13 21:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-10-25 07:30 - 2012-12-12 08:48 - 00000000 ____D () C:\Users\JimSr\AppData\Roaming\MailWasherPro2014-10-25 07:28 - 2011-11-13 10:46 - 00000000 ____D () C:\Users\JimSr\AppData\Roaming\Skype2014-10-25 07:26 - 2011-10-09 09:58 - 00000892 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job2014-10-25 07:26 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT2014-10-25 07:26 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\schemas2014-10-25 07:25 - 2014-04-08 10:27 - 00000000 ____D () C:\Users\JimSr\AppData\Local\TB2014-10-25 07:25 - 2011-12-26 10:01 - 00000000 ____D () C:\Users\JimSr\AppData\Local\CrashDumps2014-10-25 07:21 - 2013-11-04 09:21 - 00000510 _____ () C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 11be9e3b-324e-4dc4-8b02-eaec02193844.job2014-10-25 01:00 - 2013-11-04 09:21 - 00000510 _____ () C:\windows\Tasks\SUPERAntiSpyware Scheduled Task cbdb692a-7baa-4eac-b012-9a0b63160470.job2014-10-23 06:12 - 2012-08-09 12:56 - 00000000 ___RD () C:\Users\JimSr\Dropbox2014-10-22 22:18 - 2012-08-09 12:53 - 00000000 ____D () C:\Users\JimSr\AppData\Roaming\Dropbox2014-10-22 21:49 - 2012-03-14 13:23 - 00000000 ____D () C:\Firefox Backups2014-10-22 18:26 - 2012-11-22 10:15 - 00000000 ____D () C:\Program Files (x86)\Nova Development2014-10-22 14:17 - 2012-06-20 10:41 - 00000000 ____D () C:\Program Files\sSUPERAntiSpyware2014-10-22 14:02 - 2011-11-12 19:17 - 00000000 ____D () C:\Users\JimSr\AppData\Local\Google2014-10-21 06:18 - 2014-09-19 04:44 - 00000000 ____D () C:\Users\JimSr\AppData\Local\Adobe2014-10-21 06:18 - 2012-04-03 07:34 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe2014-10-21 06:18 - 2011-07-27 00:11 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl2014-10-19 05:56 - 2013-10-23 21:51 - 00000000 ____D () C:\ProgramData\Oracle2014-10-19 05:55 - 2011-07-27 00:11 - 00000000 ____D () C:\Program Files (x86)\Java2014-10-17 08:42 - 2013-11-11 07:16 - 00000000 ____D () C:\Users\JimSr\Downloads Working2014-10-16 06:07 - 2013-11-07 23:05 - 00000000 ____D () C:\windows\pss2014-10-13 10:28 - 2012-05-12 12:35 - 00000000 ____D () C:\Users\JimSr\AppData\Roaming\vlc2014-10-11 11:40 - 2013-04-01 00:33 - 00000000 ____D () C:\ProgramData\LogiShrd2014-10-11 11:40 - 2013-04-01 00:32 - 00000000 ____D () C:\Program Files\Common Files\logishrd2014-10-11 11:40 - 2013-04-01 00:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech2014-10-10 07:58 - 2011-12-25 10:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm2014-10-08 11:24 - 2012-05-22 09:53 - 00000000 ____D () C:\Users\JimSr\AppData\Roaming\uTorrent2014-10-08 09:27 - 2012-10-13 07:42 - 00000000 ____D () C:\Users\JimSr\Downloads\1INSTALLS since 11.12.20112014-10-06 21:37 - 2011-07-27 16:07 - 00000000 ____D () C:\windows\Panther2014-10-06 21:36 - 2012-08-19 09:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner2014-10-06 21:36 - 2012-08-19 09:11 - 00000000 ____D () C:\Program Files\CCleaner2014-10-06 20:57 - 2014-05-04 21:58 - 00000000 ____D () C:\temp2014-10-06 20:10 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\rescache2014-10-06 20:10 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\PolicyDefinitions2014-10-06 20:09 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\servicing2014-10-06 20:08 - 2012-05-31 06:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client2014-10-06 20:08 - 2011-12-26 09:38 - 00000000 ____D () C:\Users\JimSr\AppData\Roaming\Winamp2014-10-06 20:08 - 2011-11-13 12:20 - 00000000 ____D () C:\Program Files (x86)\PowerDesk2014-10-06 20:08 - 2011-11-12 19:22 - 00000000 ____D () C:\Program Files\Microsoft Security Client2014-10-06 20:08 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\AppCompat2014-10-06 20:08 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared2014-10-06 20:06 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\registration2014-10-03 07:20 - 2013-10-01 06:53 - 00000000 ____D () C:\windows\system32\MRTSome content of TEMP:====================C:\Users\JimSr\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3cexf_.dllC:\Users\JimSr\AppData\Local\Temp\Quarantine.exeC:\Users\JimSr\AppData\Local\Temp\sqlite3.dll==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2014-10-16 00:27==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-10-2014Ran by JimSr at 2014-10-25 08:25:26Running from C:\Users\JimSr\LaptopBoot Mode: Normal============================================================================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}==================== Installed Programs ======================(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)1st Clock Pro 5.0 (Full) (HKLM-x32\...\1st Clock_is1) (Version: 5.0 - Green Parrots Software)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)Adobe AIR (x32 Version: 2.6.0.19140 - Adobe Systems Incorporated) HiddenAdobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)Adobe Reader X (10.1.3) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)Adobe Reader X (10.1.8) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)Bing Maps 3D (HKLM\...\{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}) (Version: 4.0.903.16005 - Microsoft Corporation)Bulk Rename Utility 2.7.1.2 (HKLM-x32\...\Bulk Rename Utility_is1) (Version: - TGRMN Software)CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) HiddenCCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)ChromecastApp (HKCU\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.316.0 - Google Inc.)Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.6.430 - Corel Inc.)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)EasyTether (HKLM-x32\...\{8d3ac0f3-14ee-49ab-9193-a8dbdc6fec0c}) (Version: 1.1.17 - Mobile Stream)EasyTether (Version: 1.1.17 - Mobile Stream) HiddenEasyTether ADB USB driver (HKLM\...\{7DD41AE3-10F5-4C46-961C-FAE786519FFF}) (Version: 1.0.0 - Mobile Stream)erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) HiddenESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )Free YouTube Downloader 3.5.128 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version: - HOW Inc.)Freecorder 5 (HKLM-x32\...\Freecorder5.11) (Version: 5.11 - Applian Technologies Inc.)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) HiddenGPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.05) (Version: 9.05 - Artifex Software Inc.)GTK+ 2.10.13 runtime environment (HKLM-x32\...\WinGTK-2_is1) (Version: - Tor Lillqvist)Inkscape 0.48.2 (HKLM-x32\...\Inkscape) (Version: 0.48.2 - )Intel PROSet Wireless (Version: - ) HiddenIntel PROSet Wireless (x32 Version: - ) HiddenIntel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2430 - Intel Corporation)Intel® PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)Intel® WiDi (HKLM-x32\...\{781A93CD-1608-427D-B7F0-D05C07795B25}) (Version: 2.1.41.0 - Intel Corporation)Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)Java Auto Updater (x32 Version: 2.1.71.14 - Oracle, Inc.) HiddenJMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.57.2 - JMicron Technology Corp.)Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenLabel@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)LibreOffice 3.6 (HKLM-x32\...\{60B2F25C-22CB-4CD9-9168-8C63708DC1A1}) (Version: 3.6.4.3 - The Document Foundation)LibreOffice 3.6 Help Pack (English) (HKLM-x32\...\{39AF2BD0-A69F-4597-8349-790B9F7A8589}) (Version: 3.6.4.3 - The Document Foundation)Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)LWS Facebook (x32 Version: 13.50.854.0 - Logitech) HiddenLWS Gallery (x32 Version: 13.51.827.0 - Logitech) HiddenLWS Help_main (x32 Version: 13.51.828.0 - Logitech) HiddenLWS Launcher (x32 Version: 13.51.828.0 - Logitech) HiddenLWS Motion Detection (x32 Version: 13.51.815.0 - Logitech) HiddenLWS Pictures And Video (x32 Version: 13.51.815.0 - Logitech) HiddenLWS Twitter (x32 Version: 13.30.1346.0 - Logitech) HiddenLWS Webcam Software (x32 Version: 13.51.815.0 - Logitech) HiddenLWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) HiddenLWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) HiddenMailWasher Pro (HKLM-x32\...\MailWasher Pro_is1) (Version: - FireTrust Limited)Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)Monkey's Audio (HKLM-x32\...\Monkey's Audio_is1) (Version: - )Mozilla Firefox 21.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 21.0 (x86 en-US)) (Version: 21.0 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 21.0 - Mozilla)MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)PowerDesk 7 (HKLM-x32\...\{B93251B5-9209-4DAB-867C-AA98D91584CD}) (Version: 7.0.1.1 - Avanquest Publishing USA, Inc.)QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6305 - Realtek Semiconductor Corp.)Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) HiddenRoboForm 7-9-10-1 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-10-1 - Siber Systems)SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.15.0 - SAMSUNG Electronics Co., Ltd.)Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)Snagit 11 (HKLM-x32\...\{F8E3C768-71F3-11E1-9DF7-70804824019B}) (Version: 11.0.1 - TechSmith Corporation)Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1158 - SUPERAntiSpyware.com)Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)theWord (HKLM-x32\...\The Word) (Version: 4.0.0.1342 - Costas Stergiou)Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)Toshiba Book Place (HKLM-x32\...\{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}) (Version: 2.2.7530 - K-NFB Reading Technology, Inc.)TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)TOSHIBA Bulletin Board (Version: 1.6.08.64 - TOSHIBA Corporation) HiddenTOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)TOSHIBA eco Utility (HKLM\...\{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}) (Version: 1.3.5.64 - TOSHIBA Corporation)TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.17.64 - TOSHIBA Corporation)TOSHIBA Face Recognition (Version: 3.1.17.64 - TOSHIBA Corporation) HiddenTOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.12C - TOSHIBA CORPORATION)TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.12C - TOSHIBA CORPORATION) HiddenTOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.1.37C - TOSHIBA CORPORATION)TOSHIBA Hardware Setup (x32 Version: 1.63.1.37C - TOSHIBA CORPORATION) HiddenTOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.2.15 - TOSHIBA Corporation)TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.13.11 - )TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.31 - Toshiba)TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.9.64 - TOSHIBA Corporation)TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)TOSHIBA ReelTime (Version: 1.7.21.64 - TOSHIBA Corporation) HiddenTOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2001 - TOSHIBA Corporation)TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.12 - TOSHIBA)TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.8 - TOSHIBA Corporation)TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.51.2C - TOSHIBA CORPORATION)TOSHIBA Supervisor Password (x32 Version: 1.63.51.2C - TOSHIBA CORPORATION) HiddenTOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.1.64 - TOSHIBA Corporation)TOSHIBA Value Added Package (Version: 1.6.1.64 - TOSHIBA Corporation) HiddenTOSHIBA Value Added Package (x32 Version: 1.6.1.64 - TOSHIBA Corporation) HiddenTOSHIBA VIDEO PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 4.00.7.06-A - TOSHIBA Corporation)TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.3 - TOSHIBA Corporation)TOSHIBA Web Camera Application (x32 Version: 2.0.3.3 - TOSHIBA Corporation) HiddenTOSHIBA Wireless Display Monitor (HKLM-x32\...\{617773AE-ADBA-4479-BB04-65FE7758B35C}) (Version: 1.0.1 - TOSHIBA CORPORATION)TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5B01BCB7-A5D3-476F-AF11-E515BA206591}) (Version: 1.0.5 - TOSHIBA CORPORATION)TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.6 - TOSHIBA)Utility Common Driver (x32 Version: 1.0.52.3C - TOSHIBA) HiddenVLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) HiddenWindows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) HiddenWindows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden==================== Custom CLSID (selected items): ==========================(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)CustomCLSID: HKU\S-1-5-21-4081394799-3261339810-3636942153-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\JimSr\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-4081394799-3261339810-3636942153-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\JimSr\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-4081394799-3261339810-3636942153-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\JimSr\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-4081394799-3261339810-3636942153-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JimSr\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-4081394799-3261339810-3636942153-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JimSr\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-4081394799-3261339810-3636942153-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JimSr\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-4081394799-3261339810-3636942153-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JimSr\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-4081394799-3261339810-3636942153-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JimSr\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-4081394799-3261339810-3636942153-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JimSr\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-4081394799-3261339810-3636942153-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JimSr\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-4081394799-3261339810-3636942153-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JimSr\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)==================== Restore Points =========================22-10-2014 16:25:39 Scheduled Checkpoint22-10-2014 20:57:35 Removed Google Earth.23-10-2014 01:23:39 Removed Print Artist Platinum 24.24-10-2014 07:58:54 Windows Update==================== Hosts content: ==========================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts==================== Scheduled Tasks (whitelisted) =============(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)Task: {084F5945-7C67-451C-BEF8-8A08ACCA5C13} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-13] (Google Inc.)Task: {10ED8DFA-7F99-400A-A91E-A6B49D3D8BB5} - System32\Tasks\SUPERAntiSpyware Scheduled Task cbdb692a-7baa-4eac-b012-9a0b63160470 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)Task: {3F82D891-4BB9-4EA0-B968-798D9E8FB22C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)Task: {4E8AF8B8-DEB6-43C7-978D-41E6F758240C} - System32\Tasks\TOSHIBA Wireless Display Monitor => C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe [2010-12-25] (TOSHIBA CORPORATION)Task: {60BDD09F-2977-4C8A-AE46-4FCAF9156163} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-21] (Adobe Systems Incorporated)Task: {65E440AB-4E1A-45EC-AB1F-21A066EC6033} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4081394799-3261339810-3636942153-1000Core => C:\Users\JimSr\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-20] (Google Inc.)Task: {6D66462C-04D9-4224-8F8E-004E959428C4} - System32\Tasks\SUPERAntiSpyware Scheduled Task 11be9e3b-324e-4dc4-8b02-eaec02193844 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)Task: {99AD46B7-FEC2-465E-AF7E-B5C34F6C9D8C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-13] (Google Inc.)Task: {C92A676A-C84C-4D98-BDF3-D79C2A4C5514} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe <==== ATTENTIONTask: {F01F068C-E016-4C09-894D-EADC1BDC587A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4081394799-3261339810-3636942153-1000UA => C:\Users\JimSr\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-20] (Google Inc.)Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineCore1cfe738fb84baef.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4081394799-3261339810-3636942153-1000Core.job => C:\Users\JimSr\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4081394799-3261339810-3636942153-1000Core1cfea74daf75369.job => C:\Users\JimSr\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4081394799-3261339810-3636942153-1000UA.job => C:\Users\JimSr\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 11be9e3b-324e-4dc4-8b02-eaec02193844.job => C:\Program Files\SUPERAntiSpyware\SASTask.exeTask: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task cbdb692a-7baa-4eac-b012-9a0b63160470.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe==================== Loaded Modules (whitelisted) =============2011-05-31 17:32 - 2011-05-31 17:32 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll2011-06-27 09:16 - 2011-06-27 09:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2010-11-18 17:18 - 2010-11-18 17:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll2010-12-15 15:19 - 2010-12-15 15:19 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll2011-05-31 17:32 - 2011-05-31 17:32 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll2011-02-22 19:22 - 2011-02-22 19:22 - 00429432 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe2011-06-09 21:09 - 2011-06-09 21:09 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll2012-12-12 08:48 - 2010-05-28 14:57 - 00801976 _____ () C:\Program Files (x86)\FireTrust\MailWasher Pro v2.54\ContactsLib.dll2012-12-12 08:48 - 2009-06-25 16:40 - 00977080 _____ () C:\Program Files (x86)\FireTrust\MailWasher Pro v2.54\MCORE.DLL2012-12-12 08:48 - 2010-04-19 09:48 - 00277904 _____ () C:\Program Files (x86)\FireTrust\MailWasher Pro v2.54\sqlite3.dll2012-12-12 08:48 - 2009-08-25 18:51 - 00155320 _____ () C:\Program Files (x86)\FireTrust\MailWasher Pro v2.54\MailPrefs.dll2012-12-12 08:48 - 2008-09-12 18:39 - 00611936 _____ () C:\Program Files (x86)\FireTrust\MailWasher Pro v2.54\MailAnalysis.DLL2012-12-12 08:48 - 2008-09-12 18:40 - 00441440 _____ () C:\Program Files (x86)\FireTrust\MailWasher Pro v2.54\CFSSignatureAlgorithm.DLL2008-02-13 09:28 - 2008-02-13 09:28 - 00106496 _____ () C:\Program Files (x86)\PowerDesk\APMLR.dll2008-02-13 09:31 - 2008-02-13 09:31 - 00073728 _____ () C:\Program Files (x86)\PowerDesk\ThumView.dll2013-07-02 22:20 - 2013-05-23 06:37 - 03128728 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll==================== Alternate Data Streams (whitelisted) =========(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)==================== Safe Mode (whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)==================== EXE Association (whitelisted) =============(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)==================== MSCONFIG/TASK MANAGER disabled items =========(Currently there is no automatic fix for this section.)MSCONFIG\startupfolder: C:^Users^JimSr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\windows\pss\Dropbox.lnk.StartupMSCONFIG\startupfolder: C:^Users^JimSr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\windows\pss\OpenOffice.org 3.4.1.lnk.StartupMSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITORMSCONFIG\startupreg: EasyTether => "C:\Program Files\Mobile Stream\EasyTether\easytthr.exe"MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGamingMSCONFIG\startupreg: Freecorder FLV Service => "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /runMSCONFIG\startupreg: Google Update => "C:\Users\JimSr\AppData\Local\Google\Update\GoogleUpdate.exe" /cMSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hideMSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDEDMSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimeMSCONFIG\startupreg: ReminderApp_EEAC3053-7055-4143-B8A0-306758055099 => C:\Program Files (x86)\Nova Development\Print Artist Platinum 24\ReminderApp.exe========================= Accounts: ==========================Administrator (S-1-5-21-4081394799-3261339810-3636942153-500 - Administrator - Disabled)Guest (S-1-5-21-4081394799-3261339810-3636942153-501 - Limited - Disabled) => C:\Users\GuestHomeGroupUser$ (S-1-5-21-4081394799-3261339810-3636942153-1003 - Limited - Enabled)JimSr (S-1-5-21-4081394799-3261339810-3636942153-1000 - Administrator - Enabled) => C:\Users\JimSr==================== Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================Error: (10/25/2014 07:27:40 AM) (Source: SideBySide) (EventID: 80) (User: )Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.Error: (10/25/2014 07:27:40 AM) (Source: SideBySide) (EventID: 80) (User: )Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.Error: (10/25/2014 07:27:14 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (10/25/2014 07:25:31 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: mbam.exe, version: 1.0.1.711, time stamp: 0x542b53ecFaulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005Fault offset: 0x73250000Faulting process id: 0x1510Faulting application start time: 0xmbam.exe0Faulting application path: mbam.exe1Faulting module path: mbam.exe2Report Id: mbam.exe3Error: (10/25/2014 06:53:00 AM) (Source: SideBySide) (EventID: 80) (User: )Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.Error: (10/25/2014 06:53:00 AM) (Source: SideBySide) (EventID: 80) (User: )Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.Error: (10/25/2014 06:45:08 AM) (Source: SideBySide) (EventID: 80) (User: )Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.Error: (10/25/2014 06:45:08 AM) (Source: SideBySide) (EventID: 80) (User: )Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.Error: (10/25/2014 06:44:54 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (10/25/2014 00:34:26 AM) (Source: SideBySide) (EventID: 80) (User: )Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.System errors:=============Error: (10/25/2014 08:12:18 AM) (Source: Schannel) (EventID: 4102) (User: NT AUTHORITY)Description: A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10001.Microsoft Office Sessions:=========================Error: (10/25/2014 07:27:40 AM) (Source: SideBySide) (EventID: 80) (User: )Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exeError: (10/25/2014 07:27:40 AM) (Source: SideBySide) (EventID: 80) (User: )Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exeError: (10/25/2014 07:27:14 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (10/25/2014 07:25:31 AM) (Source: Application Error) (EventID: 1000) (User: )Description: mbam.exe1.0.1.711542b53ecunknown0.0.0.000000000c000000573250000151001cff05b02dfa4faC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeunknownc5c779e4-5c52-11e4-b1fc-b870f4d7e2daError: (10/25/2014 06:53:00 AM) (Source: SideBySide) (EventID: 80) (User: )Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exeError: (10/25/2014 06:53:00 AM) (Source: SideBySide) (EventID: 80) (User: )Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exeError: (10/25/2014 06:45:08 AM) (Source: SideBySide) (EventID: 80) (User: )Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exeError: (10/25/2014 06:45:08 AM) (Source: SideBySide) (EventID: 80) (User: )Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exeError: (10/25/2014 06:44:54 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (10/25/2014 00:34:26 AM) (Source: SideBySide) (EventID: 80) (User: )Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\JimSr\downloads\esetsmartinstaller_enu.exe==================== Memory info ===========================Processor: Intel® Core i7-2670QM CPU @ 2.20GHzPercentage of memory in use: 48%Total physical RAM: 6050.69 MBAvailable physical RAM: 3122.3 MBTotal Pagefile: 12099.56 MBAvailable Pagefile: 9176.53 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.84 MB==================== Drives ================================Drive c: (OS) (Fixed) (Total:682.07 GB) (Free:388.87 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive f: () (Removable) (Total:59.71 GB) (Free:0.21 GB) exFAT==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: 4FE3BE95)Partition 1: (Active) - (Size=1.5 GB) - (Type=27)Partition 2: (Not Active) - (Size=682.1 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=15.1 GB) - (Type=17)========================================================Disk: 1 (Size: 59.7 GB) (Disk ID: 00000000)Partition: GPT Partition Type.==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Maniac Posted October 25, 2014 ID:896158 Share Posted October 25, 2014 Could you please post your Malwarebytes' Anti-Malware log? Link to post Share on other sites More sharing options...
jimeee Posted October 25, 2014 Author ID:896248 Share Posted October 25, 2014 I notice a lot of stuff on there is U torrent which I uninstalled some time back. I wonder if that is where all of my problem came from? Okay Borislav here is the MBAM log: Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 10/25/2014Scan Time: 6:55:58 AMLogfile:Administrator: YesVersion: 2.00.3.1025Malware Database: v2014.10.25.02Rootkit Database: v2014.10.22.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: JimSrScan Type: Threat ScanResult: CompletedObjects Scanned: 364082Time Elapsed: 22 min, 54 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 0(No malicious items detected)Registry Values: 2PUM.LowRiskFileTypes, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ASSOCIATIONS|LowRiskFileTypes, .zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;.log;, Quarantined, [4e986cac29530b2ba165ca59669ddf21]PUM.LowRiskFileTypes, HKU\S-1-5-21-4081394799-3261339810-3636942153-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ASSOCIATIONS|LowRiskFileTypes, .zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;.log;, Quarantined, [bb2ba276cbb174c2ee183de6f90a25db]Registry Data: 0(No malicious items detected)Folders: 44PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\CacheIcons, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\AddedAppDialog, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\DefualtImages, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\DetectedAppDialog, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\EngineFirstTimeDialog, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\NewSearchProtectorDialog, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\NewSearchProtectorDialog\images, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\SearchProtectorBubbleDialog, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\SearchProtectorBubbleDialog\images, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\SearchProtectorDialog, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\SearchProtectorDialog\Images, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\SearchProtectorRetakeoverDialog, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\SearchProtectorRetakeoverDialog\Images, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\ToolbarFirstTimeDialog, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\ToolbarFirstTimeDialog\images, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\ToolbarUntrustedAppsApprovalDialog, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\UninstallDialog, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\UntrustedAddedAppDialog, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\UntrustedAppApprovalDialog, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\UntrustedAppPendingDialog, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\EmailNotifier, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\ExternalComponent, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Logs, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\MyStuffApps, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\plugins, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Repository, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Repository\conduit_CT3289075_CT3289075, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Repository\conduit_CT3289075_CT3289075\AppsMetaData, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Repository\conduit_CT3289075_CT3289075\DynamicDialogs, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Repository\conduit_CT3289075_CT3289075\ToolbarHiddenLogin, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Repository\conduit_CT3289075_CT3289075\ToolbarHiddenSettings, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Repository\conduit_CT3289075_CT3289075\ToolbarLogin, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Repository\conduit_CT3289075_CT3289075\ToolbarSettings, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Repository\conduit_CT3289075_en, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Repository\conduit_CT3289075_en\ToolbarTranslation, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\SearchInNewTab, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.SlickSavings.A, C:\Users\JimSr\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp, Quarantined, [eafcfe1a4438c670c9399e6b729147b9],PUP.Optional.Conduit.A, C:\Users\JimSr\AppData\Local\TB\APISupport, Quarantined, [3aac45d3384488ae0e01e129a261a759],PUP.Optional.Conduit.A, C:\Users\JimSr\AppData\Local\TB\APISupport\MiniSP_1.0.2.182, Quarantined, [3aac45d3384488ae0e01e129a261a759],Files: 123PUP.Optional.Proxy.A, C:\Users\JimSr\AppData\Local\proxy.log, Quarantined, [bb2bcc4ce696a98dc43b43e8d52e01ff],PUP.Optional.Conduit, C:\Windows\System32\Tasks\BackgroundContainer Startup Task, Quarantined, [6086c2566d0fe84eef3e6a0f27ddd927],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\ldrtbuTo2.dll, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\ThirdPartyComponents.xml, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\toolbar.cfg, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\CacheIcons\http___storage_conduit_com_53_307_CT3072253_images_634514692184142958_20PX_png.png, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\CacheIcons\http___storage_conduit_com_images_main_menu_tell_a_friend_gif.gif, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\CacheIcons\http___storage_conduit_com_images_Menu_uninstall-icon_png.png, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\CacheIcons\http___storage_conduit_com_images_searchengines_search_icon_gif.gif, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\CacheIcons\http___storage_conduit_com_images_searchengines_softonic_gif.gif, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\CacheIcons\http___storage_conduit_com_images_SearchEngines_video_gif.gif, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\CacheIcons\http___storage_conduit_com_53_307_CT3072253_Images_634520779497696087_png.png, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\CacheIcons\http___storage_conduit_com_images_eula_png.png, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\RoundedCornersIE9.css, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\DialogsAPI.js, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\excanvas.js, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\generalDialogStyle.css, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\PIE.htc, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\RoundedCorners.css, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\settings.js, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\version.txt, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\AddedAppDialog\app-added.js, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\AddedAppDialog\main.html, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\DefualtImages\icon.png, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\DetectedAppDialog\app-2go.js, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\DetectedAppDialog\main.html, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\EngineFirstTimeDialog\EngineFirstTimeDialog.js, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\EngineFirstTimeDialog\main.html, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\EngineFirstTimeDialog\right-click.gif, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\NewSearchProtectorDialog\main.html, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\NewSearchProtectorDialog\SearchProtector.css, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\NewSearchProtectorDialog\SearchProtector.js, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\NewSearchProtectorDialog\images\ok-button.png, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\NewSearchProtectorDialog\images\separation-line.png, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\NewSearchProtectorDialog\images\warning.png, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\SearchProtectorBubbleDialog\bubble.css, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\SearchProtectorBubbleDialog\bubble.js, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\SearchProtectorBubbleDialog\main.html, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\SearchProtectorBubbleDialog\images\information.png, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\SearchProtectorBubbleDialog\images\x-default-LTR.png, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\SearchProtectorBubbleDialog\images\x-default-RTL.png, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\SearchProtectorBubbleDialog\images\x-mouseover-LTR.png, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\SearchProtectorBubbleDialog\images\x-mouseover-RTL.png, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\SearchProtectorDialog\main.html, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\SearchProtectorDialog\SearchProtector.css, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\SearchProtectorDialog\SearchProtector.js, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\SearchProtectorDialog\Images\info.png, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\SearchProtectorDialog\Images\ok-on.png, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\SearchProtectorDialog\Images\ok.png, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\SearchProtectorRetakeoverDialog\main.html, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\SearchProtectorRetakeoverDialog\SearchProtectorRetakeover.css, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\SearchProtectorRetakeoverDialog\SearchProtectorRetakeover.js, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\SearchProtectorRetakeoverDialog\Images\Icon.jpg, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\SearchProtectorRetakeoverDialog\Images\Icon.png, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\SearchProtectorRetakeoverDialog\Images\info.png, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\SearchProtectorRetakeoverDialog\Images\ok-on.png, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\SearchProtectorRetakeoverDialog\Images\ok.png, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\ToolbarFirstTimeDialog\main.html, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\ToolbarFirstTimeDialog\ToolbarFirstTimeDialog.css, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\ToolbarFirstTimeDialog\ToolbarFirstTimeDialog.js, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\ToolbarFirstTimeDialog\images\app-store-icon.png, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\ToolbarFirstTimeDialog\images\arrow.png, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\ToolbarFirstTimeDialog\images\divider.png, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\ToolbarFirstTimeDialog\images\emailNotifier.gif, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\ToolbarFirstTimeDialog\images\facebook.png, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\ToolbarFirstTimeDialog\images\radio.GIF, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\ToolbarFirstTimeDialog\images\Thumbs.db, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\ToolbarFirstTimeDialog\images\truste_welcome.GIF, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\ToolbarFirstTimeDialog\images\weather.GIF, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\ToolbarUntrustedAppsApprovalDialog\main.html, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\ToolbarUntrustedAppsApprovalDialog\ToolbarUntrustedAppsApprovalDialog.js, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\UntrustedAddedAppDialog\main.html, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\UntrustedAddedAppDialog\UT-app-dialog-added.js, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\UntrustedAppApprovalDialog\main.html, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\UntrustedAppApprovalDialog\UT-app-dialog-needs-your-approval.js, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\UntrustedAppPendingDialog\main.html, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Dialogs\UntrustedAppPendingDialog\UT-app-dialog-is-waiting.js, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en&ctid=CT3289075.xml, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en&ctid=CT3289075.xml, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en&ctid=CT3289075.xml, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en&ctid=CT3289075&UM=UM_UNINSTALL_ID.xml, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en&ctid=CT3289075.xml, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\manifest.xml, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGong_16.png, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Repository\conduit_CT3289075_CT3289075\AppsMetaData\data.bck.txt, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Repository\conduit_CT3289075_CT3289075\AppsMetaData\data.txt, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Repository\conduit_CT3289075_CT3289075\DynamicDialogs\data.bck.txt, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Repository\conduit_CT3289075_CT3289075\DynamicDialogs\data.txt, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Repository\conduit_CT3289075_CT3289075\ToolbarHiddenLogin\data.bck.txt, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Repository\conduit_CT3289075_CT3289075\ToolbarHiddenLogin\data.txt, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Repository\conduit_CT3289075_CT3289075\ToolbarHiddenSettings\data.bck.txt, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Repository\conduit_CT3289075_CT3289075\ToolbarHiddenSettings\data.txt, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Repository\conduit_CT3289075_CT3289075\ToolbarLogin\data.bck.txt, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Repository\conduit_CT3289075_CT3289075\ToolbarLogin\data.txt, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Repository\conduit_CT3289075_CT3289075\ToolbarSettings\data.bck.txt, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Repository\conduit_CT3289075_CT3289075\ToolbarSettings\data.txt, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Repository\conduit_CT3289075_en\ToolbarTranslation\data.bck.txt, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\Repository\conduit_CT3289075_en\ToolbarTranslation\data.txt, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.UTorrentControl.A, C:\Users\JimSr\AppData\LocalLow\uTorrentControl_v6\SearchInNewTab\SearchInNewTabContent.xml, Quarantined, [4e98a870403c0036c458a455c042ad53],PUP.Optional.Conduit.A, C:\Users\JimSr\AppData\Roaming\Mozilla\Firefox\Profiles\66wtze36.default\prefs.js, Good: (), Bad: (user_pref("CT3289075.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"http://search.conduit.com/?gd=&ctid=CT3289075&octid=CT3289075&ISID=ISID_ID&SearchSource=15&CUI=UN28802607355421254&Lay=1&UM=2\"}"), Replaced,[3caa81970d6f7db96089ce938a7b29d7] Physical Sectors: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
Maniac Posted October 26, 2014 ID:896490 Share Posted October 26, 2014 PUP.Optional.UTorrentControl.A is part of uTorrent installation process. You miss to uncheck it during the installation process. Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.fixlist.txt Link to post Share on other sites More sharing options...
jimeee Posted October 26, 2014 Author ID:896590 Share Posted October 26, 2014 Borislav here is the fixlog.txt file. Thank you again for all of your help.Jim=== Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-10-2014Ran by JimSr at 2014-10-26 08:27:53 Run:1Running from C:\Users\JimSr\LaptopLoaded Profile: JimSr (Available profiles: JimSr & Guest)Boot Mode: Normal==============================================Content of fixlist:*****************StartFF DefaultSearchEngine: AOL SearchFF SearchEngineOrder.7: AskJeevesCHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3289847&SearchSource=48&CUI=UN10509465478422378&UM=2&UP=SP37D93716-1209-468E-826A-A9738E35D631&SSPV=CHR DefaultSearchKeyword: Default -> conduit.searchCHR DefaultSearchURL: Default -> http://search.condui...38E35D631&SSPV=CHR DefaultSuggestURL: Default -> http://suggest.searc...x={searchTerms}Task: {C92A676A-C84C-4D98-BDF3-D79C2A4C5514} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe <==== ATTENTIONEnd*****************Firefox DefaultSearchEngine deleted successfully.Firefox SearchEngineOrder.7 deleted successfully.Chrome HomePage deleted successfully.Chrome DefaultSearchKeyword deleted successfully.Chrome DefaultSearchURL deleted successfully.Chrome DefaultSuggestURL deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C92A676A-C84C-4D98-BDF3-D79C2A4C5514}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C92A676A-C84C-4D98-BDF3-D79C2A4C5514}" => Key deleted successfully.C:\Windows\System32\Tasks\pcreg => Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pcreg" => Key deleted successfully.==== End of Fixlog ==== Link to post Share on other sites More sharing options...
Maniac Posted October 26, 2014 ID:896593 Share Posted October 26, 2014 Last scan: Please scan your machine with ESET OnlineScanHold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScanClick the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your Desktop.Double click on the to download the ESET Smart Installer. icon on your Desktop.Check "YES, I accept the Terms of Use."Click the Start button.Accept any security warnings from your browser.Under Scan Settings, check "Scan Archives" and "Remove found threats" Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technologyESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, click List ThreatsClick Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.Click the Back button.Click the Finish button. Link to post Share on other sites More sharing options...
jimeee Posted October 26, 2014 Author ID:896706 Share Posted October 26, 2014 Here is the Eset scan log: C:\AdwCleaner\Quarantine\C\windows\System32\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application deleted - quarantined Link to post Share on other sites More sharing options...
Maniac Posted October 26, 2014 ID:896734 Share Posted October 26, 2014 Awesome! How are things there now? Link to post Share on other sites More sharing options...
jimeee Posted October 26, 2014 Author ID:896778 Share Posted October 26, 2014 Borislav I think things are working pretty good. As I said in the beginning I thought my laptop was working pretty good, except for a few extra popups but when I tried to use MBAM for a weekly scan it would never update but you fixed that a little bit ago. I will watch things closely to see how it goes. I am usually very careful when installing stuff but I must been anxious and let something slip in. I enjoyed our conversations but I will look forward in not having to talk to you again for a while, at least not for computer problems anyway...haha... Thank you so much for your help my friend and have a great day there in Bulgaria. It has been good to have your help and you do great and thorough work and your explanations were very good for this 83 year olddawg. Jim=== Link to post Share on other sites More sharing options...
Maniac Posted October 27, 2014 ID:896846 Share Posted October 27, 2014 Thank you so much for your kind words, Jim! I'm enjoying too, but there a lot of better topics we could discuss. If you need further help, just let me know. Here some last steps for you: Step 1Download OTL to your desktop and run it.Click on CleanUp button.You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.Step 2 Please uninstall ESET Online Scanner . Step 3 Malware prevention tips: https://forums.malwarebytes.org/index.php?/topic/81386-so-how-did-i-get-infected-in-the-first-place/ Safe surfing! Link to post Share on other sites More sharing options...
jimeee Posted October 27, 2014 Author ID:897181 Share Posted October 27, 2014 Borislav I ran OTL cleanup and also read the malware prevention tips. i will be looking into making some changes due to what I read there. i use Eset Online Scan every few week so is there some special reason I should uninstall it? It has been a pleasure working with you and many thanks my friend. Jim=== Link to post Share on other sites More sharing options...
jimeee Posted October 28, 2014 Author ID:897473 Share Posted October 28, 2014 Since I thought we were all through I decided to run AdwCleaner and darned if it didn't find some of the "Conduit" stuff again. I wonder if there is something that is hdden somehow that starts this Conduit stuff up again? Here is the log from the just ran AdwCleaner: I went to get the file to copy and now I can't find it. I will run AdwClleaner again in a day or two and post it here if there is anymore of the "Conduit" stuff there. Jim=== Link to post Share on other sites More sharing options...
jimeee Posted October 28, 2014 Author ID:897482 Share Posted October 28, 2014 Borislav please excuse me. I ran AdwCleaner on my desktop computer and not here. These are the kind of things that happen when is 82 years old...haha... Sorry for my mistake. Jim=== Link to post Share on other sites More sharing options...
Maniac Posted October 28, 2014 ID:898000 Share Posted October 28, 2014 It is okay, Jim! No special reason for EOS, you are free to keep it. All the best! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 3, 2015 Root Admin ID:925698 Share Posted January 3, 2015 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts