Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

PC running VERY slowly. Please help? [Solved]


  • This topic is locked This topic is locked
14 replies to this topic

#1 nomarfachix

nomarfachix

    New Member

  • Authentic Member
  • Pip
  • 8 posts

Posted 09 July 2014 - 11:52 AM

Hey friends,

 

My PC has been running extremely slowly recently. Chrome with multiple tabs open will slow things down to a crawl, videos chop and refuse to run smoothly, sometimes after pressing pause will play very fast to catch back up to where the video should be at. Just in general performing WAY under what I'm used to. I'm not sure if it's a virus/malware problem or more of a hardware issue, but I wanted to check here first to make sure everything was in working order before checking in under the hood.

 

I'll attach my HJT below. Thanks in advance for any help you're able to give me! Your time is truly appreciated.

______________________________________________________________________________

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 1:50:58 PM, on 7/9/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)
CHROME: 35.0.1916.153
FIREFOX: 29.0 (en-US)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\vVX3000.exe
C:\Users\Kyle\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\MSI\MSI Q-Face\WebTest.exe
C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Users\Kyle\AppData\Roaming\Spotify\Spotify.exe
C:\Users\Kyle\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Kyle\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Kyle\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Kyle\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Kyle\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Kyle\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Kyle\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kyle\Downloads\wowzers addzies\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9000/application.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;192.168.*.*
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Splashtop Connect VisualBookmark - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll
O2 - BHO: (no name) - {1036AD63-AEAC-460B-9060-C96005D4DC86} - (no file)
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\StartSuperCharger.exe
O4 - HKLM\..\Run: [Q-Face agent] C:\Program Files (x86)\MSI\MSI Q-Face\webtest.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [STCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe"
O4 - HKLM\..\Run: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DriverFinder] C:\Program Files (x86)\DriverFinder\DriverFinder.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Kyle\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Kyle\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [OutfoxTV] C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_4D99E0C0654F17BEAD4FE562E57A92D1] "C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = Kyle\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {4F9FD89A-24F0-4fb7-9635-D54B3593B85B} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O9 - Extra 'Tools' menuitem: @"C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCHelper.exe",-101 - {4F9FD89A-24F0-4fb7-9635-D54B3593B85B} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O9 - Extra button: @"C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCHelper.exe",-103 - {9E508DD9-844C-4985-AC11-AFE5DD71E0BF} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O9 - Extra button: (no name) - {B771147A-4CC8-450e-8AB1-7D47821751B1} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O9 - Extra 'Tools' menuitem: @"C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCHelper.exe",-102 - {B771147A-4CC8-450e-8AB1-7D47821751B1} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O9 - Extra button: @"C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCHelper.exe",-104 - {EB89B163-2474-4734-9E93-68B61BC5BED5} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - 
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs:  
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: DeviceMonitorService - Nero AG - C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: OutfoxTvService - Unknown owner - C:\Program Files\OutfoxTV\OutfoxTvService.exe (file missing)
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - PowerUp Software, LLC - C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Splashtop Connect Service (SCBackService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Intel® Turbo Boost Technology Monitor (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Splashtop Connect IE Software Updater Service (WCUService_STC_IE) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 17417 bytes
 

    Advertisements

Register to Remove


#2 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 09 July 2014 - 03:07 PM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
 
 
 Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).


Proud Member of UNITE & TB
 

#3 nomarfachix

nomarfachix

    New Member

  • Authentic Member
  • Pip
  • 8 posts

Posted 09 July 2014 - 03:30 PM

Hi Marius,

Thanks for your response and help. I am out of the house for a little while, but I will get started on this when I get home tonight and get back to you as soon as possible.

#4 nomarfachix

nomarfachix

    New Member

  • Authentic Member
  • Pip
  • 8 posts

Posted 09 July 2014 - 11:23 PM

Hi Marius,

 

Here are the logs that you asked for. Please let me know if there are any issues with the logs!

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-07-2014
Ran by Kyle (administrator) on KYLE-PC on 09-07-2014 23:55:45
Running from C:\Users\Kyle\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Uniblue Systems Ltd) C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Windows\vVX3000.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Spotify Ltd) C:\Users\Kyle\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Google Inc.) C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(MSI) C:\Program Files (x86)\MSI\MSI Q-Face\WebTest.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Dropbox, Inc.) C:\Users\Kyle\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [Launch LgDeviceAgent] => C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [415752 2009-08-13] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4195848 2009-08-13] (Logitech Inc.)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2328944 2011-01-07] (Microsoft Corporation)
HKLM\...\Run: [VX3000] => C:\Windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7466600 2011-09-09] (Realtek Semiconductor)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1279480 2014-05-29] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-29] (NVIDIA Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\StartSuperCharger.exe
HKLM-x32\...\Run: [Q-Face agent] => C:\Program Files (x86)\MSI\MSI Q-Face\webtest.exe [20792 2008-12-15] (MSI)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [STCAgent] => C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe [776064 2011-01-21] (Splashtop Inc.)
HKLM-x32\...\Run: [ZyngaGamesAgent] => C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe [841544 2010-11-15] (Splashtop Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-10] (DivX, LLC)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-28] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3254388945-2645656317-1035836634-1000\...\Run: [DriverFinder] => C:\Program Files (x86)\DriverFinder\DriverFinder.exe [7147720 2010-12-26] ()
HKU\S-1-5-21-3254388945-2645656317-1035836634-1000\...\Run: [ctfmon.exe] => C:\WINDOWS\system32\ctfmon.exe [9728 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3254388945-2645656317-1035836634-1000\...\Run: [Google Update] => C:\Users\Kyle\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-11-07] (Google Inc.)
HKU\S-1-5-21-3254388945-2645656317-1035836634-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-3254388945-2645656317-1035836634-1000\...\Run: [Spotify Web Helper] => C:\Users\Kyle\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-06-26] (Spotify Ltd)
HKU\S-1-5-21-3254388945-2645656317-1035836634-1000\...\Run: [OutfoxTV] => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
HKU\S-1-5-21-3254388945-2645656317-1035836634-1000\...\Run: [GoogleChromeAutoLaunch_4D99E0C0654F17BEAD4FE562E57A92D1] => C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)
HKU\S-1-5-21-3254388945-2645656317-1035836634-1000\...\MountPoints2: {52151fe0-367f-11e1-8439-6c626de68e4d} - E:\setup.exe -a
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x64020C29CCE9CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = about:splashtopconnect
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
SearchScopes: HKLM-x32 - DefaultScope {7F74F53F-13E1-48A4-8193-27196A53E6DA} URL = 
SearchScopes: HKLM-x32 - {63140ECF-C629-BE59-8F0E-90B4FF340C03} URL = http://startsear.ch/...q={searchTerms}
SearchScopes: HKCU - DefaultScope {7F74F53F-13E1-48A4-8193-27196A53E6DA} URL = http://search.condui...8122101411&UM=2
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...=SPLEP1&pc=SPLH
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylo...0006c626de68e4d
SearchScopes: HKCU - {239DF4C9-3A89-4108-A765-FF9E53E8D701} URL = http://www.bing.com/...eferrer:source}
SearchScopes: HKCU - {63140ECF-C629-BE59-8F0E-90B4FF340C03} URL = http://startsear.ch/...q={searchTerms}
SearchScopes: HKCU - {7F74F53F-13E1-48A4-8193-27196A53E6DA} URL = http://search.condui...8122101411&UM=2
SearchScopes: HKCU - {D480033E-4782-4648-A8B9-1A3DC9767597} URL = http://search.yahoo....vm&type=PROTOSV
SearchScopes: HKCU - {D4A7C004-F6BF-4c98-BBC9-E34A029CACE3} URL = http://www.google.co...q={searchTerms}
BHO: Privacy Safeguard BHO - {1036AD63-AEAC-460B-9060-C96005D4DC86} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll No File
BHO: Plus-HD-2.2 - {11111111-1111-1111-1111-110311301136} - C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-bho64.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
BHO-x32: Splashtop Connect VisualBookmark - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (Splashtop Inc.)
BHO-x32: No Name - {1036AD63-AEAC-460B-9060-C96005D4DC86} -  No File
BHO-x32: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF ProfilePath: C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default
FF NewTab: hxxp://search.conduit.com/?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SPA37D53BD-430B-42BE-8381-ACCD7DF621C2
FF DefaultSearchEngine: Conduit Search
FF SelectedSearchEngine: Conduit Search
FF Homepage: hxxp://search.conduit.com/?ctid=CT3313053&CUI=UN11272201652563937&UM=2&SearchSource=13&UP=SPA37D53BD-430B-42BE-8381-ACCD7DF621C2&SSPV=
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3313053&SearchSource=2&CUI=UN11272201652563937&UM=2&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @comrade.gamespy.com/comrade - C:\Program Files (x86)\GameSpy\Comrade\npcomrade.dll (IGN Entertainment)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @viewpoint.com/VMP - C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Kyle\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Kyle\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Kyle\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdnu.dll (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdnupdater2.dll (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npuuseep.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll (LiveVDO )
FF SearchPlugin: C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\searchplugins\conduit.xml
FF Extension: Plus-HD-2.2 - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com [2014-02-15]
FF Extension: KeyBar 2.5  - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\Extensions\{92ed4bbd-83f2-4c70-bb4e-f8d3716143fe} [2014-02-15]
FF Extension: FreeHDSport TV 3 - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\Extensions\fhdp3@freehdsp.tv.xpi [2013-06-30]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2012-04-05]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-05-19]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-06-19]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-01]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-07-16]
 
Chrome: 
=======
CHR HomePage: hxxp://google.com/
CHR StartupUrls: "hxxp://google.com/"
CHR Plugin: (Shockwave Flash) - C:\Users\Kyle\AppData\Local\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Kyle\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Kyle\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (LiveVDO plug-in) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp\1.3_0\chvsharetvplg.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (downloadUpdater) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll (AOL LLC)
CHR Plugin: (downloadUpdater2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll (AOL LLC)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (npruntime scriptable example plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\npuuseep.dll ( )
CHR Plugin: (LiveVDO plug-in) - C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll (LiveVDO )
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U37) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Veetle TV Player) - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Bookmark Favicon Changer) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\acmfnomgphggonodopogfbmkneepfgnh [2014-06-27]
CHR Extension: (Google Drive) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-16]
CHR Extension: (Google Search) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-16]
CHR Extension: (Search by Image (by Google)) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2012-12-12]
CHR Extension: (AdBlock) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-11-16]
CHR Extension: (Hola Better Internet) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2013-11-12]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-03-31]
CHR Extension: (Ubuntu light-themes scrollbars) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikdfeaeaecoffpjoodiihgejnbfigln [2014-01-18]
CHR Extension: (Ghostery) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2012-12-12]
CHR Extension: (Google Wallet) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (FantasyLink) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pghfoglbgdeknkjcmilhkidfdkgenfdi [2014-03-31]
CHR Extension: (Gmail) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-16]
CHR Extension: (Extutil) - C:\Users\Kyle\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-03-24]
CHR Extension: (Managera) - C:\Users\Kyle\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-03-24]
CHR HKLM\...\Chrome\Extension: [geggofhlfbcmanadhknllmlajiafopoh] - C:\Program Files\PrivacySafeGuard\pschrome_adk-cb_1_1.crx [2012-07-21]
CHR HKCU\...\Chrome\Extension: [oblkmgkfjnmlkemjgheoidmmfncckcej] - C:\Users\Kyle\AppData\Local\CRE\oblkmgkfjnmlkemjgheoidmmfncckcej.crx [2013-08-29]
CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Users\Kyle\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx [2012-06-27]
CHR HKLM-x32\...\Chrome\Extension: [geggofhlfbcmanadhknllmlajiafopoh] - C:\Program Files\PrivacySafeGuard\pschrome_adk-cb_1_1.crx [2012-07-21]
CHR HKLM-x32\...\Chrome\Extension: [hpilclpacieflhmobalmaccogiioldoo] - C:\ProgramData\Codecv\hpilclpacieflhmobalmaccogiioldoo.crx [2012-04-05]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [oblkmgkfjnmlkemjgheoidmmfncckcej] - C:\Users\Kyle\AppData\Local\CRE\oblkmgkfjnmlkemjgheoidmmfncckcej.crx [2013-08-29]
CHR HKLM-x32\...\Chrome\Extension: [pbiamblgmkgbcgbcgejjgebalncpmhnp] - C:\Program Files (x86)\StartSearch plugin\vshareplg.crx [2011-10-27]
CHR StartMenuInternet: Google Chrome - C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-07-16] () [File not signed]
S3 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2014-01-21] (BioWare)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-29] (NVIDIA Corporation)
S2 PinnacleUpdateSvc; C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe [430080 2011-05-09] (PowerUp Software, LLC) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2013-01-01] ()
R2 SCBackService; C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe [477000 2010-11-15] (Splashtop Inc.)
S2 OutfoxTvService; C:\Program Files\OutfoxTV\OutfoxTvService.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R3 MSILiveVirtualCamera; C:\Windows\System32\DRIVERS\MSILiveVirtualCamera.sys [456192 2007-01-29] (MSI Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-29] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
U5 Point64; C:\Windows\System32\Drivers\Point64.sys [45408 2011-01-07] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 RivaTuner64; C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [19952 2012-07-21] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-05-21] ()
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254464 2012-01-28] (Jungo)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 MSI_MSIBIOS_010507; \??\C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [X]
S3 NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [X]
S3 X6va005; \??\C:\Users\Kyle\AppData\Local\Temp\005821E.tmp [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-09 23:55 - 2014-07-09 23:56 - 00034069 _____ () C:\Users\Kyle\Desktop\FRST.txt
2014-07-09 23:55 - 2014-07-09 23:55 - 00000000 ____D () C:\FRST
2014-07-09 23:54 - 2014-07-09 23:54 - 02084352 _____ (Farbar) C:\Users\Kyle\Desktop\FRST64.exe
2014-07-09 14:09 - 2014-07-09 14:09 - 00000000 ____D () C:\NVIDIA Corporation
2014-07-09 13:36 - 2014-07-09 13:37 - 00388608 _____ (Trend Micro Inc.) C:\Users\Kyle\Desktop\HijackThis.exe
2014-07-09 05:23 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 05:23 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 05:23 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 05:23 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 05:23 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 05:23 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 05:23 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 05:23 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 05:23 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 05:23 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 05:23 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 05:23 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 05:23 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 05:23 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 05:23 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 05:23 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 05:23 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 05:23 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 05:23 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 05:23 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 05:23 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 05:23 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 05:19 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 05:19 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 05:19 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 05:19 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 05:19 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 05:19 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 05:19 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 05:19 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 05:19 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 05:19 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 05:19 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 05:19 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 05:19 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 05:19 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 05:19 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 05:19 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 05:19 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 05:19 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 05:19 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 05:19 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 05:19 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 05:19 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 05:19 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 05:19 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 05:19 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 05:19 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 05:19 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 05:19 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 05:19 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 05:19 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 05:19 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 05:19 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 05:19 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 05:19 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 05:19 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 05:19 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 05:19 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 05:19 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 05:19 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 05:19 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 05:19 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 05:19 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 05:19 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 05:19 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 05:19 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 05:19 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 05:19 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 05:19 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 05:19 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 05:19 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 05:19 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 05:19 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 05:19 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 05:19 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 05:19 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 05:19 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 05:17 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 05:17 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 05:17 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-08 20:16 - 2014-07-08 20:41 - 00000291 _____ () C:\Users\Kyle\Desktop\fantasy questions.txt
2014-07-03 15:05 - 2014-07-03 15:05 - 00000257 _____ () C:\Users\Kyle\Documents\mock 1.txt
2014-07-02 00:05 - 2014-07-02 00:05 - 00000234 _____ () C:\Users\Kyle\Documents\results thus far.txt
2014-06-28 18:32 - 2014-06-28 18:32 - 00000749 _____ () C:\Users\Kyle\Documents\STAT UPDATES.txt
2014-06-28 01:40 - 2014-06-28 01:40 - 00000164 _____ () C:\Users\Kyle\Documents\world cup teams.txt
2014-06-27 19:37 - 2014-06-27 19:37 - 00000408 _____ () C:\Users\Kyle\AppData\Roaming\CamShapes.ini
2014-06-27 19:37 - 2014-06-27 19:37 - 00000408 _____ () C:\Users\Kyle\AppData\Roaming\CamLayout.ini
2014-06-27 19:37 - 2014-06-27 19:37 - 00000124 _____ () C:\Users\Kyle\AppData\Roaming\Camdata.ini
2014-06-27 19:28 - 2014-06-27 19:28 - 00064203 _____ () C:\Users\Kyle\Documents\old stats.txt
2014-06-27 17:55 - 2014-07-09 15:43 - 00000000 ____D () C:\Users\Kyle\Documents\My CamStudio Temp Files
2014-06-27 17:54 - 2014-06-27 17:54 - 00001206 _____ () C:\Users\Kyle\AppData\Roaming\CamStudio.Producer.ini
2014-06-27 17:54 - 2014-06-27 17:54 - 00000000 _____ () C:\Users\Kyle\AppData\Roaming\CamStudio.Producer.Data.ini
2014-06-27 17:51 - 2014-06-27 19:37 - 00004534 _____ () C:\Users\Kyle\AppData\Roaming\CamStudio.cfg
2014-06-27 17:50 - 2014-06-27 17:50 - 00000000 ____D () C:\ProgramData\374311380
2014-06-27 17:29 - 2014-06-27 17:29 - 00000000 ____D () C:\Users\Kyle\Documents\Optimizer Pro
2014-06-27 17:24 - 2014-06-27 17:54 - 00000096 _____ () C:\Users\Kyle\AppData\Roaming\version2.xml
2014-06-27 17:23 - 2014-06-27 17:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio 2.7
2014-06-27 17:23 - 2014-06-27 17:23 - 00000000 ____D () C:\Program Files\CamStudio 2.7
2014-06-21 23:48 - 2014-07-09 16:42 - 00000000 ___RD () C:\Users\Kyle\Dropbox
2014-06-21 23:48 - 2014-06-21 23:48 - 00001037 _____ () C:\Users\Kyle\Documents\Dropbox.lnk
2014-06-21 23:47 - 2014-07-09 16:41 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\DropboxMaster
2014-06-21 23:47 - 2014-06-21 23:47 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-06-21 23:44 - 2014-07-09 16:41 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\Dropbox
2014-06-21 20:48 - 2014-06-12 20:19 - 00609056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-06-21 20:25 - 2014-06-12 22:59 - 01890264 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434043.dll
2014-06-21 20:25 - 2014-06-12 22:59 - 01542088 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434043.dll
2014-06-21 20:25 - 2014-06-12 22:59 - 00026353 _____ () C:\Windows\system32\nvinfo.pb
2014-06-21 20:25 - 2014-06-12 22:48 - 13911928 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-06-21 20:25 - 2014-06-12 22:48 - 13824408 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-06-21 20:25 - 2014-06-12 22:48 - 11272544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-06-21 20:25 - 2014-06-12 22:48 - 11211224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-06-21 20:25 - 2014-06-12 22:48 - 04248520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-06-21 20:25 - 2014-06-12 22:48 - 03989464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-06-21 20:25 - 2014-06-12 22:48 - 00946120 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-06-21 20:25 - 2014-06-12 22:48 - 00909256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-06-21 20:25 - 2014-06-12 22:48 - 00902616 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-06-21 20:25 - 2014-06-12 22:48 - 00869336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-06-21 20:25 - 2014-06-12 22:47 - 31512352 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-06-21 20:25 - 2014-06-12 22:47 - 24198616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-06-21 20:25 - 2014-06-12 22:47 - 17553032 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-06-21 20:25 - 2014-06-12 22:47 - 16122344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-06-21 20:25 - 2014-06-12 22:47 - 12860888 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-06-21 20:25 - 2014-06-12 22:46 - 22994392 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-06-21 20:25 - 2014-06-12 22:46 - 15294296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-06-21 20:25 - 2014-06-12 22:46 - 00846832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-06-21 20:25 - 2014-06-12 22:46 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-06-21 20:25 - 2014-06-12 22:46 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-06-21 20:25 - 2014-06-12 22:46 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-06-21 20:25 - 2014-06-12 22:46 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-06-21 19:58 - 2014-05-29 19:07 - 01715176 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-06-21 19:58 - 2014-05-29 19:07 - 01291232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-06-21 19:58 - 2014-03-31 12:42 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-06-21 19:58 - 2014-03-31 12:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-06-21 19:48 - 2014-06-21 19:48 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\Oracle
2014-06-21 19:48 - 2014-05-07 15:03 - 00880040 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2014-06-21 19:48 - 2014-05-07 15:03 - 00802728 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2014-06-21 19:47 - 2014-05-07 15:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-21 19:47 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-21 19:47 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-21 19:47 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-21 19:46 - 2014-06-21 19:47 - 00004430 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-06-20 17:10 - 2014-06-20 17:10 - 00000526 _____ () C:\Users\Kyle\Documents\stats sim 8.txt
2014-06-18 01:47 - 2014-06-18 10:44 - 00002691 _____ () C:\Users\Kyle\Documents\stats i guess.txt
2014-06-11 22:01 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 22:01 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 22:01 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 22:01 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 22:01 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 22:01 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 22:01 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 22:01 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 22:01 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 22:01 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 22:01 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 22:01 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-09 20:22 - 2014-07-09 23:06 - 00000372 _____ () C:\Windows\Tasks\WpsNotifyTask_Kyle.job
2014-06-09 20:22 - 2014-07-09 23:03 - 00000372 _____ () C:\Windows\Tasks\WpsUpdateTask_Kyle.job
2014-06-09 20:22 - 2014-06-09 20:23 - 00000000 ____D () C:\Users\Kyle\AppData\Local\Kingsoft
2014-06-09 20:22 - 2014-06-09 20:22 - 00003354 _____ () C:\Windows\System32\Tasks\WpsUpdateTask_Kyle
2014-06-09 20:22 - 2014-06-09 20:22 - 00003354 _____ () C:\Windows\System32\Tasks\WpsNotifyTask_Kyle
2014-06-09 20:22 - 2014-06-09 20:22 - 00001408 _____ () C:\Users\Kyle\Documents\Kingsoft Writer.lnk
2014-06-09 20:22 - 2014-06-09 20:22 - 00001406 _____ () C:\Users\Kyle\Documents\Kingsoft Presentation.lnk
2014-06-09 20:22 - 2014-06-09 20:22 - 00001387 _____ () C:\Users\Kyle\Documents\Kingsoft Spreadsheets.lnk
2014-06-09 20:21 - 2014-06-09 20:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingsoft Office
2014-06-09 20:21 - 2014-06-09 20:21 - 00000000 ____D () C:\ProgramData\Kingsoft
2014-06-09 20:20 - 2014-06-09 20:20 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\Kingsoft
2014-06-09 20:20 - 2014-06-09 20:20 - 00000000 ____D () C:\Program Files (x86)\Kingsoft
2014-06-09 02:22 - 2014-06-09 02:22 - 00000217 _____ () C:\Users\Kyle\Documents\lineup ideas.txt
 
==================== One Month Modified Files and Folders =======
 
2015-07-24 22:24 - 2012-07-21 00:57 - 00000000 ____D () C:\Users\Kyle\Downloads\Guru3D.com
2014-07-09 23:56 - 2014-07-09 23:55 - 00034069 _____ () C:\Users\Kyle\Desktop\FRST.txt
2014-07-09 23:55 - 2014-07-09 23:55 - 00000000 ____D () C:\FRST
2014-07-09 23:54 - 2014-07-09 23:54 - 02084352 _____ (Farbar) C:\Users\Kyle\Desktop\FRST64.exe
2014-07-09 23:54 - 2013-10-18 01:31 - 00000000 ____D () C:\Users\Kyle\Downloads\wowzers addzies
2014-07-09 23:26 - 2011-03-27 23:41 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-09 23:15 - 2011-11-07 22:55 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3254388945-2645656317-1035836634-1000UA.job
2014-07-09 23:06 - 2014-06-09 20:22 - 00000372 _____ () C:\Windows\Tasks\WpsNotifyTask_Kyle.job
2014-07-09 23:04 - 2012-03-30 21:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-09 23:03 - 2014-06-09 20:22 - 00000372 _____ () C:\Windows\Tasks\WpsUpdateTask_Kyle.job
2014-07-09 17:43 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-07-09 16:42 - 2014-06-21 23:48 - 00000000 ___RD () C:\Users\Kyle\Dropbox
2014-07-09 16:41 - 2014-06-21 23:47 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\DropboxMaster
2014-07-09 16:41 - 2014-06-21 23:44 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\Dropbox
2014-07-09 16:26 - 2011-03-27 23:41 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-09 16:07 - 2013-01-17 01:12 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\vlc
2014-07-09 15:43 - 2014-06-27 17:55 - 00000000 ____D () C:\Users\Kyle\Documents\My CamStudio Temp Files
2014-07-09 15:43 - 2013-11-19 20:00 - 00000000 ____D () C:\Users\Kyle\Documents\faves
2014-07-09 15:43 - 2011-03-11 01:19 - 01571433 _____ () C:\Windows\WindowsUpdate.log
2014-07-09 14:18 - 2013-03-15 00:20 - 00000338 _____ () C:\Windows\Tasks\dsmonitor.job
2014-07-09 14:18 - 2012-03-24 03:22 - 00000000 ____D () C:\Temp
2014-07-09 14:18 - 2009-07-14 00:45 - 00015152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-09 14:18 - 2009-07-14 00:45 - 00015152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-09 14:12 - 2012-03-22 11:39 - 00119296 _____ () C:\Windows\SysWOW64\zlib.dll
2014-07-09 14:12 - 2011-03-11 03:01 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-09 14:12 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-09 14:12 - 2009-07-14 00:51 - 00161684 _____ () C:\Windows\setupact.log
2014-07-09 14:12 - 2009-07-14 00:45 - 00472648 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 14:10 - 2014-05-06 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-09 14:10 - 2009-07-14 03:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 14:10 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-09 14:10 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 14:09 - 2014-07-09 14:09 - 00000000 ____D () C:\NVIDIA Corporation
2014-07-09 14:09 - 2011-03-11 03:02 - 00000000 ____D () C:\NVIDIA
2014-07-09 14:07 - 2013-07-25 01:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 14:06 - 2011-08-13 00:50 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\Spotify
2014-07-09 14:02 - 2011-03-14 11:45 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 13:37 - 2014-07-09 13:36 - 00388608 _____ (Trend Micro Inc.) C:\Users\Kyle\Desktop\HijackThis.exe
2014-07-09 09:20 - 2011-08-13 00:50 - 00000000 ____D () C:\Users\Kyle\AppData\Local\Spotify
2014-07-09 02:15 - 2011-11-07 22:55 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3254388945-2645656317-1035836634-1000Core.job
2014-07-09 01:11 - 2014-04-23 01:41 - 00002162 _____ () C:\Users\Kyle\Documents\official braves 2038.txt
2014-07-08 20:41 - 2014-07-08 20:16 - 00000291 _____ () C:\Users\Kyle\Desktop\fantasy questions.txt
2014-07-08 18:04 - 2012-03-30 21:07 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 18:04 - 2012-03-30 21:07 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 18:04 - 2011-05-14 22:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-03 15:05 - 2014-07-03 15:05 - 00000257 _____ () C:\Users\Kyle\Documents\mock 1.txt
2014-07-02 00:05 - 2014-07-02 00:05 - 00000234 _____ () C:\Users\Kyle\Documents\results thus far.txt
2014-06-29 22:09 - 2014-07-09 05:23 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-29 22:04 - 2014-07-09 05:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-28 18:32 - 2014-06-28 18:32 - 00000749 _____ () C:\Users\Kyle\Documents\STAT UPDATES.txt
2014-06-28 18:03 - 2009-07-14 01:13 - 00796870 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-28 01:40 - 2014-06-28 01:40 - 00000164 _____ () C:\Users\Kyle\Documents\world cup teams.txt
2014-06-27 19:37 - 2014-06-27 19:37 - 00000408 _____ () C:\Users\Kyle\AppData\Roaming\CamShapes.ini
2014-06-27 19:37 - 2014-06-27 19:37 - 00000408 _____ () C:\Users\Kyle\AppData\Roaming\CamLayout.ini
2014-06-27 19:37 - 2014-06-27 19:37 - 00000124 _____ () C:\Users\Kyle\AppData\Roaming\Camdata.ini
2014-06-27 19:37 - 2014-06-27 17:51 - 00004534 _____ () C:\Users\Kyle\AppData\Roaming\CamStudio.cfg
2014-06-27 19:28 - 2014-06-27 19:28 - 00064203 _____ () C:\Users\Kyle\Documents\old stats.txt
2014-06-27 17:54 - 2014-06-27 17:54 - 00001206 _____ () C:\Users\Kyle\AppData\Roaming\CamStudio.Producer.ini
2014-06-27 17:54 - 2014-06-27 17:54 - 00000000 _____ () C:\Users\Kyle\AppData\Roaming\CamStudio.Producer.Data.ini
2014-06-27 17:54 - 2014-06-27 17:24 - 00000096 _____ () C:\Users\Kyle\AppData\Roaming\version2.xml
2014-06-27 17:50 - 2014-06-27 17:50 - 00000000 ____D () C:\ProgramData\374311380
2014-06-27 17:29 - 2014-06-27 17:29 - 00000000 ____D () C:\Users\Kyle\Documents\Optimizer Pro
2014-06-27 17:23 - 2014-06-27 17:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio 2.7
2014-06-27 17:23 - 2014-06-27 17:23 - 00000000 ____D () C:\Program Files\CamStudio 2.7
2014-06-21 23:48 - 2014-06-21 23:48 - 00001037 _____ () C:\Users\Kyle\Documents\Dropbox.lnk
2014-06-21 23:48 - 2011-03-11 01:19 - 00000000 ___RD () C:\Users\Kyle
2014-06-21 23:47 - 2014-06-21 23:47 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-06-21 20:49 - 2013-12-20 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-06-21 20:48 - 2011-03-11 03:00 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-06-21 20:37 - 2011-03-11 02:59 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-06-21 19:58 - 2013-12-20 19:31 - 00000000 ____D () C:\Users\Kyle\AppData\Local\NVIDIA Corporation
2014-06-21 19:58 - 2012-07-20 21:10 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-06-21 19:49 - 2011-12-31 21:23 - 00000000 ____D () C:\Program Files\Java
2014-06-21 19:48 - 2014-06-21 19:48 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\Oracle
2014-06-21 19:48 - 2011-03-20 20:27 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-21 19:47 - 2014-06-21 19:46 - 00004430 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-06-21 19:47 - 2013-12-20 19:18 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-21 02:31 - 2011-03-11 17:30 - 00699296 _____ () C:\Windows\PFRO.log
2014-06-20 17:10 - 2014-06-20 17:10 - 00000526 _____ () C:\Users\Kyle\Documents\stats sim 8.txt
2014-06-20 16:21 - 2011-03-27 23:41 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-20 16:21 - 2011-03-27 23:41 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-20 16:14 - 2014-07-09 05:19 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 15:39 - 2014-07-09 05:19 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-20 00:52 - 2011-03-12 01:16 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-18 21:39 - 2014-07-09 05:19 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-18 21:06 - 2014-07-09 05:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-18 21:06 - 2014-07-09 05:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-18 20:48 - 2014-07-09 05:19 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-18 20:42 - 2014-07-09 05:19 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-18 20:42 - 2014-07-09 05:19 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-18 20:41 - 2014-07-09 05:19 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-18 20:41 - 2014-07-09 05:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-18 20:32 - 2014-07-09 05:19 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-18 20:31 - 2014-07-09 05:19 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-18 20:26 - 2014-07-09 05:19 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-18 20:24 - 2014-07-09 05:19 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-18 20:24 - 2014-07-09 05:19 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-18 20:23 - 2014-07-09 05:19 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-18 20:16 - 2014-07-09 05:19 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-18 20:14 - 2014-07-09 05:19 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-18 20:09 - 2014-07-09 05:19 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-18 19:59 - 2014-07-09 05:19 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 19:56 - 2014-07-09 05:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-18 19:53 - 2014-07-09 05:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-18 19:51 - 2014-07-09 05:19 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-18 19:50 - 2014-07-09 05:19 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-18 19:48 - 2014-07-09 05:19 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-18 19:39 - 2014-07-09 05:19 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-18 19:38 - 2014-07-09 05:19 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-18 19:37 - 2014-07-09 05:19 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-18 19:36 - 2014-07-09 05:19 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-18 19:35 - 2014-07-09 05:19 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-06-18 19:33 - 2014-07-09 05:19 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-18 19:32 - 2014-07-09 05:19 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-18 19:28 - 2014-07-09 05:19 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-18 19:28 - 2014-07-09 05:19 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-18 19:27 - 2014-07-09 05:19 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-18 19:27 - 2014-07-09 05:19 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-18 19:25 - 2014-07-09 05:19 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-18 19:23 - 2014-07-09 05:19 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-18 19:22 - 2014-07-09 05:19 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-18 19:12 - 2014-07-09 05:19 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-18 19:06 - 2014-07-09 05:19 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-18 19:01 - 2014-07-09 05:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-18 18:59 - 2014-07-09 05:19 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-18 18:58 - 2014-07-09 05:19 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-18 18:58 - 2014-07-09 05:19 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-18 18:52 - 2014-07-09 05:19 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-18 18:51 - 2014-07-09 05:19 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-18 18:49 - 2014-07-09 05:19 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-18 18:46 - 2014-07-09 05:19 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-18 18:45 - 2014-07-09 05:19 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-18 18:35 - 2014-07-09 05:19 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-18 18:34 - 2014-07-09 05:19 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-18 18:15 - 2014-07-09 05:19 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-18 18:13 - 2014-07-09 05:19 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-18 18:09 - 2014-07-09 05:19 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-18 18:07 - 2014-07-09 05:19 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-18 10:44 - 2014-06-18 01:47 - 00002691 _____ () C:\Users\Kyle\Documents\stats i guess.txt
2014-06-17 22:18 - 2014-07-09 05:23 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-06-17 21:51 - 2014-07-09 05:23 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-06-17 21:10 - 2014-07-09 05:23 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-06-17 02:10 - 2011-11-07 22:55 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3254388945-2645656317-1035836634-1000UA
2014-06-17 02:10 - 2011-11-07 22:55 - 00003476 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3254388945-2645656317-1035836634-1000Core
2014-06-16 21:18 - 2012-06-25 23:25 - 00002362 _____ () C:\Users\Kyle\Desktop\Google Chrome.lnk
2014-06-12 22:59 - 2014-06-21 20:25 - 01890264 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434043.dll
2014-06-12 22:59 - 2014-06-21 20:25 - 01542088 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434043.dll
2014-06-12 22:59 - 2014-06-21 20:25 - 00026353 _____ () C:\Windows\system32\nvinfo.pb
2014-06-12 22:48 - 2014-06-21 20:25 - 13911928 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-06-12 22:48 - 2014-06-21 20:25 - 13824408 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-06-12 22:48 - 2014-06-21 20:25 - 11272544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-06-12 22:48 - 2014-06-21 20:25 - 11211224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-06-12 22:48 - 2014-06-21 20:25 - 04248520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-06-12 22:48 - 2014-06-21 20:25 - 03989464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-06-12 22:48 - 2014-06-21 20:25 - 00946120 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-06-12 22:48 - 2014-06-21 20:25 - 00909256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-06-12 22:48 - 2014-06-21 20:25 - 00902616 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-06-12 22:48 - 2014-06-21 20:25 - 00869336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-06-12 22:47 - 2014-06-21 20:25 - 31512352 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-06-12 22:47 - 2014-06-21 20:25 - 24198616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-06-12 22:47 - 2014-06-21 20:25 - 17553032 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-06-12 22:47 - 2014-06-21 20:25 - 16122344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-06-12 22:47 - 2014-06-21 20:25 - 12860888 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-06-12 22:47 - 2012-02-23 20:12 - 18625768 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-06-12 22:47 - 2012-02-23 20:12 - 14497528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-06-12 22:46 - 2014-06-21 20:25 - 22994392 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-06-12 22:46 - 2014-06-21 20:25 - 15294296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-06-12 22:46 - 2014-06-21 20:25 - 00846832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-06-12 22:46 - 2014-06-21 20:25 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-06-12 22:46 - 2014-06-21 20:25 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-06-12 22:46 - 2014-06-21 20:25 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-06-12 22:46 - 2014-06-21 20:25 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-06-12 22:46 - 2012-10-01 19:32 - 02814120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-06-12 22:46 - 2012-02-23 20:12 - 00965312 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-06-12 22:45 - 2012-02-23 20:12 - 03196304 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-06-12 22:11 - 2012-07-20 21:10 - 06783960 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-06-12 22:11 - 2012-07-20 21:10 - 03523360 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-06-12 22:11 - 2012-07-20 21:10 - 00933208 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-06-12 22:11 - 2012-07-20 21:10 - 00387528 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-06-12 22:11 - 2012-07-20 21:10 - 00062808 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-06-12 20:19 - 2014-06-21 20:48 - 00609056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-06-09 20:28 - 2011-03-11 02:09 - 00118528 _____ () C:\Users\Kyle\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-09 20:23 - 2014-06-09 20:22 - 00000000 ____D () C:\Users\Kyle\AppData\Local\Kingsoft
2014-06-09 20:22 - 2014-06-09 20:22 - 00003354 _____ () C:\Windows\System32\Tasks\WpsUpdateTask_Kyle
2014-06-09 20:22 - 2014-06-09 20:22 - 00003354 _____ () C:\Windows\System32\Tasks\WpsNotifyTask_Kyle
2014-06-09 20:22 - 2014-06-09 20:22 - 00001408 _____ () C:\Users\Kyle\Documents\Kingsoft Writer.lnk
2014-06-09 20:22 - 2014-06-09 20:22 - 00001406 _____ () C:\Users\Kyle\Documents\Kingsoft Presentation.lnk
2014-06-09 20:22 - 2014-06-09 20:22 - 00001387 _____ () C:\Users\Kyle\Documents\Kingsoft Spreadsheets.lnk
2014-06-09 20:22 - 2009-07-14 03:45 - 00000000 ____D () C:\Windows\ShellNew
2014-06-09 20:21 - 2014-06-09 20:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingsoft Office
2014-06-09 20:21 - 2014-06-09 20:21 - 00000000 ____D () C:\ProgramData\Kingsoft
2014-06-09 20:20 - 2014-06-09 20:20 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\Kingsoft
2014-06-09 20:20 - 2014-06-09 20:20 - 00000000 ____D () C:\Program Files (x86)\Kingsoft
2014-06-09 02:22 - 2014-06-09 02:22 - 00000217 _____ () C:\Users\Kyle\Documents\lineup ideas.txt
 
Files to move or delete:
====================
C:\ProgramData\hash.dat
 
 
Some content of TEMP:
====================
C:\Users\Kyle\AppData\Local\Temp\6_Offer_14.exe
C:\Users\Kyle\AppData\Local\Temp\7za.exe
C:\Users\Kyle\AppData\Local\Temp\AMPing.exe
C:\Users\Kyle\AppData\Local\Temp\BackupSetup.exe
C:\Users\Kyle\AppData\Local\Temp\CloudBackup3509.exe
C:\Users\Kyle\AppData\Local\Temp\contentDATs.exe
C:\Users\Kyle\AppData\Local\Temp\DivXSetup.exe
C:\Users\Kyle\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\Kyle\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8nsgsm.dll
C:\Users\Kyle\AppData\Local\Temp\DWPUpgradeInstaller.exe
C:\Users\Kyle\AppData\Local\Temp\InstallManager_BAB_BAB.exe
C:\Users\Kyle\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Kyle\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Kyle\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Kyle\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Kyle\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Kyle\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Kyle\AppData\Local\Temp\mssinstaller.exe
C:\Users\Kyle\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Kyle\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Kyle\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\Kyle\AppData\Local\Temp\nvStereoApiI64.dll
C:\Users\Kyle\AppData\Local\Temp\nvStInst.exe
C:\Users\Kyle\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Kyle\AppData\Local\Temp\optprosetup.exe
C:\Users\Kyle\AppData\Local\Temp\pdfcsetup.exe
C:\Users\Kyle\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_32.exe
C:\Users\Kyle\AppData\Local\Temp\rootsupd.exe
C:\Users\Kyle\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Kyle\AppData\Local\Temp\Setup.exe
C:\Users\Kyle\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Kyle\AppData\Local\Temp\sqlite3.exe
C:\Users\Kyle\AppData\Local\Temp\tbKeyB.dll
C:\Users\Kyle\AppData\Local\Temp\vlc-2.0.2-win32.exe
C:\Users\Kyle\AppData\Local\Temp\vlc-2.0.4-win32.exe
C:\Users\Kyle\AppData\Local\Temp\vlc-2.0.5-win32.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-08 00:21
 
==================== End Of Log ============================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-07-2014
Ran by Kyle at 2014-07-09 23:57:22
Running from C:\Users\Kyle\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
3DMark Vantage (HKLM-x32\...\{C40C3C3D-97CF-44B5-836C-766E374464B3}) (Version: 1.1.0 - Futuremark Corporation)
AC3Filter 1.62b (HKLM-x32\...\AC3Filter_is1) (Version: 1.62b - Alexander Vigovsky)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
AIM 7 (HKLM-x32\...\AIM_7) (Version:  - )
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.14 - Google Inc.)
AOL Instant Messenger (HKLM-x32\...\AOL Instant Messenger) (Version:  - )
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2007842030.48.56.39849330 - Audible, Inc.)
AudioGenie (HKLM-x32\...\AudioGenie_is1) (Version:  - msi, Inc.)
Babylon toolbar on IE (HKLM-x32\...\BabylonToolbar) (Version:  - ) <==== ATTENTION
BabylonObjectInstaller (HKLM-x32\...\{83AA2913-C123-4146-85BD-AD8F93971D39}) (Version: 2.0.0.3 - Babylon Ltd) <==== ATTENTION
Baseball Mogul 2006 (HKLM-x32\...\{59F92CC5-FAEC-47BF-926F-2C79A7B086D7}) (Version: 8.5.3.0 - Sports Mogul Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version:  - )
BioShock 2 (x32 Version: 1.0.0005.131 - Take-Two Interactive Software) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
ControlCenter (HKLM-x32\...\ControlCenter_is1) (Version:  - MSI CO.,LTD.)
CPUID CPU-Z 1.60.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CPUID HWMonitor 1.19 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
CSVed 2.2.3 (HKLM-x32\...\CSVed_is1) (Version: 2.2.3 - Sam Francke)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Darkest Hour Server (HKLM-x32\...\Steam App 1290) (Version:  - )
DarksidersInstaller (HKLM-x32\...\{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}) (Version: 1.00.1000 - THQ)
DayZ Commander (HKLM-x32\...\{0B74EC0B-2A85-4542-A167-3DE2132E7DAA}) (Version: 0.92.85 - Dotjosh Studios)
Dead Space (HKLM-x32\...\Steam App 17470) (Version:  - EA Redwood Shores)
DealCabby (HKLM-x32\...\DealCabby) (Version: 1.0703.0126 - DealCabby)
Deus Ex: Game of the Year Edition (HKLM-x32\...\Steam App 6910) (Version:  - Eidos)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Diablo III Beta (HKLM-x32\...\Diablo III Beta) (Version:  - Blizzard Entertainment)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.87 - DivX, LLC)
Download Updater (AOL LLC) (HKLM-x32\...\SoftwareUpdUtility) (Version:  - ) <==== ATTENTION
DraftDominator Version 13.0a (HKLM-x32\...\DraftDominator_is1) (Version:  - )
Dragon Age: Origins - Ultimate Edition (HKLM-x32\...\Steam App 47810) (Version:  - BioWare)
Driver Mender (HKLM-x32\...\{FB1AC1F1-8F47-4DCE-A1ED-0DFBA0F455B4}) (Version: 8.0.1 - Driver Mender)
DriverFinder (HKLM-x32\...\DriverFinder) (Version: 2.0.4 - DeskToolsSoft)
DriverScanner (HKLM-x32\...\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1) (Version: 4.0.10.0 - Uniblue Systems Ltd)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.3 - Dropbox, Inc.)
EasyViewer (HKLM-x32\...\InstallShield_{EECD7B96-1416-4D3A-B12D-0D2512120C36}) (Version: 1.3.0.9 - MSI)
EasyViewer (x32 Version: 1.3.0.9 - MSI) Hidden
eSpeak version 1.47.11 (HKLM-x32\...\eSpeak_is1) (Version:  - )
FanDraft Football v13.17 (HKLM-x32\...\FanDraft Football 2013_is1) (Version:  - FanSoft Media)
Fast Break Basketball (HKLM-x32\...\Fast Break Basketball_is1) (Version:  - )
FINAL FANTASY VII (HKLM-x32\...\{141B8BA9-BFFD-4635-AF64-078E31010EC3}_is1) (Version: 1.0 - Square Enix)
FINAL FANTASY VII (HKLM-x32\...\Steam App 39140) (Version:  - Square Enix)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}) (Version: 2.1.27.0 - MAGIX AG)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Free Video Joiner (HKLM-x32\...\{14FA6DD9-92ED-493D-A937-81A78870E08A}_is1) (Version:  - FreeVideoJoiner.com)
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.0.0.0 - Futuremark Corporation)
GameSpy Comrade (HKLM-x32\...\{7F752BAB-4AFD-4138-983D-7E9E7CFE077D}) (Version: 3.2.17.236 - GameSpy)
Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GStreamer WinBuilds 0.10.6 (GPL) (HKLM-x32\...\{BABA6E74-615B-4105-A39C-EF20E99DB79B}) (Version: 0.10.6 - OSSBuild)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2279 - Intel Corporation)
Intel® Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.400.5 - Intel)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iTunes (HKLM\...\{A04DCB25-7040-4935-A30D-8E0A893ABF2D}) (Version: 11.1.2.32 - Apple Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Java™ SE Development Kit 7 Update 1 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170010}) (Version: 1.7.0.10 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kingsoft Office 2013 (9.1.0.4550) (HKLM-x32\...\Kingsoft Office) (Version: 9.1.0.4550 - Kingsoft Corp.)
L.A. Noire (HKLM-x32\...\Steam App 110800) (Version:  - Team Bondi)
Lead and Gold - Gangs of the Wild West (HKLM-x32\...\Steam App 42120) (Version:  - Fatshark)
LiveVDO plugin 1.3 (HKLM-x32\...\LiveVDO plugin) (Version: 1.3 - LiveVDO.tv, Inc.) <==== ATTENTION
Logitech GamePanel Software 3.03.133 (HKLM\...\{6CC95B76-D380-46B2-9022-9353938E48BA}) (Version: 3.03.133 - Logitech Inc.)
MAGIX Video easy SE (HKLM-x32\...\MAGIX_MSI_Video_easy_SE) (Version: 1.0.4.1 - MAGIX AG)
MAGIX Video easy SE (x32 Version: 1.0.4.1 - MAGIX AG) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Max Payne (HKLM-x32\...\Steam App 12140) (Version:  - Rockstar)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
MicroDicom 0.8.1 (HKLM-x32\...\MicroDicom) (Version: 0.8.1 - MicroDicom)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.0 (HKLM\...\{2BF35D84-6377-4F70-9F39-97CF67E67FFF}) (Version: 8.01.249.0 - Microsoft)
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MixPad Audio Mixer (HKLM-x32\...\MixPad) (Version:  - NCH Software)
MobileMe Control Panel (HKLM\...\{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}) (Version: 3.1.8.0 - Apple Inc.)
MotoHelper 2.1.32 Driver 5.4.0 (HKLM-x32\...\MotoHelper) (Version: 2.1.32 - Motorola)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
MOTOROLA MEDIA LINK (HKLM-x32\...\{378397D6-FD32-4092-A854-6A75CB7EDA46}) (Version: 1.5.4090.2 - Motorola)
Motorola Mobile Drivers Installation 5.4.0 (Version: 5.4.0 - Motorola Inc.) Hidden
Mozilla Firefox 29.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0 (x86 en-US)) (Version: 29.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MPC-HC 1.6.8 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.6.8.7417 - MPC-HC Team)
MSI Q-Face (HKLM-x32\...\{E30037F1-29B8-4A98-B673-C47C27641793}) (Version: 1.00.8 - MSI)
MSI VideoGenie Application (HKLM-x32\...\{2181E115-081A-4A96-97AB-7E8413639288}) (Version: 1.0.0.12 - Micro-Star International Co., Ltd.)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
mufin player 1.5 (HKLM-x32\...\MAGIX_MSI_mufin_player_1_5) (Version: 1.5.1.632 - mufin GmbH)
mufin player 1.5 (x32 Version: 1.5.1.632 - mufin GmbH) Hidden
Mumble 1.2.3 (HKLM-x32\...\{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}) (Version: 1.2.3 - Thorvald Natvig)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.19.0 - Black Tree Gaming)
NovaBench 3.0.4 (HKLM-x32\...\{88603FC0-6B3C-442D-981E-E3D49F083548}_is1) (Version:  - Novawave Inc.)
NVIDIA 3D Vision Controller Driver (x32 Version: 280.19 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller Driver 340.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.43 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 340.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.43 - NVIDIA Corporation)
NVIDIA Control Panel 340.43 (Version: 340.43 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.43 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Update 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Octoshape add-in for Adobe Flash Player (HKCU\...\Octoshape add-in for Adobe Flash Player) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice.org 3.3 (HKLM-x32\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
Pinnacle Game Profiler (HKLM-x32\...\{49BF48CC-ABB6-4795-9B35-B5DE005D8612}) (Version: 6.3.3 - PowerUp Software)
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Privacy SafeGuard version 1.1 (HKLM\...\{B820C985-D9F1-45B5-A7F5-0C5863CBEA04}_is1) (Version: 1.1 - Privacy SafeGuard)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.43.321.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6458 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition (HKLM-x32\...\RivaTuner) (Version: v2.24 MSI Master Overclocking Arena 2009 edition - Alexey Nicolaychuk)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) Hidden
SimCity 4 Deluxe (HKLM-x32\...\{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}) (Version:  - )
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.11 - Piriform)
Splashtop Connect IE (HKLM-x32\...\{F9F5EF72-18CF-4DCF-A721-EC86B94DAC46}) (Version: 1.1.12.1 - Splashtop Inc.)
Spotify (HKCU\...\Spotify) (Version: 0.8.3.222.g317ab79d - Spotify AB)
Spotify (HKLM-x32\...\Spotify) (Version: 0.5.2 - )
Star Mission Game (HKLM-x32\...\{75B2E11A-BAB8-4AC3-8CE3-56C0C2027DCA}) (Version: 1.00.202 - MSI)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Super-Charger (HKLM-x32\...\Super-Charger_is1) (Version:  - MSI CO.,LTD.)
System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version:  - )
System Requirements Lab CYRI (HKLM-x32\...\{E5F05232-96B6-4552-A480-785A60A94B21}) (Version: 5.0.6.0 - Husdawg, LLC)
TeamingGenie (HKLM-x32\...\TeamingGenie_is1) (Version:  - Micro-Star INT'L CO., LTD.)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version:  - )
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Veetle TV 0.9.18 (HKLM-x32\...\Veetle TV) (Version: 0.9.18 - Veetle, Inc)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version:  - )
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
Yontoo 1.10.02 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 1.10.02 - Yontoo LLC) <==== ATTENTION
 
==================== Restore Points  =========================
 
28-06-2014 22:07:47 Windows Update
03-07-2014 22:08:29 Windows Update
07-07-2014 19:47:36 Windows Update
09-07-2014 17:59:24 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 22:34 - 2011-04-16 15:32 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {12F57C61-00D4-42AB-9E87-A792A8AC32DB} - System32\Tasks\{57E678FB-93E9-40BD-9097-99789F8E7495} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {2247CECF-3494-4B16-80D2-DFFF8CE8D043} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-01-07] (Microsoft Corporation)
Task: {2D9D5A73-F2B2-4E5E-BC37-937DDB296B6B} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {347ED691-799C-4828-8827-B2262D44049E} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
Task: {3692B267-DDA0-4820-A26E-EF2FFDFF1967} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-27] (Google Inc.)
Task: {3DEE31EA-6F38-4E21-853B-FD22B8EAD01A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {73509748-00C0-4E38-B844-3327823B7ECC} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {8F96DE7A-A65F-4A28-BAC9-95721580786F} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {93E0E41C-C069-48B4-BBAD-7121D1D4ADBF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-27] (Google Inc.)
Task: {A0212AE9-D449-4801-AF85-E8DAFFB751D8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AEB710CD-DABD-4E45-9E1E-40D723BA495B} - System32\Tasks\dsmonitor => C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2013-01-16] (Uniblue Systems Ltd)
Task: {D192E34F-981B-491A-BCBD-2BF0EF0286BA} - System32\Tasks\{66DA773C-3926-4C84-8082-580CFBBA030C} => Chrome.exe http://ui.skype.com/...e=tsProgressBar
Task: {D38F95DB-45F9-450F-81E3-0D731CD992EE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3254388945-2645656317-1035836634-1000Core => C:\Users\Kyle\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-07] (Google Inc.)
Task: {D8306675-22B9-4F7F-BDD6-404D63420377} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {ED57FD4C-E309-4D27-82B8-DF809A6BA044} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3254388945-2645656317-1035836634-1000UA => C:\Users\Kyle\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-07] (Google Inc.)
Task: {F24768C2-4BA2-4CA2-B4CE-75FA34140529} - System32\Tasks\WpsUpdateTask_Kyle => C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe [2014-03-30] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {F5FE1FE1-1715-4649-99A4-77279A83AC87} - System32\Tasks\WpsNotifyTask_Kyle => C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsnotify.exe [2014-03-30] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\dsmonitor.job => C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3254388945-2645656317-1035836634-1000Core.job => C:\Users\Kyle\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3254388945-2645656317-1035836634-1000UA.job => C:\Users\Kyle\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\WpsNotifyTask_Kyle.job => C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsnotify.exe
Task: C:\Windows\Tasks\WpsUpdateTask_Kyle.job => C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-07-21 00:48 - 2005-03-12 00:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2011-12-06 17:00 - 2011-12-06 17:00 - 00214896 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
2013-01-01 17:25 - 2013-01-01 17:25 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-07-20 21:10 - 2014-06-12 22:11 - 00118728 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-03-12 02:16 - 2011-03-02 13:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2011-12-06 17:00 - 2011-12-06 17:00 - 00784240 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
2013-08-28 20:23 - 2013-08-28 20:23 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-09-19 15:57 - 2011-09-19 15:57 - 00128336 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\liveupdatetactics.dll
2011-09-19 15:57 - 2011-09-19 15:57 - 00023872 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\DbAccess.dll
2011-09-19 15:59 - 2011-09-19 15:59 - 00465632 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\sqlite3.dll
2011-09-19 15:57 - 2011-09-19 15:57 - 00045368 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NAdvLog.dll
2011-09-19 15:57 - 2011-09-19 15:57 - 00034128 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NFileCacheDBAccess.dll
2013-08-28 20:25 - 2013-08-28 20:25 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-06-16 21:17 - 2014-06-05 09:58 - 00716616 _____ () C:\Users\Kyle\AppData\Local\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-16 21:17 - 2014-06-05 09:58 - 00126280 _____ () C:\Users\Kyle\AppData\Local\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-16 21:17 - 2014-06-05 09:58 - 04217672 _____ () C:\Users\Kyle\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-16 21:17 - 2014-06-05 09:58 - 00414536 _____ () C:\Users\Kyle\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-16 21:17 - 2014-06-05 09:58 - 01732424 _____ () C:\Users\Kyle\AppData\Local\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2013-09-14 02:51 - 2013-09-14 02:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 02:50 - 2013-09-14 02:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2014-07-09 16:41 - 2014-07-09 16:41 - 00043008 _____ () c:\users\kyle\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8nsgsm.dll
2014-06-21 23:47 - 2013-10-18 19:55 - 25100288 _____ () C:\Users\Kyle\AppData\Roaming\Dropbox\bin\libcef.dll
2014-06-16 21:17 - 2014-06-05 09:58 - 14612296 _____ () C:\Users\Kyle\AppData\Local\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
HKU\S-1-5-21-3254388945-2645656317-1035836634-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/09/2014 04:45:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EasyViewer.exe, version: 1.3.0.9, time stamp: 0x4cad8c52
Faulting module name: EasyViewer.exe, version: 1.3.0.9, time stamp: 0x4cad8c52
Exception code: 0xc0000094
Fault offset: 0x0001624b
Faulting process id: 0x1c40
Faulting application start time: 0xEasyViewer.exe0
Faulting application path: EasyViewer.exe1
Faulting module path: EasyViewer.exe2
Report Id: EasyViewer.exe3
 
Error: (07/09/2014 04:45:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EasyViewer.exe, version: 1.3.0.9, time stamp: 0x4cad8c52
Faulting module name: EasyViewer.exe, version: 1.3.0.9, time stamp: 0x4cad8c52
Exception code: 0xc0000094
Fault offset: 0x0001624b
Faulting process id: 0xdc
Faulting application start time: 0xEasyViewer.exe0
Faulting application path: EasyViewer.exe1
Faulting module path: EasyViewer.exe2
Report Id: EasyViewer.exe3
 
Error: (07/09/2014 02:45:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmpnetwk.exe, version: 12.0.7601.17514, time stamp: 0x4ce7ae7f
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x5315a05a
Exception code: 0x0000046b
Fault offset: 0x000000000000940d
Faulting process id: 0xe70
Faulting application start time: 0xwmpnetwk.exe0
Faulting application path: wmpnetwk.exe1
Faulting module path: wmpnetwk.exe2
Report Id: wmpnetwk.exe3
 
Error: (07/09/2014 00:25:13 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
 
Error: (07/07/2014 04:20:17 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
 
Error: (07/04/2014 11:46:54 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
 
Error: (07/04/2014 00:56:25 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
 
Error: (07/03/2014 01:24:09 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
 
Error: (07/02/2014 03:02:40 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
 
Error: (06/30/2014 11:52:35 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
 
 
System errors:
=============
Error: (07/09/2014 02:46:31 PM) (Source: WMPNetworkSvc) (EventID: 14346) (User: )
Description: 0x8004a026
 
Error: (07/09/2014 02:46:31 PM) (Source: WMPNetworkSvc) (EventID: 14346) (User: )
Description: 0x8004a026
 
Error: (07/09/2014 02:45:55 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}
 
Error: (07/09/2014 02:15:04 PM) (Source: WMPNetworkSvc) (EventID: 14346) (User: )
Description: 0x8004a026
 
Error: (07/09/2014 02:15:03 PM) (Source: WMPNetworkSvc) (EventID: 14346) (User: )
Description: 0x8004a026
 
Error: (07/09/2014 02:04:40 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (07/09/2014 02:04:39 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (07/09/2014 02:04:37 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (07/09/2014 02:04:36 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (07/09/2014 02:04:35 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
 
Microsoft Office Sessions:
=========================
Error: (07/09/2014 04:45:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: EasyViewer.exe1.3.0.94cad8c52EasyViewer.exe1.3.0.94cad8c52c00000940001624b1c4001cf9bb6ae864032C:\Program Files (x86)\MSI\EasyViewer\EasyViewer.exeC:\Program Files (x86)\MSI\EasyViewer\EasyViewer.exeec8eb7b4-07a9-11e4-bb46-6c626de68e4d
 
Error: (07/09/2014 04:45:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: EasyViewer.exe1.3.0.94cad8c52EasyViewer.exe1.3.0.94cad8c52c00000940001624bdc01cf9bb6a96c7b44C:\Program Files (x86)\MSI\EasyViewer\EasyViewer.exeC:\Program Files (x86)\MSI\EasyViewer\EasyViewer.exee7dd7a1d-07a9-11e4-bb46-6c626de68e4d
 
Error: (07/09/2014 02:45:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wmpnetwk.exe12.0.7601.175144ce7ae7fKERNELBASE.dll6.1.7601.184095315a05a0000046b000000000000940de7001cf9ba1b313ffc6C:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\KERNELBASE.dll410c2fed-0799-11e4-bb46-6c626de68e4d
 
Error: (07/09/2014 00:25:13 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
 
Error: (07/07/2014 04:20:17 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
 
Error: (07/04/2014 11:46:54 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
 
Error: (07/04/2014 00:56:25 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
 
Error: (07/03/2014 01:24:09 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
 
Error: (07/02/2014 03:02:40 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
 
Error: (06/30/2014 11:52:35 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
 
 
CodeIntegrity Errors:
===================================
  Date: 2012-07-21 00:59:53.162
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-07-21 00:59:53.128
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-07-21 00:59:51.894
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-07-21 00:59:51.860
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-07-21 00:59:50.826
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-07-21 00:59:50.792
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-07-21 00:59:49.758
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-07-21 00:59:49.733
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-07-21 00:59:47.290
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-07-21 00:59:47.257
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 70%
Total physical RAM: 4078.65 MB
Available physical RAM: 1222.91 MB
Total Pagefile: 8155.48 MB
Available Pagefile: 5049.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:535.38 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 48083207)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
 
 
aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-07-09 23:59:42
-----------------------------
23:59:42.485    OS Version: Windows x64 6.1.7601 Service Pack 1
23:59:42.485    Number of processors: 4 586 0x2A07
23:59:42.485    ComputerName: KYLE-PC  UserName: Kyle
23:59:44.215    Initialize success
23:59:44.257    VM: initialized successfully
23:59:44.273    VM: Intel CPU BiosDisabled 
00:00:21.267    VM: supported disk I/O ataport.SYS
00:02:50.175    AVAST engine defs: 14070901
00:02:53.057    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
00:02:53.059    Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 3
00:02:53.274    Disk 0 MBR read successfully
00:02:53.277    Disk 0 MBR scan
00:02:53.298    Disk 0 Windows 7 default MBR code
00:02:53.305    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
00:02:53.308    Disk 0 default boot code
00:02:53.332    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       953767 MB offset 206848
00:02:53.494    Disk 0 scanning C:\Windows\system32\drivers
00:03:08.160    Service scanning
00:03:16.562    Service GMSIPCI D:\INSTALL\GMSIPCI.SYS **LOCKED** 21
00:03:23.182    Service MSICDSetup D:\CDriver64.sys **LOCKED** 21
00:03:44.387    Modules scanning
00:03:44.391    Disk 0 trace - called modules:
00:03:44.406    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
00:03:44.409    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d10060]
00:03:44.412    3 CLASSPNP.SYS[fffff8800195243f] -> nt!IofCallDriver -> [0xfffffa8004ab1520]
00:03:44.414    5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa8004ab3060]
00:03:45.190    AVAST engine scan C:\Windows
00:03:48.928    AVAST engine scan C:\Windows\system32
00:10:08.827    AVAST engine scan C:\Windows\system32\drivers
00:10:38.590    AVAST engine scan C:\Users\Kyle
01:02:01.968    AVAST engine scan C:\ProgramData
01:12:29.073    Scan finished successfully
01:15:56.172    Disk 0 MBR has been saved successfully to "C:\Users\Kyle\Desktop\MBR.dat"
01:15:56.194    The log file has been saved successfully to "C:\Users\Kyle\Desktop\aswMBR.txt"
 
 


#5 nomarfachix

nomarfachix

    New Member

  • Authentic Member
  • Pip
  • 8 posts

Posted 12 July 2014 - 10:43 PM

Can anybody else help?

#6 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 13 July 2014 - 11:56 AM

Sorry, I was out of office.

 

 

Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs
 

LiveVDO plugin
Yontoo
Download Updater
Babylon toolbar on IE
BabylonObjectInstaller
 


Close the window.

 

 

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Attached Files


Proud Member of UNITE & TB
 

#7 nomarfachix

nomarfachix

    New Member

  • Authentic Member
  • Pip
  • 8 posts

Posted 13 July 2014 - 07:48 PM

This should be everything. Please let me know if I missed something. Thanks
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-07-2014
Ran by Kyle at 2014-07-13 20:00:48 Run:1
Running from C:\Users\Kyle\Documents
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-3254388945-2645656317-1035836634-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
CHR HKLM-x32\...\Chrome\Extension: [oblkmgkfjnmlkemjgheoidmmfncckcej] - C:\Users\Kyle\AppData\Local\CRE\oblkmgkfjnmlkemjgheoidmmfncckcej.crx [2013-08-29]
CHR HKLM-x32\...\Chrome\Extension: [pbiamblgmkgbcgbcgejjgebalncpmhnp] - C:\Program Files (x86)\StartSearch plugin\vshareplg.crx [2011-10-27]
CHR HKLM\...\Chrome\Extension: [geggofhlfbcmanadhknllmlajiafopoh] - C:\Program Files\PrivacySafeGuard\pschrome_adk-cb_1_1.crx [2012-07-21]
CHR HKCU\...\Chrome\Extension: [oblkmgkfjnmlkemjgheoidmmfncckcej] - C:\Users\Kyle\AppData\Local\CRE\oblkmgkfjnmlkemjgheoidmmfncckcej.crx [2013-08-29]
CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Users\Kyle\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx [2012-06-27]
CHR HKLM-x32\...\Chrome\Extension: [geggofhlfbcmanadhknllmlajiafopoh] - C:\Program Files\PrivacySafeGuard\pschrome_adk-cb_1_1.crx [2012-07-21]
CHR HKLM-x32\...\Chrome\Extension: [hpilclpacieflhmobalmaccogiioldoo] - C:\ProgramData\Codecv\hpilclpacieflhmobalmaccogiioldoo.crx [2012-04-05]
CHR Plugin: (LiveVDO plug-in) - C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll (LiveVDO )
CHR Plugin: (downloadUpdater) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll (AOL LLC)
CHR Plugin: (downloadUpdater2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll (AOL LLC)
CHR Plugin: (LiveVDO plug-in) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp\1.3_0\chvsharetvplg.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll (LiveVDO )
FF SearchPlugin: C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\searchplugins\conduit.xml
FF Extension: Plus-HD-2.2 - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com [2014-02-15]
FF Extension: KeyBar 2.5  - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\Extensions\{92ed4bbd-83f2-4c70-bb4e-f8d3716143fe} [2014-02-15]
FF Extension: FreeHDSport TV 3 - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\Extensions\fhdp3@freehdsp.tv.xpi [2013-06-30]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2012-04-05]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdnu.dll (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdnupdater2.dll (AOL LLC)
FF NewTab: hxxp://search.conduit.com/?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SPA37D53BD-430B-42BE-8381-ACCD7DF621C2
FF DefaultSearchEngine: Conduit Search
FF SelectedSearchEngine: Conduit Search
FF Homepage: hxxp://search.conduit.com/?ctid=CT3313053&CUI=UN11272201652563937&UM=2&SearchSource=13&UP=SPA37D53BD-430B-42BE-8381-ACCD7DF621C2&SSPV=
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3313053&SearchSource=2&CUI=UN11272201652563937&UM=2&q=
Toolbar: HKLM-x32 - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
S2 OutfoxTvService; C:\Program Files\OutfoxTV\OutfoxTvService.exe [X]
BHO-x32: Splashtop Connect VisualBookmark - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (Splashtop Inc.)
BHO-x32: No Name - {1036AD63-AEAC-460B-9060-C96005D4DC86} -  No File
BHO-x32: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
BHO: Privacy Safeguard BHO - {1036AD63-AEAC-460B-9060-C96005D4DC86} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll No File
BHO: Plus-HD-2.2 - {11111111-1111-1111-1111-110311301136} - C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-bho64.dll No File
SearchScopes: HKCU - {63140ECF-C629-BE59-8F0E-90B4FF340C03} URL = http://startsear.ch/...q={searchTerms}
SearchScopes: HKCU - {7F74F53F-13E1-48A4-8193-27196A53E6DA} URL = http://search.condui...8122101411&UM=2
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylo...0006c626de68e4d
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = about:splashtopconnect
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
SearchScopes: HKLM-x32 - DefaultScope {7F74F53F-13E1-48A4-8193-27196A53E6DA} URL = 
SearchScopes: HKLM-x32 - {63140ECF-C629-BE59-8F0E-90B4FF340C03} URL = http://startsear.ch/...q={searchTerms}
SearchScopes: HKCU - DefaultScope {7F74F53F-13E1-48A4-8193-27196A53E6DA} URL = http://search.condui...8122101411&UM=2
HKU\S-1-5-21-3254388945-2645656317-1035836634-1000\...\Run: [OutfoxTV] => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
HKLM-x32\...\Run: [STCAgent] => C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe [776064 2011-01-21] (Splashtop Inc.)
HKLM-x32\...\Run: [ZyngaGamesAgent] => C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe [841544 2010-11-15] (Splashtop Inc.)
 
C:\Program Files (x86)\StartSearch plugin
C:\Users\Kyle\AppData\Local\CRE
C:\Program Files\OutfoxTV
C:\ProgramData\hash.dat
2014-06-27 17:50 - 2014-06-27 17:50 - 00000000 ____D () C:\ProgramData\374311380
2014-06-27 17:29 - 2014-06-27 17:29 - 00000000 ____D () C:\Users\Kyle\Documents\Optimizer Pro
C:\ProgramData\Codecv
C:\Program Files\PrivacySafeGuard
C:\Program Files (x86)\BabylonToolbar
C:\Program Files (x86)\Plus-HD-2.2
C:\Program Files (x86)\Splashtop
*****************
 
'HKU\S-1-5-21-3254388945-2645656317-1035836634-1000\Software\Classes\exefile' => Key deleted successfully.
"C:\Windows\SysWOW64\zlib.dll" => ":DocumentSummaryInformation" ADS not found.
"C:\Windows\SysWOW64\zlib.dll" => ":SummaryInformation" ADS not found.
C:\Windows\SysWOW64\zlib.dll => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
C:\ProgramData\TEMP => ":D1B5B4F1" ADS removed successfully.
'HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\oblkmgkfjnmlkemjgheoidmmfncckcej' => Key deleted successfully.
C:\Users\Kyle\AppData\Local\CRE\oblkmgkfjnmlkemjgheoidmmfncckcej.crx => Moved successfully.
'HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp' => Key deleted successfully.
"C:\Program Files (x86)\StartSearch plugin\vshareplg.crx" => File/Directory not found.
'HKLM\SOFTWARE\Google\Chrome\Extensions\geggofhlfbcmanadhknllmlajiafopoh' => Key deleted successfully.
C:\Program Files\PrivacySafeGuard\pschrome_adk-cb_1_1.crx => Moved successfully.
'HKCU\SOFTWARE\Google\Chrome\Extensions\oblkmgkfjnmlkemjgheoidmmfncckcej' => Key deleted successfully.
"C:\Users\Kyle\AppData\Local\CRE\oblkmgkfjnmlkemjgheoidmmfncckcej.crx" => File/Directory not found.
'HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb'=> Key not found.
"C:\Users\Kyle\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx" => File/Directory not found.
'HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\geggofhlfbcmanadhknllmlajiafopoh' => Key deleted successfully.
"C:\Program Files\PrivacySafeGuard\pschrome_adk-cb_1_1.crx" => File/Directory not found.
'HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hpilclpacieflhmobalmaccogiioldoo' => Key deleted successfully.
C:\ProgramData\Codecv\hpilclpacieflhmobalmaccogiioldoo.crx => Moved successfully.
C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll => Moved successfully.
C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll not found.
C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp\1.3_0\chvsharetvplg.dll not found.
C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\searchplugins\conduit-search.xml => Moved successfully.
C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\searchplugins\conduit.xml => Moved successfully.
C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com => Moved successfully.
C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\Extensions\{92ed4bbd-83f2-4c70-bb4e-f8d3716143fe} => Moved successfully.
C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\Extensions\fhdp3@freehdsp.tv.xpi => Moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com => Moved successfully.
Firefox newtab deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
Firefox Keyword.URL deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} => Value not found.
'HKCR\Wow6432Node\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
'HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{6A060448-60F9-11D5-A6CD-0002B31F7455}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{6A060448-60F9-11D5-A6CD-0002B31F7455}' => Key deleted successfully.
OutfoxTvService => Service deleted successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}' => Key deleted successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1036AD63-AEAC-460B-9060-C96005D4DC86}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{1036AD63-AEAC-460B-9060-C96005D4DC86}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}'=> Key not found.
'HKCR\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1036AD63-AEAC-460B-9060-C96005D4DC86}' => Key deleted successfully.
'HKCR\CLSID\{1036AD63-AEAC-460B-9060-C96005D4DC86}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311301136}' => Key deleted successfully.
'HKCR\CLSID\{11111111-1111-1111-1111-110311301136}' => Key deleted successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{63140ECF-C629-BE59-8F0E-90B4FF340C03}' => Key deleted successfully.
'HKCR\CLSID\{63140ECF-C629-BE59-8F0E-90B4FF340C03}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F74F53F-13E1-48A4-8193-27196A53E6DA}' => Key deleted successfully.
'HKCR\CLSID\{7F74F53F-13E1-48A4-8193-27196A53E6DA}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}' => Key deleted successfully.
'HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Restore => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{63140ECF-C629-BE59-8F0E-90B4FF340C03}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{63140ECF-C629-BE59-8F0E-90B4FF340C03}'=> Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-3254388945-2645656317-1035836634-1000\Software\Microsoft\Windows\CurrentVersion\Run\\OutfoxTV => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\STCAgent => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ZyngaGamesAgent => value deleted successfully.
C:\Program Files (x86)\StartSearch plugin => Moved successfully.
C:\Users\Kyle\AppData\Local\CRE => Moved successfully.
"C:\Program Files\OutfoxTV" => File/Directory not found.
C:\ProgramData\hash.dat => Moved successfully.
C:\ProgramData\374311380 => Moved successfully.
C:\Users\Kyle\Documents\Optimizer Pro => Moved successfully.
C:\ProgramData\Codecv => Moved successfully.
C:\Program Files\PrivacySafeGuard => Moved successfully.
"C:\Program Files (x86)\BabylonToolbar" => File/Directory not found.
"C:\Program Files (x86)\Plus-HD-2.2" => File/Directory not found.
C:\Program Files (x86)\Splashtop => Moved successfully.
 
==== End of Fixlog ====
 
 
 
 
 
 
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/13/2014
Scan Time: 8:05:07 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.13.07
Rootkit Database: v2014.07.09.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Kyle
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 304654
Time Elapsed: 13 min, 24 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 42
PUP.Optional.Outbrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}, Quarantined, [0ffc554ab6c5d85e049c7618bd45ca36], 
Adware.Minibug, HKLM\SOFTWARE\CLASSES\INTERFACE\{04A38F6B-006F-4247-BA4C-02A139D5531C}, Quarantined, [62a99f00502bc175c56976fa34ce946c], 
Adware.Minibug, HKLM\SOFTWARE\CLASSES\TypeLib\{3C2D2A1E-031F-4397-9614-87C932A848E0}, Quarantined, [7f8c16893942c571e945bfb17f83c13f], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}, Quarantined, [000b9c03a5d637ff6da04f3dbd45629e], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}, Quarantined, [2be01788e49766d0ad60058744beb34d], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}, Quarantined, [2be01788e49766d0ad60058744beb34d], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{706D4A4B-184A-4434-B331-296B07493D2D}, Quarantined, [2be01788e49766d0ad60058744beb34d], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{8BE10F21-185F-4CA0-B789-9921674C3993}, Quarantined, [2be01788e49766d0ad60058744beb34d], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{94C0B25D-3359-4B10-B227-F96A77DB773F}, Quarantined, [2be01788e49766d0ad60058744beb34d], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}, Quarantined, [2be01788e49766d0ad60058744beb34d], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B173667F-8395-4317-8DD6-45AD1FE00047}, Quarantined, [2be01788e49766d0ad60058744beb34d], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B32672B3-F656-46E0-B584-FE61C0BB6037}, Quarantined, [2be01788e49766d0ad60058744beb34d], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{BFE569F7-646C-4512-969B-9BE3E580D393}, Quarantined, [2be01788e49766d0ad60058744beb34d], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}, Quarantined, [2be01788e49766d0ad60058744beb34d], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C2996524-2187-441F-A398-CD6CB6B3D020}, Quarantined, [2be01788e49766d0ad60058744beb34d], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E047E227-5342-4D94-80F7-CFB154BF55BD}, Quarantined, [2be01788e49766d0ad60058744beb34d], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}, Quarantined, [2be01788e49766d0ad60058744beb34d], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}, Quarantined, [2be01788e49766d0ad60058744beb34d], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}, Quarantined, [2be01788e49766d0ad60058744beb34d], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{706D4A4B-184A-4434-B331-296B07493D2D}, Quarantined, [2be01788e49766d0ad60058744beb34d], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8BE10F21-185F-4CA0-B789-9921674C3993}, Quarantined, [2be01788e49766d0ad60058744beb34d], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{94C0B25D-3359-4B10-B227-F96A77DB773F}, Quarantined, [2be01788e49766d0ad60058744beb34d], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}, Quarantined, [2be01788e49766d0ad60058744beb34d], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B173667F-8395-4317-8DD6-45AD1FE00047}, Quarantined, [2be01788e49766d0ad60058744beb34d], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B32672B3-F656-46E0-B584-FE61C0BB6037}, Quarantined, [2be01788e49766d0ad60058744beb34d], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BFE569F7-646C-4512-969B-9BE3E580D393}, Quarantined, [2be01788e49766d0ad60058744beb34d], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}, Quarantined, [2be01788e49766d0ad60058744beb34d], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C2996524-2187-441F-A398-CD6CB6B3D020}, Quarantined, [2be01788e49766d0ad60058744beb34d], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E047E227-5342-4D94-80F7-CFB154BF55BD}, Quarantined, [2be01788e49766d0ad60058744beb34d], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}, Quarantined, [2be01788e49766d0ad60058744beb34d], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}, Quarantined, [2be01788e49766d0ad60058744beb34d], 
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}, Quarantined, [d536970887f4e74fc14caedec14126da], 
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\YontooIEClient.Api, Quarantined, [1bf0712e6b10d75f9d09a9156f93a060], 
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\YontooIEClient.Api.1, Quarantined, [9e6df2ad0873f1453076eed0a35f30d0], 
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\CLASSES\APPID\YontooIEClient.DLL, Quarantined, [a368861943385ed8bbecc9f5e31f867a], 
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\YontooIEClient.Api, Quarantined, [d3382c730f6c4de9cfd775499d650ef2], 
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\YontooIEClient.Api.1, Quarantined, [f5163867a4d7e551a600c1fdbc46ab55], 
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\YontooIEClient.DLL, Quarantined, [e3286c33d0ab94a28d1af0ce29d98f71], 
PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd, Quarantined, [b75419865b20ef47e4a0e8d3dd2501ff], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3254388945-2645656317-1035836634-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [f01ba1fea0db66d053d01dc41fe3b749], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3254388945-2645656317-1035836634-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [52b92679b6c5de589694589f9e65de22], 
PUP.Optional.SystemSpeedup, HKU\S-1-5-21-3254388945-2645656317-1035836634-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\ssd, Quarantined, [709be6b92655c0769ae9a31831d1cc34], 
 
Registry Values: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3254388945-2645656317-1035836634-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, zr2X2X1G1S1F2V1S2Q0V, Quarantined, [52b92679b6c5de589694589f9e65de22]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 13
PUP.Optional.ValueApps.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\valueApps, Quarantined, [eb208c134338df578bbd7c281de555ab], 
PUP.Optional.ValueApps.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\valueApps\CT3313053, Quarantined, [eb208c134338df578bbd7c281de555ab], 
PUP.Optional.Yontoo.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\jlsnunpb.default\extensions\plugin@yontoo.com, Quarantined, [b358a8f71e5d112503505e4634ce53ad], 
PUP.Optional.Yontoo.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\jlsnunpb.default\extensions\plugin@yontoo.com\content, Quarantined, [b358a8f71e5d112503505e4634ce53ad], 
PUP.Optional.Yontoo.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\jlsnunpb.default\extensions\plugin@yontoo.com\defaults, Quarantined, [b358a8f71e5d112503505e4634ce53ad], 
PUP.Optional.Yontoo.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\jlsnunpb.default\extensions\plugin@yontoo.com\defaults\preferences, Quarantined, [b358a8f71e5d112503505e4634ce53ad], 
PUP.Optional.Yontoo.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\jlsnunpb.default\extensions\plugin@yontoo.com\locale, Quarantined, [b358a8f71e5d112503505e4634ce53ad], 
PUP.Optional.Yontoo.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\jlsnunpb.default\extensions\plugin@yontoo.com\locale\en-US, Quarantined, [b358a8f71e5d112503505e4634ce53ad], 
PUP.Optional.Yontoo.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\jlsnunpb.default\extensions\plugin@yontoo.com\META-INF, Quarantined, [b358a8f71e5d112503505e4634ce53ad], 
PUP.Optional.Yontoo.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\jlsnunpb.default\extensions\plugin@yontoo.com\skin, Quarantined, [b358a8f71e5d112503505e4634ce53ad], 
PUP.Optional.Babylon.A, C:\Users\Kyle\AppData\LocalLow\BabylonToolbar, Quarantined, [59b2aff06219a09681be3e72dc267888], 
PUP.Optional.Babylon.A, C:\Users\Kyle\AppData\LocalLow\BabylonToolbar\BabylonToolbar, Quarantined, [59b2aff06219a09681be3e72dc267888], 
PUP.Optional.SystemSpeedup, C:\Users\Kyle\AppData\Roaming\Systweak\ssd, Quarantined, [ac5f2679b1caa1959ab783348a78f709], 
 
Files: 54
PUP.Optional.BabylonToolBar.A, C:\Users\Kyle\AppData\Local\Temp\~nsu.tmp\Au_.exe, Quarantined, [db30d2cd28534fe704b3ef2f5ca525db], 
PUP.Optional.ValueApps.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\valueApps\CT3313053\_9B+7E+x305.txt, Quarantined, [eb208c134338df578bbd7c281de555ab], 
PUP.Optional.ValueApps.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\valueApps\CT3313053\mam_gk_appsConfig.txt, Quarantined, [eb208c134338df578bbd7c281de555ab], 
PUP.Optional.ValueApps.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\valueApps\CT3313053\mam_gk_localization.txt, Quarantined, [eb208c134338df578bbd7c281de555ab], 
PUP.Optional.ValueApps.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\valueApps\CT3313053\mam_gk_settings1.11.5.1.txt, Quarantined, [eb208c134338df578bbd7c281de555ab], 
PUP.Optional.ValueApps.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\valueApps\CT3313053\mam_gk_settings1.12.0.5.txt, Quarantined, [eb208c134338df578bbd7c281de555ab], 
PUP.Optional.ValueApps.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\valueApps\CT3313053\mam_gk_settings1.13.0.17.txt, Quarantined, [eb208c134338df578bbd7c281de555ab], 
PUP.Optional.ValueApps.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\valueApps\CT3313053\_9B+7E,x305.txt, Quarantined, [eb208c134338df578bbd7c281de555ab], 
PUP.Optional.ValueApps.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\valueApps\CT3313053\_9B+7E-x305.txt, Quarantined, [eb208c134338df578bbd7c281de555ab], 
PUP.Optional.ValueApps.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\valueApps\CT3313053\_9B+7E.x305.txt, Quarantined, [eb208c134338df578bbd7c281de555ab], 
PUP.Optional.ValueApps.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\valueApps\CT3313053\_9B+7E0x305.txt, Quarantined, [eb208c134338df578bbd7c281de555ab], 
PUP.Optional.ValueApps.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\valueApps\CT3313053\_9B+7E1x305.txt, Quarantined, [eb208c134338df578bbd7c281de555ab], 
PUP.Optional.ValueApps.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\valueApps\CT3313053\_9B+7E2x305.txt, Quarantined, [eb208c134338df578bbd7c281de555ab], 
PUP.Optional.ValueApps.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\valueApps\CT3313053\_9B+7E3x305.txt, Quarantined, [eb208c134338df578bbd7c281de555ab], 
PUP.Optional.ValueApps.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\valueApps\CT3313053\_9B+7E4x305.txt, Quarantined, [eb208c134338df578bbd7c281de555ab], 
PUP.Optional.ValueApps.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\valueApps\CT3313053\_9B+7E5x305.txt, Quarantined, [eb208c134338df578bbd7c281de555ab], 
PUP.Optional.ValueApps.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\valueApps\CT3313053\_9B+7E6x305.txt, Quarantined, [eb208c134338df578bbd7c281de555ab], 
PUP.Optional.ValueApps.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\valueApps\CT3313053\_9B+7E7x305.txt, Quarantined, [eb208c134338df578bbd7c281de555ab], 
PUP.Optional.ValueApps.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\valueApps\CT3313053\_9B+7E8x305.txt, Quarantined, [eb208c134338df578bbd7c281de555ab], 
PUP.Optional.ValueApps.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\valueApps\CT3313053\_9B+7E9x305.txt, Quarantined, [eb208c134338df578bbd7c281de555ab], 
PUP.Optional.ValueApps.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\valueApps\CT3313053\_9B+7E;x305.txt, Quarantined, [eb208c134338df578bbd7c281de555ab], 
PUP.Optional.ValueApps.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\valueApps\CT3313053\_9B+7E=x305.txt, Quarantined, [eb208c134338df578bbd7c281de555ab], 
PUP.Optional.ValueApps.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\valueApps\CT3313053\_9B+7E@x305.txt, Quarantined, [eb208c134338df578bbd7c281de555ab], 
PUP.Optional.ValueApps.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\valueApps\CT3313053\_9B+7EAx305.txt, Quarantined, [eb208c134338df578bbd7c281de555ab], 
PUP.Optional.ValueApps.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\valueApps\CT3313053\_9B+7EBx305.txt, Quarantined, [eb208c134338df578bbd7c281de555ab], 
PUP.Optional.ValueApps.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\valueApps\CT3313053\_9B+7ECx305.txt, Quarantined, [eb208c134338df578bbd7c281de555ab], 
PUP.Optional.ValueApps.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\valueApps\CT3313053\_9B+7EDx305.txt, Quarantined, [eb208c134338df578bbd7c281de555ab], 
PUP.Optional.ValueApps.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\valueApps\CT3313053\_9B+7Etx305.txt, Quarantined, [eb208c134338df578bbd7c281de555ab], 
PUP.Optional.ValueApps.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\valueApps\CT3313053\_9B+7E_x305.txt, Quarantined, [eb208c134338df578bbd7c281de555ab], 
PUP.Optional.Yontoo.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\jlsnunpb.default\extensions\plugin@yontoo.com\build.sh, Quarantined, [b358a8f71e5d112503505e4634ce53ad], 
PUP.Optional.Yontoo.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\jlsnunpb.default\extensions\plugin@yontoo.com\chrome.manifest, Quarantined, [b358a8f71e5d112503505e4634ce53ad], 
PUP.Optional.Yontoo.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\jlsnunpb.default\extensions\plugin@yontoo.com\config_build.sh, Quarantined, [b358a8f71e5d112503505e4634ce53ad], 
PUP.Optional.Yontoo.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\jlsnunpb.default\extensions\plugin@yontoo.com\install.rdf, Quarantined, [b358a8f71e5d112503505e4634ce53ad], 
PUP.Optional.Yontoo.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\jlsnunpb.default\extensions\plugin@yontoo.com\readme.txt, Quarantined, [b358a8f71e5d112503505e4634ce53ad], 
PUP.Optional.Yontoo.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\jlsnunpb.default\extensions\plugin@yontoo.com\content\about.xul, Quarantined, [b358a8f71e5d112503505e4634ce53ad], 
PUP.Optional.Yontoo.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\jlsnunpb.default\extensions\plugin@yontoo.com\content\firefoxOverlay.xul, Quarantined, [b358a8f71e5d112503505e4634ce53ad], 
PUP.Optional.Yontoo.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\jlsnunpb.default\extensions\plugin@yontoo.com\content\options.xul, Quarantined, [b358a8f71e5d112503505e4634ce53ad], 
PUP.Optional.Yontoo.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\jlsnunpb.default\extensions\plugin@yontoo.com\content\overlay.js, Quarantined, [b358a8f71e5d112503505e4634ce53ad], 
PUP.Optional.Yontoo.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\jlsnunpb.default\extensions\plugin@yontoo.com\content\y2layers.jpg, Quarantined, [b358a8f71e5d112503505e4634ce53ad], 
PUP.Optional.Yontoo.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\jlsnunpb.default\extensions\plugin@yontoo.com\defaults\preferences\y2layers.js, Quarantined, [b358a8f71e5d112503505e4634ce53ad], 
PUP.Optional.Yontoo.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\jlsnunpb.default\extensions\plugin@yontoo.com\locale\en-US\about.dtd, Quarantined, [b358a8f71e5d112503505e4634ce53ad], 
PUP.Optional.Yontoo.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\jlsnunpb.default\extensions\plugin@yontoo.com\locale\en-US\prefwindow.dtd, Quarantined, [b358a8f71e5d112503505e4634ce53ad], 
PUP.Optional.Yontoo.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\jlsnunpb.default\extensions\plugin@yontoo.com\locale\en-US\y2layers.dtd, Quarantined, [b358a8f71e5d112503505e4634ce53ad], 
PUP.Optional.Yontoo.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\jlsnunpb.default\extensions\plugin@yontoo.com\locale\en-US\y2layers.properties, Quarantined, [b358a8f71e5d112503505e4634ce53ad], 
PUP.Optional.Yontoo.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\jlsnunpb.default\extensions\plugin@yontoo.com\META-INF\manifest.mf, Quarantined, [b358a8f71e5d112503505e4634ce53ad], 
PUP.Optional.Yontoo.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\jlsnunpb.default\extensions\plugin@yontoo.com\META-INF\zigbert.rsa, Quarantined, [b358a8f71e5d112503505e4634ce53ad], 
PUP.Optional.Yontoo.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\jlsnunpb.default\extensions\plugin@yontoo.com\META-INF\zigbert.sf, Quarantined, [b358a8f71e5d112503505e4634ce53ad], 
PUP.Optional.Yontoo.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\jlsnunpb.default\extensions\plugin@yontoo.com\skin\overlay.css, Quarantined, [b358a8f71e5d112503505e4634ce53ad], 
PUP.Optional.Yontoo.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\jlsnunpb.default\extensions\plugin@yontoo.com\skin\toolbar-button.png, Quarantined, [b358a8f71e5d112503505e4634ce53ad], 
PUP.Optional.SystemSpeedup, C:\Users\Kyle\AppData\Roaming\Systweak\ssd\SSDPTstub.exe, Quarantined, [ac5f2679b1caa1959ab783348a78f709], 
PUP.Optional.CrossRider.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "1427f9171cb226c894113070c2c662d9");), Replaced,[33d82a75b1cabd7948578e3f4fb59967]
PUP.Optional.Conduit.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\prefs.js, Good: (), Bad: (user_pref("browser.search.defaulturl", "http://search.condui...archSource=3&q={searchTerms}");), Replaced,[1dee524d7ffc2b0b3ada517dc242a759]
PUP.Optional.Conduit.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\prefs.js, Good: (), Bad: (user_pref("CT3313053.SearchFromAddressBarUrl", "http://search.condui...2563937&UM=2&q=");), Replaced,[54b7732cceadf343e92c69652cd820e0]
PUP.Optional.Conduit.A, C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\prefs.js, Good: (), Bad: (user_pref("CT3313053.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"http://search.condui...SPV=&Lay=1&UM=2\"}");), Replaced,[43c8138cf982171fcc587c526a9aee12]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#8 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 14 July 2014 - 09:13 AM

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 

#9 nomarfachix

nomarfachix

    New Member

  • Authentic Member
  • Pip
  • 8 posts

Posted 14 July 2014 - 11:22 AM

I do not recall having the option to untick "remove found threats", I had to download the scanner because it was not compatible with Chrome. Let me know if there is anything I missed.
 
C:\FRST\Quarantine\C\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\105_corticas_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\108_icm_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\117_coupons_intext_ads_5_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\120_luck_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\125_arcadi2_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\126_revizer_ws_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\127_revizer_p_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\128_superfish_pricora_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\135_arcadi3_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\138_getdeal_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\141_corticas_ru_m.js.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\142_intext_fa_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\159_cortica_rollover_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\171_arcadi2_sourceID_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\175_coolmirage_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\194_retargeting_bi_m.js.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\197_kreapixel_pops_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\198_superfish_no_search_no_coupons_plushd_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\199_superfish_no_coupons_plushd_m.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\extensionData\plugins\91_monetizationLoader.js.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\Extensions\{92ed4bbd-83f2-4c70-bb4e-f8d3716143fe}\Plugins\npConduitFirefoxPlugin.dll a variant of Win32/Conduit.SearchProtect.N potentially unwanted application deleted - quarantined
C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\Program Files (x86)\Conduit\CT3313053\plugins\TBVerifier.dll Win32/Toolbar.Conduit.AC potentially unwanted application deleted - quarantined
C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js Win32/Conduit.SearchProtect.A potentially unwanted application deleted - quarantined
C:\Program Files (x86)\NCH Software\MixPad\mixpad.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Program Files (x86)\NCH Software\MixPad\mpsetup_v3.06.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Program Files (x86)\NCH Software\MixPad\uninst.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Users\Kyle\AppData\Local\Mozilla\Firefox\Profiles\h43e9gz9.default\Cache\4\D2\D4546d01 JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Kyle\AppData\Local\Mozilla\Firefox\Profiles\h43e9gz9.default\Cache\A\C4\9B1EFd01 JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Kyle\AppData\Local\Temp\YontooLayers\background.html JS/Adware.Yontoo.B application cleaned by deleting - quarantined


#10 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 15 July 2014 - 05:34 AM

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.




SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


Proud Member of UNITE & TB
 

#11 nomarfachix

nomarfachix

    New Member

  • Authentic Member
  • Pip
  • 8 posts

Posted 16 July 2014 - 01:07 AM

This should be everything you asked for.. please let me know if something is missing.
 
# AdwCleaner v3.215 - Report created 16/07/2014 at 02:30:30
# Updated 09/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Kyle - KYLE-PC
# Running from : C:\Users\Kyle\Desktop\adwcleaner_3.215.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : SCBackService
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\DeviceVM
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Program Files (x86)\Uniblue
Folder Deleted : C:\Program Files (x86)\Viewpoint
Folder Deleted : C:\Users\Kyle\AppData\Local\Conduit
Folder Deleted : C:\Users\Kyle\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Kyle\AppData\Roaming\DeviceVM
Folder Deleted : C:\Users\Kyle\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\Kyle\AppData\Roaming\SearchProtect
Folder Deleted : C:\Users\Kyle\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Kyle\AppData\Roaming\Uniblue
Folder Deleted : C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PutLockerDownloader.com
Folder Deleted : C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\Smartbar
File Deleted : C:\END
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Kyle\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\driverscanner.lnk
File Deleted : C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\user.js
File Deleted : C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\jlsnunpb.default\user.js
File Deleted : C:\Program Files (x86)\Mozilla Firefox\user.js
File Deleted : C:\Windows\Tasks\dsmonitor.job
File Deleted : C:\Windows\System32\Tasks\dsmonitor
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
Key Deleted : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\STC.FBServiceAPPEventsSink
Key Deleted : HKLM\SOFTWARE\Classes\STC.FBServiceAPPEventsSink.1
Key Deleted : HKLM\SOFTWARE\Classes\STC.OptionMenu
Key Deleted : HKLM\SOFTWARE\Classes\STC.OptionMenu.1
Key Deleted : HKLM\SOFTWARE\Classes\STC.Protocol
Key Deleted : HKLM\SOFTWARE\Classes\STC.Protocol.1
Key Deleted : HKLM\SOFTWARE\Classes\STC.VisualBookmark
Key Deleted : HKLM\SOFTWARE\Classes\STC.VisualBookmark.1
Key Deleted : HKLM\SOFTWARE\Classes\STC.WebObject
Key Deleted : HKLM\SOFTWARE\Classes\STC.WebObject.1
Key Deleted : HKLM\SOFTWARE\Classes\STCHelper.BHOHelper
Key Deleted : HKLM\SOFTWARE\Classes\STCHelper.BHOHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\STCHelper.FBServiceAPP
Key Deleted : HKLM\SOFTWARE\Classes\STCHelper.FBServiceAPP.1
Key Deleted : HKLM\SOFTWARE\Classes\STCHelper.Protocol
Key Deleted : HKLM\SOFTWARE\Classes\STCHelper.Protocol.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskToolbarNRO_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskToolbarNRO_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FirstRowSportApp_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FirstRowSportApp_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3313053
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hjsplit_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hjsplit_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{82A5CE4D-AF0C-45B6-8AF8-75625BE6A08D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B2B7E0CD-E169-43B3-A233-E129610EE314}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0DEC13F0-5C8C-4147-8329-6CDFAD9755B7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0F3DC9E0-C459-4A40-BCF8-747BD9322E10}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E97F0FA-3B44-4634-A87E-8B0D5CFD6365}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{951F5841-FD1E-4F1D-8607-67B174DBD753}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D1CCB0CC-DA45-4797-93D3-DEE7A13F8177}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DCE24E28-D8EF-49BE-BC01-A1DD3B58FCE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E4F7F1A5-490E-4884-A9E3-CBD6A25749E1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFE66D00-A56A-4F7F-81D7-4A28C5816D6C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022442293}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33333333-3333-3333-3333-330033443393}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322302236}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446693}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366306636}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366536636}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077447793}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E8E0178-00EF-413D-9324-E7B3E31572E3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A1A533A8-E106-422B-AE29-D0025269AF83}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B1759D04-0EF9-472A-B5C3-C774997B5321}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0F3DC9E0-C459-4A40-BCF8-747BD9322E10}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFE66D00-A56A-4F7F-81D7-4A28C5816D6C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12C1F3F5-4FB2-4191-A1FD-CA464E6823C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6FA9C2C7-B82C-4944-B077-E1D8EA9E2B3D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{730C3A0D-8C88-468A-B617-7E9913DD6ABC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80ED3EBC-CC05-4336-ABCC-295798855718}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AA267627-1EF3-4619-A982-8B57C636CA73}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C11CE4D0-9C73-491D-A95C-23C0B7BBD490}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322302236}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446693}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366306636}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366536636}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077447793}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\vShare.tv
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17207
 
 
-\\ Mozilla Firefox v29.0 (en-US)
 
[ File : C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\h43e9gz9.default\prefs.js ]
 
Line Deleted : user_pref("CT3313053.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT3313053.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx\"}");
Line Deleted : user_pref("CT3313053.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3313053.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3313053.FF19Solved", "true");
Line Deleted : user_pref("CT3313053.FirstTime", "true");
Line Deleted : user_pref("CT3313053.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3313053.PG_ENABLE", "dHJ1ZQ==");
Line Deleted : user_pref("CT3313053.SF_JUST_INSTALLED", "%CC%C7%D2%D9%CB");
Line Deleted : user_pref("CT3313053.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Line Deleted : user_pref("CT3313053.SF_STATUS", "%CB%D4%C7%C8%D2%CB%CA");
Line Deleted : user_pref("CT3313053.SF_STATUS.enc", "RU5BQkxFRA==");
Line Deleted : user_pref("CT3313053.SF_USER_ID", "%E9%EF%EA%E5%B8%BF%B7%B7%B8%B6%B7%B9%B8%B9%BA%BE%B8%BD%BC%B7%B6%BA%B8%BC%B7");
Line Deleted : user_pref("CT3313053.SF_USER_ID.enc", "Y2lkXzI5MTEyMDEzMjM0ODI3NjEwNDI2MQ==");
Line Deleted : user_pref("CT3313053.UserID", "UN11272201652563937");
Line Deleted : user_pref("CT3313053._key_edilia__uID", "%EA%EC%EC%BC%BF%BA%B6%BC%B3%BB%B6%E7%BE%B3%BA%BE%E8%B9%B3%BF%B7%E8%BC%B3%EB%EA%BB%BA%EA%E9%B9%B7%EA%B7%EB%EB");
Line Deleted : user_pref("CT3313053._key_edilia__uID.enc", "ZGZmNjk0MDYtNTBhOC00OGIzLTkxYjYtZWQ1NGRjMzFkMWVl");
Line Deleted : user_pref("CT3313053.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3313053.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3313053.cbfirsttime", "%CC%F8%EF%A6%D4%F5%FC%A6%B8%BF%A6%B8%B6%B7%B9%A6%B8%B9%C0%BA%BE%C0%B8%BD%A6%CD%D3%DA%B3%B6%BB%B6%B6%A6%AE%CB%E7%F9%FA%EB%F8%F4%A6%D9%FA%E7%F4%EA%E7%F8%EA%A6%DA%EF%F[...]
Line Deleted : user_pref("CT3313053.cbfirsttime.enc", "RnJpIE5vdiAyOSAyMDEzIDIzOjQ4OjI3IEdNVC0wNTAwIChFYXN0ZXJuIFN0YW5kYXJkIFRpbWUp");
Line Deleted : user_pref("CT3313053.countryCode", "US");
Line Deleted : user_pref("CT3313053.defaultSearch", "true");
Line Deleted : user_pref("CT3313053.embeddedsData", "[{\"appId\":\"130222498619296951\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3313053.enableAlerts", "true");
Line Deleted : user_pref("CT3313053.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3313053.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3313053.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3313053.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3313053.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3313053.fullUserID", "UN11272201652563937.IN.20130923212553");
Line Deleted : user_pref("CT3313053.installDate", "23/09/2013 21:26:08");
Line Deleted : user_pref("CT3313053.installId", "stub.exe");
Line Deleted : user_pref("CT3313053.installSessionId", "{A0711B30-01AE-482A-AC67-BCB025660F2D}");
Line Deleted : user_pref("CT3313053.installSp", "TRUE");
Line Deleted : user_pref("CT3313053.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3313053.installUsage", "2013-11-30T09:56:15.8226199+03:00");
Line Deleted : user_pref("CT3313053.installUsageEarly", "2013-11-30T07:47:28.1083068+03:00");
Line Deleted : user_pref("CT3313053.installerVersion", "1.6.1.2");
Line Deleted : user_pref("CT3313053.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3313053.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3313053.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3313053.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3313053.keyword", "true");
Line Deleted : user_pref("CT3313053.lastVersion", "10.22.5.510");
Line Deleted : user_pref("CT3313053.mam_gk_appStateReportTime", "%B7%B9%BE%BC%BE%B8%BF%B6%B9%B6%BD%BF%B9");
Line Deleted : user_pref("CT3313053.mam_gk_appStateReportTime.enc", "MTM4NjgyOTAzMDc5Mw==");
Line Deleted : user_pref("CT3313053.mam_gk_appState_CouponBuddy", "%F5%F4");
Line Deleted : user_pref("CT3313053.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Deleted : user_pref("CT3313053.mam_gk_appState_Discover", "%F5%F4");
Line Deleted : user_pref("CT3313053.mam_gk_appState_Discover.enc", "b24=");
Line Deleted : user_pref("CT3313053.mam_gk_appState_Discover_Apps", "%F5%F4");
Line Deleted : user_pref("CT3313053.mam_gk_appState_Discover_Apps.enc", "b24=");
Line Deleted : user_pref("CT3313053.mam_gk_appState_Easytobook", "%F5%F4");
Line Deleted : user_pref("CT3313053.mam_gk_appState_Easytobook.enc", "b24=");
Line Deleted : user_pref("CT3313053.mam_gk_appState_Easytobook_targeted", "%F5%F4");
Line Deleted : user_pref("CT3313053.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Line Deleted : user_pref("CT3313053.mam_gk_appState_Find-a-Pro", "%F5%F4");
Line Deleted : user_pref("CT3313053.mam_gk_appState_Find-a-Pro.enc", "b24=");
Line Deleted : user_pref("CT3313053.mam_gk_appState_PriceGong", "%F5%F4");
Line Deleted : user_pref("CT3313053.mam_gk_appState_PriceGong.enc", "b24=");
Line Deleted : user_pref("CT3313053.mam_gk_appState_WindowShopper", "%F5%F4");
Line Deleted : user_pref("CT3313053.mam_gk_appState_WindowShopper.enc", "b24=");
Line Deleted : user_pref("CT3313053.mam_gk_appState_YieldKit", "%F5%F4");
Line Deleted : user_pref("CT3313053.mam_gk_appState_YieldKit.enc", "b24=");
Line Deleted : user_pref("CT3313053.mam_gk_appState_app13", "%F5%F4");
Line Deleted : user_pref("CT3313053.mam_gk_appState_app13.enc", "b24=");
Line Deleted : user_pref("CT3313053.mam_gk_appsConfig.enc", "eyJBcHBzQ29uZmlndXJhdGlvbiI6W3siaWQiOiJhcHAxMyIsInVybCI6Imh0dHA6Ly9zdG9yYWdlLmNvbmR1aXQuY29tL21hbS8zcmRwYXJ0eWFwcHMvZWRpbGlhL2VkaWxpYS5odG1sIiwic2NyaXB0VX[...]
Line Deleted : user_pref("CT3313053.mam_gk_appsDefaultEnabled", "%F4%FB%F2%F2");
Line Deleted : user_pref("CT3313053.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Deleted : user_pref("CT3313053.mam_gk_calledSetupService", "%B7");
Line Deleted : user_pref("CT3313053.mam_gk_calledSetupService.enc", "MQ==");
Line Deleted : user_pref("CT3313053.mam_gk_currentVersion", "%B7%B4%B7%B8%B4%B6%B4%BB");
Line Deleted : user_pref("CT3313053.mam_gk_currentVersion.enc", "MS4xMi4wLjU=");
Line Deleted : user_pref("CT3313053.mam_gk_existingUsersRecoveryDone", "%B7");
Line Deleted : user_pref("CT3313053.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Line Deleted : user_pref("CT3313053.mam_gk_first_time", "%B7");
Line Deleted : user_pref("CT3313053.mam_gk_first_time.enc", "MQ==");
Line Deleted : user_pref("CT3313053.mam_gk_globalKeysMigratedToLocalStorage", "%B7");
Line Deleted : user_pref("CT3313053.mam_gk_globalKeysMigratedToLocalStorage.enc", "MQ==");
Line Deleted : user_pref("CT3313053.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3313053.mam_gk_lastLoginTime", "%B7%B9%BE%BC%BE%B8%BF%B6%B9%B6%BE%BE%B6");
Line Deleted : user_pref("CT3313053.mam_gk_lastLoginTime.enc", "MTM4NjgyOTAzMDg4MA==");
Line Deleted : user_pref("CT3313053.mam_gk_localization.enc", "eyJkaWFsb2dPSyI6eyJUZXh0IjoiT0sifSwiZG1ib3gxIjp7IlRleHQiOiJEZWFsXHJcbm9mIHRoZSBkYXkifSwiZG1ib3gyIjp7IlRleHQiOiJGcmVlXHJcblNoaXBtZW50In0sImRtYnVsbGV0MSI6[...]
Line Deleted : user_pref("CT3313053.mam_gk_mamEnabled", "%FA%F8%FB%EB");
Line Deleted : user_pref("CT3313053.mam_gk_mamEnabled.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3313053.mam_gk_new_welcome_experience", "%B7");
Line Deleted : user_pref("CT3313053.mam_gk_new_welcome_experience.enc", "MQ==");
Line Deleted : user_pref("CT3313053.mam_gk_pgUnloadedOnce", "%FA%F8%FB%EB");
Line Deleted : user_pref("CT3313053.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3313053.mam_gk_settings1.11.5.1", "ā%A8%D9%FA%E7%FA%FB%F9%A8%C0%A8%F9%FB%E9%E9%EB%EB%EA%EB%EA%A8%B2%A8%CA%E7%FA%E7%A8%C0ā%A8%E9%FB%F8%F8%EB%F4%FA%CA%E7%FA%EB%A8%C0%A8%B8%B6%B7%B[...]
Line Deleted : user_pref("CT3313053.mam_gk_settings1.11.5.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxMzExMzAiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6Ijg2XzAiLCJpc1Rlc3QiOnRydWUsIlVzZXJDb3VudHJ5[...]
Line Deleted : user_pref("CT3313053.mam_gk_settings1.12.0.5", "ā%A8%D9%FA%E7%FA%FB%F9%A8%C0%A8%F9%FB%E9%E9%EB%EB%EA%EB%EA%A8%B2%A8%CA%E7%FA%E7%A8%C0ā%A8%E9%FB%F8%F8%EB%F4%FA%CA%E7%FA%EB%A8%C0%A8%B8%B6%B7%B[...]
Line Deleted : user_pref("CT3313053.mam_gk_settings1.12.0.5.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxMzEyMTIiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6Ijg2XzAiLCJpc1Rlc3QiOnRydWUsIlVzZXJDb3VudHJ5[...]
Line Deleted : user_pref("CT3313053.mam_gk_showWelcomeGadget", "%EC%E7%F2%F9%EB");
Line Deleted : user_pref("CT3313053.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3313053.mam_gk_stamp", "%BE%BC%E5%B6");
Line Deleted : user_pref("CT3313053.mam_gk_stamp.enc", "ODZfMA==");
Line Deleted : user_pref("CT3313053.mam_gk_userId", "%B9%B7%BF%E8%B8%B7%BC%BC%B3%B6%E7%B7%B9%B3%BA%BD%E9%BD%B3%E8%BF%BD%B9%B3%BE%B8%B8%B8%BF%E8%B6%B9%E9%E8%BA%BB");
Line Deleted : user_pref("CT3313053.mam_gk_userId.enc", "MzE5YjIxNjYtMGExMy00N2M3LWI5NzMtODIyMjliMDNjYjQ1");
Line Deleted : user_pref("CT3313053.mam_gk_user_approval_interacted", "%B7");
Line Deleted : user_pref("CT3313053.mam_gk_user_approval_interacted.enc", "MQ==");
Line Deleted : user_pref("CT3313053.mam_gk_welcomeDialogMode", "%B7");
Line Deleted : user_pref("CT3313053.mam_gk_welcomeDialogMode.enc", "MQ==");
Line Deleted : user_pref("CT3313053.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Fwww.rockmyrun.com%2Findex.php%3Foption%3Dcom_content%26view%3Dsection%26layout%3Dblog%26id%3D10%26Itemid%3D2\",\"EB[...]
Line Deleted : user_pref("CT3313053.openThankYouPage", "false");
Line Deleted : user_pref("CT3313053.openUninstallPage", "true");
Line Deleted : user_pref("CT3313053.originalHomepage", "about:home");
Line Deleted : user_pref("CT3313053.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3313053.originalSearchEngine", "");
Line Deleted : user_pref("CT3313053.originalSearchEngineName", "");
Line Deleted : user_pref("CT3313053.price-gong.isManagedApp", "true");
Line Deleted : user_pref("CT3313053.rematchagent-periodic-reports", "ā%A8%F6%EF%F4%ED%E5%B6%A8%C0%E1%B7%B9%BE%BC%BE%B8%BF%B8%B9%BE%B7%BD%B6%B2%B7%BA%BA%B6%B6%B6%B6%B6%E3ă");
Line Deleted : user_pref("CT3313053.rematchagent-periodic-reports.enc", "eyJwaW5nXzAiOlsxMzg2ODI5MjM4MTcwLDE0NDAwMDAwXX0=");
Line Deleted : user_pref("CT3313053.rematchagent-user-id", "%A8%EC%E7%BB%BB%BF%B8%B9%B7%B3%BA%B9%E9%BB%B3%BA%BB%BB%BC%B3%E8%B7%B6%E7%B3%EC%B8%BA%BF%E7%E7%EA%BD%BD%BE%E7%B9%A8");
Line Deleted : user_pref("CT3313053.rematchagent-user-id.enc", "ImZhNTU5MjMxLTQzYzUtNDU1Ni1iMTBhLWYyNDlhYWQ3NzhhMyI=");
Line Deleted : user_pref("CT3313053.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3313053.search.searchAppId", "130222498619296951");
Line Deleted : user_pref("CT3313053.search.searchCount", "0");
Line Deleted : user_pref("CT3313053.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3313053.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3313053.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3313053.searchRevert", "false");
Line Deleted : user_pref("CT3313053.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT3313053.searchUserMode", "2");
Line Deleted : user_pref("CT3313053.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3313053.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3313053.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3313053.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3313053\"}");
Line Deleted : user_pref("CT3313053.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://KeyBar25.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3313053.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"KeyBar 2.5 \"}");
Line Deleted : user_pref("CT3313053.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3313053.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3313053.serviceLayer_services_Configuration_lastUpdate", "1399415183900");
Line Deleted : user_pref("CT3313053.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1399415182715");
Line Deleted : user_pref("CT3313053.serviceLayer_services_appsMetadata_lastUpdate", "1399415183428");
Line Deleted : user_pref("CT3313053.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1399415182690");
Line Deleted : user_pref("CT3313053.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1385786888473");
Line Deleted : user_pref("CT3313053.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1385794616101");
Line Deleted : user_pref("CT3313053.serviceLayer_services_login_10.20.0.13_lastUpdate", "1386829026345");
Line Deleted : user_pref("CT3313053.serviceLayer_services_login_10.22.5.510_lastUpdate", "1399415182784");
Line Deleted : user_pref("CT3313053.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1399415182624");
Line Deleted : user_pref("CT3313053.serviceLayer_services_searchAPI_lastUpdate", "1399415183846");
Line Deleted : user_pref("CT3313053.serviceLayer_services_serviceMap_lastUpdate", "1399415182654");
Line Deleted : user_pref("CT3313053.serviceLayer_services_toolbarContextMenu_lastUpdate", "1399415182719");
Line Deleted : user_pref("CT3313053.serviceLayer_services_toolbarSettings_lastUpdate", "1399415182675");
Line Deleted : user_pref("CT3313053.serviceLayer_services_translation_lastUpdate", "1399415182563");
Line Deleted : user_pref("CT3313053.settingsINI", true);
Line Deleted : user_pref("CT3313053.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3313053.showToolbarPermission", "false");
Line Deleted : user_pref("CT3313053.smartbar.CTID", "CT3313053");
Line Deleted : user_pref("CT3313053.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3313053.smartbar.homepage", "true");
Line Deleted : user_pref("CT3313053.smartbar.toolbarName", "KeyBar 2.5 ");
Line Deleted : user_pref("CT3313053.startPage", "true");
Line Deleted : user_pref("CT3313053.toolbarBornServerTime", "30-11-2013");
Line Deleted : user_pref("CT3313053.toolbarCurrentServerTime", "7-5-2014");
Line Deleted : user_pref("CT3313053.toolbarLoginClientTime", "Sat Nov 30 2013 01:56:55 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT3313053.versionFromInstaller", "10.20.0.13");
Line Deleted : user_pref("CT3313053.xpeMode", "0");
Line Deleted : user_pref("CT3313053_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1399415178651,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "Conduit Search");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com&CUI=UN11272201652563937");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3313053");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "KeyBar 2.5 Customized Web Search");
Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3313053");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3313053&CUI=UN11272201652563937&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3313053&octid=CT3313053&SearchSource[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3313053&SearchSource=2&CUI=UN11272201652563937&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3313053");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3313053");
Line Deleted : user_pref("smartbar.machineId", "FRVKQG+1KIGSKF61+YMTC+B7UL5NM7VFMGKJZJH/NDTMNJOFJLMLFDJJOFT5XCYSDX95N7XHSDVU6BPU25FTJW");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3313053&CUI=UN11272201652563937&UM=2&SearchSource=13");
Line Deleted : user_pref("valueApps.CT3313053./9B+7E+x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3313053./9B+7E,x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3313053./9B+7E-x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3313053./9B+7E.:2z527", "2423");
Line Deleted : user_pref("valueApps.CT3313053./9B+7E.:2z527.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053./9B+7E.x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3313053./9B+7E/x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3313053./9B+7E06CG5EL8:", "6E6D68696F7370756F74");
Line Deleted : user_pref("valueApps.CT3313053./9B+7E06CG5EL8:.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053./9B+7E06CG5EL;8I:K", "247E2D2F226A74736E6F7579767B757A242F4B49474F42357D5D5C3D");
Line Deleted : user_pref("valueApps.CT3313053./9B+7E06CG5EL;8I:K.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053./9B+7E0x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3313053./9B+7E1x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3313053./9B+7E2x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3313053./9B+7E3x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3313053./9B+7E4x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3313053./9B+7E5x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3313053./9B+7E6x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3313053./9B+7E7x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3313053./9B+7E8x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3313053./9B+7E9x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3313053./9B+7E:x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3313053./9B+7E;x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3313053./9B+7E<x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3313053./9B+7E=x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3313053./9B+7E>x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3313053./9B+7E?x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3313053./9B+7E@x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3313053./9B+7EAx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3313053./9B+7EBE3G=;D9N9=D", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
Line Deleted : user_pref("valueApps.CT3313053./9B+7EBE3G=;D9N9=D.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053./9B+7EBx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3313053./9B+7ECx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3313053./9B+7EDx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3313053./9B+7Etx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3313053./9B-0?3G>D", "3D3D6D6C70426C6D7A74787178207B7C4E78257D5121242A245527582A592C275C2E2E2A");
Line Deleted : user_pref("valueApps.CT3313053./9B-0?3G>D.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053./9B-0?3G@6:5;", "");
Line Deleted : user_pref("valueApps.CT3313053./9B-0?3G@6:5;.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053./9B-0?3GFA7EF", "2B2E2C3D");
Line Deleted : user_pref("valueApps.CT3313053./9B-0?3GFA7EF.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053./9B-3=3ECCJA=F>", "247E333D2C452F4135276F297B7E7D21202F26313E4249357D37382F3A494D5D513F283338435D6554695B65546D57695D5D686365533C70766C66755E");
Line Deleted : user_pref("valueApps.CT3313053./9B-3=3ECCJA=F>.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053./9B/>01=9A6K6<IM;KRIE@PDAWM", "6A696B7273747576");
Line Deleted : user_pref("valueApps.CT3313053./9B/>01=9A6K6<IM;KRIE@PDAWM.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053./9B3=>@44I48?", "372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");
Line Deleted : user_pref("valueApps.CT3313053./9B3=>@44I48?.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053./9B5BA==9CJAG", "6C6B703D6E706C767A43444678787975787B7D7D24");
Line Deleted : user_pref("valueApps.CT3313053./9B5BA==9CJAG.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053./9B6B11G4C56B>F;P;ANR@P", "6E6D68696F7370756E76767A74");
Line Deleted : user_pref("valueApps.CT3313053./9B6B11G4C56B>F;P;ANR@P.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053./9B90E@.3C;7B=?OFB>>RHIQS", "393F352F3E");
Line Deleted : user_pref("valueApps.CT3313053./9B90E@.3C;7B=?OFB>>RHIQS.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053./9B9643G3/9E", "6A");
Line Deleted : user_pref("valueApps.CT3313053./9B9643G3/9E.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053./9B;45>:BI9I7IE", "2B2E2C3D");
Line Deleted : user_pref("valueApps.CT3313053./9B;45>:BI9I7IE.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053./9B<:222H64<", "393F352F3E");
Line Deleted : user_pref("valueApps.CT3313053./9B<:222H64<.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053./9B<:222H64<L8DAJ", "6D70706E7674707977722A7879727B78757E7D");
Line Deleted : user_pref("valueApps.CT3313053./9B<:222H64<L8DAJ.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053./9B=+03EH8H8J?:", "4443");
Line Deleted : user_pref("valueApps.CT3313053./9B=+03EH8H8J?:.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053./9B?+E2A52D8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
Line Deleted : user_pref("valueApps.CT3313053./9B?+E2A52D8.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053./9B?B0D:8AJ62<H", "6D");
Line Deleted : user_pref("valueApps.CT3313053./9B?B0D:8AJ62<H.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053./9BA@0<0BI6A7GN:6@L?", "6C");
Line Deleted : user_pref("valueApps.CT3313053./9BA@0<0BI6A7GN:6@L?.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053.PG_ENABLE", "74727565");
Line Deleted : user_pref("valueApps.CT3313053.PG_ENABLE.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053.SF_JUST_INSTALLED", "46414C5345");
Line Deleted : user_pref("valueApps.CT3313053.SF_JUST_INSTALLED.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_appStateReportTime", "31333939343135313930303033");
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_appStateReportTime.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_appState_CouponBuddy", "6F6E");
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_appState_CouponBuddy.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_appState_Discover", "6F6E");
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_appState_Discover.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_appState_Discover_Apps", "6F6E");
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_appState_Discover_Apps.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_appState_Easytobook", "6F6E");
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_appState_Easytobook.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_appState_Easytobook_targeted", "6F6E");
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_appState_Easytobook_targeted.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_appState_Find-a-Pro", "6F6E");
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_appState_Find-a-Pro.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_appState_PriceGong", "6F6E");
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_appState_PriceGong.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_appState_WindowShopper", "6F6E");
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_appState_WindowShopper.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_appState_YieldKit", "6F6E");
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_appState_YieldKit.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_appState_app13", "6F6E");
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_appState_app13.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_appsConfig.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_appsDefaultEnabled", "6E756C6C");
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_appsDefaultEnabled.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_calledSetupService", "31");
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_calledSetupService.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_currentVersion", "312E31332E302E3137");
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_currentVersion.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_existingUsersRecoveryDone", "31");
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_existingUsersRecoveryDone.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_first_time", "31");
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_first_time.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_globalKeysMigratedToLocalStorage", "31");
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_globalKeysMigratedToLocalStorage.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_installer_preapproved", "66616C7365");
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_installer_preapproved.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_lastLoginTime", "31333939343135313930313131");
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_lastLoginTime.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_localization.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_mamEnabled", "74727565");
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_mamEnabled.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_migrated_from_ls", "31");
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_migrated_from_ls.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_new_welcome_experience", "31");
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_new_welcome_experience.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_pgUnloadedOnce", "74727565");
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_pgUnloadedOnce.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_settings1.11.5.1.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_settings1.12.0.5.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_settings1.13.0.17.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_showWelcomeGadget", "66616C7365");
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_showWelcomeGadget.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_stamp", "313034335F30");
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_stamp.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_userBornDate", "4E2F41");
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_userBornDate.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_userId", "33313962323136362D306131332D343763372D623937332D383232323962303363623435");
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_userId.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_user_approval_interacted", "31");
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_user_approval_interacted.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_welcomeDialogMode", "31");
Line Deleted : user_pref("valueApps.CT3313053.mam_gk_welcomeDialogMode.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053.rematchagent-matkot-user-id", "22313339393431353139343432333330323334353622");
Line Deleted : user_pref("valueApps.CT3313053.rematchagent-matkot-user-id.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3313053.rematchagent-periodic-reports", "7B2270696E675F30223A5B313339393431353139303835372C31343430303030305D7D");
Line Deleted : user_pref("valueApps.CT3313053.rematchagent-periodic-reports.storedInFile", false);
 
-\\ Google Chrome v
 
[ File : C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3321744&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SPA37D53BD-430B-42BE-8381-ACCD7DF621C2&q={searchTerms}&SSPV=
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://startsear.ch/?aff=2&src=sp&cf=f6f54491-3d84-11e1-bed8-6c626de68e4d&q={searchTerms}
Deleted [Extension] : bgnnidmnbdkmhfkjgdnngciimpdgohok
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : dhkplhfnhceodhffomolpfigojocbpcb
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
Deleted [Extension] : kfakeonomonapccoamcmdgpoaicnpnoo
Deleted [Extension] : pbiamblgmkgbcgbcgejjgebalncpmhnp
Deleted [Extension] : pfmopbbadnfoelckkcmjjeaaegjpjjbk
 
*************************
 
AdwCleaner[R0].txt - [44206 octets] - [16/07/2014 02:28:31]
AdwCleaner[S0].txt - [44704 octets] - [16/07/2014 02:30:30]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [44765 octets] ##########
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Kyle on Wed 07/16/2014 at  2:43:17.61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
Successfully stopped: [Service] wcuservice_stc_ie 
Successfully deleted: [Service] wcuservice_stc_ie 
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{438C9553-B864-4C13-B737-F09D7BCD6F05}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{525A2FD5-8D69-439B-A5EB-CE645A2BA753}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59EF587E-2401-4364-A826-473F98A0EA1F}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AB1653C3-F899-43FB-9D39-3B88CB26FF50}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby-20120620_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby-20120620_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeepInstallerAK_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeepInstallerAK_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby-20120620_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby-20120620_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PricePeepInstallerAK_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PricePeepInstallerAK_RASMANCS
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Kyle\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\Kyle\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\privacy safeguard"
 
 
 
~~~ FireFox
 
Successfully deleted: [File] C:\user.js
Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml.old"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml.old"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/16/2014 at  2:55:59.09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

 Results of screen317's Security Check version 0.99.85  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 60  
 Adobe Flash Player 14.0.0.145  
 Adobe Reader 10.1.10 Adobe Reader out of Date!  
 Mozilla Firefox (29.0) 
 Google Chrome 35.0.1916.114  
 Google Chrome 35.0.1916.153  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
 


#12 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 16 July 2014 - 02:40 AM

Your system is clean now! :)

 

 

Adobe Reader out of date

Your Adobe Reader is outdated. We will fix this.


  • Get the actual software from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
  • Run setup and follow the instructions.
  • Click upon Start-->control panel-->add/remove programs.
  • Search for and remove any older reader versions.

 

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  • In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  • In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  • In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process
  • If there is still something left please delete it manualy.




Delete System Restore Points

To ensure your System Restore Points are free of malware, we will delete all of them but the most recent or create a new one.

On Windows Vista: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows 7/8: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows XP: Please follow these instructions to delete all but the most common System Protection Restore Points.




Temp File Cleaner

We need to download Temp File Cleaner (TFC) by OldTimer:
  • Please download TFC.exe by Oldtimer at one of the two links: Link 1 Link 2
  • Save and close all running applications
  • Double-click on TFC.exe to run the program
  • Click on Start to begin the cleaning process note: this program may close running applications, make your screen disappear temporarily, or require a reboot of your PC - this is normal and part of the cleanup
  • When the scan is complete, if you were not asked to reboot the computer, please do so now
More Information can be found about the tool here: http://www.geekstogo...er-by-oldtimer/

 

 

 

 

Recommendations: How to protect yourself

  • System Updates
    Please ensure to have automatic updates activated in your control panel.
    For further information and a tutorial, see this Microsoft Support article.
  • Protection
    What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
    Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
    • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
      It will filter unwanted advertising out of the website´s content.
    • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
      It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
      In addition, before accessing a dangerous classified web site, a warning screen is displayed.

  • Up to date Software
    Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:

  • Backup
    Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system.
  • Behaviour
    The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.
    • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
    • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
    • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
      They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.


Proud Member of UNITE & TB
 

#13 nomarfachix

nomarfachix

    New Member

  • Authentic Member
  • Pip
  • 8 posts

Posted 16 July 2014 - 03:23 PM

All done! Thank you so much for your help!



#14 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 17 July 2014 - 01:33 AM

You´re welcome! :)


Proud Member of UNITE & TB
 

#15 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 17 July 2014 - 01:34 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.
Proud Member of UNITE & TB
 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users