Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Popups, blue double underlined words, and more.


  • This topic is locked This topic is locked
12 replies to this topic

#1 Shend23

Shend23

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 23 August 2014 - 06:15 PM

Hello, I'm Shend23, my PC has been currently acting weird lately. Starting off, when I login to Steam, I see double blue underlined words. When I hover over them, it displays an add. When I click anywhere, I get a popup or a new tab opening for some ad or such. I've then been getting popups on Steam and in Google Chrome. My internet has been acting really slow when this started. When I type in something on google or etc, basically 99% of the time, it either shows webpage not available, takes an extreme amount of time, or: [Kanar] DNS Lookup for "insert whatever website I'm trying to go on here" No such host is known. I'm very frustrated and need help ASAP. Maybe this is very common, maybe not. Please help. Thanks.


Edited by Shend23, 23 August 2014 - 06:28 PM.


BC AdBot (Login to Remove)

 


m

#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:16 AM

Posted 24 August 2014 - 08:01 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 Shend23

Shend23
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 24 August 2014 - 11:34 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2014 03
Ran by Bresha (administrator) on BRESHA-PC on 24-08-2014 11:29:59
Running from C:\Users\Bresha\Downloads
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(WebEx Communications, Inc.) C:\Windows\SysWOW64\atashost.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
() C:\Program Files (x86)\pastaleads\PastaLeadsService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Dropbox, Inc.) C:\Users\Bresha\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Google Inc.) C:\Users\Bresha\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bresha\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bresha\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bresha\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bresha\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bresha\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bresha\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bresha\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [225792 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [nmctxth] => C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe [647216 2009-07-07] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [nmapp] => C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe [472112 2009-07-08] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296096 2012-08-14] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoDrives] 0x00000002
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1956068371-4262814005-2577103481-1004\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1956068371-4262814005-2577103481-1004\...\Run: [Google Update] => C:\Users\Bresha\AppData\Local\Google\Update\GoogleUpdate.exe [135664 2009-12-24] (Google Inc.)
HKU\S-1-5-21-1956068371-4262814005-2577103481-1004\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1937600 2014-08-13] (Valve Corporation)
HKU\S-1-5-21-1956068371-4262814005-2577103481-1004\...\Run: [DW6] => "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
HKU\S-1-5-21-1956068371-4262814005-2577103481-1004\...\Run: [Facebook Update] => C:\Users\Bresha\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-10-29] (Facebook Inc.)
HKU\S-1-5-21-1956068371-4262814005-2577103481-1004\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-1956068371-4262814005-2577103481-1004\...\Run: [fastclean] => "C:\Program Files (x86)\FastClean PRO\fastcleanpro.exe"
HKU\S-1-5-21-1956068371-4262814005-2577103481-1004\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_Plugin.exe [839560 2013-12-31] (Adobe Systems Incorporated)
HKU\S-1-5-21-1956068371-4262814005-2577103481-1004\...\MountPoints2: D - D:\LaunchRC.exe
HKU\S-1-5-21-1956068371-4262814005-2577103481-1004\...\MountPoints2: {a0265335-7532-11df-b74a-001e37254dec} - K:\PMBP_Win.exe
HKU\S-1-5-21-1956068371-4262814005-2577103481-1004\...\MountPoints2: {f2c25485-7f68-11df-896a-001e37254dec} - J:\iStudio.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [232896 2014-08-06] (Client Connect LTD)
AppInit_DLLs:  C:\PROGRA~3\WinSpeed\WINSPE~1.DLL => C:\ProgramData\WinSpeed\WinSpeed_x64.dll [4304896 2014-08-22] ()
AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll => c:\Program Files (x86)\searchprotect\searchprotect\bin\spvc32loader.dll [187328 2014-08-06] (Client Connect LTD)
AppInit_DLLs-x32:  c:\progra~3\winspeed\winspeed.dll => c:\ProgramData\WinSpeed\WinSpeed.dll [4127232 2014-08-22] ()
Startup: C:\Users\Bresha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Bresha\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bresha\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bresha\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bresha\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bresha\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bresha\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bresha\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bresha\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bresha\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: 1TortoiseNormal -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 2TortoiseModified -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 3TortoiseConflict -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 4TortoiseLocked -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 5TortoiseReadOnly -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 6TortoiseDeleted -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 7TortoiseAdded -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 8TortoiseIgnored -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 9TortoiseUnversioned -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: SmartFTP Drop -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\sfShellTools.dll (SmartSoft Ltd.)
ShellIconOverlayIdentifiers-x32: 1TortoiseNormal -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 2TortoiseModified -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 3TortoiseConflict -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 4TortoiseLocked -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 5TortoiseReadOnly -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 6TortoiseDeleted -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 7TortoiseAdded -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 8TortoiseIgnored -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 9TortoiseUnversioned -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.calcitapp.info/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = www.nattly.com
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = www.nattly.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.calcitapp.info/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.calcitapp.info/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - BrowserMngrDefaultScope {N324-ADWF32D-T23R-TR32DSA-L32RT-YRED123}
SearchScopes: HKCU - bProtectorDefaultScope {N324-ADWF32D-T23R-TR32DSA-L32RT-YRED123}
BHO: eaasytoShoP -> {29B98CA1-226C-3E26-31D9-5F4445C152C9} -> C:\ProgramData\eaasytoShoP\Rr2.x64.dll ()
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: eaasytoShoP -> {29B98CA1-226C-3E26-31D9-5F4445C152C9} -> C:\ProgramData\eaasytoShoP\Rr2.dll ()
BHO-x32: Babylon toolbar helper -> {2EECD738-5844-4a99-B4B6-146BF802613B} -> C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.4.6\bh\BabylonToolbar.dll No File
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Funmoods Helper Object -> {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} -> C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll (Funmoods BHO)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Wajam -> {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} -> C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} 
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
Handler-x32: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 68.115.71.53 24.247.15.53 24.217.0.5 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Bresha\AppData\Roaming\Mozilla\Firefox\Profiles\e926czzu.default
FF DefaultSearchEngine: Web Search
FF SearchEngineOrder.1: Amazon 
FF Homepage: hxxp://websearch.calcitapp.info/
FF SelectedSearchEngine: Trovi search
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3329241&octid=EB_ORIGINAL_CTID&ISID=8BFC4377-5377-4241-B8E5-54AD55133214&SearchSource=69&CUI=&SSPV=&Lay=1&UM=6&UP=SP94F65848-417C-49AF-AE1C-8BF57BF0320E
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: BYOND -> C:\Program Files (x86)\BYOND\bin\npbyond.dll (BYOND)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Bresha\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @soe.sony.com/installer,version=1.0.3 -> C:\Users\Bresha\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Bresha\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Bresha\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Bresha\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF user.js: detected! => C:\Users\Bresha\AppData\Roaming\Mozilla\Firefox\Profiles\e926czzu.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npbyond.dll (BYOND)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Bresha\AppData\Roaming\Mozilla\Firefox\Profiles\e926czzu.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Users\Bresha\AppData\Roaming\Mozilla\Firefox\Profiles\e926czzu.default\searchplugins\Web Search.xml
FF Extension: No Name - C:\Users\Bresha\AppData\Roaming\Mozilla\Firefox\Profiles\e926czzu.default\Extensions\staged [2014-08-22]
FF Extension: BargainJoy - C:\Users\Bresha\AppData\Roaming\Mozilla\Firefox\Profiles\e926czzu.default\Extensions\{74fa6b20-2ae6-4584-a4fd-4ac734f8d210} [2013-09-07]
FF Extension: Coupons Malibu - C:\Users\Bresha\AppData\Roaming\Mozilla\Firefox\Profiles\e926czzu.default\Extensions\{8850f748-e69b-42ff-a449-7ad3cf153bcc} [2013-09-01]
FF Extension: Bargain Workbench - C:\Users\Bresha\AppData\Roaming\Mozilla\Firefox\Profiles\e926czzu.default\Extensions\{8eaa2500-4118-4c33-9927-988702ba63bd} [2013-09-09]
FF Extension: Adblock Plus - C:\Users\Bresha\AppData\Roaming\Mozilla\Firefox\Profiles\e926czzu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-19]
FF Extension: Adblock Edge - C:\Users\Bresha\AppData\Roaming\Mozilla\Firefox\Profiles\e926czzu.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-03-12]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-24]
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-08-14]
 
Chrome: 
=======
CHR HomePage: hxxp://websearch.calcitapp.info/
CHR StartupUrls: "hxxp://websearch.calcitapp.info/"
CHR DefaultSuggestURL: 
CHR Plugin: (Shockwave Flash) - C:\Users\Bresha\AppData\Local\Google\Chrome\Application\36.0.1985.143\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Bresha\AppData\Local\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Bresha\AppData\Local\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (SOE Web Installer) - C:\Users\Bresha\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
CHR Plugin: (Unity Player) - C:\Users\Bresha\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Google Update) - C:\Users\Bresha\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Angry Birds) - C:\Users\Bresha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2011-10-29]
CHR Extension: (Google Drive) - C:\Users\Bresha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bresha\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (Adblock Plus) - C:\Users\Bresha\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2011-06-14]
CHR Extension: (Google Wallet) - C:\Users\Bresha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (Extutil) - C:\Users\Bresha\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-08-23]
CHR Extension: (Managera) - C:\Users\Bresha\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-08-23]
CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Bresha\AppData\Local\funmoods.crx [2012-10-26]
CHR HKCU\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Bresha\AppData\Local\funmoods.crx [2012-10-26]
CHR HKLM-x32\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Bresha\AppData\Local\funmoods.crx [2012-10-26]
CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Users\Bresha\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx [2012-06-27]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-08-14]
CHR HKLM-x32\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\Bresha\AppData\Local\Wajam\Chrome\wajam.crx [2012-10-05]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 atashost; C:\Windows\SysWOW64\atashost.exe [20376 2009-03-06] (WebEx Communications, Inc.)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2982336 2014-08-06] (Client Connect LTD)
R2 f1f78e38; c:\ProgramData\WinSpeed\WinSpeedSvc.dll [186192 2014-08-22] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 pastaleadsServiceCore; C:\Program Files (x86)\pastaleads\PastaLeadsService.exe [384408 2014-06-18] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-12-08] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2012-12-08] ()
S3 WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [109064 2012-10-05] (Wajam) [File not signed]
S3 wampapache; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [22016 2014-05-01] (Apache Software Foundation) [File not signed]
S3 wampmysqld; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [10959360 2014-05-01] () [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
S3 SPPD; C:\Windows\system32\drivers\SPPD.sys [21976 2014-08-15] ()
R1 {55dce8ba-9dec-4013-937e-adbf9317d990}Gt64; C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gt64.sys [60048 2014-07-25] (StdLib)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-24 11:29 - 2014-08-24 11:30 - 00034890 _____ () C:\Users\Bresha\Downloads\FRST.txt
2014-08-24 11:29 - 2014-08-24 11:30 - 00000000 ____D () C:\FRST
2014-08-24 11:29 - 2014-08-24 11:29 - 02103296 _____ (Farbar) C:\Users\Bresha\Downloads\FRST64.exe
2014-08-24 11:29 - 2014-08-24 11:29 - 01095168 _____ (Farbar) C:\Users\Bresha\Downloads\FRST.exe
2014-08-24 00:54 - 2014-08-24 01:57 - 00000000 ____D () C:\Users\Bresha\AppData\Roaming\Mipony
2014-08-22 03:56 - 2014-08-22 03:58 - 00000000 ____D () C:\ProgramData\670e6082496de764
2014-08-22 03:56 - 2014-08-22 03:56 - 00000000 ____D () C:\Users\Bresha\AppData\Local\Packages
2014-08-22 03:56 - 2014-08-22 03:56 - 00000000 ____D () C:\ProgramData\eaasytoShoP
2014-08-22 03:36 - 2014-08-22 03:36 - 00000000 ____D () C:\ProgramData\WinSpeed
2014-08-20 23:36 - 2014-08-20 23:36 - 00000552 _____ () C:\Users\Bresha\AppData\Local\d3d8caps.dat
2014-08-20 22:50 - 2014-08-20 22:50 - 00000221 _____ () C:\Users\Bresha\Desktop\The Elder Scrolls III Morrowind.url
2014-08-15 03:40 - 2014-08-15 03:40 - 00003402 _____ () C:\Windows\System32\Tasks\PastaQuotes
2014-08-15 03:02 - 2014-06-26 17:17 - 01389200 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-15 03:02 - 2014-06-26 17:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-15 03:02 - 2014-06-26 17:17 - 00171152 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 03:02 - 2014-06-26 17:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-15 03:02 - 2014-06-26 17:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-15 03:02 - 2014-06-26 17:17 - 00008848 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-15 03:02 - 2014-06-05 23:29 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 03:02 - 2014-06-05 23:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 21:39 - 2014-07-24 23:27 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-14 21:39 - 2014-07-24 23:18 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-14 21:39 - 2014-07-24 22:15 - 02781696 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-14 21:39 - 2014-07-24 14:28 - 17861120 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 21:39 - 2014-07-24 14:12 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 21:39 - 2014-07-24 14:10 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 21:39 - 2014-07-24 14:07 - 01384960 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 21:39 - 2014-07-24 14:06 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 21:39 - 2014-07-24 14:05 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 21:39 - 2014-07-24 14:05 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-14 21:39 - 2014-07-24 14:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 21:39 - 2014-07-24 14:04 - 02155520 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 21:39 - 2014-07-24 14:04 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-14 21:39 - 2014-07-24 14:04 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 21:39 - 2014-07-24 14:04 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 21:39 - 2014-07-24 14:04 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 21:39 - 2014-07-24 14:04 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 21:39 - 2014-07-24 14:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 21:39 - 2014-07-24 14:03 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 21:39 - 2014-07-24 14:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 21:39 - 2014-07-24 14:03 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-14 21:39 - 2014-07-24 14:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-14 21:39 - 2014-07-24 14:03 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-14 21:39 - 2014-07-24 14:02 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 21:39 - 2014-07-24 13:07 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 21:39 - 2014-07-24 12:58 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 21:39 - 2014-07-24 12:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 21:39 - 2014-07-24 12:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 21:39 - 2014-07-24 12:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 21:39 - 2014-07-24 12:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 21:39 - 2014-07-24 12:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-08-14 21:39 - 2014-07-24 12:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 21:39 - 2014-07-24 12:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 21:39 - 2014-07-24 12:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-14 21:39 - 2014-07-24 12:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 21:39 - 2014-07-24 12:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 21:39 - 2014-07-24 12:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-14 21:39 - 2014-07-24 12:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 21:39 - 2014-07-24 12:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 21:39 - 2014-07-24 12:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 21:39 - 2014-07-24 12:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 21:39 - 2014-07-24 12:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-08-14 21:39 - 2014-07-24 12:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-08-14 21:39 - 2014-07-24 12:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-08-14 21:39 - 2014-07-24 12:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-14 21:39 - 2014-06-13 19:56 - 00901568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 21:39 - 2014-06-13 19:51 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-14 21:38 - 2014-07-07 20:12 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 21:38 - 2014-07-07 19:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 21:38 - 2014-06-02 16:30 - 03137536 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 21:38 - 2014-06-02 16:30 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 21:38 - 2014-06-02 16:29 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 21:38 - 2014-06-02 16:29 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-08-14 21:38 - 2014-06-02 15:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 21:38 - 2014-06-02 05:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 21:38 - 2014-06-02 05:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 21:38 - 2014-06-02 05:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 12:51 - 2014-08-14 12:51 - 01104394 _____ () C:\Users\Bresha\Downloads\Echoroleplay Content.zip
2014-08-13 20:33 - 2014-08-13 20:40 - 00000000 ____D () C:\Users\Bresha\AppData\Roaming\TS3Client
2014-08-13 20:33 - 2014-08-13 20:33 - 00001017 _____ () C:\Users\Bresha\Desktop\TeamSpeak 3 Client.lnk
2014-08-13 20:33 - 2014-08-13 20:33 - 00000000 ____D () C:\Users\Bresha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-08-13 20:33 - 2014-08-13 20:33 - 00000000 ____D () C:\Users\Bresha\AppData\Local\TeamSpeak 3 Client
2014-08-13 20:31 - 2014-08-13 20:32 - 28115400 _____ (TeamSpeak Systems GmbH) C:\Users\Bresha\Downloads\TeamSpeak3-Client-win32-3.0.16.exe
2014-08-09 15:28 - 2014-08-09 15:30 - 107182916 _____ () C:\Users\Bresha\Downloads\Point of Contact.rar
2014-08-08 23:08 - 2014-08-08 23:21 - 1157030734 _____ () C:\Users\Bresha\Downloads\SSTRP Content.rar
2014-08-08 23:04 - 2014-08-08 23:05 - 59769889 _____ () C:\Users\Bresha\Downloads\Torch's Models.zip
2014-08-07 21:08 - 2014-08-07 21:09 - 45433123 _____ () C:\Users\Bresha\Downloads\launcher (1).zip
2014-08-07 17:35 - 2014-08-07 17:35 - 00002071 _____ () C:\Users\Bresha\Downloads\metrovocoderfix.zip
2014-08-07 11:32 - 2014-08-07 11:32 - 00005237 _____ () C:\Users\Bresha\Downloads\phantommpf (1).zip
2014-08-05 18:17 - 2014-08-05 18:17 - 00004356 _____ () C:\Users\Bresha\Downloads\phantommpf.zip
2014-08-04 18:15 - 2014-08-04 18:16 - 45433123 _____ () C:\Users\Bresha\Downloads\launcher.zip
2014-08-02 20:41 - 2014-08-02 20:41 - 00001230 _____ () C:\Users\Bresha\Downloads\hl2rpknife (1).zip
2014-08-02 20:35 - 2014-08-02 20:35 - 00001230 _____ () C:\Users\Bresha\Downloads\hl2rpknife.zip
2014-08-02 20:33 - 2014-08-02 20:34 - 00002109 _____ () C:\Users\Bresha\Downloads\knifeform9k.zip
2014-07-30 18:06 - 2014-07-30 18:06 - 00001075 _____ () C:\Users\Public\Desktop\World of Warcraft.lnk
2014-07-30 18:06 - 2014-07-30 18:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2014-07-30 18:05 - 2014-07-31 14:10 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-07-30 18:05 - 2014-07-30 18:06 - 00001260 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of WarcraftBlizzard Technical Support.lnk
2014-07-30 18:05 - 2014-07-30 18:06 - 00001253 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of WarcraftAccount Billing.lnk
2014-07-30 18:05 - 2014-07-30 18:06 - 00001089 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of WarcraftWorld of Warcraft.lnk
2014-07-30 18:04 - 2014-07-31 14:54 - 00000000 ____D () C:\Users\Bresha\AppData\Local\Battle.net
2014-07-30 18:04 - 2014-07-30 18:05 - 00000000 ____D () C:\Users\Bresha\AppData\Roaming\Battle.net
2014-07-30 18:04 - 2014-07-30 18:04 - 00000997 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.netBattle.net.lnk
2014-07-30 18:04 - 2014-07-30 18:04 - 00000000 ____D () C:\Users\Bresha\AppData\Local\Blizzard Entertainment
2014-07-30 18:04 - 2014-07-30 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-07-30 18:04 - 2014-07-30 18:04 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-07-30 18:03 - 2014-07-31 14:09 - 00000000 ____D () C:\ProgramData\Battle.net
2014-07-30 18:02 - 2014-07-30 18:03 - 02942368 _____ (Blizzard Entertainment) C:\Users\Bresha\Downloads\World-of-Warcraft-Setup-enUS.exe
2014-07-29 12:58 - 2014-07-29 12:58 - 00000000 ____D () C:\ProgramData\HP
2014-07-28 17:16 - 2014-07-28 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-07-28 17:15 - 2014-08-17 13:28 - 00000000 ____D () C:\ProgramData\pastaleads
2014-07-28 17:15 - 2014-07-28 17:15 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-07-28 17:15 - 2014-07-28 17:15 - 00000000 ____D () C:\Program Files (x86)\pastaleads
2014-07-28 17:14 - 2014-08-15 03:37 - 00021976 _____ () C:\Windows\system32\Drivers\SPPD.sys
2014-07-28 17:14 - 2014-08-12 11:24 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-07-28 17:13 - 2014-07-28 17:13 - 00565968 _____ (Downloadius) C:\Users\Bresha\Downloads\HD_Player__CD5MTCD13345_88e7f9d7b46bd63bf7e11dfe0094efdd.exe
2014-07-28 17:13 - 2014-07-28 17:13 - 00565968 _____ (Downloadius) C:\Users\Bresha\Downloads\HD_Player__CD5MTCD13345_88e7f9d7b46bd63bf7e11dfe0094efdd (1).exe
2014-07-28 17:13 - 2014-07-28 17:13 - 00000000 ____D () C:\Users\Bresha\AppData\Local\downloadius
2014-07-27 23:19 - 2014-07-25 16:19 - 00060048 _____ (StdLib) C:\Windows\system32\Drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gt64.sys
2014-07-27 22:21 - 2014-08-22 03:36 - 00000000 ____D () C:\ProgramData\374311380
2014-07-27 22:19 - 2014-07-27 22:19 - 00003250 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2014-07-27 22:19 - 2014-07-27 22:19 - 00000000 ____D () C:\Users\Bresha\Documents\Optimizer Pro
2014-07-27 22:19 - 2014-07-27 22:19 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-27 22:16 - 2014-07-27 22:16 - 00004535 _____ () C:\Users\Bresha\AppData\Roaming\CamStudio.cfg
2014-07-27 22:16 - 2014-07-27 22:16 - 00000408 _____ () C:\Users\Bresha\AppData\Roaming\CamShapes.ini
2014-07-27 22:16 - 2014-07-27 22:16 - 00000408 _____ () C:\Users\Bresha\AppData\Roaming\CamLayout.ini
2014-07-27 22:16 - 2014-07-27 22:16 - 00000096 _____ () C:\Users\Bresha\AppData\Roaming\version2.xml
2014-07-27 22:16 - 2014-07-27 22:16 - 00000046 _____ () C:\Users\Bresha\AppData\Roaming\Camdata.ini
2014-07-27 22:16 - 2014-07-27 22:16 - 00000000 ____D () C:\Users\Bresha\Documents\My CamStudio Temp Files
2014-07-27 22:13 - 2014-07-27 22:14 - 00711585 _____ () C:\Users\Bresha\Downloads\CamStudioSetup_v2.7.2.zip
2014-07-27 14:38 - 2014-08-15 11:52 - 00003344 _____ () C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1956068371-4262814005-2577103481-1004
2014-07-27 14:38 - 2014-08-15 11:52 - 00003212 _____ () C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1956068371-4262814005-2577103481-1004
2014-07-27 13:44 - 2014-07-27 13:44 - 00078663 _____ () C:\Users\Bresha\Downloads\ULib-v2_51.zip
2014-07-27 13:43 - 2014-07-27 13:44 - 00149100 _____ () C:\Users\Bresha\Downloads\ulx-v3_61.zip
2014-07-27 13:05 - 2014-07-27 13:05 - 00373311 _____ () C:\Users\Bresha\Downloads\XRay-v9-1.7.9.jar
2014-07-26 22:37 - 2014-07-26 22:46 - 00000000 ____D () C:\Users\Bresha\AppData\Roaming\.crazycraft2
2014-07-26 22:32 - 2014-06-09 03:09 - 02697677 _____ (RichDigits Development) C:\Users\Bresha\Desktop\VoidLauncher.exe
2014-07-26 22:30 - 2014-07-26 22:37 - 00000000 ____D () C:\Users\Bresha\AppData\Roaming\.crazycraft
2014-07-26 22:28 - 2014-07-26 22:29 - 136525035 _____ () C:\Users\Bresha\Downloads\CrazyCraftServerv2.1.zip
2014-07-26 22:27 - 2014-07-26 22:35 - 00000000 ____D () C:\VoidLauncher
2014-07-26 22:27 - 2014-07-26 22:27 - 02455832 _____ () C:\Users\Bresha\Downloads\VoidLauncher.zip
2014-07-26 22:27 - 2014-07-26 22:27 - 00000000 ____D () C:\Users\Bresha\AppData\Roaming\.fellowship
2014-07-26 22:27 - 2014-07-26 22:27 - 00000000 ____D () C:\Users\Bresha\AppData\Roaming\.electriciansjourney
2014-07-26 22:27 - 2014-07-26 22:27 - 00000000 ____D () C:\Users\Bresha\AppData\Roaming\.dreamcraft
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-24 11:30 - 2014-08-24 11:29 - 00034890 _____ () C:\Users\Bresha\Downloads\FRST.txt
2014-08-24 11:30 - 2014-08-24 11:29 - 00000000 ____D () C:\FRST
2014-08-24 11:29 - 2014-08-24 11:29 - 02103296 _____ (Farbar) C:\Users\Bresha\Downloads\FRST64.exe
2014-08-24 11:29 - 2014-08-24 11:29 - 01095168 _____ (Farbar) C:\Users\Bresha\Downloads\FRST.exe
2014-08-24 11:27 - 2013-04-21 23:27 - 00000290 _____ () C:\Windows\Tasks\DSite.job
2014-08-24 11:18 - 2013-10-05 22:34 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-24 10:35 - 2010-10-17 14:01 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1956068371-4262814005-2577103481-1004UA.job
2014-08-24 09:37 - 2006-11-02 10:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-24 09:37 - 2006-11-02 10:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-24 09:18 - 2013-10-05 22:34 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-24 08:50 - 2006-11-02 08:34 - 00000000 ____D () C:\Windows\tracing
2014-08-24 08:46 - 2012-10-29 17:41 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1956068371-4262814005-2577103481-1004UA.job
2014-08-24 03:52 - 2009-07-14 16:56 - 01907966 _____ () C:\Windows\WindowsUpdate.log
2014-08-24 01:58 - 2012-07-28 13:34 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-24 01:57 - 2014-08-24 00:54 - 00000000 ____D () C:\Users\Bresha\AppData\Roaming\Mipony
2014-08-24 00:27 - 2013-08-29 16:27 - 00000061 _____ () C:\Users\Bresha\AppData\Roaming\WB.CFG
2014-08-23 23:35 - 2010-10-17 14:01 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1956068371-4262814005-2577103481-1004Core.job
2014-08-23 21:04 - 2012-11-06 17:28 - 00000278 _____ () C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2014-08-23 18:20 - 2012-08-19 17:57 - 00005324 _____ () C:\Users\Bresha\AppData\Local\d3d9caps.dat
2014-08-23 17:56 - 2014-06-07 14:57 - 00000000 ____D () C:\Users\Bresha\AppData\Roaming\CoreFTP
2014-08-23 16:47 - 2009-12-24 18:24 - 00000000 ____D () C:\Users\Bresha
2014-08-22 03:58 - 2014-08-22 03:56 - 00000000 ____D () C:\ProgramData\670e6082496de764
2014-08-22 03:56 - 2014-08-22 03:56 - 00000000 ____D () C:\Users\Bresha\AppData\Local\Packages
2014-08-22 03:56 - 2014-08-22 03:56 - 00000000 ____D () C:\ProgramData\eaasytoShoP
2014-08-22 03:36 - 2014-08-22 03:36 - 00000000 ____D () C:\ProgramData\WinSpeed
2014-08-22 03:36 - 2014-07-27 22:21 - 00000000 ____D () C:\ProgramData\374311380
2014-08-20 23:36 - 2014-08-20 23:36 - 00000552 _____ () C:\Users\Bresha\AppData\Local\d3d8caps.dat
2014-08-20 22:50 - 2014-08-20 22:50 - 00000221 _____ () C:\Users\Bresha\Desktop\The Elder Scrolls III Morrowind.url
2014-08-17 17:46 - 2012-10-29 17:41 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1956068371-4262814005-2577103481-1004Core.job
2014-08-17 13:28 - 2014-07-28 17:15 - 00000000 ____D () C:\ProgramData\pastaleads
2014-08-15 23:51 - 2010-12-04 21:39 - 00000000 ____D () C:\Users\Bresha\AppData\Roaming\Skype
2014-08-15 11:59 - 2013-11-28 16:29 - 00002047 _____ () C:\Users\Bresha\Desktop\Google Chrome.lnk
2014-08-15 11:54 - 2014-07-22 19:24 - 00000000 ___RD () C:\Users\Bresha\Dropbox
2014-08-15 11:54 - 2014-07-22 19:21 - 00000000 ____D () C:\Users\Bresha\AppData\Roaming\Dropbox
2014-08-15 11:53 - 2014-07-22 19:24 - 00000922 _____ () C:\Users\Bresha\Desktop\Dropbox.lnk
2014-08-15 11:53 - 2014-07-22 19:22 - 00000000 ____D () C:\Users\Bresha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-15 11:52 - 2014-07-27 14:38 - 00003344 _____ () C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1956068371-4262814005-2577103481-1004
2014-08-15 11:52 - 2014-07-27 14:38 - 00003212 _____ () C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1956068371-4262814005-2577103481-1004
2014-08-15 11:50 - 2014-04-06 15:58 - 00003106 _____ () C:\Windows\System32\Tasks\Advanced System Protector_startup
2014-08-15 11:49 - 2014-01-19 15:29 - 00000000 ____D () C:\Users\Bresha\AppData\Local\TSVNCache
2014-08-15 03:54 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\rescache
2014-08-15 03:44 - 2006-11-02 07:46 - 00764476 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-15 03:40 - 2014-08-15 03:40 - 00003402 _____ () C:\Windows\System32\Tasks\PastaQuotes
2014-08-15 03:40 - 2006-11-02 10:07 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-08-15 03:37 - 2014-07-28 17:14 - 00021976 _____ () C:\Windows\system32\Drivers\SPPD.sys
2014-08-15 03:36 - 2010-04-14 12:04 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-08-15 03:36 - 2006-11-02 10:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-15 03:36 - 2006-11-02 10:21 - 00395968 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-15 03:34 - 2006-11-02 10:42 - 00032602 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-15 03:17 - 2009-07-14 17:14 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-15 03:16 - 2013-08-30 03:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-15 03:11 - 2006-11-02 07:35 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-08-14 12:51 - 2014-08-14 12:51 - 01104394 _____ () C:\Users\Bresha\Downloads\Echoroleplay Content.zip
2014-08-13 20:40 - 2014-08-13 20:33 - 00000000 ____D () C:\Users\Bresha\AppData\Roaming\TS3Client
2014-08-13 20:33 - 2014-08-13 20:33 - 00001017 _____ () C:\Users\Bresha\Desktop\TeamSpeak 3 Client.lnk
2014-08-13 20:33 - 2014-08-13 20:33 - 00000000 ____D () C:\Users\Bresha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-08-13 20:33 - 2014-08-13 20:33 - 00000000 ____D () C:\Users\Bresha\AppData\Local\TeamSpeak 3 Client
2014-08-13 20:32 - 2014-08-13 20:31 - 28115400 _____ (TeamSpeak Systems GmbH) C:\Users\Bresha\Downloads\TeamSpeak3-Client-win32-3.0.16.exe
2014-08-12 11:24 - 2014-07-28 17:14 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-08-11 14:57 - 2010-12-04 21:39 - 00000000 ____D () C:\ProgramData\Skype
2014-08-10 14:07 - 2014-07-19 21:12 - 00000000 ____D () C:\SANDBOX
2014-08-09 15:30 - 2014-08-09 15:28 - 107182916 _____ () C:\Users\Bresha\Downloads\Point of Contact.rar
2014-08-08 23:45 - 2014-07-16 04:08 - 00000000 ____D () C:\Users\Bresha\Documents\BYOND
2014-08-08 23:21 - 2014-08-08 23:08 - 1157030734 _____ () C:\Users\Bresha\Downloads\SSTRP Content.rar
2014-08-08 23:05 - 2014-08-08 23:04 - 59769889 _____ () C:\Users\Bresha\Downloads\Torch's Models.zip
2014-08-08 13:58 - 2011-11-23 10:10 - 00000000 ____D () C:\Users\Bresha\AppData\Roaming\.minecraft
2014-08-08 09:29 - 2014-07-08 18:26 - 00000000 ____D () C:\Users\Bresha\AppData\Roaming\TeamViewer
2014-08-07 21:09 - 2014-08-07 21:08 - 45433123 _____ () C:\Users\Bresha\Downloads\launcher (1).zip
2014-08-07 17:35 - 2014-08-07 17:35 - 00002071 _____ () C:\Users\Bresha\Downloads\metrovocoderfix.zip
2014-08-07 11:32 - 2014-08-07 11:32 - 00005237 _____ () C:\Users\Bresha\Downloads\phantommpf (1).zip
2014-08-06 16:28 - 2012-11-06 17:28 - 00000286 _____ () C:\Windows\Tasks\RegClean Pro_UPDATES.job
2014-08-05 18:17 - 2014-08-05 18:17 - 00004356 _____ () C:\Users\Bresha\Downloads\phantommpf.zip
2014-08-04 22:13 - 2012-06-28 12:09 - 00000024 _____ () C:\Users\Bresha\random.dat
2014-08-04 21:52 - 2013-03-16 11:53 - 00000045 _____ () C:\Users\Bresha\jagex_cl_oldschool_LIVE.dat
2014-08-04 18:16 - 2014-08-04 18:15 - 45433123 _____ () C:\Users\Bresha\Downloads\launcher.zip
2014-08-02 20:41 - 2014-08-02 20:41 - 00001230 _____ () C:\Users\Bresha\Downloads\hl2rpknife (1).zip
2014-08-02 20:35 - 2014-08-02 20:35 - 00001230 _____ () C:\Users\Bresha\Downloads\hl2rpknife.zip
2014-08-02 20:34 - 2014-08-02 20:33 - 00002109 _____ () C:\Users\Bresha\Downloads\knifeform9k.zip
2014-08-02 20:31 - 2014-07-22 19:20 - 00001479 _____ () C:\Users\Bresha\Downloads\m9kknife.zip
2014-08-01 19:18 - 2014-04-17 09:42 - 00000219 _____ () C:\Users\Bresha\Desktop\Half-Life 2 Episode Two.url
2014-07-31 14:54 - 2014-07-30 18:04 - 00000000 ____D () C:\Users\Bresha\AppData\Local\Battle.net
2014-07-31 14:10 - 2014-07-30 18:05 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-07-31 14:09 - 2014-07-30 18:03 - 00000000 ____D () C:\ProgramData\Battle.net
2014-07-30 18:06 - 2014-07-30 18:06 - 00001075 _____ () C:\Users\Public\Desktop\World of Warcraft.lnk
2014-07-30 18:06 - 2014-07-30 18:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2014-07-30 18:06 - 2014-07-30 18:05 - 00001260 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of WarcraftBlizzard Technical Support.lnk
2014-07-30 18:06 - 2014-07-30 18:05 - 00001253 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of WarcraftAccount Billing.lnk
2014-07-30 18:06 - 2014-07-30 18:05 - 00001089 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of WarcraftWorld of Warcraft.lnk
2014-07-30 18:05 - 2014-07-30 18:04 - 00000000 ____D () C:\Users\Bresha\AppData\Roaming\Battle.net
2014-07-30 18:04 - 2014-07-30 18:04 - 00000997 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.netBattle.net.lnk
2014-07-30 18:04 - 2014-07-30 18:04 - 00000000 ____D () C:\Users\Bresha\AppData\Local\Blizzard Entertainment
2014-07-30 18:04 - 2014-07-30 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-07-30 18:04 - 2014-07-30 18:04 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-07-30 18:03 - 2014-07-30 18:02 - 02942368 _____ (Blizzard Entertainment) C:\Users\Bresha\Downloads\World-of-Warcraft-Setup-enUS.exe
2014-07-29 12:58 - 2014-07-29 12:58 - 00000000 ____D () C:\ProgramData\HP
2014-07-28 17:16 - 2014-07-28 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-07-28 17:15 - 2014-07-28 17:15 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-07-28 17:15 - 2014-07-28 17:15 - 00000000 ____D () C:\Program Files (x86)\pastaleads
2014-07-28 17:13 - 2014-07-28 17:13 - 00565968 _____ (Downloadius) C:\Users\Bresha\Downloads\HD_Player__CD5MTCD13345_88e7f9d7b46bd63bf7e11dfe0094efdd.exe
2014-07-28 17:13 - 2014-07-28 17:13 - 00565968 _____ (Downloadius) C:\Users\Bresha\Downloads\HD_Player__CD5MTCD13345_88e7f9d7b46bd63bf7e11dfe0094efdd (1).exe
2014-07-28 17:13 - 2014-07-28 17:13 - 00000000 ____D () C:\Users\Bresha\AppData\Local\downloadius
2014-07-28 15:05 - 2006-11-02 07:34 - 00000321 _____ () C:\Windows\win.ini
2014-07-28 11:52 - 2014-06-07 14:56 - 00000000 ____D () C:\Program Files (x86)\CoreFTP
2014-07-27 22:19 - 2014-07-27 22:19 - 00003250 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2014-07-27 22:19 - 2014-07-27 22:19 - 00000000 ____D () C:\Users\Bresha\Documents\Optimizer Pro
2014-07-27 22:19 - 2014-07-27 22:19 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-27 22:16 - 2014-07-27 22:16 - 00004535 _____ () C:\Users\Bresha\AppData\Roaming\CamStudio.cfg
2014-07-27 22:16 - 2014-07-27 22:16 - 00000408 _____ () C:\Users\Bresha\AppData\Roaming\CamShapes.ini
2014-07-27 22:16 - 2014-07-27 22:16 - 00000408 _____ () C:\Users\Bresha\AppData\Roaming\CamLayout.ini
2014-07-27 22:16 - 2014-07-27 22:16 - 00000096 _____ () C:\Users\Bresha\AppData\Roaming\version2.xml
2014-07-27 22:16 - 2014-07-27 22:16 - 00000046 _____ () C:\Users\Bresha\AppData\Roaming\Camdata.ini
2014-07-27 22:16 - 2014-07-27 22:16 - 00000000 ____D () C:\Users\Bresha\Documents\My CamStudio Temp Files
2014-07-27 22:14 - 2014-07-27 22:13 - 00711585 _____ () C:\Users\Bresha\Downloads\CamStudioSetup_v2.7.2.zip
2014-07-27 18:30 - 2011-11-02 07:21 - 00000032 _____ () C:\Users\Bresha\jagex_cl_runescape_LIVE.dat
2014-07-27 13:44 - 2014-07-27 13:44 - 00078663 _____ () C:\Users\Bresha\Downloads\ULib-v2_51.zip
2014-07-27 13:44 - 2014-07-27 13:43 - 00149100 _____ () C:\Users\Bresha\Downloads\ulx-v3_61.zip
2014-07-27 13:05 - 2014-07-27 13:05 - 00373311 _____ () C:\Users\Bresha\Downloads\XRay-v9-1.7.9.jar
2014-07-26 22:46 - 2014-07-26 22:37 - 00000000 ____D () C:\Users\Bresha\AppData\Roaming\.crazycraft2
2014-07-26 22:37 - 2014-07-26 22:30 - 00000000 ____D () C:\Users\Bresha\AppData\Roaming\.crazycraft
2014-07-26 22:35 - 2014-07-26 22:27 - 00000000 ____D () C:\VoidLauncher
2014-07-26 22:29 - 2014-07-26 22:28 - 136525035 _____ () C:\Users\Bresha\Downloads\CrazyCraftServerv2.1.zip
2014-07-26 22:27 - 2014-07-26 22:27 - 02455832 _____ () C:\Users\Bresha\Downloads\VoidLauncher.zip
2014-07-26 22:27 - 2014-07-26 22:27 - 00000000 ____D () C:\Users\Bresha\AppData\Roaming\.fellowship
2014-07-26 22:27 - 2014-07-26 22:27 - 00000000 ____D () C:\Users\Bresha\AppData\Roaming\.electriciansjourney
2014-07-26 22:27 - 2014-07-26 22:27 - 00000000 ____D () C:\Users\Bresha\AppData\Roaming\.dreamcraft
2014-07-26 16:30 - 2009-12-29 01:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-26 16:25 - 2012-08-06 09:58 - 00000000 ____D () C:\Users\Bresha\Downloads\world_the_end
2014-07-26 16:25 - 2012-08-06 09:58 - 00000000 ____D () C:\Users\Bresha\Downloads\world_nether
2014-07-26 16:25 - 2012-08-05 19:05 - 00000000 ____D () C:\Users\Bresha\Downloads\world
2014-07-26 13:37 - 2012-08-05 19:05 - 00010699 _____ () C:\Users\Bresha\Downloads\server.log
2014-07-25 16:19 - 2014-07-27 23:19 - 00060048 _____ (StdLib) C:\Windows\system32\Drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gt64.sys
 
Files to move or delete:
====================
C:\ProgramData\flashax9f.exe
C:\Users\Bresha\jagex_cl_loginapplet_LIVE.dat
C:\Users\Bresha\jagex_cl_oldschool_LIVE.dat
C:\Users\Bresha\jagex_cl_runescape_LIVE.dat
C:\Users\Bresha\jagex_cl_runescape_LIVE1.dat
C:\Users\Bresha\jagex_cl_runescape_LIVE_BETA.dat
C:\Users\Bresha\jagex_runescape_preferences.dat
C:\Users\Bresha\jagex_runescape_preferences2.dat
C:\Users\Bresha\jagex__preferences3.dat
C:\Users\Bresha\random.dat
C:\Users\Public\AlexaNSISPlugin.5816.dll
 
 
Some content of TEMP:
====================
C:\Users\Bresha\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdmscmx.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-24 04:50
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-08-2014 03
Ran by Bresha at 2014-08-24 11:31:20
Running from C:\Users\Bresha\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader 9.4.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A94000000001}) (Version: 9.4.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.6.606 - Adobe Systems, Inc.)
Advanced File Optimizer (HKLM-x32\...\Advanced File Optimizer_is1) (Version: 2.1.1000.10518 - Systweak Software)
Apple Application Support (HKLM-x32\...\{B3575D00-27EF-49C2-B9E0-14B3D954E992}) (Version: 1.5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{439760BC-7737-4386-9B1D-A90A3E8A22EA}) (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
Babylon toolbar on IE (HKLM-x32\...\BabylonToolbar) (Version:  - BabylonToolbar) <==== ATTENTION
BabylonObjectInstaller (HKLM-x32\...\{83AA2913-C123-4146-85BD-AD8F93971D39}) (Version: 2.0.0.3 - Babylon Ltd) <==== ATTENTION
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{0E543634-7E25-4B8F-8D5B-97880E5E5088}) (Version: 2.0.5.0 - Apple Inc.)
BYOND (HKLM-x32\...\BYOND) (Version: 506.1247 - BYOND)
CCleaner (HKLM\...\CCleaner) (Version: 3.07 - Piriform)
Cisco Network Magic (x32 Version: 5.5.09195.0 - Pure Networks) Hidden
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delta Chrome Toolbar (HKLM-x32\...\Delta Chrome Toolbar) (Version:  - Visual Tools) <==== ATTENTION
Dropbox (HKCU\...\Dropbox) (Version: 2.10.27 - Dropbox, Inc.)
eaasytoShoP (HKLM-x32\...\{532970A2-464B-73CB-BBC4-F209EAD3EEBE}) (Version:  - eeasytoishop)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Free Studio version 4.8 (HKLM-x32\...\Free Studio_is1) (Version:  - DVDVideoSoft Limited.)
Funmoods (HKLM-x32\...\funmoods) (Version:  - ) <==== ATTENTION
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Garry)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version:  - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version:  - Valve)
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version:  - Valve)
Hauppauge MCE XP/Vista Software Encoder (2.0.26057) (HKLM-x32\...\Hauppauge MCE2005 Software Encoder) (Version: 2.0.26057 - Hauppauge Computer Works, Inc.)
Insurgency: Modern Infantry Combat (HKLM-x32\...\Steam App 17700) (Version:  - Insurgency Development Team)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
Intel® Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
InterVideo WinDVD 8 (HKLM-x32\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0-B9.515 - InterVideo Inc.)
InterVideo WinDVD 8 (x32 Version: 8.0-B9.515 - InterVideo Inc.) Hidden
Introductory and Intermediate Algebra (Fall 2012 Student) (HKLM-x32\...\Introductory and Intermediate Algebra (Fall 2012 Student)) (Version: 2.1.1 - Hawkes Learning Systems)
iTunes (HKLM\...\{28D73032-5DAA-4F83-B154-85105DBCCB92}) (Version: 10.3.1.55 - Apple Inc.)
Java 7 Update 9 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.260 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Driver & Application Installation (HKLM-x32\...\{364AD023-F22D-4380-88D0-F9C6A778E194}) (Version: 4.25.1007 - Lenovo)
Lenovo PC Type Configuration (HKLM-x32\...\{3BB1501C-1670-4b53-8B67-B1C368BC7227}) (Version: 1.40.0000 - )
Lenovo Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.5.1.4522 - CyberLink Corp.)
Lenovo Standard Keyboard Driver (HKLM-x32\...\{F484477C-6E96-4887-A0C1-00E20F525392}) (Version: 1.0.0.0 - Lenovo)
Lenovo_Driver_Package (HKLM-x32\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 1.02.01 - Lenovo)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 - English (HKLM-x32\...\{90140011-0061-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Hybrid 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Small Business Connectivity Components (HKLM-x32\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.7 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{86177DAE-38B1-49DD-912E-35CB703AB779}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MiPony 2.0.2 (HKLM-x32\...\MiPony) (Version: 2.0.2 - )
Mipony Download Manager Packages (HKCU\...\Mipony Download Manager Packages) (Version:  - ) <==== ATTENTION
Mozilla Firefox 26.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 en-US)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Napster Download Manager (HKLM-x32\...\{3CB4A7B0-007D-4722-AF1D-891B53E04606}) (Version: 1.0.0 - Napster)
Netflix in Windows Media Center (HKLM-x32\...\{F751C062-87DA-4D33-8A12-6E7F1D4C051C}) (Version: 2.0.0.0 - Microsoft Corporation)
Network Magic (HKLM-x32\...\Network MagicUninstall) (Version: 5.5.9195.0 - Cisco Systems, Inc.)
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.1.237 - Barnesandnoble.com)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.3 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
OKAVAgent (HKLM-x32\...\InstallShield_{C5BF6436-2E5B-4090-BA6B-28DE1BDC2107}) (Version:  - )
OKAVAgent (Version: 2.00.0000 - Trend Micro Inc.) Hidden
OpenOffice.org 3.1 (HKLM-x32\...\{E6B87DC4-2B3D-4483-ADFF-E483BF718991}) (Version: 3.1.9399 - OpenOffice.org)
Panda3D Game Engine (HKLM-x32\...\Panda3D Game Engine) (Version: 1.0.3 - Carnegie Mellon Entertainment Technology Center)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
PastaQuotes (HKLM-x32\...\pastaleads) (Version: 1.2.1.0 - PastaLeads)
PeerBlock 1.1 (r518) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.518 - PeerBlock, LLC)
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
Pure Networks Platform (x32 Version: 11.2.09195.1 - Pure Networks) Hidden
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: 15.0.6 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.16.20.192 - Client Connect LTD) <==== ATTENTION
Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SmartFTP Client (HKLM\...\{172BBF29-CAEA-499A-BB62-C0F0F8E34C9C}) (Version: 5.0.1356.0 - SmartSoft Ltd.)
Snap.Do Engine (HKCU\...\{11292927-664b-4d1c-8602-04508ab5aafa}) (Version: 10.237.1.13231 - ReSoft Ltd.) <==== ATTENTION
SOE Web Installer (HKCU\...\SOE Web Installer) (Version: 1.0.3.126 - Sony Online Entertainment)
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.6490 - Analog Devices)
Synergy (HKLM-x32\...\Steam App 17520) (Version:  - Synergy Team)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - )
The Elder Scrolls III: Morrowind (HKLM-x32\...\Steam App 22320) (Version:  - Bethesda Game Studios®)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
TortoiseSVN 1.8.4.24972 (64 bit) (HKLM\...\{A2EFDE01-96B3-4E55-8834-81617ED6BCBE}) (Version: 1.8.24972 - TortoiseSVN)
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version:  - )
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 2.6.1f3_31223 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_PROR_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_PROR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883097) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{B2260BC9-D561-46EE-B33D-739CF760A2A9}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_PROR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_PROR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update for Mipony Download Manager (HKCU\...\DSite) (Version:  - ) <==== ATTENTION
Version Checker for Funmoods (HKCU\...\Funmoods) (Version:  - ) <==== ATTENTION
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Wajam (HKLM-x32\...\Wajam) (Version: 1.47 - Wajam) <==== ATTENTION
WampServer 2.5 (HKLM-x32\...\WampServer 2_is1) (Version:  - Hervé Leclerc (HeL))
WebEx Support Manager for Internet Explorer (HKLM-x32\...\{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}) (Version: 6.5.4917 - WebEx Communications Inc.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinSpeed (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{f1f78e38}) (Version:  - 24soft) <==== ATTENTION
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-4 - Bitnami)
Xfire (remove only) (HKLM-x32\...\Xfire) (Version:  - )
XSplit Broadcaster (HKLM-x32\...\{3A1F3A32-7E9D-4AD2-A2E2-DFC98BAA9DC7}) (Version: 1.3.1403.1202 - SplitMediaLabs)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1956068371-4262814005-2577103481-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Bresha\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1956068371-4262814005-2577103481-1004_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Bresha\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1956068371-4262814005-2577103481-1004_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Bresha\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1956068371-4262814005-2577103481-1004_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Bresha\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1956068371-4262814005-2577103481-1004_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Bresha\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1956068371-4262814005-2577103481-1004_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Bresha\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1956068371-4262814005-2577103481-1004_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Bresha\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1956068371-4262814005-2577103481-1004_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Bresha\AppData\Local\Google\Chrome\Application\36.0.1985.143\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1956068371-4262814005-2577103481-1004_Classes\CLSID\{7A85781B-2381-4315-B02F-534D29006018}\localserver32 -> C:\Program Files (x86)\Napster\Napster Download Manager\NapsterDownloadManager.exe (napster)
CustomCLSID: HKU\S-1-5-21-1956068371-4262814005-2577103481-1004_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Bresha\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1956068371-4262814005-2577103481-1004_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Bresha\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1956068371-4262814005-2577103481-1004_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Bresha\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1956068371-4262814005-2577103481-1004_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Bresha\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1956068371-4262814005-2577103481-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bresha\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1956068371-4262814005-2577103481-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bresha\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1956068371-4262814005-2577103481-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bresha\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1956068371-4262814005-2577103481-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bresha\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1956068371-4262814005-2577103481-1004_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bresha\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1956068371-4262814005-2577103481-1004_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bresha\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1956068371-4262814005-2577103481-1004_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bresha\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1956068371-4262814005-2577103481-1004_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bresha\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1956068371-4262814005-2577103481-1004_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Bresha\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
17-08-2014 05:06:19 Scheduled Checkpoint
18-08-2014 08:48:23 Windows Update
21-08-2014 01:14:11 Removed System Requirements Lab CYRI
22-08-2014 08:49:23 Windows Update
24-08-2014 07:23:50 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 07:34 - 2014-06-14 13:47 - 00000815 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1       localhost
127.0.0.1       localhost
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0356B0CD-CCAD-487C-AF3E-03CF898519C2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-05] (Google Inc.)
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {0F24CB7F-35C2-41EC-8547-C0E571198607} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1956068371-4262814005-2577103481-1004UA => C:\Users\Bresha\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-24] (Google Inc.)
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {1A2370F9-2FE2-4CA7-A237-B437795A7728} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {1C0B9925-5C34-445B-A5EF-E9B34948A066} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe [2012-10-31] (Systweak) <==== ATTENTION
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {2A21917A-D6DA-4345-B09C-CBA466D8FEDB} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1956068371-4262814005-2577103481-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {3AF74CF6-331B-444C-A70A-75EEC299A9C1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2008-07-30] (Apple Inc.)
Task: {4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {5732CC47-B631-4168-B43A-88DC6E396FAC} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {6FE7AD7E-B181-4C4E-928A-2972E93FA861} - System32\Tasks\{237D2A09-2978-428B-BC77-56E80CE13E3E} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-07-24] (Skype Technologies S.A.)
Task: {742047A8-E806-4624-81B4-900860EEE8EB} - System32\Tasks\DSite => C:\Users\Bresha\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe [2013-04-21] () <==== ATTENTION
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {8D07ECC3-BEEF-4A59-872D-3FC15E3CD832} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1956068371-4262814005-2577103481-1004Core => C:\Users\Bresha\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-29] (Facebook Inc.)
Task: {8E83B280-D392-492B-A4E0-D8F5C8247BEF} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1956068371-4262814005-2577103481-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {924D5E18-5F78-44A1-A4A3-E8EA77BCC71D} - System32\Tasks\Funmoods => C:\Users\Bresha\AppData\Roaming\Funmoods\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {9323DDE8-3098-4B41-A5FA-64CDE3986E16} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {B699EF49-41FA-4777-BD8B-EF04AFB543E2} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: {BA5A2AB7-7610-49DF-BA55-700EBD004BD5} - System32\Tasks\Digital Sites => C:\Users\Bresha\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2013-04-12] ()
Task: {CC5CDE53-E846-46F4-A0F7-BC65CA7895EC} - System32\Tasks\PastaQuotes => C:\Program Files (x86)\pastaleads\ScheduledTask.exe [2014-06-18] ()
Task: {CCF29FA4-C933-4BCB-924D-68526D9DA7A3} - System32\Tasks\EPUpdater => C:\Users\Bresha\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-04-17] () <==== ATTENTION
Task: {D3170A72-74A8-4F42-AFBE-DB0A26223D06} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1956068371-4262814005-2577103481-1004Core => C:\Users\Bresha\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-24] (Google Inc.)
Task: {D4B299DA-FCC8-45BD-911E-EB49B6B7C2AD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-05] (Google Inc.)
Task: {D722A911-89F7-4E81-AE8C-B176CC69B084} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {F8A38E9B-D723-497E-A135-55CA3AFBC73B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1956068371-4262814005-2577103481-1004UA => C:\Users\Bresha\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-29] (Facebook Inc.)
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Bresha\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\DSite.job => C:\Users\Bresha\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1956068371-4262814005-2577103481-1004Core.job => C:\Users\Bresha\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1956068371-4262814005-2577103481-1004UA.job => C:\Users\Bresha\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1956068371-4262814005-2577103481-1004Core.job => C:\Users\Bresha\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1956068371-4262814005-2577103481-1004UA.job => C:\Users\Bresha\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: C:\Windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
 
==================== Loaded Modules (whitelisted) =============
 
2014-06-18 02:43 - 2014-06-18 02:43 - 00384408 _____ () C:\Program Files (x86)\pastaleads\PastaLeadsService.exe
2012-12-08 11:06 - 2012-12-08 11:06 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-12-08 11:06 - 2012-12-08 11:06 - 00189248 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2013-11-24 14:37 - 2013-11-24 14:37 - 00075504 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
2013-11-24 14:36 - 2013-11-24 14:36 - 00088304 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2014-08-22 03:36 - 2014-08-22 03:36 - 04304896 _____ () C:\ProgramData\WinSpeed\WinSpeed_x64.dll
2014-01-03 06:03 - 2014-01-03 06:03 - 07816192 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-54.dll
2014-01-03 06:03 - 2014-01-03 06:03 - 00188416 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-52.dll
2014-01-03 06:03 - 2014-01-03 06:03 - 01425920 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-54.dll
2014-01-03 06:03 - 2014-01-03 06:03 - 00336896 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-2.dll
2014-01-03 06:03 - 2014-01-03 06:03 - 00096256 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\swresample-0.dll
2013-11-24 13:48 - 2013-11-24 13:48 - 00065264 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
2013-11-24 13:48 - 2013-11-24 13:48 - 00071408 _____ () C:\Program Files\TortoiseSVN\bin\libsasl32.dll
2009-07-13 17:37 - 2009-07-13 17:37 - 00152112 _____ () C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
2009-07-13 17:37 - 2009-07-13 17:37 - 00098304 _____ () C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFireWallCOM.dll
2014-08-15 11:53 - 2014-08-15 11:53 - 00043008 ____N () c:\users\bresha\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdmscmx.dll
2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Users\Bresha\AppData\Roaming\Dropbox\bin\libcef.dll
2014-08-22 03:36 - 2014-08-22 03:36 - 00186192 _____ () c:\ProgramData\WinSpeed\WinSpeedSvc.dll
2014-08-22 03:36 - 2014-08-22 03:36 - 04127232 _____ () c:\ProgramData\WinSpeed\WinSpeed.dll
2014-08-15 11:59 - 2014-08-06 22:20 - 08537928 _____ () C:\Users\Bresha\AppData\Local\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-15 11:59 - 2014-08-06 22:20 - 00353096 _____ () C:\Users\Bresha\AppData\Local\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-15 11:59 - 2014-08-06 22:20 - 01732936 _____ () C:\Users\Bresha\AppData\Local\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
2014-08-15 11:59 - 2014-08-06 22:20 - 14669128 _____ () C:\Users\Bresha\AppData\Local\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^Bresha^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Bresha^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk => C:\Windows\pss\OpenOffice.org 3.1.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Bresha^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk => C:\Windows\pss\Xfire.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Bresha\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LifeCam => "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SkDaemond => C:\Program Files (x86)\Lenovo\Lenovo Standard Keyboard Driver\SkDaemond.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: VX3000 => C:\Windows\vVX3000.exe
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft 6to4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: Microsoft 6to4 Adapter #2
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: isatap.eau.wi.charter.com
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: isatap.{257F1FD4-196B-4B53-99E5-38841C261B7E}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: isatap.{257F1FD4-196B-4B53-99E5-38841C261B7E}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: isatap.eau.wi.charter.com
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: isatap.{257F1FD4-196B-4B53-99E5-38841C261B7E}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/22/2014 08:16:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 36.0.1985.143 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 22dc
Start Time: 01cfbe6fc85b07d0
Termination Time: 7
 
Error: (08/20/2014 11:59:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application Morrowind.exe, version 1.6.0.1820, time stamp 0x72456542, faulting module Morrowind.exe, version 1.6.0.1820, time stamp 0x72456542, exception code 0xc0000005, fault offset 0x002aafac,
process id 0x22d4, application start time 0xMorrowind.exe0.
 
Error: (08/20/2014 11:47:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application Morrowind.exe, version 1.6.0.1820, time stamp 0x72456542, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0xf01dd800,
process id 0x1c10, application start time 0xMorrowind.exe0.
 
Error: (08/20/2014 11:36:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application Morrowind.exe, version 1.6.0.1820, time stamp 0x72456542, faulting module Morrowind.exe, version 1.6.0.1820, time stamp 0x72456542, exception code 0xc0000005, fault offset 0x0002538e,
process id 0x2624, application start time 0xMorrowind.exe0.
 
Error: (08/15/2014 11:54:07 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\BRESHA\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\DROPBOX.LNK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/15/2014 11:54:07 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\BRESHA\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\DROPBOX.LNK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/15/2014 03:37:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/14/2014 10:25:41 PM) (Source: Microsoft Office 12) (EventID: 2000) (User: )
Description: Accepted Safe Mode action : Microsoft Office Outlook.
 
Error: (08/11/2014 02:58:20 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\BRESHA\APPDATA\LOCAL\SKYPE\APPS\LOGIN\FONTS\SEGOE-UI-LIGHT-LATIN.EOT> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/11/2014 02:58:20 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\BRESHA\APPDATA\LOCAL\SKYPE\APPS\LOGIN\FONTS\SEGOE-UI-LIGHT-LATIN.EOT> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
 
System errors:
=============
Error: (08/15/2014 05:30:44 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (08/15/2014 05:30:39 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (08/15/2014 05:30:37 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (08/15/2014 05:30:35 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (08/15/2014 05:30:32 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (08/15/2014 03:39:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SPPD%%127
 
Error: (08/15/2014 03:38:58 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: PastaQuotes
 
Error: (08/15/2014 03:37:27 AM) (Source: Print) (EventID: 54) (User: NT AUTHORITY)
Description: Document Order Confirmation failed to print and was deleted because of corruption in the spooled file. The associated driver is: WebEx Document Loader. Try printing the document again.
 
Error: (08/15/2014 03:37:26 AM) (Source: Print) (EventID: 54) (User: NT AUTHORITY)
Description: Document Order Confirmation failed to print and was deleted because of corruption in the spooled file. The associated driver is: WebEx Document Loader. Try printing the document again.
 
Error: (08/15/2014 03:33:41 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}
 
 
Microsoft Office Sessions:
=========================
Error: (03/17/2010 10:42:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 385 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error: (01/27/2010 10:04:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (01/27/2010 10:03:30 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (01/27/2010 10:03:21 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 837 seconds with 60 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-11-16 03:02:43.052
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-11-16 03:02:42.822
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-11-16 03:02:42.536
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-11-16 03:02:42.196
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-11-16 03:01:49.537
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-11-16 03:01:49.315
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-11-16 03:01:49.108
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-11-16 03:01:48.897
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-11-16 03:01:48.601
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-11-16 03:01:48.396
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Quad CPU Q8200 @ 2.33GHz
Percentage of memory in use: 53%
Total physical RAM: 6069.39 MB
Available physical RAM: 2809.75 MB
Total Pagefile: 12363.81 MB
Available Pagefile: 9083.69 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:560.56 GB) (Free:291.07 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: C3FFC3FF)
Partition 1: (Active) - (Size=560.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=35.6 GB) - (Type=12)
 
==================== End Of Log ============================


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:16 AM

Posted 24 August 2014 - 04:14 PM

Hi,

Step 1
  • Please download and install revouninstaller.pngRevo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
    WinSpeed
    Wajam
    PastaQuotes
    Version Checker for Funmoods
    Update for Mipony Download Manager
    Snap.Do Engine
    Search Protect
    Mipony Download Manager Packages
    Funmoods
    Delta Chrome Toolbar
    BabylonObjectInstaller
    Babylon toolbar on IE
    
    
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish
Step 2

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.
Step 3

Please download mbam.pngMalwarebytes Anti-Malware and save it to your desktop.
  • Please open Malwarebytes Anti-Malware.
  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" and go to "Detection and Protection"
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard, then click on Scan Now to start the scan.
    (If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.)
  • A window with an option to view the detailed log will appear. Click on "View Detailed Log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.
Step 4

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 Shend23

Shend23
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 24 August 2014 - 08:09 PM

Note: It didn't give me a MalwareBytes notepad, but all I know is that it found a trojan and a lot of more stuff, my PC is extremely fast and normal like it was before. Thanks for helping me.
# AdwCleaner v3.308 - Report created 24/08/2014 at 19:03:49
# Updated 20/08/2014 by Xplode
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : Bresha - BRESHA-PC
# Running from : C:\Users\Bresha\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : {55dce8ba-9dec-4013-937e-adbf9317d990}Gt64
 
***** [ Files / Folders ] *****
 
[!] Folder Deleted : C:\ProgramData\374311380 
[!] Folder Deleted : C:\ProgramData\Babylon
[!] Folder Deleted : C:\ProgramData\pastaleads
[!] Folder Deleted : C:\ProgramData\Systweak
[!] Folder Deleted : C:\ProgramData\Tarma Installer
[!] Folder Deleted : C:\ProgramData\eaasytoShoP
[!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced File Optimizer
[!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
[!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
[!] Folder Deleted : C:\Program Files (x86)\Advanced File Optimizer
[!] Folder Deleted : C:\Program Files (x86)\Advanced System Protector
[!] Folder Deleted : C:\Program Files (x86)\BabylonToolbar
[!] Folder Deleted : C:\Program Files (x86)\pastaleads
[!] Folder Deleted : C:\Program Files (x86)\SearchProtect
[!] Folder Deleted : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
[!] Folder Deleted : C:\Users\Bresha\AppData\Local\PackageAware
[!] Folder Deleted : C:\Users\Bresha\AppData\Local\Systweak
[!] Folder Deleted : C:\Users\Bresha\AppData\LocalLow\BabylonToolbar
[!] Folder Deleted : C:\Users\Bresha\AppData\LocalLow\Conduit
[!] Folder Deleted : C:\Users\Bresha\AppData\LocalLow\Delta
[!] Folder Deleted : C:\Users\Bresha\AppData\LocalLow\PriceGong
[!] Folder Deleted : C:\Users\Bresha\AppData\Roaming\Babylon
[!] Folder Deleted : C:\Users\Bresha\AppData\Roaming\BabylonToolbar
[!] Folder Deleted : C:\Users\Bresha\AppData\Roaming\DigitalSites
[!] Folder Deleted : C:\Users\Bresha\AppData\Roaming\DSite
[!] Folder Deleted : C:\Users\Bresha\AppData\Roaming\dvdvideosoftiehelpers
[!] Folder Deleted : C:\Users\Bresha\AppData\Roaming\Funmoods
[!] Folder Deleted : C:\Users\Bresha\AppData\Roaming\Mipony Download Manager Packages
[!] Folder Deleted : C:\Users\Bresha\AppData\Roaming\Nattly
[!] Folder Deleted : C:\Users\Bresha\AppData\Roaming\Systweak
[!] Folder Deleted : C:\Users\Bresha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
[!] Folder Deleted : C:\Users\Bresha\Documents\Optimizer Pro
[!] Folder Deleted : C:\Users\Bresha\AppData\Roaming\Mozilla\Firefox\Profiles\e926czzu.default\Extensions\{8850f748-e69b-42ff-a449-7ad3cf153bcc}
[!] Folder Deleted : C:\Users\Bresha\AppData\Roaming\Mozilla\Firefox\Profiles\e926czzu.default\Extensions\{8eaa2500-4118-4c33-9927-988702ba63bd}
[!] Folder Deleted : C:\Users\Bresha\AppData\Roaming\Mozilla\Firefox\Profiles\e926czzu.default\Extensions\{8850f748-e69b-42ff-a449-7ad3cf153bcc}
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Windows\System32\sasnative64.exe
File Deleted : C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gt64.sys
File Deleted : C:\Users\Bresha\AppData\Local\funmoods.crx
File Deleted : C:\Users\Bresha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Advanced File Optimizer.lnk
File Deleted : C:\Users\Bresha\AppData\Roaming\Mozilla\Firefox\Profiles\e926czzu.default\invalidprefs.js
File Deleted : C:\Users\Bresha\AppData\Roaming\Mozilla\Firefox\Profiles\e926czzu.default\searchplugins\trovi-search.xml
File Deleted : C:\Users\Bresha\AppData\Roaming\Mozilla\Firefox\Profiles\e926czzu.default\searchplugins\Web Search.xml
File Deleted : C:\Users\Bresha\AppData\Roaming\Mozilla\Firefox\Profiles\e926czzu.default\user.js
File Deleted : C:\Program Files (x86)\Mozilla Firefox\user.js
File Deleted : C:\Users\Bresha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.betterdeals00.betterdeals.co_0.localstorage
File Deleted : C:\Users\Bresha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.betterdeals00.betterdeals.co_0.localstorage-journal
File Deleted : C:\Users\Bresha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Bresha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Bresha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage
File Deleted : C:\Users\Bresha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage-journal
File Deleted : C:\Users\Bresha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www1.delta-search.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : Advanced System Protector_startup
Task Deleted : Digital Sites
Task Deleted : DSite
Task Deleted : Funmoods
Task Deleted : Optimizer Pro Schedule
Task Deleted : RegClean Pro
Task Deleted : RegClean Pro_DEFAULT
Task Deleted : RegClean Pro_UPDATES
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Classes\eeasytoishop.eeasytoishop
Key Deleted : HKLM\SOFTWARE\Classes\eeasytoishop.eeasytoishop.1.8
Key Deleted : HKCU\Software\5b55dcd0e63ee813
Key Deleted : HKLM\SOFTWARE\5b55dcd0e63ee813
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1F02FB61-2BE5-4C16-8199-AEAA16EB0342}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{29B98CA1-226C-3E26-31D9-5F4445C152C9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{29B98CA1-226C-3E26-31D9-5F4445C152C9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{29B98CA1-226C-3E26-31D9-5F4445C152C9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{29B98CA1-226C-3E26-31D9-5F4445C152C9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{29B98CA1-226C-3E26-31D9-5F4445C152C9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{29B98CA1-226C-3E26-31D9-5F4445C152C9}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{29B98CA1-226C-3E26-31D9-5F4445C152C9}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Deleted : HKCU\Software\Alexa Internet
Key Deleted : HKCU\Software\BrowserMngr
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\distromatic
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Babylon
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\BrowserMngr
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\NpApp
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DSite
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{532970A2-464B-73CB-BBC4-F209EAD3EEBE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{6BADF8F7-81A0-4A49-B302-868A63E746EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{83AA2913-C123-4146-85BD-AD8F93971D39}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DSite
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Funmoods
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Mipony Download Manager Packages
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\pastaleads
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{532970A2-464B-73CB-BBC4-F209EAD3EEBE}
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16563
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [(Default)]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Mozilla Firefox v26.0 (en-US)
 
[ File : C:\Users\Bresha\AppData\Roaming\Mozilla\Firefox\Profiles\e926czzu.default\prefs.js ]
 
Line Deleted : user_pref("avg.install.userHPSettings", "hxxp://search.babylon.com/?affID=114066&tt=120812_bandext_3312_1&babsrc=HP_ss&mntrId=0c29b24b000000000000001e37254dec");
Line Deleted : user_pref("avg.install.userSPSettings", "Search the web (Babylon)");
Line Deleted : user_pref("browser.search.defaultenginename", "Web Search");
Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "en");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.id", "0c29b24b000000000000001e37254dec");
Line Deleted : user_pref("extensions.delta.instlDay", "15817");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.16.16");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.16.1623:27:27");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.16.16");
Line Deleted : user_pref("params", "hxxp://www.amazon.com/websearch/ref=bit_bds-p23_serp_ff_us_display?ie=UTF8&tagbase=bds-p23&tbrId=v1_abb-channel-23_595a63ac38584d91bd1dc1e792748b26_39_1006_20130422_US_ff_ab_&tag=[...]
Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.trovi.com/?gd=&ctid=CT3329241&octid=EB_ORIGINAL_CTID&ISID=8BFC4377-5377-4241-B8E5-54AD55133214&SearchSource=55&CUI=&UM=6&UP=SP94F65848-417C-49AF-AE1C-[...]
Line Deleted : user_pref("browser.search.selectedEngine", "Trovi search");
 
-\\ Google Chrome v
 
[ File : C:\Users\Bresha\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Startup_urls] : hxxp://websearch.calcitapp.info/
Deleted [Homepage] : hxxp://websearch.calcitapp.info/
Deleted [Extension] : bbjciahceamgodcoidkjpchnokgfpphh
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : dhkplhfnhceodhffomolpfigojocbpcb
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
Deleted [Extension] : jpmbfleldcgkldadpdinhjjopdfpjfjp
 
*************************
 
AdwCleaner[R0].txt - [24753 octets] - [24/08/2014 19:01:51]
AdwCleaner[S0].txt - [20608 octets] - [24/08/2014 19:03:49]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [20669 octets] ##########
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2014 03
Ran by Bresha (administrator) on BRESHA-PC on 24-08-2014 20:04:10
Running from C:\Users\Bresha\Downloads
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(WebEx Communications, Inc.) C:\Windows\SysWOW64\atashost.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\Bresha\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Users\Bresha\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bresha\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bresha\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bresha\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [225792 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [nmctxth] => C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe [647216 2009-07-07] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [nmapp] => C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe [472112 2009-07-08] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296096 2012-08-14] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoDrives] 0x00000002
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1956068371-4262814005-2577103481-1004\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1956068371-4262814005-2577103481-1004\...\Run: [Google Update] => C:\Users\Bresha\AppData\Local\Google\Update\GoogleUpdate.exe [135664 2009-12-24] (Google Inc.)
HKU\S-1-5-21-1956068371-4262814005-2577103481-1004\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1937600 2014-08-13] (Valve Corporation)
HKU\S-1-5-21-1956068371-4262814005-2577103481-1004\...\Run: [DW6] => "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
HKU\S-1-5-21-1956068371-4262814005-2577103481-1004\...\Run: [Facebook Update] => C:\Users\Bresha\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-10-29] (Facebook Inc.)
HKU\S-1-5-21-1956068371-4262814005-2577103481-1004\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-1956068371-4262814005-2577103481-1004\...\Run: [fastclean] => "C:\Program Files (x86)\FastClean PRO\fastcleanpro.exe"
HKU\S-1-5-21-1956068371-4262814005-2577103481-1004\...\MountPoints2: D - D:\LaunchRC.exe
HKU\S-1-5-21-1956068371-4262814005-2577103481-1004\...\MountPoints2: {a0265335-7532-11df-b74a-001e37254dec} - K:\PMBP_Win.exe
HKU\S-1-5-21-1956068371-4262814005-2577103481-1004\...\MountPoints2: {f2c25485-7f68-11df-896a-001e37254dec} - J:\iStudio.exe
Startup: C:\Users\Bresha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Bresha\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bresha\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bresha\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bresha\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bresha\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bresha\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bresha\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bresha\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bresha\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: 1TortoiseNormal -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 2TortoiseModified -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 3TortoiseConflict -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 4TortoiseLocked -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 5TortoiseReadOnly -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 6TortoiseDeleted -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 7TortoiseAdded -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 8TortoiseIgnored -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: 9TortoiseUnversioned -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: SmartFTP Drop -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\sfShellTools.dll (SmartSoft Ltd.)
ShellIconOverlayIdentifiers-x32: 1TortoiseNormal -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 2TortoiseModified -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 3TortoiseConflict -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 4TortoiseLocked -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 5TortoiseReadOnly -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 6TortoiseDeleted -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 7TortoiseAdded -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 8TortoiseIgnored -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: 9TortoiseUnversioned -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} 
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
Handler-x32: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 68.115.71.53 24.247.15.53 24.217.0.5 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Bresha\AppData\Roaming\Mozilla\Firefox\Profiles\e926czzu.default
FF SearchEngineOrder.1: Amazon 
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: BYOND -> C:\Program Files (x86)\BYOND\bin\npbyond.dll (BYOND)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Bresha\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @soe.sony.com/installer,version=1.0.3 -> C:\Users\Bresha\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Bresha\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Bresha\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Bresha\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npbyond.dll (BYOND)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: No Name - C:\Users\Bresha\AppData\Roaming\Mozilla\Firefox\Profiles\e926czzu.default\Extensions\staged [2014-08-22]
FF Extension: Adblock Plus - C:\Users\Bresha\AppData\Roaming\Mozilla\Firefox\Profiles\e926czzu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-19]
FF Extension: Adblock Edge - C:\Users\Bresha\AppData\Roaming\Mozilla\Firefox\Profiles\e926czzu.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-03-12]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-24]
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-08-14]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSuggestURL: 
CHR Plugin: (Shockwave Flash) - C:\Users\Bresha\AppData\Local\Google\Chrome\Application\36.0.1985.143\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Bresha\AppData\Local\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Bresha\AppData\Local\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (SOE Web Installer) - C:\Users\Bresha\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
CHR Plugin: (Unity Player) - C:\Users\Bresha\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Google Update) - C:\Users\Bresha\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Angry Birds) - C:\Users\Bresha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2011-10-29]
CHR Extension: (Google Drive) - C:\Users\Bresha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bresha\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (Adblock Plus) - C:\Users\Bresha\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2011-06-14]
CHR Extension: (Google Wallet) - C:\Users\Bresha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-08-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 atashost; C:\Windows\SysWOW64\atashost.exe [20376 2009-03-06] (WebEx Communications, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-12-08] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2012-12-08] ()
S3 wampapache; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [22016 2014-05-01] (Apache Software Foundation) [File not signed]
S3 wampmysqld; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [10959360 2014-05-01] () [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-24] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-24 19:18 - 2014-08-24 19:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-24 19:18 - 2014-08-24 19:18 - 00000941 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-24 19:18 - 2014-08-24 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-24 19:17 - 2014-08-24 19:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-24 19:17 - 2014-08-24 19:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-24 19:17 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-24 19:17 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-24 19:17 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-24 19:16 - 2014-08-24 19:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Bresha\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-24 19:13 - 2014-08-24 19:15 - 00020796 _____ () C:\Users\Bresha\Desktop\adaasd.txt
2014-08-24 19:10 - 2014-08-24 19:58 - 00003344 _____ () C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1956068371-4262814005-2577103481-1004
2014-08-24 19:10 - 2014-08-24 19:58 - 00003212 _____ () C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1956068371-4262814005-2577103481-1004
2014-08-24 19:06 - 2014-08-24 19:54 - 00018956 _____ () C:\Windows\PFRO.log
2014-08-24 19:03 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-24 19:01 - 2014-08-24 19:04 - 00000000 ____D () C:\AdwCleaner
2014-08-24 19:01 - 2014-08-24 19:01 - 01364531 _____ () C:\Users\Bresha\Downloads\AdwCleaner.exe
2014-08-24 18:31 - 2014-08-24 18:31 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Bresha\Downloads\revosetup.exe
2014-08-24 18:31 - 2014-08-24 18:31 - 00001099 _____ () C:\Users\Bresha\Desktop\Revo Uninstaller.lnk
2014-08-24 18:31 - 2014-08-24 18:31 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-08-24 11:31 - 2014-08-24 11:31 - 00057198 _____ () C:\Users\Bresha\Downloads\Addition.txt
2014-08-24 11:29 - 2014-08-24 20:04 - 00027923 _____ () C:\Users\Bresha\Downloads\FRST.txt
2014-08-24 11:29 - 2014-08-24 20:04 - 00000000 ____D () C:\FRST
2014-08-24 11:29 - 2014-08-24 11:29 - 02103296 _____ (Farbar) C:\Users\Bresha\Downloads\FRST64.exe
2014-08-24 11:29 - 2014-08-24 11:29 - 01095168 _____ (Farbar) C:\Users\Bresha\Downloads\FRST.exe
2014-08-24 00:54 - 2014-08-24 18:51 - 00000000 ____D () C:\Users\Bresha\AppData\Roaming\Mipony
2014-08-22 03:56 - 2014-08-22 03:58 - 00000000 ____D () C:\ProgramData\670e6082496de764
2014-08-22 03:56 - 2014-08-22 03:56 - 00000000 ____D () C:\Users\Bresha\AppData\Local\Packages
2014-08-20 23:36 - 2014-08-20 23:36 - 00000552 _____ () C:\Users\Bresha\AppData\Local\d3d8caps.dat
2014-08-20 22:50 - 2014-08-20 22:50 - 00000221 _____ () C:\Users\Bresha\Desktop\The Elder Scrolls III Morrowind.url
2014-08-15 03:40 - 2014-08-15 03:40 - 00003402 _____ () C:\Windows\System32\Tasks\PastaQuotes
2014-08-15 03:02 - 2014-06-26 17:17 - 01389200 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-15 03:02 - 2014-06-26 17:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-15 03:02 - 2014-06-26 17:17 - 00171152 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 03:02 - 2014-06-26 17:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-15 03:02 - 2014-06-26 17:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-15 03:02 - 2014-06-26 17:17 - 00008848 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-15 03:02 - 2014-06-05 23:29 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 03:02 - 2014-06-05 23:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 21:39 - 2014-07-24 23:27 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-14 21:39 - 2014-07-24 23:18 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-14 21:39 - 2014-07-24 22:15 - 02781696 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-14 21:39 - 2014-07-24 14:28 - 17861120 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 21:39 - 2014-07-24 14:12 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 21:39 - 2014-07-24 14:10 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 21:39 - 2014-07-24 14:07 - 01384960 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 21:39 - 2014-07-24 14:06 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 21:39 - 2014-07-24 14:05 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 21:39 - 2014-07-24 14:05 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-14 21:39 - 2014-07-24 14:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 21:39 - 2014-07-24 14:04 - 02155520 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 21:39 - 2014-07-24 14:04 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-14 21:39 - 2014-07-24 14:04 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 21:39 - 2014-07-24 14:04 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 21:39 - 2014-07-24 14:04 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 21:39 - 2014-07-24 14:04 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 21:39 - 2014-07-24 14:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 21:39 - 2014-07-24 14:03 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 21:39 - 2014-07-24 14:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 21:39 - 2014-07-24 14:03 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-14 21:39 - 2014-07-24 14:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-14 21:39 - 2014-07-24 14:03 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-14 21:39 - 2014-07-24 14:02 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 21:39 - 2014-07-24 13:07 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 21:39 - 2014-07-24 12:58 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 21:39 - 2014-07-24 12:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 21:39 - 2014-07-24 12:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 21:39 - 2014-07-24 12:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 21:39 - 2014-07-24 12:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 21:39 - 2014-07-24 12:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-08-14 21:39 - 2014-07-24 12:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 21:39 - 2014-07-24 12:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 21:39 - 2014-07-24 12:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-14 21:39 - 2014-07-24 12:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 21:39 - 2014-07-24 12:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 21:39 - 2014-07-24 12:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-14 21:39 - 2014-07-24 12:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 21:39 - 2014-07-24 12:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 21:39 - 2014-07-24 12:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 21:39 - 2014-07-24 12:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 21:39 - 2014-07-24 12:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-08-14 21:39 - 2014-07-24 12:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-08-14 21:39 - 2014-07-24 12:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-08-14 21:39 - 2014-07-24 12:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-14 21:39 - 2014-06-13 19:56 - 00901568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 21:39 - 2014-06-13 19:51 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-14 21:38 - 2014-07-07 20:12 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 21:38 - 2014-07-07 19:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 21:38 - 2014-06-02 16:30 - 03137536 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 21:38 - 2014-06-02 16:30 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 21:38 - 2014-06-02 16:29 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 21:38 - 2014-06-02 16:29 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-08-14 21:38 - 2014-06-02 15:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 21:38 - 2014-06-02 05:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 21:38 - 2014-06-02 05:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 21:38 - 2014-06-02 05:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 12:51 - 2014-08-14 12:51 - 01104394 _____ () C:\Users\Bresha\Downloads\Echoroleplay Content.zip
2014-08-13 20:33 - 2014-08-13 20:40 - 00000000 ____D () C:\Users\Bresha\AppData\Roaming\TS3Client
2014-08-13 20:33 - 2014-08-13 20:33 - 00001017 _____ () C:\Users\Bresha\Desktop\TeamSpeak 3 Client.lnk
2014-08-13 20:33 - 2014-08-13 20:33 - 00000000 ____D () C:\Users\Bresha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-08-13 20:33 - 2014-08-13 20:33 - 00000000 ____D () C:\Users\Bresha\AppData\Local\TeamSpeak 3 Client
2014-08-13 20:31 - 2014-08-13 20:32 - 28115400 _____ (TeamSpeak Systems GmbH) C:\Users\Bresha\Downloads\TeamSpeak3-Client-win32-3.0.16.exe
2014-08-09 15:28 - 2014-08-09 15:30 - 107182916 _____ () C:\Users\Bresha\Downloads\Point of Contact.rar
2014-08-08 23:08 - 2014-08-08 23:21 - 1157030734 _____ () C:\Users\Bresha\Downloads\SSTRP Content.rar
2014-08-08 23:04 - 2014-08-08 23:05 - 59769889 _____ () C:\Users\Bresha\Downloads\Torch's Models.zip
2014-08-07 21:08 - 2014-08-07 21:09 - 45433123 _____ () C:\Users\Bresha\Downloads\launcher (1).zip
2014-08-07 17:35 - 2014-08-07 17:35 - 00002071 _____ () C:\Users\Bresha\Downloads\metrovocoderfix.zip
2014-08-07 11:32 - 2014-08-07 11:32 - 00005237 _____ () C:\Users\Bresha\Downloads\phantommpf (1).zip
2014-08-05 18:17 - 2014-08-05 18:17 - 00004356 _____ () C:\Users\Bresha\Downloads\phantommpf.zip
2014-08-04 18:15 - 2014-08-04 18:16 - 45433123 _____ () C:\Users\Bresha\Downloads\launcher.zip
2014-08-02 20:41 - 2014-08-02 20:41 - 00001230 _____ () C:\Users\Bresha\Downloads\hl2rpknife (1).zip
2014-08-02 20:35 - 2014-08-02 20:35 - 00001230 _____ () C:\Users\Bresha\Downloads\hl2rpknife.zip
2014-08-02 20:33 - 2014-08-02 20:34 - 00002109 _____ () C:\Users\Bresha\Downloads\knifeform9k.zip
2014-07-30 18:06 - 2014-07-30 18:06 - 00001075 _____ () C:\Users\Public\Desktop\World of Warcraft.lnk
2014-07-30 18:06 - 2014-07-30 18:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2014-07-30 18:05 - 2014-07-31 14:10 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-07-30 18:05 - 2014-07-30 18:06 - 00001260 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of WarcraftBlizzard Technical Support.lnk
2014-07-30 18:05 - 2014-07-30 18:06 - 00001253 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of WarcraftAccount Billing.lnk
2014-07-30 18:05 - 2014-07-30 18:06 - 00001089 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of WarcraftWorld of Warcraft.lnk
2014-07-30 18:04 - 2014-07-31 14:54 - 00000000 ____D () C:\Users\Bresha\AppData\Local\Battle.net
2014-07-30 18:04 - 2014-07-30 18:05 - 00000000 ____D () C:\Users\Bresha\AppData\Roaming\Battle.net
2014-07-30 18:04 - 2014-07-30 18:04 - 00000997 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.netBattle.net.lnk
2014-07-30 18:04 - 2014-07-30 18:04 - 00000000 ____D () C:\Users\Bresha\AppData\Local\Blizzard Entertainment
2014-07-30 18:04 - 2014-07-30 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-07-30 18:04 - 2014-07-30 18:04 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-07-30 18:03 - 2014-07-31 14:09 - 00000000 ____D () C:\ProgramData\Battle.net
2014-07-30 18:02 - 2014-07-30 18:03 - 02942368 _____ (Blizzard Entertainment) C:\Users\Bresha\Downloads\World-of-Warcraft-Setup-enUS.exe
2014-07-29 12:58 - 2014-07-29 12:58 - 00000000 ____D () C:\ProgramData\HP
2014-07-28 17:16 - 2014-07-28 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-07-28 17:15 - 2014-07-28 17:15 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-07-28 17:14 - 2014-08-15 03:37 - 00021976 _____ () C:\Windows\system32\Drivers\SPPD.sys
2014-07-28 17:13 - 2014-07-28 17:13 - 00565968 _____ (Downloadius) C:\Users\Bresha\Downloads\HD_Player__CD5MTCD13345_88e7f9d7b46bd63bf7e11dfe0094efdd.exe
2014-07-28 17:13 - 2014-07-28 17:13 - 00565968 _____ (Downloadius) C:\Users\Bresha\Downloads\HD_Player__CD5MTCD13345_88e7f9d7b46bd63bf7e11dfe0094efdd (1).exe
2014-07-28 17:13 - 2014-07-28 17:13 - 00000000 ____D () C:\Users\Bresha\AppData\Local\downloadius
2014-07-27 22:19 - 2014-07-27 22:19 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-27 22:16 - 2014-07-27 22:16 - 00004535 _____ () C:\Users\Bresha\AppData\Roaming\CamStudio.cfg
2014-07-27 22:16 - 2014-07-27 22:16 - 00000408 _____ () C:\Users\Bresha\AppData\Roaming\CamShapes.ini
2014-07-27 22:16 - 2014-07-27 22:16 - 00000408 _____ () C:\Users\Bresha\AppData\Roaming\CamLayout.ini
2014-07-27 22:16 - 2014-07-27 22:16 - 00000096 _____ () C:\Users\Bresha\AppData\Roaming\version2.xml
2014-07-27 22:16 - 2014-07-27 22:16 - 00000046 _____ () C:\Users\Bresha\AppData\Roaming\Camdata.ini
2014-07-27 22:16 - 2014-07-27 22:16 - 00000000 ____D () C:\Users\Bresha\Documents\My CamStudio Temp Files
2014-07-27 13:44 - 2014-07-27 13:44 - 00078663 _____ () C:\Users\Bresha\Downloads\ULib-v2_51.zip
2014-07-27 13:43 - 2014-07-27 13:44 - 00149100 _____ () C:\Users\Bresha\Downloads\ulx-v3_61.zip
2014-07-27 13:05 - 2014-07-27 13:05 - 00373311 _____ () C:\Users\Bresha\Downloads\XRay-v9-1.7.9.jar
2014-07-26 22:37 - 2014-07-26 22:46 - 00000000 ____D () C:\Users\Bresha\AppData\Roaming\.crazycraft2
2014-07-26 22:32 - 2014-06-09 03:09 - 02697677 _____ (RichDigits Development) C:\Users\Bresha\Desktop\VoidLauncher.exe
2014-07-26 22:30 - 2014-07-26 22:37 - 00000000 ____D () C:\Users\Bresha\AppData\Roaming\.crazycraft
2014-07-26 22:28 - 2014-07-26 22:29 - 136525035 _____ () C:\Users\Bresha\Downloads\CrazyCraftServerv2.1.zip
2014-07-26 22:27 - 2014-07-26 22:35 - 00000000 ____D () C:\VoidLauncher
2014-07-26 22:27 - 2014-07-26 22:27 - 02455832 _____ () C:\Users\Bresha\Downloads\VoidLauncher.zip
2014-07-26 22:27 - 2014-07-26 22:27 - 00000000 ____D () C:\Users\Bresha\AppData\Roaming\.fellowship
2014-07-26 22:27 - 2014-07-26 22:27 - 00000000 ____D () C:\Users\Bresha\AppData\Roaming\.electriciansjourney
2014-07-26 22:27 - 2014-07-26 22:27 - 00000000 ____D () C:\Users\Bresha\AppData\Roaming\.dreamcraft
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-24 20:04 - 2014-08-24 11:29 - 00027923 _____ () C:\Users\Bresha\Downloads\FRST.txt
2014-08-24 20:04 - 2014-08-24 11:29 - 00000000 ____D () C:\FRST
2014-08-24 20:03 - 2009-07-14 16:56 - 01954245 _____ () C:\Windows\WindowsUpdate.log
2014-08-24 19:59 - 2014-07-22 19:24 - 00000000 ___RD () C:\Users\Bresha\Dropbox
2014-08-24 19:59 - 2014-07-22 19:21 - 00000000 ____D () C:\Users\Bresha\AppData\Roaming\Dropbox
2014-08-24 19:58 - 2014-08-24 19:10 - 00003344 _____ () C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1956068371-4262814005-2577103481-1004
2014-08-24 19:58 - 2014-08-24 19:10 - 00003212 _____ () C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1956068371-4262814005-2577103481-1004
2014-08-24 19:58 - 2012-07-28 13:34 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-24 19:57 - 2014-08-24 19:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-24 19:57 - 2014-01-19 15:29 - 00000000 ____D () C:\Users\Bresha\AppData\Local\TSVNCache
2014-08-24 19:57 - 2013-10-05 22:34 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-24 19:57 - 2006-11-02 10:07 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-08-24 19:54 - 2014-08-24 19:06 - 00018956 _____ () C:\Windows\PFRO.log
2014-08-24 19:54 - 2010-04-14 12:04 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-08-24 19:54 - 2006-11-02 10:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-24 19:54 - 2006-11-02 10:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-24 19:54 - 2006-11-02 10:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-24 19:53 - 2006-11-02 10:42 - 00032602 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-24 19:52 - 2013-10-08 14:55 - 00000000 ____D () C:\Users\Bresha\AppData\Roaming\HPP
2014-08-24 19:35 - 2010-10-17 14:01 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1956068371-4262814005-2577103481-1004UA.job
2014-08-24 19:18 - 2014-08-24 19:18 - 00000941 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-24 19:18 - 2014-08-24 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-24 19:18 - 2014-08-24 19:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-24 19:18 - 2013-10-05 22:34 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-24 19:17 - 2014-08-24 19:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-24 19:16 - 2014-08-24 19:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Bresha\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-24 19:15 - 2014-08-24 19:13 - 00020796 _____ () C:\Users\Bresha\Desktop\adaasd.txt
2014-08-24 19:07 - 2006-11-02 10:21 - 00395968 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-24 19:04 - 2014-08-24 19:01 - 00000000 ____D () C:\AdwCleaner
2014-08-24 19:03 - 2013-12-21 02:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-24 19:01 - 2014-08-24 19:01 - 01364531 _____ () C:\Users\Bresha\Downloads\AdwCleaner.exe
2014-08-24 18:51 - 2014-08-24 00:54 - 00000000 ____D () C:\Users\Bresha\AppData\Roaming\Mipony
2014-08-24 18:31 - 2014-08-24 18:31 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Bresha\Downloads\revosetup.exe
2014-08-24 18:31 - 2014-08-24 18:31 - 00001099 _____ () C:\Users\Bresha\Desktop\Revo Uninstaller.lnk
2014-08-24 18:31 - 2014-08-24 18:31 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-08-24 17:46 - 2012-10-29 17:41 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1956068371-4262814005-2577103481-1004UA.job
2014-08-24 17:46 - 2012-10-29 17:41 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1956068371-4262814005-2577103481-1004Core.job
2014-08-24 14:29 - 2006-11-02 08:34 - 00000000 ____D () C:\Windows\tracing
2014-08-24 11:31 - 2014-08-24 11:31 - 00057198 _____ () C:\Users\Bresha\Downloads\Addition.txt
2014-08-24 11:29 - 2014-08-24 11:29 - 02103296 _____ (Farbar) C:\Users\Bresha\Downloads\FRST64.exe
2014-08-24 11:29 - 2014-08-24 11:29 - 01095168 _____ (Farbar) C:\Users\Bresha\Downloads\FRST.exe
2014-08-24 00:27 - 2013-08-29 16:27 - 00000061 _____ () C:\Users\Bresha\AppData\Roaming\WB.CFG
2014-08-23 23:35 - 2010-10-17 14:01 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1956068371-4262814005-2577103481-1004Core.job
2014-08-23 18:20 - 2012-08-19 17:57 - 00005324 _____ () C:\Users\Bresha\AppData\Local\d3d9caps.dat
2014-08-23 17:56 - 2014-06-07 14:57 - 00000000 ____D () C:\Users\Bresha\AppData\Roaming\CoreFTP
2014-08-23 16:47 - 2009-12-24 18:24 - 00000000 ____D () C:\Users\Bresha
2014-08-22 03:58 - 2014-08-22 03:56 - 00000000 ____D () C:\ProgramData\670e6082496de764
2014-08-22 03:56 - 2014-08-22 03:56 - 00000000 ____D () C:\Users\Bresha\AppData\Local\Packages
2014-08-20 23:36 - 2014-08-20 23:36 - 00000552 _____ () C:\Users\Bresha\AppData\Local\d3d8caps.dat
2014-08-20 22:50 - 2014-08-20 22:50 - 00000221 _____ () C:\Users\Bresha\Desktop\The Elder Scrolls III Morrowind.url
2014-08-15 23:51 - 2010-12-04 21:39 - 00000000 ____D () C:\Users\Bresha\AppData\Roaming\Skype
2014-08-15 11:59 - 2013-11-28 16:29 - 00002047 _____ () C:\Users\Bresha\Desktop\Google Chrome.lnk
2014-08-15 11:53 - 2014-07-22 19:24 - 00000922 _____ () C:\Users\Bresha\Desktop\Dropbox.lnk
2014-08-15 11:53 - 2014-07-22 19:22 - 00000000 ____D () C:\Users\Bresha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-15 03:54 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\rescache
2014-08-15 03:44 - 2006-11-02 07:46 - 00764476 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-15 03:40 - 2014-08-15 03:40 - 00003402 _____ () C:\Windows\System32\Tasks\PastaQuotes
2014-08-15 03:37 - 2014-07-28 17:14 - 00021976 _____ () C:\Windows\system32\Drivers\SPPD.sys
2014-08-15 03:17 - 2009-07-14 17:14 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-15 03:16 - 2013-08-30 03:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-15 03:11 - 2006-11-02 07:35 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-08-14 12:51 - 2014-08-14 12:51 - 01104394 _____ () C:\Users\Bresha\Downloads\Echoroleplay Content.zip
2014-08-13 20:40 - 2014-08-13 20:33 - 00000000 ____D () C:\Users\Bresha\AppData\Roaming\TS3Client
2014-08-13 20:33 - 2014-08-13 20:33 - 00001017 _____ () C:\Users\Bresha\Desktop\TeamSpeak 3 Client.lnk
2014-08-13 20:33 - 2014-08-13 20:33 - 00000000 ____D () C:\Users\Bresha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-08-13 20:33 - 2014-08-13 20:33 - 00000000 ____D () C:\Users\Bresha\AppData\Local\TeamSpeak 3 Client
2014-08-13 20:32 - 2014-08-13 20:31 - 28115400 _____ (TeamSpeak Systems GmbH) C:\Users\Bresha\Downloads\TeamSpeak3-Client-win32-3.0.16.exe
2014-08-11 14:57 - 2010-12-04 21:39 - 00000000 ____D () C:\ProgramData\Skype
2014-08-10 14:07 - 2014-07-19 21:12 - 00000000 ____D () C:\SANDBOX
2014-08-09 15:30 - 2014-08-09 15:28 - 107182916 _____ () C:\Users\Bresha\Downloads\Point of Contact.rar
2014-08-08 23:45 - 2014-07-16 04:08 - 00000000 ____D () C:\Users\Bresha\Documents\BYOND
2014-08-08 23:21 - 2014-08-08 23:08 - 1157030734 _____ () C:\Users\Bresha\Downloads\SSTRP Content.rar
2014-08-08 23:05 - 2014-08-08 23:04 - 59769889 _____ () C:\Users\Bresha\Downloads\Torch's Models.zip
2014-08-08 13:58 - 2011-11-23 10:10 - 00000000 ____D () C:\Users\Bresha\AppData\Roaming\.minecraft
2014-08-08 09:29 - 2014-07-08 18:26 - 00000000 ____D () C:\Users\Bresha\AppData\Roaming\TeamViewer
2014-08-07 21:09 - 2014-08-07 21:08 - 45433123 _____ () C:\Users\Bresha\Downloads\launcher (1).zip
2014-08-07 17:35 - 2014-08-07 17:35 - 00002071 _____ () C:\Users\Bresha\Downloads\metrovocoderfix.zip
2014-08-07 11:32 - 2014-08-07 11:32 - 00005237 _____ () C:\Users\Bresha\Downloads\phantommpf (1).zip
2014-08-05 18:17 - 2014-08-05 18:17 - 00004356 _____ () C:\Users\Bresha\Downloads\phantommpf.zip
2014-08-04 22:13 - 2012-06-28 12:09 - 00000024 _____ () C:\Users\Bresha\random.dat
2014-08-04 21:52 - 2013-03-16 11:53 - 00000045 _____ () C:\Users\Bresha\jagex_cl_oldschool_LIVE.dat
2014-08-04 18:16 - 2014-08-04 18:15 - 45433123 _____ () C:\Users\Bresha\Downloads\launcher.zip
2014-08-02 20:41 - 2014-08-02 20:41 - 00001230 _____ () C:\Users\Bresha\Downloads\hl2rpknife (1).zip
2014-08-02 20:35 - 2014-08-02 20:35 - 00001230 _____ () C:\Users\Bresha\Downloads\hl2rpknife.zip
2014-08-02 20:34 - 2014-08-02 20:33 - 00002109 _____ () C:\Users\Bresha\Downloads\knifeform9k.zip
2014-08-02 20:31 - 2014-07-22 19:20 - 00001479 _____ () C:\Users\Bresha\Downloads\m9kknife.zip
2014-08-01 19:18 - 2014-04-17 09:42 - 00000219 _____ () C:\Users\Bresha\Desktop\Half-Life 2 Episode Two.url
2014-07-31 14:54 - 2014-07-30 18:04 - 00000000 ____D () C:\Users\Bresha\AppData\Local\Battle.net
2014-07-31 14:10 - 2014-07-30 18:05 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-07-31 14:09 - 2014-07-30 18:03 - 00000000 ____D () C:\ProgramData\Battle.net
2014-07-30 18:06 - 2014-07-30 18:06 - 00001075 _____ () C:\Users\Public\Desktop\World of Warcraft.lnk
2014-07-30 18:06 - 2014-07-30 18:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2014-07-30 18:06 - 2014-07-30 18:05 - 00001260 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of WarcraftBlizzard Technical Support.lnk
2014-07-30 18:06 - 2014-07-30 18:05 - 00001253 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of WarcraftAccount Billing.lnk
2014-07-30 18:06 - 2014-07-30 18:05 - 00001089 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of WarcraftWorld of Warcraft.lnk
2014-07-30 18:05 - 2014-07-30 18:04 - 00000000 ____D () C:\Users\Bresha\AppData\Roaming\Battle.net
2014-07-30 18:04 - 2014-07-30 18:04 - 00000997 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.netBattle.net.lnk
2014-07-30 18:04 - 2014-07-30 18:04 - 00000000 ____D () C:\Users\Bresha\AppData\Local\Blizzard Entertainment
2014-07-30 18:04 - 2014-07-30 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-07-30 18:04 - 2014-07-30 18:04 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-07-30 18:03 - 2014-07-30 18:02 - 02942368 _____ (Blizzard Entertainment) C:\Users\Bresha\Downloads\World-of-Warcraft-Setup-enUS.exe
2014-07-29 12:58 - 2014-07-29 12:58 - 00000000 ____D () C:\ProgramData\HP
2014-07-28 17:16 - 2014-07-28 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-07-28 17:15 - 2014-07-28 17:15 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-07-28 17:13 - 2014-07-28 17:13 - 00565968 _____ (Downloadius) C:\Users\Bresha\Downloads\HD_Player__CD5MTCD13345_88e7f9d7b46bd63bf7e11dfe0094efdd.exe
2014-07-28 17:13 - 2014-07-28 17:13 - 00565968 _____ (Downloadius) C:\Users\Bresha\Downloads\HD_Player__CD5MTCD13345_88e7f9d7b46bd63bf7e11dfe0094efdd (1).exe
2014-07-28 17:13 - 2014-07-28 17:13 - 00000000 ____D () C:\Users\Bresha\AppData\Local\downloadius
2014-07-28 15:05 - 2006-11-02 07:34 - 00000321 _____ () C:\Windows\win.ini
2014-07-28 11:52 - 2014-06-07 14:56 - 00000000 ____D () C:\Program Files (x86)\CoreFTP
2014-07-27 22:19 - 2014-07-27 22:19 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-27 22:16 - 2014-07-27 22:16 - 00004535 _____ () C:\Users\Bresha\AppData\Roaming\CamStudio.cfg
2014-07-27 22:16 - 2014-07-27 22:16 - 00000408 _____ () C:\Users\Bresha\AppData\Roaming\CamShapes.ini
2014-07-27 22:16 - 2014-07-27 22:16 - 00000408 _____ () C:\Users\Bresha\AppData\Roaming\CamLayout.ini
2014-07-27 22:16 - 2014-07-27 22:16 - 00000096 _____ () C:\Users\Bresha\AppData\Roaming\version2.xml
2014-07-27 22:16 - 2014-07-27 22:16 - 00000046 _____ () C:\Users\Bresha\AppData\Roaming\Camdata.ini
2014-07-27 22:16 - 2014-07-27 22:16 - 00000000 ____D () C:\Users\Bresha\Documents\My CamStudio Temp Files
2014-07-27 18:30 - 2011-11-02 07:21 - 00000032 _____ () C:\Users\Bresha\jagex_cl_runescape_LIVE.dat
2014-07-27 13:44 - 2014-07-27 13:44 - 00078663 _____ () C:\Users\Bresha\Downloads\ULib-v2_51.zip
2014-07-27 13:44 - 2014-07-27 13:43 - 00149100 _____ () C:\Users\Bresha\Downloads\ulx-v3_61.zip
2014-07-27 13:05 - 2014-07-27 13:05 - 00373311 _____ () C:\Users\Bresha\Downloads\XRay-v9-1.7.9.jar
2014-07-26 22:46 - 2014-07-26 22:37 - 00000000 ____D () C:\Users\Bresha\AppData\Roaming\.crazycraft2
2014-07-26 22:37 - 2014-07-26 22:30 - 00000000 ____D () C:\Users\Bresha\AppData\Roaming\.crazycraft
2014-07-26 22:35 - 2014-07-26 22:27 - 00000000 ____D () C:\VoidLauncher
2014-07-26 22:29 - 2014-07-26 22:28 - 136525035 _____ () C:\Users\Bresha\Downloads\CrazyCraftServerv2.1.zip
2014-07-26 22:27 - 2014-07-26 22:27 - 02455832 _____ () C:\Users\Bresha\Downloads\VoidLauncher.zip
2014-07-26 22:27 - 2014-07-26 22:27 - 00000000 ____D () C:\Users\Bresha\AppData\Roaming\.fellowship
2014-07-26 22:27 - 2014-07-26 22:27 - 00000000 ____D () C:\Users\Bresha\AppData\Roaming\.electriciansjourney
2014-07-26 22:27 - 2014-07-26 22:27 - 00000000 ____D () C:\Users\Bresha\AppData\Roaming\.dreamcraft
2014-07-26 16:30 - 2009-12-29 01:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-26 16:25 - 2012-08-06 09:58 - 00000000 ____D () C:\Users\Bresha\Downloads\world_the_end
2014-07-26 16:25 - 2012-08-06 09:58 - 00000000 ____D () C:\Users\Bresha\Downloads\world_nether
2014-07-26 16:25 - 2012-08-05 19:05 - 00000000 ____D () C:\Users\Bresha\Downloads\world
2014-07-26 13:37 - 2012-08-05 19:05 - 00010699 _____ () C:\Users\Bresha\Downloads\server.log
 
Files to move or delete:
====================
C:\ProgramData\flashax9f.exe
C:\Users\Bresha\jagex_cl_loginapplet_LIVE.dat
C:\Users\Bresha\jagex_cl_oldschool_LIVE.dat
C:\Users\Bresha\jagex_cl_runescape_LIVE.dat
C:\Users\Bresha\jagex_cl_runescape_LIVE1.dat
C:\Users\Bresha\jagex_cl_runescape_LIVE_BETA.dat
C:\Users\Bresha\jagex_runescape_preferences.dat
C:\Users\Bresha\jagex_runescape_preferences2.dat
C:\Users\Bresha\jagex__preferences3.dat
C:\Users\Bresha\random.dat
C:\Users\Public\AlexaNSISPlugin.5816.dll
 
 
Some content of TEMP:
====================
C:\Users\Bresha\AppData\Local\Temp\61393uninstall.exe
C:\Users\Bresha\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpc_bbqa.dll
C:\Users\Bresha\AppData\Local\Temp\Quarantine.exe
C:\Users\Bresha\AppData\Local\Temp\uninst1.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-24 20:02
 
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-08-2014 03
Ran by Bresha at 2014-08-24 20:05:41
Running from C:\Users\Bresha\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader 9.4.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A94000000001}) (Version: 9.4.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.6.606 - Adobe Systems, Inc.)
Advanced File Optimizer (HKLM-x32\...\Advanced File Optimizer_is1) (Version: 2.1.1000.10518 - Systweak Software)
Apple Application Support (HKLM-x32\...\{B3575D00-27EF-49C2-B9E0-14B3D954E992}) (Version: 1.5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{439760BC-7737-4386-9B1D-A90A3E8A22EA}) (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{0E543634-7E25-4B8F-8D5B-97880E5E5088}) (Version: 2.0.5.0 - Apple Inc.)
BYOND (HKLM-x32\...\BYOND) (Version: 506.1247 - BYOND)
CCleaner (HKLM\...\CCleaner) (Version: 3.07 - Piriform)
Cisco Network Magic (x32 Version: 5.5.09195.0 - Pure Networks) Hidden
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.27 - Dropbox, Inc.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Free Studio version 4.8 (HKLM-x32\...\Free Studio_is1) (Version:  - DVDVideoSoft Limited.)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Garry)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version:  - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version:  - Valve)
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version:  - Valve)
Hauppauge MCE XP/Vista Software Encoder (2.0.26057) (HKLM-x32\...\Hauppauge MCE2005 Software Encoder) (Version: 2.0.26057 - Hauppauge Computer Works, Inc.)
Insurgency: Modern Infantry Combat (HKLM-x32\...\Steam App 17700) (Version:  - Insurgency Development Team)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
Intel® Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
InterVideo WinDVD 8 (HKLM-x32\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0-B9.515 - InterVideo Inc.)
InterVideo WinDVD 8 (x32 Version: 8.0-B9.515 - InterVideo Inc.) Hidden
Introductory and Intermediate Algebra (Fall 2012 Student) (HKLM-x32\...\Introductory and Intermediate Algebra (Fall 2012 Student)) (Version: 2.1.1 - Hawkes Learning Systems)
iTunes (HKLM\...\{28D73032-5DAA-4F83-B154-85105DBCCB92}) (Version: 10.3.1.55 - Apple Inc.)
Java 7 Update 9 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.260 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Driver & Application Installation (HKLM-x32\...\{364AD023-F22D-4380-88D0-F9C6A778E194}) (Version: 4.25.1007 - Lenovo)
Lenovo PC Type Configuration (HKLM-x32\...\{3BB1501C-1670-4b53-8B67-B1C368BC7227}) (Version: 1.40.0000 - )
Lenovo Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.5.1.4522 - CyberLink Corp.)
Lenovo Standard Keyboard Driver (HKLM-x32\...\{F484477C-6E96-4887-A0C1-00E20F525392}) (Version: 1.0.0.0 - Lenovo)
Lenovo_Driver_Package (HKLM-x32\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 1.02.01 - Lenovo)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 - English (HKLM-x32\...\{90140011-0061-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Hybrid 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Small Business Connectivity Components (HKLM-x32\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.7 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{86177DAE-38B1-49DD-912E-35CB703AB779}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 en-US)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Napster Download Manager (HKLM-x32\...\{3CB4A7B0-007D-4722-AF1D-891B53E04606}) (Version: 1.0.0 - Napster)
Netflix in Windows Media Center (HKLM-x32\...\{F751C062-87DA-4D33-8A12-6E7F1D4C051C}) (Version: 2.0.0.0 - Microsoft Corporation)
Network Magic (HKLM-x32\...\Network MagicUninstall) (Version: 5.5.9195.0 - Cisco Systems, Inc.)
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.1.237 - Barnesandnoble.com)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.3 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
OKAVAgent (HKLM-x32\...\InstallShield_{C5BF6436-2E5B-4090-BA6B-28DE1BDC2107}) (Version:  - )
OKAVAgent (Version: 2.00.0000 - Trend Micro Inc.) Hidden
OpenOffice.org 3.1 (HKLM-x32\...\{E6B87DC4-2B3D-4483-ADFF-E483BF718991}) (Version: 3.1.9399 - OpenOffice.org)
Panda3D Game Engine (HKLM-x32\...\Panda3D Game Engine) (Version: 1.0.3 - Carnegie Mellon Entertainment Technology Center)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
PeerBlock 1.1 (r518) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.518 - PeerBlock, LLC)
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
Pure Networks Platform (x32 Version: 11.2.09195.1 - Pure Networks) Hidden
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: 15.0.6 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SmartFTP Client (HKLM\...\{172BBF29-CAEA-499A-BB62-C0F0F8E34C9C}) (Version: 5.0.1356.0 - SmartSoft Ltd.)
SOE Web Installer (HKCU\...\SOE Web Installer) (Version: 1.0.3.126 - Sony Online Entertainment)
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.6490 - Analog Devices)
Synergy (HKLM-x32\...\Steam App 17520) (Version:  - Synergy Team)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - )
The Elder Scrolls III: Morrowind (HKLM-x32\...\Steam App 22320) (Version:  - Bethesda Game Studios®)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
TortoiseSVN 1.8.4.24972 (64 bit) (HKLM\...\{A2EFDE01-96B3-4E55-8834-81617ED6BCBE}) (Version: 1.8.24972 - TortoiseSVN)
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version:  - )
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 2.6.1f3_31223 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_PROR_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_PROR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883097) 32-Bit Edition (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{B2260BC9-D561-46EE-B33D-739CF760A2A9}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_PROR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_PROR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
WampServer 2.5 (HKLM-x32\...\WampServer 2_is1) (Version:  - Hervé Leclerc (HeL))
WebEx Support Manager for Internet Explorer (HKLM-x32\...\{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}) (Version: 6.5.4917 - WebEx Communications Inc.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-4 - Bitnami)
Xfire (remove only) (HKLM-x32\...\Xfire) (Version:  - )
XSplit Broadcaster (HKLM-x32\...\{3A1F3A32-7E9D-4AD2-A2E2-DFC98BAA9DC7}) (Version: 1.3.1403.1202 - SplitMediaLabs)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1956068371-4262814005-2577103481-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Bresha\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1956068371-4262814005-2577103481-1004_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Bresha\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1956068371-4262814005-2577103481-1004_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Bresha\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1956068371-4262814005-2577103481-1004_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Bresha\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1956068371-4262814005-2577103481-1004_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Bresha\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1956068371-4262814005-2577103481-1004_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Bresha\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1956068371-4262814005-2577103481-1004_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Bresha\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1956068371-4262814005-2577103481-1004_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Bresha\AppData\Local\Google\Chrome\Application\36.0.1985.143\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1956068371-4262814005-2577103481-1004_Classes\CLSID\{7A85781B-2381-4315-B02F-534D29006018}\localserver32 -> C:\Program Files (x86)\Napster\Napster Download Manager\NapsterDownloadManager.exe (napster)
CustomCLSID: HKU\S-1-5-21-1956068371-4262814005-2577103481-1004_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Bresha\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1956068371-4262814005-2577103481-1004_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Bresha\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1956068371-4262814005-2577103481-1004_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Bresha\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1956068371-4262814005-2577103481-1004_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Bresha\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1956068371-4262814005-2577103481-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bresha\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1956068371-4262814005-2577103481-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bresha\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1956068371-4262814005-2577103481-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bresha\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1956068371-4262814005-2577103481-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bresha\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1956068371-4262814005-2577103481-1004_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bresha\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1956068371-4262814005-2577103481-1004_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bresha\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1956068371-4262814005-2577103481-1004_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bresha\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1956068371-4262814005-2577103481-1004_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bresha\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1956068371-4262814005-2577103481-1004_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Bresha\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
18-08-2014 08:48:23 Windows Update
21-08-2014 01:14:11 Removed System Requirements Lab CYRI
22-08-2014 08:49:23 Windows Update
24-08-2014 07:23:50 Scheduled Checkpoint
24-08-2014 23:33:02 Revo Uninstaller's restore point - PastaQuotes
24-08-2014 23:37:41 Revo Uninstaller's restore point - Snap.Do Engine
24-08-2014 23:39:03 Revo Uninstaller's restore point - Snap.Do Engine
24-08-2014 23:40:37 Revo Uninstaller's restore point - WinSpeed
24-08-2014 23:42:12 Revo Uninstaller's restore point - Wajam
24-08-2014 23:44:03 Revo Uninstaller's restore point - Delta Chrome Toolbar
24-08-2014 23:45:43 Revo Uninstaller's restore point - BabylonObjectInstaller
24-08-2014 23:46:34 Revo Uninstaller's restore point - BabylonObjectInstaller
24-08-2014 23:47:42 Revo Uninstaller's restore point - Babylon toolbar on IE
24-08-2014 23:49:15 Revo Uninstaller's restore point - Search Protect
24-08-2014 23:50:58 Revo Uninstaller's restore point - Mipony Download Manager Packages
24-08-2014 23:52:56 Revo Uninstaller's restore point - Mipony Download Manager Packages
24-08-2014 23:55:23 Revo Uninstaller's restore point - Mipony Download Manager Packages
24-08-2014 23:57:18 Revo Uninstaller's restore point - Funmoods
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 07:34 - 2014-06-14 13:47 - 00000815 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1       localhost
127.0.0.1       localhost
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0356B0CD-CCAD-487C-AF3E-03CF898519C2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-05] (Google Inc.)
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {0F24CB7F-35C2-41EC-8547-C0E571198607} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1956068371-4262814005-2577103481-1004UA => C:\Users\Bresha\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-24] (Google Inc.)
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {298B91D0-ABD2-4D9B-B26E-2B88E78AACD6} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1956068371-4262814005-2577103481-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {3AF74CF6-331B-444C-A70A-75EEC299A9C1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2008-07-30] (Apple Inc.)
Task: {4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {5732CC47-B631-4168-B43A-88DC6E396FAC} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {6FE7AD7E-B181-4C4E-928A-2972E93FA861} - System32\Tasks\{237D2A09-2978-428B-BC77-56E80CE13E3E} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-07-24] (Skype Technologies S.A.)
Task: {7BA4D79F-9B40-4CDA-A376-F87EC83D6D3B} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1956068371-4262814005-2577103481-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {8D07ECC3-BEEF-4A59-872D-3FC15E3CD832} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1956068371-4262814005-2577103481-1004Core => C:\Users\Bresha\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-29] (Facebook Inc.)
Task: {CC5CDE53-E846-46F4-A0F7-BC65CA7895EC} - System32\Tasks\PastaQuotes => C:\Program Files (x86)\pastaleads\ScheduledTask.exe
Task: {D3170A72-74A8-4F42-AFBE-DB0A26223D06} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1956068371-4262814005-2577103481-1004Core => C:\Users\Bresha\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-24] (Google Inc.)
Task: {D4B299DA-FCC8-45BD-911E-EB49B6B7C2AD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-05] (Google Inc.)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {F8A38E9B-D723-497E-A135-55CA3AFBC73B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1956068371-4262814005-2577103481-1004UA => C:\Users\Bresha\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-29] (Facebook Inc.)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1956068371-4262814005-2577103481-1004Core.job => C:\Users\Bresha\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1956068371-4262814005-2577103481-1004UA.job => C:\Users\Bresha\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1956068371-4262814005-2577103481-1004Core.job => C:\Users\Bresha\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1956068371-4262814005-2577103481-1004UA.job => C:\Users\Bresha\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-12-08 11:06 - 2012-12-08 11:06 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-12-08 11:06 - 2012-12-08 11:06 - 00189248 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2013-11-24 14:37 - 2013-11-24 14:37 - 00075504 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
2013-11-24 14:36 - 2013-11-24 14:36 - 00088304 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2012-06-18 10:24 - 2012-06-18 10:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2013-11-24 13:48 - 2013-11-24 13:48 - 00065264 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
2013-11-24 13:48 - 2013-11-24 13:48 - 00071408 _____ () C:\Program Files\TortoiseSVN\bin\libsasl32.dll
2014-05-21 16:54 - 2014-08-04 14:15 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-55.dll
2014-04-22 17:19 - 2014-08-04 14:15 - 00441856 _____ () C:\Program Files (x86)\Steam\libavutil-53.dll
2014-01-07 22:25 - 2014-08-04 14:15 - 00332288 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2013-03-12 17:10 - 2014-08-04 14:15 - 00769024 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-21 16:55 - 2014-08-13 17:31 - 02144448 _____ () C:\Program Files (x86)\Steam\video.dll
2014-05-21 16:54 - 2014-08-04 14:15 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-55.dll
2014-05-21 16:54 - 2014-07-30 22:47 - 00519168 _____ () C:\Program Files (x86)\Steam\libswscale-2.dll
2012-07-28 13:34 - 2014-08-13 17:30 - 00677056 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.dll
2014-01-03 06:03 - 2014-01-03 06:03 - 07816192 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-54.dll
2014-01-03 06:03 - 2014-01-03 06:03 - 00188416 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-52.dll
2014-01-03 06:03 - 2014-01-03 06:03 - 01425920 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-54.dll
2014-01-03 06:03 - 2014-01-03 06:03 - 00336896 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-2.dll
2014-01-03 06:03 - 2014-01-03 06:03 - 00096256 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\swresample-0.dll
2014-08-24 19:59 - 2014-08-24 19:59 - 00043008 _____ () c:\users\bresha\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpc_bbqa.dll
2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Users\Bresha\AppData\Roaming\Dropbox\bin\libcef.dll
2009-07-13 17:37 - 2009-07-13 17:37 - 00152112 _____ () C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
2009-07-13 17:37 - 2009-07-13 17:37 - 00098304 _____ () C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFireWallCOM.dll
2012-07-28 13:34 - 2014-08-13 01:27 - 34587328 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-08-14 12:51 - 2014-08-13 01:27 - 00837824 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
2014-08-15 11:59 - 2014-08-06 22:20 - 08537928 _____ () C:\Users\Bresha\AppData\Local\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-15 11:59 - 2014-08-06 22:20 - 00353096 _____ () C:\Users\Bresha\AppData\Local\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-15 11:59 - 2014-08-06 22:20 - 01732936 _____ () C:\Users\Bresha\AppData\Local\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^Bresha^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Bresha^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk => C:\Windows\pss\OpenOffice.org 3.1.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Bresha^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk => C:\Windows\pss\Xfire.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Bresha\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LifeCam => "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SkDaemond => C:\Program Files (x86)\Lenovo\Lenovo Standard Keyboard Driver\SkDaemond.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: VX3000 => C:\Windows\vVX3000.exe
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft 6to4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: Microsoft 6to4 Adapter #2
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: isatap.eau.wi.charter.com
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: isatap.{257F1FD4-196B-4B53-99E5-38841C261B7E}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: isatap.{257F1FD4-196B-4B53-99E5-38841C261B7E}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: isatap.eau.wi.charter.com
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: isatap.{257F1FD4-196B-4B53-99E5-38841C261B7E}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/24/2014 07:56:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/24/2014 07:18:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 1.0.0.532, time stamp 0x53518532, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e00, exception code 0xc0000374, fault offset 0x000abc4f,
process id 0xb1c, application start time 0xmbam.exe0.
 
Error: (08/24/2014 07:08:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/22/2014 08:16:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 36.0.1985.143 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 22dc
Start Time: 01cfbe6fc85b07d0
Termination Time: 7
 
Error: (08/20/2014 11:59:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application Morrowind.exe, version 1.6.0.1820, time stamp 0x72456542, faulting module Morrowind.exe, version 1.6.0.1820, time stamp 0x72456542, exception code 0xc0000005, fault offset 0x002aafac,
process id 0x22d4, application start time 0xMorrowind.exe0.
 
Error: (08/20/2014 11:47:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application Morrowind.exe, version 1.6.0.1820, time stamp 0x72456542, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0xf01dd800,
process id 0x1c10, application start time 0xMorrowind.exe0.
 
Error: (08/20/2014 11:36:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application Morrowind.exe, version 1.6.0.1820, time stamp 0x72456542, faulting module Morrowind.exe, version 1.6.0.1820, time stamp 0x72456542, exception code 0xc0000005, fault offset 0x0002538e,
process id 0x2624, application start time 0xMorrowind.exe0.
 
Error: (08/15/2014 11:54:07 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\BRESHA\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\DROPBOX.LNK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/15/2014 11:54:07 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\BRESHA\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\DROPBOX.LNK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/15/2014 03:37:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (08/24/2014 07:07:36 PM) (Source: Print) (EventID: 54) (User: NT AUTHORITY)
Description: Document BL41 BID Form-1.pdf failed to print and was deleted because of corruption in the spooled file. The associated driver is: HP Deskjet 3500 Series. Try printing the document again.
 
Error: (08/15/2014 05:30:44 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (08/15/2014 05:30:39 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (08/15/2014 05:30:37 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (08/15/2014 05:30:35 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (08/15/2014 05:30:32 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (08/15/2014 03:39:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SPPD%%127
 
Error: (08/15/2014 03:38:58 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: PastaQuotes
 
Error: (08/15/2014 03:37:27 AM) (Source: Print) (EventID: 54) (User: NT AUTHORITY)
Description: Document Order Confirmation failed to print and was deleted because of corruption in the spooled file. The associated driver is: WebEx Document Loader. Try printing the document again.
 
Error: (08/15/2014 03:37:26 AM) (Source: Print) (EventID: 54) (User: NT AUTHORITY)
Description: Document Order Confirmation failed to print and was deleted because of corruption in the spooled file. The associated driver is: WebEx Document Loader. Try printing the document again.
 
 
Microsoft Office Sessions:
=========================
Error: (03/17/2010 10:42:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 385 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error: (01/27/2010 10:04:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (01/27/2010 10:03:30 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (01/27/2010 10:03:21 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 837 seconds with 60 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-08-24 20:05:01.003
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-24 20:05:00.710
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-24 20:05:00.433
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-24 20:05:00.179
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-24 19:55:19.772
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-24 19:36:30.847
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-24 19:36:30.488
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-24 19:36:30.129
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-24 19:36:29.767
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-24 19:29:18.754
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Quad CPU Q8200 @ 2.33GHz
Percentage of memory in use: 53%
Total physical RAM: 6069.39 MB
Available physical RAM: 2841.13 MB
Total Pagefile: 12359.81 MB
Available Pagefile: 8877.62 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:560.56 GB) (Free:292.1 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: C3FFC3FF)
Partition 1: (Active) - (Size=560.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=35.6 GB) - (Type=12)
 
==================== End Of Log ============================


#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:16 AM

Posted 25 August 2014 - 01:46 AM

Hi,

Note: It didn't give me a MalwareBytes notepad, but all I know is that it found a trojan and a lot of more stuff, my PC is extremely fast and normal like it was before. Thanks for helping me.

you are welcome! :)
 
Please try to post the MBAM-Log.

How to get logs:
(Export log to save as txt)

  • Open MBAM.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.

 

Thank you.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 Shend23

Shend23
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 25 August 2014 - 10:13 AM

Note: There were many notepads of them, but I'm pretty sure this was the one.

Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Protection, 8/24/2014 7:18:23 PM, SYSTEM, BRESHA-PC, Protection, Malware Protection, Starting, 
Protection, 8/24/2014 7:18:24 PM, SYSTEM, BRESHA-PC, Protection, Malware Protection, Started, 
Protection, 8/24/2014 7:18:24 PM, SYSTEM, BRESHA-PC, Protection, Malicious Website Protection, Starting, 
Update, 8/24/2014 7:18:28 PM, SYSTEM, BRESHA-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.8.21.1, 
Update, 8/24/2014 7:18:34 PM, SYSTEM, BRESHA-PC, Manual, Malware Database, 2014.3.4.9, 2014.8.24.7, 
Protection, 8/24/2014 7:18:39 PM, SYSTEM, BRESHA-PC, Protection, Refresh, Starting, 
Protection, 8/24/2014 7:18:40 PM, SYSTEM, BRESHA-PC, Protection, Malicious Website Protection, Started, 
Protection, 8/24/2014 7:18:40 PM, SYSTEM, BRESHA-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 8/24/2014 7:18:40 PM, SYSTEM, BRESHA-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 8/24/2014 7:18:45 PM, SYSTEM, BRESHA-PC, Protection, Refresh, Success, 
Protection, 8/24/2014 7:20:32 PM, SYSTEM, BRESHA-PC, Protection, Malicious Website Protection, Starting, 
Protection, 8/24/2014 7:20:32 PM, SYSTEM, BRESHA-PC, Protection, Malicious Website Protection, Started, 
Protection, 8/24/2014 7:55:08 PM, SYSTEM, BRESHA-PC, Protection, Malware Protection, Starting, 
Protection, 8/24/2014 7:55:08 PM, SYSTEM, BRESHA-PC, Protection, Malware Protection, Started, 
Protection, 8/24/2014 7:55:08 PM, SYSTEM, BRESHA-PC, Protection, Malicious Website Protection, Starting, 
Protection, 8/24/2014 7:55:20 PM, SYSTEM, BRESHA-PC, Protection, Malicious Website Protection, Started, 
Detection, 8/24/2014 9:41:10 PM, SYSTEM, BRESHA-PC, Protection, Malicious Website Protection, IP, 91.211.117.147, 64584, Outbound, C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe, 
Detection, 8/24/2014 9:41:10 PM, SYSTEM, BRESHA-PC, Protection, Malicious Website Protection, IP, 91.211.117.147, 64584, Outbound, C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe, 
Detection, 8/24/2014 9:41:10 PM, SYSTEM, BRESHA-PC, Protection, Malicious Website Protection, IP, 91.211.117.147, 64584, Outbound, C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe, 
Update, 8/24/2014 10:38:40 PM, SYSTEM, BRESHA-PC, Scheduler, Malware Database, 2014.8.24.7, 2014.8.25.1, 
Protection, 8/24/2014 10:38:42 PM, SYSTEM, BRESHA-PC, Protection, Refresh, Starting, 
Protection, 8/24/2014 10:38:42 PM, SYSTEM, BRESHA-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 8/24/2014 10:38:42 PM, SYSTEM, BRESHA-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 8/24/2014 10:39:06 PM, SYSTEM, BRESHA-PC, Protection, Refresh, Success, 
Protection, 8/24/2014 10:39:06 PM, SYSTEM, BRESHA-PC, Protection, Malicious Website Protection, Starting, 
Protection, 8/24/2014 10:39:07 PM, SYSTEM, BRESHA-PC, Protection, Malicious Website Protection, Started, 
Update, 8/24/2014 11:33:39 PM, SYSTEM, BRESHA-PC, Scheduler, Malware Database, 2014.8.25.1, 2014.8.25.2, 
Protection, 8/24/2014 11:34:04 PM, SYSTEM, BRESHA-PC, Protection, Refresh, Starting, 
Protection, 8/24/2014 11:34:04 PM, SYSTEM, BRESHA-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 8/24/2014 11:34:04 PM, SYSTEM, BRESHA-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 8/24/2014 11:34:39 PM, SYSTEM, BRESHA-PC, Protection, Refresh, Success, 
Protection, 8/24/2014 11:34:40 PM, SYSTEM, BRESHA-PC, Protection, Malicious Website Protection, Starting, 
Protection, 8/24/2014 11:34:53 PM, SYSTEM, BRESHA-PC, Protection, Malicious Website Protection, Started, 
 
(end)
Thanks for helping me so much!


#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:16 AM

Posted 25 August 2014 - 10:35 AM

Hi, thank you for posting the log. Could you please search for a scan log as well?
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 Shend23

Shend23
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 25 August 2014 - 02:54 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/24/2014
Scan Time: 7:28:56 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.08.24.07
Rootkit Database: v2014.08.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows Vista Service Pack 2
CPU: x64
File System: NTFS
User: Bresha
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 315678
Time Elapsed: 23 min, 21 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 1
PUP.Optional.BProtector, HKU\S-1-5-21-1956068371-4262814005-2577103481-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|BrowserMngr Start Page, http://www.google.com, Quarantined, [cdcc04c5dc9f2a0ce6312713f410f907]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 9
Rogue.Multiple, C:\ProgramData\374311380, Quarantined, [8d0cbb0efa817eb8c74404ab08fa1fe1], 
PUP.Optional.BargainJoy.A, C:\Users\Bresha\AppData\Roaming\Mozilla\Firefox\Profiles\e926czzu.default\Extensions\{74fa6b20-2ae6-4584-a4fd-4ac734f8d210}, Delete-on-Reboot, [61386b5ebdbee650490dedd947bb817f], 
PUP.Optional.BargainJoy.A, C:\Users\Bresha\AppData\Roaming\Mozilla\Firefox\Profiles\e926czzu.default\Extensions\{74fa6b20-2ae6-4584-a4fd-4ac734f8d210}\content, Delete-on-Reboot, [61386b5ebdbee650490dedd947bb817f], 
PUP.Optional.BargainJoy.A, C:\Users\Bresha\AppData\Roaming\Mozilla\Firefox\Profiles\e926czzu.default\Extensions\{74fa6b20-2ae6-4584-a4fd-4ac734f8d210}\content\images, Quarantined, [61386b5ebdbee650490dedd947bb817f], 
PUP.Optional.BargainJoy.A, C:\Users\Bresha\AppData\Roaming\Mozilla\Firefox\Profiles\e926czzu.default\Extensions\{74fa6b20-2ae6-4584-a4fd-4ac734f8d210}\defaults, Delete-on-Reboot, [61386b5ebdbee650490dedd947bb817f], 
PUP.Optional.BargainJoy.A, C:\Users\Bresha\AppData\Roaming\Mozilla\Firefox\Profiles\e926czzu.default\Extensions\{74fa6b20-2ae6-4584-a4fd-4ac734f8d210}\defaults\preferences, Quarantined, [61386b5ebdbee650490dedd947bb817f], 
PUP.Optional.AmazonBrowserBar.A, C:\Users\Bresha\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbjikboenpfhbbejgkoklgkhjpfogcam, Quarantined, [c2d70cbddf9cb18569237f558e7452ae], 
PUP.Optional.Extutil.A, C:\Users\Bresha\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, Quarantined, [bbde6f5a0f6ca5910acc2ea89d65eb15], 
PUP.Optional.Managera.A, C:\Users\Bresha\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, Quarantined, [64357950aad1063055828b4b35cdf30d], 
 
Files: 30
PUP.Optional.Conduit.A, C:\Users\Bresha\AppData\Local\Temp\nsuB37E.exe, Quarantined, [9dfc4e7bc6b544f21f900a8478899d63], 
PUP.Optional.OptimumInstaller.A, C:\Users\Bresha\Downloads\update.exe, Quarantined, [9ffa0cbd413a6cca3cdf2d2d1be6827e], 
PUP.Optional.SafeInstall.A, C:\Users\Bresha\Downloads\vioplayerv.exe, Quarantined, [8514a4255f1c3bfb22d586d2eb16d927], 
PUP.Optional.Bandoo, C:\Users\Bresha\Downloads\iLividSetup.exe, Quarantined, [01987c4d54271b1b82a0e234e71a4eb2], 
PUP.Optional.StmSetup, C:\Users\Bresha\Downloads\CamStudioSetup_v2.7.2.zip, Quarantined, [722708c12655b185f417ce018d778878], 
PUP.Optional.Softonic.A, C:\Users\Bresha\Downloads\SoftonicDownloader_for_directx.exe, Quarantined, [fc9dd0f9fb80d4620a76df4d8e73eb15], 
PUP.Optional.InstallIQ.A, C:\Users\Bresha\Downloads\tinyword.exe, Quarantined, [13867356d1aa3303a409210146bbe41c], 
PUP.Optional.OptimumInstaller.A, C:\Users\Bresha\Downloads\Setup (3).exe, Quarantined, [1f7abd0c89f2f04631eae9711ee3af51], 
PUP.Optional.OptimumInstaller.A, C:\Users\Bresha\Downloads\Setup (4).exe, Quarantined, [e5b438917efddc5aa37863f702ffe21e], 
PUP.Optional.AirInstaller, C:\Users\Bresha\Downloads\Flash Player 12.exe, Quarantined, [edac18b167140a2c06908a8eb54ca060], 
Trojan.Agent.Nattly, C:\Users\Bresha\AppData\Roaming\HPP\Interop.Shell32.dll, Quarantined, [68314584cead81b5d04975c536ce8d73], 
PUP.Optional.BargainJoy.A, C:\Users\Bresha\AppData\Roaming\Mozilla\Firefox\Profiles\e926czzu.default\Extensions\{74fa6b20-2ae6-4584-a4fd-4ac734f8d210}\chrome.manifest, Quarantined, [61386b5ebdbee650490dedd947bb817f], 
PUP.Optional.BargainJoy.A, C:\Users\Bresha\AppData\Roaming\Mozilla\Firefox\Profiles\e926czzu.default\Extensions\{74fa6b20-2ae6-4584-a4fd-4ac734f8d210}\install.rdf, Quarantined, [61386b5ebdbee650490dedd947bb817f], 
PUP.Optional.BargainJoy.A, C:\Users\Bresha\AppData\Roaming\Mozilla\Firefox\Profiles\e926czzu.default\Extensions\{74fa6b20-2ae6-4584-a4fd-4ac734f8d210}\content\bargainjoy.xul, Quarantined, [61386b5ebdbee650490dedd947bb817f], 
PUP.Optional.BargainJoy.A, C:\Users\Bresha\AppData\Roaming\Mozilla\Firefox\Profiles\e926czzu.default\Extensions\{74fa6b20-2ae6-4584-a4fd-4ac734f8d210}\content\images\32.png, Quarantined, [61386b5ebdbee650490dedd947bb817f], 
PUP.Optional.BargainJoy.A, C:\Users\Bresha\AppData\Roaming\Mozilla\Firefox\Profiles\e926czzu.default\Extensions\{74fa6b20-2ae6-4584-a4fd-4ac734f8d210}\defaults\preferences\defaults.js, Quarantined, [61386b5ebdbee650490dedd947bb817f], 
PUP.Optional.AmazonBrowserBar.A, C:\Users\Bresha\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbjikboenpfhbbejgkoklgkhjpfogcam\002540.ldb, Quarantined, [c2d70cbddf9cb18569237f558e7452ae], 
PUP.Optional.AmazonBrowserBar.A, C:\Users\Bresha\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbjikboenpfhbbejgkoklgkhjpfogcam\002551.ldb, Quarantined, [c2d70cbddf9cb18569237f558e7452ae], 
PUP.Optional.AmazonBrowserBar.A, C:\Users\Bresha\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbjikboenpfhbbejgkoklgkhjpfogcam\002554.ldb, Quarantined, [c2d70cbddf9cb18569237f558e7452ae], 
PUP.Optional.AmazonBrowserBar.A, C:\Users\Bresha\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbjikboenpfhbbejgkoklgkhjpfogcam\002555.log, Quarantined, [c2d70cbddf9cb18569237f558e7452ae], 
PUP.Optional.AmazonBrowserBar.A, C:\Users\Bresha\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbjikboenpfhbbejgkoklgkhjpfogcam\CURRENT, Quarantined, [c2d70cbddf9cb18569237f558e7452ae], 
PUP.Optional.AmazonBrowserBar.A, C:\Users\Bresha\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbjikboenpfhbbejgkoklgkhjpfogcam\LOCK, Quarantined, [c2d70cbddf9cb18569237f558e7452ae], 
PUP.Optional.AmazonBrowserBar.A, C:\Users\Bresha\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbjikboenpfhbbejgkoklgkhjpfogcam\LOG, Quarantined, [c2d70cbddf9cb18569237f558e7452ae], 
PUP.Optional.AmazonBrowserBar.A, C:\Users\Bresha\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbjikboenpfhbbejgkoklgkhjpfogcam\LOG.old, Quarantined, [c2d70cbddf9cb18569237f558e7452ae], 
PUP.Optional.AmazonBrowserBar.A, C:\Users\Bresha\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbjikboenpfhbbejgkoklgkhjpfogcam\MANIFEST-002553, Quarantined, [c2d70cbddf9cb18569237f558e7452ae], 
PUP.Optional.Extutil.A, C:\Users\Bresha\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, Quarantined, [bbde6f5a0f6ca5910acc2ea89d65eb15], 
PUP.Optional.Extutil.A, C:\Users\Bresha\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, Quarantined, [bbde6f5a0f6ca5910acc2ea89d65eb15], 
PUP.Optional.Extutil.A, C:\Users\Bresha\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, Quarantined, [bbde6f5a0f6ca5910acc2ea89d65eb15], 
PUP.Optional.Managera.A, C:\Users\Bresha\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, Quarantined, [64357950aad1063055828b4b35cdf30d], 
PUP.Optional.Managera.A, C:\Users\Bresha\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, Quarantined, [64357950aad1063055828b4b35cdf30d], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:16 AM

Posted 26 August 2014 - 05:56 AM

Hi,
thank you for posting the logs.
Please run the following fix:

Step 1

frst.pngfrstfix.png
Please download the attached fixlist txt.gif and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.
Attached File  fixlist.txt   1.73KB   6 downloads


After Reboot:

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:16 AM

Posted 30 August 2014 - 03:44 AM

Hi,

3 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,679 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:16 AM

Posted 01 September 2014 - 09:33 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!


Follow BleepingComputer on: Facebook | Twitter | Google+

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,679 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:16 AM

Posted 01 September 2014 - 09:33 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!


Follow BleepingComputer on: Facebook | Twitter | Google+




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users