Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Affected by virus - Auto protection/firewall turns off, no internet, etc


  • This topic is locked This topic is locked
36 replies to this topic

#1 Mike585x

Mike585x

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 12 October 2014 - 12:09 AM

Hello, this my first time here as I've usually never had a problem that I wasn't able to fix (naturally). However, this recent outbreak has me baffled more than I have ever been. As of such, I am very excited to know that such a website exists where I could get some real professional assistance (without it costing an arm and a leg), and any help of course would be greatly appreciated. :)

I found this forum by searching my current PC symptoms on Google, and came across a thread with very similar issues. In that thread they mentioned that the user was infected with a "ZeroAccess rootkit", but of course it could be anything and I will let you decide what it could be.

I will do my best to describe every issue in detail. Infected computer is operating on Windows 7.

 

It all started when my Webroot Antivirus subscription was about to expire, which was upsetting but times are tough and I couldn't afford to keep it running. My household and I were trying to find alternatives and decided to give ye ol' Optimum freebie a try, after hearing good things about it and how it's supposedly a lot better than it used to be (in which now I feel and read wasn't the best idea). Shortly after installing it, I ran a full scan and it found/deleted 5 threats that weren't originally detected via Webroot. Shortly after that was when the problems started occurring. I went to play YouTube video and everything basically froze up and nothing was working/responding correctly, forcing me to eventually do a dreaded hard restart.

After restarting, I proceeded to attempt to uninstall any possible trace of Webroot (in which I thought a possible conflict was occurring). The computer was running extremely slow at this point, and any attempt of running any uninstaller would take a long time. There was also no internet connection whatsoever; the computer will not allow me to connect to the internet or the local network no matter what I do, even in Safe Mode w/Networking. After making sure that it wasn't an anti-virus conflict, McAfee scans would be very slow and sometimes completely freeze up. It's Auto-Protection and Firewall constant shut off by themselves, and this has just become more and more frequent as of yet. Certain other actions cause the computer to freeze up as well, along with the slightest click of the wrong thing. Windows Firewall will not allow me to turn on, reset, or "Use recommended settings". It displays an error message.

 

My default/primary browser Chrome will practically freeze the computer entirely when attempted to load.

Note I very seldom use Firefox or Internet Explorer but I do have them installed.

 

I am currently using a separate computer to access the internet, and to download/transfer tools via flash drive to affected computer. In an attempt to discover problems, I have just recently downloaded/transferred Microsoft Security Scanner and am currently running a full scan (2 hours in, nothing found yet). I also included Microsoft Security Essentials (in which I found out I cannot run a scan without first connecting to the internet to update definitions anyway, so right now it's 100% useless) and the DDS program found in the Preparation Guide (in which I am following).

 

If you are reading this, thank you very much for your time and consideration! :)

 

Here is a copy of the dds.txt as instructed:

_______________________________________________________

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17280
Run by Mike at 23:22:25 on 2014-10-11
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8191.5700 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Microsoft Security Essentials *Enabled/Outdated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Outdated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\VPDAgent_x64.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Neat\exec\NeatStartupService.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\System32\TiltWheelMouse.exe
C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe
C:\Program Files\SmartTechnology\Software\ProfilerU.exe
C:\Program Files\SmartTechnology\Software\SaiMfd.exe
C:\Users\Mike\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
C:\Program Files (x86)\Dual Monitor\DualMonitor.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files\hp\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Logitech\H800\H800.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\McAfee\MAT\McPvTray.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Zune\ZuneNss.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\Mike\Desktop\msert.exe
C:\Users\Mike\Desktop\msert.exe
C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe
C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
C:\Users\Mike\AppData\Local\Temp\nspF307.tmp\PEV.DAT
C:\Windows\System32\taskmgr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Illustrate\dBpoweramp\GetPopupInfo.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uURLSearchHooks: RuneScape Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\RuneScape\prxtbRune.dll
mURLSearchHooks: RuneScape Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\RuneScape\prxtbRune.dll
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SafeKey Vault: {9DB059B3-DD36-4a55-846C-59BE42A1202A} - C:\Program Files (x86)\SafeKey\LPToolbar.dll
BHO: RuneScape Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\RuneScape\prxtbRune.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Webroot Filtering Extension: {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -
BHO: WebrootBHO Class: {D93EC24D-8741-4D41-B83D-A5793B998416} -
BHO: Webroot Browser Helper Object: {e08861fe-8847-4b2a-8ec2-08edb20e4020} -
TB: RuneScape Toolbar: {A8864317-E18B-4292-99D9-E6E65AB905D3} - C:\Program Files (x86)\RuneScape\prxtbRune.dll
TB: Webroot Toolbar: {d84a64a0-f2b2-4975-b264-3a3bce8d57d6} -
TB: RuneScape Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\RuneScape\prxtbRune.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: McAfee SafeKey: {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar.dll
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [Google Update] "C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Facebook Update] "C:\Users\Mike\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [HydraVisionMDEngine] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exe"
uRun: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
uRun: [dualmonitor] C:\Program Files (x86)\Dual Monitor\DualMonitor.exe
uRun: [HLBackupScheduler] C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [HP Officejet 6600 (NET)] "C:\Program Files\hp\HP Officejet 6600\Bin\ScanToPCActivationApp.exe" -deviceID "CN2BP5QH8Z05RN:NW" -scfn "HP Officejet 6600 (NET)" -AutoStart 1
mRun: [HP Software Update] "c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"
mRun: [PDF Complete] "C:\Program Files (x86)\PDF Complete\pdfsty.exe"
mRun: [WebrootTrayApp] "C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe"
mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun: [Logitech H800] C:\Program Files (x86)\Logitech\H800\H800.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~4.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~3.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
uPolicies-Explorer: NoViewOnDrive = dword:0
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: DisableLocalMachineRun = dword:0
uPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
uPolicies-Explorer: DisableCurrentUserRun = dword:0
uPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoFile = dword:0
uPolicies-Explorer: HideClock = dword:0
uPolicies-Explorer: NoDevMgrUpdate = dword:0
uPolicies-Explorer: NoDFSTab = dword:0
uPolicies-Explorer: NoWindowsUpdate = dword:0
uPolicies-Explorer: NoEncryptOnMove = dword:0
uPolicies-Explorer: NoRunasInstallPrompt = dword:0
uPolicies-Explorer: NoResolveTrack = dword:0
uPolicies-Explorer: NoStartMenuSubFolders = dword:0
uPolicies-System: NoDispAppearancePage = dword:0
uPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
IE: SafeKey - C:\Users\Mike\AppData\LocalLow\SafeKey\context.html?cmd=lastpass
IE: SafeKey Fill Forms - C:\Users\Mike\AppData\LocalLow\SafeKey\context.html?cmd=fillforms
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{20B61F4F-584D-4384-8498-C3135FA6E123} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D443867A-160B-4AF3-9A2B-40653BFEA1B3}\65562796A7F6E6024425F49444850243131343 : DHCPNameServer = 192.168.42.1
TCP: Interfaces\{D443867A-160B-4AF3-9A2B-40653BFEA1B3}\65562796A7F6E6024425F49444850283735393 : DHCPNameServer = 192.168.42.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = about:blank
x64-BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: McAfee SafeKey Vault: {9DB059B3-DD36-4a55-846C-59BE42A1202A} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -
x64-BHO: Webroot Filtering Extension: {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -
x64-TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} -
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: McAfee SafeKey: {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll
x64-TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} -
x64-Run: [hpsysdrv] "c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe"
x64-Run: [SmartMenu] "C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" /background
x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
x64-Run: [MouseDriver] TiltWheelMouse.exe
x64-Run: [SaiVolume] C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe
x64-Run: [ProfilerU] C:\Program Files\SmartTechnology\Software\ProfilerU.exe
x64-Run: [SaiMfd] C:\Program Files\SmartTechnology\Software\SaiMfd.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: Neat ADF Scanner 2008 - reg copy "HKLM\Software\Wow6432Node\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f
x64-mASetup: Send To Neat - reg copy "HKLM\Software\The Neat Company\Send To Neat" "HKCU\Software\The Neat Company\Send To Neat" /s /f
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\y1mht37r.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://search.qasite.com/?CUI=UN12115316367839494&ctid=CT2680363&SearchSource=13
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/search?fr=mcafee&type=A111US1134&p=
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll
FF - plugin: C:\Users\Mike\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Mike\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\y1mht37r.default\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Mike\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
FF - plugin: C:\Windows\System32\npmproxy.dll
FF - plugin: C:\Windows\System32\npOGPPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: extensions.autoDisableScopes - 14//iBryte
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-3-31 82600]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-3-31 42664]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2014-6-20 786296]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2014-6-20 348552]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-3-1 283200]
R2 Agent;VPDAgent;C:\Windows\VPDAgent_x64.exe [2013-3-29 148480]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]
R2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2014-6-3 173792]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-9-29 328928]
R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-8-5 681528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-8-20 92216]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-9-29 328928]
R2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2014-9-29 178528]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-9-29 328928]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-9-29 328928]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-9-29 328928]
R2 McPvDrv;McPvDrv Driver;C:\Windows\System32\drivers\McPvDrv.sys [2014-9-29 74560]
R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2014-9-29 1041192]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2014-9-29 219752]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2014-9-29 189912]
R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2013-11-15 137528]
R2 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2012-9-6 80472]
R2 Neat Startup Service;Neat Startup Service;C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [2013-2-23 5632]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-1-27 1119768]
R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2013-1-25 65657]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-4-20 46136]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE [2014-3-11 247968]
R3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv.sys [2013-11-26 42016]
R3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2013-12-6 35232]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2014-6-20 313544]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2014-6-20 523792]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2014-7-24 444720]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-12-6 2350176]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-4-21 471144]
R3 t_mouse.sys;HID-compliand device;C:\Windows\System32\drivers\t_mouse.sys [2012-12-19 6144]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-1-27 38456]
R3 voxaldriver;Voxal Filter Driver 2.00.00;C:\Windows\System32\drivers\voxaldriverx64.sys [2013-1-12 32024]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE [2014-3-11 193696]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-9-29 328928]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AODDriver4.0;AODDriver4.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2014-6-20 72128]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2014-9-29 197704]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-5 111616]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2014-7-24 96592]
S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\System32\drivers\motoandroid.sys [2013-3-26 32768]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-7-17 125584]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
S3 SaiK8018;SaiK8018;C:\Windows\System32\drivers\SaiK8018.sys [2008-7-29 131584]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-20 59392]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);C:\Windows\System32\drivers\vcsvad.sys [2013-1-12 21504]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-4-21 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
S4 RsFx0151;RsFx0151 Driver;C:\Windows\System32\drivers\RsFx0151.sys [2011-6-17 313696]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-6-17 431456]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .ini: inifile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .inf: inffile=C:\Windows\SysWow64\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-10-12 02:48:26 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2014-10-12 02:48:13 -------- d-----w- C:\Program Files\Microsoft Security Client
2014-10-05 23:36:07 360448 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2014-10-05 23:36:06 259584 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
2014-10-05 23:18:14 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-10-05 23:18:14 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-10-01 18:06:35 -------- d-----w- C:\Users\Mike\AppData\Local\Intuit
2014-10-01 18:06:11 -------- d-----w- C:\Users\Mike\AppData\Local\offsync
2014-10-01 17:02:37 -------- d-----w- C:\Users\Mike\AppData\Local\lptmp516222010
2014-09-30 19:40:04 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-30 19:40:03 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-29 06:48:02 197704 ----a-w- C:\Windows\System32\drivers\HipShieldK.sys
2014-09-29 06:47:50 32371688 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-09-29 06:47:43 74560 ----a-w- C:\Windows\System32\drivers\McPvDrv.sys
2014-09-29 06:47:43 -------- d-----w- C:\Users\Mike\AppData\Local\McAfee File Lock
2014-09-29 06:46:14 -------- d-----w- C:\Program Files (x86)\SafeKey
2014-09-29 06:45:59 -------- d-----w- C:\Program Files (x86)\McAfee.com
2014-09-29 06:45:56 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
2014-09-29 06:45:02 -------- d-----w- C:\Program Files\McAfee.com
2014-09-29 06:45:02 -------- d-----w- C:\Program Files\McAfee
2014-09-29 06:44:58 -------- d-----w- C:\Program Files (x86)\McAfee
2014-09-29 06:19:02 -------- d-----w- C:\Program Files\stinger
2014-09-29 06:16:05 189912 ----a-w- C:\Windows\System32\mfevtps.exe
2014-09-29 06:16:03 -------- d-----w- C:\Program Files\Common Files\McAfee
2014-09-26 15:27:18 11578928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0CF505A7-61CE-477E-B015-F82E30FF16E4}\mpengine.dll
2014-09-23 19:45:51 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-23 19:45:51 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-16 21:01:48 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-09-16 21:01:48 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-09-16 21:01:33 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-09-16 21:01:32 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-09-16 21:01:08 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-09-16 21:01:08 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-09-16 21:01:07 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-09-16 21:01:07 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-09-16 21:01:07 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-09-16 21:00:40 578048 ----a-w- C:\Windows\System32\aepdu.dll
2014-09-16 21:00:39 424448 ----a-w- C:\Windows\System32\aeinv.dll
.
==================== Find3M  ====================
.
2014-10-01 17:02:47 10395072 ----a-w- C:\Program Files (x86)\Common Files\wruninstall.exe
2014-09-23 19:33:27 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-23 19:33:27 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-15 13:06:02 278152 ------w- C:\Windows\System32\MpSigStub.exe
2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll
2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-08-18 21:56:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll
2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-25 06:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 03:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2014-07-24 18:33:10 11336 ----a-w- C:\Windows\System32\drivers\mfeclnrk.sys
2014-07-24 18:32:30 96592 ----a-w- C:\Windows\System32\drivers\mfencrk.sys
2014-07-24 18:31:56 444720 ----a-w- C:\Windows\System32\drivers\mfencbdc.sys
2014-07-17 22:05:06 269008 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2014-07-17 22:05:06 125584 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
.
============= FINISH: 23:26:05.81 ===============
 

And the attached file as instructed: Attached File  attach.txt   10.43KB   0 downloads



BC AdBot (Login to Remove)

 


#2 Mike585x

Mike585x
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 12 October 2014 - 11:32 AM

Update: Ran full McAfee scan overnight (still extremely slow/freezy) it's still going at 89% surprisingly. Currently it has only discovered/removed 1 unwanted program labeled "Tool-PassView".

 

MSS full scan has been running almost 14 hours with 840,000 files scanned and 1 Infected File found so far. It looks about 30% completed (if judging by the progress bar).

 

These are the only things currently running on my computer.


Edited by Mike585x, 12 October 2014 - 11:33 AM.


#3 Mike585x

Mike585x
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 13 October 2014 - 01:00 PM

Update: Microsoft Security Scanner completed successfully and found threats. The results are as follows:

 

Exploit:Java/CVE-2012-0507.ZZY   -   Partially removed

Exploit:Java/CVE-2012-1723           -   Partially removed

HackTool:Win32/Wpakill.B               -   Detected, not removed

HackTool:Win32/Passview               -   Detected, not removed (I believe that this one is accurately named, but not positive because the computer froze up before I got to finish writing it down. I had tried to click the malware name to "view manual steps" in removal process, not realizing it would try to load my browser and thus crash the computer.)

 

P.S. I forgot to mention in the OP that I had attempted to do a system restore (in which usually always works and shows multiple points to restore from), however there was only one restore point showing from the day before the issue started (even after clicking the box to show more points). The attempt to restore had failed, and just proceeded to load windows normally (I received a notification afterward of the failure). When attempting to repeat the process, Windows Restore only showed a point from which the last attempt was made, and the last restore point was apparently purged. Huge bummer.


Edited by Mike585x, 13 October 2014 - 02:12 PM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,413 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:03 PM

Posted 16 October 2014 - 10:01 PM

Greetings Mike585x and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Mike585x

Mike585x
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 17 October 2014 - 12:53 PM

Hello Gary! It is nice to meet you. Thank you for your time and quick response. You may call me Mike if you'd like.

I have downloaded the FRST program and transferred it via Flash Drive to the infected computer (due to internet access being blocked by the infection).

As of such, I had to transfer the documents back over in order to post them here, because apparently the network is blocked out as well. But hey, whatever works right? :)

 

Here are the requested copies of the documents:

 

FRST:

_______________________

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-10-2014
Ran by Mike (administrator) on MIKE-HP on 17-10-2014 13:22:27
Running from C:\Users\Mike\Desktop
Loaded Profile: Mike (Available profiles: Mike & Guest & Classic .NET AppPool & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Two Pilots) C:\Windows\VPDAgent_x64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Saitek) C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD64.exe
(The Neat Company) C:\Program Files (x86)\Neat\exec\NeatStartupService.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(Cristi) C:\Program Files (x86)\Dual Monitor\DualMonitor.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Logitech) C:\Program Files (x86)\Logitech\H800\H800.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneNss.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Google Inc.) C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\McVsShld.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcupdate.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-09-15] ()
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [MouseDriver] => TiltWheelMouse.exe
HKLM\...\Run: [SaiVolume] => C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe [186880 2008-07-29] (Saitek)
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [664600 2010-09-28] (PDF Complete Inc)
HKLM-x32\...\Run: [WRSVC] => "C:\Program Files\Webroot\WRSA.exe" -ul
HKLM-x32\...\Run: [Logitech H800] => C:\Program Files (x86)\Logitech\H800\H800.exe [273432 2011-07-29] (Logitech)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\...\Run: [Google Update] => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-03-05] (Google Inc.)
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\...\Run: [HydraVisionMDEngine] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exe [569344 2010-11-23] (AMD)
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [4032968 2012-11-06] (Binary Fortress Software)
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\...\Run: [dualmonitor] => C:\Program Files (x86)\Dual Monitor\DualMonitor.exe [478720 2013-02-18] (Cristi)
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\...\Run: [HLBackupScheduler] => C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2010-11-23] (AMD)
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd)
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\...\Run: [HP Officejet 6600 (NET)] => C:\Program Files\hp\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\...\MountPoints2: K - K:\setup.exe -a
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\...\MountPoints2: {1a5fccf7-447a-11e2-9f62-78acc0ab87fe} - K:\TL_Bootstrap.exe
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\...\MountPoints2: {1ed56840-63fa-11e2-9c21-78acc0ab87fe} - F:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\...\MountPoints2: {6cccb2f6-7b09-11e2-8e8c-78acc0ab87fe} - F:\Setup.exe
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\...\MountPoints2: {80c479a5-378d-11e2-8455-78acc0ab87fe} - K:\setup.exe -a
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\...\MountPoints2: {9e6317d5-dffe-11e0-a179-78acc0ab87fe} - K:\setup.exe -a
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\...\MountPoints2: {f475b295-6b29-11e2-8794-78acc0ab87fe} - "F:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey FF RunOnce.lnk
ShortcutTarget: Install SafeKey FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey IE RunOnce.lnk
ShortcutTarget: Install SafeKey IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall Webroot RunOnce.lnk
ShortcutTarget: Uninstall Webroot RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall Webroot RunOnce.lnk
ShortcutTarget: Uninstall Webroot RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall Webroot RunOnce.lnk
ShortcutTarget: Uninstall Webroot RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {6B78A880-15CA-468f-8422-A7960AD6FBB9} => C:\Program Files (x86)\Webroot\Security\current\plugins\sync\WebRootShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {4EE7A346-5845-471e-9FAB-002EAF83F8B0} => C:\Program Files (x86)\Webroot\Security\current\plugins\sync\WebRootShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {53DABC15-4F29-44ad-B09A-E0D0F9A3D075} => C:\Program Files (x86)\Webroot\Security\current\plugins\sync\WebRootShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {493FC96E-B938-4924-9B38-C4088E9B8AC2} => C:\Program Files (x86)\Webroot\Security\current\plugins\sync\WebRootShellExt_x64.dll No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM-x32 - RuneScape Toolbar - {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\RuneScape\prxtbRune.dll (Conduit Ltd.)
URLSearchHook: HKCU - RuneScape Toolbar - {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\RuneScape\prxtbRune.dll (Conduit Ltd.)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKCU - DefaultScope {915D37B8-B370-4E50-A726-FFD48A655D26} URL = https://search.yahoo.com/search?fr=mcafee&type=A011US1134&p={SearchTerms}
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKCU - {915D37B8-B370-4E50-A726-FFD48A655D26} URL = https://search.yahoo.com/search?fr=mcafee&type=A011US1134&p={SearchTerms}
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll (McAfee)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll No File
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll No File
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar.dll (McAfee)
BHO-x32: RuneScape Toolbar -> {a8864317-e18b-4292-99d9-e6e65ab905d3} -> C:\Program Files (x86)\RuneScape\prxtbRune.dll (Conduit Ltd.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll No File
BHO-x32: WebrootBHO Class -> {D93EC24D-8741-4D41-B83D-A5793B998416} -> C:\Program Files (x86)\Webroot\Security\current\plugins\browserextension\WebrootBHO.dll No File
BHO-x32: Webroot Browser Helper Object -> {e08861fe-8847-4b2a-8ec2-08edb20e4020} -> C:\Program Files (x86)\Webroot\Security\current\products\WISE\toolbar\LPBar.dll No File
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll (McAfee)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll No File
Toolbar: HKLM-x32 - Webroot Toolbar - {d84a64a0-f2b2-4975-b264-3a3bce8d57d6} - C:\Program Files (x86)\Webroot\Security\current\products\WISE\toolbar\LPBar.dll No File
Toolbar: HKLM-x32 - RuneScape Toolbar - {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\RuneScape\prxtbRune.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar.dll (McAfee)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {A8864317-E18B-4292-99D9-E6E65AB905D3} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\y1mht37r.default
FF DefaultSearchEngine: Secure Search
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
FF Homepage: hxxp://search.qasite.com/?CUI=UN12115316367839494&ctid=CT2680363&SearchSource=13
FF Keyword.URL: https://search.yahoo.com/search?fr=mcafee&type=A111US1134&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
FF Plugin HKCU: @soe.sony.com/installer,version=1.0.3 -> C:\Users\Mike\AppData\LocalLow\Sony Online Entertainment\npsoe.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll No File
FF user.js: detected! => C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\y1mht37r.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdnu.dll (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdnupdater2.dll (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Mike\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: Flash Video Downloader - YouTube Full HD Download - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\y1mht37r.default\Extensions\artur.dubovoy@gmail.com [2014-08-23]
FF Extension: McAfee SafeKey - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\y1mht37r.default\Extensions\{072844D3-7DEE-45F6-A406-E87F76302E4B} [2014-09-29]
FF Extension: RuneScape  - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\y1mht37r.default\Extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3} [2014-08-31]
FF Extension: FDislike - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\y1mht37r.default\Extensions\fbdislike@doweb.fr.xpi [2012-04-02]
FF Extension: NASA Night Launch - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\y1mht37r.default\Extensions\nasanightlaunch@example.com.xpi [2011-04-20]
FF Extension: New Tab Homepage - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\y1mht37r.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2011-04-20]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-07-09]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-07-09]
FF HKLM-x32\...\Firefox\Extensions: [{3DF533F5-FB3C-4c4c-A1D7-99717F8C3038}] - C:\Program Files (x86)\Webroot\Security\current\plugins\browserextension\ff_ptc
FF HKLM-x32\...\Firefox\Extensions: [fbphotozoom@installdaddy.com] - C:\Program Files (x86)\fbphotozoom\fbphotozoom15.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-09-29]
FF HKLM-x32\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-09-29]

Chrome:
=======
CHR Profile: C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (McAfee SafeKey) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\agbnjankikoaabjkmfbaceggjliabkbn [2014-09-29]
CHR Extension: (Angry Birds) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2013-01-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]
CHR Extension: (Audiotool) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk [2013-02-17]
CHR Extension: (YouTube) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-26]
CHR Extension: (Slinky Elegant) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmanlajnpdncmhfkiccmbgeocgbncfln [2012-03-07]
CHR Extension: (FB Auto-Poker) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmhccgdbmajoblcbfbgmhnpiecmjiadh [2013-03-22]
CHR Extension: (Google Search) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-26]
CHR Extension: (Clear Cache) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [2013-01-26]
CHR Extension: (SiteAdvisor) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-09-29]
CHR Extension: (AdBlock) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-03-24]
CHR Extension: (Dislike on Facebook) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihgbhfbejddlfnpnimbglccaiocmgkom [2012-10-21]
CHR Extension: (Unfriend Finder) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\jijknldiopccnikfclcmmjnponjkicbc [2013-01-26]
CHR Extension: (Webroot Filtering Extension) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2014-02-12]
CHR Extension: (FVD Downloader) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2012-07-30]
CHR Extension: (Plants vs Zombies) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina [2013-02-17]
CHR Extension: (Need for Speed World) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnnelgnkomjdakpkjpkfehdipjifjmbk [2013-02-17]
CHR Extension: (Google Wallet) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-27]
CHR Extension: (Webroot Password Manager) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2012-12-22]
CHR Extension: (Gmail) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-26]
CHR HKLM-x32\...\Chrome\Extension: [agbnjankikoaabjkmfbaceggjliabkbn] - C:\Program Files (x86)\SafeKey\lpchrome.crx [2014-09-29]
CHR HKLM-x32\...\Chrome\Extension: [dghncoeocefmhkhiphdgikkamjeglbfh] - C:\Program Files (x86)\mystarttb\chrome-newtab-search.crx [2014-09-29]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-09-29]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - C:\ProgramData\WRData\PKG\CHROME\CHROME_1.0.0.40.crx [2014-09-29]
CHR HKLM-x32\...\Chrome\Extension: [mpieaakhacmfleokhjcjnpcnmnmpfkid] - C:\Program Files (x86)\fbphotozoom\fbphotozoom15.crx [2014-09-29]
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2014-09-29]
CHR StartMenuInternet: Google Chrome - C:\Users\Guest\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Agent; C:\Windows\VPDAgent_x64.exe [148480 2013-02-04] (Two Pilots) [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [681528 2010-08-05] (Hewlett-Packard)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed]
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
S2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [80472 2012-09-06] (Microsoft Corporation)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [62111072 2011-06-17] (Microsoft Corporation)
R2 Neat Startup Service; C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [5632 2013-02-23] (The Neat Company) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [431456 2011-06-17] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S3 WbioSrvc; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 WbioSrvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AODDriver4.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-01] (DT Soft Ltd)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [42016 2013-11-26] (Visicom Media Inc.)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [74560 2013-09-09] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 SaiK8018; C:\Windows\System32\DRIVERS\SaiK8018.sys [131584 2008-07-29] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
R3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
S3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex) [File not signed]
R3 voxaldriver; C:\Windows\System32\DRIVERS\voxaldriverx64.sys [32024 2013-01-12] ()
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
U0 SR; No ImagePath
U2 srservice; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-17 13:22 - 2014-10-17 13:26 - 00045473 _____ () C:\Users\Mike\Desktop\FRST.txt
2014-10-17 13:21 - 2014-10-17 13:22 - 00000000 ____D () C:\FRST
2014-10-17 13:20 - 2014-10-17 13:16 - 02112000 _____ (Farbar) C:\Users\Mike\Desktop\FRST64.exe
2014-10-17 13:18 - 2014-10-17 13:18 - 00003216 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMIKE-HP$
2014-10-17 13:18 - 2014-10-17 13:18 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForMIKE-HP$.job
2014-10-13 21:15 - 2014-10-11 22:48 - 00002119 _____ () C:\Users\Mike\Desktop\Microsoft Security Essentials.lnk
2014-10-11 23:26 - 2014-10-11 23:51 - 00032481 _____ () C:\Users\Mike\Desktop\dds.txt
2014-10-11 23:26 - 2014-10-11 23:51 - 00010682 _____ () C:\Users\Mike\Desktop\attach.txt
2014-10-11 22:48 - 2014-10-11 22:48 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-10-11 22:48 - 2014-10-11 22:48 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-10-11 22:48 - 2014-10-11 22:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-10-11 22:46 - 2014-10-11 22:25 - 00688992 ____R (Swearware) C:\Users\Mike\Desktop\dds.com
2014-10-11 22:46 - 2014-10-11 22:15 - 14087848 _____ (Microsoft Corporation) C:\Users\Mike\Desktop\mseinstall.exe
2014-10-11 22:29 - 2014-10-11 22:49 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-10-11 22:16 - 2014-10-11 21:43 - 126031088 _____ (Microsoft Corporation) C:\Users\Mike\Desktop\msert.exe
2014-10-05 19:36 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-05 19:36 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-05 19:35 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-05 19:35 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-05 19:35 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-05 19:35 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-05 19:35 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-05 19:35 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-05 19:35 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-05 19:35 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-05 19:35 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-05 19:35 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-05 19:35 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-05 19:35 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-05 19:35 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-05 19:35 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-05 19:35 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-05 19:35 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-05 19:35 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-05 19:35 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-05 19:35 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-05 19:35 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-05 19:35 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-05 19:35 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-05 19:35 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-05 19:35 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-05 19:35 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-05 19:35 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-05 19:35 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-05 19:35 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-05 19:35 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-05 19:35 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-05 19:35 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-05 19:35 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-05 19:35 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-05 19:35 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-05 19:35 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-05 19:35 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-05 19:35 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-05 19:35 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-05 19:35 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-05 19:35 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-05 19:35 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-05 19:35 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-05 19:35 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-05 19:35 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-05 19:35 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-05 19:35 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-05 19:35 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-05 19:35 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-05 19:35 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-05 19:35 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-05 19:35 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-05 19:35 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-05 19:35 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-05 19:35 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-05 19:18 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-10-05 19:18 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-10-01 14:42 - 2014-10-01 14:55 - 00000000 ____D () C:\Users\Mike\Desktop\Main Comp 10-1-14
2014-10-01 14:06 - 2014-10-01 14:06 - 00000000 ____D () C:\Users\Mike\AppData\Local\offsync
2014-10-01 14:06 - 2014-10-01 14:06 - 00000000 ____D () C:\Users\Mike\AppData\Local\Intuit
2014-10-01 13:02 - 2014-10-01 13:23 - 00000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010
2014-09-30 21:12 - 2014-09-30 21:12 - 00013075 _____ () C:\Users\Mike\Downloads\How_to_Train_Your_Dragon_2010_720p.torrent
2014-09-30 15:40 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 15:40 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-29 02:48 - 2014-10-14 20:02 - 00001846 _____ () C:\Users\Public\Desktop\McAfee Multi Access - Total Protection.lnk
2014-09-29 02:48 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2014-09-29 02:47 - 2014-10-14 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-09-29 02:47 - 2014-10-12 22:51 - 00000000 __RSD () C:\Users\Mike\Documents\McAfee Vaults
2014-09-29 02:47 - 2014-09-29 02:47 - 00000000 ____D () C:\Users\Mike\AppData\Local\McAfee File Lock
2014-09-29 02:47 - 2013-09-09 11:11 - 00074560 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\McPvDrv.sys
2014-09-29 02:46 - 2014-09-29 02:48 - 00000000 ____D () C:\Program Files (x86)\SafeKey
2014-09-29 02:45 - 2014-09-29 02:48 - 00000000 ____D () C:\Program Files\McAfee
2014-09-29 02:45 - 2014-09-29 02:45 - 00000000 ____D () C:\Program Files\McAfee.com
2014-09-29 02:45 - 2014-09-29 02:45 - 00000000 ____D () C:\Program Files (x86)\McAfee.com
2014-09-29 02:44 - 2014-09-30 22:19 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-09-29 02:19 - 2014-09-29 02:22 - 00000000 ____D () C:\Program Files\stinger
2014-09-29 02:16 - 2014-09-29 02:46 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-09-29 02:16 - 2014-06-20 10:30 - 00189912 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2014-09-23 15:45 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 15:45 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-17 13:26 - 2012-12-15 15:34 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\DisplayFusion
2014-10-17 13:26 - 2012-04-02 21:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-17 13:19 - 2013-04-18 12:36 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-17 13:19 - 2012-03-05 02:59 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-940925835-2832117764-3215822635-1001UA.job
2014-10-17 13:19 - 2011-01-27 12:49 - 01748274 _____ () C:\Windows\WindowsUpdate.log
2014-10-17 13:17 - 2013-04-18 12:36 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-17 13:17 - 2012-03-05 02:59 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-940925835-2832117764-3215822635-1001Core.job
2014-10-13 16:22 - 2012-02-25 00:08 - 00000000 ____D () C:\Users\Mike\AppData\Local\Facebook
2014-10-13 15:22 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-13 15:22 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-13 14:48 - 2011-04-20 03:58 - 00000000 ___HD () C:\ProgramData\Webroot
2014-10-13 13:04 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-10-12 23:47 - 2011-01-27 13:12 - 00000000 ___HD () C:\ProgramData\PDFC
2014-10-12 22:45 - 2013-01-25 13:30 - 00000000 ____D () C:\Temp
2014-10-12 22:44 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-12 22:44 - 2009-07-14 00:51 - 00335726 _____ () C:\Windows\setupact.log
2014-10-05 19:31 - 2011-06-19 03:06 - 00949326 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-10-05 19:30 - 2009-07-14 01:13 - 00949326 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-05 19:01 - 2014-08-12 14:45 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-01 17:17 - 2011-04-20 03:22 - 00000000 ___HD () C:\ProgramData\Recovery
2014-10-01 14:16 - 2011-04-20 09:39 - 00000000 ____D () C:\Users\Mike\AppData\Local\CrashDumps
2014-10-01 14:06 - 2012-12-02 05:54 - 00000000 ____D () C:\Program Files (x86)\Workspace
2014-10-01 14:06 - 2012-12-02 05:53 - 00000000 ____D () C:\Users\Mike\AppData\Local\Workspace
2014-10-01 13:56 - 2011-01-27 16:16 - 00844208 _____ () C:\Windows\PFRO.log
2014-10-01 13:50 - 2012-01-22 19:51 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Amazon
2014-10-01 13:50 - 2012-01-22 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
2014-10-01 13:50 - 2012-01-22 19:50 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-10-01 13:41 - 2011-12-09 04:01 - 00000000 ____D () C:\ProgramData\WRData
2014-10-01 13:31 - 2011-07-06 06:35 - 00000000 ____D () C:\Windows\Minidump
2014-10-01 13:31 - 2011-01-27 16:17 - 00287097 ____N () C:\Windows\Minidump\100114-29390-01.dmp
2014-10-01 13:25 - 2011-05-04 05:10 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\BitTorrent
2014-10-01 02:06 - 2011-04-20 03:02 - 00000000 ____D () C:\Users\Mike
2014-09-29 18:50 - 2012-06-20 18:11 - 00000000 ____D () C:\ProgramData\McAfee
2014-09-29 02:11 - 2011-07-01 18:54 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-27 14:01 - 2012-11-14 13:07 - 00000000 ____D () C:\HammerAutosave
2014-09-27 13:58 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-27 13:56 - 2011-06-19 03:07 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\SoftGrid Client
2014-09-24 23:02 - 2011-04-20 09:05 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-09-24 11:53 - 2011-07-01 18:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-09-23 15:33 - 2012-04-02 21:46 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-23 15:33 - 2012-04-02 21:46 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-23 15:33 - 2011-06-10 00:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Files to move or delete:
====================
C:\Users\Mike\jagex_cl_runescape_LIVE.dat
C:\Users\Mike\jagex_runescape_preferences.dat
C:\Users\Mike\jagex_runescape_preferences2.dat

Some content of TEMP:
====================
C:\Users\Guest\AppData\Local\Temp\WRupdate1135105550.exe
C:\Users\Guest\AppData\Local\Temp\WRupdate633497065.exe
C:\Users\Guest\AppData\Local\Temp\WRupdate876597557.exe
C:\Users\Mike\AppData\Local\Temp\ammemb.dll
C:\Users\Mike\AppData\Local\Temp\ammemb64.dll
C:\Users\Mike\AppData\Local\Temp\AutoRun.exe
C:\Users\Mike\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Mike\AppData\Local\Temp\bitool.dll
C:\Users\Mike\AppData\Local\Temp\burnsetup.exe
C:\Users\Mike\AppData\Local\Temp\CmdLineExt02.dll
C:\Users\Mike\AppData\Local\Temp\cres.dll
C:\Users\Mike\AppData\Local\Temp\cshell.dll
C:\Users\Mike\AppData\Local\Temp\dotnetfx 3.5 sp1.exe
C:\Users\Mike\AppData\Local\Temp\DTLite4454-0315.exe
C:\Users\Mike\AppData\Local\Temp\DTLite4461-0328.exe
C:\Users\Mike\AppData\Local\Temp\DTLite4481-0347.exe
C:\Users\Mike\AppData\Local\Temp\FreemakeVideoConverter_4.0.1.6.exe
C:\Users\Mike\AppData\Local\Temp\GLF32EA.tmp.dll
C:\Users\Mike\AppData\Local\Temp\GUR77ED.exe
C:\Users\Mike\AppData\Local\Temp\installerdll14436223.dll
C:\Users\Mike\AppData\Local\Temp\install_flashplayer11x32_mssd_aih.exe
C:\Users\Mike\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Mike\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Mike\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Mike\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Mike\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Mike\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Mike\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Mike\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Mike\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Mike\AppData\Local\Temp\MFPL7014.DLL
C:\Users\Mike\AppData\Local\Temp\MotoCast_Installer_2.0304.exe
C:\Users\Mike\AppData\Local\Temp\MotorolaDeviceManager_2.0307.exe
C:\Users\Mike\AppData\Local\Temp\MotorolaDeviceManager_2.0405.exe
C:\Users\Mike\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Mike\AppData\Local\Temp\mPlayer.cr.dll
C:\Users\Mike\AppData\Local\Temp\mpsetup.exe
C:\Users\Mike\AppData\Local\Temp\msvcr80.dll
C:\Users\Mike\AppData\Local\Temp\outlookset.exe
C:\Users\Mike\AppData\Local\Temp\Pokki.exe
C:\Users\Mike\AppData\Local\Temp\prestall.exe
C:\Users\Mike\AppData\Local\Temp\rpsetup.exe
C:\Users\Mike\AppData\Local\Temp\rzx2ag1k.dll
C:\Users\Mike\AppData\Local\Temp\SetACL.exe
C:\Users\Mike\AppData\Local\Temp\SimPack.exe
C:\Users\Mike\AppData\Local\Temp\sres.dll
C:\Users\Mike\AppData\Local\Temp\tmp4FDA.exe
C:\Users\Mike\AppData\Local\Temp\tmp9EBF.exe
C:\Users\Mike\AppData\Local\Temp\tmpC409.exe
C:\Users\Mike\AppData\Local\Temp\ubiB54C.tmp.exe
C:\Users\Mike\AppData\Local\Temp\uttC668.tmp.exe
C:\Users\Mike\AppData\Local\Temp\wpsetup.exe
C:\Users\Mike\AppData\Local\Temp\WRupdate1241491103.exe
C:\Users\Mike\AppData\Local\Temp\WRupdate1241551647.exe
C:\Users\Mike\AppData\Local\Temp\WRupdate1379918637.exe
C:\Users\Mike\AppData\Local\Temp\WRupdate343153168.exe
C:\Users\Mike\AppData\Local\Temp\WRupdate355170783.exe
C:\Users\Mike\AppData\Local\Temp\WRupdate57736110.exe
C:\Users\Mike\AppData\Local\Temp\WRupdate644312786.exe
C:\Users\Mike\AppData\Local\Temp\WRupdate644373985.exe
C:\Users\Mike\AppData\Local\Temp\WRupdate734811.exe
C:\Users\Mike\AppData\Local\Temp\WRupdate835831438.exe
C:\Users\Mike\AppData\Local\Temp\zlib1.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-13 12:49

==================== End Of Log ============================

 

 

 

Addition Log:

_______________________

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-10-2014
Ran by Mike at 2014-10-17 13:27:16
Running from C:\Users\Mike\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Microsoft Security Essentials (Enabled - Out of date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Out of date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

A Kingdom for Keflings (HKLM-x32\...\AKingdomForKeflings) (Version:  - Ninjabee)
A Kingdom for Keflings(RedSpiderProduction) (HKLM-x32\...\A Kingdom for Keflings(RedSpiderProduction)) (Version:  - )
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe PDF iFilter 11 for 64-bit platforms (HKLM\...\{BA5C0CC3-421B-4AE5-9370-1650D1941F30}) (Version: 11.0.00 - Adobe)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
AIM 7 (HKLM-x32\...\AIM_7) (Version:  - )
Aliens versus Predator (HKLM-x32\...\Aliens versus Predator) (Version:  - )
Aliens versus Predator 2: Primal Hunt (HKLM-x32\...\{103B6835-DCA0-413F-A99E-ECAD6622726E}) (Version:  - )
Aliens vs. Predator 2 (HKLM-x32\...\{3EF79591-BF16-4CF8-8FF0-D8AD968228B1}) (Version:  - )
Aliens: Colonial Marines (HKLM-x32\...\Aliens: Colonial Marines_is1) (Version:  - )
Amazon MP3 Downloader 1.0.15 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.15 - Amazon Services LLC)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{5E03A267-415E-5383-FA8F-3CE4145663B9}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.71219.1540 - Advanced Micro Devices, Inc.) Hidden
AMD Steady Video Plug-In  (Version: 2.06.0000 - AMD) Hidden
AMD VISION Engine Control Center (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
applicationupdater (HKCU\...\SOE-C:/Users/Mike/AppData/Local/Sony Online Entertainment/ApplicationUpdater) (Version:  - Sony Online Entertainment)
AutoHotkey 1.1.09.02 (HKLM\...\AutoHotkey) (Version: 1.1.09.02 - Lexikos)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield Play4Free (HKLM-x32\...\{87686C21-8A15-4b4d-A3F1-11141D9BE094}) (Version:  - EA Digital illusions)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.470.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.8.1.30004 - BitTorrent Inc.)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}) (Version: 2.0.5350 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.1.0.0 - Electronic Arts)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3210 - CyberLink Corp.)
CyberLink DVD Suite Deluxe (x32 Version: 7.0.3210 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0328 - DT Soft Ltd)
dBpoweramp Music Converter (HKLM-x32\...\dBpoweramp Music Converter) (Version: Release 14.3 - Illustrate)
Descent 3 (HKLM-x32\...\Descent3) (Version:  - )
Deus Ex - HDTP (HKLM-x32\...\HDTP) (Version:  - )
Deus Ex (HKLM-x32\...\Deus Ex) (Version:  - )
Deus Ex New Vision (HKLM-x32\...\Deus Ex New Vision) (Version: 1.5 - DaveW)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DisplayFusion 4.3 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 4.3.0.0 - Binary Fortress Software)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Download Updater (AOL LLC) (HKLM-x32\...\SoftwareUpdUtility) (Version:  - ) <==== ATTENTION
Dual Monitor 1.22 (HKLM-x32\...\{64AA3F94-ED4A-4A4B-B72C-B7A1481ED5D8}_is1) (Version: 1.22.021813 - Cristi Diaconu)
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
DwimPerl version 0.07 (HKLM-x32\...\dwimperl_is1) (Version: 0.07 - )
Entropia Universe (HKLM-x32\...\Entropia Universe) (Version: 12.4.3.92118 - MindArk PE AB)
EQ2MAP Updater 1.2.10 (HKLM-x32\...\EQ2MAP Updater) (Version: 1.2.10 - Johan Nilsson)
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
EverQuest II (HKCU\...\SOE-EverQuest II) (Version:  - Sony Online Entertainment)
EverQuest II Beta (HKCU\...\SOE-EverQuest II Beta) (Version:  - Sony Online Entertainment)
Fallout New Vegas (HKLM-x32\...\{219ED5A0-9CBF-4F3A-B927-37C9E5C5F14F}_is1) (Version: 1.4.0.525 - Bethesda Softworks)
Family Feud 2010 1.0.4 (HKLM-x32\...\Family Feud 2010) (Version:  - )
Far Cry 3 Blood Dragon (HKLM-x32\...\{A071F478-73E0-4143-AE55-4DD6BABD74F5}) (Version: 1.01 - Ubisoft)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
FileZilla Client 3.6.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.6.0.2 - FileZilla Project)
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Freemake Video Converter version 4.0.1 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.0.1 - Ellora Assets Corporation)
gamelauncher-ps2-live (HKCU\...\SOE-C:/Users/Public/Sony Online Entertainment/Installed Games/PlanetSide 2) (Version:  - Sony Online Entertainment)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Team Garry)
Garry's Mod 13 Beta (HKLM-x32\...\Steam App 4010) (Version:  - TEAM GARRY)
Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Deathmatch (HKLM-x32\...\Steam App 320) (Version:  - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version:  - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version:  - Valve)
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version:  - Valve)
Half-Life Deathmatch: Source (HKLM-x32\...\Steam App 360) (Version:  - Valve)
Half-Life: Source (HKLM-x32\...\Steam App 280) (Version:  - Valve)
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hitman: Contracts (HKLM-x32\...\Hitman: Contracts) (Version:  - Eidos)
HP Auto (Version: 1.0.12494.3472 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.0.12656.3472 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Game Console (x32 Version:  - WildTangent) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.2.4725 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 4.2.4725 - Hewlett-Packard) Hidden
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4517 - Hewlett-Packard)
HP MediaSmart Music (x32 Version: 4.2.4517 - Hewlett-Packard) Hidden
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.2.4513 - Hewlett-Packard)
HP MediaSmart Photo (x32 Version: 4.2.4513 - Hewlett-Packard) Hidden
HP MediaSmart SmartMenu (HKLM\...\{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}) (Version: 3.1.2.4 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.2.4522 - Hewlett-Packard)
HP MediaSmart Video (x32 Version: 4.2.4522 - Hewlett-Packard) Hidden
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{2EA3D6B2-157E-4112-A3AB-BF17E16661C3}) (Version: 1.0.4.0 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0.2 - Hewlett-Packard)
HP MovieStore (x32 Version: 1.0.027 - Hewlett-Packard) Hidden
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Officejet 6600 Basic Device Software (HKLM\...\{AEC699FC-F916-46A0-B15E-70EF1534AE93}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8}) (Version: 5.1.8.12 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Hulu Desktop (HKCU\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
HydraVision (x32 Version: 4.2.180.0 - ATI Technologies Inc.) Hidden
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
IMVU Avatar Chat Software (HKCU\...\IMVU Avatar chat client software BETA) (Version:  - )
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
L.A.Noire (HKLM-x32\...\L.A.Noire_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3130 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3130 - CyberLink Corp.) Hidden
Legends of Norrath (HKCU\...\SOE-LegendsOfNorrath) (Version:  - Sony Online Entertainment)
LightScribe System Software (HKLM-x32\...\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}) (Version: 1.18.20.1 - LightScribe)
LightScribe Template Labeler (HKLM-x32\...\{2765F726-849C-47B2-A82C-B257DFC0E01C}) (Version: 1.18.22.2 - LightScribe)
Logitech H800 (HKLM\...\{7DE24FDD-A655-4AB7-A877-7236B91A9675}) (Version: 1.0.034 - Logitech)
ManyCam 4.0.44 (HKLM-x32\...\ManyCam) (Version: 4.0.44 - Visicom Media Inc.)
Mass Effect (HKLM-x32\...\{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}) (Version: 1.00 - Electronic Arts, Inc.)
Mass Effect 2 (HKLM-x32\...\{D85A387E-6EC0-40E5-9D89-A148B3E93968}_is1) (Version:  - )
Mass Effect 3 © Bioware version 1 (HKLM-x32\...\TWFzcyBFZmZlY3QgMyAoYykgQmlvd2FyZQ==_is1) (Version: 1 - )
Mass Effect™ 3 (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.01.0.0 - Electronic Arts)
McAfee Multi Access - Total Protection (HKLM-x32\...\MSC) (Version: 12.8.988 - McAfee, Inc.)
McAfee SafeKey(uninstall only) (HKLM-x32\...\SafeKey) (Version: 2.2.3 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 3 (HKLM-x32\...\{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}) (Version: 3.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages 2 (HKLM-x32\...\{cb29be6c-39c4-493e-9da7-d585d5353714}) (Version: 2.0.20715.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages 2 Runtime (x32 Version: 2.0.20715.0 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (Version:  - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 RsFx Driver (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{01078B88-2981-4F75-96B0-8B22E2D2DE03}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{301DAC0A-285C-4BB1-A68E-7393673E9E69}) (Version: 11.1.2807.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{67ED4F6B-BE85-410B-A60E-793CEB7D7DAD}) (Version: 11.1.2807.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 Scripting Tools ENU CTP1 (HKLM-x32\...\{82284382-30E3-4DED-980B-746278DA6CC2}) (Version: 4.0.8854.1 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU CTP1 (HKLM\...\{FAF57A91-58B3-490C-9D0C-66337DAD3F11}) (Version: 4.0.8854.1 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 Web Tools ENU (HKLM-x32\...\{A51500FE-6408-4305-B071-B961F691A4CE}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Web Deploy 3.0 (HKLM\...\{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}) (Version: 3.1236.1631 - Microsoft Corporation)
Microsoft Web Platform Installer 4.0 (HKLM\...\{39960E10-3FF7-46BB-A92D-8076C67ABF60}) (Version: 4.0.1692 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
MixPad (HKLM-x32\...\MixPad) (Version:  - NCH Software)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.2.4412 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Mplayer.com (HKLM-x32\...\Mplayer.com) (Version:  - )
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MySQL Connector Net 6.5.4 (HKLM-x32\...\{92E19B5A-1985-49BF-9022-9CF4AD652C72}) (Version: 6.5.4 - Oracle)
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
Neat (HKLM-x32\...\Neat) (Version: 5.1.31.16 - The Neat Company)
Neat ADF Scanner 2008 Driver (HKLM\...\{8A2BC7D4-A7D3-45D5-B3D2-394718C53C41}) (Version: 2.0.1.2 - The Neat Company)
Neat ADF Scanner Driver (HKLM\...\{A55F1206-BFA7-4027-92B8-CE4EFDBC3CF2}) (Version: 2.0.2.1 - The Neat Company)
Neat Core Files (x32 Version: 5.1.31.16 - The Neat Company) Hidden
Neat Mobile Scanner (Silver) Driver (HKLM\...\{D1108D4B-72F8-419F-88C5-ABB8DC09B3C7}) (Version: 2.0.1.1 - The Neat Company)
Neat Mobile Scanner 2008 Driver (HKLM\...\{DDE25FC9-892D-4D24-9325-3BAA5C15ACA9}) (Version: 2.0.1.1 - The Neat Company)
Neat Mobile Scanner Driver (HKLM\...\{7EA2D88A-C8B7-4102-8644-0A437B6FC143}) (Version: 2.0.1.2 - The Neat Company)
NirSoft IE PassView (HKLM-x32\...\NirSoft IE PassView) (Version:  - )
NVIDIA PhysX (HKLM-x32\...\{9530AE42-DAE1-4619-9594-B23487285D17}) (Version: 9.11.1107 - NVIDIA Corporation)
Oni (HKLM-x32\...\Oni) (Version:  - )
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.0.7040 - ooVoo LLC.)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.3.6.4643 - Electronic Arts, Inc.)
Outlook Setup Tool (HKLM-x32\...\outlookset) (Version: 2.2.19 - Starfield Technologies)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.9 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.33 - Hewlett-Packard Company)
PlanetSide 2 (HKCU\...\soe-PlanetSide 2) (Version: 1.0.3.181 - Sony Online Entertainment)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4329 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4329 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3129 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3129 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-13231864975E}) (Version: 5.10.1102.0 -  NewspaperDirect Inc.)
Quake II (HKLM-x32\...\Quake2UninstallKey) (Version:  - )
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version:  - Ralink)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
RecordPad Sound Recorder (HKLM-x32\...\Recordpad) (Version:  - NCH Software)
Recovery Manager (x32 Version: 5.5.3219 - CyberLink Corp.) Hidden
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.0.6.1 - Rockstar Games)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.101 - RoxioNow)
RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)
RuneScape Toolbar (HKLM-x32\...\RuneScape Toolbar) (Version: 6.3.3.3 - RuneScape)
Saints Row 2 version 1.02 (HKLM-x32\...\{75D84EF7-0D8C-4e70-STROW2-7B42A5D4E0EB}_is1) (Version: 1.02 - Black_Box)
Saitek Cyborg Keyboard Volume 6.5.1.17 (HKLM\...\{23BD8983-822A-42E9-8D7A-4B2069062E50}) (Version: 6.5.1.17 - Saitek)
Send To Neat (HKLM\...\{237E305C-B625-466A-88CE-1E121BF4FDB1}) (Version: 1.1.0.0 - The Neat Company)
Service Pack 1 for SQL Server 2008 R2 (KB2528583) (64-bit) (HKLM\...\KB2528583) (Version: 10.51.2500.0 - Microsoft Corporation)
SimCity 4 (HKLM-x32\...\{611BD998-34B9-4DDA-00AE-0CB4632E86FA}) (Version:  - )
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Smart Technology Programming Software 7.0.27.13 (HKLM\...\{BD90BC1C-115D-47E1-B85C-07AE182C3AB8}) (Version: 7.0.27.13 - Mad Catz)
Source SDK (HKLM-x32\...\Steam App 211) (Version:  - Valve)
SQL Server 2008 R2 SP1 Common Files (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Database Engine Services (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Database Engine Shared (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Star Wars® Knights of the Old Republic® II: The Sith Lords™ (HKLM-x32\...\{629F65FB-7F3C-4D66-A1C0-20722744B7B6}) (Version: 1.00.0000 - Obsidian)
Station Launcher (HKLM-x32\...\{49668BEE-D721-449C-82D3-C7561945F706}) (Version: 1.01.9000 - Sony Online Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.55.4 - Electronic Arts)
The Sims™ 3 70s, 80s, & 90s Stuff (HKLM-x32\...\{E1868CAE-E3B9-4099-8C18-AA8944D336FD}) (Version: 17.0.77 - Electronic Arts)
The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
The Sims™ 3 Diesel Stuff (HKLM-x32\...\{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}) (Version: 14.0.48 - Electronic Arts)
The Sims™ 3 Fast Lane Stuff (HKLM-x32\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.0.44 - Electronic Arts)
The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims™ 3 Island Paradise (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
The Sims™ 3 Katy Perry's Sweet Treats (HKLM-x32\...\{9B2506E3-9A3F-45B5-96BF-509CAD584650}) (Version: 13.0.62 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.2.4 - Electronic Arts)
The Sims™ 3 Master Suite Stuff (HKLM-x32\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts)
The Sims™ 3 Outdoor Living Stuff (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.3.2 - Electronic Arts)
The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
The Sims™ 3 Seasons (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
The Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
The Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
The Sims™ 3 Town Life Stuff (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
The Sims™ 3 World Adventures (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.9.10 - Electronic Arts)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.1804 - Intuit Inc.) Hidden
TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0402 - Intuit Inc.) Hidden
TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0164 - Intuit Inc.) Hidden
TurboTax 2012 wrapper (x32 Version: 012.000.0127 - Intuit Inc.) Hidden
Ultimate Ride (HKLM-x32\...\{4CE79985-8BCD-11D5-AA2E-0008C760B784}) (Version:  - )
Ultimate Ride Coaster Deluxe (HKLM-x32\...\{D59D6513-2076-11D6-AA2E-0008C760B784}) (Version:  - )
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virus Guard - powered by BitDefender (HKLM-x32\...\{A4D77A09-10EA-4574-8C09-9B6E1A21C95F}) (Version: 1.0.0.0 - BitDefender)
VLC media player 1.1.7 (HKLM-x32\...\VLC media player) (Version: 1.1.7 - VideoLAN)
Voxal Voice Changer (HKLM-x32\...\Voxal) (Version:  - NCH Software)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version:  - NCH Software)
Webroot Software (HKLM-x32\...\Webroot Software) (Version: 7.0.8.7 - Webroot Software, Inc.)
Webroot Software (x32 Version: 7.0.8.7 - Webroot Software, Inc.) Hidden
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.623  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Azure PowerShell - November 2012 (HKLM-x32\...\{F8883CB9-CD3F-417E-A0EF-F1595ACA93BD}) (Version: 0.6.8 - Microsoft Corporation)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Mobile Device Updater Component (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
Zune (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHT) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CSY) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DAN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DEU) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ELL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ESP) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FIN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FRA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (HUN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (IND) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ITA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (JPN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (KOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (MSL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NLD) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PLK) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTB) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTG) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (RUS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (SVE) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-940925835-2832117764-3215822635-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-940925835-2832117764-3215822635-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-940925835-2832117764-3215822635-1001_Classes\CLSID\{B5B8593C-89BC-44a7-BCE3-32FE4FED7C5C}\InprocServer32 -> C:\Users\Mike\AppData\Local\Workspace\wbetoolsax64.dll No File
CustomCLSID: HKU\S-1-5-21-940925835-2832117764-3215822635-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-940925835-2832117764-3215822635-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

13-10-2014 16:57:19 Scheduled Checkpoint
13-10-2014 18:21:18 Removed Java 7 Update 45
13-10-2014 19:02:14 Removed Facebook Video Calling 3.1.0.521

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-02-13 16:57 - 2013-09-03 18:19 - 00000833 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0152D315-1F67-46DB-A021-EF44B19B85FD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-940925835-2832117764-3215822635-1001Core => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-05] (Google Inc.)
Task: {1711BAC9-A880-4958-A263-244768546EAC} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {2A420CD6-C756-4E96-9F2A-A9E297684D03} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-18] (Google Inc.)
Task: {2EC3ADA9-CAAE-4E33-B676-75219BCD382A} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {2FED1BEF-8801-4383-9FDD-1A5444C28161} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2010-08-20] (CyberLink)
Task: {3A34C7DF-15E4-4729-AE5D-C1E44682ED48} - System32\Tasks\HPCeeScheduleForMIKE-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {4284FD15-910A-449C-A1FB-BADC7FF92ACD} - System32\Tasks\Hewlett-Packard\HP Assistant\HPSA Upgrade => C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [2011-08-11] (Hewlett-Packard)
Task: {438A1C97-1388-471F-BD94-6973D5BD280B} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {4BCA472F-3ABB-4E8D-9CC2-E762943A2A3C} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {585C34DD-7C5A-4F21-9098-7C5BFAC8A293} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {61661C07-F975-4825-9A68-0CC8A11A7153} - System32\Tasks\NCH Software\MixPadDowngrade => C:\Program Files (x86)\NCH Software\MixPad\mixpad.exe [2012-12-14] (NCH Software)
Task: {77334DD1-7237-44DC-90E3-50C631BD78B1} - System32\Tasks\HPCeeScheduleForMike => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {95CBC7C2-719D-4312-BD12-4157D3DFEA7A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-18] (Google Inc.)
Task: {AC0BB6D5-80CC-42C7-BA32-C794FF0D1FF2} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {B33005D5-63A0-4451-8D92-93E07194CA9F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {C7594D46-E6AE-43D3-9E9A-4BCDD3EE6696} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {C9FD5EAB-6AAE-430B-A971-098EAA61F077} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {F7C8DD95-97B7-42BA-A145-0A2E148F74A9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-940925835-2832117764-3215822635-1001UA => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-05] (Google Inc.)
Task: {FF8D941F-69B0-4BB3-9E93-AF2FDC87C795} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-940925835-2832117764-3215822635-1001Core.job => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-940925835-2832117764-3215822635-1001UA.job => C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMIKE-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMike.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2013-03-29 16:25 - 2013-02-04 13:00 - 00054784 _____ () C:\Windows\System32\sdtnpm.dll
2012-12-19 16:32 - 2012-12-19 16:32 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2010-01-02 10:42 - 2010-01-02 10:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-05-03 22:57 - 2011-03-02 12:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2012-12-19 16:32 - 2012-12-19 16:32 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-10-31 11:05 - 2013-10-31 11:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:4C4EDBB7

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRConsumerService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION!

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: EA Core => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
MSCONFIG\startupreg: Facebook Update => "C:\Users\Mike\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: WebrootTrayApp => "C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-940925835-2832117764-3215822635-500 - Administrator - Disabled)
Guest (S-1-5-21-940925835-2832117764-3215822635-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-940925835-2832117764-3215822635-1002 - Limited - Enabled)
Mike (S-1-5-21-940925835-2832117764-3215822635-1001 - Administrator - Enabled) => C:\Users\Mike

==================== Faulty Device Manager Devices =============

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Avnex Virtual Audio Device
Description: Avnex Virtual Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: AVNEX Ltd.
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/17/2014 01:16:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 234632399

Error: (10/17/2014 01:16:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 234632399

Error: (10/17/2014 01:16:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/13/2014 01:22:16 PM) (Source: Google Update) (EventID: 20) (User: Mike-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (10/13/2014 00:52:31 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (10/13/2014 10:22:16 AM) (Source: Google Update) (EventID: 20) (User: Mike-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (10/13/2014 07:22:16 AM) (Source: Google Update) (EventID: 20) (User: Mike-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (10/13/2014 04:22:15 AM) (Source: Google Update) (EventID: 20) (User: Mike-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (10/13/2014 01:22:31 AM) (Source: Google Update) (EventID: 20) (User: Mike-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (10/12/2014 11:00:49 PM) (Source: Google Update) (EventID: 20) (User: Mike-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

System errors:
=============
Error: (10/17/2014 01:27:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The DHCP Client service terminated with the following error:
%%5

Error: (10/17/2014 01:27:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:
%%0

Error: (10/17/2014 01:27:40 PM) (Source: Microsoft-Windows-Dhcp-Client) (EventID: 1004) (User: NT AUTHORITY)
Description: Error occurred in stopping the Dhcpv4 Client service. Error code is 5. ShutDown Flag value is 0

Error: (10/17/2014 01:27:40 PM) (Source: Microsoft-Windows-Dhcp-Client) (EventID: 17270) (User: NT AUTHORITY)
Description: An error occurred in initializing DHCPv4. Error Code is 5

Error: (10/17/2014 01:27:35 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The DHCP Client service terminated with the following error:
%%5

Error: (10/17/2014 01:27:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:
%%0

Error: (10/17/2014 01:27:35 PM) (Source: Microsoft-Windows-Dhcp-Client) (EventID: 1004) (User: NT AUTHORITY)
Description: Error occurred in stopping the Dhcpv4 Client service. Error code is 5. ShutDown Flag value is 0

Error: (10/17/2014 01:27:35 PM) (Source: Microsoft-Windows-Dhcp-Client) (EventID: 17270) (User: NT AUTHORITY)
Description: An error occurred in initializing DHCPv4. Error Code is 5

Error: (10/17/2014 01:26:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:
%%5

Error: (10/17/2014 01:26:57 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The DHCP Client service terminated with the following error:
%%5

Microsoft Office Sessions:
=========================
Error: (10/17/2014 01:16:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 234632399

Error: (10/17/2014 01:16:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 234632399

Error: (10/17/2014 01:16:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/13/2014 01:22:16 PM) (Source: Google Update) (EventID: 20) (User: Mike-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (10/13/2014 00:52:31 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (10/13/2014 10:22:16 AM) (Source: Google Update) (EventID: 20) (User: Mike-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (10/13/2014 07:22:16 AM) (Source: Google Update) (EventID: 20) (User: Mike-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (10/13/2014 04:22:15 AM) (Source: Google Update) (EventID: 20) (User: Mike-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (10/13/2014 01:22:31 AM) (Source: Google Update) (EventID: 20) (User: Mike-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (10/12/2014 11:00:49 PM) (Source: Google Update) (EventID: 20) (User: Mike-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

==================== Memory info ===========================

Processor: AMD Phenom™ II X6 1045T Processor
Percentage of memory in use: 36%
Total physical RAM: 8191.29 MB
Available physical RAM: 5221.48 MB
Total Pagefile: 16380.75 MB
Available Pagefile: 13839.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1384.2 GB) (Free:161.76 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:12.97 GB) (Free:1.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (USB20FD) (Removable) (Total:15.22 GB) (Free:4.69 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1397.3 GB) (Disk ID: 35B4DC14)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1384.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 15.2 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=15.2 GB) - (Type=0C)

==================== End Of Log ============================

 

 

Hope I did it all correctly.

Thanks again for your time and consideration! :)

 

Attached Files



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,413 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:03 PM

Posted 17 October 2014 - 06:58 PM

Hi Mike,

You did it perfectly, thanks. I will provide instructions as if you currently have internet access knowing you are highly capable of adapting.

You have 2 enabled antivirus programs on your computer. Running more than one can create a whole host of issues. If you want to run McAfee, please disable Microsoft Security Essentials.
Open Microsoft Security Essentials -> click "Settings" tab -> select "Real time protection" -> uncheck the box "Turn on real-time protection" (recommended).

Please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have Bit Torrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Bit Torrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {6B78A880-15CA-468f-8422-A7960AD6FBB9} => C:\Program Files (x86)\Webroot\Security\current\plugins\sync\WebRootShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {4EE7A346-5845-471e-9FAB-002EAF83F8B0} => C:\Program Files (x86)\Webroot\Security\current\plugins\sync\WebRootShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {53DABC15-4F29-44ad-B09A-E0D0F9A3D075} => C:\Program Files (x86)\Webroot\Security\current\plugins\sync\WebRootShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {493FC96E-B938-4924-9B38-C4088E9B8AC2} => C:\Program Files (x86)\Webroot\Security\current\plugins\sync\WebRootShellExt_x64.dll No File
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll No File
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll No File
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll No File
BHO-x32: WebrootBHO Class -> {D93EC24D-8741-4D41-B83D-A5793B998416} -> C:\Program Files (x86)\Webroot\Security\current\plugins\browserextension\WebrootBHO.dll No File
BHO-x32: Webroot Browser Helper Object -> {e08861fe-8847-4b2a-8ec2-08edb20e4020} -> C:\Program Files (x86)\Webroot\Security\current\products\WISE\toolbar\LPBar.dll No File
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll No File
Toolbar: HKLM-x32 - Webroot Toolbar - {d84a64a0-f2b2-4975-b264-3a3bce8d57d6} - C:\Program Files (x86)\Webroot\Security\current\products\WISE\toolbar\LPBar.dll No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {A8864317-E18B-4292-99D9-E6E65AB905D3} -  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
U0 SR; No ImagePath
U2 srservice; No ImagePath
C:\Users\Mike\jagex_cl_runescape_LIVE.dat
C:\Users\Mike\jagex_runescape_preferences.dat
C:\Users\Mike\jagex_runescape_preferences2.dat
C:\Users\Guest\AppData\Local\Temp
CustomCLSID: HKU\S-1-5-21-940925835-2832117764-3215822635-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-940925835-2832117764-3215822635-1001_Classes\CLSID\{B5B8593C-89BC-44a7-BCE3-32FE4FED7C5C}\InprocServer32 -> C:\Users\Mike\AppData\Local\Workspace\wbetoolsax64.dll No File
CustomCLSID: HKU\S-1-5-21-940925835-2832117764-3215822635-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
AlternateDataStreams: C:\ProgramData\Temp:4C4EDBB7
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION!
Folder: C:\Users\Mike\AppData\Local\lptmp516222010
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • Fixlog
  • How is your computer running now?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Mike585x

Mike585x
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 19 October 2014 - 08:50 PM

Hi Gary, thank you for your extremely quick reply. I noticed it was only a couple of hours later, and I apologize that I was not as quick with my response as I have not been home the past few days. As I write this I am currently following your well-givin instructions. :)

 

I first wanted to add that I shouldn't have any conflict with Microsoft Security Essentials. It was only installed, but not set up, due to the program not functioning/doing anything without first having internet access to update the definitions. I had only installed/transferred it as an extra attempt to detect the infection (after said infection kept completely disabaling McAfee's Real-time Protection and Firewall), but it would not work anyway. However, since I was considering on using it in replacement of McAfee in the future, I was wondering what you believe would be a better choice (seeing that they are both free), if not something else entirely? I'm trying to find a good one but keep getting mixed opinions/reviews, but I would rather hear it from you since I trust you the most. Thanks!

 

Furthermore, I know you probably rolled your eyes after seeing that BitTorrent was installed (hehe), as I'm sure it is the cause for most infections that show up on this forum. It might also be the cause of my infection, and I will highly consider your advice on it's immediate disuse after all this.

 

Here are the logs as requested:

 

AdwCleaner Log:

_______________________

 

# AdwCleaner v4.000 - Report created 19/10/2014 at 21:08:35
# DB v
# Updated 12/10/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Mike - MIKE-HP
# Running from : C:\Users\Mike\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Mike\AppData\Local\apn
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\Guest\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Mike\AppData\Local\Conduit
Folder Deleted : C:\Users\Mike\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\y1mht37r.default\Conduit
Folder Deleted : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\y1mht37r.default\ConduitCommon
Folder Deleted : C:\ProgramData\MyStart Anti-phishing Domain Advisor
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Users\Mike\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\Mike\AppData\Local\PackageAware
Folder Deleted : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\y1mht37r.default\Smartbar
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\y1mht37r.default\ValueApps
Folder Deleted : C:\Users\Mike\AppData\Local\Zoom_Downloader
Folder Deleted : C:\Program Files (x86)\RuneScape
Folder Deleted : C:\Users\Guest\AppData\LocalLow\RuneScape
Folder Deleted : C:\Users\Mike\AppData\LocalLow\RuneScape
Folder Deleted : C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape
Folder Deleted : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\y1mht37r.default\CT2680363
Folder Deleted : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\y1mht37r.default\Extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
File Deleted : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\y1mht37r.default\user.js
File Deleted : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Deleted : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage
File Deleted : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dghncoeocefmhkhiphdgikkamjeglbfh
Key Deleted : HKCU\Software\Classes\pokki
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2680363
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_voice-changer-software_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_voice-changer-software_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A8864317-E18B-4292-99D9-E6E65AB905D3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{12911AF4-EA6A-4930-8AD7-10C1C5DA95D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8864317-E18B-4292-99D9-E6E65AB905D3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A8864317-E18B-4292-99D9-E6E65AB905D3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A8864317-E18B-4292-99D9-E6E65AB905D3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB24E92-62C4-4C53-95D2-65F9EED476BC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BD2C17C7-8CFE-4FE4-A697-37E51043F891}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A8864317-E18B-4292-99D9-E6E65AB905D3}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{A8864317-E18B-4292-99D9-E6E65AB905D3}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{A8864317-E18B-4292-99D9-E6E65AB905D3}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{A8864317-E18B-4292-99D9-E6E65AB905D3}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB24E92-62C4-4C53-95D2-65F9EED476BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{607B689F-7600-45E4-B8E5-887F72DAB15C}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0D4A4BC-F7CD-436E-B1FA-25637BA0F5BE}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKCU\Software\RuneScape
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\RuneScape
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Email Notifier
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\Iminent
Key Deleted : HKLM\SOFTWARE\SweetIM
Key Deleted : HKLM\SOFTWARE\RuneScape
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RuneScape Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280

-\\ Mozilla Firefox v30.0 (en-US)

[y1mht37r.default] - Line Deleted : user_pref("CT2680363..clientLogIsEnabled", true);
[y1mht37r.default] - Line Deleted : user_pref("CT2680363..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.AppTrackingLastCheckTime", "Wed Jul 06 2011 06:48:17 GMT-0400 (Eastern Daylight Time)");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.CT2680363", "CT2680363");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.CommunitiesChangesLastCheckTime", "0");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.CurrentServerDate", "14-7-2011");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.DialogsAlignMode", "LTR");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.DialogsGetterLastCheckTime", "Wed Jul 13 2011 21:52:58 GMT-0400 (Eastern Daylight Time)");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"BannerCulture\":\"\",\"DownloadTime\":\"4/20/2011 11:46:17 AM\",\"SourceId\":0,\"OriginSource\":0,\"Refe[...]
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":false}");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.EnableClickToSearchBox", false);
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.EnableSearchHistory", false);
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.EnableSearchSuggest", false);
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.ExternalComponentPollDate129221960058849484", "Wed Jul 13 2011 21:52:54 GMT-0400 (Eastern Daylight Time)");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.ExternalComponentPollDate129222078068706850", "Wed Jul 13 2011 22:12:55 GMT-0400 (Eastern Daylight Time)");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.ExternalComponentPollDate129228979092089554", "Wed Jul 13 2011 21:52:54 GMT-0400 (Eastern Daylight Time)");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.ExternalComponentPollDate129243777123493394", "Wed Jul 13 2011 21:52:54 GMT-0400 (Eastern Daylight Time)");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.ExternalComponentPollDate129308349891594152", "Wed Jul 13 2011 22:16:55 GMT-0400 (Eastern Daylight Time)");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.ExternalComponentPollDate129362183886169315", "Wed Jul 13 2011 22:16:55 GMT-0400 (Eastern Daylight Time)");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.FirstServerDate", "20-4-2011");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.FirstTime", true);
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.FirstTimeFF3", true);
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.FixPageNotFoundErrors", false);
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.GroupingInvalidateCache", false);
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.GroupingLastCheckTime", "0");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.GroupingLastServerUpdateTime", "0");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.GroupingServerCheckInterval", 1440);
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.HasUserGlobalKeys", true);
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.HomePageProtectorEnabled", false);
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.Initialize", true);
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.InitializeCommonPrefs", true);
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.InstallationAndCookieDataSentCount", 3);
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.InstalledDate", "Wed Apr 20 2011 04:46:36 GMT-0400 (Eastern Daylight Time)");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.InvalidateCache", false);
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.IsAlertDBUpdated", true);
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.IsGrouping", false);
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.IsMulticommunity", false);
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.IsOpenThankYouPage", true);
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.IsOpenUninstallPage", true);
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.LanguagePackLastCheckTime", "Wed Jul 13 2011 21:53:06 GMT-0400 (Eastern Daylight Time)");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.LanguagePackReloadIntervalMM", 1440);
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.LastLogin_3.3.3.2", "Fri Jun 24 2011 05:48:05 GMT-0400 (Eastern Daylight Time)");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.LastLogin_3.5.0.12", "Wed Jul 13 2011 21:52:55 GMT-0400 (Eastern Daylight Time)");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.LatestVersion", "3.3.3.2");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.Locale", "en");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.MCDetectTooltipHeight", "83");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.MCDetectTooltipShow", false);
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.MCDetectTooltipWidth", "295");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.MyStuffEnabledAtInstallation", true);
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.RadioLastCheckTime", "0");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.RadioLastUpdateIPServer", "0");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.RadioLastUpdateServer", "0");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.RestartDialogFirstTime", "false");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.RestartDialogShouldDisplay", "false");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.SHRINK_TOOLBAR", 1);
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.SearchFromAddressBarIsInit", true);
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2680363&SearchSource=2&q=");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.SearchInNewTabEnabled", true);
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.SearchInNewTabIntervalMM", 1440);
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.SearchInNewTabLastCheckTime", "Wed Jul 13 2011 21:52:54 GMT-0400 (Eastern Daylight Time)");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.SearchInNewTabUserEnabled", false);
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.SearchProtectorEnabled", false);
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.SearchProtectorToolbarDisabled", true);
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.ServiceMapLastCheckTime", "Wed Jul 13 2011 21:52:56 GMT-0400 (Eastern Daylight Time)");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.SettingsLastCheckTime", "Wed Jul 13 2011 21:52:05 GMT-0400 (Eastern Daylight Time)");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.SettingsLastUpdate", "1309859862");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.ThirdPartyComponentsInterval", 504);
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.ThirdPartyComponentsLastCheck", "Tue Jul 05 2011 16:55:21 GMT-0400 (Eastern Daylight Time)");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.ThirdPartyComponentsLastUpdate", "1246786978");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2680363");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCityToolbar.com,MyCollegeToolba[...]
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.UserID", "UN12115316367839494");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.ValidationData_Toolbar", 2);
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.alertChannelId", "1072794");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.approveUntrustedApps", true);
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.backendstorage.facebook_mode", "32");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.backendstorage.facebook_user_locale", "656E");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.components.1000515", false);
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.countryCode", "US");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.embeddedsData", "[{\"appId\":\"129217750664239616\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.facebook_mode.from_oldbar.enc", "Mg==");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.facebook_user_locale.from_oldbar.enc", "ZW4=");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.firstTimeDialogOpened", true);
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.fixPageNotFoundErrorByUser", "false");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.fullUserID", "UN12115316367839494.UP.20140831151038");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdownload.conduit.com/\"}");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.globalFirstTimeInfoLastCheckTime", "Wed Jul 13 2011 21:52:58 GMT-0400 (Eastern Daylight Time)");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.homepageProtectorEnableByLogin", true);
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.initDone", true);
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.installType", "Unknown");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.isAppTrackingManagerOn", true);
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.isCheckedStartAsHidden", true);
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":false}");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.isPerformedSmartBarTransition", "true");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.conduit.com/?gd=&ctid=CT2680363&octid=CT2680363&ISID=ISID_ID&SearchSource=15&CUI=UN12115316367839494&Lay=1[...]
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.lastVersion", "10.33.0.517");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.missingMachineIdSent", "true");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.myStuffEnabled", true);
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.myStuffPublihserMinWidth", 400);
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.myStuffServiceIntervalMM", 1440);
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsearch.qasite.com%2F%3Fctid%3DCT2680363%26SearchSource%3D13\",\"EB_MAIN_FRAME_TITLE\":\"Prob[...]
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.oldAppsList", "129217750664239615,129217750664239616,111,129240097234456939,129221960058849484,129228979092089554,129222078068706850,129243777123493394,129308349891594152,12936218[...]
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.originalHomepage", "chrome://branding/locale/browserconfig.properties");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.originalSearchAddressUrl", "");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.originalSearchEngine", "Secure Search");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.originalSearchEngineName", "Secure Search");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.performedDomainChangesMigration", "true");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.search.searchAppId", "129217750664239616");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.search.searchCount", "0");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.searchFromAddressBarEnabledByUser", "false");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.searchInNewTabEnabledByUser", "false");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.searchProtectorDialogDelayInSec", 10);
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.searchProtectorEnableByLogin", true);
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.searchSuggestEnabledByUser", "True");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"false\"}");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.selectToSearchBoxEnabledByUser", "{\"dataType\":\"string\",\"data\":\"false\"}");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.sendUsageEnabled", "false");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2680363\"}");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://RuneScape.OurToolbar.com//xpi\"}");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"RuneScape \"}");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.serviceLayer_services_Configuration_lastUpdate", "1412549485361");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1412202282903");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.serviceLayer_services_appsMetadata_lastUpdate", "1412549485361");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1412202282904");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.serviceLayer_services_login_10.33.0.517_lastUpdate", "1412549484422");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.serviceLayer_services_menu_6759b98c5c41e5adf06c33270b62c6e6_lastUpdate", "1412549485444");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.serviceLayer_services_menu_80d353221b1bca0ea09b0ca31fc56984_lastUpdate", "1412549485444");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.serviceLayer_services_menu_881468d8e0b6e916c63be4c8ba637004_lastUpdate", "1412549845486");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.serviceLayer_services_menu_a5853dc22a1fdc032e03e2ce648f7391_lastUpdate", "1412549485445");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.serviceLayer_services_menu_b1937dfb105ad53b8d49aa02aa266f80_lastUpdate", "1412549485443");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1412202282905");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.serviceLayer_services_searchAPI_lastUpdate", "1412549485360");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.serviceLayer_services_serviceMap_lastUpdate", "1412549485357");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.serviceLayer_services_toolbarContextMenu_lastUpdate", "1412549485359");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.serviceLayer_services_toolbarSettings_lastUpdate", "1412549485360");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.serviceLayer_services_translation_lastUpdate", "1412549485359");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.settingsINI", true);
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.showToolbarPermission", "false");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.smartbar.CTID", "CT2680363");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.smartbar.Uninstall", "0");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.smartbar.homepage", true);
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.smartbar.toolbarName", "RuneScape ");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.testingCtid", "");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.toolbarAppMetaDataLastCheckTime", "Wed Jul 13 2011 21:52:56 GMT-0400 (Eastern Daylight Time)");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.toolbarBornServerTime", "20-4-2011");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.toolbarContextMenuLastCheckTime", "Wed Jul 13 2011 21:53:06 GMT-0400 (Eastern Daylight Time)");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.toolbarCurrentServerTime", "31-8-2014");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.toolbarLoginClientTime", "Sun Aug 31 2014 15:10:41 GMT-0400 (Eastern Standard Time)");
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.upgradeFromOBVersion", true);
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.usageEnabled", false);
[y1mht37r.default] - Line Deleted : user_pref("CT2680363.usagesFlag", 2);
[y1mht37r.default] - Line Deleted : user_pref("CT2680363_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1412549473301,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
[y1mht37r.default] - Line Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2680363");
[y1mht37r.default] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1072794/1068498/US", "\"0\"");
[y1mht37r.default] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2680363", "\"0\"");
[y1mht37r.default] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "wVmmvqqOMqrv5xct1cJIHg==");
[y1mht37r.default] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "0uSPYx+Kl2jpu8sJZMeHjw==");
[y1mht37r.default] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "Dclc8oo4TTv7+mAkSlUSWg==");
[y1mht37r.default] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "K4Vqu91uAzWURlxJRdXJOg==");
[y1mht37r.default] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"803651ba7facb1:1022\"");
[y1mht37r.default] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"07b2625f8cb1:0\"");
[y1mht37r.default] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.0.12", "\"807dc126dd28cc1:0\"");
[y1mht37r.default] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2680363", "\"634434930587600000\"");
[y1mht37r.default] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2680363/CT2680363", "\"1309859862\"");
[y1mht37r.default] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE", "\"634432176643630000\"");
[y1mht37r.default] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634461627320900000\"");
[y1mht37r.default] - Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Mike\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\y1mht37r.default\\conduitCommon\\modules\\3.5.0.12");
[y1mht37r.default] - Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.5.0.12");
[y1mht37r.default] - Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
[y1mht37r.default] - Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2680363");
[y1mht37r.default] - Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2680363");
[y1mht37r.default] - Line Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed Apr 20 2011 04:46:34 GMT-0400 (Eastern Daylight Time)");
[y1mht37r.default] - Line Deleted : user_pref("CommunityToolbar.alert.alertEnabled", false);
[y1mht37r.default] - Line Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
[y1mht37r.default] - Line Deleted : user_pref("CommunityToolbar.alert.locale", "en");
[y1mht37r.default] - Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
[y1mht37r.default] - Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Jun 21 2011 19:46:58 GMT-0400 (Eastern Daylight Time)");
[y1mht37r.default] - Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
[y1mht37r.default] - Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
[y1mht37r.default] - Line Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
[y1mht37r.default] - Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
[y1mht37r.default] - Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
[y1mht37r.default] - Line Deleted : user_pref("CommunityToolbar.alert.userId", "70692620-bdd0-4eef-b818-423bdd2713d3");
[y1mht37r.default] - Line Deleted : user_pref("CommunityToolbar.globalUserId", "aaf956a5-46e1-4c3f-aabc-15248435eedf");
[y1mht37r.default] - Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
[y1mht37r.default] - Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
[y1mht37r.default] - Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Jul 10 2011 03:10:56 GMT-0400 (Eastern Daylight Time)");
[y1mht37r.default] - Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
[y1mht37r.default] - Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Wed Jul 13 2011 21:53:04 GMT-0400 (Eastern Daylight Time)");
[y1mht37r.default] - Line Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
[y1mht37r.default] - Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
[y1mht37r.default] - Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
[y1mht37r.default] - Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Jul 13 2011 21:52:55 GMT-0400 (Eastern Daylight Time)");
[y1mht37r.default] - Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1305622559");
[y1mht37r.default] - Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
[y1mht37r.default] - Line Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
[y1mht37r.default] - Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
[y1mht37r.default] - Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
[y1mht37r.default] - Line Deleted : user_pref("CommunityToolbar.notifications.userId", "67a5a4bf-3e93-488a-aecd-372359864bd7");
[y1mht37r.default] - Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
[y1mht37r.default] - Line Deleted : user_pref("Smartbar.TBHomepagesList", "hxxp://search.qasite.com/?CUI=UN12115316367839494&ctid=CT2680363&SearchSource=13");
[y1mht37r.default] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.qasite.com/?CUI=UN12115316367839494&ctid=CT2680363&SearchSource=13");
[y1mht37r.default] - Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.qasite.com/?ctid=CT2680363&SearchSource=13,hxxp://search.qasite.com/?CUI=UN12115316367839494&ctid=CT2680363&SearchSource=13");
[y1mht37r.default] - Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2680363&SearchSource=2&q=");
[y1mht37r.default] - Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT2680363");
[y1mht37r.default] - Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT2680363");
[y1mht37r.default] - Line Deleted : user_pref("smartbar.homepageList", "hxxp://search.qasite.com/?ctid=CT2680363&SearchSource=13,hxxp://search.qasite.com/?CUI=UN12115316367839494&ctid=CT2680363&SearchSource=13");
[y1mht37r.default] - Line Deleted : user_pref("smartbar.searchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2680363&SearchSource=2&q=");

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [38731 octets] - [19/10/2014 20:55:34]
AdwCleaner[S0].txt - [38277 octets] - [19/10/2014 21:08:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [38338 octets] ##########

 

 

 

Junkware Log:

_______________________

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.14.2014:1)
OS: Windows 7 Home Premium x64
Ran by Mike on Sun 10/19/2014 at 21:22:55.72
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{1B48ED34-C463-4278-A617-84ACC9DB01F8}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{657F0F4C-49EC-4BA8-A0AB-9BB245BBAB11}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{BDA75282-071C-4F6D-82AD-3DAD04D53724}
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{DEA25904-B993-4BA9-A7E3-463C4238AD2A}

 

~~~ FireFox

Successfully deleted the following from C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\y1mht37r.default\prefs.js

user_pref("valueApps.storage.mam_gk_userId", "35306663653837372D316465332D343733632D383661622D366163623230346566363436");
Emptied folder: C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\y1mht37r.default\minidumps [30 files]

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 10/19/2014 at 21:26:24.21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

Fixlog:

_______________________

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-10-2014
Ran by Mike at 2014-10-19 21:40:38 Run:1
Running from C:\Users\Mike\Desktop
Loaded Profile: Mike (Available profiles: Mike & Guest & Classic .NET AppPool & DefaultAppPool)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {6B78A880-15CA-468f-8422-A7960AD6FBB9} => C:\Program Files (x86)\Webroot\Security\current\plugins\sync\WebRootShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {4EE7A346-5845-471e-9FAB-002EAF83F8B0} => C:\Program Files (x86)\Webroot\Security\current\plugins\sync\WebRootShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {53DABC15-4F29-44ad-B09A-E0D0F9A3D075} => C:\Program Files (x86)\Webroot\Security\current\plugins\sync\WebRootShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {493FC96E-B938-4924-9B38-C4088E9B8AC2} => C:\Program Files (x86)\Webroot\Security\current\plugins\sync\WebRootShellExt_x64.dll No File
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll No File
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll No File
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll No File
BHO-x32: WebrootBHO Class -> {D93EC24D-8741-4D41-B83D-A5793B998416} -> C:\Program Files (x86)\Webroot\Security\current\plugins\browserextension\WebrootBHO.dll No File
BHO-x32: Webroot Browser Helper Object -> {e08861fe-8847-4b2a-8ec2-08edb20e4020} -> C:\Program Files (x86)\Webroot\Security\current\products\WISE\toolbar\LPBar.dll No File
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll No File
Toolbar: HKLM-x32 - Webroot Toolbar - {d84a64a0-f2b2-4975-b264-3a3bce8d57d6} - C:\Program Files (x86)\Webroot\Security\current\products\WISE\toolbar\LPBar.dll No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {A8864317-E18B-4292-99D9-E6E65AB905D3} -  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
U0 SR; No ImagePath
U2 srservice; No ImagePath
C:\Users\Mike\jagex_cl_runescape_LIVE.dat
C:\Users\Mike\jagex_runescape_preferences.dat
C:\Users\Mike\jagex_runescape_preferences2.dat
C:\Users\Guest\AppData\Local\Temp
CustomCLSID: HKU\S-1-5-21-940925835-2832117764-3215822635-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-940925835-2832117764-3215822635-1001_Classes\CLSID\{B5B8593C-89BC-44a7-BCE3-32FE4FED7C5C}\InprocServer32 -> C:\Users\Mike\AppData\Local\Workspace\wbetoolsax64.dll No File
CustomCLSID: HKU\S-1-5-21-940925835-2832117764-3215822635-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Mike\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
AlternateDataStreams: C:\ProgramData\Temp:4C4EDBB7
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-940925835-2832117764-3215822635-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION!
Folder: C:\Users\Mike\AppData\Local\lptmp516222010
*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncBackedUp" => Key deleted successfully.
"HKCR\CLSID\{6B78A880-15CA-468f-8422-A7960AD6FBB9}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncPending" => Key deleted successfully.
"HKCR\CLSID\{4EE7A346-5845-471e-9FAB-002EAF83F8B0}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncRoot" => Key deleted successfully.
"HKCR\CLSID\{53DABC15-4F29-44ad-B09A-E0D0F9A3D075}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncShared" => Key deleted successfully.
"HKCR\CLSID\{493FC96E-B938-4924-9B38-C4088E9B8AC2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504}" => Key not found.
"HKCR\CLSID\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9C42510-9B41-42c1-9DCD-7282A2D07C61}" => Key not found.
"HKCR\CLSID\{C9C42510-9B41-42c1-9DCD-7282A2D07C61}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9C42510-9B41-42c1-9DCD-7282A2D07C61}" => Key not found.
"HKCR\Wow6432Node\CLSID\{C9C42510-9B41-42c1-9DCD-7282A2D07C61}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D93EC24D-8741-4D41-B83D-A5793B998416}" => Key not found.
"HKCR\Wow6432Node\CLSID\{D93EC24D-8741-4D41-B83D-A5793B998416}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e08861fe-8847-4b2a-8ec2-08edb20e4020}" => Key not found.
"HKCR\Wow6432Node\CLSID\{e08861fe-8847-4b2a-8ec2-08edb20e4020}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{97ab88ef-346b-4179-a0b1-7445896547a5} => value deleted successfully.
"HKCR\CLSID\{97ab88ef-346b-4179-a0b1-7445896547a5}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{d84a64a0-f2b2-4975-b264-3a3bce8d57d6} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{d84a64a0-f2b2-4975-b264-3a3bce8d57d6}" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A8864317-E18B-4292-99D9-E6E65AB905D3} => Value not found.
"HKCR\CLSID\{A8864317-E18B-4292-99D9-E6E65AB905D3}" => Key not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
BTCFilterService => Service deleted successfully.
EagleX64 => Service deleted successfully.
motccgp => Service deleted successfully.
motccgpfl => Service deleted successfully.
MotoSwitchService => Service deleted successfully.
Motousbnet => Service deleted successfully.
motusbdevice => Service deleted successfully.
SR => Service deleted successfully.
srservice => Service deleted successfully.
C:\Users\Mike\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Users\Mike\jagex_runescape_preferences.dat => Moved successfully.
C:\Users\Mike\jagex_runescape_preferences2.dat => Moved successfully.
C:\Users\Guest\AppData\Local\Temp => Moved successfully.
"HKU\S-1-5-21-940925835-2832117764-3215822635-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-940925835-2832117764-3215822635-1001_Classes\CLSID\{B5B8593C-89BC-44a7-BCE3-32FE4FED7C5C}" => Key deleted successfully.
"HKU\S-1-5-21-940925835-2832117764-3215822635-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
C:\ProgramData\Temp => ":4C4EDBB7" ADS removed successfully.
"HKU\.DEFAULT\Software\Classes\exefile" => Key deleted successfully.
"HKU\.DEFAULT\Software\Classes\.exe" => Key deleted successfully.
"HKU\.DEFAULT\Software\Classes\exefile" => Key not found.
"HKU\S-1-5-19\Software\Classes\exefile" => Key deleted successfully.
"HKU\S-1-5-19\Software\Classes\.exe" => Key deleted successfully.
"HKU\S-1-5-19\Software\Classes\exefile" => Key not found.
"HKU\S-1-5-20\Software\Classes\exefile" => Key deleted successfully.
"HKU\S-1-5-20\Software\Classes\.exe" => Key deleted successfully.
"HKU\S-1-5-20\Software\Classes\exefile" => Key not found.
"HKU\S-1-5-21-940925835-2832117764-3215822635-1001\Software\Classes\exefile" => Key deleted successfully.
"HKU\S-1-5-21-940925835-2832117764-3215822635-1001\Software\Classes\.exe" => Key deleted successfully.
"HKU\S-1-5-21-940925835-2832117764-3215822635-1001\Software\Classes\exefile" => Key not found.

========================= Folder: C:\Users\Mike\AppData\Local\lptmp516222010 ========================

2014-10-01 13:02 - 2014-10-01 13:02 - 0000351 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\about.html
2014-10-01 13:02 - 2014-10-01 13:02 - 0001333 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\about1.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0000181 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\arrow.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000136 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\arrowon.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000131 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\backarrow.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000150 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\backbg.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000147 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\backbgover.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001347 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\background.html
2014-10-01 13:02 - 2014-10-01 13:02 - 0153135 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\background.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0000650 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\background2.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0014372 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\bg.jpg
2014-10-01 13:02 - 2014-10-01 13:02 - 0001218 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\bg2.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000000 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\blank.html
2014-10-01 13:02 - 2014-10-01 13:02 - 0015019 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\cc.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0001295 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\changemasterpw.html
2014-10-01 13:02 - 2014-10-01 13:02 - 0001602 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\changemasterpw_end.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0000026 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\changemasterpw5.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0000948 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\changemasterpw7.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0001181 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\changepw.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0001734 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\chooseprofilecc.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0000231 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\chooser.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001395 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\close.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000064 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\cmenu-vista-bg.gif
2014-10-01 13:02 - 2014-10-01 13:02 - 0000347 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\cmenu-vista-menu-item-hover.gif
2014-10-01 13:02 - 2014-10-01 13:02 - 0000852 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\combobox.css
2014-10-01 13:02 - 2014-10-01 13:02 - 0009184 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\combobox.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0000862 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\combobox_small.css
2014-10-01 13:02 - 2014-10-01 13:02 - 0001087 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\configure_formfill.html
2014-10-01 13:02 - 2014-10-01 13:02 - 0001549 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\configure_formfill_end.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0000195 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\configure_formfill6.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0000756 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\congratulations.html
2014-10-01 13:02 - 2014-10-01 13:02 - 0001120 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\congratulations_end.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0000352 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\congratulations4.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0000949 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\copypassword.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000708 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\copyurl.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001130 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\copyusername.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0002307 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\create_account.html
2014-10-01 13:02 - 2014-10-01 13:02 - 0003062 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\create_account_end.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0003709 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\create_account14.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0000026 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\create_account4.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0003567 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\create_icon_mobile.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0039173 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\csp.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0003642 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\db.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0001906 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\disk.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000043 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\dot_for_ie.gif
2014-10-01 13:02 - 2014-10-01 13:02 - 0001384 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\dropdown.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000418 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\export.html
2014-10-01 13:02 - 2014-10-01 13:02 - 0000847 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\export_choose.html
2014-10-01 13:02 - 2014-10-01 13:02 - 0000212 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\export_choose_end.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0000304 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\export_choose1.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0000262 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\export_choose3.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0000344 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\export1.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0306651 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\fftranslations.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0000986 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\fill.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0007629 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\formfill.css
2014-10-01 13:02 - 2014-10-01 13:02 - 0016294 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\formfill.html
2014-10-01 13:02 - 2014-10-01 13:02 - 0030211 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\formfill_end.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0000024 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\formfill1.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0066434 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\formfill2.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0023632 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\fromcs.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0001596 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\gauth.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0019898 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\gauthlastpass.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000101 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\general.css
2014-10-01 13:02 - 2014-10-01 13:02 - 0000221 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\general_small.css
2014-10-01 13:02 - 2014-10-01 13:02 - 0005802 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\generate.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0000540 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\ghettoslider.css
2014-10-01 13:02 - 2014-10-01 13:02 - 0001557 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\ghettoslider.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0001605 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\home.html
2014-10-01 13:02 - 2014-10-01 13:02 - 0001366 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\home.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001497 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\home_end.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0004860 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\home1.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0000670 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\homelocal2.css
2014-10-01 13:02 - 2014-10-01 13:02 - 0010566 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\homelocal2.html
2014-10-01 13:02 - 2014-10-01 13:02 - 0009596 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\homelocal2_end.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0000719 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\icon.gif
2014-10-01 13:02 - 2014-10-01 13:02 - 0001660 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\Icon.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0002228 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\icon_alert.gif
2014-10-01 13:02 - 2014-10-01 13:02 - 0000147 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\icon_alert.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001645 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\icon_gray.gif
2014-10-01 13:02 - 2014-10-01 13:02 - 0000704 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\icon_gray2.gif
2014-10-01 13:02 - 2014-10-01 13:02 - 0001739 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\icon_gray2.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001111 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\icon_green2.gif
2014-10-01 13:02 - 2014-10-01 13:02 - 0003077 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\icon_off.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0003038 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\icon_on.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001115 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\icon_yellow2.gif
2014-10-01 13:02 - 2014-10-01 13:02 - 0001111 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\icon2.gif
2014-10-01 13:02 - 2014-10-01 13:02 - 0001919 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\icon2.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0003697 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\icon2_blue.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001600 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\Icon-32.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001895 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\Icon-48.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001660 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\Icon-64.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0006680 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\icons.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000272 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\img.html
2014-10-01 13:02 - 2014-10-01 13:02 - 0000701 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\img1.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0001515 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\import.html
2014-10-01 13:02 - 2014-10-01 13:02 - 0001268 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\import_end.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0000883 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\import_other.html
2014-10-01 13:02 - 2014-10-01 13:02 - 0000597 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\import_other_end.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0011306 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\import_other1.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0000126 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\import_other4.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0001057 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\import_your_data.html
2014-10-01 13:02 - 2014-10-01 13:02 - 0001438 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\import_your_data_end.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0000195 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\import_your_data6.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0004748 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\import1.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0000233 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\import3.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0007539 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\iscrollc.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0004932 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\jquery.contextmenu.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0003084 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\jquery.hotkeys-0.7.9.min.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0002444 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\jquery.tree.hotkeys.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0055597 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\jquery.tree.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0001312 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\jquery.watermark.min.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0095361 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\jquery-1.7.2.min.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0027257 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\jquery-ui.css
2014-10-01 13:02 - 2014-10-01 13:02 - 0148019 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\jquery-ui.min.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0001502 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\kb.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001414 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\key.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0003412 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\login.html
2014-10-01 13:02 - 2014-10-01 13:02 - 0007192 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\login.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0005689 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\login1.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0000259 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\login23.js
2014-10-01 13:02 - 2014-10-01 13:23 - 3939502 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\lp_languages.zip
2014-10-01 13:02 - 2014-10-01 13:02 - 0005072 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\lp_toolstrip.css
2014-10-01 13:02 - 2014-10-01 13:02 - 0014735 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\lp_toolstrip.html
2014-10-01 13:02 - 2014-10-01 13:02 - 0016245 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\lp_toolstrip_end.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0000331 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\lp_toolstrip5.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0000259 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\lp_toolstrip52.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0001028 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\lp_toolstrip6.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0001777 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\manifest.json
2014-10-01 13:02 - 2014-10-01 13:02 - 0000661 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\mathfail.html
2014-10-01 13:02 - 2014-10-01 13:02 - 0000053 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\menu.css
2014-10-01 13:02 - 2014-10-01 13:02 - 0000447 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\menu.html
2014-10-01 13:02 - 2014-10-01 13:02 - 0034493 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\menu.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0004823 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\menu1.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0000148 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\menuheader.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000983 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\menuscript.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0055515 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\min.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0004621 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\namedpipes.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0045666 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\newvault.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0010534 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\notification.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0005689 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\notify.js
2014-10-01 13:02 - 2014-10-01 13:02 - 1513472 _____ (Webroot) C:\Users\Mike\AppData\Local\lptmp516222010\npwebroot.dll
2014-10-01 13:02 - 2014-10-01 13:02 - 1957888 _____ (Webroot) C:\Users\Mike\AppData\Local\lptmp516222010\npwebroot64.dll
2014-10-01 13:02 - 2014-10-01 13:02 - 0001020 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\omnikey.html
2014-10-01 13:02 - 2014-10-01 13:02 - 0000754 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\omnikey_end.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0000489 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\omnikey1.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0000071 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\omnikey3.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0377692 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\onloadwff.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0002231 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\orangealert.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0009209 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\otp.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0000615 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\overlay.css
2014-10-01 13:02 - 2014-10-01 13:02 - 0000473 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\overlay.html
2014-10-01 13:02 - 2014-10-01 13:02 - 0013641 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\overlay1.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0000001 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\partner.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0008844 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\popover.css
2014-10-01 13:02 - 2014-10-01 13:02 - 0006012 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\popover.html
2014-10-01 13:02 - 2014-10-01 13:02 - 0004253 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\popover_end.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0019510 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\popover1.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0003297 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\popover29.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0000026 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\popover7.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0000853 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\popupcombobox.css
2014-10-01 13:02 - 2014-10-01 13:02 - 0016448 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\popupcombobox.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0025694 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\popupfilltab.css
2014-10-01 13:02 - 2014-10-01 13:02 - 0000572 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\popupfilltab.html
2014-10-01 13:02 - 2014-10-01 13:02 - 0019097 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\popupfilltab.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0109721 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\popupfilltab_common.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0083344 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\popupfilltab_cs.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0001245 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\prefs.css
2014-10-01 13:02 - 2014-10-01 13:02 - 0010475 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\prefs.html
2014-10-01 13:02 - 2014-10-01 13:02 - 0005779 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\prefs.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0016669 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\prefs_end.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0018981 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\prefs1.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0000687 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\print_choose.html
2014-10-01 13:02 - 2014-10-01 13:02 - 0000208 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\print_choose_end.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0000161 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\print_choose1.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0000110 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\print_choose3.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0002082 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\push_client.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0000521 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\q3Jrp.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001666 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\reenter_password.html
2014-10-01 13:02 - 2014-10-01 13:02 - 0003256 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\reenter_password_end.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0000026 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\reenter_password14.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0004376 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\reenter_password15.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0011182 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\rsakeys.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0090421 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\server.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0004119 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\site.css
2014-10-01 13:02 - 2014-10-01 13:02 - 0004687 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\site.html
2014-10-01 13:02 - 2014-10-01 13:02 - 0004011 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\site_end.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0042374 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\site1.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0000026 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\site11.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0000148 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\site21.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0005902 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\sites.css
2014-10-01 13:02 - 2014-10-01 13:02 - 0008423 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\sorttable.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0002803 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\spreadsheet.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0016088 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\step2.gif
2014-10-01 13:02 - 2014-10-01 13:02 - 0000761 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\styles.css
2014-10-01 13:02 - 2014-10-01 13:02 - 0009447 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\teststyle.css
2014-10-01 13:02 - 2014-10-01 13:02 - 0002869 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\textboxes.css
2014-10-01 13:02 - 2014-10-01 13:02 - 0002251 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\textboxes_small.css
2014-10-01 13:02 - 2014-10-01 13:02 - 0001844 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\throbber.gif
2014-10-01 13:02 - 2014-10-01 13:02 - 0008524 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\toolstrip.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0000223 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\trbg.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0003433 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\treestyle.css
2014-10-01 13:02 - 2014-10-01 13:02 - 0005243 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\treestyle2.css
2014-10-01 13:02 - 2014-10-01 13:02 - 0000180 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\ui-bg_flat_0_aaaaaa_40x100.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000178 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\ui-bg_flat_75_ffffff_40x100.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000111 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\ui-bg_glass_75_dadada_1x400.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000110 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\ui-bg_glass_75_e6e6e6_1x400.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000101 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\ui-bg_highlight-soft_75_cccccc_1x100.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0004369 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\ui-icons_222222_256x240.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0004369 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\ui-icons_454545_256x240.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001123 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\vault.css
2014-10-01 13:02 - 2014-10-01 13:02 - 0025661 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\vault2.css
2014-10-01 13:02 - 2014-10-01 13:02 - 0006649 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\vaultcommonc.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0000850 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\welcome.html
2014-10-01 13:02 - 2014-10-01 13:02 - 0001053 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\welcome_end.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0000225 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\welcome4.js
2014-10-01 13:02 - 2014-10-01 13:02 - 0000076 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\x.gif
2014-10-01 13:02 - 2014-10-01 13:02 - 0001502 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\x3.gif
2014-10-01 13:02 - 2014-10-01 13:02 - 0001573 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\xlarge.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001551 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\xlarge2.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001721 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\xlarge3.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000729 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\yubicoring16.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0027398 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\yubikeyicon2.jpg
2014-10-01 13:02 - 2014-10-01 13:02 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\_locales
2014-10-01 13:02 - 2014-10-01 13:02 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\_locales\de
2014-10-01 13:02 - 2014-10-01 13:02 - 0110169 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\_locales\de\messages.json
2014-10-01 13:02 - 2014-10-01 13:02 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\_locales\en_US
2014-10-01 13:02 - 2014-10-01 13:02 - 0107007 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\_locales\en_US\messages.json
2014-10-01 13:02 - 2014-10-01 13:02 - 0107007 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\_locales\en_US\messages.json.orig
2014-10-01 13:02 - 2014-10-01 13:02 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\_locales\es
2014-10-01 13:02 - 2014-10-01 13:02 - 0108744 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\_locales\es\messages.json
2014-10-01 13:02 - 2014-10-01 13:02 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\_locales\fr
2014-10-01 13:02 - 2014-10-01 13:02 - 0105826 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\_locales\fr\messages.json
2014-10-01 13:02 - 2014-10-01 13:02 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\_locales\it
2014-10-01 13:02 - 2014-10-01 13:02 - 0102491 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\_locales\it\messages.json
2014-10-01 13:02 - 2014-10-01 13:02 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\_locales\ja
2014-10-01 13:02 - 2014-10-01 13:02 - 0115337 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\_locales\ja\messages.json
2014-10-01 13:02 - 2014-10-01 13:02 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\_locales\ko
2014-10-01 13:02 - 2014-10-01 13:02 - 0113030 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\_locales\ko\messages.json
2014-10-01 13:02 - 2014-10-01 13:02 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\_locales\nl
2014-10-01 13:02 - 2014-10-01 13:02 - 0102217 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\_locales\nl\messages.json
2014-10-01 13:02 - 2014-10-01 13:02 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\_locales\pt_PT
2014-10-01 13:02 - 2014-10-01 13:02 - 0104935 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\_locales\pt_PT\messages.json
2014-10-01 13:02 - 2014-10-01 13:02 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\_locales\ru
2014-10-01 13:02 - 2014-10-01 13:02 - 0129881 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\_locales\ru\messages.json
2014-10-01 13:02 - 2014-10-01 13:02 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\_locales\tr
2014-10-01 13:02 - 2014-10-01 13:02 - 0098622 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\_locales\tr\messages.json
2014-10-01 13:02 - 2014-10-01 13:02 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\_locales\zh_CN
2014-10-01 13:02 - 2014-10-01 13:02 - 0100583 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\_locales\zh_CN\messages.json
2014-10-01 13:02 - 2014-10-01 13:02 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\_locales\zh_TW
2014-10-01 13:02 - 2014-10-01 13:02 - 0100600 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\_locales\zh_TW\messages.json
2014-10-01 13:02 - 2014-10-01 13:02 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\images
2014-10-01 13:02 - 2014-10-01 13:02 - 0002883 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\ad_delcache.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0002220 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\ad_export.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001788 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\ad_help.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0002456 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\ad_ident.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0002092 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\ad_import.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0002325 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\ad_prefs.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0002313 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\ad_print.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0003123 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\ad_refresh.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0002890 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\ad_seccheck.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0003746 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\ad_sess.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001981 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\add.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0002051 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\addgroup.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0004387 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\adroll_delcache.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0003422 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\adroll_export.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0002496 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\adroll_help.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0004151 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\adroll_ident.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0003301 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\adroll_import.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0003791 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\adroll_prefs.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0004012 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\adroll_print.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0005388 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\adroll_refresh.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0004606 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\adroll_seccheck.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0006468 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\adroll_sess.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001181 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\asterisk.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0002337 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\bw_question.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000848 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\checkmark.gif
2014-10-01 13:02 - 2014-10-01 13:02 - 0002044 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\cog.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001318 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\collapseoff.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001315 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\collapseon.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000775 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\computer_delete.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001709 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\create_small.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001163 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\down.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0004822 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\edu_languages.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000725 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\emoticon_smile.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0003052 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\excel.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000701 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\exclamation.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001321 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\expandoff.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001327 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\expandon.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000946 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\export.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0002395 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\Eyerect40x26.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0002649 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\Eyerect40x26_glow.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0002568 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\Eyerect40x26_never.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0002655 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\Eyerect40x26_never_glow.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0002715 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\generic.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000212 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\ghettoslider-bg.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000260 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\ghettoslider-knob.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000197 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\ghettoslider-left.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000197 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\ghettoslider-right.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001001 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\gradient.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000813 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\group_key.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0017519 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\help_128.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000378 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\icon_applications.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0003250 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\icon_autofill.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000344 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\icon_autologin.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000789 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\icon_bell.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0003314 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\icon_deleted.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000472 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\icon_favorite.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001382 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\icon_favorites.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001538 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\icon_formfill.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0006619 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\icon_gray128.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000484 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\icon_gray16.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001119 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\icon_gray32.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001778 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\icon_gray48.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0002603 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\icon_gray64.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001567 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\icon_help.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001436 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\icon_identities.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001579 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\icon_lock.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000559 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\icon_note.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001505 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\icon_notes.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001590 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\icon_preferences.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000725 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\icon_premium.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000559 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\icon_protected.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001656 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\icon_recent.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001482 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\icon_saveall.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000986 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\icon_settings_small.gif
2014-10-01 13:02 - 2014-10-01 13:02 - 0001692 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\icon_sites.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001762 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\icon_tools.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000338 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\icon_up-red.gif
2014-10-01 13:02 - 2014-10-01 13:02 - 0001722 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\icon_vault.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0009966 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\icon128.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000923 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\icon16.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0002545 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\icon32.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0004522 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\icon48.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0005854 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\icon64.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0006680 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\icons.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000986 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\import.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001592 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\key_small.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000570 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\keyboard.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001163 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\left.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000749 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\lock.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0002348 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\logouticon.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001874 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\lpdropdown_off.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0002080 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\lpdropdown_on.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0006631 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\lpwhite_small.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0006631 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\lpwhite_small.png.orig
2014-10-01 13:02 - 2014-10-01 13:02 - 0007367 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\lpwhitelogo.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001969 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\menu_advanced.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001299 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\menu_arrow.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0017323 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\menu_bg.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001434 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\menu_formfill.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001985 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\menu_generate.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001524 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\menu_logoff.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0002159 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\menu_navbg.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001481 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\menu_notes.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001352 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\menu_search.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0002160 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\menu_sep.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001352 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\menu_titlebg.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001910 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\menu_vault.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001514 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\menu_x.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000264 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\menuarrow.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000268 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\menuarrowback.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000179 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\menuarrowbackover.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000274 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\menuarrowup.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000237 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\menuarrowupover.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000560 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\menucog.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001447 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\menucogover.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0002866 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\menuglow_advanced.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0002062 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\menuglow_formfill.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0003134 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\menuglow_generate.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0002093 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\menuglow_notes.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0002789 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\menuglow_vault.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000573 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\menulogoff.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000369 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\menulogoffover.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0003085 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\menuroll_advanced.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0002140 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\menuroll_formfill.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0003022 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\menuroll_generate.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0002007 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\menuroll_notes.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0002852 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\menuroll_vault.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000237 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\menusave.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000437 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\menusearch.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000641 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\note_add.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001996 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\overlayclose.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000833 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\page_gear.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001244 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\paperclip.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001362 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\paperclip_hover.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001843 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\passwordmeter_back.gif
2014-10-01 13:02 - 2014-10-01 13:02 - 0003210 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\passwordmeter_front.gif
2014-10-01 13:02 - 2014-10-01 13:02 - 0003613 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\pdf.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001579 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\power_off.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0003144 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\powerpoint.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000731 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\printer.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001318 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\pwdrop.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0010915 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\recording.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000571 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\reload.gif
2014-10-01 13:02 - 2014-10-01 13:02 - 0001148 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\right.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001181 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\screenkeyboard.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001670 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\search-icon.gif
2014-10-01 13:02 - 2014-10-01 13:02 - 0001670 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\search-icon-blue.gif
2014-10-01 13:02 - 2014-10-01 13:02 - 0001023 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\seccheck.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001482 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\site_add.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0003103 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\text.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000146 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\th_off.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000146 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\th_on.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0002784 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\th_over.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000537 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\tick.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0002323 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\time.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001553 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\ui-anim_basic_16x16.gif
2014-10-01 13:02 - 2014-10-01 13:02 - 0000180 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\ui-bg_flat_0_eeeeee_40x100.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000213 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\ui-bg_flat_55_c0402a_40x100.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000180 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\ui-bg_flat_55_eeeeee_40x100.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000105 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\ui-bg_glass_100_f8f8f8_1x400.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000109 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\ui-bg_glass_35_dddddd_1x400.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000110 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\ui-bg_glass_60_eeeeee_1x400.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000114 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\ui-bg_inset-hard_75_999999_1x100.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000142 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\ui-bg_inset-soft_50_c9c9c9_1x100.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0004369 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\ui-icons_3383bb_256x240.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0005355 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\ui-icons_70b2e1_256x240.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0004369 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\ui-icons_999999_256x240.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0004369 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\ui-icons_fbc856_256x240.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001320 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\unlock.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000338 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\up-red.gif
2014-10-01 13:02 - 2014-10-01 13:02 - 0009530 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\vault.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000588 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\vaultaccept.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001188 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\vaultalert.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001173 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\vaultcopy.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001763 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\vaultcreditmonitor.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000308 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\vaultdelete.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000326 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\vaultedit.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001208 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\vaultff.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000620 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\vaultidentity.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000547 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\vaultreject.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000344 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\vaultshare.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001159 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\vaultshares.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0003037 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\word.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001501 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\xsmall.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001629 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\xsmallroll.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\images\lib
2014-10-01 13:02 - 2014-10-01 13:02 - 0002084 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\lib\book_open.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001966 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\lib\creditcards.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001861 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\lib\export.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0002125 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\lib\folder-blue.gif
2014-10-01 13:02 - 2014-10-01 13:02 - 0003773 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\lib\help.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001843 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\lib\import.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001938 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\lib\kcontrol.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0001546 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\lib\key.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0004027 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\lib\note_add.png
2014-10-01 13:02 - 2014-10-01 13:02 - 0002012 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\lib\popular.gif
2014-10-01 13:02 - 2014-10-01 13:02 - 0002206 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\lib\remove-user-red.gif
2014-10-01 13:02 - 2014-10-01 13:02 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\images\svg
2014-10-01 13:02 - 2014-10-01 13:02 - 0000622 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\svg\arrow.svg
2014-10-01 13:02 - 2014-10-01 13:02 - 0000922 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\svg\article.svg
2014-10-01 13:02 - 2014-10-01 13:02 - 0000643 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\svg\blocked.svg
2014-10-01 13:02 - 2014-10-01 13:02 - 0000665 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\svg\blocked_red.svg
2014-10-01 13:02 - 2014-10-01 13:02 - 0000491 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\svg\caret-left.svg
2014-10-01 13:02 - 2014-10-01 13:02 - 0000895 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\svg\key2.svg
2014-10-01 13:02 - 2014-10-01 13:02 - 0000475 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\svg\minus.svg
2014-10-01 13:02 - 2014-10-01 13:02 - 0000608 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\svg\plus.svg
2014-10-01 13:02 - 2014-10-01 13:02 - 0000915 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\svg\plus-sign.svg
2014-10-01 13:02 - 2014-10-01 13:02 - 0000823 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\images\svg\wrench.svg
2014-10-01 13:02 - 2014-10-01 13:02 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\af_ZA
2014-10-01 13:02 - 2014-10-01 13:02 - 0004898 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\af_ZA\af_ZA.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\ar_EG
2014-10-01 13:02 - 2014-10-01 13:02 - 0004798 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\ar_EG\ar_EG.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\ar_SA
2014-10-01 13:02 - 2014-10-01 13:02 - 0002719 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\ar_SA\ar_SA.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\az_AZ
2014-10-01 13:02 - 2014-10-01 13:02 - 0005072 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\az_AZ\az_AZ.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\be_BY
2014-10-01 13:02 - 2014-10-01 13:02 - 0004804 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\be_BY\be_BY.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\bg_BG
2014-10-01 13:02 - 2014-10-01 13:02 - 0004752 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\bg_BG\bg_BG.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\bn_BD
2014-10-01 13:02 - 2014-10-01 13:02 - 0004796 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\bn_BD\bn_BD.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\bs_BA
2014-10-01 13:02 - 2014-10-01 13:02 - 0004862 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\bs_BA\bs_BA.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\ca_ES
2014-10-01 13:02 - 2014-10-01 13:02 - 0004754 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\ca_ES\ca_ES.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\cs_CZ
2014-10-01 13:02 - 2014-10-01 13:02 - 0004830 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\cs_CZ\cs_CZ.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\da_DK
2014-10-01 13:02 - 2014-10-01 13:02 - 0002457 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\da_DK\da_DK.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\de_DE
2014-10-01 13:02 - 2014-10-01 13:02 - 0003043 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\de_DE\de_DE.xpm
2014-10-01 13:02 - 2014-10-01 13:02 - 0044224 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\de_DE\messages.mo
2014-10-01 13:02 - 2014-10-01 13:02 - 0017128 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\de_DE\wxstd.mo
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\el_GR
2014-10-01 13:02 - 2014-10-01 13:02 - 0002925 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\el_GR\el_GR.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\en_AU
2014-10-01 13:02 - 2014-10-01 13:02 - 0004906 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\en_AU\en_AU.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\en_GB
2014-10-01 13:02 - 2014-10-01 13:02 - 0005012 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\en_GB\en_GB.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\en_US
2014-10-01 13:02 - 2014-10-01 13:02 - 0002659 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\en_US\en_US.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\eo_US
2014-10-01 13:02 - 2014-10-01 13:02 - 0004778 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\eo_US\eo_US.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\es_ES
2014-10-01 13:02 - 2014-10-01 13:02 - 0002682 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\es_ES\es_ES.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\es_MX
2014-10-01 13:02 - 2014-10-01 13:02 - 0004802 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\es_MX\es_MX.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\et_EE
2014-10-01 13:02 - 2014-10-01 13:02 - 0004937 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\et_EE\et_EE.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\fa_IR
2014-10-01 13:02 - 2014-10-01 13:02 - 0002855 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\fa_IR\fa_IR.xpm
2014-10-01 13:02 - 2014-10-01 13:02 - 0010774 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\fa_IR\messages.mo
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\fi_FI
2014-10-01 13:02 - 2014-10-01 13:02 - 0002521 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\fi_FI\fi_FI.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\fr_CA
2014-10-01 13:02 - 2014-10-01 13:02 - 0004774 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\fr_CA\fr_CA.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\fr_FR
2014-10-01 13:02 - 2014-10-01 13:02 - 0002558 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\fr_FR\fr_FR.xpm
2014-10-01 13:02 - 2014-10-01 13:02 - 0039684 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\fr_FR\messages.mo
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\ga_IE
2014-10-01 13:02 - 2014-10-01 13:02 - 0004995 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\ga_IE\ga_IE.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\gl_ES
2014-10-01 13:02 - 2014-10-01 13:02 - 0004862 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\gl_ES\gl_ES.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\gu_IN
2014-10-01 13:02 - 2014-10-01 13:02 - 0002968 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\gu_IN\gu_IN.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\he_IL
2014-10-01 13:02 - 2014-10-01 13:02 - 0001703 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\he_IL\he_IL.xpm
2014-10-01 13:02 - 2014-10-01 13:02 - 0034313 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\he_IL\messages.mo
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\hi_IN
2014-10-01 13:02 - 2014-10-01 13:02 - 0002968 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\hi_IN\hi_IN.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\hr_HR
2014-10-01 13:02 - 2014-10-01 13:02 - 0002564 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\hr_HR\hr_HR.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\hu_HU
2014-10-01 13:02 - 2014-10-01 13:02 - 0002405 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\hu_HU\hu_HU.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\id_ID
2014-10-01 13:02 - 2014-10-01 13:02 - 0004744 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\id_ID\id_ID.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\is_IS
2014-10-01 13:02 - 2014-10-01 13:02 - 0002567 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\is_IS\is_IS.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\it_IT
2014-10-01 13:02 - 2014-10-01 13:02 - 0002293 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\it_IT\it_IT.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\ja_JP
2014-10-01 13:02 - 2014-10-01 13:02 - 0001523 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\ja_JP\ja_JP.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\ka_GE
2014-10-01 13:02 - 2014-10-01 13:02 - 0004975 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\ka_GE\ka_GE.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\kn_IN
2014-10-01 13:02 - 2014-10-01 13:02 - 0005038 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\kn_IN\kn_IN.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\ko_KR
2014-10-01 13:02 - 2014-10-01 13:02 - 0002449 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\ko_KR\ko_KR.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\lt_LT
2014-10-01 13:02 - 2014-10-01 13:02 - 0003070 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\lt_LT\lt_LT.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\lv_LV
2014-10-01 13:02 - 2014-10-01 13:02 - 0004744 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\lv_LV\lv_LV.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\mg_MG
2014-10-01 13:02 - 2014-10-01 13:02 - 0004992 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\mg_MG\mg_MG.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\mk_MK
2014-10-01 13:02 - 2014-10-01 13:02 - 0005057 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\mk_MK\mk_MK.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\ml_IN
2014-10-01 13:02 - 2014-10-01 13:02 - 0005038 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\ml_IN\ml_IN.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\mr_IN
2014-10-01 13:02 - 2014-10-01 13:02 - 0002968 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\mr_IN\mr_IN.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\ms_MY
2014-10-01 13:02 - 2014-10-01 13:02 - 0002425 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\ms_MY\ms_MY.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\nb_NO
2014-10-01 13:02 - 2014-10-01 13:02 - 0002503 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\nb_NO\nb_NO.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\nl_NL
2014-10-01 13:02 - 2014-10-01 13:02 - 0000124 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\nl_NL\junk.html
2014-10-01 13:02 - 2014-10-01 13:02 - 0040948 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\nl_NL\messages.mo
2014-10-01 13:02 - 2014-10-01 13:02 - 0002676 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\nl_NL\nl_NL.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\nn_NO
2014-10-01 13:02 - 2014-10-01 13:02 - 0002503 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\nn_NO\nn_NO.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\pa_IN
2014-10-01 13:02 - 2014-10-01 13:02 - 0002968 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\pa_IN\pa_IN.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\pl_PL
2014-10-01 13:02 - 2014-10-01 13:02 - 0002202 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\pl_PL\pl_PL.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\pt_BR
2014-10-01 13:02 - 2014-10-01 13:02 - 0002860 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\pt_BR\pt_BR.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\pt_PT
2014-10-01 13:02 - 2014-10-01 13:02 - 0005024 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\pt_PT\pt_PT.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\ro_RO
2014-10-01 13:02 - 2014-10-01 13:02 - 0002926 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\ro_RO\ro_RO.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\ru_RU
2014-10-01 13:02 - 2014-10-01 13:02 - 0002667 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\ru_RU\ru_RU.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\si_LK
2014-10-01 13:02 - 2014-10-01 13:02 - 0005054 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\si_LK\si_LK.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\sk_SK
2014-10-01 13:02 - 2014-10-01 13:02 - 0002939 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\sk_SK\sk_SK.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\sl_SI
2014-10-01 13:02 - 2014-10-01 13:02 - 0002887 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\sl_SI\sl_SI.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\sq_AL
2014-10-01 13:02 - 2014-10-01 13:02 - 0005037 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\sq_AL\sq_AL.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\sr_RS
2014-10-01 13:02 - 2014-10-01 13:02 - 0002395 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\sr_RS\sr_RS.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\sv_SE
2014-10-01 13:02 - 2014-10-01 13:02 - 0039217 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\sv_SE\messages.mo
2014-10-01 13:02 - 2014-10-01 13:02 - 0002798 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\sv_SE\sv_SE.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\ta_IN
2014-10-01 13:02 - 2014-10-01 13:02 - 0002968 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\ta_IN\ta_IN.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\th_TH
2014-10-01 13:02 - 2014-10-01 13:02 - 0002773 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\th_TH\th_TH.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\tl_PH
2014-10-01 13:02 - 2014-10-01 13:02 - 0005044 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\tl_PH\tl_PH.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\tr_TR
2014-10-01 13:02 - 2014-10-01 13:02 - 0002634 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\tr_TR\tr_TR.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\uk_UA
2014-10-01 13:02 - 2014-10-01 13:02 - 0002878 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\uk_UA\uk_UA.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\ur_PK
2014-10-01 13:02 - 2014-10-01 13:02 - 0005028 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\ur_PK\ur_PK.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\vi_VN
2014-10-01 13:02 - 2014-10-01 13:02 - 0002522 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\vi_VN\vi_VN.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\zh_CN
2014-10-01 13:02 - 2014-10-01 13:02 - 0004794 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\zh_CN\zh_CN.xpm
2014-10-01 13:02 - 2014-10-01 13:23 - 0000000 ____D () C:\Users\Mike\AppData\Local\lptmp516222010\languages\zh_TW
2014-10-01 13:02 - 2014-10-01 13:02 - 0004812 _____ () C:\Users\Mike\AppData\Local\lptmp516222010\languages\zh_TW\zh_TW.xpm

====== End of Folder: ======

==== End of Fixlog ====

 

 

 

Overall, everything still seems to be running the same, with a lot of "Not Responding" waiting periods. Except for the programs that you had me use, they functioned perfectly. :)



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,413 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:03 PM

Posted 19 October 2014 - 09:05 PM

Hi Mike,

Thanks for the information. There are a number of good, free antivirus programs to choose from. For me personally I have used Avast Free for quite some time and have been happy with it. I don't have much experience with other programs.

Does it sound about right that you installed LastPass around October, 1?

Please run this.

===================================================

Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.

sUBs, the author of Combofix, recommends you to uninstall AVG or CA Internet Security before running the program. If you have either of these programs on your computer please uninstall them using AppRemover which can be downloaded here. We will be sure to reinstall the Antivirus program once we are finished using Combofix.
  • Please download ComboFix from one of these locations:

BleepingComputer
ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.
Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Combofix log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Mike585x

Mike585x
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 19 October 2014 - 10:17 PM

Thanks Gary I will definitely have to check out that antivirus sometime. As for "LastPass", I am not even sure what that is. To my knowledge I definitely did not install anything like that.

 

Combofix log: (Please note that I made sure that there was no anti-virus running before hitting the final "ok" for the initial scan to start.)

 

 

ComboFix 14-10-15.01 - Mike 10/19/2014  22:32:38.1.6 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8191.6253 [GMT -4:00]
Running from: c:\users\Mike\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Microsoft Security Essentials *Enabled/Outdated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Microsoft Security Essentials *Enabled/Outdated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\Roaming
c:\programdata\Roaming\Disney Imagineering\Ultimate Ride Coaster Deluxe\Saves\Coaster1.csa
c:\programdata\Roaming\Disney Imagineering\Ultimate Ride Coaster Deluxe\Saves\Coaster2.csa
c:\programdata\Roaming\Disney Imagineering\Ultimate Ride Coaster Deluxe\Saves\Coaster3.csa
c:\programdata\Roaming\Disney Imagineering\Ultimate Ride Coaster Deluxe\Saves\Coaster4.csa
c:\programdata\Roaming\Disney Imagineering\Ultimate Ride Coaster Deluxe\Saves\Coaster5.csa
c:\programdata\Roaming\Disney Imagineering\Ultimate Ride Coaster Deluxe\Saves\Coaster6.csa
c:\programdata\Roaming\Disney Imagineering\Ultimate Ride Coaster Deluxe\Saves\Coaster7.csa
c:\programdata\Roaming\Disney Imagineering\Ultimate Ride Coaster Deluxe\Saves\Coaster8.csa
c:\users\Mike\AppData\Roaming\Local
c:\users\Mike\AppData\Roaming\Local\FalloutNV\Fallout.ini
c:\users\Mike\AppData\Roaming\Local\FalloutNV\FalloutPrefs.ini
c:\users\Mike\AppData\Roaming\Local\FalloutNV\NVDLCList.txt
c:\users\Mike\AppData\Roaming\Local\FalloutNV\plugins.txt
c:\users\Mike\AppData\Roaming\Local\FalloutNV\RendererInfo.txt
c:\windows\SysWow64\SET7C51.tmp
c:\windows\SysWow64\SET7D1E.tmp
c:\windows\SysWow64\SET8476.tmp
c:\windows\SysWow64\SET91A3.tmp
c:\windows\SysWow64\SET92EE.tmp
c:\windows\SysWow64\SET97C7.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-20 to 2014-10-20  )))))))))))))))))))))))))))))))
.
.
2014-10-20 02:49 . 2014-10-20 02:49 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2014-10-20 02:49 . 2014-10-20 02:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-20 02:49 . 2014-10-20 02:49 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
2014-10-20 01:22 . 2014-10-20 01:22 -------- d-----w- c:\windows\ERUNT
2014-10-20 00:55 . 2014-10-20 01:10 -------- d-----w- C:\AdwCleaner
2014-10-17 17:21 . 2014-10-20 01:41 -------- d-----w- C:\FRST
2014-10-12 02:48 . 2014-10-12 02:48 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2014-10-12 02:48 . 2014-10-12 02:48 -------- d-----w- c:\program files\Microsoft Security Client
2014-10-05 23:36 . 2014-08-18 20:45 360448 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2014-10-05 23:36 . 2014-08-18 20:41 259584 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll
2014-10-05 23:36 . 2014-08-18 22:05 596480 ----a-w- c:\windows\system32\ieui.dll
2014-10-05 23:18 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-10-05 23:18 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-10-01 18:06 . 2014-10-01 18:06 -------- d-----w- c:\users\Mike\AppData\Local\Intuit
2014-10-01 18:06 . 2014-10-01 18:06 -------- d-----w- c:\users\Mike\AppData\Local\offsync
2014-10-01 17:02 . 2014-10-01 17:23 -------- d-----w- c:\users\Mike\AppData\Local\lptmp516222010
2014-09-30 19:40 . 2014-09-25 02:08 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-30 19:40 . 2014-09-25 01:40 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-29 06:48 . 2013-09-23 17:49 197704 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2014-09-29 06:47 . 2014-09-29 06:47 32371688 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
2014-09-29 06:47 . 2014-09-29 06:47 -------- d-----w- c:\users\Mike\AppData\Local\McAfee File Lock
2014-09-29 06:47 . 2013-09-09 15:11 74560 ----a-w- c:\windows\system32\drivers\McPvDrv.sys
2014-09-29 06:46 . 2014-09-29 06:48 -------- d-----w- c:\program files (x86)\SafeKey
2014-09-29 06:45 . 2014-09-29 06:46 -------- d-----w- c:\program files (x86)\Common Files\McAfee
2014-09-29 06:45 . 2014-09-29 06:48 -------- d-----w- c:\program files\McAfee
2014-09-29 06:44 . 2014-10-01 02:19 -------- d-----w- c:\program files (x86)\McAfee
2014-09-29 06:19 . 2014-09-29 06:22 -------- d-----w- c:\program files\stinger
2014-09-29 06:16 . 2014-06-20 14:30 189912 ----a-w- c:\windows\system32\mfevtps.exe
2014-09-29 06:16 . 2014-09-29 06:46 -------- d-----w- c:\program files\Common Files\McAfee
2014-09-23 19:45 . 2014-09-09 22:11 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-01 17:02 . 2012-12-14 17:56 10395072 ----a-w- c:\program files (x86)\Common Files\wruninstall.exe
2014-09-23 19:33 . 2012-04-03 01:46 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-23 19:33 . 2011-06-10 04:21 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-15 13:06 . 2011-04-20 07:13 278152 ------w- c:\windows\system32\MpSigStub.exe
2014-09-09 21:47 . 2014-09-23 19:45 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-09-09 02:05 . 2014-09-26 15:27 11578928 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0CF505A7-61CE-477E-B015-F82E30FF16E4}\mpengine.dll
2014-09-05 02:10 . 2014-09-16 21:00 578048 ----a-w- c:\windows\system32\aepdu.dll
2014-09-05 02:05 . 2014-09-16 21:00 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-08-18 21:46 . 2014-10-05 23:35 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-08-18 20:46 . 2014-10-05 23:35 1812992 ----a-w- c:\windows\SysWow64\wininet.dll
2014-08-01 11:53 . 2014-09-16 21:01 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-08-01 11:35 . 2014-09-16 21:01 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-07-25 06:35 . 2014-07-25 06:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 03:47 . 2014-07-25 03:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-24 18:33 . 2014-07-24 18:33 11336 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys
2014-07-24 18:32 . 2014-07-24 18:32 96592 ----a-w- c:\windows\system32\drivers\mfencrk.sys
2014-07-24 18:31 . 2014-07-24 18:31 444720 ----a-w- c:\windows\system32\drivers\mfencbdc.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{61D700C1-7D8D-43c5-9C13-4FF85157CFE6}"= "c:\program files (x86)\SafeKey\LPToolbar.dll" [2014-09-29 728560]
.
[HKEY_CLASSES_ROOT\clsid\{61d700c1-7d8d-43c5-9c13-4ff85157cfe6}]
[HKEY_CLASSES_ROOT\LPToolbar.LPToolbarBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{0A715D8A-947C-4ab1-AF67-62881ED45206}]
[HKEY_CLASSES_ROOT\LPToolbar.LPToolbarBand]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionMDEngine"="c:\program files (x86)\ATI Technologies\HydraVision\HydraMD.exe" [2010-11-23 569344]
"DisplayFusion"="c:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2012-11-06 4032968]
"dualmonitor"="c:\program files (x86)\Dual Monitor\DualMonitor.exe" [2013-02-18 478720]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2010-11-23 393216]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-01-08 3674320]
"HP Officejet 6600 (NET)"="c:\program files\hp\HP Officejet 6600\Bin\ScanToPCActivationApp.exe" [2011-09-09 2676584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-09-28 664600]
"Logitech H800"="c:\program files (x86)\Logitech\H800\H800.exe" [2011-07-29 273432]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2014-06-03 2368736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 537992]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Install SafeKey FF RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -q -name=SafeKey -ffuuid {072844D3-7DEE-45F6-A406-E87F76302E4B} [2014-9-29 32371688]
Install SafeKey IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -p -name=SafeKey -ffuuid {072844D3-7DEE-45F6-A406-E87F76302E4B} [2014-9-29 32371688]
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe -det [2010-9-28 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"= 0 (0x0)
"DisableLocalMachineRunOnce"= 0 (0x0)
"DisableCurrentUserRun"= 0 (0x0)
"DisableCurrentUserRunOnce"= 0 (0x0)
"NoFile"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys;c:\windows\SYSNATIVE\Drivers\motoandroid.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 SaiK8018;SaiK8018;c:\windows\system32\DRIVERS\SaiK8018.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK8018.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys;c:\windows\SYSNATIVE\DRIVERS\vcsvad.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0151.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 Agent;VPDAgent;c:\windows\VPDAgent_x64.exe;c:\windows\VPDAgent_x64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys;c:\windows\SYSNATIVE\drivers\McPvDrv.sys [x]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
S2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [x]
S2 Neat Startup Service;Neat Startup Service;c:\program files (x86)\Neat\exec\NeatStartupService.exe;c:\program files (x86)\Neat\exec\NeatStartupService.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv.sys [x]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 t_mouse.sys;HID-compliand device;c:\windows\system32\DRIVERS\t_mouse.sys;c:\windows\SYSNATIVE\DRIVERS\t_mouse.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 voxaldriver;Voxal Filter Driver 2.00.00;c:\windows\system32\DRIVERS\voxaldriverx64.sys;c:\windows\SYSNATIVE\DRIVERS\voxaldriverx64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ    w3svc was
apphost REG_MULTI_SZ    apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 19:33]
.
2014-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-18 16:36]
.
2014-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-18 16:36]
.
2014-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-940925835-2832117764-3215822635-1001Core.job
- c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-05 06:59]
.
2014-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-940925835-2832117764-3215822635-1001UA.job
- c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-05 06:59]
.
2014-10-20 c:\windows\Tasks\HPCeeScheduleForMIKE-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2014-10-20 c:\windows\Tasks\HPCeeScheduleForMike.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{61D700C1-7D8D-43c5-9C13-4FF85157CFE6}"= "c:\program files (x86)\SafeKey\LPToolbar_x64.dll" [2014-09-29 1055576]
.
[HKEY_CLASSES_ROOT\CLSID\{61D700C1-7D8D-43c5-9C13-4FF85157CFE6}]
[HKEY_CLASSES_ROOT\LPToolbar.LPToolbarBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{0A715D8A-947C-4ab1-AF67-62881ED45206}]
[HKEY_CLASSES_ROOT\LPToolbar.LPToolbarBand]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-15 611896]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"SaiVolume"="c:\program files\Saitek\CyborgKeyboard\SaiVolume.exe" [2008-07-29 186880]
"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2013-04-16 454144]
"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2013-04-16 158208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: SafeKey - file://c:\users\Mike\AppData\LocalLow\SafeKey\context.html?cmd=lastpass
IE: SafeKey Fill Forms - file://c:\users\Mike\AppData\LocalLow\SafeKey\context.html?cmd=fillforms
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\y1mht37r.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/search?fr=mcafee&type=A111US1134&p=
.
.
------- File Associations -------
.
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-HLBackupScheduler - c:\program files\Backup Assistant Plus\V CAST Backup Scheduler.exe
Wow6432Node-HKLM-Run-WRSVC - c:\program files\Webroot\WRSA.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-MouseDriver - TiltWheelMouse.exe
AddRemove-AKingdomForKeflings - c:\program files (x86)\NinjaBee\AKingdomForKeflings\AKingdomForKeflings_Uninst.exe
AddRemove-Amazon MP3 Downloader - c:\program files (x86)\Amazon\MP3 Downloader\Uninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-MixPad - c:\program files (x86)\NCH Software\MixPad\mixpad.exe
AddRemove-Recordpad - c:\program files (x86)\NCH Software\Recordpad\recordpad.exe
AddRemove-Voxal - c:\program files (x86)\NCH Software\Voxal\voxal.exe
AddRemove-WavePad - c:\program files (x86)\NCH Software\WavePad\wavepad.exe
AddRemove-{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8} - c:\program files (x86)\InstallShield Installation Information\{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
   89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
   7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{D84A64A0-F2B2-4975-B264-3A3BCE8D57D6}"=hex:51,66,7a,6c,4c,1d,38,12,ce,67,59,
   dc,80,bc,1b,0c,cd,72,79,7b,cb,d3,13,c2
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
   64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
   69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
   6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
   d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{D93EC24D-8741-4D41-B83D-A5793B998416}"=hex:51,66,7a,6c,4c,1d,38,12,23,c1,2d,
   dd,73,c9,2f,08,c7,2b,e6,39,3e,c7,c0,02
"{E08861FE-8847-4B2A-8EC2-08EDB20E4020}"=hex:51,66,7a,6c,4c,1d,38,12,90,62,9b,
   e4,75,c6,44,0e,f1,d4,4b,ad,b7,50,04,34
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:b0,23,62,b3,33,ff,cb,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
.
**************************************************************************
.
Completion time: 2014-10-19  23:08:23 - machine was rebooted
ComboFix-quarantined-files.txt  2014-10-20 03:08
.
Pre-Run: 172,943,462,400 bytes free
Post-Run: 177,177,518,080 bytes free
.
- - End Of File - - A222541ECD9F1F691F0ACDC5D02CC761
AC57A4EBCAC70F4E81315FB913E0E8E0
 


Edited by Mike585x, 19 October 2014 - 10:18 PM.


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,413 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:03 PM

Posted 19 October 2014 - 10:48 PM

Thanks, in your case itt looks like "Last Pass" (which is actually the name of a password manager program) is related to Webroot. Portions of Webroot are still on your computer.

Please do this. I may end up checking your reply in the morning.

===================================================

Webroot Update/Cleanup Tool

--------------------
  • Download WRUpgradeTool.exe and save it to your desktop
  • Double click the icon and select Run
  • Follow the prompts to start the uninstall process
  • At the conclusion you will see "Removal procedures have been completed"
  • Reboot your computer
===================================================

Farbar's Service Scanner

--------------------
  • Please download Farbar Service Scanner, save it to your desktop, and run it.
  • Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

  • Press Scan
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List devices >>(Problem only)<<

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did Webroot uninstall run properly?
  • FSS.txt
  • Result.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Mike585x

Mike585x
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 19 October 2014 - 11:31 PM

Thanks so much for that Webroot remover! My computer wasn't letting me remove the rest of it after the infection started. It worked like a charm removing the leftovers.

 

FFS.txt:

 

Farbar Service Scanner Version: 21-07-2014
Ran by Mike (administrator) on 20-10-2014 at 00:17:59
Running from "C:\Users\Mike\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

 

 

Result.txt:

 

MiniToolBox by Farbar  Version: 21-07-2014
Ran by Mike (administrator) on 20-10-2014 at 00:26:20
Running from "C:\Users\Mike\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Hardware not present)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
802.11n Wireless LAN Card = Wireless Network Connection (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Local Area Connection" forwarding=disabled advertise=disabled metric=1 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Wireless Network Connection" forwarding=disabled advertise=disabled metric=2 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Mike-HP
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : 802.11n Wireless LAN Card
   Physical Address. . . . . . . . . : 68-A3-C4-06-0E-D6
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 78-AC-C0-AB-87-FE
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host google.com. Please check the name and try again.
Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 12...68 a3 c4 06 0e d6 ......802.11n Wireless LAN Card
 11...78 ac c0 ab 87 fe ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
 16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 08 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Devices: ================================

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Avnex Virtual Audio Device
Description: Avnex Virtual Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: AVNEX Ltd.
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

**** End of log ****



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,413 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:03 PM

Posted 20 October 2014 - 08:52 AM

Hi Mike,

All too often we need to use a more intense removal program to clear out an othewise uncooperative program. Glad that worked.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
cmd: sc start Dhcp
cmd: sc start NlaSvc
cmd: sc start lmhosts
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Check your internet access
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Do you have internet?

Edited by Oh My!, 20 October 2014 - 09:35 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Mike585x

Mike585x
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 20 October 2014 - 11:59 AM

Good morning Gary. :)

 

After running the process I noticed that my internet connection (in the System Tray) now has a red 'X' and says "No connections are available". This seems to be a difference over the orange/blue circles (and other strange ones) that it was previously experiencing. I clicked troubleshoot to see what it would say, and it states "The Diagnostics Policy Service is not running". Of course I am not going to try to repair or click anything unless you directed me otherwise, but this is definitely a step up than previously in which no errors were ever detected.

 

 

Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-10-2014
Ran by Mike at 2014-10-20 12:44:17 Run:2
Running from C:\Users\Mike\Desktop
Loaded Profile: Mike (Available profiles: Mike & Guest & Classic .NET AppPool & DefaultAppPool)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
cmd: sc start Dhcp
cmd: sc start NlaSvc
cmd: sc start lmhosts
*****************

=========  sc start Dhcp =========

SERVICE_NAME: Dhcp
        TYPE               : 20  WIN32_SHARE_PROCESS 
        STATE              : 2  START_PENDING
                                (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x7d0
        PID                : 356
        FLAGS              :

========= End of CMD: =========

=========  sc start NlaSvc =========

SERVICE_NAME: NlaSvc
        TYPE               : 20  WIN32_SHARE_PROCESS 
        STATE              : 2  START_PENDING
                                (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x7d0
        PID                : 1344
        FLAGS              :

========= End of CMD: =========

=========  sc start lmhosts =========

[SC] StartService FAILED 1056:

An instance of the service is already running.

========= End of CMD: =========

==== End of Fixlog ====

 

 

P.S. My McAfee Real-Time Protection and Firewall seem to be sticking on now. Will notify of any changes in status.


Edited by Mike585x, 20 October 2014 - 12:01 PM.


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,413 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:03 PM

Posted 20 October 2014 - 12:54 PM

Other than the internet issue are you having any problems?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Mike585x

Mike585x
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 20 October 2014 - 02:28 PM

Still getting a lot of "loading" circles near my mouse curser randomly for periods of time, when there normally wouldn't be one. A lot of applications and folders seem to be opening quicker than they were though. Internet Explorer and FireFox seem to load normally and quickly, but Chrome still completely locks up and doesn't respond when attempting to open it. It still lags the entire computer when I try to close it, but doesn't seem to be making it freeze up completely like it used to. However, it is also severely limiting my usage of Windows Task Manager by making it take an extended time to load and causes it to say "not responding" a lot, making it tough to end the process (end task does not work). McAfee Auto-Protection and Firewall have not been auto-disabled at all yet, which is great to see. :)

 

I'm not sure what else to test out at this point but I can tell there's still a lot not quite right. Functions such as right clicking on icons and loading start menu still take a while as well, and tend to lock up.

 

UPDATE: Currently I have nothing open, but attempting to load my Zune software (in which I use to listen to music) caused my taskbar/explorer.exe is completely lock up with the "loading" circle next to my mouse curser. CTRL+ALT+DELETE just gave me a black screen and the message "Failure to display security and shut down options - The logon process was unable to display security and logon options when CTRL+ALT+DELETE was pressed. If the operating system does not respond, press ESC or restart the computer by using the power switch". I hit ESC but it's back to normal (and un-frozen), yet the Zune program wont load and will have to be terminated. I have nothing open now except for McAfee. Should I restart my computer?

 

UPDATE #2: I might have to do a hard restart afterall.. Simply trying to bring McAfee up from minimization caused it to freeze with a white screen. When I clicked the start menu button, it all froze and a little message popped up "Microsoft Windows - The application is not responding. The program may respond again if you wait. Do you want to end this process?". Strangest thing ever. I'm afraid to hit End Process and can't do anything else.. I will await further instruction at this point.


Edited by Mike585x, 20 October 2014 - 02:40 PM.





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users