Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

internet videos hog 100 percent cpu, overall sluggish system, malware.

Started by jp550 , Jul 22 2014 05:55 PM
sweetpacks fake java

  • This topic is locked This topic is locked

#16
jp550
Posted 05 September 2014 - 02:26 PM

jp550

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

Hey.  Uninstalls went well I think.

 

Fixlog Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-09-2014 02

Ran by Jake at 2014-09-05 13:05:14 Run:3
Running from C:\Users\Jake\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
HKU\S-1-5-21-3483972190-2618797804-1834993699-1000\...\Run: [AdobeBridge] => [X]
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL =
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
BHO-x32: FGCatchUrl -> {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} -> C:\Program Files (x86)\FlashGet\jccatch.dll (www.flashget.com)
C:\Program Files (x86)\FlashGet\jccatch.dll
BHO-x32: FlashGet GetFlash Class -> {F156768E-81EF-470C-9057-481BA8380DBA} -> C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com)
C:\Program Files (x86)\FlashGet\getflash.dll
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "type", 0
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: FoxyProxy Standard - C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\g8r3z1qf.default\Extensions\[email protected] [2014-09-02]
C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\g8r3z1qf.default\Extensions\[email protected]
CHR HomePage: Default -> DC9302E92ADEB91EDC640F13521281BD2EF4BC4AE134927BFE298C32D6B4E9D0
CHR DefaultSearchKeyword: Default -> C301DC417E3F3F7FE664BAF5C604F2D6A1F09A7092233A9D60E90A9F20634E39
CHR DefaultSearchProvider: Default -> 80E3113AA80921AC10B1AEEE386C0585ECE3D25E291C137B879596ACD06A83FF
CHR DefaultSearchURL: Default -> 44647575B63D70711C364D4F0B4B09BA85F1F2963284D69B79C2B5B5E1008FD8
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Extension: (Google Search) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-03]
C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [X]
S3 PNRPAutoReg; %SystemRoot%\system32\pnrpauto.dll [X]
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
CustomCLSID: HKU\S-1-5-21-3483972190-2618797804-1834993699-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Jake\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3483972190-2618797804-1834993699-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Jake\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {61017CBF-6D45-4A61-8E41-B15A9E1539AF} - System32\Tasks\{04D97E45-DF64-42E9-856A-8E4D13BB7941} => Chrome.exe http://ui.skype.com/...e=tsProgressBar
Task: {7270C738-025D-4578-9F6E-966FC5C5C65D} - System32\Tasks\{28F416EE-677A-405F-AD28-C76CF13ED9D8} => Chrome.exe http://ui.skype.com/...e=tsProgressBar
Task: {959DD3FC-1488-480F-B8F1-D72950863ABA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3483972190-2618797804-1834993699-1000Core => C:\Users\Jake\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-09] (Facebook Inc.)
C:\Users\Jake\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {AEFFD5B8-A7E6-4F39-A494-C52DA8371C45} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3483972190-2618797804-1834993699-1000UA => C:\Users\Jake\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-09] (Facebook Inc.)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3483972190-2618797804-1834993699-1000Core.job => C:\Users\Jake\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3483972190-2618797804-1834993699-1000UA.job => C:\Users\Jake\AppData\Local\Facebook\Update\FacebookUpdate.exe
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\Temp:0FF263E8
EmptyTemp:
end
*****************
 
HKU\S-1-5-21-3483972190-2618797804-1834993699-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => Value not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key not found.
"HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => Key not found.
"HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}" => Key not found.
"HKCR\Wow6432Node\CLSID\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}" => Key not found.
"C:\Program Files (x86)\FlashGet\jccatch.dll" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}" => Key not found.
"HKCR\Wow6432Node\CLSID\{F156768E-81EF-470C-9057-481BA8380DBA}" => Key not found.
"C:\Program Files (x86)\FlashGet\getflash.dll" => File/Directory not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922" => Key not found.
C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key not found.
C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
"C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll" => File/Directory not found.
"HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin" => Key not found.
C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\g8r3z1qf.default\Extensions\[email protected] not found.
"C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\g8r3z1qf.default\Extensions\[email protected]" => File/Directory not found.
Chrome HomePage deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
CHR DefaultSearchProvider: Default -> 80E3113AA80921AC10B1AEEE386C0585ECE3D25E291C137B879596ACD06A83FF ==> The Chrome "Settings" can be used to fix the entry.
Chrome DefaultSearchURL deleted successfully.
C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf directory not found.
"C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf" => File/Directory not found.
PnkBstrA => Service not found.
PNRPAutoReg => Service deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}\\SystemComponent => Value not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{185F9795-9663-4F13-9EF9-307A282ADB5A}\\SystemComponent => Value not found.
"HKU\S-1-5-21-3483972190-2618797804-1834993699-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key not found.
"HKU\S-1-5-21-3483972190-2618797804-1834993699-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{61017CBF-6D45-4A61-8E41-B15A9E1539AF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61017CBF-6D45-4A61-8E41-B15A9E1539AF}" => Key deleted successfully.
C:\Windows\System32\Tasks\{04D97E45-DF64-42E9-856A-8E4D13BB7941} not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{04D97E45-DF64-42E9-856A-8E4D13BB7941}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7270C738-025D-4578-9F6E-966FC5C5C65D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7270C738-025D-4578-9F6E-966FC5C5C65D}" => Key deleted successfully.
C:\Windows\System32\Tasks\{28F416EE-677A-405F-AD28-C76CF13ED9D8} not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{28F416EE-677A-405F-AD28-C76CF13ED9D8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{959DD3FC-1488-480F-B8F1-D72950863ABA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{959DD3FC-1488-480F-B8F1-D72950863ABA}" => Key deleted successfully.
C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3483972190-2618797804-1834993699-1000Core not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-3483972190-2618797804-1834993699-1000Core" => Key deleted successfully.
"C:\Users\Jake\AppData\Local\Facebook\Update\FacebookUpdate.exe" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AEFFD5B8-A7E6-4F39-A494-C52DA8371C45}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AEFFD5B8-A7E6-4F39-A494-C52DA8371C45}" => Key deleted successfully.
C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3483972190-2618797804-1834993699-1000UA not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-3483972190-2618797804-1834993699-1000UA" => Key deleted successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3483972190-2618797804-1834993699-1000Core.job not found.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3483972190-2618797804-1834993699-1000UA.job not found.
"C:\Windows" => ":nlsPreferences" ADS not found.
"C:\ProgramData\Temp" => ":0FF263E8" ADS not found.
EmptyTemp: => Removed 290.4 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
FRST
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02
Ran by Jake (administrator) on JAKE-HP on 05-09-2014 13:17:05
Running from C:\Users\Jake\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Windows\SysWOW64\PnkBstrB.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(CyberLink Corp.) C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Dropbox, Inc.) C:\Users\Jake\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(CyberLink) C:\Program Files (x86)\Cyberlink\YouCam\YCMMirage.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774312 2011-04-30] (Synaptics Incorporated)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-02-04] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-03-17] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1502776 2011-03-11] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe [328992 2010-10-27] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-22] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-19] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3483972190-2618797804-1834993699-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jake\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers:  AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Dragon NaturallySpeaking Rich Internet Application Support - Extension -> {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} -> C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ieShim.dll (Nuance Communications, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF ProfilePath: C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\g8r3z1qf.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar -> C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll (ESN AB)
FF Plugin-x32: @esn/esnlaunch -> C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll (ESN AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: nuance.com/DragonRIAPlugin -> C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll (Nuance Communications Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Jake\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Jake\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Jake\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Jake\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Jake\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Jake\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Jake\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-04-27]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [2012-01-21]
FF HKLM-x32\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: Dragon NaturallySpeaking Rich Internet Application Support - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2013-03-14]
 
Chrome: 
=======
CHR HomePage: Default -> DC9302E92ADEB91EDC640F13521281BD2EF4BC4AE134927BFE298C32D6B4E9D0
CHR DefaultSearchKeyword: Default -> C301DC417E3F3F7FE664BAF5C604F2D6A1F09A7092233A9D60E90A9F20634E39
CHR DefaultSearchProvider: Default -> 80E3113AA80921AC10B1AEEE386C0585ECE3D25E291C137B879596ACD06A83FF
CHR DefaultSearchURL: Default -> 44647575B63D70711C364D4F0B4B09BA85F1F2963284D69B79C2B5B5E1008FD8
CHR Profile: C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-03]
CHR Extension: (Skype Click to Call) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-09-03]
CHR Extension: (Dragon NaturallySpeaking Rich Internet Application Support) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikhcaiakabeeokmenglcdebplfdjicn [2014-09-03]
CHR Extension: (Google Wallet) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-03]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-01-31]
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2013-03-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2011-07-09] (Adobe Systems) [File not signed]
R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [901184 2011-01-24] (Intel Corporation) [File not signed]
R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1298496 2011-01-24] (Intel Corporation) [File not signed]
R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [991296 2011-01-24] (Intel Corporation) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-02-04] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [341792 2011-12-20] (Nitro PDF Software)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2014-03-13] (Nitro PDF Software)
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [215128 2011-07-31] ()
R2 PnkBstrB; C:\Windows\system32\PnkBstrB.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-23] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 pfc; C:\Windows\SysWOW64\drivers\pfc.sys [10368 2005-11-02] (Padus, Inc.) [File not signed]
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
S3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2010-12-24] (Wondershare)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-04 20:04 - 2014-09-04 20:04 - 00001613 _____ () C:\Users\Public\Desktop\Play League of Legends.lnk
2014-09-04 20:04 - 2014-09-04 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2014-09-04 20:00 - 2014-09-04 20:03 - 32229024 _____ (Riot Games) C:\Users\Jake\Downloads\LeagueofLegends_NA_Installer_05_07_13 (1).exe
2014-09-04 13:39 - 2014-09-04 13:39 - 00000579 _____ () C:\Users\Jake\Downloads\MBR.zip
2014-09-04 13:37 - 2014-09-04 13:37 - 00000579 _____ () C:\Users\Jake\Desktop\MBR.zip
2014-09-04 13:34 - 2014-09-04 13:34 - 00001614 _____ () C:\Users\Jake\Desktop\aswMBR.txt
2014-09-04 13:34 - 2014-09-04 13:34 - 00000512 _____ () C:\Users\Jake\Desktop\MBR.dat
2014-09-04 13:29 - 2014-09-04 13:30 - 05185536 _____ (AVAST Software) C:\Users\Jake\Desktop\aswmbr.exe
2014-09-04 13:26 - 2014-09-04 13:27 - 00055219 _____ () C:\Users\Jake\Desktop\Addition.txt
2014-09-04 13:25 - 2014-09-05 13:17 - 00022837 _____ () C:\Users\Jake\Desktop\FRST.txt
2014-09-04 13:25 - 2014-09-05 13:17 - 00000000 ____D () C:\FRST
2014-09-04 13:21 - 2014-09-04 13:22 - 02104832 _____ (Farbar) C:\Users\Jake\Desktop\FRST64.exe
2014-09-04 13:13 - 2014-09-04 13:14 - 00000000 ____D () C:\ProgramData\Western Digital
2014-09-03 14:53 - 2014-09-04 11:11 - 00137300 _____ () C:\Users\Jake\Desktop\OTL.Txt
2014-09-03 11:52 - 2014-09-03 11:52 - 04991400 _____ (Adobe Systems Inc.) C:\Users\Jake\Downloads\Shockwave_Installer_Slim.exe
2014-09-03 11:46 - 2014-09-03 11:46 - 00231760 _____ () C:\Users\Jake\Downloads\CrucialScan.exe
2014-09-03 11:44 - 2014-09-03 11:44 - 00002259 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-03 11:44 - 2014-09-03 11:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-03 11:31 - 2014-09-03 11:31 - 00000000 __SHD () C:\Users\Jake\AppData\Local\EmieUserList
2014-09-03 11:31 - 2014-09-03 11:31 - 00000000 __SHD () C:\Users\Jake\AppData\Local\EmieSiteList
2014-09-03 11:25 - 2014-09-03 11:25 - 01513083 _____ () C:\Users\Jake\Desktop\bookmarks nine three.html
2014-09-03 11:10 - 2014-09-03 11:10 - 00185816 _____ (Лаборатория Касперского) C:\Users\Jake\Downloads\kss12.0.1.117abRU_EN_DE_FR_ES_IT_JA_PT_ZH_5622.exe
2014-09-02 14:02 - 2011-03-17 04:14 - 00652288 ____N (IDT, Inc.) C:\Windows\system32\stapi64.dll
2014-09-02 09:25 - 2014-09-02 09:29 - 126980766 _____ () C:\Users\Jake\Desktop\steelhead edit.wmv
2014-09-02 09:24 - 2014-09-02 09:24 - 00002271 _____ () C:\Users\Jake\Desktop\My Movie.wlmp
2014-09-02 09:23 - 2014-09-02 09:23 - 00000000 ____D () C:\Users\Jake\AppData\Local\Windows Live
2014-09-02 09:23 - 2014-09-02 09:23 - 00000000 ____D () C:\Users\Jake\AppData\Local\{CA5DADB9-9E1A-40ED-BE43-EE04C2E4CD0B}
2014-09-02 09:16 - 2014-09-02 09:10 - 187910148 _____ () C:\Users\Jake\Desktop\steelhead draft 1.mpg
2014-09-01 21:27 - 2014-09-01 21:29 - 80989204 _____ () C:\Users\Jake\Downloads\step2.mp4
2014-09-01 20:15 - 2014-09-01 20:15 - 00302011 _____ () C:\Users\Jake\Downloads\WindowsUpdateDiagnostic (1).diagcab
2014-09-01 20:14 - 2014-09-01 20:14 - 00302011 _____ () C:\Users\Jake\Downloads\WindowsUpdateDiagnostic.diagcab
2014-09-01 19:03 - 2014-06-30 15:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-09-01 19:03 - 2014-06-30 15:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-09-01 19:03 - 2014-06-05 23:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-09-01 19:03 - 2014-06-05 23:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-09-01 19:03 - 2014-03-09 14:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-09-01 19:03 - 2014-03-09 14:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-09-01 19:03 - 2014-03-09 14:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-09-01 19:03 - 2014-03-09 14:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-09-01 19:01 - 2014-09-01 19:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-01 18:55 - 2014-09-01 18:55 - 00000000 ____D () C:\Windows\pss
2014-09-01 18:46 - 2014-09-01 18:47 - 00134210 _____ () C:\Users\Jake\Downloads\Startup Programs (JAKE-HP) 2014-09-01 18.46.26.txt
2014-09-01 18:46 - 2014-09-01 18:46 - 00513136 _____ () C:\Users\Jake\Downloads\Silent Runners (1).vbs
2014-09-01 18:45 - 2014-09-01 18:45 - 00513136 _____ () C:\Users\Jake\Downloads\Silent Runners.vbs
2014-09-01 17:40 - 2014-09-01 18:42 - 00002527 _____ () C:\Users\Jake\Desktop\morro bay narration.txt
2014-08-31 20:20 - 2014-08-31 20:20 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\chc
2014-08-31 18:21 - 2014-08-31 18:21 - 00000033 _____ () C:\Users\Jake\AppData\Roaming\AdobeWLCMCache.dat
2014-08-31 16:59 - 2014-08-31 18:11 - 00000000 ____D () C:\Users\Jake\Desktop\steelhead for ben
2014-08-27 11:49 - 2014-08-22 19:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 11:49 - 2014-08-22 18:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 11:49 - 2014-08-22 17:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-24 22:39 - 2014-08-24 22:39 - 00047846 _____ () C:\Users\Jake\Desktop\time sheet 824.xlsx
2014-08-17 18:17 - 2014-08-17 18:49 - 00000000 ____D () C:\Users\Jake\Documents\PluralEyes
2014-08-17 18:17 - 2014-08-17 18:17 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CC.lnk
2014-08-17 18:17 - 2014-08-17 18:17 - 00000000 ____D () C:\Users\Jake\AppData\Local\Red_Giant_LLC
2014-08-17 18:17 - 2014-08-17 18:17 - 00000000 ____D () C:\Users\Jake\AppData\Local\PluralEyes 3
2014-08-17 18:13 - 2014-08-17 18:13 - 00003648 _____ () C:\Windows\System32\Tasks\Red Giant Link
2014-08-17 18:13 - 2014-08-17 18:13 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\Red Giant
2014-08-17 18:12 - 2014-08-17 18:13 - 00000000 ____D () C:\ProgramData\Red Giant
2014-08-17 18:12 - 2014-08-17 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Giant
2014-08-17 18:12 - 2014-08-17 18:13 - 00000000 ____D () C:\Program Files (x86)\Red Giant Link
2014-08-17 18:12 - 2014-08-17 18:12 - 00000000 ____D () C:\ProgramData\Sony
2014-08-17 18:12 - 2014-08-17 18:12 - 00000000 ____D () C:\Program Files\Red Giant
2014-08-17 18:12 - 2014-08-17 18:12 - 00000000 ____D () C:\Program Files (x86)\Red Giant
2014-08-17 18:11 - 2014-08-17 18:12 - 00000000 ____D () C:\ProgramData\RedGiant
2014-08-17 18:09 - 2014-08-17 18:09 - 00000000 ____D () C:\Users\Jake\Downloads\SSuite_Win_Full
2014-08-17 15:05 - 2014-08-17 15:07 - 191873237 _____ () C:\Users\Jake\Downloads\SSuite_Win_Full.zip
2014-08-17 13:53 - 2014-08-17 13:53 - 35484078 _____ () C:\Users\Jake\Downloads\fishingimage_1.mp4
2014-08-16 22:59 - 2014-08-16 22:59 - 00000037 _____ () C:\Users\Jake\Desktop\new textrttt.txt
2014-08-16 21:32 - 2014-08-16 21:32 - 18117306 _____ () C:\Users\Jake\Downloads\ON_THE_SKAGIT_RIVER_NEAR_CONCRETE,_DAN_DUDLEY_OF_BELLEVUE_PLAYS_A_19^_POUND_STEEL_HEAD_TROUT_AS_GUIDE_KERRY_DUVALL..._-_NARA_-_552324.tif
2014-08-16 20:34 - 2014-08-16 20:34 - 00000000 ____D () C:\ProgramData\Riot Games
2014-08-16 20:31 - 2014-08-16 20:31 - 00000000 ____D () C:\Riot Games
2014-08-16 20:29 - 2014-08-16 20:30 - 32229024 _____ (Riot Games) C:\Users\Jake\Downloads\LeagueofLegends_NA_Installer_05_07_13.exe
2014-08-16 14:11 - 2014-08-16 14:11 - 18324306 _____ () C:\Users\Jake\Downloads\FISHING_FOR_STEELHEAD_TROUT_ON_THE_SKAGIT_RIVER_NEAR_ROCKPORT._THE_SKAGIT_IS_ONE_OF_THE_FINEST_STEELHEAD_TROUT_RIVERS..._-_NARA_-_552325.tif
2014-08-14 18:44 - 2014-07-31 16:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 18:44 - 2014-07-25 07:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 18:44 - 2014-07-25 06:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 18:44 - 2014-07-25 06:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-14 18:44 - 2014-07-25 06:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 18:44 - 2014-07-25 05:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 18:44 - 2014-07-25 05:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-14 18:44 - 2014-07-25 05:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 18:44 - 2014-07-25 05:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 18:44 - 2014-07-25 05:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-14 18:44 - 2014-07-25 04:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 18:44 - 2014-07-25 04:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 18:44 - 2014-07-25 04:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 18:44 - 2014-07-25 04:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 18:44 - 2014-07-25 04:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 18:44 - 2014-07-25 03:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 18:44 - 2014-07-15 20:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 18:44 - 2014-07-15 19:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 18:44 - 2014-06-24 19:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 18:44 - 2014-06-24 18:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 18:44 - 2014-06-15 19:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 18:44 - 2014-06-03 03:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 18:44 - 2014-06-03 03:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 18:44 - 2014-06-03 03:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 18:44 - 2014-06-03 03:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 18:44 - 2014-06-03 02:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 18:44 - 2014-06-03 02:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 18:44 - 2014-06-03 02:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 18:43 - 2014-08-06 19:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-14 18:43 - 2014-08-06 19:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-14 18:43 - 2014-07-31 16:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 18:43 - 2014-07-25 07:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 18:43 - 2014-07-25 07:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 18:43 - 2014-07-25 06:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 18:43 - 2014-07-25 06:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 18:43 - 2014-07-25 06:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 18:43 - 2014-07-25 06:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-14 18:43 - 2014-07-25 06:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 18:43 - 2014-07-25 06:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 18:43 - 2014-07-25 06:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 18:43 - 2014-07-25 06:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 18:43 - 2014-07-25 06:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-14 18:43 - 2014-07-25 05:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-14 18:43 - 2014-07-25 05:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-14 18:43 - 2014-07-25 05:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 18:43 - 2014-07-25 05:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 18:43 - 2014-07-25 05:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-14 18:43 - 2014-07-25 05:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 18:43 - 2014-07-25 05:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 18:43 - 2014-07-25 05:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 18:43 - 2014-07-25 05:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 18:43 - 2014-07-25 05:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 18:43 - 2014-07-25 05:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-14 18:43 - 2014-07-25 05:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 18:43 - 2014-07-25 05:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-14 18:43 - 2014-07-25 05:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 18:43 - 2014-07-25 04:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 18:43 - 2014-07-25 04:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 18:43 - 2014-07-25 04:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-14 18:43 - 2014-07-25 04:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 18:43 - 2014-07-25 04:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 18:43 - 2014-07-25 04:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 18:43 - 2014-07-25 04:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 18:43 - 2014-07-25 04:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-14 18:43 - 2014-07-25 04:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 18:43 - 2014-07-25 03:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 18:43 - 2014-07-25 03:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 18:43 - 2014-07-25 03:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-14 18:43 - 2014-07-25 03:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-14 18:43 - 2014-07-25 03:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 18:43 - 2014-07-13 19:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 18:43 - 2014-07-13 18:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-11 04:13 - 2014-08-11 04:30 - 00047752 _____ () C:\Users\Jake\Downloads\FY14 Timesheet_Biweekly - 100SRF.xlsx
2014-08-11 04:13 - 2014-08-11 04:13 - 00000165 ____H () C:\Users\Jake\Downloads\~$FY14 Timesheet_Biweekly - 100SRF.xlsx
2014-08-10 22:01 - 2014-08-10 22:01 - 00000293 _____ () C:\Users\Jake\Desktop\newww.txt
2014-08-09 15:24 - 2014-08-09 15:24 - 507287556 _____ () C:\Users\Jake\Desktop\Aquaculture Morro Bay FINAL (2).mpg
2014-08-09 15:24 - 2014-08-09 15:24 - 00005085 _____ () C:\Users\Jake\Desktop\Aquaculture Morro Bay FINAL (2).xmp
2014-08-09 10:35 - 2014-08-09 10:36 - 69600946 _____ () C:\Users\Jake\Downloads\Morrow Bay Project_1.wav
2014-08-08 17:49 - 2014-08-08 17:50 - 00000000 ____D () C:\Users\Jake\Desktop\tom interview audio files
2014-08-08 17:42 - 2014-08-08 17:59 - 00000000 ____D () C:\Users\Jake\Desktop\tom interview footage
2014-08-07 22:20 - 2014-08-07 22:36 - 00000000 ____D () C:\Users\Jake\Desktop\New folder (4)
2014-08-07 21:35 - 2014-08-07 21:44 - 400331133 _____ () C:\Users\Jake\Desktop\Aquaculture Morro Bay FINAL (2).mov
2014-08-07 21:34 - 2014-08-07 21:45 - 459769856 _____ () C:\Users\Jake\Downloads\Aquaculture Morro Bay FINAL (1).mpg
2014-08-07 14:34 - 2014-08-07 14:34 - 00000988 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Flash Professional CC 2014.lnk
2014-08-07 14:12 - 2014-08-07 14:12 - 00001011 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Muse CC 2014.lnk
2014-08-07 14:12 - 2014-08-07 14:12 - 00000999 _____ () C:\Users\Public\Desktop\Adobe Muse CC 2014.lnk
2014-08-07 14:10 - 2014-08-07 14:10 - 00001263 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CC 2014.lnk
2014-08-07 14:01 - 2014-08-07 14:01 - 00001097 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk
2014-08-07 13:59 - 2014-08-07 13:59 - 00001028 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CC 2014.lnk
2014-08-07 13:42 - 2014-08-07 13:42 - 00002075 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 5.6 64-bit.lnk
2014-08-07 13:42 - 2014-08-07 13:42 - 00002055 _____ () C:\Users\Public\Desktop\Lightroom 5.6 64-bit.lnk
2014-08-07 13:25 - 2014-08-07 13:25 - 00001106 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CC 2014.lnk
2014-08-07 12:36 - 2014-08-07 12:36 - 00001040 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014.lnk
2014-08-07 11:16 - 2014-08-07 11:16 - 00001483 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2014.lnk
2014-08-07 10:45 - 2014-08-07 10:45 - 00001073 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition CC 2014.lnk
2014-08-07 10:36 - 2014-08-07 10:36 - 00001222 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CC 2014.lnk
2014-08-06 18:58 - 2014-08-06 18:58 - 00001401 _____ () C:\Users\Public\Desktop\SeaTools for Windows.lnk
2014-08-06 18:58 - 2014-08-06 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2014-08-06 18:58 - 2014-08-06 18:58 - 00000000 ____D () C:\Program Files (x86)\Seagate
2014-08-06 18:57 - 2014-08-06 18:57 - 26771088 _____ () C:\Users\Jake\Downloads\SeaToolsforWindowsSetup.exe
2014-08-06 16:50 - 2014-08-06 16:50 - 00000000 ____D () C:\_OTL
2014-08-06 16:23 - 2014-08-06 16:23 - 00001118 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CC 2014.lnk
2014-08-06 15:52 - 2014-08-06 15:52 - 00001030 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CC (64bit).lnk
2014-08-06 15:39 - 2014-08-06 15:39 - 00001313 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2014-08-06 15:39 - 2014-08-06 15:39 - 00001301 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-05 13:17 - 2014-09-04 13:25 - 00022837 _____ () C:\Users\Jake\Desktop\FRST.txt
2014-09-05 13:17 - 2014-09-04 13:25 - 00000000 ____D () C:\FRST
2014-09-05 13:15 - 2011-07-15 15:05 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-05 13:15 - 2009-07-13 21:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-05 13:15 - 2009-07-13 21:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-05 13:13 - 2009-07-13 22:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-05 13:10 - 2011-07-07 21:16 - 00000000 ____D () C:\Users\Jake\AppData\Local\Adobe
2014-09-05 13:09 - 2014-05-14 10:34 - 00000000 ___RD () C:\Users\Jake\Dropbox
2014-09-05 13:09 - 2014-05-14 10:31 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\Dropbox
2014-09-05 13:08 - 2011-07-15 15:05 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-05 13:07 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-05 13:07 - 2009-07-13 21:51 - 00098300 _____ () C:\Windows\setupact.log
2014-09-05 13:06 - 2012-01-27 08:24 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-09-05 13:06 - 2011-07-07 21:30 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-09-05 13:06 - 2011-06-16 08:28 - 01835392 _____ () C:\Windows\WindowsUpdate.log
2014-09-05 13:06 - 2010-11-20 20:47 - 00168246 _____ () C:\Windows\PFRO.log
2014-09-05 13:01 - 2011-11-01 03:25 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3483972190-2618797804-1834993699-1000UA.job
2014-09-05 12:45 - 2011-07-27 16:27 - 00000000 ____D () C:\Program Files (x86)\FlashGet
2014-09-05 09:21 - 2012-08-22 19:42 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\vlc
2014-09-05 07:59 - 2011-11-01 03:25 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3483972190-2618797804-1834993699-1000Core.job
2014-09-04 20:04 - 2014-09-04 20:04 - 00001613 _____ () C:\Users\Public\Desktop\Play League of Legends.lnk
2014-09-04 20:04 - 2014-09-04 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2014-09-04 20:04 - 2013-02-06 02:52 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-09-04 20:04 - 2013-02-06 02:52 - 00000000 __SHD () C:\AI_RecycleBin
2014-09-04 20:03 - 2014-09-04 20:00 - 32229024 _____ (Riot Games) C:\Users\Jake\Downloads\LeagueofLegends_NA_Installer_05_07_13 (1).exe
2014-09-04 16:56 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-09-04 13:50 - 2011-07-07 21:16 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{2815F361-AA0F-4EE3-B026-1D56EF5556A0}
2014-09-04 13:39 - 2014-09-04 13:39 - 00000579 _____ () C:\Users\Jake\Downloads\MBR.zip
2014-09-04 13:37 - 2014-09-04 13:37 - 00000579 _____ () C:\Users\Jake\Desktop\MBR.zip
2014-09-04 13:34 - 2014-09-04 13:34 - 00001614 _____ () C:\Users\Jake\Desktop\aswMBR.txt
2014-09-04 13:34 - 2014-09-04 13:34 - 00000512 _____ () C:\Users\Jake\Desktop\MBR.dat
2014-09-04 13:30 - 2014-09-04 13:29 - 05185536 _____ (AVAST Software) C:\Users\Jake\Desktop\aswmbr.exe
2014-09-04 13:27 - 2014-09-04 13:26 - 00055219 _____ () C:\Users\Jake\Desktop\Addition.txt
2014-09-04 13:22 - 2014-09-04 13:21 - 02104832 _____ (Farbar) C:\Users\Jake\Desktop\FRST64.exe
2014-09-04 13:14 - 2014-09-04 13:13 - 00000000 ____D () C:\ProgramData\Western Digital
2014-09-04 11:11 - 2014-09-03 14:53 - 00137300 _____ () C:\Users\Jake\Desktop\OTL.Txt
2014-09-04 07:58 - 2014-04-14 10:45 - 00000000 ____D () C:\Users\Jake\Desktop\New folder (2)
2014-09-03 11:52 - 2014-09-03 11:52 - 04991400 _____ (Adobe Systems Inc.) C:\Users\Jake\Downloads\Shockwave_Installer_Slim.exe
2014-09-03 11:52 - 2011-05-18 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-09-03 11:46 - 2014-09-03 11:46 - 00231760 _____ () C:\Users\Jake\Downloads\CrucialScan.exe
2014-09-03 11:44 - 2014-09-03 11:44 - 00002259 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-03 11:44 - 2014-09-03 11:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-03 11:44 - 2011-07-15 15:05 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-03 11:44 - 2011-07-07 21:32 - 00000000 ____D () C:\Users\Jake\AppData\Local\Google
2014-09-03 11:31 - 2014-09-03 11:31 - 00000000 __SHD () C:\Users\Jake\AppData\Local\EmieUserList
2014-09-03 11:31 - 2014-09-03 11:31 - 00000000 __SHD () C:\Users\Jake\AppData\Local\EmieSiteList
2014-09-03 11:25 - 2014-09-03 11:25 - 01513083 _____ () C:\Users\Jake\Desktop\bookmarks nine three.html
2014-09-03 11:14 - 2014-06-27 15:38 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJake
2014-09-03 11:14 - 2014-06-27 15:38 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForJake.job
2014-09-03 11:10 - 2014-09-03 11:10 - 00185816 _____ (Лаборатория Касперского) C:\Users\Jake\Downloads\kss12.0.1.117abRU_EN_DE_FR_ES_IT_JA_PT_ZH_5622.exe
2014-09-02 11:50 - 2014-05-15 15:38 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2014-09-02 09:29 - 2014-09-02 09:25 - 126980766 _____ () C:\Users\Jake\Desktop\steelhead edit.wmv
2014-09-02 09:24 - 2014-09-02 09:24 - 00002271 _____ () C:\Users\Jake\Desktop\My Movie.wlmp
2014-09-02 09:23 - 2014-09-02 09:23 - 00000000 ____D () C:\Users\Jake\AppData\Local\Windows Live
2014-09-02 09:23 - 2014-09-02 09:23 - 00000000 ____D () C:\Users\Jake\AppData\Local\{CA5DADB9-9E1A-40ED-BE43-EE04C2E4CD0B}
2014-09-02 09:10 - 2014-09-02 09:16 - 187910148 _____ () C:\Users\Jake\Desktop\steelhead draft 1.mpg
2014-09-02 03:00 - 2011-05-18 19:32 - 00000000 ____D () C:\ProgramData\Temp
2014-09-01 21:29 - 2014-09-01 21:27 - 80989204 _____ () C:\Users\Jake\Downloads\step2.mp4
2014-09-01 20:15 - 2014-09-01 20:15 - 00302011 _____ () C:\Users\Jake\Downloads\WindowsUpdateDiagnostic (1).diagcab
2014-09-01 20:14 - 2014-09-01 20:14 - 00302011 _____ () C:\Users\Jake\Downloads\WindowsUpdateDiagnostic.diagcab
2014-09-01 20:02 - 2009-07-13 21:45 - 05087240 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-01 19:59 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-09-01 19:59 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-09-01 19:59 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-01 19:36 - 2011-08-23 11:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-01 19:25 - 2014-05-10 10:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-01 19:14 - 2012-05-20 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-01 19:13 - 2012-05-20 18:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-01 19:13 - 2012-05-20 18:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-01 19:01 - 2014-09-01 19:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-01 18:55 - 2014-09-01 18:55 - 00000000 ____D () C:\Windows\pss
2014-09-01 18:47 - 2014-09-01 18:46 - 00134210 _____ () C:\Users\Jake\Downloads\Startup Programs (JAKE-HP) 2014-09-01 18.46.26.txt
2014-09-01 18:46 - 2014-09-01 18:46 - 00513136 _____ () C:\Users\Jake\Downloads\Silent Runners (1).vbs
2014-09-01 18:45 - 2014-09-01 18:45 - 00513136 _____ () C:\Users\Jake\Downloads\Silent Runners.vbs
2014-09-01 18:42 - 2014-09-01 17:40 - 00002527 _____ () C:\Users\Jake\Desktop\morro bay narration.txt
2014-09-01 17:26 - 2014-07-30 21:21 - 00000000 ____D () C:\Users\Jake\AppData\Local\Battle.net
2014-08-31 20:20 - 2014-08-31 20:20 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\chc
2014-08-31 18:27 - 2011-07-07 21:19 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-08-31 18:21 - 2014-08-31 18:21 - 00000033 _____ () C:\Users\Jake\AppData\Roaming\AdobeWLCMCache.dat
2014-08-31 18:11 - 2014-08-31 16:59 - 00000000 ____D () C:\Users\Jake\Desktop\steelhead for ben
2014-08-24 22:44 - 2012-01-04 13:27 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\Nitro PDF
2014-08-24 22:39 - 2014-08-24 22:39 - 00047846 _____ () C:\Users\Jake\Desktop\time sheet 824.xlsx
2014-08-24 22:16 - 2011-07-07 21:37 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-22 19:07 - 2014-08-27 11:49 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 18:45 - 2014-08-27 11:49 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 17:59 - 2014-08-27 11:49 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 12:43 - 2014-07-30 21:25 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-08-22 12:42 - 2014-07-30 21:20 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-08-19 14:09 - 2014-05-14 10:34 - 00001013 _____ () C:\Users\Jake\Desktop\Dropbox.lnk
2014-08-19 14:09 - 2014-05-14 10:33 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-18 23:45 - 2014-05-01 12:47 - 00000000 ____D () C:\Users\Jake\Desktop\morro bay stuff
2014-08-17 18:49 - 2014-08-17 18:17 - 00000000 ____D () C:\Users\Jake\Documents\PluralEyes
2014-08-17 18:17 - 2014-08-17 18:17 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CC.lnk
2014-08-17 18:17 - 2014-08-17 18:17 - 00000000 ____D () C:\Users\Jake\AppData\Local\Red_Giant_LLC
2014-08-17 18:17 - 2014-08-17 18:17 - 00000000 ____D () C:\Users\Jake\AppData\Local\PluralEyes 3
2014-08-17 18:17 - 2011-05-18 19:26 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-08-17 18:13 - 2014-08-17 18:13 - 00003648 _____ () C:\Windows\System32\Tasks\Red Giant Link
2014-08-17 18:13 - 2014-08-17 18:13 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\Red Giant
2014-08-17 18:13 - 2014-08-17 18:12 - 00000000 ____D () C:\ProgramData\Red Giant
2014-08-17 18:13 - 2014-08-17 18:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Giant
2014-08-17 18:13 - 2014-08-17 18:12 - 00000000 ____D () C:\Program Files (x86)\Red Giant Link
2014-08-17 18:12 - 2014-08-17 18:12 - 00000000 ____D () C:\ProgramData\Sony
2014-08-17 18:12 - 2014-08-17 18:12 - 00000000 ____D () C:\Program Files\Red Giant
2014-08-17 18:12 - 2014-08-17 18:12 - 00000000 ____D () C:\Program Files (x86)\Red Giant
2014-08-17 18:12 - 2014-08-17 18:11 - 00000000 ____D () C:\ProgramData\RedGiant
2014-08-17 18:09 - 2014-08-17 18:09 - 00000000 ____D () C:\Users\Jake\Downloads\SSuite_Win_Full
2014-08-17 15:07 - 2014-08-17 15:05 - 191873237 _____ () C:\Users\Jake\Downloads\SSuite_Win_Full.zip
2014-08-17 13:53 - 2014-08-17 13:53 - 35484078 _____ () C:\Users\Jake\Downloads\fishingimage_1.mp4
2014-08-16 22:59 - 2014-08-16 22:59 - 00000037 _____ () C:\Users\Jake\Desktop\new textrttt.txt
2014-08-16 22:45 - 2011-07-07 21:14 - 00000000 ____D () C:\Users\Jake
2014-08-16 21:33 - 2011-07-07 21:19 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\Adobe
2014-08-16 21:32 - 2014-08-16 21:32 - 18117306 _____ () C:\Users\Jake\Downloads\ON_THE_SKAGIT_RIVER_NEAR_CONCRETE,_DAN_DUDLEY_OF_BELLEVUE_PLAYS_A_19^_POUND_STEEL_HEAD_TROUT_AS_GUIDE_KERRY_DUVALL..._-_NARA_-_552324.tif
2014-08-16 20:34 - 2014-08-16 20:34 - 00000000 ____D () C:\ProgramData\Riot Games
2014-08-16 20:31 - 2014-08-16 20:31 - 00000000 ____D () C:\Riot Games
2014-08-16 20:30 - 2014-08-16 20:29 - 32229024 _____ (Riot Games) C:\Users\Jake\Downloads\LeagueofLegends_NA_Installer_05_07_13.exe
2014-08-16 20:30 - 2013-07-09 13:20 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\Riot Games
2014-08-16 14:11 - 2014-08-16 14:11 - 18324306 _____ () C:\Users\Jake\Downloads\FISHING_FOR_STEELHEAD_TROUT_ON_THE_SKAGIT_RIVER_NEAR_ROCKPORT._THE_SKAGIT_IS_ONE_OF_THE_FINEST_STEELHEAD_TROUT_RIVERS..._-_NARA_-_552325.tif
2014-08-16 14:01 - 2011-07-09 10:22 - 00000000 ____D () C:\ProgramData\Rosetta Stone
2014-08-11 04:30 - 2014-08-11 04:13 - 00047752 _____ () C:\Users\Jake\Downloads\FY14 Timesheet_Biweekly - 100SRF.xlsx
2014-08-11 04:13 - 2014-08-11 04:13 - 00000165 ____H () C:\Users\Jake\Downloads\~$FY14 Timesheet_Biweekly - 100SRF.xlsx
2014-08-10 22:01 - 2014-08-10 22:01 - 00000293 _____ () C:\Users\Jake\Desktop\newww.txt
2014-08-09 15:24 - 2014-08-09 15:24 - 507287556 _____ () C:\Users\Jake\Desktop\Aquaculture Morro Bay FINAL (2).mpg
2014-08-09 15:24 - 2014-08-09 15:24 - 00005085 _____ () C:\Users\Jake\Desktop\Aquaculture Morro Bay FINAL (2).xmp
2014-08-09 10:36 - 2014-08-09 10:35 - 69600946 _____ () C:\Users\Jake\Downloads\Morrow Bay Project_1.wav
2014-08-08 17:59 - 2014-08-08 17:42 - 00000000 ____D () C:\Users\Jake\Desktop\tom interview footage
2014-08-08 17:50 - 2014-08-08 17:49 - 00000000 ____D () C:\Users\Jake\Desktop\tom interview audio files
2014-08-07 22:36 - 2014-08-07 22:20 - 00000000 ____D () C:\Users\Jake\Desktop\New folder (4)
2014-08-07 22:18 - 2011-07-07 21:16 - 00113712 _____ () C:\Users\Jake\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-07 21:45 - 2014-08-07 21:34 - 459769856 _____ () C:\Users\Jake\Downloads\Aquaculture Morro Bay FINAL (1).mpg
2014-08-07 21:44 - 2014-08-07 21:35 - 400331133 _____ () C:\Users\Jake\Desktop\Aquaculture Morro Bay FINAL (2).mov
2014-08-07 14:34 - 2014-08-07 14:34 - 00000988 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Flash Professional CC 2014.lnk
2014-08-07 14:34 - 2014-03-31 17:06 - 00000000 ____D () C:\Program Files\Adobe
2014-08-07 14:34 - 2014-03-31 17:05 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-08-07 14:12 - 2014-08-07 14:12 - 00001011 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Muse CC 2014.lnk
2014-08-07 14:12 - 2014-08-07 14:12 - 00000999 _____ () C:\Users\Public\Desktop\Adobe Muse CC 2014.lnk
2014-08-07 14:10 - 2014-08-07 14:10 - 00001263 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CC 2014.lnk
2014-08-07 14:01 - 2014-08-07 14:01 - 00001097 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk
2014-08-07 13:59 - 2014-08-07 13:59 - 00001028 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CC 2014.lnk
2014-08-07 13:59 - 2011-05-18 19:26 - 00000000 ____D () C:\ProgramData\Adobe
2014-08-07 13:42 - 2014-08-07 13:42 - 00002075 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 5.6 64-bit.lnk
2014-08-07 13:42 - 2014-08-07 13:42 - 00002055 _____ () C:\Users\Public\Desktop\Lightroom 5.6 64-bit.lnk
2014-08-07 13:25 - 2014-08-07 13:25 - 00001106 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CC 2014.lnk
2014-08-07 12:36 - 2014-08-07 12:36 - 00001040 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014.lnk
2014-08-07 11:16 - 2014-08-07 11:16 - 00001483 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2014.lnk
2014-08-07 10:45 - 2014-08-07 10:45 - 00001073 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition CC 2014.lnk
2014-08-07 10:36 - 2014-08-07 10:36 - 00001222 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CC 2014.lnk
2014-08-07 10:31 - 2014-03-31 16:36 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-06 19:06 - 2014-08-14 18:43 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 19:01 - 2014-08-14 18:43 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 18:58 - 2014-08-06 18:58 - 00001401 _____ () C:\Users\Public\Desktop\SeaTools for Windows.lnk
2014-08-06 18:58 - 2014-08-06 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2014-08-06 18:58 - 2014-08-06 18:58 - 00000000 ____D () C:\Program Files (x86)\Seagate
2014-08-06 18:57 - 2014-08-06 18:57 - 26771088 _____ () C:\Users\Jake\Downloads\SeaToolsforWindowsSetup.exe
2014-08-06 16:50 - 2014-08-06 16:50 - 00000000 ____D () C:\_OTL
2014-08-06 16:44 - 2012-01-23 14:01 - 00000000 ____D () C:\Users\Jake\AppData\Local\Conduit
2014-08-06 16:23 - 2014-08-06 16:23 - 00001118 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CC 2014.lnk
2014-08-06 15:52 - 2014-08-06 15:52 - 00001030 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CC (64bit).lnk
2014-08-06 15:39 - 2014-08-06 15:39 - 00001313 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2014-08-06 15:39 - 2014-08-06 15:39 - 00001301 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2014-08-06 15:21 - 2014-04-07 14:59 - 00000000 ____D () C:\Users\Public\Documents\Adobe
 
Some content of TEMP:
====================
C:\Users\Jake\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfketou.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-27 11:28
 
==================== End Of Log ============================
 
Ad report

 

# AdwCleaner v3.309 - Report created 05/09/2014 at 13:21:40
# Updated 02/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jake - JAKE-HP
# Running from : C:\Users\Jake\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\g8r3z1qf.default\invalidprefs.js
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Users\Jake\AppData\Local\Conduit
Folder Found : C:\Users\Jake\AppData\Local\Strongvault
Folder Found : C:\Users\Jake\AppData\LocalLow\Conduit
Folder Found : C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\g8r3z1qf.default\ConduitCommon
Folder Found : C:\Users\Jake\Documents\Updater
Folder Found : C:\Windows\SysWOW64\WNLT
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\anchorfree
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\anchorfree
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Cr_Installer
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\ImInstaller
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1561552
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_toddler-keys_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_toddler-keys_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\strongvaultapp_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\strongvaultapp_rasmancs
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17239
 
 
-\\ Mozilla Firefox v8.0.1 (en-US)
 
[ File : C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\g8r3z1qf.default\prefs.js ]
 
Line Found : user_pref("CT1561552_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1409769142529,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1561552/CT1561552", "\"db20f1b39b2213eed809dfbbe999e49e3\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15257/14923/IT", "\"0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15257/14923/US", "\"0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1561552", "\"1359612849\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en-us", "C5ZJe6gL80JBW5CuLy+wkg==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en-us", "mfQ70fvlD2zuBxSBj8rQqA==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en-us", "k9un27OkAvkwB2ZmvXxTnA==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en-us", "FqddrIU7eyJgaaLyHDeVMQ==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:15ff\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0343677cfb1cd1:15ff\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.0.3", "\"0e0a4327275cd1:151f\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1561552", "\"e6101702f527aee00717f58173faa054\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer_dead.gif", "\"0a8c48d3330c81:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.gif", "\"0e2106f3030c81:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif", "\"0f475394430c81:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif", "\"08d9ef44430c81:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif", "\"066e8863030c81:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"527ab51a70debbe3fb487b9b9d5b3b76\"");
Line Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Jake\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\g8r3z1qf.default\\conduitCommon\\modules\\3.15.1.0");
Line Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0");
Line Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Line Found : user_pref("CommunityToolbar.ToolbarsList", "CT1561552");
Line Found : user_pref("CommunityToolbar.ToolbarsList2", "CT1561552");
Line Found : user_pref("CommunityToolbar.ToolbarsList4", "CT1561552");
Line Found : user_pref("CommunityToolbar.globalUserId", "acf99195-4a76-4722-988c-e9e9f131f97b");
Line Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Feb 14 2013 23:18:48 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Line Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Line Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Thu Feb 14 2013 23:18:56 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Found : user_pref("CommunityToolbar.notifications.locale", "en");
Line Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Feb 14 2013 23:18:48 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Found : user_pref("CommunityToolbar.notifications.userId", "57d01a74-dd3e-4347-81b2-3d77e6c1febb");
Line Found : user_pref("CommunityToolbar.originalHomepage", "about:home");
Line Found : user_pref("CommunityToolbar.originalSearchEngine", "Hotspot Shield Customized Web Search");
Line Found : user_pref("CommunityToolbar.permanenceEngine", false);
Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Found : user_pref("smartbar.machineId", "445EMKJDYPMW/FM2RBYJ3V3AEYLHIPFJXGFY8AYRNFFFDIUCAGNRKR8BEW6ISVMWEYR8I+ZDLXUO1TAKIW+HLA");
 
-\\ Google Chrome v37.0.2062.103
 
[ File : C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found [Search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552
Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [9566 octets] - [05/09/2014 13:21:40]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [9626 octets] ##########
 
the fixscan crashed the first time but ran the second time around without hiccups.  My pc seems kind of slow on Google still.  Haven't even tried to edit at all today.  
 
I'm curious what if any malware has been found so far.
 
Thanks again for all your help

  • 0

Advertisements

#17
dbreeze
Posted 05 September 2014 - 03:17 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

So far, all I'm seeing has been adware; Conduit toolbars and extensions / addins for browsers.  However, you seem to have been hit with a variant of a new Chrome infection that so far is very stubborn to remove.  My adviser has handled many of these infections so we will get this one also.


  • 0

#18
jp550
Posted 05 September 2014 - 03:22 PM

jp550

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

So you think that this chrome infection is possibly the culprit of the slow down? Anything I can google to get more info my self? Of course I won't mess with anything without your instructions first.  I'm just curious about these kinds of things.

 

Thanks again my friend


  • 0

#19
dbreeze
Posted 06 September 2014 - 03:54 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Hi jp550
 
Sorry for the delay; some discussion over the Chrome issue right now.  Let's get the left over adware gone and see if we can get Chrome working better.
 
First >>> Clean with AdwCleaner

Re-run AdwCleaner

Close all open windows and browsers.

  • Double click the AdwCleaner icon to run AdwCleaner. (Vista and 7 users) Right click the AdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to complete.
  • When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Second>>> Clean with Junkware Removal Tool

Junkware Removal Tool
Please download JRT from here to your desktop.

Note: Temporarily disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.

Double click the JRT.exe file to run the application.

The application will open an Command Prompt window and run from there (this is normal for this program, so not to be alarmed).

When it is asked, press any key to allow the program to continue / run.

This will create a log on the desktop; please copy and paste the JRT.txt log text in your next post.

Note: After the log file is created, please enable your protection software / reboot your system and verify your protection software is enabled.
 
 
Last>>> Reset Chrome to defaults
 
Please follow the steps listed here to reset Chrome to default settings.  Notice that you will not lose your bookmarks or passwords.
 
 
 
Things to inform us of >>>>

  • The AdwCleaner log.
  • The JRT log.
  • Did the reset of Chrome help with the browser lag?

  • 0

#20
jp550
Posted 06 September 2014 - 05:48 PM

jp550

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

Hey, still lagging in chrome.

 

# AdwCleaner v3.309 - Report created 06/09/2014 at 16:28:42
# Updated 02/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jake - JAKE-HP
# Running from : C:\Users\Jake\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Windows\SysWOW64\WNLT
Folder Deleted : C:\Users\Jake\AppData\Local\Conduit
Folder Deleted : C:\Users\Jake\AppData\Local\Strongvault
Folder Deleted : C:\Users\Jake\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Jake\Documents\Updater
Folder Deleted : C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\g8r3z1qf.default\ConduitCommon
File Deleted : C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\g8r3z1qf.default\invalidprefs.js
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\strongvaultapp_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\strongvaultapp_rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1561552
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_toddler-keys_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_toddler-keys_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17239
 
 
-\\ Mozilla Firefox v8.0.1 (en-US)
 
[ File : C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\g8r3z1qf.default\prefs.js ]
 
Line Deleted : user_pref("CT1561552_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1409769142529,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1561552/CT1561552", "\"db20f1b39b2213eed809dfbbe999e49e3\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15257/14923/IT", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15257/14923/US", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1561552", "\"1359612849\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en-us", "C5ZJe6gL80JBW5CuLy+wkg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en-us", "mfQ70fvlD2zuBxSBj8rQqA==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en-us", "k9un27OkAvkwB2ZmvXxTnA==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en-us", "FqddrIU7eyJgaaLyHDeVMQ==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:15ff\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0343677cfb1cd1:15ff\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.0.3", "\"0e0a4327275cd1:151f\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1561552", "\"e6101702f527aee00717f58173faa054\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer_dead.gif", "\"0a8c48d3330c81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.gif", "\"0e2106f3030c81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif", "\"0f475394430c81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif", "\"08d9ef44430c81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif", "\"066e8863030c81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"527ab51a70debbe3fb487b9b9d5b3b76\"");
Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Jake\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\g8r3z1qf.default\\conduitCommon\\modules\\3.15.1.0");
Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT1561552");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT1561552");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT1561552");
Line Deleted : user_pref("CommunityToolbar.globalUserId", "acf99195-4a76-4722-988c-e9e9f131f97b");
Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Feb 14 2013 23:18:48 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Thu Feb 14 2013 23:18:56 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Feb 14 2013 23:18:48 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.notifications.userId", "57d01a74-dd3e-4347-81b2-3d77e6c1febb");
Line Deleted : user_pref("CommunityToolbar.originalHomepage", "about:home");
Line Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Hotspot Shield Customized Web Search");
Line Deleted : user_pref("CommunityToolbar.permanenceEngine", false);
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("smartbar.machineId", "445EMKJDYPMW/FM2RBYJ3V3AEYLHIPFJXGFY8AYRNFFFDIUCAGNRKR8BEW6ISVMWEYR8I+ZDLXUO1TAKIW+HLA");
 
-\\ Google Chrome v37.0.2062.103
 
[ File : C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [9750 octets] - [05/09/2014 13:21:40]
AdwCleaner[R1].txt - [9810 octets] - [06/09/2014 16:27:30]
AdwCleaner[S0].txt - [9413 octets] - [06/09/2014 16:28:42]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9473 octets] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Jake on Sat 09/06/2014 at 16:33:43.43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3483972190-2618797804-1834993699-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181104}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181104}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Jake\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 09/06/2014 at 16:44:44.51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
thanks

  • 0

#21
jp550
Posted 06 September 2014 - 05:56 PM

jp550

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

Also, If I have any plugins for chrome or on the computer that, if we remove, might make troubleshooting/debugging easier, then please let me know.  I don't need them.  I just want to get pc running smoothly again and vanilla chrome wouldn't bug me at all.

 

Much appreciated


  • 0

#22
dbreeze
Posted 06 September 2014 - 06:03 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Good to know; I will check and get back asap.  Thank you for hanging in there.


  • 0

#23
dbreeze
Posted 07 September 2014 - 11:11 AM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Well that was quite a bit fixed by those two scanners; let's see what MalwareBytes and ESET show us and then we will tackle Chrome.

Malwarebytes' Anti-Malware
Please Launch Malwarebytes' Anti-Malware from your desktop icon or the start menu item. Notice that I want this to scan your system but I will be reviewing the log to manually remove anything it finds.

When the main screen opens, if the database is out of date, you can click on the Fix Now banner or the Update Now link

2a308da4-c469-4a72-b86c-84c05ca1e6a6_zps

Once the program has loaded and updated, select "Scan Now >>" to start the scan.
5f2fe168-2571-4c73-a1e8-945d5aae9e1e_zps

The scan may take some time to finish, so please be patient.

If any malware is found, you will be presented with a screen like the one below.

MBAMfoundMalwarescan_zpsafe36848.png
Please click on the Export Log button and select the As text file from the dropdown list. I would suggest you save the file on your desktop (as we need the report attached here for review and it is easy to find on the desktop).

After you have saved the report file, return to the Potential Threats Detected page and click on Cancel. You can close MBAM after that.

Please Copy and Paste the report file to a post here; I will review the file and script what needs to be removed.


ESET Online Scanner:

Note: I see that you have this installed also. Again, if you have trouble starting this application, stop and come here to report the error. You will need to disable your current installed Anti-Virus for the duration of the online scan, how to do so can be read here.

  • Please start the application from your Start menu.
  • Now in the Computer scan settings window that appears:-
  • Make sure that the option Enable detection of potentially unwanted applications is selected.
  • Now click on Advanced Settings and configure the options as follows:
    • Remove found threats is Not checked
    • Scan archives is checked
    • Scan for potentially unsafe applications is checked
    • Enable Anti-Stealth Technology is checked
  • Now click on: Start
  • Loadsettings_2014-08-23_zps3f2d0c88.png
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • Downloadingsignatures_zps36c38587.png
  • When completed the Online Scan will begin automatically.
  • Scanningdisplay_zpsec3aac14.png
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed, if any malware was detected, the summary screen will show a warning.
  • Threatsfound_zpsfe95fb4e.png
  • On the Scan results detail window, select to Export to text file, name the file ESET scan results.txt and save it to your desktop.
  • Exporttotextfile_zps16cb487f.png
  • Click <<Back once the file is saved, select 'Uninstall application on close' and click on Finish.
  • UninstallcheckedandFinish_zps6fb26ad8.pn
  • Use Notepad to open the logfile you save on your desktop.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


  • 0

#24
jp550
Posted 09 September 2014 - 10:46 AM

jp550

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi, sorry for the hold up! 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/7/2014
Scan Time: 12:22:21 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.09.07.07
Rootkit Database: v2014.08.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jake
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 330449
Time Elapsed: 21 min, 7 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Eset results....
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Config.Msi\2b3f5ae.rbf a variant of Win32/SweetIM.L potentially unwanted application
C:\Users\Jake\Downloads\cbsidlm-cbsi5_3_0_93-Pazera_Free_MP4_to_AVI_Converter-SEO-10784027.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\Jake\Downloads\cbsidlm-tr1_13-Toddler_Keys-SEO-10305344.exe Win32/DownloadAdmin.G potentially unwanted application
C:\Users\Jake\Downloads\cnet_similarity_msi.exe a variant of Win32/InstallCore.D potentially unwanted application
C:\Users\Jake\Downloads\DM-238.exe Win32/HotSpotShield potentially unwanted application
C:\Users\Jake\Downloads\DM-76(1).exe Win32/HotSpotShield potentially unwanted application
C:\Users\Jake\Downloads\DM-76.exe Win32/HotSpotShield potentially unwanted application
C:\Users\Jake\Downloads\HSS-2.90-install-e-395-conduit.exe Win32/Toolbar.Conduit potentially unwanted application
C:\Users\Jake\Downloads\rcsetup144.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\Users\Jake\Downloads\Setup.exe Win32/OutBrowse.G potentially unwanted application
 

  • 0

#25
dbreeze
Posted 10 September 2014 - 08:34 AM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

No worries, jp550; life does that sometimes. Let's get the final cleanings done and see if a fresh install of Chrome fixes the sluggish browser.

First, Clean with FRST script

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt
 

start
CloseProcesses:
C:\Users\Jake\Downloads\~$FY14 Timesheet_Biweekly - 100SRF.xlsx
C:\Program Files (x86)\FlashGet
C:\Windows\SysWOW64\AI_RecycleBin
C:\AI_RecycleBin
C:\Users\Jake\AppData\Local\Conduit
C:\Config.Msi\2b3f5ae.rbf
C:\Users\Jake\Downloads\cbsidlm-cbsi5_3_0_93-Pazera_Free_MP4_to_AVI_Converter-SEO-10784027.exe
C:\Users\Jake\Downloads\cbsidlm-tr1_13-Toddler_Keys-SEO-10305344.exe
C:\Users\Jake\Downloads\cnet_similarity_msi.exe
C:\Users\Jake\Downloads\DM-238.exe
C:\Users\Jake\Downloads\DM-76(1).exe
C:\Users\Jake\Downloads\DM-76.exe
C:\Users\Jake\Downloads\HSS-2.90-install-e-395-conduit.exe
C:\Users\Jake\Downloads\rcsetup144.exe
C:\Users\Jake\Downloads\Setup.exe
EmptyTemp:
end


NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.



Secondly, Remove and Reinstall Chrome

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Google Chrome

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.

After Chrome is removed, reboot your system and then go to this link to download and install a fresh copy of Google Chrome.


Finally, Run a Fresh FRST scan log


  • Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.


Things to reply with:

  • The Fixlog.txt log text.
  • How did the reinstall of Chrome go?
  • The new FRST.txt log text.
  • How is your system and Chrome running now?

  • 0

Advertisements

#26
Essexboy
Posted 15 September 2014 - 09:58 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: sweetpacks, fake java

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP