abhaslaj

There are no remaining problems, thank you so much for all your help its greatly appreciated

Hi Blackbird As far as I can see the problems have all been fixed so thank you Fixlog.txt

ComboFix ComboFix 14-12-30.01 - JimiH 01/01/2015 16:43:41.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3894.2437 [GMT 0:00] Running from: c:\users\JimiH\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1} SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\14293326180574222078 c:\programdata\14293326180574222078\cd5b15e575e1c3d0c054ed7e1738e192.ini c:\users\JimiH\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpgaepnhfockgofcejphihfafgmenofb c:\users\JimiH\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpgaepnhfockgofcejphihfafgmenofb\110\background.html c:\users\JimiH\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpgaepnhfockgofcejphihfafgmenofb\110\content.js c:\users\JimiH\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpgaepnhfockgofcejphihfafgmenofb\110\DHWjQh48H.js c:\users\JimiH\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpgaepnhfockgofcejphihfafgmenofb\110\lsdb.js c:\users\JimiH\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpgaepnhfockgofcejphihfafgmenofb\110\manifest.json c:\users\JimiH\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipfnecmlncaiipncipkgijboddcdmego c:\users\JimiH\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipfnecmlncaiipncipkgijboddcdmego\144\background.html c:\users\JimiH\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipfnecmlncaiipncipkgijboddcdmego\144\content.js c:\users\JimiH\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipfnecmlncaiipncipkgijboddcdmego\144\lsdb.js c:\users\JimiH\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipfnecmlncaiipncipkgijboddcdmego\144\manifest.json c:\users\JimiH\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipfnecmlncaiipncipkgijboddcdmego\144\y7F9FH.js c:\users\JimiH\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipfnecmlncaiipncipkgijboddcdmego\144\z5M88.js c:\users\JimiH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cpgaepnhfockgofcejphihfafgmenofb_0.localstorage-journal c:\users\JimiH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cpgaepnhfockgofcejphihfafgmenofb_0.localstorage c:\users\JimiH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ipfnecmlncaiipncipkgijboddcdmego_0.localstorage-journal c:\users\JimiH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ipfnecmlncaiipncipkgijboddcdmego_0.localstorage c:\users\JimiH\AppData\Local\Google\Chrome\User Data\Default\Preferences c:\windows\msdownld.tmp c:\windows\SysWow64\X86 . . ((((((((((((((((((((((((( Files Created from 2014-12-01 to 2015-01-01 ))))))))))))))))))))))))))))))) . . 2015-01-01 16:54 . 2015-01-01 16:54 -------- d-----w- c:\users\Default\AppData\Local\temp 2015-01-01 16:54 . 2015-01-01 16:54 -------- d-----w- c:\users\Justas\AppData\Local\temp 2014-12-31 11:58 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4A61B5D4-3EA5-4A98-8AAB-106041E961E4}\mpengine.dll 2014-12-30 12:01 . 2014-12-31 12:15 -------- d-----w- C:\FRST 2014-12-29 14:47 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2014-12-28 17:27 . 2014-12-31 12:36 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-12-28 17:27 . 2014-12-28 17:27 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2014-12-28 17:27 . 2014-12-28 17:27 -------- d-----w- c:\programdata\Malwarebytes 2014-12-28 17:27 . 2014-11-21 06:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-12-28 17:27 . 2014-11-21 06:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-12-28 17:27 . 2014-11-21 06:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-12-19 11:28 . 2014-12-28 17:23 -------- d-----w- c:\programdata\c65c186e93ead6fe 2014-12-19 11:02 . 2014-09-17 12:10 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{100D9729-98E0-4877-813A-2A83FAB4AB56}\gapaengine.dll 2014-12-17 19:08 . 2014-12-13 05:09 144384 ----a-w- c:\windows\system32\ieUnatt.exe 2014-12-17 19:08 . 2014-12-13 03:33 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2014-12-17 10:39 . 2014-12-17 10:40 -------- d-----w- c:\users\JimiH\AppData\Local\Google 2014-12-16 17:29 . 2014-12-16 17:29 -------- d-----w- c:\programdata\BlueStacks 2014-12-16 17:28 . 2014-12-18 11:53 -------- d-----w- c:\users\JimiH\AppData\Roaming\WildTangent 2014-12-15 10:24 . 2014-12-15 10:24 -------- d-----w- c:\users\JimiH\AppData\Local\Macromedia 2014-12-12 20:40 . 2014-12-12 20:40 -------- d-----w- c:\programdata\oakchhmajpecpaomgoehknlljeenbhnj 2014-12-12 20:39 . 2014-12-12 20:39 -------- d-----w- c:\windows\SysWow64\AMD64 2014-12-12 20:33 . 2014-12-12 20:33 -------- d-----w- c:\users\JimiH\AppData\Roaming\EZDownloader 2014-12-12 20:30 . 2014-12-12 20:30 -------- d-----w- c:\programdata\lohihdhgepaicmacnfcblcgkcahonboc 2014-12-10 15:59 . 2014-12-10 15:59 -------- d-----w- c:\windows\system32\appraiser 2014-12-10 13:47 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\SysWow64\mf.dll 2014-12-10 13:47 . 2014-10-18 02:05 4121600 ----a-w- c:\windows\system32\mf.dll 2014-12-10 09:15 . 2014-11-22 02:50 66560 ----a-w- c:\windows\system32\iesetup.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-12-10 13:51 . 2012-10-30 09:04 112710672 ----a-w- c:\windows\system32\MRT.exe 2014-12-09 21:21 . 2012-04-12 12:03 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-12-09 21:21 . 2012-04-12 12:03 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-11-19 04:26 . 2014-11-19 04:26 1614504 ----a-w- c:\windows\system32\FM20.DLL 2014-11-11 03:08 . 2014-11-19 09:50 241152 ----a-w- c:\windows\system32\pku2u.dll 2014-11-11 03:08 . 2014-11-19 09:50 728064 ----a-w- c:\windows\system32\kerberos.dll 2014-11-11 02:44 . 2014-11-19 09:50 186880 ----a-w- c:\windows\SysWow64\pku2u.dll 2014-11-11 02:44 . 2014-11-19 09:50 550912 ----a-w- c:\windows\SysWow64\kerberos.dll 2014-10-30 11:25 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe 2014-10-25 01:57 . 2014-11-12 09:55 77824 ----a-w- c:\windows\system32\packager.dll 2014-10-25 01:32 . 2014-11-12 09:55 67584 ----a-w- c:\windows\SysWow64\packager.dll 2014-10-18 02:05 . 2014-11-12 09:54 861696 ----a-w- c:\windows\system32\oleaut32.dll 2014-10-18 01:33 . 2014-11-12 09:54 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2014-10-14 02:16 . 2014-11-12 09:57 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2014-10-14 02:13 . 2014-11-12 09:57 683520 ----a-w- c:\windows\system32\termsrv.dll 2014-10-14 02:13 . 2014-11-12 09:55 3241984 ----a-w- c:\windows\system32\msi.dll 2014-10-14 02:12 . 2014-11-12 09:57 1460736 ----a-w- c:\windows\system32\lsasrv.dll 2014-10-14 02:09 . 2014-11-12 09:57 146432 ----a-w- c:\windows\system32\msaudite.dll 2014-10-14 02:07 . 2014-11-12 09:57 681984 ----a-w- c:\windows\system32\adtschema.dll 2014-10-14 01:50 . 2014-11-12 09:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2014-10-14 01:50 . 2014-11-12 09:55 2363904 ----a-w- c:\windows\SysWow64\msi.dll 2014-10-14 01:49 . 2014-11-12 09:57 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2014-10-14 01:47 . 2014-11-12 09:57 146432 ----a-w- c:\windows\SysWow64\msaudite.dll 2014-10-14 01:46 . 2014-11-12 09:57 681984 ----a-w- c:\windows\SysWow64\adtschema.dll 2014-10-10 00:57 . 2014-11-12 09:55 3198976 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 22:04 131480 ----a-w- c:\users\JimiH\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 22:04 131480 ----a-w- c:\users\JimiH\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 22:04 131480 ----a-w- c:\users\JimiH\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] . c:\users\JimiH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\JimiH\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-12-9 39207112] Global AutoCorrect.lnk - c:\program files (x86)\LexAble\Global AutoCorrect\Global AutoCorrect.exe -startup [2013-1-15 509064] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 Mobile Broadband HL Service;Mobile Broadband HL Service;c:\programdata\MobileBrServ\mbbservice.exe;c:\programdata\MobileBrServ\mbbservice.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R2 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe;c:\program files (x86)\Xobni\XobniService.exe [x] R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 Olympus DVR Service;Olympus DVR Service;c:\program files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe;c:\program files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x] S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x] S2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x] S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x] S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x] S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x] S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x] S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x] S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x] S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-12-17 10:40 1087816 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2015-01-01 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 21:21] . 2015-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-12-17 10:39] . 2015-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-12-17 10:39] . 2014-12-19 c:\windows\Tasks\HPCeeScheduleForJAMESHPLAPTOP$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 04:43] . 2014-12-27 c:\windows\Tasks\HPCeeScheduleForJimiH.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 04:43] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 22:04 164760 ----a-w- c:\users\JimiH\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 22:04 164760 ----a-w- c:\users\JimiH\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 22:04 164760 ----a-w- c:\users\JimiH\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 22:04 164760 ----a-w- c:\users\JimiH\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-11 6602856] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-12-16 21720] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s TCP: DhcpNameServer = 194.168.4.100 194.168.8.100 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher] "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.15" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*] "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2015-01-01 17:04:39 ComboFix-quarantined-files.txt 2015-01-01 17:04 . Pre-Run: 59,969,970,176 bytes free Post-Run: 62,648,119,296 bytes free . - - End Of File - - D83DA40568C23E364A9301789003778C Malwarebytes' Anti-Malware; Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 01/01/2015 Scan Time: 17:13:22 Logfile: malware log.txt Administrator: Yes Version: 2.00.4.1028 Malware Database: v2015.01.01.02 Rootkit Database: v2014.12.30.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: JimiH Scan Type: Custom Scan Result: Completed Objects Scanned: 593095 Time Elapsed: 2 hr, 7 min, 0 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 2 PUP.Optional.EzDownloader.A, C:\Users\JimiH\AppData\Roaming\EZDownloader, Quarantined, [f809a8c16c10b6806bdf322e8f74ff01], PUP.Optional.EzDownloader.A, C:\Users\JimiH\AppData\Roaming\EZDownloader\Errors, Quarantined, [f809a8c16c10b6806bdf322e8f74ff01], Files: 4 PUP.Optional.ShoppingGate.A, C:\Users\JimiH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage, Quarantined, [6c95c7a2403c1c1a3ab268248c778d73], PUP.Optional.ShoppingGate.A, C:\Users\JimiH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage-journal, Quarantined, [6d940762b7c52610a943c6c640c3de22], PUP.Optional.ReMarkable.A, C:\Users\JimiH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage, Quarantined, [996875f41e5e4fe75ba0974855af12ee], PUP.Optional.ReMarkable.A, C:\Users\JimiH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal, Quarantined, [04fd6009ef8d7cba36c57966ec18af51], Physical Sectors: 0 (No malicious items detected) (end) Farbar Recovery Scan Tool: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014 Ran by JimiH (administrator) on JAMESHPLAPTOP on 01-01-2015 19:27:13 Running from C:\Users\JimiH\Desktop Loaded Profile: JimiH (Available profiles: JimiH) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (HP) C:\Windows\System32\HPSIsvc.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe () C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe () C:\ProgramData\MobileBrServ\mbbService.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Dropbox, Inc.) C:\Users\JimiH\AppData\Roaming\Dropbox\bin\Dropbox.exe () C:\Program Files (x86)\LexAble\Global AutoCorrect\Global AutoCorrect.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe () C:\Program Files (x86)\LexAble\Global AutoCorrect\Components\GACcorrect.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_246_ActiveX.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-01-11] (Realtek Semiconductor) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation) HKLM-x32\...\Run: [] => [X] HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Startup: C:\Users\JimiH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\JimiH\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\JimiH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Global AutoCorrect.lnk ShortcutTarget: Global AutoCorrect.lnk -> C:\Program Files (x86)\LexAble\Global AutoCorrect\Global AutoCorrect.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-1783112850-2166569448-4025221075-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1783112850-2166569448-4025221075-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-1783112850-2166569448-4025221075-1003 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = Toolbar: HKLM-x32 - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} - No File DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-08] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\JimiH\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\JimiH\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-17] CHR Extension: (Google Drive) - C:\Users\JimiH\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-17] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\JimiH\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-17] CHR Extension: (YouTube) - C:\Users\JimiH\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-17] CHR Extension: (Google Search) - C:\Users\JimiH\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-17] CHR Extension: (Google Wallet) - C:\Users\JimiH\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-17] CHR Extension: (Gmail) - C:\Users\JimiH\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-17] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-01] (Atheros) [File not signed] R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [76448 2011-03-01] (Atheros Commnucations) [File not signed] R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed] S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-11-19] (WildTangent) R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed] R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed] R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-28] (Realsil Microelectronics Inc.) [File not signed] R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] () R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [232288 2012-03-12] () R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation) S3 Olympus DVR Service; C:\Program Files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [174080 2012-02-13] (OLYMPUS IMAGING CORP.) [File not signed] R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc) S2 XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [62184 2011-02-25] (Xobni Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-01] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation) S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-09-25] (Marvell Semiconductor, Inc.) S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 GEARAspiWDM; system32\DRIVERS\GEARAspiWDM.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-01 19:27 - 2015-01-01 19:28 - 00014063 _____ () C:\Users\JimiH\Desktop\FRST.txt 2015-01-01 17:04 - 2015-01-01 17:04 - 00026001 _____ () C:\ComboFix.txt 2015-01-01 16:41 - 2015-01-01 17:05 - 00000000 ____D () C:\Qoobox 2015-01-01 16:41 - 2015-01-01 17:02 - 00000000 ____D () C:\Windows\erdnt 2015-01-01 16:41 - 2011-06-26 06:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-01-01 16:41 - 2010-11-07 17:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-01-01 16:41 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-01-01 16:41 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-01-01 16:41 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-01-01 16:41 - 2000-08-31 00:00 - 00098816 _____ () C:\Windows\sed.exe 2015-01-01 16:41 - 2000-08-31 00:00 - 00080412 _____ () C:\Windows\grep.exe 2015-01-01 16:41 - 2000-08-31 00:00 - 00068096 _____ () C:\Windows\zip.exe 2015-01-01 16:35 - 2015-01-01 16:35 - 05604036 ____R (Swearware) C:\Users\JimiH\Desktop\ComboFix.exe 2014-12-31 13:32 - 2014-12-31 13:32 - 00002757 _____ () C:\Users\JimiH\Desktop\Nari.txt 2014-12-31 13:30 - 2014-12-31 13:30 - 00002568 _____ () C:\Users\JimiH\Desktop\Biodegradable Plastics.txt 2014-12-31 11:56 - 2014-12-31 11:59 - 00002128 _____ () C:\Users\JimiH\Desktop\Rkill.txt 2014-12-31 11:56 - 2014-12-31 11:56 - 01940728 _____ (Bleeping Computer, LLC) C:\Users\JimiH\Desktop\rkill.exe 2014-12-30 12:01 - 2015-01-01 19:27 - 00000000 ____D () C:\FRST 2014-12-30 12:00 - 2014-12-30 12:00 - 02123264 _____ (Farbar) C:\Users\JimiH\Desktop\FRST64.exe 2014-12-30 11:59 - 2015-01-01 19:27 - 00000553 _____ () C:\Users\JimiH\Desktop\Malware Removal Support - Malwarebytes Forum.website 2014-12-29 14:31 - 2015-01-01 16:28 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{DABBDF5C-BD80-4C21-B69E-CFC8E384E652} 2014-12-28 17:27 - 2015-01-01 17:11 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-28 17:27 - 2014-12-28 17:27 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-12-28 17:27 - 2014-12-28 17:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-12-28 17:27 - 2014-12-28 17:27 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-12-28 17:27 - 2014-12-28 17:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-12-28 17:27 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-28 17:27 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-12-28 17:27 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-12-28 17:26 - 2014-12-28 17:26 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\JimiH\Downloads\mbam-setup-2.0.4.1028.exe 2014-12-19 11:28 - 2014-12-28 17:23 - 00000000 ____D () C:\ProgramData\c65c186e93ead6fe 2014-12-17 19:08 - 2014-12-13 05:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-12-17 19:08 - 2014-12-13 03:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-12-17 10:40 - 2014-12-17 10:40 - 00002267 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-12-17 10:40 - 2014-12-17 10:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-12-17 10:39 - 2015-01-01 18:44 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-17 10:39 - 2015-01-01 17:08 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-17 10:39 - 2014-12-17 10:40 - 00000000 ____D () C:\Users\JimiH\AppData\Local\Google 2014-12-17 10:39 - 2014-12-17 10:39 - 00880784 _____ (Google Inc.) C:\Users\JimiH\Downloads\ChromeSetup.exe 2014-12-17 10:36 - 2014-12-17 10:37 - 00000000 ____D () C:\Users\JimiH\Downloads\GoogleChromePortable 2014-12-17 10:36 - 2014-12-17 10:36 - 01409896 _____ (PortableApps.com) C:\Users\JimiH\Downloads\GoogleChromePortable_39.0.2171.95_online.paf.exe 2014-12-16 23:48 - 2014-12-16 23:50 - 00187791 _____ () C:\Users\JimiH\Desktop\Biodegradable Plastics.pptx 2014-12-16 17:53 - 2014-12-16 17:53 - 42184784 _____ (Google Inc.) C:\Users\JimiH\Downloads\ChromeStandaloneSetup.exe 2014-12-16 17:29 - 2014-12-16 17:29 - 00000000 ____D () C:\ProgramData\BlueStacks 2014-12-16 17:28 - 2014-12-18 11:53 - 00000000 ____D () C:\Users\JimiH\AppData\Roaming\WildTangent 2014-12-16 17:27 - 2014-12-16 17:27 - 00002456 ____N () C:\Users\Public\Desktop\WildTangent Games App - hp.lnk 2014-12-15 18:40 - 2014-12-15 19:36 - 00000000 ____D () C:\Windows\pss 2014-12-15 10:24 - 2014-12-15 10:24 - 00000000 ____D () C:\Users\JimiH\AppData\Local\Macromedia 2014-12-12 20:40 - 2014-12-12 20:40 - 00000000 ____D () C:\ProgramData\oakchhmajpecpaomgoehknlljeenbhnj 2014-12-12 20:39 - 2014-12-12 20:39 - 00000000 ____D () C:\Windows\SysWOW64\AMD64 2014-12-12 20:30 - 2014-12-12 20:30 - 00000000 ____D () C:\ProgramData\lohihdhgepaicmacnfcblcgkcahonboc 2014-12-11 01:10 - 2014-12-11 01:10 - 01116672 _____ () C:\Users\JimiH\Downloads\Nari_Egee520_Slideshow.ppt 2014-12-10 15:59 - 2014-12-10 15:59 - 00000000 ____D () C:\Windows\system32\appraiser 2014-12-10 13:47 - 2014-10-18 02:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-12-10 13:47 - 2014-10-18 01:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-12-10 09:16 - 2014-12-04 02:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2014-12-10 09:16 - 2014-12-04 02:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2014-12-10 09:16 - 2014-12-04 02:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-12-10 09:16 - 2014-12-04 02:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2014-12-10 09:16 - 2014-12-04 02:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-12-10 09:16 - 2014-12-04 02:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2014-12-10 09:16 - 2014-12-04 02:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-12-10 09:16 - 2014-12-01 23:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2014-12-10 09:16 - 2014-11-27 01:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-12-10 09:16 - 2014-11-27 01:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-12-10 09:16 - 2014-11-22 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-12-10 09:16 - 2014-11-22 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-12-10 09:16 - 2014-11-22 02:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-12-10 09:16 - 2014-11-22 02:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-12-10 09:16 - 2014-11-22 02:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-12-10 09:16 - 2014-11-22 02:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-12-10 09:16 - 2014-11-22 02:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-12-10 09:16 - 2014-11-22 02:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-12-10 09:16 - 2014-11-22 02:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-12-10 09:16 - 2014-11-22 02:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-12-10 09:16 - 2014-11-22 02:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-12-10 09:16 - 2014-11-22 02:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-12-10 09:16 - 2014-11-22 02:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-12-10 09:16 - 2014-11-22 01:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-12-10 09:16 - 2014-11-22 01:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-12-10 09:16 - 2014-11-22 01:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-12-10 09:16 - 2014-11-22 01:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-12-10 09:16 - 2014-11-22 01:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-12-10 09:16 - 2014-11-22 01:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-12-10 09:16 - 2014-11-22 01:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-12-10 09:16 - 2014-11-22 01:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-12-10 09:16 - 2014-11-22 01:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-12-10 09:16 - 2014-11-22 01:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-12-10 09:16 - 2014-11-22 01:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-12-10 09:16 - 2014-11-22 01:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-12-10 09:16 - 2014-11-22 01:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-12-10 09:16 - 2014-11-22 01:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-12-10 09:16 - 2014-11-22 00:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-12-10 09:16 - 2014-11-22 00:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-12-10 09:16 - 2014-11-11 03:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-12-10 09:16 - 2014-11-11 02:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-12-10 09:16 - 2014-11-11 01:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2014-12-10 09:15 - 2014-11-22 03:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-12-10 09:15 - 2014-11-22 02:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-12-10 09:15 - 2014-11-22 02:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-12-10 09:15 - 2014-11-22 02:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-12-10 09:15 - 2014-11-22 02:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-12-10 09:15 - 2014-11-22 02:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-12-10 09:15 - 2014-11-22 02:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-12-10 09:15 - 2014-11-22 02:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-12-10 09:15 - 2014-11-22 02:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-12-10 09:15 - 2014-11-22 02:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-12-10 09:15 - 2014-11-22 02:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-12-10 09:15 - 2014-11-22 02:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-12-10 09:15 - 2014-11-22 02:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-12-10 09:15 - 2014-11-22 02:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-12-10 09:15 - 2014-11-22 01:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-12-10 09:15 - 2014-11-22 01:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-12-10 09:15 - 2014-11-22 01:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-12-10 09:15 - 2014-11-22 01:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-12-10 09:15 - 2014-11-22 01:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-12-10 09:15 - 2014-11-22 01:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-12-10 09:15 - 2014-11-22 01:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-12-10 09:15 - 2014-11-22 01:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-12-10 09:15 - 2014-11-22 01:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-12-10 09:15 - 2014-11-08 03:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-12-10 09:15 - 2014-11-08 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-12-10 09:15 - 2014-10-30 02:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe 2014-12-10 09:15 - 2014-10-30 01:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe 2014-12-10 09:15 - 2014-10-03 02:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-12-10 09:15 - 2014-10-03 02:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2014-12-10 09:15 - 2014-10-03 02:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2014-12-10 09:15 - 2014-10-03 02:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2014-12-10 09:15 - 2014-10-03 02:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2014-12-10 09:15 - 2014-10-03 01:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2014-12-10 09:15 - 2014-10-03 01:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2014-12-10 09:15 - 2014-10-03 01:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll 2014-12-10 09:15 - 2014-10-03 01:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll 2014-12-10 09:15 - 2014-10-03 01:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-01 19:21 - 2012-10-16 13:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-01 18:04 - 2011-10-25 09:10 - 01087159 _____ () C:\Windows\WindowsUpdate.log 2015-01-01 17:16 - 2009-07-14 04:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-01 17:16 - 2009-07-14 04:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-01 17:09 - 2014-01-06 20:50 - 00000000 ___RD () C:\Users\JimiH\Dropbox 2015-01-01 17:09 - 2014-01-06 20:48 - 00000000 ____D () C:\Users\JimiH\AppData\Roaming\Dropbox 2015-01-01 17:08 - 2011-04-24 22:38 - 00000000 ____D () C:\ProgramData\PDFC 2015-01-01 17:08 - 2010-11-21 03:47 - 00406654 _____ () C:\Windows\PFRO.log 2015-01-01 17:08 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-01 17:08 - 2009-07-14 04:51 - 00223883 _____ () C:\Windows\setupact.log 2015-01-01 16:55 - 2009-07-14 02:34 - 00000215 _____ () C:\Windows\system.ini 2014-12-31 11:51 - 2009-07-14 05:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-30 12:05 - 2012-09-15 16:05 - 00000444 _____ () C:\Users\JimiH\Desktop\QM Email Login.website 2014-12-28 00:46 - 2012-09-08 13:53 - 00000000 ____D () C:\Users\JimiH\Documents\Outlook Files 2014-12-27 14:14 - 2014-11-16 17:22 - 00548784 ____H () C:\Users\JimiH\Desktop\~WRL3592.tmp 2014-12-27 14:10 - 2014-08-19 11:48 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJimiH 2014-12-27 14:10 - 2014-08-19 11:48 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForJimiH.job 2014-12-27 12:11 - 2013-06-14 20:30 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-12-27 12:11 - 2012-04-13 13:48 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-12-26 13:40 - 2012-09-26 15:20 - 00000000 ____D () C:\Users\JimiH\Documents\Uni 2014-12-19 11:05 - 2012-09-21 15:16 - 00003228 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJAMESHPLAPTOP$ 2014-12-19 11:05 - 2012-08-18 17:46 - 00000352 _____ () C:\Windows\Tasks\HPCeeScheduleForJAMESHPLAPTOP$.job 2014-12-18 11:53 - 2011-04-24 22:29 - 00000000 ____D () C:\ProgramData\WildTangent 2014-12-18 09:42 - 2014-01-06 20:50 - 00001030 _____ () C:\Users\JimiH\Desktop\Dropbox.lnk 2014-12-18 09:42 - 2014-01-06 20:48 - 00000000 ____D () C:\Users\JimiH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-12-17 10:40 - 2012-04-13 02:02 - 00000000 ____D () C:\Program Files (x86)\Google 2014-12-17 10:39 - 2012-04-13 02:02 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-12-17 10:39 - 2012-04-13 02:02 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-12-17 10:35 - 2014-09-12 15:12 - 00000000 ____D () C:\Users\JimiH\AppData\Local\Deployment 2014-12-16 17:28 - 2011-04-24 22:29 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games 2014-12-16 17:27 - 2012-10-02 19:13 - 00000000 ____D () C:\Users\JimiH\AppData\Local\CrashDumps 2014-12-16 17:27 - 2009-07-14 05:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-12-15 19:42 - 2012-04-12 11:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-12-15 18:37 - 2012-08-18 18:09 - 00000000 ____D () C:\Users\JimiH\AppData\Roaming\Skype 2014-12-15 10:24 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-12-15 10:14 - 2013-01-20 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3 2014-12-14 17:28 - 2009-07-14 05:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2014-12-12 21:22 - 2014-11-16 17:22 - 00314068 ____H () C:\Users\JimiH\Desktop\~WRL0003.tmp 2014-12-12 13:10 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache 2014-12-11 12:59 - 2013-01-28 10:22 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-12-10 15:59 - 2014-05-06 17:58 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-12-10 15:59 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-12-10 15:59 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\AppCompat 2014-12-10 13:57 - 2013-08-02 11:06 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-10 13:51 - 2012-10-30 09:04 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-12-10 13:51 - 2012-05-03 22:29 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-12-09 21:21 - 2012-10-16 13:08 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-12-09 21:21 - 2012-04-12 12:03 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-12-09 21:21 - 2012-04-12 12:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl Some content of TEMP: ==================== C:\Users\JimiH\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_aiq87.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-18 16:38 ==================== End Of Log ============================ Everything seems back to normal now! Thank you very much for your help

RKill's logfile; Rkill 2.6.9 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2014 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 12/31/2014 11:56:53 AM in x64 mode. Windows Version: Windows 7 Home Premium Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * C:\Windows\system32\HPSIsvc.exe (PID: 2300) [WD-HEUR] 1 proccess terminated! Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * No issues found. Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. Program finished at: 12/31/2014 11:59:07 AM Execution time: 0 hours(s), 2 minute(s), and 13 seconds(s) Farbar's Recovery Scan Tool logfile; Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2014 Ran by JimiH at 2014-12-31 12:15:58 Run:1 Running from C:\Users\JimiH\Desktop Loaded Profile: JimiH (Available profiles: JimiH) Boot Mode: Normal ============================================== Content of fixlist: ***************** HKU\S-1-5-21-1783112850-2166569448-4025221075-1003\...\MountPoints2: {551cac7c-f9ba-11e1-8371-74de2b7b67c3} - G:\SISetup.exe HKU\S-1-5-21-1783112850-2166569448-4025221075-1003\...\MountPoints2: {cd1eec9f-22f3-11e3-9c72-74de2b7b67c3} - G:\AutoRun.exe AppInit_DLLs-x32: c:\progra~3\browse~1\23762~1.17\{16cdf~1\browse~1.dll => "c:\progra~3\browse~1\23762~1.17\{16cdf~1\browse~1.dll" File Not Found CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION C:\Program Files (x86)\BesstSaveForYoUo C:\ProgramData\BesstSaveForYoUo C:\ProgramData\FunDeals C:\Program Files (x86)\BuyNsaave C:\Program Files (x86)\BBuyNSavee G:\SISetup.exe G:\AutoRun.exe ***************** "HKU\S-1-5-21-1783112850-2166569448-4025221075-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{551cac7c-f9ba-11e1-8371-74de2b7b67c3}" => Key deleted successfully. HKCR\CLSID\{551cac7c-f9ba-11e1-8371-74de2b7b67c3} => Key not found. "HKU\S-1-5-21-1783112850-2166569448-4025221075-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cd1eec9f-22f3-11e3-9c72-74de2b7b67c3}" => Key deleted successfully. HKCR\CLSID\{cd1eec9f-22f3-11e3-9c72-74de2b7b67c3} => Key not found. "c:\progra~3\browse~1\23762~1.17\{16cdf~1\browse~1.dll" => Value Data removed successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. C:\Program Files (x86)\BesstSaveForYoUo => Moved successfully. C:\ProgramData\BesstSaveForYoUo => Moved successfully. C:\ProgramData\FunDeals => Moved successfully. C:\Program Files (x86)\BuyNsaave => Moved successfully. C:\Program Files (x86)\BBuyNSavee => Moved successfully. "G:\SISetup.exe" => File/Directory not found. "G:\AutoRun.exe" => File/Directory not found. ==== End of Fixlog 12:15:59 ==== Malwarebytes' Anti-Malware logfile; Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 31/12/2014 Scan Time: 12:36:40 Logfile: log.txt Administrator: Yes Version: 2.00.4.1028 Malware Database: v2014.12.31.03 Rootkit Database: v2014.12.30.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: JimiH Scan Type: Threat Scan Result: Completed Objects Scanned: 377102 Time Elapsed: 23 min, 14 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 4 PUP.Optional.ShoppingGate.A, C:\Users\JimiH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage, Quarantined, [a65b31385a22a98db799aede30d336ca], PUP.Optional.ShoppingGate.A, C:\Users\JimiH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage-journal, Quarantined, [d22f96d3df9df93da6aaa6e6778cd22e], PUP.Optional.ReMarkable.A, C:\Users\JimiH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage, Quarantined, [7a877ced304cf343104f6877758f7a86], PUP.Optional.ReMarkable.A, C:\Users\JimiH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal, Quarantined, [8180a1c8dba1d462500f2ab5d82c57a9], Physical Sectors: 0 (No malicious items detected) (end) The VirusTotal scan results (attached) There are still constant adds when using any website, taking me to different pages and typically under the name of NetoCoupon Thanks again Blackbird Biodegradable Plastics.txt Nari.txt

Hi Blackbird, thanks for your offer to help us. Here is a paste of FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014 Ran by JimiH (administrator) on JAMESHPLAPTOP on 30-12-2014 12:01:44 Running from C:\Users\JimiH\Desktop Loaded Profile: JimiH (Available profiles: JimiH) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (HP) C:\Windows\System32\HPSIsvc.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe () C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe () C:\ProgramData\MobileBrServ\mbbService.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Dropbox, Inc.) C:\Users\JimiH\AppData\Roaming\Dropbox\bin\Dropbox.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe () C:\Program Files (x86)\LexAble\Global AutoCorrect\Global AutoCorrect.exe () C:\Program Files (x86)\LexAble\Global AutoCorrect\Components\GACcorrect.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_246_ActiveX.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-01-11] (Realtek Semiconductor) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation) HKLM-x32\...\Run: [] => [X] HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1783112850-2166569448-4025221075-1003\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil64_15_0_0_246_ActiveX.exe [540848 2014-12-09] (Adobe Systems Incorporated) HKU\S-1-5-21-1783112850-2166569448-4025221075-1003\...\MountPoints2: {551cac7c-f9ba-11e1-8371-74de2b7b67c3} - G:\SISetup.exe HKU\S-1-5-21-1783112850-2166569448-4025221075-1003\...\MountPoints2: {cd1eec9f-22f3-11e3-9c72-74de2b7b67c3} - G:\AutoRun.exe AppInit_DLLs-x32: c:\progra~3\browse~1\23762~1.17\{16cdf~1\browse~1.dll => "c:\progra~3\browse~1\23762~1.17\{16cdf~1\browse~1.dll" File Not Found Startup: C:\Users\JimiH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\JimiH\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\JimiH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Global AutoCorrect.lnk ShortcutTarget: Global AutoCorrect.lnk -> C:\Program Files (x86)\LexAble\Global AutoCorrect\Global AutoCorrect.exe () CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE HKU\S-1-5-21-1783112850-2166569448-4025221075-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-gb/?ocid=iehp SearchScopes: HKLM -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-1783112850-2166569448-4025221075-1003 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = Toolbar: HKLM-x32 - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} - No File DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll () FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-08] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\JimiH\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\JimiH\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-17] CHR Extension: (Google Drive) - C:\Users\JimiH\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-17] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\JimiH\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-17] CHR Extension: (YouTube) - C:\Users\JimiH\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-17] CHR Extension: (Google Search) - C:\Users\JimiH\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-17] CHR Extension: (Image Toolbar beta) - C:\Users\JimiH\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpgaepnhfockgofcejphihfafgmenofb [2014-12-28] CHR Extension: (Music Plus for Google Play Music) - C:\Users\JimiH\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipfnecmlncaiipncipkgijboddcdmego [2014-12-28] CHR Extension: (Google Wallet) - C:\Users\JimiH\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-17] CHR Extension: (Gmail) - C:\Users\JimiH\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-17] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-01] (Atheros) [File not signed] R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [76448 2011-03-01] (Atheros Commnucations) [File not signed] R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed] S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-11-19] (WildTangent) R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed] R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed] R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-28] (Realsil Microelectronics Inc.) [File not signed] R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] () R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [232288 2012-03-12] () R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation) S3 Olympus DVR Service; C:\Program Files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [174080 2012-02-13] (OLYMPUS IMAGING CORP.) [File not signed] R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc) S2 XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [62184 2011-02-25] (Xobni Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation) S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-09-25] (Marvell Semiconductor, Inc.) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation) S3 GEARAspiWDM; system32\DRIVERS\GEARAspiWDM.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-30 12:01 - 2014-12-30 12:02 - 00014753 _____ () C:\Users\JimiH\Desktop\FRST.txt 2014-12-30 12:01 - 2014-12-30 12:01 - 00000000 ____D () C:\FRST 2014-12-30 12:00 - 2014-12-30 12:00 - 02123264 _____ (Farbar) C:\Users\JimiH\Desktop\FRST64.exe 2014-12-30 11:59 - 2014-12-30 11:59 - 00000441 _____ () C:\Users\JimiH\Desktop\Malware Removal Support - Malwarebytes Forum.website 2014-12-29 14:31 - 2014-12-30 11:57 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{DABBDF5C-BD80-4C21-B69E-CFC8E384E652} 2014-12-28 17:27 - 2014-12-28 21:26 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-28 17:27 - 2014-12-28 17:27 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-12-28 17:27 - 2014-12-28 17:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-12-28 17:27 - 2014-12-28 17:27 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-12-28 17:27 - 2014-12-28 17:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-12-28 17:27 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-28 17:27 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-12-28 17:27 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-12-28 17:26 - 2014-12-28 17:26 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\JimiH\Downloads\mbam-setup-2.0.4.1028.exe 2014-12-28 17:23 - 2014-12-28 17:23 - 00000000 ____D () C:\Program Files (x86)\BesstSaveForYoUo 2014-12-28 01:23 - 2014-12-28 21:13 - 00000000 ____D () C:\ProgramData\BesstSaveForYoUo 2014-12-19 11:28 - 2014-12-28 21:13 - 00000000 ____D () C:\ProgramData\FunDeals 2014-12-19 11:28 - 2014-12-28 17:23 - 00000000 ____D () C:\ProgramData\c65c186e93ead6fe 2014-12-17 19:08 - 2014-12-13 05:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-12-17 19:08 - 2014-12-13 03:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-12-17 10:40 - 2014-12-17 10:40 - 00002267 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-12-17 10:40 - 2014-12-17 10:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-12-17 10:39 - 2014-12-30 11:51 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-17 10:39 - 2014-12-29 14:44 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-17 10:39 - 2014-12-17 10:40 - 00000000 ____D () C:\Users\JimiH\AppData\Local\Google 2014-12-17 10:39 - 2014-12-17 10:39 - 00880784 _____ (Google Inc.) C:\Users\JimiH\Downloads\ChromeSetup.exe 2014-12-17 10:36 - 2014-12-17 10:37 - 00000000 ____D () C:\Users\JimiH\Downloads\GoogleChromePortable 2014-12-17 10:36 - 2014-12-17 10:36 - 01409896 _____ (PortableApps.com) C:\Users\JimiH\Downloads\GoogleChromePortable_39.0.2171.95_online.paf.exe 2014-12-16 23:48 - 2014-12-16 23:50 - 00187791 _____ () C:\Users\JimiH\Desktop\Biodegradable Plastics.pptx 2014-12-16 17:53 - 2014-12-16 17:53 - 42184784 _____ (Google Inc.) C:\Users\JimiH\Downloads\ChromeStandaloneSetup.exe 2014-12-16 17:29 - 2014-12-16 17:29 - 00000000 ____D () C:\ProgramData\BlueStacks 2014-12-16 17:28 - 2014-12-18 11:53 - 00000000 ____D () C:\Users\JimiH\AppData\Roaming\WildTangent 2014-12-16 17:27 - 2014-12-16 17:27 - 00002456 ____N () C:\Users\Public\Desktop\WildTangent Games App - hp.lnk 2014-12-15 18:40 - 2014-12-15 19:36 - 00000000 ____D () C:\Windows\pss 2014-12-15 10:24 - 2014-12-15 10:24 - 00000000 ____D () C:\Users\JimiH\AppData\Local\Macromedia 2014-12-12 20:40 - 2014-12-12 20:40 - 00000000 ____D () C:\ProgramData\oakchhmajpecpaomgoehknlljeenbhnj 2014-12-12 20:39 - 2014-12-12 20:39 - 00000000 ____D () C:\Windows\SysWOW64\X86 2014-12-12 20:39 - 2014-12-12 20:39 - 00000000 ____D () C:\Windows\SysWOW64\AMD64 2014-12-12 20:33 - 2014-12-12 20:33 - 00000000 ____D () C:\Users\JimiH\AppData\Roaming\EZDownloader 2014-12-12 20:31 - 2014-12-28 21:13 - 00000000 ____D () C:\Program Files (x86)\BuyNsaave 2014-12-12 20:31 - 2014-12-28 21:13 - 00000000 ____D () C:\Program Files (x86)\BBuyNSavee 2014-12-12 20:31 - 2014-12-12 20:31 - 00000000 ____D () C:\ProgramData\14293326180574222078 2014-12-12 20:30 - 2014-12-12 20:30 - 00000000 ____D () C:\ProgramData\lohihdhgepaicmacnfcblcgkcahonboc 2014-12-11 01:10 - 2014-12-11 01:10 - 01116672 _____ () C:\Users\JimiH\Downloads\Nari_Egee520_Slideshow.ppt 2014-12-10 15:59 - 2014-12-10 15:59 - 00000000 ____D () C:\Windows\system32\appraiser 2014-12-10 13:47 - 2014-10-18 02:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-12-10 13:47 - 2014-10-18 01:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-12-10 09:16 - 2014-12-04 02:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2014-12-10 09:16 - 2014-12-04 02:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2014-12-10 09:16 - 2014-12-04 02:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-12-10 09:16 - 2014-12-04 02:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2014-12-10 09:16 - 2014-12-04 02:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-12-10 09:16 - 2014-12-04 02:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2014-12-10 09:16 - 2014-12-04 02:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-12-10 09:16 - 2014-12-01 23:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2014-12-10 09:16 - 2014-11-27 01:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-12-10 09:16 - 2014-11-27 01:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-12-10 09:16 - 2014-11-22 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-12-10 09:16 - 2014-11-22 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-12-10 09:16 - 2014-11-22 02:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-12-10 09:16 - 2014-11-22 02:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-12-10 09:16 - 2014-11-22 02:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-12-10 09:16 - 2014-11-22 02:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-12-10 09:16 - 2014-11-22 02:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-12-10 09:16 - 2014-11-22 02:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-12-10 09:16 - 2014-11-22 02:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-12-10 09:16 - 2014-11-22 02:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-12-10 09:16 - 2014-11-22 02:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-12-10 09:16 - 2014-11-22 02:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-12-10 09:16 - 2014-11-22 02:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-12-10 09:16 - 2014-11-22 01:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-12-10 09:16 - 2014-11-22 01:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-12-10 09:16 - 2014-11-22 01:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-12-10 09:16 - 2014-11-22 01:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-12-10 09:16 - 2014-11-22 01:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-12-10 09:16 - 2014-11-22 01:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-12-10 09:16 - 2014-11-22 01:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-12-10 09:16 - 2014-11-22 01:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-12-10 09:16 - 2014-11-22 01:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-12-10 09:16 - 2014-11-22 01:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-12-10 09:16 - 2014-11-22 01:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-12-10 09:16 - 2014-11-22 01:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-12-10 09:16 - 2014-11-22 01:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-12-10 09:16 - 2014-11-22 01:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-12-10 09:16 - 2014-11-22 00:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-12-10 09:16 - 2014-11-22 00:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-12-10 09:16 - 2014-11-11 03:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-12-10 09:16 - 2014-11-11 02:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-12-10 09:16 - 2014-11-11 01:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2014-12-10 09:15 - 2014-11-22 03:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-12-10 09:15 - 2014-11-22 02:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-12-10 09:15 - 2014-11-22 02:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-12-10 09:15 - 2014-11-22 02:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-12-10 09:15 - 2014-11-22 02:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-12-10 09:15 - 2014-11-22 02:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-12-10 09:15 - 2014-11-22 02:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-12-10 09:15 - 2014-11-22 02:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-12-10 09:15 - 2014-11-22 02:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-12-10 09:15 - 2014-11-22 02:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-12-10 09:15 - 2014-11-22 02:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-12-10 09:15 - 2014-11-22 02:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-12-10 09:15 - 2014-11-22 02:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-12-10 09:15 - 2014-11-22 02:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-12-10 09:15 - 2014-11-22 01:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-12-10 09:15 - 2014-11-22 01:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-12-10 09:15 - 2014-11-22 01:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-12-10 09:15 - 2014-11-22 01:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-12-10 09:15 - 2014-11-22 01:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-12-10 09:15 - 2014-11-22 01:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-12-10 09:15 - 2014-11-22 01:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-12-10 09:15 - 2014-11-22 01:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-12-10 09:15 - 2014-11-22 01:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-12-10 09:15 - 2014-11-08 03:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-12-10 09:15 - 2014-11-08 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-12-10 09:15 - 2014-10-30 02:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe 2014-12-10 09:15 - 2014-10-30 01:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe 2014-12-10 09:15 - 2014-10-03 02:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-12-10 09:15 - 2014-10-03 02:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2014-12-10 09:15 - 2014-10-03 02:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2014-12-10 09:15 - 2014-10-03 02:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2014-12-10 09:15 - 2014-10-03 02:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2014-12-10 09:15 - 2014-10-03 01:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2014-12-10 09:15 - 2014-10-03 01:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2014-12-10 09:15 - 2014-10-03 01:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll 2014-12-10 09:15 - 2014-10-03 01:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll 2014-12-10 09:15 - 2014-10-03 01:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe 2014-12-01 08:23 - 2014-12-01 08:23 - 00000000 __SHD () C:\Users\JimiH\AppData\Local\EmieBrowserModeList ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-30 11:59 - 2011-10-25 09:10 - 01988341 _____ () C:\Windows\WindowsUpdate.log 2014-12-30 11:59 - 2009-07-14 04:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-30 11:59 - 2009-07-14 04:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-30 11:53 - 2014-01-06 20:50 - 00000000 ___RD () C:\Users\JimiH\Dropbox 2014-12-30 11:53 - 2014-01-06 20:48 - 00000000 ____D () C:\Users\JimiH\AppData\Roaming\Dropbox 2014-12-30 11:52 - 2011-04-24 22:38 - 00000000 ____D () C:\ProgramData\PDFC 2014-12-30 11:51 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-30 11:51 - 2009-07-14 04:51 - 00223547 _____ () C:\Windows\setupact.log 2014-12-28 23:31 - 2010-11-21 03:47 - 00406114 _____ () C:\Windows\PFRO.log 2014-12-28 23:28 - 2012-10-16 13:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-28 17:08 - 2009-07-14 05:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-28 15:46 - 2012-09-15 16:05 - 00000444 _____ () C:\Users\JimiH\Desktop\QM Email Login.website 2014-12-28 00:46 - 2012-09-08 13:53 - 00000000 ____D () C:\Users\JimiH\Documents\Outlook Files 2014-12-27 14:14 - 2014-11-16 17:22 - 00548784 ____H () C:\Users\JimiH\Desktop\~WRL3592.tmp 2014-12-27 14:10 - 2014-08-19 11:48 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJimiH 2014-12-27 14:10 - 2014-08-19 11:48 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForJimiH.job 2014-12-27 12:11 - 2013-06-14 20:30 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-12-27 12:11 - 2012-04-13 13:48 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-12-26 13:40 - 2012-09-26 15:20 - 00000000 ____D () C:\Users\JimiH\Documents\Uni 2014-12-19 11:05 - 2012-09-21 15:16 - 00003228 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJAMESHPLAPTOP$ 2014-12-19 11:05 - 2012-08-18 17:46 - 00000352 _____ () C:\Windows\Tasks\HPCeeScheduleForJAMESHPLAPTOP$.job 2014-12-18 11:53 - 2011-04-24 22:29 - 00000000 ____D () C:\ProgramData\WildTangent 2014-12-18 09:42 - 2014-01-06 20:50 - 00001030 _____ () C:\Users\JimiH\Desktop\Dropbox.lnk 2014-12-18 09:42 - 2014-01-06 20:48 - 00000000 ____D () C:\Users\JimiH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-12-17 10:40 - 2012-04-13 02:02 - 00000000 ____D () C:\Program Files (x86)\Google 2014-12-17 10:39 - 2012-04-13 02:02 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-12-17 10:39 - 2012-04-13 02:02 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-12-17 10:35 - 2014-09-12 15:12 - 00000000 ____D () C:\Users\JimiH\AppData\Local\Deployment 2014-12-16 17:28 - 2011-04-24 22:29 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games 2014-12-16 17:27 - 2012-10-02 19:13 - 00000000 ____D () C:\Users\JimiH\AppData\Local\CrashDumps 2014-12-16 17:27 - 2009-07-14 05:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-12-15 19:42 - 2012-04-12 11:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-12-15 18:37 - 2012-08-18 18:09 - 00000000 ____D () C:\Users\JimiH\AppData\Roaming\Skype 2014-12-15 10:24 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-12-15 10:14 - 2013-01-20 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3 2014-12-14 17:28 - 2009-07-14 05:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2014-12-12 21:22 - 2014-11-16 17:22 - 00314068 ____H () C:\Users\JimiH\Desktop\~WRL0003.tmp 2014-12-12 13:10 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache 2014-12-11 12:59 - 2013-01-28 10:22 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-12-10 15:59 - 2014-05-06 17:58 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-12-10 15:59 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-12-10 15:59 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\AppCompat 2014-12-10 13:57 - 2013-08-02 11:06 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-10 13:51 - 2012-10-30 09:04 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-12-10 13:51 - 2012-05-03 22:29 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-12-09 21:21 - 2012-10-16 13:08 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-12-09 21:21 - 2012-04-12 12:03 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-12-09 21:21 - 2012-04-12 12:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-12-01 09:39 - 2013-01-15 10:26 - 00000000 ____D () C:\ProgramData\CanonIJPLM Some content of TEMP: ==================== C:\Users\JimiH\AppData\Local\Temp\APNSetup.exe C:\Users\JimiH\AppData\Local\Temp\b96550C79683e.exe C:\Users\JimiH\AppData\Local\Temp\c52eC2095.exe C:\Users\JimiH\AppData\Local\Temp\ChilkatCert.dll C:\Users\JimiH\AppData\Local\Temp\ChilkatHttp.dll C:\Users\JimiH\AppData\Local\Temp\ClaroUp.exe C:\Users\JimiH\AppData\Local\Temp\contentDATs.exe C:\Users\JimiH\AppData\Local\Temp\d36C7D6.exe C:\Users\JimiH\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgrn_dg.dll C:\Users\JimiH\AppData\Local\Temp\HPHelpUpdater.exe C:\Users\JimiH\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe C:\Users\JimiH\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe C:\Users\JimiH\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe C:\Users\JimiH\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe C:\Users\JimiH\AppData\Local\Temp\License Authorization.exe C:\Users\JimiH\AppData\Local\Temp\MSETUP4.EXE C:\Users\JimiH\AppData\Local\Temp\mssinstaller.exe C:\Users\JimiH\AppData\Local\Temp\REGTLIB.EXE C:\Users\JimiH\AppData\Local\Temp\Resource.exe C:\Users\JimiH\AppData\Local\Temp\SecurityScan_Release.exe C:\Users\JimiH\AppData\Local\Temp\siinst.exe C:\Users\JimiH\AppData\Local\Temp\siuninst.exe C:\Users\JimiH\AppData\Local\Temp\SP52264.exe C:\Users\JimiH\AppData\Local\Temp\SP54714.exe C:\Users\JimiH\AppData\Local\Temp\SP54972.exe C:\Users\JimiH\AppData\Local\Temp\SP54976.exe C:\Users\JimiH\AppData\Local\Temp\SP54982.exe C:\Users\JimiH\AppData\Local\Temp\SP55152.exe C:\Users\JimiH\AppData\Local\Temp\SP55343.exe C:\Users\JimiH\AppData\Local\Temp\SP56929.exe C:\Users\JimiH\AppData\Local\Temp\SP57398.exe C:\Users\JimiH\AppData\Local\Temp\SP58776.exe C:\Users\JimiH\AppData\Local\Temp\sp58915.exe C:\Users\JimiH\AppData\Local\Temp\SP60723.exe C:\Users\JimiH\AppData\Local\Temp\sp64126.exe C:\Users\JimiH\AppData\Local\Temp\strings.dll C:\Users\JimiH\AppData\Local\Temp\UninstallHPSA.exe C:\Users\JimiH\AppData\Local\Temp\UninstallHPTCA.exe C:\Users\Justas\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit-1.exe C:\Users\Justas\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-18 16:38 ==================== End Of Log ============================ Here is a paste of Addition.txt: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014 Ran by JimiH at 2014-12-30 12:02:56 Running from C:\Users\JimiH\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1} AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.) Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros) Audio Notetaker 2.5 (HKLM-x32\...\{D399EF53-771F-4C89-AC10-FECCCA6AD4BB}) (Version: 2.5.2962.0 - Sonocent Ltd.) Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.60 - Atheros Communications) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - ) Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - ) Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - ) CanoScan LiDE 210 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4809) (Version: - Canon Inc.) Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Claro ScreenMarker (HKLM-x32\...\{B6209725-7D7D-4EB8-A9DD-13C60B0F81BB}) (Version: 1.1.0.0 - Claro Software) ClaroView (HKLM-x32\...\{E918AD29-08E5-4A1B-BD6A-A8A3CE6A0619}) (Version: 1.0.12.12 - Claro Software) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.2.1.3726 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden Dropbox (HKU\S-1-5-21-1783112850-2166569448-4025221075-1003\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.) Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard) EPSON PX720WD Series Manual (HKLM-x32\...\EPSON PX720WD Series Manual) (Version: - ) EPSON PX720WD Series Network Guide (HKLM-x32\...\EPSON PX720WD Series Network Guide) (Version: - ) EPSON PX720WD Series Printer Uninstall (HKLM\...\EPSON PX720WD Series) (Version: - SEIKO EPSON Corporation) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION) EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3a - SEIKO EPSON CORPORATION) ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard) Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.) Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden Global AutoCorrect (HKLM-x32\...\Global AutoCorrect) (Version: - LexAble Ltd.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP Documentation (HKLM-x32\...\{2BF8B295-A214-42AC-B4EC-2AE15E08B0E7}) (Version: 1.1.0.0 - Hewlett-Packard) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent) HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - ) HP On Screen Display (HKLM-x32\...\{124DB96E-CBF5-44FB-AB59-7D2444DEC777}) (Version: 1.0.7 - Hewlett-Packard Company) HP Power Manager (HKLM-x32\...\{B97E3520-C726-475E-BC0C-7561952633AB}) (Version: 1.2.1 - Hewlett-Packard Company) HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company) HP Setup (HKLM-x32\...\{03046EBB-CB7C-4B98-BEFB-690EB955DA22}) (Version: 8.5.4526.3645 - Hewlett-Packard Company) HP Software Framework (HKLM-x32\...\{97174E88-52F9-445A-A28E-704A45332D19}) (Version: 4.0.108.1 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company) HP Wireless Assistant (HKLM\...\{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}) (Version: 4.0.10.0 - Hewlett-Packard Company) hppLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) Hidden HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2202 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation) iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.) Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.670 - Oracle) Java 6 Update 22 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416022FF}) (Version: 6.0.220 - Oracle) Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden MatchWare MindView 5.0 (HKLM-x32\...\{C849BEF2-0216-45E5-841B-F0F2F4FDE319}) (Version: 5.0.136 - MatchWare A/S) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft_VC90_CRT_x86 (HKLM-x32\...\{DF2035BE-5820-4965-BD97-7FAF8D4A7879}) (Version: 1.0.0 - Microsoft Corporation) Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.14.01.105 - Huawei Technologies Co.,Ltd) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden Olympus Sonority (HKLM-x32\...\{BFE5EE53-FB9C-4E32-B652-A85C55E1F081}) (Version: 1.4.0 - OLYMPUS IMAGING CORP.) PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.34 - PDF Complete, Inc) Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden PreSonus Studio One 2 x64 (HKLM\...\PreSonus Studio One 2) (Version: 2.5.2.22258 - PreSonus Audio Electronics) Read And Write 10 (HKLM-x32\...\{DEB0B3B9-9F3D-4051-8D33-103430881BE4}) (Version: 10.0.6 - Texthelp Ltd.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6287 - Realtek Semiconductor Corp.) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.) Recovery Manager (x32 Version: 1.0.22 - Hewlett-Packard) Hidden ScreenRuler (HKLM-x32\...\{859093DF-F10C-4AD8-82A8-3A5CC3DEC761}) (Version: 3.0.0.2 - Claro Software) Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden Sid Meier's Civilization V Brave New World (HKLM-x32\...\U2lkTWVpZXJzQ2l2aWxpemF0aW9uVg==_is1) (Version: 1 - ) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated) System Requirements Lab CYRI (HKLM-x32\...\{943A8D28-80D6-41DC-AE94-81FEB42041BF}) (Version: 4.5.1.0 - Husdawg, LLC) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden WildTangent Games App (HP Games) (x32 Version: 4.0.5.37 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) WinZip 14.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}) (Version: 14.5.9095 - WinZip Computing, S.L. ) Xobni (HKLM-x32\...\XobniMain) (Version: 1.9.5.13209 - Xobni Corp.) Xobni Core (x32 Version: 1.0.0 - Xobni, Inc.) Hidden Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1783112850-2166569448-4025221075-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\JimiH\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1783112850-2166569448-4025221075-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JimiH\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1783112850-2166569448-4025221075-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JimiH\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1783112850-2166569448-4025221075-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JimiH\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1783112850-2166569448-4025221075-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JimiH\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1783112850-2166569448-4025221075-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JimiH\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1783112850-2166569448-4025221075-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JimiH\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1783112850-2166569448-4025221075-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JimiH\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1783112850-2166569448-4025221075-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JimiH\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 24-12-2014 14:37:31 Scheduled Checkpoint 27-12-2014 12:14:11 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {037B3B26-31AD-4FB6-8F21-63C547355F0D} - System32\Tasks\HPCeeScheduleForJimiH => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {1DE165DE-F7CC-4FBF-9037-A31F38962766} - System32\Tasks\{29E11CD2-150F-4C89-B29F-CA693D93C455} => pcalua.exe -a C:\Users\JimiH\AppData\Local\Temp\wzbbcf\QM_Eduroam_Setup.exe -d E:\Uni Task: {201223BD-DC24-4342-96A1-1529F9D8AE4F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {2DE2FCEA-F7A2-492C-B268-E08E93190ED8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {409CF8F0-C930-49C6-B362-7481A1CFCE1D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {4E827839-2330-4636-8FCD-C8BCBCDDE99F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-17] (Google Inc.) Task: {5F04D4B6-8551-42A4-8133-25343BEE9B63} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-12-16] (Microsoft) Task: {61F60EFD-93B7-49AD-BCAE-8DAE301F22C2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated) Task: {63BEBE09-1346-434D-A3CE-2749E5F0FD45} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-01-25] () Task: {6C8FD229-3DA5-4AB2-B026-F701284511E3} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-02-10] (CyberLink) Task: {8EC3F6C3-EE86-43E1-A460-743EED9E91FB} - System32\Tasks\HPCeeScheduleForJAMESHPLAPTOP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {AA6681A5-9BBA-4C8F-923A-1549FF6AA71C} - System32\Tasks\{934E392D-C2F5-402E-867F-7D732DDE9433} => pcalua.exe -a "C:\Games\Red Alert 2\SetupReg.exe" -d "C:\Games\Red Alert 2" Task: {BBD5661E-D599-484D-8256-50317280947F} - System32\Tasks\{323C8552-DD1D-4A5C-833B-D52C93D002B7} => pcalua.exe -a G:\SISetup.exe -d G:\ Task: {CA82C8F1-0472-407E-91F8-E970BABBCB21} - System32\Tasks\{1EBE2F42-3DFF-41DE-B764-6FEE8A8328C8} => pcalua.exe -a "C:\Games\Red Alert 2\RegSetup.exe" -d "C:\Games\Red Alert 2" Task: {DA8691A9-8413-498D-90F7-83968BA857EE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-17] (Google Inc.) Task: {DC2D055B-48F0-418F-96DF-64E5A2426D91} - System32\Tasks\4646 => Wscript.exe C:\Users\JimiH\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION Task: {E00DD572-F038-4581-B2B5-C607CFC400EE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {EEF7E498-EB86-490D-AC8C-A2ECBEBB07C8} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {F81AEA99-94DA-4530-B11B-1C306A15021E} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForJAMESHPLAPTOP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\Windows\Tasks\HPCeeScheduleForJimiH.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2012-11-11 22:12 - 2012-08-31 15:03 - 00288768 _____ () C:\Windows\System32\HP1100LM.DLL 2012-09-08 14:22 - 2012-08-31 15:02 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL 2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2013-01-15 10:26 - 2010-04-05 19:55 - 00116104 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE 2013-09-21 19:38 - 2012-03-12 09:05 - 00232288 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe 2013-01-15 09:48 - 2013-10-10 07:57 - 00509064 _____ () C:\Program Files (x86)\LexAble\Global AutoCorrect\Global AutoCorrect.exe 2013-01-15 09:48 - 2013-10-10 09:23 - 00511112 _____ () C:\Program Files (x86)\LexAble\Global AutoCorrect\components\GACcorrect.exe 2010-07-21 21:33 - 2010-07-21 21:33 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll 2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-07-31 11:16 - 2014-07-31 11:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-10-22 00:22 - 2014-10-22 00:22 - 00750080 _____ () C:\Users\JimiH\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2014-12-30 11:52 - 2014-12-30 11:52 - 00043008 _____ () c:\users\jimih\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgrn_dg.dll 2014-10-22 00:22 - 2014-10-22 00:22 - 00047616 _____ () C:\Users\JimiH\AppData\Roaming\Dropbox\bin\libEGL.dll 2014-10-22 00:22 - 2014-10-22 00:22 - 00863744 _____ () C:\Users\JimiH\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll 2014-10-22 00:22 - 2014-10-22 00:22 - 00200704 _____ () C:\Users\JimiH\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll 2013-01-15 09:48 - 2013-10-09 15:03 - 01576584 _____ () C:\Program Files (x86)\LexAble\Global AutoCorrect\components\lexsrch.DLL 2013-01-15 09:48 - 2012-03-09 09:44 - 00145544 _____ () C:\Program Files (x86)\LexAble\Global AutoCorrect\components\Wordnet.DLL 2013-12-20 21:30 - 2013-10-09 15:03 - 01393288 _____ () C:\Program Files (x86)\LexAble\Global AutoCorrect\Components\SQLite3.dll 2014-10-15 17:15 - 2014-10-15 17:15 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\ba8588c3319d63350220ec2ac3eb2c36\IsdiInterop.ni.dll 2011-10-25 09:14 - 2010-09-14 01:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\JimiH\Desktop\QM Email Login.website:TASKICON_0new-email-jumplist1360983202 AlternateDataStreams: C:\Users\JimiH\Desktop\QM Email Login.website:TASKICON_1new-appt-jumplist-962410011 AlternateDataStreams: C:\Users\JimiH\Desktop\QM Email Login.website:TASKICON_2new-meeting-jumplist-1002612992 AlternateDataStreams: C:\Users\JimiH\Desktop\QM Email Login.website:TASKICON_3find-someone-jumplist1954601419 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Device Detector 4.lnk => C:\Windows\pss\Device Detector 4.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^JimiH^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Synchronizer => "C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe" MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon MSCONFIG\startupreg: Epson Stylus Photo PX720WD(Network) => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGYE.EXE /FU "C:\Windows\TEMP\E_S7213.tmp" /EF "HKCU" MSCONFIG\startupreg: EPSONE0CC80 (Epson Stylus Photo PX720WD) => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGYE.EXE /FU "C:\Windows\TEMP\E_S9F99.tmp" /EF "HKCU" MSCONFIG\startupreg: Google+ Auto Backup => "C:\Users\JimiH\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe MSCONFIG\startupreg: HPOSD => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe MSCONFIG\startupreg: HPUsageTrackingLEDM => "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\" MSCONFIG\startupreg: HPWirelessAssistant => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe MSCONFIG\startupreg: se => "C:\Users\JimiH\AppData\Roaming\SkypEmoticons\SE.exe" /minimized MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" ========================= Accounts: ========================== Administrator (S-1-5-21-1783112850-2166569448-4025221075-500 - Administrator - Disabled) Guest (S-1-5-21-1783112850-2166569448-4025221075-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-1783112850-2166569448-4025221075-1002 - Limited - Enabled) JimiH (S-1-5-21-1783112850-2166569448-4025221075-1003 - Administrator - Enabled) => C:\Users\JimiH ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/30/2014 11:53:19 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/29/2014 02:37:02 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/29/2014 02:28:56 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/28/2014 11:33:22 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/28/2014 09:16:42 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/28/2014 10:17:08 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/28/2014 00:44:27 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/27/2014 01:38:12 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/27/2014 00:14:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddCoreCsiFiles : GetNextFileMapContent() failed. System Error: The parameter is incorrect. . Error: (12/27/2014 00:14:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddCoreCsiFiles : GetNextFileMapContent() failed. System Error: The parameter is incorrect. . System errors: ============= Error: (12/30/2014 11:52:57 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (12/29/2014 02:36:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (12/29/2014 02:28:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (12/28/2014 11:32:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (12/28/2014 11:28:40 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service. Error: (12/28/2014 09:16:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (12/28/2014 09:11:18 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Atheros Bt&Wlan Coex Agent service. Error: (12/28/2014 03:27:20 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IconMan_R service. Error: (12/28/2014 02:58:08 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EFS service. Error: (12/28/2014 02:58:06 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IconMan_R service. Microsoft Office Sessions: ========================= Error: (12/30/2014 11:53:19 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/29/2014 02:37:02 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/29/2014 02:28:56 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/28/2014 11:33:22 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/28/2014 09:16:42 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/28/2014 10:17:08 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/28/2014 00:44:27 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/27/2014 01:38:12 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/27/2014 00:14:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddCoreCsiFiles : GetNextFileMapContent() failed. System Error: The parameter is incorrect. Error: (12/27/2014 00:14:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddCoreCsiFiles : GetNextFileMapContent() failed. System Error: The parameter is incorrect. CodeIntegrity Errors: =================================== Date: 2014-08-18 11:53:11.389 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-08-18 11:53:11.161 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel® Core i3 CPU M 370 @ 2.40GHz Percentage of memory in use: 58% Total physical RAM: 3893.86 MB Available physical RAM: 1601.61 MB Total Pagefile: 7785.89 MB Available Pagefile: 4928.56 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (Sys155GB) (Fixed) (Total:155.06 GB) (Free:56.19 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (RECOVERY) (Fixed) (Total:13.83 GB) (Free:1.72 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive e: (Data 129GB) (Fixed) (Total:128.91 GB) (Free:128.42 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 434CBBC6) Partition 1: (Not Active) - (Size=993 KB) - (Type=42) Partition 2: (Active) - (Size=199 MB) - (Type=42) Partition 3: (Not Active) - (Size=155.1 GB) - (Type=42) Partition 4: (Not Active) - (Size=142.8 GB) - (Type=42) ==================== End Of Log ============================ We now have 3 log files from mbam which I have attached Thank You mbam-log-2014-12-28 (17-27-59).xml mbam-log-2014-12-28 (21-26-04).xml protection-log-2014-12-28.xml

Hello, I am trying to help my son clean some malware from his laptop. He gets multiple pop up adverts and redirects from what seems to be an infection by 'Ad by NetoCoupon'. We tried running Malwarebytes, which although it found and quarantined many trojans, unfortunately hasn't managed to clean the infection. Can we ask for some assistance? Thank you.

Contents of Checkup.txt: Results of screen317's Security Check version 0.99.74 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` CloneSpy 3.03 Malwarebytes Anti-Malware version 1.75.0.1300 Java 6 Update 30 Java 7 Update 45 Java version out of Date! Adobe Reader XI Google Chrome 30.0.1599.101 Google Chrome 30.0.1599.69 Google Chrome plugins... ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 18% Defragment your hard drive soon! (Do NOT defrag if SSD!)````````````````````End of Log``````````````````````

Hello again. After a day of use I have had no more redirects. I also note that Saffe saevue has finally been removed from under Chrome's tools Thank you very much MrC - A small donation will follow regards

Report from AdwCleaner: # AdwCleaner v3.008 - Report created 18/10/2013 at 18:32:08 # Updated 17/10/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Work (CSC) - STUDY-PC # Running from : C:\Users\Work (CSC)\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\StarApp Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader Folder Deleted : C:\Program Files (x86)\SafeSaver Folder Deleted : C:\Users\Work (CSC)\AppData\Roaming\EZDownloader ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1A03F196-9617-4CA0-842B-A83CEECB022B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKLM\Software\SP Global Key Deleted : HKLM\Software\SProtector ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16720 ************************* AdwCleaner[R0].txt - [3306 octets] - [18/10/2013 18:30:33] AdwCleaner[s0].txt - [3140 octets] - [18/10/2013 18:32:08] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3200 octets] ########## Report from MalwareBytes (with Scaner settings > PUP set to check for removal): Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.10.18.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16721 Work (CSC) :: STUDY-PC [administrator] 18/10/2013 18:38:37 mbam-log-2013-10-18 (18-38-37).txt Scan type: Full scan (C:\|D:\|E:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 576671 Time elapsed: 1 hour(s), 23 minute(s), 44 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) From a quick test, the redirect isn't now happening - I will give it a thorough test tomorrow - but looking good! Thank you for your help MrC

Here is the Combofix.txt file. While typing this Saffe saevue again asked to be enabled - I'm sure that needs to go ComboFix.txt

Hello, I deleted the "Rouge ST" as instructed. I then re-ran Malwarebytes Anti-Rootkit (with a brand new d/b update) and it again found nothing. Unfortunately, the immediate redirect is still present on Chrome.

Thank you MrC for your very prompt reply, here is the report: RogueKiller V8.7.4 _x64_ [Oct 16 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Work (CSC) [Admin rights] Mode : Scan -- Date : 10/18/2013 16:23:05 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 11 ¤¤¤ [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND [HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 1 ¤¤¤ [V2][ROGUE ST] 4786 : wscript.exe - C:\Users\WORK(C~1\AppData\Local\Temp\launchie.vbs //B -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - Corsair CMFSSD-64D1 ATA Device +++++ --- User --- [MBR] 9e522aabe7e446dc1245b86ed4c4847d [bSP] c3ccfc588a263937f4faa19842313e36 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 56204 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) (Standard disk drives) - SAMSUNG HD103SJ ATA Device +++++ --- User --- [MBR] fa0f334d4c2af483aab6fb1fd0b41656 [bSP] 2cfa99b51c803e95419381d9ad1f08ce : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ IDE) (Standard disk drives) - ST1000DM005 HD103SJ ATA Device +++++ --- User --- [MBR] f05e9722ab22f806dfe21fb227c08bb1 [bSP] 33cc29c31c33f16a1a63bff1756c7ce7 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100000 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 204802048 | Size: 716800 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1672808448 | Size: 51197 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_10182013_162305.txt >>

Hello, I hope you can help. I use Chrome as my default browser. I started noticing occasional "Serve.bannersdontwork" pop ups a week ago, but as of today I get a redirect every time I start Google in Chrome. Fortunately, for the time being at least, IE seems to be unaffected. I use MS Essentials all the time but when I notice any odd behaviour, as now, I rum MB Antimalware. Full scans of both come up clean. I did try running MB Anti-Rootkit beta - but it said "No Malware found". I have spotted Saffe saevue under the list of Chrome tools. I fire up DDS - it says it is going to generate the two log files - but then never does...

Hi Daniel, I think that apart from the missing files from the start menu, I am back where I started. Thank you very much for all of your patient help.

Hi, Ahhh, I was clicking on the DDS icon. OTL.txt: OTL logfile created on: 02/05/2012 07:21:21 - Run 3 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Work (CSC)\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 4.00 Gb Total Physical Memory | 2.75 Gb Available Physical Memory | 68.73% Memory free 7.99 Gb Paging File | 6.70 Gb Available in Paging File | 83.91% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 39.99 Gb Total Space | 4.32 Gb Free Space | 10.80% Space Free | Partition Type: NTFS Drive D: | 97.66 Gb Total Space | 71.05 Gb Free Space | 72.76% Space Free | Partition Type: NTFS Drive E: | 600.00 Gb Total Space | 139.85 Gb Free Space | 23.31% Space Free | Partition Type: NTFS Drive H: | 931.51 Gb Total Space | 31.39 Gb Free Space | 3.37% Space Free | Partition Type: NTFS Drive N: | 1858.35 Gb Total Space | 1436.72 Gb Free Space | 77.31% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: STUDY-PC | User Name: Work (CSC) | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/04/09 19:55:35 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Work (CSC)\Desktop\OTL.exe PRC - [2011/08/19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe PRC - [2011/07/11 08:06:00 | 000,058,760 | ---- | M] (IBM Corp) -- C:\Program Files (x86)\IBM\Lotus\Notes\ntmulti.exe PRC - [2011/07/11 08:05:08 | 003,417,480 | ---- | M] (IBM) -- C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009/09/23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe PRC - [2008/02/22 19:10:38 | 000,054,272 | ---- | M] () -- C:\Program Files (x86)\RALINK\Common\RalinkRegistryWriter.exe PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe PRC - [2004/12/13 05:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe ========== Modules (No Company Name) ========== MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011/01/10 07:08:38 | 000,965,904 | ---- | M] () [Auto | Running] -- C:\Program Files\ShrewSoft\VPN Client\iked.exe -- (iked) SRV:64bit: - [2011/01/10 07:08:38 | 000,697,616 | ---- | M] () [Auto | Running] -- C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -- (ipsecd) SRV:64bit: - [2011/01/10 07:08:38 | 000,056,592 | ---- | M] () [Auto | Running] -- C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -- (dtpd) SRV:64bit: - [2010/12/13 15:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc) SRV:64bit: - [2009/09/14 07:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04) EPSON V5 Service4(04) SRV:64bit: - [2009/09/14 07:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04) EPSON V3 Service4(04) SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/04/28 12:04:19 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011/08/19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2011/07/11 08:06:00 | 000,058,760 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Program Files (x86)\IBM\Lotus\Notes\ntmulti.exe -- (Multi-user Cleanup Service) SRV - [2011/07/11 08:05:08 | 003,417,480 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe -- (Lotus Notes Diagnostics) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009/11/06 10:18:50 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) @C:\Program Files (x86) SRV - [2009/09/23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0) SRV - [2008/02/22 19:10:38 | 000,054,272 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RALINK\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter) SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService) SRV - [2004/12/13 05:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/12/17 08:57:30 | 000,024,064 | ---- | M] (Shrew Soft Inc) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vfilter.sys -- (vflt) DRV:64bit: - [2010/12/13 15:37:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo) DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/08/16 11:42:00 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2010/07/22 04:33:22 | 000,017,408 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\virtualnet.sys -- (vnet) DRV:64bit: - [2010/05/06 10:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010/04/16 15:01:32 | 000,047,616 | ---- | M] (ZOOM) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zmghpau.sys -- (ZMGHPAudioSrv) DRV:64bit: - [2009/10/21 10:33:02 | 000,474,240 | ---- | M] (Leadtek Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wfeaglxt.sys -- (WFLR6654) WinFast TV2000 XP Expert (FM1216MK3) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM) DRV:64bit: - [2009/07/14 01:06:41 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sonydcam.sys -- (sonydcam) DRV:64bit: - [2009/07/10 11:10:10 | 000,233,472 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/06/10 21:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364) DRV:64bit: - [2009/06/10 21:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort) DRV:64bit: - [2008/05/20 19:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV:64bit: - [2007/05/01 04:00:00 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2006/11/08 15:46:30 | 000,245,248 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rt2500usb.sys -- (RT2500USB) DRV - [2010/07/30 14:00:47 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008/02/12 02:48:06 | 000,017,152 | ---- | M] (BUFFALO INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\bfturboh.sys -- (bfturboh) DRV - [1999/09/10 13:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\ASPI32.SYS -- (ASPI32) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E5 66 15 DE 0A 5A CA 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/10/27 10:14:19 | 000,000,000 | ---D | M] O1 HOSTS File: ([2012/04/23 17:15:02 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O15 - HKCU\..Trusted Domains: csc.com ([epmo] https in Trusted sites) O15 - HKCU\..Trusted Domains: exostar.com ([]https in Trusted sites) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://selexgalileo.webex.com/client/T27LB/webex/ieatgpc1.cab (GpcContainer Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B3B3E19-A85F-48E7-8310-0DA2480CC428}: Domain = uk.emea.csc.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{922071B8-A01D-4AD7-98A8-935C6EB8D168}: DhcpNameServer = 194.168.4.100 194.168.8.100 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/04/28 12:04:19 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/04/26 17:11:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client [2012/04/23 17:15:03 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012/04/23 16:58:58 | 004,473,179 | R--- | C] (Swearware) -- C:\Users\Work (CSC)\Desktop\ComboFix.exe [2012/04/11 23:13:24 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012/04/11 23:13:23 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012/04/11 23:13:22 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012/04/11 23:10:34 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2012/04/11 23:10:34 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll [2012/04/11 23:10:34 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys [2012/04/11 22:54:53 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012/04/11 22:54:53 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/04/11 22:54:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/04/11 22:54:53 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/04/11 22:54:53 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/04/11 22:54:52 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/04/11 22:54:52 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/04/11 19:12:26 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012/04/10 20:32:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/04/10 20:32:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/04/10 20:32:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/04/10 20:31:33 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012/04/10 20:30:29 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/04/09 19:55:31 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Work (CSC)\Desktop\OTL.exe [2012/04/07 12:07:33 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Work (CSC)\Desktop\dds.scr [2012/04/06 13:45:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/04/06 13:44:14 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Work (CSC)\Desktop\unhide.exe [2012/04/04 18:55:19 | 000,000,000 | ---D | C] -- C:\Users\Work (CSC)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/05/02 07:21:07 | 000,013,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/05/02 07:21:07 | 000,013,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/05/02 07:19:38 | 018,227,458 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/05/02 07:19:38 | 008,919,654 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/05/02 07:19:38 | 000,005,632 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/05/02 07:16:24 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/05/02 07:13:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/05/02 07:13:22 | 3217,674,240 | -HS- | M] () -- C:\hiberfil.sys [2012/05/01 23:30:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/05/01 23:28:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/04/29 13:50:30 | 000,000,075 | ---- | M] () -- C:\Windows\SysWow64\newnameformat.nnf [2012/04/28 16:11:45 | 000,000,132 | ---- | M] () -- C:\Users\Work (CSC)\Desktop\look.bat [2012/04/28 12:04:19 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/04/28 12:04:19 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/04/26 17:11:33 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2012/04/26 17:11:19 | 000,005,598 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/04/26 17:09:29 | 000,001,589 | ---- | M] () -- C:\Users\Work (CSC)\Desktop\WinFast PVR2.lnk [2012/04/25 20:14:26 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Work (CSC)\Desktop\unhide.exe [2012/04/23 17:15:02 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/04/23 16:58:58 | 004,473,179 | R--- | M] (Swearware) -- C:\Users\Work (CSC)\Desktop\ComboFix.exe [2012/04/23 08:52:09 | 000,001,661 | ---- | M] () -- C:\Users\Work (CSC)\Desktop\Computer Management.lnk (2).lnk [2012/04/21 10:40:13 | 000,067,473 | ---- | M] () -- C:\Users\Work (CSC)\Desktop\MSE error.JPG [2012/04/17 21:00:09 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2012/04/15 21:04:42 | 000,801,997 | ---- | M] () -- C:\Users\Work (CSC)\Desktop\ListParts64.exe [2012/04/15 19:30:27 | 000,064,741 | ---- | M] () -- C:\Users\Work (CSC)\Desktop\HDD Issue.JPG [2012/04/12 21:37:21 | 000,018,422 | ---- | M] () -- C:\Users\Work (CSC)\Desktop\ESET clean.JPG [2012/04/12 19:47:34 | 000,029,010 | ---- | M] () -- C:\Users\Work (CSC)\Desktop\MWB Error.JPG [2012/04/12 19:31:22 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/04/12 18:57:05 | 000,001,139 | ---- | M] () -- C:\Users\Work (CSC)\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk [2012/04/09 19:55:35 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Work (CSC)\Desktop\OTL.exe [2012/04/08 12:29:17 | 000,000,253 | ---- | M] () -- C:\Users\Work (CSC)\Desktop\My eBay All selling.url [2012/04/08 08:10:25 | 000,000,207 | ---- | M] () -- C:\Users\Work (CSC)\Desktop\Malware Removal - HijackThis Logs - Malwarebytes Forum.url [2012/04/07 12:07:38 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Work (CSC)\Desktop\dds.scr [2012/04/06 17:30:29 | 000,001,547 | ---- | M] () -- C:\Users\Work (CSC)\Desktop\Windows Media Player.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/04/28 16:11:45 | 000,000,132 | ---- | C] () -- C:\Users\Work (CSC)\Desktop\look.bat [2012/04/28 12:04:20 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/04/26 17:11:25 | 000,001,923 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2012/04/23 16:50:38 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2012/04/23 08:52:09 | 000,001,661 | ---- | C] () -- C:\Users\Work (CSC)\Desktop\Computer Management.lnk (2).lnk [2012/04/21 10:40:13 | 000,067,473 | ---- | C] () -- C:\Users\Work (CSC)\Desktop\MSE error.JPG [2012/04/15 19:30:26 | 000,064,741 | ---- | C] () -- C:\Users\Work (CSC)\Desktop\HDD Issue.JPG [2012/04/15 16:51:23 | 000,801,997 | ---- | C] () -- C:\Users\Work (CSC)\Desktop\ListParts64.exe [2012/04/12 21:37:21 | 000,018,422 | ---- | C] () -- C:\Users\Work (CSC)\Desktop\ESET clean.JPG [2012/04/12 19:47:34 | 000,029,010 | ---- | C] () -- C:\Users\Work (CSC)\Desktop\MWB Error.JPG [2012/04/10 20:32:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/04/10 20:32:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/04/10 20:32:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/04/10 20:32:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/04/10 20:32:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/04/07 19:22:24 | 000,000,253 | ---- | C] () -- C:\Users\Work (CSC)\Desktop\My eBay All selling.url [2012/04/07 19:17:25 | 000,000,207 | ---- | C] () -- C:\Users\Work (CSC)\Desktop\Malware Removal - HijackThis Logs - Malwarebytes Forum.url [2012/04/06 17:30:29 | 000,001,547 | ---- | C] () -- C:\Users\Work (CSC)\Desktop\Windows Media Player.lnk [2012/04/06 13:45:54 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/03/10 09:54:02 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe [2011/09/01 20:36:37 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI [2011/08/19 09:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2011/08/19 09:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2011/08/19 09:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2011/07/04 18:23:30 | 000,000,000 | ---- | C] () -- C:\Users\Work (CSC)\AppData\Local\{3C5391E4-A717-44F8-8D2F-D2DD54F46BC9} [2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011/02/07 19:12:51 | 000,001,803 | ---- | C] () -- C:\Windows\SysWow64\WLAN.INI [2010/09/15 20:56:30 | 000,000,343 | ---- | C] () -- C:\Windows\lgfwup.ini < End of report > OTL Extras logfile created on: 09/04/2012 19:58:27 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Work (CSC)\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 4.00 Gb Total Physical Memory | 2.63 Gb Available Physical Memory | 65.73% Memory free 7.99 Gb Paging File | 6.53 Gb Available in Paging File | 81.69% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 39.99 Gb Total Space | 1.37 Gb Free Space | 3.41% Space Free | Partition Type: NTFS Drive D: | 97.66 Gb Total Space | 75.74 Gb Free Space | 77.55% Space Free | Partition Type: NTFS Drive E: | 600.00 Gb Total Space | 151.33 Gb Free Space | 25.22% Space Free | Partition Type: NTFS Drive H: | 931.51 Gb Total Space | 31.39 Gb Free Space | 3.37% Space Free | Partition Type: NTFS Drive N: | 1858.35 Gb Total Space | 1439.51 Gb Free Space | 77.46% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: STUDY-PC | User Name: Work (CSC) | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [ACDBrowse] -- "C:\Program Files (x86)\ACD Systems\ACDSee\5.0\ACDSee5.exe" "%1" (ACD Systems, Ltd.) Directory [browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [ACDBrowse] -- "C:\Program Files (x86)\ACD Systems\ACDSee\5.0\ACDSee5.exe" "%1" (ACD Systems, Ltd.) Directory [browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\IBM\Lotus\Notes\notes.exe" = C:\Program Files (x86)\IBM\Lotus\Notes\notes.exe:*:Enabled:Lotus Notes 8 -- (IBM Corp) "C:\Program Files (x86)\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.2.20100729-1241\win32\x86\notes2.exe" = C:\Program Files (x86)\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.2.20100729-1241\win32\x86\notes2.exe:*:Disabled:Lotus Notes -- (IBM) "C:\Program Files (x86)\IBM\Lotus\Notes\notes.exe" = C:\Program Files (x86)\IBM\Lotus\Notes\notes.exe:*:Enabled:Lotus Notes 8 -- (IBM Corp) "C:\Program Files (x86)\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.2.20100729-1241\win32\x86\notes2.exe" = C:\Program Files (x86)\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.2.20100729-1241\win32\x86\notes2.exe:*:Disabled:Lotus Notes -- (IBM) ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0B1AFCC6-491F-11DF-BD7A-00269E8DC781}" = G-Series_ASIO64 "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300" = Canon iP4300 "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{22ABA92B-6C1B-46D8-AC2B-C48EEAE172A9}" = VD64Inst "{34BD24DF-3B6F-8661-D4F0-0EBCACA2C834}" = ccc-utility64 "{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client "{4B0748C5-2E63-B954-8C3F-71918C599800}" = WMV9/VC-1 Video Playback "{4B55F339-396E-29A9-B6D0-24B6D251C90A}" = AMD Drag and Drop Transcoding "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5CE7E3F5-9803-4F32-AA89-2D8848A80109}" = Microsoft LifeCam "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6448F0A8-6813-11D6-A77B-00B0D0160070}" = Java SE Runtime Environment 6 Update 7 "{88DAAF05-5A72-46D2-A7C5-C3759697E943}" = SyncToy 2.1 (x64) "{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{CACBDC26-D504-49ED-3FEC-0CDDB3700240}" = ATI Catalyst Install Manager "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "EPSON PX720WD Series" = EPSON PX720WD Series Printer Uninstall "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials "Recuva" = Recuva "Shrew Soft VPN Client" = Shrew Soft VPN Client "TeraCopy_is1" = TeraCopy 2.12 "WinRAR archiver" = WinRAR archiver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02EE107B-8D95-4949-8935-4DEBE8F08BE3}" = Bing Bar Platform "{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager "{07C69B3A-62B3-41BF-82EE-B3A87BD6EA0C}" = Lotus Notes 8.5.2 "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar "{0924171D-EE1E-4241-9555-D37357195B8C}" = Excel Instance Launcher "{0ADC8BFD-540B-450D-BF61-919929D078C1}" = XEnrollPlusVistaMSI "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up "{13333239-0A15-4855-BEEB-0232DAA5B7EA}" = BlackBerry Desktop Software 5.0.1 "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager "{1DE1B0F3-5897-4C66-BA18-F8A9E95FAE5C}" = ccc-core-static "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java 6 Update 30 "{28FB7853-A6ED-4F67-8635-9F0E863FC0AD}" = WinFast Codec-TS SDK "{310C1558-F6B5-4889-98B0-7471966BA7F2}" = Epson Easy Photo Print 2 "{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11 "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed "{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode "{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go "{418EC9DD-25EE-4C3F-8827-B7AA9B26405B}" = WinFast Multimedia Driver Installation "{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{4D481F91-44BA-F0FE-CD07-8B3429A2A821}" = Catalyst Control Center Graphics Previews Common "{543A0462-62A8-59CA-8EA7-B2173DA96DAC}" = CCC Help English "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5809A31C-32FB-35CA-E1D2-0B898119E15F}" = Catalyst Control Center InstallProxy "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer "{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner "{672017AB-BD22-FEED-D058-BC761279EF3D}" = Catalyst Control Center InstallProxy "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack "{6F868980-FF49-011B-2C95-409F199B9C19}" = Catalyst Control Center Graphics Previews Vista "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart "{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights "{785615d0-b262-4354-9758-86e175a66133}" = Nero 9 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial "{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PRJSTD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PRJSTD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_PRJSTD_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_PRJSTD_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_PRJSTD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-003A-0000-0000-0000000FF1CE}" = Microsoft Office Project Standard 2007 "{90120000-003A-0000-0000-0000000FF1CE}_PRJSTD_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}" = Microsoft Office Project 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_PRJSTD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007 "{90120000-00B4-0409-0000-0000000FF1CE}_PRJSTD_{F3CD3F3F-726C-4414-A1FE-5CD0968313EA}" = Microsoft Office Project 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_PRJSTD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_PRJSTD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003 "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{9A0E0340-C3D7-42D1-96D4-64179FD456AE}" = WinFast De-interlace SDK "{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap "{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86) "{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0 "{AE1C5284-571C-41E9-AE8C-77F8B21B2251}" = IBM Lotus Sametime Advanced Embedded 8.5.1 "{AF9848E2-5F19-4E49-9E6E-044FBDC28404}" = WinFast TT-SB SDK "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync "{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles "{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) "{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS Ver.2.07 "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation "{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit "{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint "{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax "{C92C584E-C781-475E-A8E2-C67D993A6B95}" = WinFast PVR2 "{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3 "{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM "{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD "{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime "{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink Wireless LAN "{EED5156C-4BA8-4105-A506-DB9D00F8B68D}" = ACDSee for PENTAX "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU "ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint "ActiveTouchMeetingClient" = WebEx "Adobe SVG Viewer" = Adobe SVG Viewer 3.0 "ASIO4ALL" = ASIO4ALL "AVS Screen Capture_is1" = AVS Screen Capture version 2.0.1 "AVS Update Manager_is1" = AVS Update Manager 1.0 "AVS Video Editor_is1" = AVS Video Editor 5 "AVS Video Recorder_is1" = AVS Video Recorder 2.4 "AVS Video ReMaker_is1" = AVS Video ReMaker 3.1.2.102 "AVS YouTube Uploader 2.1_is1" = AVS YouTube Uploader version 2.1 "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4 "AVS4YOU Video Converter 7_is1" = AVS Video Converter 7 "BlackBerry_{13333239-0A15-4855-BEEB-0232DAA5B7EA}" = BlackBerry Desktop Software 5.0.1 "Cisco Connect" = Cisco Connect "CleanUp!" = CleanUp! "DivX Setup.divx.com" = DivX Setup "DVD Decrypter" = DVD Decrypter (Remove Only) "DVD Shrink_is1" = DVD Shrink 3.2 "eLearn 1.2.1_is1" = eLearn CDROM 1.0 "EPSON PX720WD Series Manual" = EPSON PX720WD Series Manual "EPSON PX720WD Series Network Guide" = EPSON PX720WD Series Network Guide "EPSON Scanner" = EPSON Scan "FastStone Image Viewer" = FastStone Image Viewer 4.2 "FileZilla Client" = FileZilla Client 3.3.1 "FinePix Genie_is1" = FUJIFILM MyFinePix Studio 1.0 "GIF Animator" = Microsoft GIF Animator "Google Chrome" = Google Chrome "GrabIt_is1" = GrabIt 1.7.2 Beta 6 (build 1008) "ImgBurn" = ImgBurn "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint "IsoBuster_is1" = IsoBuster 2.8 "Kobeman_is1" = Alleycode HTML Editor 2.2.1 "KRISTAL Audio Engine" = KRISTAL Audio Engine "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000 "MediaNavigation.CDLabelPrint" = CD-LabelPrint "MWSnap 3" = MWSnap 3 "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "PRJSTD" = Microsoft Office Project Standard 2007 "QuickPar" = QuickPar 0.9 "R-Studio 5.3NSIS" = R-Studio 5.3 "TrueCrypt" = TrueCrypt "UN070618" = BUFFALO TurboUSB for FLASH/HDD "WinLiveSuite" = Windows Live Essentials "WinZip" = WinZip "WZCLINE" = WinZip Command Line Support Add-On 1.1 SR-1 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 09/04/2012 06:29:56 | Computer Name = Study-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error - 09/04/2012 06:29:56 | Computer Name = Study-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error - 09/04/2012 08:02:16 | Computer Name = Study-PC | Source = SideBySide | ID = 16842824 Description = Activation context generation failed for "c:\program files\microsoft security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft security client\MSESysprep.dll" on line 10. The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows. Error - 09/04/2012 08:02:35 | Computer Name = Study-PC | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 09/04/2012 08:09:19 | Computer Name = Study-PC | Source = Application Error | ID = 1000 Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4 Faulting module name: mshtml.dll, version: 8.0.7601.17744, time stamp: 0x4eeb0360 Exception code: 0xc0000005 Fault offset: 0x000000000003233a Faulting process id: 0xe28 Faulting application start time: 0x01cd16373d2e6bc0 Faulting application path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\System32\mshtml.dll Report Id: d55a5f11-823c-11e1-b384-00241dd54205 Error - 09/04/2012 10:49:55 | Computer Name = Study-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error - 09/04/2012 10:49:55 | Computer Name = Study-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error - 09/04/2012 14:49:40 | Computer Name = Study-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error - 09/04/2012 14:49:40 | Computer Name = Study-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error - 09/04/2012 14:57:53 | Computer Name = Study-PC | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. [ OSession Events ] Error - 22/06/2010 14:51:10 | Computer Name = Study-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. Error - 04/07/2010 16:00:19 | Computer Name = Study-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7 seconds with 0 seconds of active time. This session ended with a crash. Error - 21/09/2010 05:11:17 | Computer Name = Study-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash. Error - 08/11/2010 13:10:30 | Computer Name = Study-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. Error - 08/11/2010 14:43:36 | Computer Name = Study-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5562 seconds with 0 seconds of active time. This session ended with a crash. Error - 14/01/2011 13:21:20 | Computer Name = Study-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 09/04/2012 14:59:52 | Computer Name = Study-PC | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. Error - 09/04/2012 14:59:52 | Computer Name = Study-PC | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. Error - 09/04/2012 14:59:52 | Computer Name = Study-PC | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. Error - 09/04/2012 14:59:52 | Computer Name = Study-PC | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. Error - 09/04/2012 14:59:52 | Computer Name = Study-PC | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. Error - 09/04/2012 14:59:52 | Computer Name = Study-PC | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. Error - 09/04/2012 14:59:52 | Computer Name = Study-PC | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. Error - 09/04/2012 14:59:52 | Computer Name = Study-PC | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. Error - 09/04/2012 14:59:52 | Computer Name = Study-PC | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. Error - 09/04/2012 14:59:52 | Computer Name = Study-PC | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. < End of report >