tomtatsfield

Help: Hoping for help with the following. Assisting with my granddaughters window 7 computer make Samsung model R530, this landed in my lap with inability to connect by wireless, previously prior to a large download it was possible to connect. I have downloaded Malwarebytes and SuperantiSpyware running both in trial versions, each came up with multiple possible infections which have now been quarantined. Also while carrying out these tests have discovered while connect by cable that spurious search engines appear, one in particular being istartsurf, this in spite of having changed the default to google. hope this helps? Not sure where to go now and looking for expert advice. Is there anyone out there that could assist me? Many thanks in anticipation. tjay Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by Coz (administrator) on COZ-PC on 12-03-2015 17:34:06 Running from C:\Users\Coz\Desktop Loaded Profiles: Coz (Available profiles: Coz) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe (YTDownloader) C:\Program Files (x86)\YTDownloader\YTDownloader.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [2703752 2010-03-25] (ELAN Microelectronics Corp.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation) HKLM-x32\...\Run: [uCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4085896 2014-08-04] (AVAST Software) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.) HKLM-x32\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1988528 2015-02-27] (YTDownloader) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1092720162-2847117269-3509739149-1001\...\Run: [sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [466144 2014-11-27] (Sony) HKU\S-1-5-21-1092720162-2847117269-3509739149-1001\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1988528 2015-02-27] (YTDownloader) HKU\S-1-5-21-1092720162-2847117269-3509739149-1001\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-03-07] (SUPERAntiSpyware) HKU\S-1-5-21-1092720162-2847117269-3509739149-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-1092720162-2847117269-3509739149-1001\...\MountPoints2: F - F:\AutoRun.exe HKU\S-1-5-21-1092720162-2847117269-3509739149-1001\...\MountPoints2: H - H:\SecureDataUSBDrive.exe HKU\S-1-5-21-1092720162-2847117269-3509739149-1001\...\MountPoints2: {295e37ce-f57d-11e3-b129-8e9ffa16c2d4} - F:\Startme.exe HKU\S-1-5-21-1092720162-2847117269-3509739149-1001\...\MountPoints2: {3d07ddb7-1263-11e3-91c4-e8113205adbb} - F:\AutoRun.exe HKU\S-1-5-21-1092720162-2847117269-3509739149-1001\...\MountPoints2: {3d07debf-1263-11e3-91c4-e8113205adbb} - F:\AutoRun.exe HKU\S-1-5-21-1092720162-2847117269-3509739149-1001\...\MountPoints2: {48e6522d-3bf5-11e3-ae14-582c80139263} - H:\SecureDataUSBDrive.exe HKU\S-1-5-21-1092720162-2847117269-3509739149-1001\...\MountPoints2: {f291b26a-c1d9-11e2-8a8a-e8113205adbb} - F:\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.9B05 PID_0083 HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-12-16] (Microsoft Corporation) AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL => C:\PROGRA~3\Wincert\WIN64C~1.DLL File Not Found AppInit_DLLs: C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll => C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll File Not Found IFEO\bitguard.exe: [Debugger] tasklist.exe IFEO\bprotect.exe: [Debugger] tasklist.exe IFEO\browserdefender.exe: [Debugger] tasklist.exe IFEO\browserprotect.exe: [Debugger] tasklist.exe ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\S-1-5-21-1092720162-2847117269-3509739149-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com HKU\S-1-5-21-1092720162-2847117269-3509739149-1001\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://search.conduit.com?SearchSource=10&ctid=CT2269050&SSPV=IEOB15 HKU\S-1-5-21-1092720162-2847117269-3509739149-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-GB&Src=MSE&Tid=0003295F&OHP=http%3A%2F%2Fwww.bing.com&OSP=http%3A%2F%2Ffeed.snapdo.com%2F%3Fpublisher%3DSnapdoOCYB%26dpid%3DSnapdoOCYBTU%26co%3DGB%26userid%3D0e5cfea5%2D092b%2Db715%2D6287%2Dc3c5651f6621%26searchtype%3Dds%26q%3D%7BsearchTerms%7D%26installDate%3D30%2F11%2F2013 SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-1092720162-2847117269-3509739149-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-1092720162-2847117269-3509739149-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1092720162-2847117269-3509739149-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-1092720162-2847117269-3509739149-1001 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=install_ie&utm_content=ds&from=tugs&uid=HitachiXHTS545050B9A300_101129PBN403M7CUG7REX&ts=1425157488&type=default&q={searchTerms} BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll [2014-08-04] (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File BHO-x32: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2014-08-04] (AVAST Software) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation) Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKU\S-1-5-21-1092720162-2847117269-3509739149-1001 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File Toolbar: HKU\S-1-5-21-1092720162-2847117269-3509739149-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-1092720162-2847117269-3509739149-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKU\S-1-5-21-1092720162-2847117269-3509739149-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File DPF: HKLM-x32 {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110804110550 DPF: HKLM-x32 {09910C34-59D2-4ED7-BFC3-59295B51918D} http://rsup.net/cab/rsupcomn.cab DPF: HKLM-x32 {7ECB1A47-6647-4B2C-A8DA-675569C9FF15} http://www.homeswapper.co.uk/HemsnewWeb/WebResource.axd?d=Odn_4CebggbzwRHI8vG440qeeIrN_Ouv3jw-Raeb3drQdA146burutxv6_7nvzObnWgSSsqe0StvhcrkLYTtigkwZghbGVg6dG-BCmv0WMTRD27fUW2lXgaRUAmCzgQYnhVObo9YHHTrkA3Oih3oG-L9_-ns4hCuskfE8IoryjqKTOUT0&t=634903190680000000 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-11] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-11] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-06-06] (Google, Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1092720162-2847117269-3509739149-1001: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2014-03-24] (Sony Network Entertainment International LLC) FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013-12-03] Chrome: ======= CHR HomePage: Default -> hxxp://www.istartsurf.com/?type=hppp&ts=1425157421&from=tugs&uid=HitachiXHTS545050B9A300_101129PBN403M7CUG7REX CHR StartupUrls: Default -> "hxxp://www.istartsurf.com/?type=hppp&ts=1425157421&from=tugs&uid=HitachiXHTS545050B9A300_101129PBN403M7CUG7REX" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\Coz\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\Coz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-30] CHR Extension: (YouTube) - C:\Users\Coz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-30] CHR Extension: (Google Search) - C:\Users\Coz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-30] CHR Extension: (UK TV Online) - C:\Users\Coz\AppData\Local\Google\Chrome\User Data\Default\Extensions\egbckljaejiomnicmghbdbogcebgniie [2013-12-03] CHR Extension: (Trovi) - C:\Users\Coz\AppData\Local\Google\Chrome\User Data\Default\Extensions\eoebpnlgabbbiamepfckhfodkghfgkgh [2015-02-28] CHR Extension: (Full Screen Weather) - C:\Users\Coz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2013-12-03] CHR Extension: (Planetarium) - C:\Users\Coz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp [2013-12-03] CHR Extension: (Avast Online Security) - C:\Users\Coz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-12-03] CHR Extension: (Little Alchemy) - C:\Users\Coz\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2013-12-03] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Coz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12] CHR Extension: (Google Wallet) - C:\Users\Coz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-30] CHR Extension: (Gmail) - C:\Users\Coz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-30] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-08-04] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2015-03-07] (SUPERAntiSpyware.com) R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-08-04] (AVAST Software) R2 HPSLPSVC; C:\Users\Coz\AppData\Local\Temp\7zS4C0A\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed] R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580232 2013-04-25] (WiseCleaner.com) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-04] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-04] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-04] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-04] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-21] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-04] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-04] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-04] () S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc) R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [24840 2009-08-26] (IVT Corporation.) S3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [34440 2009-08-26] () S3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [30344 2009-08-26] (IVT Corporation.) S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [18456 2011-08-15] (HandSet Incorporated) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-12] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation) S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd) S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2010-12-17] (Windows ® 2003 DDK 3790 provider) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R2 sbmntr; C:\Program Files (x86)\YTDownloader\sbmntr.sys [58520 2015-02-27] (YTDownloader) S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [129432 2011-08-15] (ZTE Incorporated) S3 athr; system32\DRIVERS\athrx.sys [X] S3 BT; system32\DRIVERS\btnetdrv.sys [X] S3 Btcsrusb; System32\Drivers\btcusb.sys [X] S1 ggqxjnxy; \??\C:\Windows\system32\drivers\ggqxjnxy.sys [X] S1 gwjnqvdo; \??\C:\Windows\system32\drivers\gwjnqvdo.sys [X] S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X] S3 VComm; system32\DRIVERS\VComm.sys [X] S3 VcommMgr; System32\Drivers\VcommMgr.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-12 17:34 - 2015-03-12 17:34 - 00022757 _____ () C:\Users\Coz\Desktop\FRST.txt 2015-03-12 17:33 - 2015-03-12 17:34 - 00000000 ____D () C:\FRST 2015-03-12 17:31 - 2015-03-12 17:32 - 00001897 _____ () C:\Users\Coz\Desktop\FSS.txt 2015-03-12 17:24 - 2015-03-12 17:24 - 00415232 _____ (Farbar) C:\Users\Coz\Desktop\FSS.exe 2015-03-12 17:22 - 2015-03-12 17:22 - 02095616 _____ (Farbar) C:\Users\Coz\Desktop\FRST64.exe 2015-03-12 12:11 - 2015-03-12 12:11 - 00650240 _____ () C:\Users\Coz\Downloads\MicrosoftFixit50203.msi 2015-03-11 16:29 - 2015-02-20 04:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-03-11 16:29 - 2015-02-20 04:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-03-11 16:29 - 2015-02-20 04:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-03-11 16:29 - 2015-02-20 04:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-03-11 16:29 - 2015-02-20 04:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2015-03-11 16:29 - 2015-02-20 04:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-03-11 16:29 - 2015-02-20 04:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2015-03-11 16:29 - 2015-02-20 04:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2015-03-11 16:29 - 2015-02-20 03:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-03-11 16:29 - 2015-02-20 03:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-03-11 16:28 - 2015-02-24 03:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-03-11 16:28 - 2015-02-24 02:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-03-11 16:28 - 2015-02-21 01:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-03-11 16:28 - 2015-02-21 00:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-03-11 16:28 - 2015-02-21 00:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-03-11 16:28 - 2015-02-21 00:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-03-11 16:28 - 2015-02-21 00:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-03-11 16:28 - 2015-02-20 23:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-03-11 16:28 - 2015-02-20 23:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-03-11 16:28 - 2015-02-20 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-03-11 16:28 - 2015-02-20 03:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-03-11 16:28 - 2015-02-20 02:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-03-11 16:28 - 2015-02-20 02:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-03-11 16:28 - 2015-02-20 02:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-03-11 16:28 - 2015-02-20 02:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-03-11 16:28 - 2015-02-20 02:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-03-11 16:28 - 2015-02-20 02:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-03-11 16:28 - 2015-02-20 02:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-03-11 16:28 - 2015-02-20 02:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-03-11 16:28 - 2015-02-20 02:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-03-11 16:28 - 2015-02-20 02:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-03-11 16:28 - 2015-02-20 02:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-03-11 16:28 - 2015-02-20 02:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-03-11 16:28 - 2015-02-20 02:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-03-11 16:28 - 2015-02-20 02:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-03-11 16:28 - 2015-02-20 02:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-03-11 16:28 - 2015-02-20 02:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-03-11 16:28 - 2015-02-20 02:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-03-11 16:28 - 2015-02-20 02:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-03-11 16:28 - 2015-02-20 02:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-03-11 16:28 - 2015-02-20 02:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-03-11 16:28 - 2015-02-20 02:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-03-11 16:28 - 2015-02-20 02:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-03-11 16:28 - 2015-02-20 02:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-03-11 16:28 - 2015-02-20 02:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-03-11 16:28 - 2015-02-20 02:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-03-11 16:28 - 2015-02-20 01:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-03-11 16:28 - 2015-02-20 01:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-03-11 16:28 - 2015-02-20 01:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-03-11 16:28 - 2015-02-20 01:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-03-11 16:28 - 2015-02-20 01:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-03-11 16:28 - 2015-02-20 01:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-03-11 16:28 - 2015-02-20 01:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-03-11 16:28 - 2015-02-20 01:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-03-11 16:28 - 2015-02-20 01:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-03-11 16:28 - 2015-02-20 01:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-03-11 16:28 - 2015-02-20 01:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-03-11 16:28 - 2015-02-20 01:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-03-11 16:28 - 2015-02-20 01:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-03-11 16:28 - 2015-02-20 01:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-03-11 16:28 - 2015-02-20 01:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-03-11 16:28 - 2015-02-20 01:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-03-11 16:28 - 2015-02-20 01:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-03-11 16:28 - 2015-02-20 01:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-03-11 16:28 - 2015-02-20 00:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-03-11 16:28 - 2015-02-20 00:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-03-11 16:24 - 2015-02-03 03:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-03-11 16:24 - 2015-02-03 03:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2015-03-11 16:24 - 2015-02-03 03:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-03-11 16:24 - 2015-02-03 03:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2015-03-11 16:24 - 2015-02-03 03:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2015-03-11 16:24 - 2015-02-03 03:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2015-03-11 16:24 - 2015-02-03 03:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2015-03-11 16:24 - 2015-02-03 03:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-03-11 16:24 - 2015-02-03 03:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll 2015-03-11 16:24 - 2015-02-03 03:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll 2015-03-11 16:24 - 2015-02-03 03:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll 2015-03-11 16:23 - 2015-02-03 03:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-03-11 16:23 - 2015-02-03 03:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-03-11 16:23 - 2015-02-03 03:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2015-03-11 16:23 - 2015-02-03 03:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2015-03-11 16:23 - 2015-02-03 03:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2015-03-11 16:23 - 2015-02-03 03:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2015-03-11 16:23 - 2015-02-03 03:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2015-03-11 16:23 - 2015-02-03 03:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-03-11 16:23 - 2015-02-03 03:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2015-03-11 16:23 - 2015-02-03 03:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2015-03-11 16:23 - 2015-02-03 03:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2015-03-11 16:23 - 2015-02-03 03:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2015-03-11 16:23 - 2015-02-03 03:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2015-03-11 16:23 - 2015-02-03 03:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-03-11 16:23 - 2015-02-03 03:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-03-11 16:23 - 2015-02-03 03:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2015-03-11 16:23 - 2015-02-03 03:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2015-03-11 16:23 - 2015-02-03 03:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2015-03-11 16:23 - 2015-02-03 03:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll 2015-03-11 16:23 - 2015-02-03 03:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2015-03-11 16:23 - 2015-02-03 03:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll 2015-03-11 16:23 - 2015-02-03 03:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2015-03-11 16:23 - 2015-02-03 03:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll 2015-03-11 16:23 - 2014-10-31 22:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-03-11 16:23 - 2014-06-28 00:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2015-03-11 16:22 - 2015-02-03 03:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-03-11 16:22 - 2015-02-03 03:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-03-11 16:22 - 2015-02-03 03:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2015-03-11 16:22 - 2015-02-03 03:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2015-03-11 16:22 - 2015-02-03 03:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2015-03-11 16:22 - 2015-02-03 03:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-03-11 16:22 - 2015-02-03 03:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2015-03-11 16:22 - 2015-02-03 03:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-03-11 16:22 - 2015-02-03 03:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-03-11 16:22 - 2015-02-03 03:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll 2015-03-11 16:22 - 2015-02-03 03:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-03-11 16:22 - 2015-02-03 03:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2015-03-11 16:22 - 2015-02-03 03:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2015-03-11 16:22 - 2015-02-03 03:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2015-03-11 16:22 - 2015-02-03 03:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-03-11 16:22 - 2015-02-03 03:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2015-03-11 16:22 - 2015-02-03 03:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-03-11 16:22 - 2015-02-03 03:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2015-03-11 16:22 - 2015-02-03 03:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2015-03-11 16:22 - 2015-02-03 03:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2015-03-11 16:22 - 2015-02-03 03:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-03-11 16:22 - 2015-02-03 03:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2015-03-11 16:22 - 2015-02-03 03:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2015-03-11 16:22 - 2015-02-03 03:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-03-11 16:22 - 2015-02-03 03:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-03-11 16:22 - 2015-02-03 03:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2015-03-11 16:22 - 2015-02-03 03:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-03-11 16:22 - 2015-02-03 03:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-03-11 16:22 - 2015-02-03 03:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2015-03-11 16:22 - 2015-02-03 03:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-03-11 16:22 - 2015-02-03 03:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe 2015-03-11 16:22 - 2015-02-03 03:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe 2015-03-11 16:22 - 2015-02-03 03:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll 2015-03-11 16:22 - 2015-02-03 03:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-03-11 16:22 - 2015-02-03 03:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2015-03-11 16:22 - 2015-02-03 03:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll 2015-03-11 16:22 - 2015-02-03 03:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2015-03-11 16:22 - 2015-02-03 03:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2015-03-11 16:22 - 2015-02-03 03:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll 2015-03-11 16:22 - 2015-02-03 03:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2015-03-11 16:22 - 2015-02-03 03:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2015-03-11 16:22 - 2015-02-03 03:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2015-03-11 16:22 - 2015-02-03 03:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2015-03-11 16:22 - 2015-02-03 03:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2015-03-11 16:22 - 2015-02-03 03:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2015-03-11 16:22 - 2015-02-03 03:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-03-11 16:22 - 2015-02-03 03:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2015-03-11 16:22 - 2015-02-03 03:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2015-03-11 16:22 - 2015-02-03 03:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2015-03-11 16:22 - 2015-02-03 03:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2015-03-11 16:22 - 2015-02-03 03:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2015-03-11 16:22 - 2015-02-03 03:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-03-11 16:22 - 2015-02-03 02:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-03-11 16:22 - 2014-06-28 00:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2015-03-11 16:21 - 2015-02-03 03:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2015-03-11 16:21 - 2015-02-03 03:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2015-03-11 16:21 - 2015-02-03 03:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2015-03-11 16:21 - 2015-02-03 03:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2015-03-11 16:18 - 2015-02-13 05:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-03-11 16:18 - 2015-02-13 05:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-03-11 16:18 - 2015-01-17 02:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-03-11 16:18 - 2015-01-17 02:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2015-03-11 16:17 - 2015-03-06 05:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-03-11 16:17 - 2015-03-06 05:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-03-11 16:17 - 2015-03-06 05:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-03-11 16:17 - 2015-03-06 05:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-03-11 16:17 - 2015-03-06 05:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-03-11 16:17 - 2015-03-06 05:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-03-11 16:17 - 2015-03-06 05:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-03-11 16:17 - 2015-03-06 05:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-03-11 16:17 - 2015-03-06 05:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-03-11 16:17 - 2015-03-06 05:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-03-11 16:17 - 2015-03-06 05:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-03-11 16:17 - 2015-03-06 05:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-03-11 16:17 - 2015-03-06 05:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-03-11 16:17 - 2015-03-06 05:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-03-11 16:17 - 2015-03-06 05:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-03-11 16:17 - 2015-03-06 05:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-03-11 16:17 - 2015-03-06 05:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-03-11 16:17 - 2015-03-06 05:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-03-11 16:17 - 2015-03-06 05:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-03-11 16:17 - 2015-03-06 05:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-03-11 16:17 - 2015-03-06 05:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-03-11 16:17 - 2015-03-06 05:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-03-11 16:17 - 2015-03-06 05:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-03-11 16:17 - 2015-03-06 05:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-03-11 16:17 - 2015-03-06 05:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-03-11 16:17 - 2015-03-06 05:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-03-11 16:17 - 2015-03-06 05:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-03-11 16:17 - 2015-03-06 05:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-03-11 16:17 - 2015-03-06 05:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-03-11 16:17 - 2015-03-06 05:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-03-11 16:17 - 2015-03-06 05:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-03-11 16:17 - 2015-01-30 23:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-03-11 16:16 - 2015-02-26 03:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-03-11 16:16 - 2015-02-03 03:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll 2015-03-11 16:16 - 2015-02-03 03:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll 2015-03-11 12:39 - 2015-02-04 03:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2015-03-11 12:39 - 2015-02-04 02:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2015-03-11 12:38 - 2015-03-11 12:38 - 00000756 _____ () C:\Users\Public\Desktop\Speccy.lnk 2015-03-11 12:38 - 2015-03-11 12:38 - 00000000 ____D () C:\Program Files\Speccy 2015-03-11 12:36 - 2015-03-11 12:37 - 05135288 _____ (Piriform Ltd) C:\Users\Coz\Downloads\spsetup128.exe 2015-03-11 12:25 - 2015-03-11 12:25 - 00000000 __SHD () C:\Users\Coz\AppData\Local\EmieUserList 2015-03-11 12:25 - 2015-03-11 12:25 - 00000000 __SHD () C:\Users\Coz\AppData\Local\EmieSiteList 2015-03-11 12:25 - 2015-03-11 12:25 - 00000000 __SHD () C:\Users\Coz\AppData\Local\EmieBrowserModeList 2015-03-07 16:10 - 2015-03-12 16:52 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-07 16:10 - 2015-03-07 16:10 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-03-07 16:10 - 2015-03-07 16:10 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-03-07 16:10 - 2015-03-07 16:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-03-07 16:10 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-07 16:10 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-03-07 16:10 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-07 16:07 - 2015-03-07 16:09 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Coz\Downloads\mbam-setup-2.0.4.1028.exe 2015-03-07 14:15 - 2015-03-07 14:15 - 00000000 ____D () C:\ProgramData\Browser 2015-03-07 11:30 - 2015-03-07 14:37 - 00000000 ____D () C:\SUPERDelete 2015-03-07 11:15 - 2015-03-12 11:15 - 00000506 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 0f31d655-c2c4-49d2-ad71-577476303399.job 2015-03-07 11:15 - 2015-03-07 11:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2015-03-07 11:15 - 2015-03-07 11:21 - 00000506 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 89d27b2e-41e6-46a6-a5c5-a4f82d1ba91d.job 2015-03-07 11:15 - 2015-03-07 11:15 - 00003572 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 89d27b2e-41e6-46a6-a5c5-a4f82d1ba91d 2015-03-07 11:15 - 2015-03-07 11:15 - 00003498 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 0f31d655-c2c4-49d2-ad71-577476303399 2015-03-07 11:15 - 2015-03-07 11:15 - 00001768 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk 2015-03-07 11:15 - 2015-03-07 11:15 - 00000000 ____D () C:\Users\Coz\AppData\Roaming\SUPERAntiSpyware.com 2015-03-07 11:14 - 2015-03-07 11:39 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware 2015-03-07 11:14 - 2015-03-07 11:14 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com 2015-02-28 21:15 - 2015-02-28 21:15 - 00000000 ____D () C:\ProgramData\Uniblue 2015-02-28 21:08 - 2015-02-28 21:10 - 00000000 ____D () C:\Users\Coz\AppData\Local\BrowserHelper 2015-02-28 21:08 - 2015-02-28 21:08 - 00003714 _____ () C:\Windows\System32\Tasks\SMupdate1 2015-02-28 21:08 - 2015-02-28 21:08 - 00003574 _____ () C:\Windows\System32\Tasks\YTDownloader 2015-02-28 21:08 - 2015-02-28 21:08 - 00001953 _____ () C:\Users\Coz\Desktop\YTDownloader.lnk 2015-02-28 21:08 - 2015-02-28 21:08 - 00000000 ____D () C:\Users\Coz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader 2015-02-28 21:07 - 2015-03-07 11:39 - 00000000 ____D () C:\Program Files (x86)\YTDownloader 2015-02-28 21:05 - 2015-03-06 23:26 - 00000000 ____D () C:\Program Files (x86)\ShopperPro 2015-02-28 21:05 - 2015-02-28 21:05 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro 2015-02-28 21:04 - 2015-02-28 21:04 - 00003188 _____ () C:\Windows\System32\Tasks\ProPCCleaner_Start 2015-02-28 21:04 - 2015-02-28 21:04 - 00000000 ____D () C:\Users\Coz\AppData\Local\CrashRpt 2015-02-28 21:03 - 2015-03-07 17:05 - 00000000 ____D () C:\ProgramData\HKNqyOC 2015-02-28 21:02 - 2015-02-28 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip 2015-02-28 20:34 - 2015-02-28 20:35 - 21361976 _____ (Perion Network Ltd. ) C:\Users\Coz\Downloads\SweetPlayer.exe 2015-02-28 20:33 - 2015-01-08 23:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls 2015-02-28 20:33 - 2015-01-08 23:43 - 00419936 _____ () C:\Windows\system32\locale.nls 2015-02-28 20:30 - 2015-02-28 20:30 - 04713426 _____ (www.SWFmax.com) C:\Users\Coz\Downloads\Unconfirmed 384519.crdownload 2015-02-28 20:29 - 2015-02-28 20:29 - 04713426 _____ (www.SWFmax.com) C:\Users\Coz\Downloads\Unconfirmed 498767.crdownload 2015-02-26 09:38 - 2015-01-09 03:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll 2015-02-26 09:38 - 2015-01-09 03:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll 2015-02-26 09:38 - 2015-01-09 03:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll 2015-02-26 09:38 - 2015-01-09 02:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll 2015-02-17 16:04 - 2015-02-17 16:04 - 01202848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL 2015-02-12 23:05 - 2015-02-28 20:26 - 00000000 ___RD () C:\Users\Coz\Dropbox 2015-02-12 23:03 - 2015-02-28 21:19 - 00000000 ____D () C:\Users\Coz\AppData\Roaming\Dropbox 2015-02-12 23:03 - 2015-02-12 23:03 - 00355464 _____ (Dropbox, Inc.) C:\Users\Coz\Downloads\DropboxInstaller.exe 2015-02-11 20:17 - 2015-02-04 03:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-02-11 20:17 - 2015-02-04 03:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-02-11 20:17 - 2015-02-04 03:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-02-11 20:17 - 2015-02-04 03:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-02-11 20:17 - 2015-02-04 03:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-02-11 20:17 - 2015-02-04 03:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-02-11 20:17 - 2015-02-04 03:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-02-11 20:17 - 2015-01-27 23:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2015-02-11 20:15 - 2014-12-08 03:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll 2015-02-11 20:15 - 2014-12-08 02:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll 2015-02-11 20:15 - 2014-11-26 03:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2015-02-11 20:15 - 2014-11-26 03:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2015-02-11 20:15 - 2014-10-04 02:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2015-02-11 20:15 - 2014-10-04 01:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2015-02-11 20:15 - 2014-10-04 01:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-12 17:33 - 2010-08-09 06:16 - 02047553 _____ () C:\Windows\WindowsUpdate.log 2015-03-12 17:23 - 2013-10-30 18:02 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-12 17:14 - 2013-10-13 00:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-03-12 16:56 - 2009-07-14 04:45 - 00020032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-12 16:56 - 2009-07-14 04:45 - 00020032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-12 16:13 - 2013-10-30 18:02 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-12 16:13 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-12 16:12 - 2013-11-30 14:06 - 00440394 _____ () C:\Windows\PFRO.log 2015-03-12 16:12 - 2013-11-25 19:02 - 00014275 _____ () C:\Windows\setupact.log 2015-03-12 12:36 - 2013-05-25 18:34 - 00000000 ____D () C:\Users\Coz\.gimp-2.8 2015-03-12 11:56 - 2013-12-03 15:23 - 00004184 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2015-03-12 11:54 - 2013-10-30 21:12 - 00000000 ____D () C:\Windows\Minidump 2015-03-12 11:36 - 2013-10-30 18:03 - 00002401 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-03-12 10:23 - 2009-07-14 05:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2015-03-12 10:21 - 2009-07-14 04:45 - 00409520 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-12 10:18 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2015-03-12 10:18 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\Dism 2015-03-11 19:50 - 2011-06-25 19:36 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-03-11 19:43 - 2013-09-26 15:09 - 00000000 ____D () C:\Windows\system32\MRT 2015-03-11 19:37 - 2011-05-18 16:27 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-03-11 12:13 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-03-07 17:05 - 2013-10-07 14:58 - 00000000 ____D () C:\ProgramData\BitGuard 2015-03-07 17:05 - 2011-06-03 08:39 - 00000000 ____D () C:\Program Files (x86)\MyWebSearch 2015-03-07 17:04 - 2013-11-30 13:35 - 00000000 ____D () C:\Program Files (x86)\Movies Toolbar 2015-03-07 17:04 - 2013-11-30 13:34 - 00000000 ____D () C:\Program Files (x86)\Free Video Converter 2015-03-07 14:27 - 2013-12-02 15:15 - 00000000 ____D () C:\Users\Coz\AppData\Roaming\DRPSu 2015-03-07 14:14 - 2013-11-30 20:53 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-03-07 11:27 - 2009-07-14 05:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-07 11:16 - 2014-06-17 17:42 - 00300260 _____ () C:\Windows\DPINST.LOG 2015-03-07 11:15 - 2014-06-17 17:41 - 00002026 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk 2015-03-07 11:15 - 2014-06-17 17:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony 2015-03-07 11:15 - 2010-08-09 06:12 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-03-06 20:21 - 2013-10-23 17:46 - 00001937 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2015-03-03 13:17 - 2011-05-17 09:41 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-02-28 21:18 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\zh-HK 2015-02-28 21:18 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\tr-TR 2015-02-28 21:18 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\th-TH 2015-02-28 21:18 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\sl-SI 2015-02-28 21:18 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\sk-SK 2015-02-28 21:18 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\ro-RO 2015-02-28 21:18 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\lv-LV 2015-02-28 21:18 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\lt-LT 2015-02-28 21:18 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\hr-HR 2015-02-28 21:18 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\he-IL 2015-02-28 21:18 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\et-EE 2015-02-28 21:18 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\bg-BG 2015-02-28 21:18 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\ar-SA 2015-02-28 21:11 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\tracing 2015-02-28 21:08 - 2009-07-14 03:20 - 00000000 ____D () C:\Program Files\Common Files\System 2015-02-28 21:03 - 2011-05-17 09:23 - 00001607 _____ () C:\Users\Coz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-02-28 20:37 - 2011-05-17 09:22 - 00000000 ____D () C:\Users\Coz\AppData\Local\VirtualStore 2015-02-18 20:03 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache 2015-02-14 17:25 - 2015-01-08 12:46 - 00000000 ____D () C:\Users\Coz\Documents\ANN SUMMERS 2015-02-13 03:31 - 2014-12-11 17:28 - 00000000 ____D () C:\Windows\system32\appraiser 2015-02-13 03:31 - 2014-07-14 09:35 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-02-13 03:15 - 2013-11-18 14:25 - 00000000 ____D () C:\ProgramData\Package Cache 2015-02-13 03:10 - 2013-11-30 21:01 - 00002077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2015-02-13 03:10 - 2013-11-30 21:01 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2015-02-13 03:10 - 2011-05-17 09:34 - 00001945 _____ () C:\Windows\epplauncher.mif 2015-02-13 03:09 - 2014-01-14 10:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client 2015-02-13 00:47 - 2009-07-14 05:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-02-12 23:08 - 2009-07-14 05:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2015-02-12 23:05 - 2011-05-17 09:08 - 00000000 ____D () C:\Users\Coz 2015-02-11 20:14 - 2013-10-13 00:20 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-02-11 20:14 - 2013-10-13 00:20 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-02-11 20:14 - 2011-10-16 18:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl ==================== Files in the root of some directories ======= 2012-07-03 17:32 - 2012-07-04 20:36 - 0000154 _____ () C:\Users\Coz\AppData\Roaming\Rim.Desktop.Exception.log 2012-07-03 17:31 - 2013-02-07 20:34 - 0001669 _____ () C:\Users\Coz\AppData\Roaming\Rim.Desktop.HttpServerSetup.log 2013-10-23 18:46 - 2013-10-23 18:46 - 0001527 _____ () C:\Users\Coz\AppData\Local\recently-used.xbel 2013-02-08 09:31 - 2013-02-08 09:31 - 0017408 _____ () C:\Users\Coz\AppData\Local\WebpageIcons.db 2011-05-17 09:09 - 2010-01-16 06:18 - 0131368 _____ () C:\ProgramData\FullRemove.exe 2013-10-25 14:29 - 2013-11-30 14:05 - 0006522 _____ () C:\ProgramData\hpzinstall.log Files to move or delete: ==================== C:\Users\Public\AlexaNSISPlugin.5912.dll Some content of TEMP: ==================== C:\Users\Coz\AppData\Local\Temp\DataCard_Setup64.exe C:\Users\Coz\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzqdbof.dll C:\Users\Coz\AppData\Local\Temp\ose00000.exe C:\Users\Coz\AppData\Local\Temp\ResetDevice.exe C:\Users\Coz\AppData\Local\Temp\SAS6_Update.exe C:\Users\Coz\AppData\Local\Temp\Tsu7B489F95.dll C:\Users\Coz\AppData\Local\Temp\TsuEBC760A3.dll C:\Users\Coz\AppData\Local\Temp\_is1A72.exe C:\Users\Coz\AppData\Local\Temp\_is4AE5.exe C:\Users\Coz\AppData\Local\Temp\_is4B1.exe C:\Users\Coz\AppData\Local\Temp\_is8102.exe C:\Users\Coz\AppData\Local\Temp\_is9923.exe C:\Users\Coz\AppData\Local\Temp\_isAC45.exe C:\Users\Coz\AppData\Local\Temp\_isBA3A.exe C:\Users\Coz\AppData\Local\Temp\_isCE46.exe C:\Users\Coz\AppData\Local\Temp\_isD3A.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-06 20:58 ==================== End Of Log ============================ Addition.txt

Security report Results of screen317's Security Check version 0.99.87 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Google Chrome 35.0.1916.153 Google Chrome 36.0.1985.125 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe WinPatrol winpatrol.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe BillP Studios WinPatrol WinPatrol.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 5% ````````````````````End of Log``````````````````````

MrC, completed last instructions, pleased to report last scan clear. Thank you,

Latest ADW report # AdwCleaner v3.305 - Report created 15/08/2014 at 09:42:19# Updated 14/08/2014 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : TOM - TOM-ADVENT# Running from : C:\Users\TOM\Desktop\adwcleaner_3.305.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600} ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17239 -\\ Google Chrome v36.0.1985.125 [ File : C:\Users\TOM\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [search Provider] : hxxp://uk.ask.com/web?q={searchTerms}&qsrc=0&o=8263&l=sem&qo=homepageSearchBoxDeleted [search Provider] : hxxp://uk.ask.com/web?q={searchTerms}Deleted [search Provider] : hxxp://www.kelkoo.co.uk/ctl/do/search?siteSearchQuery={searchTerms}&from=colibriDeleted [search Provider] : hxxp://www.webaddresshelp.bt.com/index?ClientLocation=uk&ParticipantID=mg76cjr54t8kx45jjw4j4k9j5hsr5m26&Implementation=0&LinkID=U6M0oX8AAAEAABNAqH8AAABm&FailureMode=5&pvf=1&pvi=0&SearchQuery={searchTerms}&searchbtn=SearchDeleted [search Provider] : hxxp://isearch.avg.com/search?cid={02DBB236-AE7D-4384-8C53-80D121E806C5}&mid=bf26ac3ba66747d0abb86939b2bde1e4-8cc02c7ba85ada44567b03be94880899579999d1〈=en&ds=pl011&pr=sa&d=2012-03-17 18:10:02&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}Deleted [startup_urls] : hxxps://mail.google.com/mail/u/0/?tab=wm#inboxDeleted [startup_urls] : hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6dnG4YA4YYZwVDpd54DElQfVNa4m81Ohlca8mmUlR4JXTsFPfc-ZueRT0ite2ZkspqxxWa56pzNs6K97v2cu7wCceIThC_E26gPDYAfDa6qebmqTUxaqR6m849iig1R7P-DD_ykTC4MX2kUX-Bpj2716iwyuaUQUs_jpmsK_IynIg,, ************************* AdwCleaner[R0].txt - [6827 octets] - [13/08/2014 18:56:14]AdwCleaner[R1].txt - [6887 octets] - [13/08/2014 19:05:29]AdwCleaner[R2].txt - [1445 octets] - [15/08/2014 09:34:50]AdwCleaner[s0].txt - [6890 octets] - [13/08/2014 19:07:21]AdwCleaner[s1].txt - [2180 octets] - [15/08/2014 09:42:19] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [2240 octets] ##########

Hello MrC, Ok followed the above details, have run threat scan twice each time the same pop shows, have included the last scan log. the log was produced before removing the threat. sorry to be such a pain. Tom Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 14/08/2014Scan Time: 14:33:56Logfile: 14.8 14.49.txtAdministrator: Yes Version: 2.00.2.1012Malware Database: v2014.08.14.06Rootkit Database: v2014.08.04.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: TOM Scan Type: Threat ScanResult: CompletedObjects Scanned: 356748Time Elapsed: 13 min, 10 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: DisabledRootkits: EnabledHeuristics: DisabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 1PUP.Optional.HelperBar.A, C:\Users\TOM\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ ""http://cpw.mail.aol.com/36992-111/talktalk-5/en-gb/Suite.aspx", "http://weather.aol.co.uk/forecast/todays/europe/united-kingdom/london/id/ukxx0085;jsessionid=697653274206DA270FDE333FDBA0D267", "http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6dnG4YA4YYZwVDpd54DElQfVNa4m81Ohlca8mmUlR4JXTsFPfc-ZueRT0ite2ZkspqxxWa56pzNs6K97v2cu7wCceIThC_E26gPDYAfDa6qebmqTUxaqR6m849iig1R7P-DD_ykTC4MX2kUX-Bpj2716iwyuaUQUs_jpmsK_IynIg,,", "http://www.google.com" ],), ,[b2e69a280c6fa39366ece51c63a2669a] Physical Sectors: 0(No malicious items detected) (end)

Yes to Malware bytes scan, used settings suggested on completion the annoying file was still showing up, quarantined this and received a log, attached Please also check the latest item in this post. ie second log Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/08/2014Scan Time: 18:14:10Logfile: Mb latest log.txtAdministrator: Yes Version: 2.00.2.1012Malware Database: v2014.08.11.05Rootkit Database: v2014.08.04.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: TOM Scan Type: Threat ScanResult: CompletedObjects Scanned: 351455Time Elapsed: 10 min, 21 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: DisabledRootkits: DisabledHeuristics: DisabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) I also ran the Threat scan this morning, this scan still shows the pop.optional.helper.A as a threat, before quarantining I took a Log which is below. Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 14/08/2014Scan Time: 10:07:23Logfile: 14.08 latest mb log.txtAdministrator: Yes Version: 2.00.2.1012Malware Database: v2014.08.14.03Rootkit Database: v2014.08.04.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: TOM Scan Type: Threat ScanResult: CompletedObjects Scanned: 356098Time Elapsed: 17 min, 40 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: DisabledRootkits: EnabledHeuristics: DisabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 1PUP.Optional.HelperBar.A, C:\Users\TOM\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ ""http://cpw.mail.aol.com/36992-111/talktalk-5/en-gb/Suite.aspx", "http://weather.aol.co.uk/forecast/todays/europe/united-kingdom/london/id/ukxx0085;jsessionid=697653274206DA270FDE333FDBA0D267", "http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6dnG4YA4YYZwVDpd54DElQfVNa4m81Ohlca8mmUlR4JXTsFPfc-ZueRT0ite2ZkspqxxWa56pzNs6K97v2cu7wCceIThC_E26gPDYAfDa6qebmqTUxaqR6m849iig1R7P-DD_ykTC4MX2kUX-Bpj2716iwyuaUQUs_jpmsK_IynIg,," ],), ,[dfb960629ae1ad893957ce325aabe61a] Physical Sectors: 0(No malicious items detected) (end)

Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Home Premium x64 Ran by TOM on 13/08/2014 at 19:21:21.83 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\drivergenius" Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec" Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\driver genius" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 13/08/2014 at 19:29:13.85 End of JRT log

# AdwCleaner v3.304 - Report created 13/08/2014 at 19:07:21 # Updated 08/08/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : TOM - TOM-ADVENT # Running from : C:\Users\TOM\Desktop\adwcleaner_3.304.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\NCH Software Folder Deleted : C:\Program Files (x86)\albrechto Folder Deleted : C:\Program Files (x86)\driver-soft Folder Deleted : C:\Program Files (x86)\NCH Software Folder Deleted : C:\Program Files (x86)\TidyNetwork Folder Deleted : C:\Program Files (x86)\VideoConverter Folder Deleted : C:\Users\TOM\AppData\Roaming\DSite Folder Deleted : C:\Users\TOM\AppData\Roaming\NCH Software ***** [ Scheduled Tasks ] ***** Task Deleted : Browser Manager Task Deleted : SUPERAntiSpyware Scheduled Task 56345189-e4ff-46a5-a545-ea9849a1244d ***** [ Shortcuts ] ***** Shortcut Disinfected : C:\Users\TOM\Desktop\Search.lnk Shortcut Disinfected : C:\Users\TOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\dsiteproducts Key Deleted : HKCU\Software\IM Key Deleted : HKCU\Software\InstallCore Key Deleted : HKCU\Software\Myfree Codec Key Deleted : HKCU\Software\PrivitizeVPNInstallDates Key Deleted : HKCU\Software\Softonic Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\Driver-Soft Key Deleted : HKLM\Software\firstsearch Key Deleted : HKLM\Software\Myfree Codec Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Genius_is1 Key Deleted : [x64] HKLM\SOFTWARE\Conduit ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17239 -\\ Google Chrome v36.0.1985.125 [ File : C:\Users\TOM\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [search Provider] : hxxp://uk.ask.com/web?q={searchTerms}&qsrc=0&o=8263&l=sem&qo=homepageSearchBox Deleted [search Provider] : hxxp://uk.ask.com/web?q={searchTerms} Deleted [search Provider] : hxxp://www.kelkoo.co.uk/ctl/do/search?siteSearchQuery={searchTerms}&from=colibri Deleted [search Provider] : hxxp://www.webaddresshelp.bt.com/index?ClientLocation=uk&ParticipantID=mg76cjr54t8kx45jjw4j4k9j5hsr5m26&Implementation=0&LinkID=U6M0oX8AAAEAABNAqH8AAABm&FailureMode=5&pvf=1&pvi=0&SearchQuery={searchTerms}&searchbtn=Search Deleted [startup_urls] : hxxps://mail.google.com/mail/u/0/?tab=wm#inbox Deleted [startup_urls] : hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6dnG4YA4YYZwVDpd54DElQfVNa4m81Ohlca8mmUlR4JXTsFPfc-ZueRT0ite2ZkspqxxWa56pzNs6K97v2cu7wCceIThC_E26gPDYAfDa6qebmqTUxaqR6m849iig1R7P-DD_ykTC4MX2kUX-Bpj2716iwyuaUQUs_jpmsK_IynIg,, ************************* AdwCleaner[R0].txt - [6827 octets] - [13/08/2014 18:56:14] AdwCleaner[R1].txt - [6887 octets] - [13/08/2014 19:05:29] AdwCleaner[s0].txt - [6714 octets] - [13/08/2014 19:07:21] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6774 octets] ##########

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-08-2014Ran by TOM at 2014-08-13 18:45:53 Run:1Running from C:\Users\TOM\Desktop\FRSTBoot Mode: Normal============================================== Content of fixlist:*****************Task: {62E467FA-DED4-425F-8096-6F1FA5F6B5CE} - System32\Tasks\DSite => C:\Users\TOM\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTIONTask: {7CD48AD6-87F7-487D-9BFB-88BCDD307072} - System32\Tasks\ZoomExUpdaterTask{2B56D032-06F6-41EE-B74C-5ADF796466CD} => C:\ProgramData\Premium\ZoomEx\ZoomEx.exe <==== ATTENTIONAlternateDataStreams: C:\ProgramData\Microsoft:dMyANubNRJwcfyjHkBASMAlternateDataStreams: C:\ProgramData\Microsoft:wRvCH7bcfbo8GLNQmAlternateDataStreams: C:\Users\TOM\AppData\Local\mWmtLIN3MoADrsp:ezyoW60jaUeXb0vYUwktOF8oJvAlternateDataStreams: C:\Users\TOM\Documents\Bob David.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Users\TOM\Documents\HANDY TIPS.ppp:SummaryInformationAlternateDataStreams: C:\Users\TOM\Documents\HANDY TIPS.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Users\TOM\Documents\instructions for web.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Users\TOM\Documents\LEMONS.ppp:SummaryInformationAlternateDataStreams: C:\Users\TOM\Documents\LEMONS.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Users\TOM\Documents\photo framing 10x8.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Users\TOM\Documents\sequence of events.ppp:SummaryInformationAlternateDataStreams: C:\Users\TOM\Documents\sequence of events.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Users\TOM\Documents\Web page insert.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}Task: {02D1E8D3-CC05-4E65-B3AC-EE850BEA8E2D} - System32\Tasks\AdobeAAMUpdater-1.0-TOM-ADVENT-TOM => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)SearchScopes: HKLM - DefaultScope value is missing.SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =CHR StartupUrls: "https://mail.google.com/mail/u/0/?tab=wm#inbox", "hxxp://cpw.mail.aol.com/36992-111/talktalk-5/en-gb/Suite.aspx", "hxxp://weather.aol.co.uk/forecast/todays/europe/united-kingdom/london/id/ukxx0085;jsessionid=697653274206DA270FDE333FDBA0D267", "hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6dnG4YA4YYZwVDpd54DElQfVNa4m81Ohlca8mmUlR4JXTsFPfc-ZueRT0ite2ZkspqxxWa56pzNs6K97v2cu7wCceIThC_E26gPDYAfDa6qebmqTUxaqR6m849iig1R7P-DD_ykTC4MX2kUX-Bpj2716iwyuaUQUs_jpmsK_IynIg,," C:\Users\TOM\AppData\Local\Temp\debutsetup.exeC:\Users\TOM\AppData\Local\Temp\EpsonInkjetDriverDownloader.EXEC:\Users\TOM\AppData\Local\Temp\HitmanPro.exeC:\Users\TOM\AppData\Local\Temp\InstallAX.exeC:\Users\TOM\AppData\Local\Temp\InstallPlugin.exeC:\Users\TOM\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exeC:\Users\TOM\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exeC:\Users\TOM\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exeC:\Users\TOM\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exeC:\Users\TOM\AppData\Local\Temp\KERNELBASE.dllC:\Users\TOM\AppData\Local\Temp\Kickstarter.exeC:\Users\TOM\AppData\Local\Temp\LMkRstPt.exeC:\Users\TOM\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exeC:\Users\TOM\AppData\Local\Temp\PAGEPLUS-X5-EN_15.0.5.030_Patch-Setup.exeC:\Users\TOM\AppData\Local\Temp\PAGEPLUS-X6-en-GB_16.0.3.029_Patch-Setup.exeC:\Users\TOM\AppData\Local\Temp\prismsetup.exeC:\Users\TOM\AppData\Local\Temp\sb9upgrade.exeC:\Users\TOM\AppData\Local\Temp\SkypeSetup.exeC:\Users\TOM\AppData\Local\Temp\vpsetup.exeC:\Users\TOM\AppData\Local\Temp\VSUSetup.exeC:\Users\TOM\AppData\Local\Temp\wintrust.dllC:\Users\TOM\AppData\Local\Temp\wpsetup.exe ***************** "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62E467FA-DED4-425F-8096-6F1FA5F6B5CE}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62E467FA-DED4-425F-8096-6F1FA5F6B5CE}" => Key deleted successfully.C:\Windows\System32\Tasks\DSite => Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DSite" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7CD48AD6-87F7-487D-9BFB-88BCDD307072}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CD48AD6-87F7-487D-9BFB-88BCDD307072}" => Key deleted successfully.C:\Windows\System32\Tasks\ZoomExUpdaterTask{2B56D032-06F6-41EE-B74C-5ADF796466CD} => Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ZoomExUpdaterTask{2B56D032-06F6-41EE-B74C-5ADF796466CD}" => Key deleted successfully.C:\ProgramData\Microsoft => ":dMyANubNRJwcfyjHkBASM" ADS removed successfully.C:\ProgramData\Microsoft => ":wRvCH7bcfbo8GLNQm" ADS removed successfully.C:\Users\TOM\AppData\Local\mWmtLIN3MoADrsp => ":ezyoW60jaUeXb0vYUwktOF8oJv" ADS removed successfully.C:\Users\TOM\Documents\Bob David.ppp => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.C:\Users\TOM\Documents\HANDY TIPS.ppp => ":SummaryInformation" ADS removed successfully.C:\Users\TOM\Documents\HANDY TIPS.ppp => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.C:\Users\TOM\Documents\instructions for web.ppp => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.C:\Users\TOM\Documents\LEMONS.ppp => ":SummaryInformation" ADS removed successfully.C:\Users\TOM\Documents\LEMONS.ppp => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.C:\Users\TOM\Documents\photo framing 10x8.ppp => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.C:\Users\TOM\Documents\sequence of events.ppp => ":SummaryInformation" ADS removed successfully.C:\Users\TOM\Documents\sequence of events.ppp => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.C:\Users\TOM\Documents\Web page insert.ppp => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{02D1E8D3-CC05-4E65-B3AC-EE850BEA8E2D}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02D1E8D3-CC05-4E65-B3AC-EE850BEA8E2D}" => Key deleted successfully.C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-TOM-ADVENT-TOM => Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeAAMUpdater-1.0-TOM-ADVENT-TOM" => Key deleted successfully.HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 => value deleted successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.CHR StartupUrls: "https://mail.google.com/mail/u/0/?tab=wm#inbox", "hxxp://cpw.mail.aol.com/36992-111/talktalk-5/en-gb/Suite.aspx", "hxxp://weather.aol.co.uk/forecast/todays/europe/united-kingdom/london/id/ukxx0085;jsessionid=697653274206DA270FDE333FDBA0D267", "hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6dnG4YA4YYZwVDpd54DElQfVNa4m81Ohlca8mmUlR4JXTsFPfc-ZueRT0ite2ZkspqxxWa56pzNs6K97v2cu7wCceIThC_E26gPDYAfDa6qebmqTUxaqR6m849iig1R7P-DD_ykTC4MX2kUX-Bpj2716iwyuaUQUs_jpmsK_IynIg,," ==> The Chrome "Settings" can be used to fix the entry. C:\Users\TOM\AppData\Local\Temp\debutsetup.exe => Moved successfully.C:\Users\TOM\AppData\Local\Temp\EpsonInkjetDriverDownloader.EXE => Moved successfully.C:\Users\TOM\AppData\Local\Temp\HitmanPro.exe => Moved successfully.C:\Users\TOM\AppData\Local\Temp\InstallAX.exe => Moved successfully.C:\Users\TOM\AppData\Local\Temp\InstallPlugin.exe => Moved successfully.C:\Users\TOM\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe => Moved successfully.C:\Users\TOM\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe => Moved successfully.C:\Users\TOM\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe => Moved successfully.C:\Users\TOM\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.C:\Users\TOM\AppData\Local\Temp\KERNELBASE.dll => Moved successfully.C:\Users\TOM\AppData\Local\Temp\Kickstarter.exe => Moved successfully.C:\Users\TOM\AppData\Local\Temp\LMkRstPt.exe => Moved successfully.C:\Users\TOM\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe => Moved successfully.C:\Users\TOM\AppData\Local\Temp\PAGEPLUS-X5-EN_15.0.5.030_Patch-Setup.exe => Moved successfully.C:\Users\TOM\AppData\Local\Temp\PAGEPLUS-X6-en-GB_16.0.3.029_Patch-Setup.exe => Moved successfully.C:\Users\TOM\AppData\Local\Temp\prismsetup.exe => Moved successfully.C:\Users\TOM\AppData\Local\Temp\sb9upgrade.exe => Moved successfully.C:\Users\TOM\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.C:\Users\TOM\AppData\Local\Temp\vpsetup.exe => Moved successfully.C:\Users\TOM\AppData\Local\Temp\VSUSetup.exe => Moved successfully.C:\Users\TOM\AppData\Local\Temp\wintrust.dll => Moved successfully.C:\Users\TOM\AppData\Local\Temp\wpsetup.exe => Moved successfully. ==== End of Fixlog ====

Thank you MrC. FRST.txt Addition.txt Files attached

Having removed all but one Adobe program which is Adobe collection CS5 refusing to delete, requesting that I close google chrome.exe, and this program is not running at all whilst attempting this action? I wish to remove this can you still assist?

Sorry for delay, busy with other events, have now run FixIt, about to remove all adobe programs, does this mean I have a pirated program on computer? is this the cause of my problem.

Sorry really have no idea!

RogueKiller V9.2.6.0 (x64) [Jul 11 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : TOM [Admin rights] Mode : Scan -- Date : 08/11/2014 19:46:01 ¤¤¤ Bad processes : 1 ¤¤¤ [suspicious.Path] vsnp2std.exe -- C:\Windows\vsnp2std.exe[7] -> KILLED [TermProc] ¤¤¤ Registry Entries : 11 ¤¤¤ [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | snp2std : C:\Windows\vsnp2std.exe -> FOUND [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> FOUND [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> FOUND [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> FOUND [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> FOUND [PUM.Desktop] (X64) HKEY_USERS\S-1-5-21-3456300056-613046056-2772485092-1000\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0 -> FOUND [PUM.Desktop] (X86) HKEY_USERS\S-1-5-21-3456300056-613046056-2772485092-1000\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0 -> FOUND [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND ¤¤¤ Scheduled tasks : 1 ¤¤¤ [suspicious.Path] \\DSite -- C:\Users\TOM\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE (/Check) -> FOUND ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 1 ¤¤¤ [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate.adobe.com ¤¤¤ Antirootkit : 4 (Driver: LOADED) ¤¤¤ [EAT:Addr] (explorer.exe) MSVCR110_CLR0400.dll - DllCanUnloadNow : C:\Program Files (x86)\Google\Drive\googledrivesync64.dll @ 0x7fef8462350 [EAT:Addr] (explorer.exe) MSVCR110_CLR0400.dll - DllGetClassObject : C:\Program Files (x86)\Google\Drive\googledrivesync64.dll @ 0x7fef8462130 [EAT:Addr] (explorer.exe) MSVCR110_CLR0400.dll - DllRegisterServer : C:\Program Files (x86)\Google\Drive\googledrivesync64.dll @ 0x7fef8461f70 [EAT:Addr] (explorer.exe) MSVCR110_CLR0400.dll - DllUnregisterServer : C:\Program Files (x86)\Google\Drive\googledrivesync64.dll @ 0x7fef8462060 ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: ST2000DM 001-9YN164 SCSI Disk Device +++++ --- User --- [MBR] 42793001a4a9216f3290b72d72d9f2e5 [bSP] 065ba6bf1511ecd043648a18a7cce876 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 8794 MB 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 18012160 | Size: 1898933 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: Seagate FreeAgent Go USB Device +++++ --- User --- [MBR] 0d3d9440de7697ad2b340f99317567dc [bSP] 5cab7fac78b6fe5301595cea6da44b25 : Empty MBR Code Partition table: 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 152625 MB User = LL1 ... OK Error reading LL2 MBR! ([32] The request is not supported. )

FRST files attached FRST.txt Addition.txt

Latest log produced from last scan Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 11/08/2014Scan Time: 18:14:10Logfile: Mb latest log.txtAdministrator: Yes Version: 2.00.2.1012Malware Database: v2014.08.11.05Rootkit Database: v2014.08.04.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: TOM Scan Type: Threat ScanResult: CompletedObjects Scanned: 351455Time Elapsed: 10 min, 21 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: DisabledRootkits: DisabledHeuristics: DisabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) now proceeding with FRST

Hi, Not sure if this is an infection or a setting gone amiss, on every scan recently unwanted objects detected, pup.optional.helperbar.A. Mb clears this to quarantine. but on next scan the identical object is detected, is there a solution to this? Any help will be appreciated, the computer is running windows 7 64 bit SP1 many thanks

Hi Dale, Thanks for response, the message I receive after entering the password and pressing enter is "The User Profile Service failed the logon" error. After that message the computer continually returns to the password entry screen, I have followed your suggested links, one option involves registry entries, not sure about that, the article is quite clear but is their a general tutorial on registry changes? Another option was to use Microsoft Fix It, is this a safe/sound method to use? My previous experiences using Fix It on other issues have not been particularly successful , I can get into safe mode so any help through this access will be welcome. Thanks again for your interest Tom

Attempting to assist a friend with a problem that has recently occurred on her computer, on booting from a cold start her password is rejected and a message appears relating to the user profile. It is possible to get into safe mode using her password which confirms that her password is correct, The laptop is a Dell Inspiron running widows 7, Any help or advice will be gratefully received, Thanks Tom

Thanks for this information hopefully on removal of test programs everything will be OK, Thanks for your help and perseverance, enjoy your vacation. regards Tom

Thanks, Well after fresh cold start all looks good, even IE is now responding, I would like to remove all test programs before handing the computer back to my grandaughter, guidance with this would be most welcome.

Hello Ron, Computer response improving with each change, the original search engine problem is cleared, Have removed and reinstalled the suggested programs, and the speed improvement is staggering, This report is prior to a full shutdown and re start, will send this now and report back any observations. Thanks you are a star Hope you are not in current freezing zone. Tom

Defrag report: The computer is still tardy in operation even allowing for the defragmenation that has taken place, although with a little working could this improve? would it be worth running sfc? Volume (C:) Volume size = 146 GB Cluster size = 4 KB Used space = 34.70 GB Free space = 111 GB Percent free space = 76 % Volume fragmentation Total fragmentation = 3 % File fragmentation = 6 % Free space fragmentation = 0 % File fragmentation Total files = 121,179 Average file size = 1,012 KB Total fragmented files = 5 Total excess fragments = 713 Average fragments per file = 1.00 Pagefile fragmentation Pagefile size = 763 MB Total fragments = 1 Folder fragmentation Total folders = 12,283 Fragmented folders = 1 Excess folder fragments = 0 Master File Table (MFT) fragmentation Total MFT size = 426 MB MFT record count = 134,100 Percent MFT in use = 30 % Total MFT fragments = 3 --------------------------------------------------------------------------------Fragments File Size Files that cannot be defragmentedNone

checkup report: Results of screen317's Security Check version 0.99.78 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials `````````Anti-malware/Other Utilities Check:````````` SUPERAntiSpyware Free Edition Windows Defender Signatures Malwarebytes Anti-Malware version 1.75.0.1300 CCleaner Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 10.3.183.7 Flash Player out of Date! Adobe Reader 6 Adobe Reader out of Date! Google Chrome 29.0.1547.66 Google Chrome 31.0.1650.63 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 32% Defragment your hard drive soon! (Do NOT defrag if SSD!)````````````````````End of Log`````````````````````` the computer is still tardy in operation, although google and firefox do eventually respond, stillrequired no reaction from IE, noticed the remark about defrag being suggested? would you like me to do this? thanks a lot for your patience.

report from CFScript.txt: ComboFix 14-01-04.03 - Louise Lee 05/01/2014 13:51:48.5.1 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1500 [GMT 0:00]Running from: c:\documents and settings\Louise Lee\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\Louise Lee\Desktop\CFScript.txtAV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\All Users\Application Data\xmlF4.tmpc:\windows\system32\ctfmon(2).exec:\windows\TEMP\logishrd\LVPrcInj01.dll..((((((((((((((((((((((((( Files Created from 2013-12-05 to 2014-01-05 )))))))))))))))))))))))))))))))..2014-01-04 14:54 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F6AF5657-8729-43E9-9B5B-2F126DFC4F76}\mpengine.dll2014-01-03 22:51 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-12-30 09:37 . 2013-12-30 09:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Doctor Web2013-12-30 09:37 . 2013-12-30 09:37 -------- d-----w- c:\documents and settings\Louise Lee\Doctor Web2013-12-12 16:23 . 2014-01-01 13:45 -------- d-----w- C:\FRST2013-12-12 12:10 . 2013-12-12 12:10 -------- d-----w- c:\program files\Hosts_Anti_Adwares_PUPs2013-12-12 11:56 . 2013-12-12 12:03 -------- d-----w- C:\AdwCleaner2013-12-12 10:30 . 2013-12-12 10:30 -------- d-----w- c:\windows\ERUNT2013-12-11 11:52 . 2013-12-11 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)2013-12-11 11:44 . 2013-12-11 18:52 51416 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2013-12-10 10:14 . 2013-12-10 10:14 -------- d-----w- c:\program files\iPod2013-12-10 10:13 . 2013-12-10 10:17 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E12013-12-10 10:13 . 2013-12-10 10:17 -------- d-----w- c:\program files\iTunes2013-12-09 20:45 . 2013-12-09 20:45 -------- d-----w- c:\windows\system32\wbem\Repository2013-12-09 16:44 . 2013-12-09 16:44 -------- d-----w- C:\Google2013-12-09 16:31 . 2013-12-09 16:31 -------- d-----w- c:\windows\Logs2013-12-08 17:33 . 2013-12-08 17:33 -------- d-----w- c:\program files\CCleaner2013-12-08 16:53 . 2013-04-04 14:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2013-12-08 16:53 . 2013-12-08 16:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2013-12-08 14:24 . 2013-11-19 10:21 230048 ------w- c:\windows\system32\MpSigStub.exe2013-12-08 14:18 . 2013-12-08 14:19 -------- d-----w- c:\program files\Microsoft Security Client...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-12-05 10:10 . 2013-12-05 10:10 388096 ----a-r- c:\documents and settings\Louise Lee\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe2013-11-13 02:59 . 2004-08-10 11:51 150528 ----a-w- c:\windows\system32\imagehlp.dll2013-11-07 05:38 . 2004-08-10 11:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll2013-11-06 01:03 . 2009-04-16 13:23 7168 ----a-w- c:\windows\system32\xpsp4res.dll2013-10-30 02:26 . 2004-08-10 11:51 1879040 ----a-w- c:\windows\system32\win32k.sys2013-10-29 07:57 . 2004-08-10 11:51 920064 ----a-w- c:\windows\system32\wininet.dll2013-10-29 07:57 . 2004-08-10 11:51 43520 ----a-w- c:\windows\system32\licmgr10.dll2013-10-29 07:57 . 2004-08-10 11:51 1469440 ------w- c:\windows\system32\inetcpl.cpl2013-10-29 07:57 . 2004-08-10 11:50 18944 ----a-w- c:\windows\system32\corpol.dll2013-10-29 00:45 . 2004-08-10 11:51 385024 ----a-w- c:\windows\system32\html.iec2013-10-25 02:34 . 2013-10-25 02:34 108816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys2013-10-23 23:45 . 2004-08-10 11:51 172032 ------w- c:\windows\system32\scrrun.dll2013-10-12 15:56 . 2004-08-10 11:51 278528 ----a-w- c:\windows\system32\oakley.dll2013-10-09 13:12 . 2004-08-10 11:51 287744 ----a-w- c:\windows\system32\gdi32.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"KGShareApp"="c:\program files\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-06-26 394752]"BTAgile"="c:\program files\BT Broadband Talk Softphone\BTAgile.exe" [2007-06-18 61440].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]"btbb_wcm_McciTrayApp"="c:\program files\btbb_wcm\McciTrayApp.exe" [2006-12-07 935936]"Mouse Suite 98 Daemon"="ICO.EXE" [2008-04-02 53248]"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-08-10 26112]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-09-14 1584640]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-02 152392].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360].c:\documents and settings\Louise Lee\Start Menu\Programs\Startup\AutorunsDisabled\Amazon Cloud Drive.lnk - c:\documents and settings\Louise Lee\Local Settings\Apps\2.0\ZNCX8EH3.30R\KVGXX92Q.5OA\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\AmazonCloudDrive.exe [2013-8-29 1097024].c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE -b -l [1999-2-17 65588]ZDWLan Utility.lnk - c:\program files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe -SETWZCD 35 [2011-4-5 487424].[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"="c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"="c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"="c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"="c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"="c:\\Program Files\\iTunes\\iTunes.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"5353:UDP"= 5353:UDP:Bonjour Port 5353.R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-02-28 161384]R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [2007-06-19 18560]R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-09-15 7408]S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2013-10-25 108816]S1 RapportCerberus_59849;RapportCerberus_59849;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [2013-12-12 340432]S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2013-10-25 157264]S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2013-10-25 230448]S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-09-15 9968]S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-09-15 74480]S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-10-25 1444120]S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-09 3275136]..[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12hpdevmgmt REG_MULTI_SZ hpqcxs08HPService REG_MULTI_SZ HPSLPSVC.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-12-07 16:00 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]2009-03-08 03:32 128512 ----a-w- c:\windows\system32\advpack.dll..------- Supplementary Scan -------.TCP: DhcpNameServer = 192.168.2.1.- - - - ORPHANS REMOVED - - - -.Toolbar-{BCF5B7B1-103A-4CFC-9794-AF3F958A43CB} - (no file)Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2014-01-05 14:52Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]@DACL=(02 0000)"Installed"="1".[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]@DACL=(02 0000)"NoChange"="1""Installed"="1".[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]@DACL=(02 0000)"Installed"="1".--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(676)c:\program files\SUPERAntiSpyware\SASWINLO.dllc:\windows\system32\WININET.dll.- - - - - - - > 'explorer.exe'(472)c:\windows\system32\WININET.dllc:\windows\TEMP\logishrd\LVPrcInj01.dllc:\windows\system32\ieframe.dllc:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dllc:\windows\system32\pelscrll.dllc:\windows\system32\PELCOMM.dllc:\windows\system32\PELHOOKS.dll.------------------------ Other Running Processes ------------------------.c:\program files\Microsoft Security Client\MsMpEng.exec:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files\Bonjour\mDNSResponder.exec:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exec:\program files\Google\Update\GoogleUpdate.exec:\program files\Google\Update\1.3.22.3\GoogleCrashHandler.exec:\program files\Common Files\Motive\McciCMService.exec:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEc:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exec:\windows\system32\ICO.EXEc:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exec:\program files\iPod\bin\iPodService.exec:\windows\system32\Pelmiced.exec:\program files\Microsoft Security Client\MpCmdRun.exec:\program files\Microsoft Security Client\MpCmdRun.exe.**************************************************************************.Completion time: 2014-01-05 15:35:56 - machine was rebootedComboFix-quarantined-files.txt 2014-01-05 15:35ComboFix2.txt 2014-01-03 22:14ComboFix3.txt 2013-12-29 13:33ComboFix4.txt 2013-12-10 14:01.Pre-Run: 119,775,457,280 bytes freePost-Run: 119,717,036,032 bytes free.- - End Of File - - 5BD6C1AA0902F269693E2D0B63DEBC65B16A2359F4962B0C622D81A1C1F4B703