Jump to content

Tj56

Members
 View Profile  See their activity

  • Posts

    15

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Tj56
    Since this blog started with my issue of MBAM running slowly, I decided to run it one more time at the end of the extensive virus cleaning process we just finished. In particular, I was concerned that when I ran the defrag software you recommended, it appeared that a bunch of crap was attached that affected my browser, such as loading Yahoo as the default, etc. Anyway, MBAM had trouble running. During the scan of Filesystem Objects, the screen went black and then a few minutes later the computer shut down. I hit the power key and the resuming windows note came up and MBAM continued running. The same thing happened again when doing the Heuristic scan (black screen about half way through the scan and then the computer shut down). Upon start up for the second time MBAM was finished with the scan and stated "Scan Complete - Non-Malware Detected." Here is the output text file from the MBAM scan (I think all this crap came from that "free" defrag download): Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 7/16/2014 Scan Time: 11:21:57 AM Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.07.16.04 Rootkit Database: v2014.07.14.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows Vista Service Pack 2 CPU: x64 File System: NTFS User: Thomas James Scan Type: Threat Scan Result: Completed Objects Scanned: 312776 Time Elapsed: 1 hr, 37 min, 4 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Warn PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 6 PUP.Optional.Spigot, HKLM\SOFTWARE\CLASSES\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, , [082cc7d92c4f95a111901f3b46bc39c7], PUP.Optional.Spigot, HKLM\SOFTWARE\CLASSES\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}\INPROCSERVER32, , [082cc7d92c4f95a111901f3b46bc39c7], PUP.Optional.Spigot, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, , [082cc7d92c4f95a111901f3b46bc39c7], PUP.Optional.Spigot, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, , [082cc7d92c4f95a111901f3b46bc39c7], PUP.Optional.Spigot, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, , [082cc7d92c4f95a111901f3b46bc39c7], PUP.Optional.MyEmoticons.A, HKU\S-1-5-21-1959732113-899606250-1835315485-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Search Protection, , [de56d0d094e780b6c3f1736d18ea12ee], Registry Values: 1 PUP.Optional.Spigot.A, HKU\S-1-5-21-1959732113-899606250-1835315485-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Browser Extensions, "C:\Users\Thomas James\AppData\Roaming\Browser Extensions\CouponsHelper.exe", , [d361efb1770461d5c026c450c73d2bd5] Registry Data: 1 PUP.Optional.Spigot.A, HKU\S-1-5-21-1959732113-899606250-1835315485-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, "http://www.google.com/ig?hl=en&gl=us" ],), ,[5dd7c3dd5724f24496ab5978699bb24e] PUP.Optional.Spigot.A, C:\Users\Thomas James\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage": "https://search.yahoo.com/?type=201117&fr=spigot-yhp-ch",), ,[44f0425ea2d92c0a043e7e5362a232ce] Physical Sectors: 0 (No malicious items detected) (end)
  2. Tj56
    OK, I ran each of the suggested programs. Thank you. Is there anything else?
  3. Tj56
    I ran SecurityCheck from Link1. Here is the output text file: Results of screen317's Security Check version 0.99.85 Windows Vista Service Pack 2 x64 (UAC is enabled) Internet Explorer 9 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Webroot SecureAnywhere Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 6 Update 29 Java version out of Date! Adobe Flash Player 14.0.0.145 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (30.0) Google Chrome 35.0.1916.114 Google Chrome 35.0.1916.153 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log``````````````````````
  4. Tj56
    I ran JRT. Here is the output text file: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows Vista Home Premium x64 Ran by Thomas James on Mon 07/14/2014 at 8:52:02.19 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{7EEAD0DA-121E-498E-B773-B8F0B4C4AAB1} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\Thomas James\appdata\locallow\alot" Successfully deleted: [Folder] "C:\Program Files (x86)\alot" ~~~ FireFox Emptied folder: C:\Users\Thomas James\AppData\Roaming\mozilla\firefox\profiles\bzyeqlqf.default\minidumps [16 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Mon 07/14/2014 at 9:11:13.19 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  5. Tj56
    I ran AdwCleaner. Here is the output text file: # AdwCleaner v3.215 - Report created 14/07/2014 at 08:39:15 # Updated 09/07/2014 by Xplode # Operating System : Windows Vista Home Premium Service Pack 2 (64 bits) # Username : Thomas James - JAMESHOME-PC # Running from : C:\Users\Thomas James\Desktop\adwcleaner_3.215.exe # Option : Clean ***** [ Services ] ***** Service Deleted : BackupStack ***** [ Files / Folders ] ***** [!] Folder Deleted : C:\ProgramData\Ask [!] Folder Deleted : C:\Users\Thomas James\AppData\Local\PackageAware [!] Folder Deleted : C:\Users\Thomas James\AppData\Roaming\pccustubinstaller File Deleted : C:\Users\Thomas James\Desktop\JustCloud.lnk File Deleted : C:\Users\Thomas James\Desktop\Sync Folder.lnk File Deleted : C:\Windows\System32\Tasks\LaunchApp ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKCU\Software\AppDataLow\Software\alot Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\alotToolbar ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16561 -\\ Mozilla Firefox v30.0 (en-US) [ File : C:\Users\Thomas James\AppData\Roaming\Mozilla\Firefox\Profiles\bzyeqlqf.default\prefs.js ] -\\ Google Chrome v [ File : C:\Users\Thomas James\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [search Provider] : hxxp://supertoolbar.ask.com/redirect?client=ie&tb=WBR&o=13993&src=crm&q={searchTerms}&locale=en_US Deleted [search Provider] : hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms} Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} ************************* AdwCleaner[R0].txt - [4755 octets] - [14/07/2014 08:37:18] AdwCleaner[s0].txt - [4278 octets] - [14/07/2014 08:39:15] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4338 octets] ##########
  6. Tj56
    I thought of something. This time I turned off MBAM in addition to Webroot. I restarted the ESET download procedure and this time the ESET virus signature database downloaded completely. Next, the ESET scan started automatically. After about 15 minutes, the scan finished. The result was "No Viruses Found."
  7. Tj56
    I started the process to run ESET as instructed in your previous email. The choices are not exactly as described in your email. I tried to paste the actual screen images of ESET, but this site will not allow me to do that. Rather, here is a description of what I see: From the main ESET program window I have ticked "Enable detection of potentially unwanted applications" and I have not ticked "Disable detection of potentially unwanted applications." From the drop down menu "Advanced settings" I have ticked two items: (i) Scan for potentially unsafe applications, and (ii) Enable anti-stealth technology. I have not ticked the remaining items, to include: (i) Remove found threats, (ii) Scan archives, and (iii) Use custom proxy settings. After I click Start the program starts to download the virus database and indicates 2 of 4 steps as a progress update. At around 50% (according to the download real time bar) the program stops and I get a message, "Another antivirus software was detected." The drop down menus shows that ESET has detected my Webroot software, even though I have turned off the program as instructed. How shall I proceed?
  8. Tj56
    I ran MBAM. It ran faster this time (around 45 min. total). However, during the Heuristic Analysis, the internet connection was turned off and the screen went black. I tapped the space bar and moved the mouse, but the screen remained black. After another 5 min. the computer shut off. I hit the power button and the "Resuming Windows" message appeared. MBAM was still an open application and after a second or two continued to scan. This time MBAM finished. A notice appeared that the scan was complete and no items were detected. Here is a copy of the Application Log: Malwarebytes Anti-Malware www.malwarebytes.org Update, 7/13/2014 12:55:49 PM, SYSTEM, JAMESHOME-PC, Manual, Rootkit Database, 2014.7.3.1, 2014.7.9.1, Update, 7/13/2014 12:55:52 PM, SYSTEM, JAMESHOME-PC, Manual, Malware Database, 2014.7.7.8, 2014.7.13.5, Protection, 7/13/2014 12:55:52 PM, SYSTEM, JAMESHOME-PC, Protection, Refresh, Starting, Protection, 7/13/2014 12:55:52 PM, SYSTEM, JAMESHOME-PC, Protection, Malicious Website Protection, Stopping, Protection, 7/13/2014 12:55:52 PM, SYSTEM, JAMESHOME-PC, Protection, Malicious Website Protection, Stopped, Protection, 7/13/2014 12:56:27 PM, SYSTEM, JAMESHOME-PC, Protection, Refresh, Success, Protection, 7/13/2014 12:56:27 PM, SYSTEM, JAMESHOME-PC, Protection, Malicious Website Protection, Starting, Protection, 7/13/2014 12:56:29 PM, SYSTEM, JAMESHOME-PC, Protection, Malicious Website Protection, Started, (end)
  9. Tj56
    I disabled my Webroot software and then down loaded and ran Combofix.exe without any difficulty. After the scan, I renabled the Webroot software. Here is the text file output: ComboFix 14-07-11.04 - Me 07/11/2014 9:15.1.2 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3998.1897 [GMT -4:00] Running from: c:\users\Me\Desktop\ComboFix.exe AV: Webroot SecureAnywhere *Disabled/Updated* {66A6FE14-08CB-F415-3742-517201416109} SP: Webroot SecureAnywhere *Disabled/Updated* {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Thomas James\AppData\Roaming\Microsoft\Installer\{39A908FD-7322-41AE-B374-C7A076B2FC97}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe c:\users\Thomas James\g2mdlhlpx.exe . . ((((((((((((((((((((((((( Files Created from 2014-06-11 to 2014-07-11 ))))))))))))))))))))))))))))))) . . 2014-07-11 13:56 . 2014-07-11 13:56 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-07-11 13:15 . 2014-07-11 13:15 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2010603B-7194-498E-95F3-ABE668C7A41B}\offreg.dll 2014-07-11 13:04 . 2014-06-05 10:54 10779000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2010603B-7194-498E-95F3-ABE668C7A41B}\mpengine.dll 2014-07-09 22:42 . 2014-06-07 02:41 96768 ----a-w- c:\windows\system32\mshtmled.dll 2014-07-09 22:40 . 2014-06-07 01:41 1871872 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll 2014-07-09 22:40 . 2014-06-07 00:33 2777088 ----a-w- c:\windows\system32\win32k.sys 2014-07-09 22:40 . 2014-06-07 01:41 120832 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipBand.dll 2014-07-09 22:40 . 2014-06-07 01:41 206336 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tabskb.dll 2014-07-09 22:40 . 2014-06-07 00:22 10240 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe 2014-07-09 22:40 . 2014-06-06 08:59 506880 ----a-w- c:\windows\SysWow64\qedit.dll 2014-07-09 22:40 . 2014-06-06 07:13 620032 ----a-w- c:\windows\system32\qedit.dll 2014-07-05 12:41 . 2014-07-09 00:33 -------- d-----w- C:\FRST 2014-06-23 08:28 . 2014-04-05 09:10 1422784 ----a-w- c:\windows\system32\drivers\tcpip.sys 2014-06-23 08:23 . 2014-04-26 18:21 622592 ----a-w- c:\windows\system32\usp10.dll 2014-06-23 08:23 . 2014-04-26 16:01 502784 ----a-w- c:\windows\SysWow64\usp10.dll 2014-06-23 08:23 . 2014-03-10 06:26 1794560 ----a-w- c:\windows\system32\msxml6.dll 2014-06-23 08:23 . 2014-03-10 06:26 1869824 ----a-w- c:\windows\system32\msxml3.dll 2014-06-23 08:23 . 2014-03-10 01:22 1401344 ----a-w- c:\windows\SysWow64\msxml6.dll 2014-06-23 08:23 . 2014-03-10 01:22 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-07-10 13:00 . 2014-05-27 11:34 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-07-10 07:02 . 2006-11-02 12:35 96441528 ----a-w- c:\windows\system32\mrt.exe 2014-07-09 22:14 . 2013-11-11 16:48 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-07-09 22:14 . 2011-05-27 02:19 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-06-17 07:10 . 2012-02-07 00:56 153256 ----a-w- c:\windows\SysWow64\WRusr.dll 2014-06-17 07:10 . 2012-02-07 00:56 103816 ----a-w- c:\windows\system32\WRusr.dll 2014-06-17 07:10 . 2012-02-07 00:56 114176 ----a-w- c:\windows\system32\drivers\WRkrn.sys 2014-05-12 05:26 . 2014-05-27 11:33 64216 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-05-12 05:26 . 2014-05-27 11:33 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-05-12 05:25 . 2012-08-16 04:06 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-12-11 15:14 . 2013-01-08 23:36 10395072 ----a-w- c:\program files (x86)\Common Files\wruninstall.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 131248 ----a-w- c:\users\Thomas James\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 131248 ----a-w- c:\users\Thomas James\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 131248 ----a-w- c:\users\Thomas James\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIJHE.EXE" [2012-02-28 283232] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-22 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "WRSVC"="c:\program files (x86)\Webroot\WRSA.exe" [2014-06-17 763512] "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2012-01-26 1058400] . c:\users\Thomas James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Memeo AutoSync Launcher.lnk - c:\program files (x86)\Memeo\AutoSync\MemeoLauncher.exe --silent [2007-12-13 128224] OneNote Table Of Contents.onetoc2 [2010-9-12 3656] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Install Webroot FF RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe -q -name=webroot -ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} --disablenotes --disableidentities --disablevault --disablecontext [2013-1-8 10395072] Install Webroot IE RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe -p -name=webroot -ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} --disablenotes --disableidentities --disablevault --disablecontext [2013-1-8 10395072] Snagit 9.lnk - c:\program files (x86)\TechSmith\Snagit 9\Snagit32.exe [2008-11-6 7217480] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoDevMgrUpdate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoEncryptOnMove"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDevMgrUpdate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoEncryptOnMove"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "DisableLocalMachineRun"= 0 (0x0) "DisableLocalMachineRunOnce"= 0 (0x0) "DisableCurrentUserRun"= 0 (0x0) "DisableCurrentUserRunOnce"= 0 (0x0) "NoFile"= 0 (0x0) "HideClock"= 0 (0x0) "NoDevMgrUpdate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoEncryptOnMove"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . R4 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_7477fb4c\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_7477fb4c\AESTSr64.exe [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MBAMSWISSARMY *Deregistered* - FileOpenWebPublisherScreenHookDriver . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Themes . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 17:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2014-07-11 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-11 22:14] . 2014-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 23:55] . 2014-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 23:55] . 2014-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1959732113-899606250-1835315485-1000Core.job - c:\users\Thomas James\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-13 10:35] . 2014-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1959732113-899606250-1835315485-1000UA.job - c:\users\Thomas James\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-13 10:35] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 164016 ----a-w- c:\users\Thomas James\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 164016 ----a-w- c:\users\Thomas James\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 164016 ----a-w- c:\users\Thomas James\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 164016 ----a-w- c:\users\Thomas James\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_WrSyncExcl] @="{8D7FC74C-E409-42DF-8EEE-69D45FAE2F30}" [HKEY_CLASSES_ROOT\CLSID\{8D7FC74C-E409-42DF-8EEE-69D45FAE2F30}] 2014-06-17 07:10 153256 ----a-w- c:\windows\SysWOW64\WRusr.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_WrSyncGreen] @="{6DA1ED92-315E-4D0B-B354-9D5F519DBA95}" [HKEY_CLASSES_ROOT\CLSID\{6DA1ED92-315E-4D0B-B354-9D5F519DBA95}] 2014-06-17 07:10 153256 ----a-w- c:\windows\SysWOW64\WRusr.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_WrSyncRed] @="{1914B27A-33C8-46F8-A1C2-F993268D4564}" [HKEY_CLASSES_ROOT\CLSID\{1914B27A-33C8-46F8-A1C2-F993268D4564}] 2014-06-17 07:10 153256 ----a-w- c:\windows\SysWOW64\WRusr.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_WrSyncYellow] @="{C14874EA-ACE4-4A47-8A81-18C4D1C40868}" [HKEY_CLASSES_ROOT\CLSID\{C14874EA-ACE4-4A47-8A81-18C4D1C40868}] 2014-06-17 07:10 153256 ----a-w- c:\windows\SysWOW64\WRusr.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-11 153624] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-11 225816] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-11 200216] "FileOpenBroker"="c:\program files\FileOpen\Services\FileOpenBroker64.exe" [2013-03-26 1589104] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: intuit.com\accounts Trusted Zone: intuit.com\ttlc TCP: DhcpNameServer = 192.168.1.1 71.243.0.12 FF - ProfilePath - c:\users\Thomas James\AppData\Roaming\Mozilla\Firefox\Profiles\bzyeqlqf.default\ FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/ FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: !HIDDEN! 2009-08-19 11:55; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . . ------- File Associations ------- . inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1 JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %* txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe Wow6432Node-HKLM-Run-<NO NAME> - (no file) c:\users\Thomas James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Memeo AutoBackup Launcher.lnk - (no file) SafeBoot-WudfPf SafeBoot-WudfRd ShellIconOverlayIdentifiers-{6B78A880-15CA-468f-8422-A7960AD6FBB9} - c:\program files (x86)\Webroot\Security\current\plugins\sync\WebRootShellExt_x64.dll ShellIconOverlayIdentifiers-{4EE7A346-5845-471e-9FAB-002EAF83F8B0} - c:\program files (x86)\Webroot\Security\current\plugins\sync\WebRootShellExt_x64.dll ShellIconOverlayIdentifiers-{53DABC15-4F29-44ad-B09A-E0D0F9A3D075} - c:\program files (x86)\Webroot\Security\current\plugins\sync\WebRootShellExt_x64.dll ShellIconOverlayIdentifiers-{493FC96E-B938-4924-9B38-C4088E9B8AC2} - c:\program files (x86)\Webroot\Security\current\plugins\sync\WebRootShellExt_x64.dll HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}] "ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{1E61ED7C-7CB8-49D6-B9E9-AB4C880C8414}"=hex:51,66,7a,6c,4c,1d,38,12,12,ee,72, 1a,8a,32,b8,0c,c6,ff,e8,0c,8d,52,c0,00 "{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}"=hex:51,66,7a,6c,4c,1d,38,12,ed,e2,e6, 8b,ec,e5,85,03,cf,88,91,ea,bc,02,ef,f7 "{D84A64A0-F2B2-4975-B264-3A3BCE8D57D6}"=hex:51,66,7a,6c,4c,1d,38,12,ce,67,59, dc,80,bc,1b,0c,cd,72,79,7b,cb,d3,13,c2 "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b, 27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b "{00C6482D-C502-44C8-8409-FCE54AD9C208}"=hex:51,66,7a,6c,4c,1d,38,12,43,4b,d5, 04,30,8b,a6,01,fb,1f,bf,a5,4f,87,86,1c "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1, 38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b, ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3 "{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a, ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49 "{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd, d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b "{D93EC24D-8741-4D41-B83D-A5793B998416}"=hex:51,66,7a,6c,4c,1d,38,12,23,c1,2d, dd,73,c9,2f,08,c7,2b,e6,39,3e,c7,c0,02 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{E08861FE-8847-4B2A-8EC2-08EDB20E4020}"=hex:51,66,7a,6c,4c,1d,38,12,90,62,9b, e4,75,c6,44,0e,f1,d4,4b,ad,b7,50,04,34 "{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13, 36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:90,ef,93,60,8f,1f,cc,01 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.14" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . Completion time: 2014-07-11 10:03:08 ComboFix-quarantined-files.txt 2014-07-11 14:03 . Pre-Run: 298,975,191,040 bytes free Post-Run: 298,959,314,944 bytes free . - - End Of File - - 37E7C8487612B9143697429F2ACFE367 5C86ADEC17B739C437E145E3B3FC2E6D
  10. Tj56
    Here is the Addition.txt file you asked for (I replaced my name with "me"): Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-07-2014 Ran by me at 2014-07-05 08:43:16 Running from C:\Users\me\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Webroot SecureAnywhere (Enabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109} AS: Webroot SecureAnywhere (Enabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft) 6200 (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden 6200_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden 6200Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY) ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.1.0.0 - Adobe Systems Incorporated) Acrobat.com (x32 Version: 2.1.0 - Adobe Systems Incorporated) Hidden Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation) Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0 - Microsoft Corporation) Hidden ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.6.0.5970 - Adobe Systems Incorporated) Hidden Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated) Adobe Reader 9.5.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.2 - Adobe Systems Incorporated) AIO_CDB_ProductContext (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden AIO_CDB_Software (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden AIO_CDB_ToolboxIni64 (Version: 82.0.242.000 - Hewlett-Packard) Hidden AIO_Scan (x32 Version: 82.0.173.000 - Hewlett-Packard) Hidden Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Bootstrapper (x32 Version: 1.1.1.0 - Minitab, Inc.) Hidden BufferChm (x32 Version: 82.0.173.000 - Hewlett-Packard) Hidden Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Copy (x32 Version: 120.0.214.000 - Hewlett-Packard) Hidden CustomerResearchQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2512 - CyberLink Corp.) CyberLink DVD Suite (x32 Version: 6.0.2512 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Destination Component (x32 Version: 090.000.091.086 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 110.0.180.000 - Hewlett-Packard) Hidden DeviceManagementQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden DocProc (x32 Version: 8.1.0.0 - Hewlett-Packard) Hidden DocProcQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden Download Navigator (HKLM-x32\...\{3A3A3B34-6EA2-4031-8580-D66D29533E89}) (Version: 3.4.0 - SEIKO EPSON CORPORATION) Dropbox (HKCU\...\Dropbox) (Version: 2.6.31 - Dropbox, Inc.) ENE CIR Receiver Driver (12/30/2008 2.7.2.0) (HKLM\...\703AB19C282B6ED3F1D3CE92F8DAA864B68A7C91) (Version: 12/30/2008 2.7.2.0 - ENE) EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.) Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION) Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation) Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION) Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - ) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON WF-3540 Series Printer Uninstall (HKLM\...\EPSON WF-3540 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION) ESU for Microsoft Vista (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard) Fax (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden FileOpen Client (x64) B928 (HKLM\...\{3ED9A79B-1419-4C5F-BA88-EFD6F180EBE5}) (Version: 3.0.95.928 - FileOpen Systems, Inc.) GameFinder (HKLM-x32\...\{4546520C-EB9D-4BB9-99E3-EA147361A60C}) (Version: 1.4.4.8 - Day6) Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden GoToMeeting 5.1.0.880 (HKCU\...\GoToMeeting) (Version: 5.1.0.880 - CitrixOnline) HP Active Support Library (HKLM-x32\...\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}) (Version: 3.1.9.1 - Hewlett-Packard) HP Common Access Service Library (x32 Version: 2.00 E6 - Hewlett-Packard) Hidden HP Customer Experience Enhancements (HKLM-x32\...\{57A5AEC1-97FC-474D-92C4-908FCC2253D4}) (Version: 5.7.0.2664 - Hewlett-Packard) HP Customer Participation Program 8.0 (HKLM\...\HPExtendedCapabilities) (Version: 8.0 - HP) HP Driver Diagnostics (HKLM-x32\...\{0EC7C406-B592-4686-BAC1-AD29A85EAE6A}) (Version: 1.03.0005 - Hewlett-Packard Company) HP Help and Support (HKLM-x32\...\{0054A0F6-00C9-4498-B821-B5C9578F433E}) (Version: 2.1.3.0 - Hewlett-Packard Company) HP Imaging Device Functions 8.0 (HKLM\...\HP Imaging Device Functions) (Version: 8.0 - HP) HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 2.1.2328 - Hewlett-Packard) HP MediaSmart DVD (x32 Version: 2.1.2328 - Hewlett-Packard) Hidden HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.1.2425 - Hewlett-Packard) HP MediaSmart Music/Photo/Video (x32 Version: 2.1.2425 - Hewlett-Packard) Hidden HP MediaSmart SlingPlayer (HKLM-x32\...\HP.MediaSmartSlingPlayer_is1) (Version: 2.1 - Sling Media, Inc.) HP MediaSmart SmartMenu (HKLM\...\{0BC595C4-F736-4EB4-A1C0-32C7E81800F0}) (Version: 2.1.10 - Hewlett-Packard) HP MediaSmart TV (HKLM-x32\...\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}) (Version: 2.1.1708 - Hewlett-Packard) HP MediaSmart TV (x32 Version: 2.1.1708 - Hewlett-Packard) Hidden HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.1.1208 - Hewlett-Packard) HP MediaSmart Webcam (x32 Version: 2.1.1208 - Hewlett-Packard) Hidden HP OCR Software 8.0 (HKLM\...\HPOCR) (Version: 8.0 - HP) HP Photosmart Essential (HKLM-x32\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP) HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B (HKLM\...\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}) (Version: 8.0 - HP) HP Quick Launch Buttons 6.40 M1 (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40 M1 - Hewlett-Packard) HP Total Care Advisor (HKLM-x32\...\{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}) (Version: 2.4.5991.2847 - Hewlett-Packard) HP Total Care Setup (HKLM-x32\...\{95A747E0-DF19-46CB-A622-20A0107201BD}) (Version: 1.1.2413.2876 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard) HP User Guides 0135 (HKLM-x32\...\{372ED957-0FB5-487B-B51A-388B3D393F7A}) (Version: 1.01.0000 - Hewlett-Packard) HP Wireless Assistant (HKLM-x32\...\{462DED50-EC2E-4237-ABCF-B5C463C0EE51}) (Version: 3.50.3.1 - Hewlett-Packard) HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden HPSSupply (HKLM-x32\...\{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}) (Version: 2.1.3.0000 - Hewlett Packard Development Company L.P.) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6146.0 - IDT) Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation) iSEEK AnswerWorks English Runtime (HKLM-x32\...\{9E5A03E3-6246-4920-9630-0527D5DA9B07}) (Version: 009.000.0002 - Vantage Linguistics) iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.) Java Auto Updater (x32 Version: 2.0.6.1 - Sun Microsystems, Inc.) Hidden Java 6 Update 12 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416012FF}) (Version: 6.0.120 - Sun Microsystems, Inc.) Java 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216012FF}) (Version: 6.0.290 - Sun Microsystems, Inc.) Juno Preloader (HKLM-x32\...\{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}) (Version: 1.0.0 - Juno, Inc.) JustCloud (HKLM\...\JustCloud) (Version: - JDi Backup Ltd) LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1312 - CyberLink Corp.) LabelPrint (x32 Version: 2.5.1312 - CyberLink Corp.) Hidden LightScribe System Software 1.14.17.1 (HKLM-x32\...\{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}) (Version: 1.14.17.1 - LightScribe) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) MarketResearch (x32 Version: 82.0.174.000 - Hewlett-Packard) Hidden MathType 6 (HKLM-x32\...\DSMT6) (Version: 6.6 - Design Science, Inc.) MATLAB R2011a (HKLM\...\MatlabR2011a) (Version: 7.12 - The MathWorks, Inc.) Memeo AutoBackup (HKCU\...\InstallShield_{39A908FD-7322-41AE-B374-C7A076B2FC97}) (Version: 2.50.2985 - Memeo Inc) Memeo AutoBackup (x32 Version: 2.50.2985 - Memeo Inc) Hidden Memeo AutoSync (HKCU\...\InstallShield_{FD29EB58-CF8D-4BE9-9AE8-8EE4FEF6D2E0}) (Version: 2.50.2922 - Memeo Inc) Memeo AutoSync (x32 Version: 2.50.2922 - Memeo Inc) Hidden Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Live Search Toolbar (HKLM-x32\...\{6A370610-3778-44AF-9AAC-69B2FD1A3356}) (Version: 3.0.541.0 - Microsoft Corporation) Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Hidden Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version: - Microsoft Corporation) Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (Version: 8.0.52572 - Microsoft Corporation) Hidden Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version: - Microsoft Corporation) Microsoft Visual Studio 2005 Tools for Applications - ENU (x32 Version: 8.0.50727.146 - Microsoft Corporation) Hidden Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) Minitab 16 (HKLM-x32\...\Minitab16) (Version: 16.2.3 - Minitab, Inc.) Minitab Software Update Manager (HKLM-x32\...\MinitabSoftwareManager) (Version: 1.1.0.0 - Minitab, Inc.) Minitab16 (x32 Version: 16.2.3.0 - Minitab Inc) Hidden Minitab16 (x32 Version: 16.2.3.0 - Minitab, Inc.) Hidden Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 and SOAP Toolkit 3.0 (x32 Version: 1.0.0.0 - Webroot Software, Inc.) Hidden muvee Reveal (HKLM-x32\...\{E8020EC7-5DD8-80C9-7237-7B2E9BDA8CC6}) (Version: 7.0.35.7918 - muvee Technologies Pte Ltd) My HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.62 - WildTangent) NetZero Preloader (HKLM-x32\...\{352310C3-E46B-42D3-8F32-54721FDD72D9}) (Version: 1.0.0 - NetZero, Inc.) Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2512 - CyberLink Corp.) Power2Go (x32 Version: 6.0.2512 - CyberLink Corp.) Hidden PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2512 - CyberLink Corp.) PowerDirector (x32 Version: 7.0.2512 - CyberLink Corp.) Hidden ProtectSmart Hard Drive Protection (HKLM\...\{2F97CE84-9C33-4631-821B-85EA371EA254}) (Version: 3.10.1.7 - Hewlett-Packard) QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.) Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek) Realtek USB 2.0 Card Reader (HKLM-x32\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 6.0.6000.20113 - Realtek Semiconductor Corp.) Salts & Solubility (HKCU\...\Salts & Solubility) (Version: - University of Colorado, Department of Physics) Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung) Scan (x32 Version: 8.1.0.0 - Hewlett-Packard) Hidden Secure Download Manager (HKLM-x32\...\{4A5667B2-5D13-46C2-85B5-9D46A6096F61}) (Version: 3.1.0 - Kivuto Solutions Inc.) Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden Skype™ 6.13 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.13.104 - Skype Technologies S.A.) Snagit 9.1 (HKLM-x32\...\{0E6ED660-498C-42F7-9EF4-FB0C96DFC01A}) (Version: 9.1.0.206 - TechSmith Corporation) SoftwareManager (x32 Version: 1.1.0.0 - Minitab, Inc.) Hidden SolidWorks 2011 x64 Edition SP02 (HKLM-x32\...\SolidWorks Installation Manager 20110-40200-1100-100) (Version: 19.2.0.49 - SolidWorks Corporation) SolidWorks 2011 x64 Edition SP02 (Version: 19.120.49 - SolidWorks) Hidden SolidWorks 2012 x64 Edition SP02 (HKLM-x32\...\SolidWorks Installation Manager 20120-40200-1100-100) (Version: 20.2.0.55 - SolidWorks Corporation) SolidWorks 2012 x64 Edition SP02 (Version: 20.120.55 - SolidWorks) Hidden SolidWorks eDrawings 2012 x64 Edition SP02 (Version: 12.2.110 - Dassault Systèmes SolidWorks Corp) Hidden SolidWorks Flow Simulation 2012 SP02 x64 Edition (Version: 20.20.56 - SolidWorks Corporation) Hidden Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated) Status (x32 Version: 110.0.180.000 - Hewlett-Packard) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.17.4 - Synaptics Incorporated) TomTom HOME 2.8.2.2264 (HKLM-x32\...\TomTom HOME) (Version: 2.8.2.2264 - TomTom) TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.) Toolbox (x32 Version: 82.0.173.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 110.0.180.000 - Hewlett-Packard) Hidden TurboTax 2009 (HKLM-x32\...\TurboTax 2009) (Version: - Intuit, Inc) TurboTax 2009 WinPerFedFormset (x32 Version: 009.000.2163 - Intuit Inc.) Hidden TurboTax 2009 WinPerReleaseEngine (x32 Version: 009.000.0328 - Intuit Inc.) Hidden TurboTax 2009 WinPerTaxSupport (x32 Version: 009.000.0238 - Intuit Inc.) Hidden TurboTax 2009 wmaiper (x32 Version: 009.000.0750 - Intuit Inc.) Hidden TurboTax 2009 wrapper (x32 Version: 009.000.0145 - Intuit Inc.) Hidden TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version: - Intuit, Inc) TurboTax 2011 WinPerFedFormset (x32 Version: 011.000.2999 - Intuit Inc.) Hidden TurboTax 2011 WinPerReleaseEngine (x32 Version: 011.000.0495 - Intuit Inc.) Hidden TurboTax 2011 WinPerTaxSupport (x32 Version: 011.000.0214 - Intuit Inc.) Hidden TurboTax 2011 wmaiper (x32 Version: 011.000.1625 - Intuit Inc.) Hidden TurboTax 2011 wrapper (x32 Version: 011.000.0121 - Intuit Inc.) Hidden TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc) TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.1842 - Intuit Inc.) Hidden TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0419 - Intuit Inc.) Hidden TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0178 - Intuit Inc.) Hidden TurboTax 2012 wmaiper (x32 Version: 012.000.1258 - Intuit Inc.) Hidden TurboTax 2012 wrapper (x32 Version: 012.000.0127 - Intuit Inc.) Hidden TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc) TurboTax 2013 WinPerFedFormset (x32 Version: 013.000.1986 - Intuit Inc.) Hidden TurboTax 2013 WinPerReleaseEngine (x32 Version: 013.000.0492 - Intuit Inc.) Hidden TurboTax 2013 WinPerTaxSupport (x32 Version: 013.000.0168 - Intuit Inc.) Hidden TurboTax 2013 wmaiper (x32 Version: 013.000.1433 - Intuit Inc.) Hidden TurboTax 2013 wrapper (x32 Version: 013.000.0135 - Intuit Inc.) Hidden UnloadSupport (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft) Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft) Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft) Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft) Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft) Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.) WD Diagnostics (HKLM-x32\...\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}) (Version: 1.09.0002 - Western Digital Technologies) WebReg (x32 Version: 82.0.173.000 - Hewlett-Packard) Hidden Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 8.0.4.84 - Webroot) Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation) Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden WinZip 15.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C3}) (Version: 15.5.9579 - WinZip Computing, S.L. ) WinZip 16.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C7}) (Version: 16.0.9661 - WinZip Computing, S.L. ) ==================== Restore Points ========================= 25-03-2014 14:15:39 Windows Update 01-04-2014 13:58:48 Windows Update 08-04-2014 10:51:50 Windows Update 10-04-2014 07:00:42 Windows Update 12-04-2014 14:53:47 Installed TurboTax 2013 wrapper 12-04-2014 15:04:37 Installed TurboTax 2013 wmaiper 15-04-2014 12:49:12 Windows Update 18-04-2014 13:23:02 Windows Update 22-04-2014 13:36:06 Windows Update 27-04-2014 20:50:02 Scheduled Checkpoint 29-04-2014 12:24:16 Windows Update 02-05-2014 13:48:14 Windows Update 06-05-2014 01:12:28 Scheduled Checkpoint 06-05-2014 13:36:26 Windows Update 10-05-2014 14:30:39 Scheduled Checkpoint 12-05-2014 20:13:43 Scheduled Checkpoint 15-05-2014 08:37:19 Windows Update 17-05-2014 01:00:51 Windows Update 24-05-2014 17:57:04 Windows Update 26-05-2014 03:51:33 Scheduled Checkpoint 30-05-2014 11:44:50 Windows Update 03-06-2014 12:59:10 Windows Update 09-06-2014 14:42:34 Windows Update 23-06-2014 08:12:38 Windows Update 24-06-2014 01:00:25 Windows Update 25-06-2014 12:37:57 Windows Update 30-06-2014 17:11:18 Scheduled Checkpoint 01-07-2014 13:05:16 Windows Update 04-07-2014 14:31:18 Windows Update ==================== Hosts content: ========================== 2006-11-02 08:34 - 2011-02-17 09:14 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation) Task: {3CCE9F4A-31DF-4573-8CF1-1A85D9B39658} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-30] (Adobe Systems Incorporated) Task: {71A7F2CB-5EF4-470B-9998-6B60AA452327} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Thomas James => C:\Program Files (x86)\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation) Task: {7246E753-6EBF-4C11-9933-307929749A44} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation) Task: {7B9E0D5C-555A-4396-AA70-131586C56394} - System32\Tasks\Minitab\Minitab Software Update Manager => C:\Program Files (x86)\Common Files\Minitab Shared\Software Manager\SoftwareManager.exe [2010-11-05] (Minitab) Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {83CB27AB-1E40-4E35-928A-6A9BE7B1F2CF} - System32\Tasks\Webroot Backup Online Backup - tpjames => C:\Program Files (x86)\Webroot\WebrootSecurity\Backup\sosuploadagent.exe Task: {842EF2F7-D3CF-4361-882C-028144C513EE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1959732113-899606250-1835315485-1000Core => C:\Users\Thomas James\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-18] (Google Inc.) Task: {94316F40-AA6F-4AF6-98AE-F666F134F66F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31] (Google Inc.) Task: {DBBB6D04-F619-4BAD-B3A9-08E4F2C75180} - System32\Tasks\LaunchApp => C:\Program Files (x86)\JustCloud\JustCloud.exe [2014-02-18] (JustCloud.com) Task: {E0077B4E-53EA-4C9A-91FE-506E8BE693B3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1959732113-899606250-1835315485-1000UA => C:\Users\Thomas James\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-18] (Google Inc.) Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] () Task: {FBB5F75D-F924-4AF0-8DBE-A5E397469F81} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1959732113-899606250-1835315485-1000Core.job => C:\Users\Thomas James\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1959732113-899606250-1835315485-1000UA.job => C:\Users\Thomas James\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Webroot Backup Online Backup - tpjames.job => C:\Program Files (x86)\Webroot\WebrootSecurity\Backup\sosuploadagent.exe ==================== Loaded Modules (whitelisted) ============= 2014-02-18 09:32 - 2014-02-18 09:32 - 01102336 _____ () C:\Program Files (x86)\JustCloud\x64\System.Data.SQLite.dll 2009-03-06 03:02 - 2008-12-23 20:18 - 00365952 _____ () C:\Program Files (x86)\SMINST\BLService.exe 2009-03-06 02:55 - 2008-11-25 19:29 - 00247152 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 2008-11-26 20:13 - 2008-11-26 20:13 - 00296320 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe 2008-11-26 20:13 - 2008-11-26 20:13 - 00116096 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe 2014-02-18 09:38 - 2014-02-18 09:38 - 00012288 _____ () C:\Program Files (x86)\JustCloud\GetText.dll 2009-03-06 03:02 - 2008-12-23 20:18 - 00132480 _____ () C:\Program Files (x86)\SMINST\STWmiM.dll 2008-11-26 20:13 - 2008-11-26 20:13 - 00263560 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLCapEngine.dll 2008-11-26 20:13 - 2008-11-26 20:13 - 00038184 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLCapSvcps.dll 2008-11-26 20:13 - 2008-11-26 20:13 - 00124288 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLSchMgr.dll 2008-11-26 20:13 - 2008-11-26 20:13 - 00349480 ____N () C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLTinyDB.dll 2008-11-06 14:26 - 2008-11-06 14:26 - 04715848 ____R () C:\Program Files (x86)\TechSmith\Snagit 9\PDFNetC.dll 2010-04-13 08:42 - 2010-04-13 08:42 - 00854016 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll 2010-04-13 08:42 - 2010-04-13 08:42 - 00471040 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll 2014-06-28 11:48 - 2014-06-28 11:48 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service" ==================== EXE Association (whitelisted) ============= HKU\S-1-5-21-1959732113-899606250-1835315485-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION! HKU\S-1-5-21-1959732113-899606250-1835315485-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION! ==================== MSCONFIG/TASK MANAGER disabled items ========= MSCONFIG\Services: ABBYY.Licensing.FineReader.Sprint.9.0 => 2 MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: Apple Mobile Device => 2 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: EpsonCustomerParticipation => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk => C:\Windows\pss\WinZip Quick Pick.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Thomas James^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupfolder: C:^Users^Thomas James^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^JustCloud.lnk => C:\Windows\pss\JustCloud.lnk.Startup MSCONFIG\startupfolder: C:^Users^Thomas James^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: CLMLServer for HP TouchSmart => "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" MSCONFIG\startupreg: DVDAgent => "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" MSCONFIG\startupreg: Google Update => "C:\Users\Thomas James\AppData\Local\Google\Update\GoogleUpdate.exe" /c MSCONFIG\startupreg: HP Health Check Scheduler => "c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" MSCONFIG\startupreg: HP Software Update => "C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe" MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: LightScribe Control Panel => "C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background MSCONFIG\startupreg: QlbCtrl.exe => "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: SmartMenu => %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe MSCONFIG\startupreg: SolidWorks_CheckForUpdates => "C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" /scheduler MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" MSCONFIG\startupreg: SysTrayApp => %ProgramFiles%\IDT\WDM\sttray64.exe MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" MSCONFIG\startupreg: TSMAgent => "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" MSCONFIG\startupreg: TVAgent => "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe" MSCONFIG\startupreg: UCam_Menu => "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam" MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" MSCONFIG\startupreg: UpdatePDIRShortCut => "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" MSCONFIG\startupreg: UpdatePSTShortCut => "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" MSCONFIG\startupreg: WirelessAssistant => "C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/05/2014 08:04:47 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application GoogleUpdate.exe, version 1.2.183.21, time stamp 0x4b95e661, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e00, exception code 0xc0000005, fault offset 0x0004d600, process id 0x16a0, application start time 0xGoogleUpdate.exe0. Error: (07/02/2014 07:55:28 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/01/2014 07:41:16 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/01/2014 07:22:34 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/30/2014 01:51:02 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Acrobat.exe version 11.0.0.379 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 1480 Start Time: 01cf948bb34c4439 Termination Time: 16 Error: (06/30/2014 11:59:59 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/28/2014 09:00:47 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: PNRPsvcC:\Windows\system32\pnrpperf.dll8 Error: (06/28/2014 09:00:44 AM) (Source: Perflib) (EventID: 1010) (User: ) Description: EmdCacheC:\Windows\system32\emdmgmt.dll8 Error: (06/28/2014 07:25:47 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/27/2014 10:41:43 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (07/02/2014 07:55:58 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: HP CUE DeviceDiscovery Service Error: (07/02/2014 07:54:13 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 7:47:36 PM on 7/1/2014 was unexpected. Error: (07/01/2014 07:44:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Intuit Update Service v4%%1053 Error: (07/01/2014 07:44:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: 30000Intuit Update Service v4 Error: (07/01/2014 07:41:40 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: HP CUE DeviceDiscovery Service Error: (07/01/2014 07:39:51 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 7:29:41 PM on 7/1/2014 was unexpected. Error: (07/01/2014 07:23:01 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: HP CUE DeviceDiscovery Service Error: (06/30/2014 00:00:20 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: HP CUE DeviceDiscovery Service Error: (06/30/2014 06:36:54 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69} Error: (06/30/2014 06:36:34 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Google Update Service (gupdate)1 Microsoft Office Sessions: ========================= Error: (02/06/2014 00:35:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8378 seconds with 2580 seconds of active time. This session ended with a crash. Error: (02/16/2013 04:58:49 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 79 seconds with 60 seconds of active time. This session ended with a crash. Error: (02/16/2013 02:19:23 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 129 seconds with 120 seconds of active time. This session ended with a crash. Error: (02/16/2013 02:09:30 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 79 seconds with 60 seconds of active time. This session ended with a crash. Error: (02/16/2013 02:07:50 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 124 seconds with 120 seconds of active time. This session ended with a crash. Error: (02/16/2013 02:03:37 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 169 seconds with 120 seconds of active time. This session ended with a crash. Error: (02/15/2013 11:22:11 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 347 seconds with 300 seconds of active time. This session ended with a crash. Error: (02/12/2013 11:19:17 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3166 seconds with 180 seconds of active time. This session ended with a crash. Error: (02/11/2013 00:39:35 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 721 seconds with 360 seconds of active time. This session ended with a crash. Error: (02/10/2013 01:45:24 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 50 seconds with 0 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2014-07-05 08:17:24.561 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-07-05 08:17:24.061 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-07-05 08:17:23.544 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-07-05 08:17:22.832 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-07-04 10:36:50.356 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-07-04 10:36:50.029 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-07-04 10:36:49.732 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-07-04 10:36:49.420 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-07-03 09:15:19.394 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-07-03 09:15:17.526 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 58% Total physical RAM: 3998.02 MB Available physical RAM: 1646.27 MB Total Pagefile: 8231.2 MB Available Pagefile: 5550.47 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:451.72 GB) (Free:282.98 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (RECOVERY) (Fixed) (Total:14.04 GB) (Free:2.13 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 636BBFB1) Partition 1: (Active) - (Size=452 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=14 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  11. Tj56
    Marius, I downloaded and ran aswMBR.exe. After initiating the scan, I left for about 30 minutes. When I returned, the computer was on, but I was logged out. I logged back on and Avast was closed. There was a window that said "Windows unexpectedly stopped running." I ran the aswMBR.exe file a second time. This time the scan finished in around 10 minutes. Here is the log file that I saved to the desktop. aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software Run date: 2014-07-09 18:15:12 ----------------------------- 18:15:12.258 OS Version: Windows x64 6.0.6002 Service Pack 2 18:15:12.258 Number of processors: 2 586 0x170A 18:15:12.259 ComputerName: JAMESHOME-PC UserName: Thomas James 18:15:34.270 Initialize success 18:15:34.669 VM: initialized successfully 18:15:34.700 VM: Intel CPU virtualization not supported 18:37:41.425 AVAST engine defs: 14070900 18:41:30.630 The log file has been saved successfully to "C:\Users\Thomas James\Desktop\aswMBR.txt" aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software Run date: 2014-07-09 19:15:06 ----------------------------- 19:15:06.483 OS Version: Windows x64 6.0.6002 Service Pack 2 19:15:06.483 Number of processors: 2 586 0x170A 19:15:06.483 ComputerName: JAMESHOME-PC UserName: Thomas James 19:15:21.584 Initialize success 19:15:21.834 VM: initialized successfully 19:15:21.849 VM: Intel CPU virtualization not supported 19:16:06.419 AVAST engine defs: 14070900 19:16:53.702 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 19:16:53.702 Disk 0 Vendor: ST9500325AS 0003HPM1 Size: 476940MB BusType: 3 19:16:54.170 Disk 0 MBR read successfully 19:16:54.170 Disk 0 MBR scan 19:16:54.170 Disk 0 unknown MBR code 19:16:54.186 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 462559 MB offset 2048 19:16:54.217 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 14377 MB offset 947322880 19:16:54.248 Disk 0 scanning C:\Windows\system32\drivers 19:17:19.255 Service scanning 19:18:25.415 Modules scanning 19:18:25.415 Disk 0 trace - called modules: 19:18:26.257 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 19:18:26.273 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004da9790] 19:18:26.273 3 CLASSPNP.SYS[fffffa6000a50c33] -> nt!IofCallDriver -> [0xfffffa80061b52d0] 19:18:26.288 5 hpdskflt.sys[fffffa6001bf62bd] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004c5e940] 19:18:28.800 AVAST engine scan C:\Windows 19:18:34.104 AVAST engine scan C:\Windows\system32 19:28:41.490 AVAST engine scan C:\Windows\system32\drivers 19:29:11.754 Scan stopped 19:29:37.166 Disk 0 MBR has been saved successfully to "C:\Users\Thomas James\Desktop\MBR.dat" 19:29:37.182 The log file has been saved successfully to "C:\Users\Thomas James\Desktop\aswMBR.txt"
  12. Tj56
    MBAM cannot complete a run without my computer shutting down. Details of my last scan: I started the scan and it ran for 10 minutes and then my screen went black. I moved the mouse and hit the space bar, but the screen remained black. I let the computer run for another 15 minutes and then the computer shut down altogether. I hit the power button and the "Rusuming Windows" appeared on the screen. The monitor came back to life and MBAM resumed running. The timer on the program display showed approximately 5 minutes had passed (odd, since it had been running for much longer than that). At that point, the PreScan finished and went on to Memory (1-2 min.) and then Startup (1 min.). Then "2 objects found" appeared on the MBAM status screen. Before I could click the link to check on the 2 objects found, the computer monitor went black again. I waited 10 minutes and then the computer shut off completely. This time, I needed to log on as if I had shut off the computer manually. After logging back on, MBAM was closed. At that point, I ran the program to output the CheckResults.txt file - attached. FRST.txt CheckResults.txt
  13. Tj56
    Sorry, I meant to post the following: I started the scan and it ran for 10 minutes and then my screen went black. I moved the mouse and hit the space bar, but the screen remained black. I let the computer run for another 15 minutes and then the computer shut down altogether. I hit the power button and the "Rusuming Windows" appeared on the screen. The monitor came back to life and MBAM resumed running. The timer on the program display showed approximately 5 minutes has passed (odd, since it had been running for much longer than that). At that point the PreScan finished and went on to Memory (1-2 min.) and then Startup (1 min.). Then "2 objects found" appeared on the MBAM status screen. Before I could click the link to check on the 2 object found the computer monitor went black again. I waited 10 minutes and then the computer shut off completely. This time, I needed to log on as if I had shut off the computer manually. After logging back on, MBAM was closed. At that point, I ran the program to output the CheckResults.txt file which I just attached in the previous posting. Any thoughts on how to proceed?
  14. Tj56
    The situation is getting worse. I tried to run MBAM today with the intent to provide you with some specific run times for each module. Here is a brief synopsis of what occured. CheckResults.txt
  15. Tj56
    Ran Farbar - files attached. Recommendations? Addition.txt FRST.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.