NewGuy58

I think we're good here, do you agree? Results of screen317's Security Check version 0.99.88 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 67 Java 6 Update 3 Adobe Reader 8 Adobe Reader out of Date! Google Chrome 37.0.2062.120 Google Chrome 37.0.2062.124 ````````Process Check: objlist.exe by Laurent```````` Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast avastui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 3 % Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log``````````````````````

Will do that after this Avast scan. I decided to run it while I waited for your response (which was really fast considering it's Sunday morning!) And it's 6% in and says it's found an infected file. I wonder if it is one of our tools we used here. I'll let this finish and update you shortly. I did stop receiving the rootkit message some time ago, so I hope that is not what it's reporting now. Back shortly, thanks.

Malwarebytes came back clean....

JRT Log..... (Running MBAM NOW) do I check off look for rootkits?) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.2.8 (10.04.2014:1) OS: Windows Vista Home Premium x86 Ran by Morag on 04/10/2014 at 17:59:29.57 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F492F68F-652D-46D4-A957-9E3E31873D74} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\Morag\appdata\locallow\alot" Successfully deleted: [Folder] "C:\Program Files\alot" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 04/10/2014 at 18:08:33.77 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ADW Log. I'm pretty sure all of this can go, but just wanted to make sure..... Thanks! # AdwCleaner v3.311 - Report created 04/10/2014 at 16:02:47 # Updated 30/09/2014 by Xplode # Operating System : Windows Vista Home Premium Service Pack 2 (32 bits) # Username : Morag - MORAG-PC # Running from : F:\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\Users\Morag\daemonprocess.txt Folder Found : C:\ProgramData\Ask Folder Found : C:\Users\Morag\AppData\Local\Mobogenie Folder Found : C:\Users\Morag\Documents\Optimizer Pro ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Found : HKCU\Software\AppDataLow\Software\alot Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\alotToolbar Key Found : HKCU\Software\YahooPartnerToolbar Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKLM\SOFTWARE\systweak ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16575 -\\ Google Chrome v37.0.2062.124 [ File : C:\Users\Morag\AppData\Local\Google\Chrome\User Data\Default\preferences ]

I thought I had already sent the combofix log, but don't see it in the thread, so here it is again...... Combofix.txt

TDSS Log Did not remove anything...... Let me know if I should re scan and remove any items, thanks! TDSS.txt

Thanks, back soon. And thanks for all of your help, it's great.

Roughly 90 gigs.

Farbar Service Scanner Version: 21-07-2014 Ran by Morag (administrator) on 04-10-2014 at 11:55:43 Running from "C:\Users\Morag\Desktop" Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Attempt to access Google IP returned error. Google IP is unreachable Attempt to access Google.com returned error: Other errors Attempt to access Yahoo.com returned error: Other errors Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== Other Services: ============== File Check: ======== C:\Windows\system32\nsisvc.dll => File is digitally signed C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed C:\Windows\system32\dhcpcsvc.dll => File is digitally signed C:\Windows\system32\Drivers\afd.sys => File is digitally signed C:\Windows\system32\Drivers\tdx.sys => File is digitally signed C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed C:\Windows\system32\dnsrslvr.dll => File is digitally signed C:\Windows\system32\mpssvc.dll => File is digitally signed C:\Windows\system32\bfe.dll => File is digitally signed C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed C:\Windows\system32\SDRSVC.dll => File is digitally signed C:\Windows\system32\vssvc.exe => File is digitally signed C:\Windows\system32\wscsvc.dll => File is digitally signed C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\system32\wuaueng.dll => File is digitally signed C:\Windows\system32\qmgr.dll => File is digitally signed C:\Windows\system32\es.dll => File is digitally signed C:\Windows\system32\cryptsvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Windows\system32\ipnathlp.dll => File is digitally signed C:\Windows\system32\iphlpsvc.dll => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed **** End of log ****

RKill log.... Rkill 2.6.8 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2014 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 10/04/2014 11:24:29 AM in x86 mode. Windows Version: Windows Vista Home Premium Service Pack 2 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * No issues found. Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhost ::1 localhost Program finished at: 10/04/2014 11:29:03 AM Execution time: 0 hours(s), 4 minute(s), and 34 seconds(s)

Thanks for the help, I'll get started here shortly. Just wanted you to know that there are no restore points, and I was unable to create one. I get error "The Restore point could not be created for the following reason: The shadow copy provider had an error. Please see the system and application event logs for more information. (0x80042306) Please try again

Rogue Killer report..... RogueKiller V9.2.13.0 [sep 25 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User : Morag [Admin rights] Mode : Scan -- Date : 10/03/2014 17:40:34 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 9 ¤¤¤ [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 64.71.255.204 64.71.255.198 -> FOUND [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 64.71.255.204 64.71.255.198 -> FOUND [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{178EEBBF-CFD4-4F18-94F2-E2D18F2CB8CB} | DhcpNameServer : 64.71.255.198 -> FOUND [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{284B0BE1-ABC8-4EEF-AC16-FF2E75A716CA} | DhcpNameServer : 64.71.255.204 64.71.255.198 -> FOUND [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{178EEBBF-CFD4-4F18-94F2-E2D18F2CB8CB} | DhcpNameServer : 64.71.255.198 -> FOUND [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{284B0BE1-ABC8-4EEF-AC16-FF2E75A716CA} | DhcpNameServer : 64.71.255.204 64.71.255.198 -> FOUND [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND [PUM.SearchPage] HKEY_USERS\S-1-5-21-3706797550-2617553011-2250622441-1003\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 2 ¤¤¤ [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost [C:\Windows\System32\drivers\etc\hosts] ::1 localhost ¤¤¤ Antirootkit : 117 (Driver: LOADED) ¤¤¤ [sSDT:Addr(Hook.SSDT)] NtWriteVirtualMemory[358] : C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80049.sys @ 0x8fb5e0d0 [Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass0 : \Driver\SynTP @ \Device\00000066 (\SystemRoot\system32\drivers\NETIO.SYS) [EAT:Addr] (explorer.exe) MSImg32.dll - AddGadgetMessageHandler : C:\Windows\system32\DUser.dll @ 0x751d152c [EAT:Addr] (explorer.exe) MSImg32.dll - AttachWndProcA : C:\Windows\system32\DUser.dll @ 0x751dc80a [EAT:Addr] (explorer.exe) MSImg32.dll - AttachWndProcW : C:\Windows\system32\DUser.dll @ 0x751cdd2c [EAT:Addr] (explorer.exe) MSImg32.dll - AutoTrace : C:\Windows\system32\DUser.dll @ 0x751d7041 [EAT:Addr] (explorer.exe) MSImg32.dll - BeginTransition : C:\Windows\system32\DUser.dll @ 0x751dc9a7 [EAT:Addr] (explorer.exe) MSImg32.dll - BuildAnimation : C:\Windows\system32\DUser.dll @ 0x751d1135 [EAT:Addr] (explorer.exe) MSImg32.dll - BuildDropTarget : C:\Windows\system32\DUser.dll @ 0x751d7131 [EAT:Addr] (explorer.exe) MSImg32.dll - BuildInterpolation : C:\Windows\system32\DUser.dll @ 0x751d118c [EAT:Addr] (explorer.exe) MSImg32.dll - CreateAction : C:\Windows\system32\DUser.dll @ 0x751c7339 [EAT:Addr] (explorer.exe) MSImg32.dll - CreateGadget : C:\Windows\system32\DUser.dll @ 0x751c5197 [EAT:Addr] (explorer.exe) MSImg32.dll - CreateTransition : C:\Windows\system32\DUser.dll @ 0x751dc83a [EAT:Addr] (explorer.exe) MSImg32.dll - DUserBuildGadget : C:\Windows\system32\DUser.dll @ 0x751db7e8 [EAT:Addr] (explorer.exe) MSImg32.dll - DUserCastClass : C:\Windows\system32\DUser.dll @ 0x751dc776 [EAT:Addr] (explorer.exe) MSImg32.dll - DUserCastDirect : C:\Windows\system32\DUser.dll @ 0x751dc7b9 [EAT:Addr] (explorer.exe) MSImg32.dll - DUserCastHandle : C:\Windows\system32\DUser.dll @ 0x751db81e [EAT:Addr] (explorer.exe) MSImg32.dll - DUserDeleteGadget : C:\Windows\system32\DUser.dll @ 0x751db9c1 [EAT:Addr] (explorer.exe) MSImg32.dll - DUserFindClass : C:\Windows\system32\DUser.dll @ 0x751dc6e7 [EAT:Addr] (explorer.exe) MSImg32.dll - DUserFlushDeferredMessages : C:\Windows\system32\DUser.dll @ 0x751d0020 [EAT:Addr] (explorer.exe) MSImg32.dll - DUserFlushMessages : C:\Windows\system32\DUser.dll @ 0x751d0096 [EAT:Addr] (explorer.exe) MSImg32.dll - DUserGetAlphaPRID : C:\Windows\system32\DUser.dll @ 0x751d78fd [EAT:Addr] (explorer.exe) MSImg32.dll - DUserGetGutsData : C:\Windows\system32\DUser.dll @ 0x751dc7c9 [EAT:Addr] (explorer.exe) MSImg32.dll - DUserGetRectPRID : C:\Windows\system32\DUser.dll @ 0x751d7908 [EAT:Addr] (explorer.exe) MSImg32.dll - DUserGetRotatePRID : C:\Windows\system32\DUser.dll @ 0x751d7913 [EAT:Addr] (explorer.exe) MSImg32.dll - DUserGetScalePRID : C:\Windows\system32\DUser.dll @ 0x751d791e [EAT:Addr] (explorer.exe) MSImg32.dll - DUserInstanceOf : C:\Windows\system32\DUser.dll @ 0x751dc735 [EAT:Addr] (explorer.exe) MSImg32.dll - DUserPostEvent : C:\Windows\system32\DUser.dll @ 0x751c630f [EAT:Addr] (explorer.exe) MSImg32.dll - DUserPostMethod : C:\Windows\system32\DUser.dll @ 0x751db639 [EAT:Addr] (explorer.exe) MSImg32.dll - DUserRegisterGuts : C:\Windows\system32\DUser.dll @ 0x751ca5b1 [EAT:Addr] (explorer.exe) MSImg32.dll - DUserRegisterStub : C:\Windows\system32\DUser.dll @ 0x751c9f93 [EAT:Addr] (explorer.exe) MSImg32.dll - DUserRegisterSuper : C:\Windows\system32\DUser.dll @ 0x751cb046 [EAT:Addr] (explorer.exe) MSImg32.dll - DUserSendEvent : C:\Windows\system32\DUser.dll @ 0x751c3258 [EAT:Addr] (explorer.exe) MSImg32.dll - DUserSendMethod : C:\Windows\system32\DUser.dll @ 0x751db5b0 [EAT:Addr] (explorer.exe) MSImg32.dll - DUserStopAnimation : C:\Windows\system32\DUser.dll @ 0x751d84e4 [EAT:Addr] (explorer.exe) MSImg32.dll - DeleteHandle : C:\Windows\system32\DUser.dll @ 0x751c3ef8 [EAT:Addr] (explorer.exe) MSImg32.dll - DetachWndProc : C:\Windows\system32\DUser.dll @ 0x751c657d [EAT:Addr] (explorer.exe) MSImg32.dll - DllMain : C:\Windows\system32\DUser.dll @ 0x751c76f9 [EAT:Addr] (explorer.exe) MSImg32.dll - DrawGadgetTree : C:\Windows\system32\DUser.dll @ 0x751dc646 [EAT:Addr] (explorer.exe) MSImg32.dll - EndTransition : C:\Windows\system32\DUser.dll @ 0x751dca90 [EAT:Addr] (explorer.exe) MSImg32.dll - EnumGadgets : C:\Windows\system32\DUser.dll @ 0x751dc30f [EAT:Addr] (explorer.exe) MSImg32.dll - FindGadgetFromPoint : C:\Windows\system32\DUser.dll @ 0x751c6da8 [EAT:Addr] (explorer.exe) MSImg32.dll - FindGadgetMessages : C:\Windows\system32\DUser.dll @ 0x751dc19d [EAT:Addr] (explorer.exe) MSImg32.dll - FindStdColor : C:\Windows\system32\DUser.dll @ 0x751cdc66 [EAT:Addr] (explorer.exe) MSImg32.dll - FireGadgetMessages : C:\Windows\system32\DUser.dll @ 0x751dc06b [EAT:Addr] (explorer.exe) MSImg32.dll - ForwardGadgetMessage : C:\Windows\system32\DUser.dll @ 0x751d1cb5 [EAT:Addr] (explorer.exe) MSImg32.dll - GetActionTimeslice : C:\Windows\system32\DUser.dll @ 0x751dcb05 [EAT:Addr] (explorer.exe) MSImg32.dll - GetDebug : C:\Windows\system32\DUser.dll @ 0x751d705d [EAT:Addr] (explorer.exe) MSImg32.dll - GetGadget : C:\Windows\system32\DUser.dll @ 0x751dc527 [EAT:Addr] (explorer.exe) MSImg32.dll - GetGadgetAnimation : C:\Windows\system32\DUser.dll @ 0x751c7083 [EAT:Addr] (explorer.exe) MSImg32.dll - GetGadgetBufferInfo : C:\Windows\system32\DUser.dll @ 0x751d2d45 [EAT:Addr] (explorer.exe) MSImg32.dll - GetGadgetCenterPoint : C:\Windows\system32\DUser.dll @ 0x751dbe6f [EAT:Addr] (explorer.exe) MSImg32.dll - GetGadgetFocus : C:\Windows\system32\DUser.dll @ 0x751cce28 [EAT:Addr] (explorer.exe) MSImg32.dll - GetGadgetMessageFilter : C:\Windows\system32\DUser.dll @ 0x751dc5ba [EAT:Addr] (explorer.exe) MSImg32.dll - GetGadgetProperty : C:\Windows\system32\DUser.dll @ 0x751c7135 [EAT:Addr] (explorer.exe) MSImg32.dll - GetGadgetRect : C:\Windows\system32\DUser.dll @ 0x751c2d8e [EAT:Addr] (explorer.exe) MSImg32.dll - GetGadgetRgn : C:\Windows\system32\DUser.dll @ 0x751c540a [EAT:Addr] (explorer.exe) MSImg32.dll - GetGadgetRootInfo : C:\Windows\system32\DUser.dll @ 0x751dbfbb [EAT:Addr] (explorer.exe) MSImg32.dll - GetGadgetRotation : C:\Windows\system32\DUser.dll @ 0x751dbd35 [EAT:Addr] (explorer.exe) MSImg32.dll - GetGadgetScale : C:\Windows\system32\DUser.dll @ 0x751dbbe9 [EAT:Addr] (explorer.exe) MSImg32.dll - GetGadgetSize : C:\Windows\system32\DUser.dll @ 0x751dc3ca [EAT:Addr] (explorer.exe) MSImg32.dll - GetGadgetStyle : C:\Windows\system32\DUser.dll @ 0x751d232c [EAT:Addr] (explorer.exe) MSImg32.dll - GetGadgetTicket : C:\Windows\system32\DUser.dll @ 0x751cc94f [EAT:Addr] (explorer.exe) MSImg32.dll - GetMessageExA : C:\Windows\system32\DUser.dll @ 0x751cf459 [EAT:Addr] (explorer.exe) MSImg32.dll - GetMessageExW : C:\Windows\system32\DUser.dll @ 0x751db6c3 [EAT:Addr] (explorer.exe) MSImg32.dll - GetStdColorBrushF : C:\Windows\system32\DUser.dll @ 0x751dcbea [EAT:Addr] (explorer.exe) MSImg32.dll - GetStdColorBrushI : C:\Windows\system32\DUser.dll @ 0x751c2c3b [EAT:Addr] (explorer.exe) MSImg32.dll - GetStdColorF : C:\Windows\system32\DUser.dll @ 0x751dce45 [EAT:Addr] (explorer.exe) MSImg32.dll - GetStdColorI : C:\Windows\system32\DUser.dll @ 0x751cfaf7 [EAT:Addr] (explorer.exe) MSImg32.dll - GetStdColorName : C:\Windows\system32\DUser.dll @ 0x751dcd46 [EAT:Addr] (explorer.exe) MSImg32.dll - GetStdColorPenF : C:\Windows\system32\DUser.dll @ 0x751dccd2 [EAT:Addr] (explorer.exe) MSImg32.dll - GetStdColorPenI : C:\Windows\system32\DUser.dll @ 0x751dcc5e [EAT:Addr] (explorer.exe) MSImg32.dll - GetStdPalette : C:\Windows\system32\DUser.dll @ 0x751db82e [EAT:Addr] (explorer.exe) MSImg32.dll - GetTransitionInterface : C:\Windows\system32\DUser.dll @ 0x751dc933 [EAT:Addr] (explorer.exe) MSImg32.dll - InitGadgetComponent : C:\Windows\system32\DUser.dll @ 0x751db8be [EAT:Addr] (explorer.exe) MSImg32.dll - InitGadgets : C:\Windows\system32\DUser.dll @ 0x751ce373 [EAT:Addr] (explorer.exe) MSImg32.dll - InvalidateGadget : C:\Windows\system32\DUser.dll @ 0x751c3de5 [EAT:Addr] (explorer.exe) MSImg32.dll - IsGadgetParentChainStyle : C:\Windows\system32\DUser.dll @ 0x751dba7f [EAT:Addr] (explorer.exe) MSImg32.dll - IsInsideContext : C:\Windows\system32\DUser.dll @ 0x751db56c [EAT:Addr] (explorer.exe) MSImg32.dll - IsStartDelete : C:\Windows\system32\DUser.dll @ 0x751d121d [EAT:Addr] (explorer.exe) MSImg32.dll - LookupGadgetTicket : C:\Windows\system32\DUser.dll @ 0x751dcdbc [EAT:Addr] (explorer.exe) MSImg32.dll - MapGadgetPoints : C:\Windows\system32\DUser.dll @ 0x751d3861 [EAT:Addr] (explorer.exe) MSImg32.dll - PeekMessageExA : C:\Windows\system32\DUser.dll @ 0x751db710 [EAT:Addr] (explorer.exe) MSImg32.dll - PeekMessageExW : C:\Windows\system32\DUser.dll @ 0x751db75e [EAT:Addr] (explorer.exe) MSImg32.dll - PlayTransition : C:\Windows\system32\DUser.dll @ 0x751dc8b0 [EAT:Addr] (explorer.exe) MSImg32.dll - PrintTransition : C:\Windows\system32\DUser.dll @ 0x751dca1c [EAT:Addr] (explorer.exe) MSImg32.dll - RegisterGadgetMessage : C:\Windows\system32\DUser.dll @ 0x751c7ba3 [EAT:Addr] (explorer.exe) MSImg32.dll - RegisterGadgetMessageString : C:\Windows\system32\DUser.dll @ 0x751dc149 [EAT:Addr] (explorer.exe) MSImg32.dll - RegisterGadgetProperty : C:\Windows\system32\DUser.dll @ 0x751c7d5d [EAT:Addr] (explorer.exe) MSImg32.dll - RemoveGadgetMessageHandler : C:\Windows\system32\DUser.dll @ 0x751dc21a [EAT:Addr] (explorer.exe) MSImg32.dll - RemoveGadgetProperty : C:\Windows\system32\DUser.dll @ 0x751d0dee [EAT:Addr] (explorer.exe) MSImg32.dll - SetActionTimeslice : C:\Windows\system32\DUser.dll @ 0x751dcb82 [EAT:Addr] (explorer.exe) MSImg32.dll - SetGadgetBufferInfo : C:\Windows\system32\DUser.dll @ 0x751d2c09 [EAT:Addr] (explorer.exe) MSImg32.dll - SetGadgetCenterPoint : C:\Windows\system32\DUser.dll @ 0x751dbf0a [EAT:Addr] (explorer.exe) MSImg32.dll - SetGadgetFillF : C:\Windows\system32\DUser.dll @ 0x751dbb47 [EAT:Addr] (explorer.exe) MSImg32.dll - SetGadgetFillI : C:\Windows\system32\DUser.dll @ 0x751d2149 [EAT:Addr] (explorer.exe) MSImg32.dll - SetGadgetFocus : C:\Windows\system32\DUser.dll @ 0x751ccebb [EAT:Addr] (explorer.exe) MSImg32.dll - SetGadgetFocusEx : C:\Windows\system32\DUser.dll @ 0x751d3188 [EAT:Addr] (explorer.exe) MSImg32.dll - SetGadgetMessageFilter : C:\Windows\system32\DUser.dll @ 0x751c5a70 [EAT:Addr] (explorer.exe) MSImg32.dll - SetGadgetOrder : C:\Windows\system32\DUser.dll @ 0x751dc45d [EAT:Addr] (explorer.exe) MSImg32.dll - SetGadgetParent : C:\Windows\system32\DUser.dll @ 0x751c55f8 [EAT:Addr] (explorer.exe) MSImg32.dll - SetGadgetProperty : C:\Windows\system32\DUser.dll @ 0x751d1284 [EAT:Addr] (explorer.exe) MSImg32.dll - SetGadgetRect : C:\Windows\system32\DUser.dll @ 0x751c5305 [EAT:Addr] (explorer.exe) MSImg32.dll - SetGadgetRootInfo : C:\Windows\system32\DUser.dll @ 0x751ce857 [EAT:Addr] (explorer.exe) MSImg32.dll - SetGadgetRotation : C:\Windows\system32\DUser.dll @ 0x751dbdc9 [EAT:Addr] (explorer.exe) MSImg32.dll - SetGadgetScale : C:\Windows\system32\DUser.dll @ 0x751dbc84 [EAT:Addr] (explorer.exe) MSImg32.dll - SetGadgetStyle : C:\Windows\system32\DUser.dll @ 0x751c4c48 [EAT:Addr] (explorer.exe) MSImg32.dll - UninitGadgetComponent : C:\Windows\system32\DUser.dll @ 0x751db93f [EAT:Addr] (explorer.exe) MSImg32.dll - UnregisterGadgetMessage : C:\Windows\system32\DUser.dll @ 0x751dc171 [EAT:Addr] (explorer.exe) MSImg32.dll - UnregisterGadgetMessageString : C:\Windows\system32\DUser.dll @ 0x751dc149 [EAT:Addr] (explorer.exe) MSImg32.dll - UnregisterGadgetProperty : C:\Windows\system32\DUser.dll @ 0x751dc2e3 [EAT:Addr] (explorer.exe) MSImg32.dll - UtilBuildFont : C:\Windows\system32\DUser.dll @ 0x751db83a [EAT:Addr] (explorer.exe) MSImg32.dll - UtilDrawBlendRect : C:\Windows\system32\DUser.dll @ 0x751db84a [EAT:Addr] (explorer.exe) MSImg32.dll - UtilDrawOutlineRect : C:\Windows\system32\DUser.dll @ 0x751db85a [EAT:Addr] (explorer.exe) MSImg32.dll - UtilGetColor : C:\Windows\system32\DUser.dll @ 0x751db86a [EAT:Addr] (explorer.exe) MSImg32.dll - UtilSetBackground : C:\Windows\system32\DUser.dll @ 0x751dcd78 [EAT:Addr] (explorer.exe) MSImg32.dll - WaitMessageEx : C:\Windows\system32\DUser.dll @ 0x751db7ac ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK1652GSX ATA Device +++++ --- User --- [MBR] eb10963c1068a3fd05c05d2592bbc153 [bSP] 55f4a8051d76fff8df8b38c3dbbec0bb : HP MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB 1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 139222 MB 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 288200704 | Size: 6124 MB 3 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 300742656 | Size: 5780 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: hp v165w USB Device +++++ --- User --- [MBR] ef26607f6cedcb4db5fe7f0b339e8ead [bSP] 60cc13eef2a40af9423be6e65d4a3604 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 29774 MB User = LL1 ... OK Error reading LL2 MBR! ([32] The request is not supported. ) ============================================ RKreport_DEL_10032014_132856.log - RKreport_SCN_10032014_132802.log - RKreport_SCN_10032014_133704.log

Addition scan Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-10-2014 Ran by Morag at 2014-10-03 17:17:32 Running from F:\ Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft) Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft) 123di Version 5.0 (HKLM\...\123di Version 5.0 5.0) (Version: 5.0 - Name of your company) 2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation) 32 Bit HP CIO Components Installer (Version: 3.1.1 - Hewlett-Packard) Hidden Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation) Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated) Adobe Reader 8.1.0 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81000000003}) (Version: 8.1.0 - Adobe Systems Incorporated) Apple Mobile Device Support (HKLM\...\{AFA20D47-69C3-4030-8DF8-D37466E70F13}) (Version: 2.4.1.7 - Apple Inc.) Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.) Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros) Atheros Wi-Fi Protected Setup Library (HKLM\...\{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}) (Version: - Atheros) ATI Catalyst Install Manager (HKLM\...\{63427619-C918-6F3C-7318-11DDA4975241}) (Version: 3.0.634.0 - ATI Technologies, Inc.) avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software) Bonjour (HKLM\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.) BufferChm (Version: 120.0.194.000 - Hewlett-Packard) Hidden Business Contact Manager for Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation) Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden C4580 (Version: 120.0.209.000 - Hewlett-Packard) Hidden Catalyst Control Center - Branding (HKLM\...\{D58A1E94-9EEA-4C6E-B9FB-D7C63DC6C941}) (Version: 1.00.0000 - ATI) Catalyst Control Center Core Implementation (Version: 2007.0815.2326.40058 - ATI) Hidden Catalyst Control Center Graphics Full Existing (Version: 2007.0815.2326.40058 - ATI) Hidden Catalyst Control Center Graphics Full New (Version: 2007.0815.2326.40058 - ATI) Hidden Catalyst Control Center Graphics Light (Version: 2007.0815.2326.40058 - ATI) Hidden Catalyst Control Center Graphics Previews Vista (Version: 2007.0815.2326.40058 - ATI) Hidden Catalyst Control Center Localization Chinese Standard (Version: 2007.0815.2326.40058 - ATI) Hidden Catalyst Control Center Localization Chinese Traditional (Version: 2007.0815.2326.40058 - ATI) Hidden Catalyst Control Center Localization Czech (Version: 2007.0815.2326.40058 - ATI) Hidden Catalyst Control Center Localization Danish (Version: 2007.0815.2326.40058 - ATI) Hidden Catalyst Control Center Localization Dutch (Version: 2007.0815.2326.40058 - ATI) Hidden Catalyst Control Center Localization Finnish (Version: 2007.0815.2326.40058 - ATI) Hidden Catalyst Control Center Localization French (Version: 2007.0815.2326.40058 - ATI) Hidden Catalyst Control Center Localization German (Version: 2007.0815.2326.40058 - ATI) Hidden Catalyst Control Center Localization Greek (Version: 2007.0815.2326.40058 - ATI) Hidden Catalyst Control Center Localization Hungarian (Version: 2007.0815.2326.40058 - ATI) Hidden Catalyst Control Center Localization Italian (Version: 2007.0815.2326.40058 - ATI) Hidden Catalyst Control Center Localization Japanese (Version: 2007.0815.2326.40058 - ATI) Hidden Catalyst Control Center Localization Korean (Version: 2007.0815.2326.40058 - ATI) Hidden Catalyst Control Center Localization Norwegian (Version: 2007.0815.2326.40058 - ATI) Hidden Catalyst Control Center Localization Polish (Version: 2007.0815.2326.40058 - ATI) Hidden Catalyst Control Center Localization Portuguese (Version: 2007.0815.2326.40058 - ATI) Hidden Catalyst Control Center Localization Russian (Version: 2007.0815.2326.40058 - ATI) Hidden Catalyst Control Center Localization Spanish (Version: 2007.0815.2326.40058 - ATI) Hidden Catalyst Control Center Localization Swedish (Version: 2007.0815.2326.40058 - ATI) Hidden Catalyst Control Center Localization Thai (Version: 2007.0815.2326.40058 - ATI) Hidden Catalyst Control Center Localization Turkish (Version: 2007.0815.2326.40058 - ATI) Hidden CCC Help Chinese Standard (Version: 2007.0815.2325.40058 - ATI) Hidden CCC Help Chinese Traditional (Version: 2007.0815.2325.40058 - ATI) Hidden CCC Help Czech (Version: 2007.0815.2325.40058 - ATI) Hidden CCC Help Danish (Version: 2007.0815.2325.40058 - ATI) Hidden CCC Help Dutch (Version: 2007.0815.2325.40058 - ATI) Hidden CCC Help English (Version: 2007.0815.2325.40058 - ATI) Hidden CCC Help Finnish (Version: 2007.0815.2325.40058 - ATI) Hidden CCC Help French (Version: 2007.0815.2325.40058 - ATI) Hidden CCC Help German (Version: 2007.0815.2325.40058 - ATI) Hidden CCC Help Greek (Version: 2007.0815.2325.40058 - ATI) Hidden CCC Help Hungarian (Version: 2007.0815.2325.40058 - ATI) Hidden CCC Help Italian (Version: 2007.0815.2325.40058 - ATI) Hidden CCC Help Japanese (Version: 2007.0815.2325.40058 - ATI) Hidden CCC Help Korean (Version: 2007.0815.2325.40058 - ATI) Hidden CCC Help Norwegian (Version: 2007.0815.2325.40058 - ATI) Hidden CCC Help Polish (Version: 2007.0815.2325.40058 - ATI) Hidden CCC Help Portuguese (Version: 2007.0815.2325.40058 - ATI) Hidden CCC Help Russian (Version: 2007.0815.2325.40058 - ATI) Hidden CCC Help Spanish (Version: 2007.0815.2325.40058 - ATI) Hidden CCC Help Swedish (Version: 2007.0815.2325.40058 - ATI) Hidden CCC Help Thai (Version: 2007.0815.2325.40058 - ATI) Hidden CCC Help Turkish (Version: 2007.0815.2325.40058 - ATI) Hidden ccc-core-static (Version: 2007.0815.2326.40058 - ATI) Hidden ccc-utility (Version: 2007.0815.2326.40058 - ATI) Hidden CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.02.01 - TOSHIBA) Copy (Version: 120.0.194.000 - Hewlett-Packard) Hidden D2400 (Version: 82.0.201.000 - Hewlett-Packard) Hidden D2400_Help (Version: 82.0.201.000 - Hewlett-Packard) Hidden Destination Component (Version: 110.0.0.0 - Hewlett-Packard) Hidden DeviceDiscovery (Version: 120.0.194.000 - Hewlett-Packard) Hidden DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden dj_sf_ProductContext (Version: 82.0.201.000 - Hewlett-Packard) Hidden dj_sf_software (Version: 82.0.201.000 - Hewlett-Packard) Hidden dj_sf_software_req (Version: 82.0.201.000 - Hewlett-Packard) Hidden DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.51 - Ulead Systems, Inc.) GearDrvs (Version: 1 - Symantec Corporation) Hidden GearDrvs (Version: 1.00.0000 - GEAR Software) Hidden Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.) Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden HP Deskjet 8.0 Software (HKLM\...\{58535A90-1788-44f5-80BB-CFF62D9CE6D5}) (Version: 8.0 - HP) HP Imaging Device Functions 12.0 (HKLM\...\HP Imaging Device Functions) (Version: 12.0 - HP) HP Photosmart C4500 All-In-One Driver Software12.0 Rel .4 (HKLM\...\{0BC1A5B2-79A1-4716-B3E5-4071E9AB6F43}) (Version: 12.0 - HP) HPPhotoGadget (Version: 120.0.150.000 - Hewlett-Packard) Hidden iTunes (HKLM\...\{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}) (Version: 8.1.1.10 - Apple Inc.) Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle) Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden Java 6 Update 3 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160030}) (Version: 1.6.0.30 - Sun Microsystems, Inc.) LiveUpdate 3.2 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.2.0.68 - Symantec Corporation) LiveUpdate Notice (Symantec Corporation) (HKLM\...\{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}) (Version: 1.4.5 - Symantec Corporation) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation) Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation) Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft XML Parser (Version: 8.20.8730.4 - Microsoft Corporation) Hidden MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Network (Version: 120.0.194.000 - Hewlett-Packard) Hidden Norton 360 (Version: 1.2.0.10 - Symantec Corporation) Hidden OnlinePlay 1.0 (HKLM\...\OnlinePlay) (Version: 1.0 - AOL LLC) PS_AIO_04_C4580_Software_Min (Version: 120.0.209.000 - Hewlett-Packard) Hidden QuickTime (HKLM\...\{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}) (Version: 7.60.92.0 - Apple Inc.) Rapport (Version: 3.5.1403.78 - Trusteer) Hidden Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5559 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: - Realtek Semiconductor Corp.) Scan (Version: 12.0.0.0 - Hewlett-Packard) Hidden Skins (Version: 2007.0815.2326.40058 - ATI) Hidden Status (Version: 120.0.194.000 - Hewlett-Packard) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.8.0 - Synaptics) Toolbox (Version: 120.0.194.000 - Hewlett-Packard) Hidden Toolbox (Version: 82.0.173.000 - Hewlett-Packard) Hidden TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.05 - TOSHIBA) TOSHIBA ConfigFree (HKLM\...\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}) (Version: 7.1.27 - TOSHIBA Corporation) TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.1a - TOSHIBA Corporation) TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.20.10 - TOSHIBA Corporation) TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation) TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation) Hidden TOSHIBA Hardware Setup (HKLM\...\{2883F6F5-0509-43F3-868C-D50330DD9DD3}) (Version: 2.00.05 - ) TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.1b - TOSHIBA Corporation) Toshiba Registration (HKLM\...\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.) TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.77 (SM2177ALD04) - Agere Systems) TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: - ) TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - ) TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - ) TOSHIBA Supervisor Password (HKLM\...\{4B1E87C3-00DE-4898-8E39-E390AAEF2391}) (Version: 2.00.03 - ) TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.1.14 - TOSHIBA Corporation) TOSHIBA Value Added Package (Version: 1.1.14 - TOSHIBA Corporation) Hidden TrayApp (Version: 120.0.194.000 - Hewlett-Packard) Hidden Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1403.78 - Trusteer) UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft) Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft) Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft) Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft) Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft) Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft) Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version: - Microsoft) Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft) Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft) Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft) Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft) Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft) Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft) Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft) Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft) WebReg (Version: 120.0.194.000 - Hewlett-Packard) Hidden Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - ) Windows Media Encoder 9 Series (Version: 9.00.3374 - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3706797550-2617553011-2250622441-1003_Classes\CLSID\{32C15893-74C0-4478-879B-FE14EB684AB4}\InprocServer32 -> C:\Users\Morag\AppData\Local\Microsoft\Windows Sidebar\Gadgets\HPPhoto.gadget\x86\hpqgps01.dll (TODO: <Company name>) CustomCLSID: HKU\S-1-5-21-3706797550-2617553011-2250622441-1003_Classes\CLSID\{9CC1FE07-02F9-49A6-A3F4-63AD8BAE9E49}\InprocServer32 -> C:\Users\Morag\AppData\Local\Microsoft\Windows Sidebar\Gadgets\HPPhoto.gadget\x86\hpqgps01.dll (TODO: <Company name>) ==================== Restore Points ========================= ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 06:23 - 2006-09-18 17:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1C7930EF-BC7C-4B9F-8B56-A1EE3BD8AFFD} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Morag => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation) Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation) Task: {6E808EFF-95D7-4B63-944E-A2414EDC64C1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-26] (Adobe Systems Incorporated) Task: {7D6B56BA-E31F-40CA-807C-23E1A6456A88} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation) Task: {8B8ADFA5-1687-4E75-8BE0-1E618B5CADC6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-07] (Google Inc.) Task: {A18FB878-4969-4FE1-975A-899DD9C77C11} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-09-29] (AVAST Software) Task: {C28D331F-0DE6-40BF-BD48-5FAC9EA7A713} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-07] (Google Inc.) Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] () Task: {EBE92C6A-CC73-4C80-89CD-39E8967D6992} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30] (Apple Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-09-29 15:04 - 2014-09-29 15:04 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll 2014-10-03 06:34 - 2014-10-03 06:34 - 02858496 _____ () C:\Program Files\AVAST Software\Avast\defs\14100300\algo.dll 2008-02-11 20:43 - 2007-07-27 10:26 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll 2007-03-02 11:44 - 2007-03-02 11:44 - 00073728 _____ () c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll 2014-09-29 15:04 - 2014-09-29 15:04 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2007-12-12 13:46 - 2007-12-12 13:46 - 00016384 ____R () c:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: AgereModemAudio => 2 MSCONFIG\Services: ConfigFree Service => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: LiveUpdate => 3 MSCONFIG\Services: LiveUpdate Notice Service => 2 MSCONFIG\Services: TNaviSrv => 2 MSCONFIG\Services: TODDSrv => 2 MSCONFIG\Services: TosCoSrv => 2 MSCONFIG\Services: TOSHIBA SMART Log Service => 2 MSCONFIG\Services: UleadBurningHelper => 2 MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" MSCONFIG\startupreg: LtMoh => C:\Program Files\ltmoh\Ltmoh.exe MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files\Mobogenie\DaemonProcess.exe MSCONFIG\startupreg: NDSTray.exe => NDSTray.exe MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe MSCONFIG\startupreg: Symantec PIF AlertEng => "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" MSCONFIG\startupreg: TOSCDSPD => TOSCDSPD.EXE MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe ========================= Accounts: ========================== Administrator (S-1-5-21-3706797550-2617553011-2250622441-500 - Administrator - Disabled) Guest (S-1-5-21-3706797550-2617553011-2250622441-501 - Limited - Disabled) Morag (S-1-5-21-3706797550-2617553011-2250622441-1003 - Administrator - Enabled) => C:\Users\Morag ==================== Faulty Device Manager Devices ============= Name: HP Photosmart C4500 Description: HP Photosmart C4500 Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: Hewlett-Packard Service: StillCam Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Photosmart C4500 series Description: Photosmart C4500 series Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: F:\ Description: v165w Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: hp Service: WUDFRd Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver ==================== Event log errors: ========================= Application errors: ================== Error: (10/03/2014 11:57:38 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/03/2014 02:07:21 AM) (Source: System Restore) (EventID: 8193) (User: ) Description: Failed to create restore point on volume (Process = C:\Windows\system32\svchost.exe -k netsvcs; Descripton = Windows Update; Hr = 0x80042306). Error: (10/03/2014 02:07:16 AM) (Source: VSS) (EventID: 12289) (User: ) Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{36042fb6-e715-11dd-bbb0-806e6f6e6963} - 00000130,0x0053c008,008B0FC8,0,006BA948,4096,[0]). hr = 0x8007045d. Operation: Processing EndPrepareSnapshots Context: Execution Context: System Provider Error: (10/03/2014 02:06:55 AM) (Source: VSS) (EventID: 12289) (User: ) Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{36042fb6-e715-11dd-bbb0-806e6f6e6963} - 00000150,0x0053c008,008B0FC8,0,006BA948,4096,[0]). hr = 0x8007045d. Operation: Processing EndPrepareSnapshots Context: Execution Context: System Provider Error: (10/03/2014 02:06:33 AM) (Source: VSS) (EventID: 12289) (User: ) Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{36042fb6-e715-11dd-bbb0-806e6f6e6963} - 00000150,0x0053c008,008B0FC8,0,006BA948,4096,[0]). hr = 0x8007045d. Operation: Processing EndPrepareSnapshots Context: Execution Context: System Provider Error: (10/03/2014 02:06:12 AM) (Source: VSS) (EventID: 12289) (User: ) Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{36042fb6-e715-11dd-bbb0-806e6f6e6963} - 00000150,0x0053c008,008B07C8,0,006BA948,4096,[0]). hr = 0x8007045d. Operation: Processing EndPrepareSnapshots Context: Execution Context: System Provider Error: (10/03/2014 02:05:50 AM) (Source: VSS) (EventID: 12289) (User: ) Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{36042fb6-e715-11dd-bbb0-806e6f6e6963} - 00000150,0x0053c008,008B07C8,0,006BA948,4096,[0]). hr = 0x8007045d. Operation: Processing EndPrepareSnapshots Context: Execution Context: System Provider Error: (10/02/2014 02:58:46 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/02/2014 11:29:35 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/01/2014 09:47:42 PM) (Source: EventSystem) (EventID: 4621) (User: ) Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} System errors: ============= Error: (10/03/2014 01:18:36 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: 30000SysMain Error: (10/03/2014 01:18:06 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: 30000TrkWks Error: (10/03/2014 01:17:33 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: 30000TrkWks Error: (10/03/2014 11:58:36 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (10/03/2014 02:07:16 AM) (Source: volsnap) (EventID: 28) (User: ) Description: The shadow copy of volume C: could not be created due to a failure in creating the necessary on disk structures. Error: (10/03/2014 02:07:16 AM) (Source: disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk0\DR0. Error: (10/03/2014 02:07:16 AM) (Source: disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk0\DR0. Error: (10/03/2014 02:07:16 AM) (Source: disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk0\DR0. Error: (10/03/2014 02:07:16 AM) (Source: disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk0\DR0. Error: (10/03/2014 02:07:16 AM) (Source: disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk0\DR0. Microsoft Office Sessions: ========================= Error: (12/23/2010 00:34:10 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 48 seconds with 0 seconds of active time. This session ended with a crash. Error: (05/04/2009 09:01:26 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 10 seconds with 0 seconds of active time. This session ended with a crash. Error: (05/04/2009 09:01:08 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 565 seconds with 60 seconds of active time. This session ended with a crash. Error: (04/13/2009 05:00:44 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 622 seconds with 60 seconds of active time. This session ended with a crash. Error: (04/12/2009 01:06:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 7 seconds with 0 seconds of active time. This session ended with a crash. Error: (04/12/2009 01:05:49 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 24 seconds with 0 seconds of active time. This session ended with a crash. Error: (04/12/2009 01:05:18 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2396 seconds with 1620 seconds of active time. This session ended with a crash. Error: (04/12/2009 10:21:52 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash. Error: (04/12/2009 10:21:40 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 166 seconds with 120 seconds of active time. This session ended with a crash. Error: (04/12/2009 09:54:46 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 32 seconds with 0 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2014-10-03 17:17:20.363 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-03 17:17:19.629 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-03 17:17:18.834 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-03 17:17:18.007 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-03 17:17:16.977 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-03 17:17:16.244 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-03 17:17:15.495 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-03 17:17:14.715 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-03 17:16:41.987 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RapportKELL.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-03 17:16:41.207 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RapportKELL.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD Athlon 64 X2 Dual-Core Processor TK-57 Percentage of memory in use: 57% Total physical RAM: 1916.89 MB Available physical RAM: 816.01 MB Total Pagefile: 4082.95 MB Available Pagefile: 2753.82 MB Total Virtual: 2047.88 MB Available Virtual: 1880.69 MB ==================== Drives ================================ Drive c: (S3A6555D004) (Fixed) (Total:135.96 GB) (Free:86.8 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:5.98 GB) (Free:1.66 GB) NTFS Drive f: () (Removable) (Total:29.08 GB) (Free:26.88 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 11647005) Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27) Partition 2: (Active) - (Size=136 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=6 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=5.6 GB) - (Type=17) ======================================================== Disk: 1 (Size: 29.1 GB) (Disk ID: 0007AB22) Partition 1: (Active) - (Size=29.1 GB) - (Type=07 NTFS) ==================== End Of Log ============================

FRST Log (Addition to follow) Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-10-2014 Ran by Morag (administrator) on MORAG-PC on 03-10-2014 17:16:04 Running from F:\ Loaded Profile: Morag (Available profiles: Morag) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States) Internet Explorer Version 9 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation) HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40048 2007-05-11] (Adobe Systems Incorporated) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-12-06] (Synaptics, Inc.) HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4911104 2008-01-29] (Realtek Semiconductor) HKLM\...\Run: [startCCC] => c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] () HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [413696 2009-01-05] (Apple Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [342312 2009-04-02] (Apple Inc.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-29] (AVAST Software) HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKLM\...\Run: [jswtrayutil] => "C:\Program Files\Jumpstart\jswtrayutil.exe" HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-3706797550-2617553011-2250622441-1003\...\MountPoints2: G - G:\LaunchU3.exe -a HKU\S-1-5-21-3706797550-2617553011-2250622441-1003\...\MountPoints2: {3d50cbb4-0f2a-11df-ba91-001e338a0bba} - G:\LaunchU3.exe -a HKU\S-1-5-21-3706797550-2617553011-2250622441-1003\...\MountPoints2: {9c52cd81-1aee-11de-9309-001e338a0bba} - F:\Hilton_SuitesMarkham.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01 SearchScopes: HKLM - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKLM - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKCU - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3323878&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPEE20281B-8C16-4189-A94B-2802108FE71C&q={searchTerms}&SSPV=SE1CG1_sp_ie SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms} SearchScopes: HKCU - {5AA2BA46-9913-4DC7-9620-69AB0FA17AE7} URL = http://search.alot.com/web?q={searchTerms}&pr=prov&client_id=EC36099001CBB67E00567E83&install_time=2011-01-17T19:44:14Z&src_id=11617&camp_id=1865&tb_version=2.5.15000.521 SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKCU - {F492F68F-652D-46D4-A957-9E3E31873D74} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=U3&apn_dtid=OSJ000YYCA&apn_uid=208082FE-BC8B-49A0-BF1B-0F4799B1CC6E&apn_sauid=D22F7E77-A46E-46FC-A6F2-365C8BA1CF7D BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: No Name -> {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} -> No File BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - No Name - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: {15B782AF-55D8-11D1-B477-006097098764} https://lms.hilton.com/courses/authorwareplayer/awswaxd.cab DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://kitchenplanner.ikea.com/CA/Core/Player/2020PlayerAX_Win32.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-19] FF HKLM\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru FF HKLM\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-29] Chrome: ======= CHR CustomProfile: C:\Users\Morag\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Morag\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-13] CHR Extension: (Google Drive) - C:\Users\Morag\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-13] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Morag\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-23] CHR Extension: (YouTube) - C:\Users\Morag\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-13] CHR Extension: (Google Search) - C:\Users\Morag\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-13] CHR Extension: (avast! Online Security) - C:\Users\Morag\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-29] CHR Extension: (Google Wallet) - C:\Users\Morag\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-13] CHR Extension: (Gmail) - C:\Users\Morag\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-13] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-29] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [132424 2009-03-26] (Apple Inc.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-29] (AVAST Software) S4 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION) [File not signed] R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-10-16] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-10-16] (Hewlett-Packard Co.) [File not signed] R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [634880 2008-10-16] (Hewlett-Packard Co.) [File not signed] S3 jswpsapi; C:\Program Files\Jumpstart\jswpsapi.exe [937984 2007-10-30] (Atheros Communications, Inc.) [File not signed] S4 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-12] (Symantec Corporation) S4 LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [583048 2008-01-29] (Symantec Corporation) S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation) S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed] S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed] R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-08-21] (IBM Corp.) S4 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation) [File not signed] S4 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed] S2 CLTNetCnService; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X] S2 LiveUpdate Notice Ex; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-09-29] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-09-29] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-09-29] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-09-29] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-09-29] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-09-29] (AVAST Software) R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-09-29] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-09-29] () R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-10-03] (Malwarebytes Corporation) R1 RapportCerberus_80049; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80049.sys [433240 2014-09-25] () R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [251928 2014-08-21] (IBM Corp.) R0 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [206520 2014-08-21] (IBM Corp.) R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [332792 2014-08-21] (IBM Corp.) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-03 17:15 - 2014-10-03 17:16 - 00000000 ____D () C:\FRST 2014-10-03 13:15 - 2014-10-03 13:16 - 04893784 _____ () C:\Users\Morag\Desktop\RogueKiller.exe 2014-10-03 12:50 - 2014-10-03 13:17 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2014-10-03 12:50 - 2014-10-03 12:50 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-09-30 14:00 - 2014-09-30 14:00 - 00000000 ____D () C:\ProgramData\Oracle 2014-09-30 13:45 - 2014-09-30 13:44 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-09-30 13:44 - 2014-09-30 13:44 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-09-30 13:44 - 2014-09-30 13:44 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-09-30 13:44 - 2014-09-30 13:44 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-09-30 13:44 - 2014-09-30 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-09-29 15:10 - 2014-10-03 16:42 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-29 15:10 - 2014-09-29 15:10 - 00000910 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-09-29 15:10 - 2014-09-29 15:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-09-29 15:10 - 2014-09-29 15:10 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-29 15:10 - 2014-09-29 15:10 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-09-29 15:10 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-09-29 15:10 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-09-29 15:10 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-09-29 15:09 - 2014-09-29 15:09 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Morag\Downloads\mbam-setup-2.0.2.1012.exe 2014-09-29 15:06 - 2014-09-29 15:06 - 00000000 ____D () C:\Users\Morag\AppData\Roaming\AVAST Software 2014-09-29 15:05 - 2014-09-29 15:05 - 00001884 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-09-29 15:05 - 2014-09-29 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast 2014-09-29 15:04 - 2014-09-29 15:05 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-09-29 15:04 - 2014-09-29 15:04 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-09-29 15:04 - 2014-09-29 15:04 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-09-29 15:04 - 2014-09-29 15:04 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-09-29 15:04 - 2014-09-29 15:04 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-09-29 15:04 - 2014-09-29 15:04 - 00057800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2014-09-29 15:04 - 2014-09-29 15:04 - 00055112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys 2014-09-29 15:04 - 2014-09-29 15:04 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-09-29 15:04 - 2014-09-29 15:04 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-09-29 15:04 - 2014-09-29 15:04 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-09-29 15:03 - 2014-09-29 15:03 - 00000000 ____D () C:\Program Files\AVAST Software 2014-09-29 15:00 - 2014-09-29 15:03 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-09-29 15:00 - 2014-09-29 15:00 - 04862664 _____ (AVAST Software) C:\Users\Morag\Downloads\avast_free_antivirus_setup_online.exe 2014-09-25 22:01 - 2014-06-26 18:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-09-25 22:01 - 2014-06-26 18:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-09-25 22:01 - 2014-06-26 18:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-09-25 22:00 - 2014-06-06 00:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-09-25 21:59 - 2014-08-15 10:51 - 12363264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-25 21:59 - 2014-08-15 10:42 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-25 21:59 - 2014-08-15 10:42 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-25 21:59 - 2014-08-15 10:37 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-25 21:59 - 2014-08-15 10:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-25 21:59 - 2014-08-15 10:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-25 21:59 - 2014-08-15 10:35 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-25 21:59 - 2014-08-15 10:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-09-25 21:59 - 2014-08-15 10:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-25 21:59 - 2014-08-15 10:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-25 21:59 - 2014-08-15 10:35 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-25 21:59 - 2014-08-15 10:35 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-09-25 21:59 - 2014-08-15 10:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-25 21:59 - 2014-08-15 10:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-25 21:59 - 2014-08-15 10:35 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-25 21:59 - 2014-08-15 10:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-09-25 21:59 - 2014-08-15 10:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-25 21:59 - 2014-08-15 10:34 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-25 21:59 - 2014-08-15 10:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-25 21:59 - 2014-08-15 10:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-09-25 21:59 - 2014-08-15 10:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-09-25 21:48 - 2014-09-09 02:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-09-25 21:46 - 2014-08-22 21:03 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-09-25 21:46 - 2014-08-22 19:26 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-09-25 21:04 - 2014-09-25 21:04 - 00000561 _____ () C:\Users\Morag\Desktop\mssstool32.exe - Shortcut.lnk 2014-09-25 21:03 - 2014-09-25 21:03 - 00913400 _____ (Microsoft Corporation) C:\Users\Morag\Downloads\mssstool32.exe 2014-09-25 10:13 - 2014-06-13 20:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-09-25 10:12 - 2014-06-13 20:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2014-09-25 10:12 - 2014-06-02 06:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-09-25 10:12 - 2014-06-02 06:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-09-25 10:12 - 2014-06-02 06:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-09-25 10:12 - 2014-06-02 06:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2014-09-25 10:12 - 2014-06-02 04:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-09-25 09:03 - 2014-09-25 09:03 - 00000000 ____D () C:\Users\Morag\Desktop\usb 2014-09-25 08:38 - 2014-09-25 08:38 - 00913408 _____ (Microsoft Corporation) C:\Users\Morag\Downloads\mssstool64 (1).exe 2014-09-23 21:53 - 2014-09-23 21:53 - 00913408 _____ (Microsoft Corporation) C:\Users\Morag\Downloads\mssstool64.exe 2014-09-23 17:36 - 2014-09-23 17:36 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-03 16:41 - 2009-01-20 13:26 - 01247369 _____ () C:\Windows\WindowsUpdate.log 2014-10-03 16:38 - 2012-04-12 17:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-03 16:38 - 2010-02-07 10:01 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-03 16:38 - 2006-11-02 08:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-03 16:38 - 2006-11-02 08:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-03 12:51 - 2006-11-02 06:33 - 00848396 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-03 12:49 - 2006-11-02 08:52 - 00071702 _____ () C:\Windows\setupact.log 2014-10-03 11:59 - 2010-02-07 10:01 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-03 11:56 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-03 09:42 - 2006-11-02 09:01 - 00032586 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-10-02 12:07 - 2011-11-08 21:43 - 00000000 ____D () C:\Users\Morag\Documents\Resume 2014-09-30 13:45 - 2008-02-11 21:00 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-09-30 13:44 - 2008-02-11 21:00 - 00000000 ____D () C:\Program Files\Java 2014-09-29 15:09 - 2009-01-19 22:28 - 00000918 _____ () C:\Users\Morag\Desktop\Launch Internet Explorer Browser.lnk 2014-09-29 15:02 - 2014-04-30 15:59 - 00001945 _____ () C:\Windows\epplauncher.mif 2014-09-29 14:40 - 2012-05-01 10:39 - 00000000 ____D () C:\ProgramData\MFAData 2014-09-26 10:27 - 2012-04-12 17:20 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-09-26 10:27 - 2012-04-12 17:20 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-09-26 10:26 - 2014-03-12 14:25 - 17323696 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe 2014-09-26 10:25 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-09-26 10:13 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\rescache 2014-09-26 09:56 - 2006-11-02 08:47 - 00397600 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-09-26 09:51 - 2008-01-20 22:47 - 00156412 _____ () C:\Windows\PFRO.log 2014-09-25 22:04 - 2008-02-11 21:50 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-09-25 21:42 - 2013-12-26 11:17 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-25 13:34 - 2014-03-13 13:18 - 00001982 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-09-25 09:33 - 2013-12-26 11:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection 2014-09-25 03:58 - 2011-01-09 21:41 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-09-25 03:53 - 2006-11-02 08:37 - 00000000 ____D () C:\Program Files\Windows Journal 2014-09-25 03:12 - 2011-01-09 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-09-15 09:06 - 2009-10-07 21:14 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe Some content of TEMP: ==================== C:\Users\Morag\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-03 12:01 ==================== End Of Log ============================