gjwsfg

Everything appears to be working great now. Your help was very much appreciated thank you very much!

ok finished with the panda and posted above.

Unknown. FILE: C:\PROGRAM FILES (X86)\CONTROLCENTER4\BRCCBOOT.EXE to be deleted. Unknown. FILE: C:\Users\Graham\Desktop\ControlCenter4.lnk to be deleted. Unknown. FILE: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\ADS-1500W\ControlCenter4.lnk to be deleted. Unknown. REGKEY: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[ControlCenter4]. Value: ControlCenter4 To be deleted. Unknown. REGKEY: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run[ControlCenter4]. Value: ControlCenter4 To be deleted. Unknown. REGKEY: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run[ControlCenter4]. Value: ControlCenter4 To be deleted. Unknown. FILE: C:\PROGRAM FILES (X86)\CONTROLCENTER4\BRCTRLCNTR.EXE to be deleted. Unknown. FILE: C:\PROGRAM FILES (X86)\COMMON FILES\INTUIT\QUICKBOOKS\QBCFMONITORSERVICE.EXE to be deleted. Unknown. REGKEY: HKLM\SYSTEM\CurrentControlSet\Services\QBCFMonitorService. Key to be deleted. . FILE: C:\USERS\GRAHAM\DOWNLOADS\PRODUTOOLS_MANUALS_2_1.EXE to be deleted. Unknown. FILE: C:\PROGRAM FILES (X86)\BROWNYSCN\BROTHER\BRSTMONSCN.EXE to be deleted. Unknown. FILE: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\ADS-1500W\Status Monitor.lnk to be deleted. Unknown. FILE: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\ADS-1500W LAN\Status Monitor.lnk to be deleted. Unknown. REGKEY: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[brScnStsMon00]. Value: BrScnStsMon00 To be deleted. Unknown. REGKEY: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run[brScnStsMon00]. Value: BrScnStsMon00 To be deleted. Unknown. REGKEY: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run[brScnStsMon00]. Value: BrScnStsMon00 To be deleted. Unknown. FILE: C:\PROGRAM FILES (X86)\BROTHER\BROTHER HELP\BROTHERHELP.EXE to be deleted. Unknown. FILE: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\ADS-1500W\Brother Help.lnk to be deleted. Unknown. FILE: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\ADS-1500W LAN\Brother Help.lnk to be deleted. Unknown. REGKEY: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[brHelp]. Value: BrHelp To be deleted. Unknown. REGKEY: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run[brHelp]. Value: BrHelp To be deleted. Unknown. REGKEY: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run[brHelp]. Value: BrHelp To be deleted. Unknown. FILE: C:\PROGRAM FILES (X86)\BROWNYSCN\SCANNERSTATUSMONITORSERVICE.EXE to be deleted. Unknown. REGKEY: HKLM\SYSTEM\CurrentControlSet\Services\ScannerStatusMonitorService. Key to be deleted. Unknown. FILE: C:\PROGRAM FILES (X86)\CONTROLCENTER4\BRCCUXSYS.EXE to be deleted. Malware. FILE: C:\Users\Graham\AppData\Roaming\MICROSOFT\Windows\Cookies\Z7G14QIV.txt to be deleted. Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[sHOWSUPERHIDDEN] to be changed to: 0 Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[sHOWSUPERHIDDEN] to be changed to: 0 Malware. REGKEY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLEREGISTRYTOOLS]. Value: DISABLEREGISTRYTOOLS To be deleted. Malware. REGKEY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLETASKMGR]. Value: DISABLETASKMGR To be deleted.

JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Wed Oct 29 09:23:20 2014 There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124. Found and removed: Software\Classes\JavaPlugin.160_37 Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.7.0.0 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects Found and removed: SOFTWARE\JavaSoft Found and removed: SOFTWARE\JreMetrics Found and removed: SOFTWARE\Classes\JavaPlugin.10402 ------------------------------------ Finished reporting.

Step 8: Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-10-2014 01 Ran by Graham at 2014-10-28 17:01:46Running from C:\Users\Graham\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) HiddenAdobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) HiddenAMD APP SDK Runtime (Version: 2.4.595.9 - Advanced Micro Devices Inc.) HiddenAMD System Monitor (HKLM-x32\...\{C1C82DC9-1547-4038-8F0A-C069F0B7F2ED}) (Version: 1.0.5 - Advanced Micro Devices, Inc.)AMD VISION Engine Control Center (x32 Version: 2011.0401.2259.39449 - ATI) HiddenAnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)ATI Catalyst Install Manager (HKLM\...\{942836D4-5395-652B-F1E8-A7C5B039910C}) (Version: 3.0.820.0 - ATI Technologies, Inc.)Audacity 1.3.14 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team)Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)BBC iPlayer Desktop (HKLM-x32\...\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1) (Version: 3.2.15 - British Broadcasting Corp.)BBC iPlayer Desktop (x32 Version: 3.2.15 - British Broadcasting Corp.) HiddenBejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) HiddenBejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) HiddenBlackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) HiddenBlasterball 3 (x32 Version: 2.2.0.95 - WildTangent) HiddenBonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) HiddenBrother MFL-Pro Suite ADS-1500W (HKLM-x32\...\{BB45C673-7F52-4F7F-96BA-DE1995EEB471}) (Version: 1.0.4.0 - Brother Industries, Ltd.)Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) HiddenCake Mania (x32 Version: 2.2.0.95 - WildTangent) HiddenCarbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.5.5 build 4151 (Jun-27-2014) - Carbonite)CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) HiddenCisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.3922 - CyberLink Corp.)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDashlane (HKCU\...\Dashlane) (Version: 3.0.6.69630 - Dashlane SAS)Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) HiddenDora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) HiddenDragon NaturallySpeaking 13 (HKLM-x32\...\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}) (Version: 13.00.000 - Nuance Communications Inc.)Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)Duplicate File Finder (HKLM-x32\...\{0670E1C9-84EF-4C85-B030-CF0A5A76B212}_is1) (Version: 5.4 - Ashisoft)Elevated Installer (x32 Version: 2.2.21 - Garmin Ltd or its subsidiaries) HiddenEnergy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)Eye-Fi Center 3.4 (HKLM-x32\...\{7764F7B0-7225-4145-82B6-2AB4540D33A6}) (Version: 3.4.26 - Eye-Fi, Inc)Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) HiddenFATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) HiddenFitbit Connect (HKLM-x32\...\{D3CD091B-296B-48E9-9F0F-E9FE53E02E41}) (Version: 1.0.3.5511 - Fitbit Inc.)Garmin BaseCamp (HKLM-x32\...\{B27D272F-2860-4363-9803-956C0A9FAFB9}) (Version: 4.1.2 - Garmin Ltd or its subsidiaries)Garmin City Navigator Europe NT 2013.10 Update (HKLM-x32\...\{EC28FA6E-E38D-4F72-80EF-1FBE66B05668}) (Version: 16.10.0.0 - Garmin Ltd or its subsidiaries)Garmin City Navigator North America NT 2013.10 Update (HKLM-x32\...\{DE2E1909-12C2-4249-8003-7978BEA3A14F}) (Version: 16.10.0.0 - Garmin Ltd or its subsidiaries)Garmin Communicator Plugin (HKLM-x32\...\{647BB978-2876-487B-9B0E-FDB73F0EA4A2}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)Garmin Communicator Plugin x64 (HKLM\...\{237D687E-9E50-4A30-B810-262764CC491B}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)Garmin Communicator Plugin x64 (HKLM\...\{EB418DDD-5365-4381-87F6-D8BBB21CC1CA}) (Version: 4.0.1 - Garmin Ltd or its subsidiaries)Garmin Express (HKLM-x32\...\{31a12940-e5c8-4d27-a6ac-005212152f1f}) (Version: 2.2.21 - Garmin Ltd or its subsidiaries)Garmin Express (x32 Version: 2.2.21 - Garmin Ltd or its subsidiaries) HiddenGarmin Express Tray (x32 Version: 2.2.21 - Garmin Ltd or its subsidiaries) HiddenGarmin MapInstall (HKLM-x32\...\{5ED7CD44-1A33-4B36-BA09-0B55FE82AF95}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)Garmin Update Service (x32 Version: 2.2.21 - Garmin Ltd or its subsidiaries) HiddenGarmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)Garmin WebUpdater (HKLM-x32\...\{F4DA4C73-026F-4D38-8C6B-85F0193E4B56}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)Get the Picture! (HKLM-x32\...\com.image.getthepicture) (Version: 2.3.4 - Image Holdings)Get the Picture! (x32 Version: 2.3.4 - Image Holdings) HiddenGoogle Chrome (HKCU\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)GoToMeeting 6.4.4.1831 (HKCU\...\GoToMeeting) (Version: 6.4.4.1831 - CitrixOnline)Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) HiddenHP 3D DriveGuard (HKLM\...\{5601F151-A69F-4E30-8C60-37928124CD07}) (Version: 4.1.9.1 - Hewlett-Packard Company)HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) HiddenHP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) HiddenHP Connection Manager (HKLM-x32\...\{7A6B4340-7090-418F-8976-EE9650B35550}) (Version: 4.1.22.1 - Hewlett-Packard Company)HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) HiddenHP Documentation (HKLM-x32\...\{C1C43BC8-2460-4E01-9628-332E04523BDC}) (Version: 1.2.0.0 - Hewlett-Packard)HP DVB-T TV Tuner 8.0.64.43 (HKLM-x32\...\HP DVB-T TV Tuner) (Version: 8.0.64.43 - )HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)HP LaserJet 200 color MFP M276 (HKLM-x32\...\{CC38C23C-7824-4DBB-AC73-997CD0BBFEC7}) (Version: 5.0.14057.1503 - Hewlett-Packard)HP LaserJet 200 color MFP M276 Fax (x32 Version: 29.0.84.0 - Hewlett-Packard Co.) HiddenHP LaserJet 200 color MFP M276 HP Device Toolbox (x32 Version: 29.0.84.0 - Hewlett-Packard Co.) HiddenHP LJ200 M276 HP Scan (x32 Version: 1.0.302.0 - Hewlett-Packard Co.) HiddenHP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)HP MovieStore (x32 Version: 1.0.047 - Hewlett-Packard) HiddenHP On Screen Display (HKLM-x32\...\{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}) (Version: 1.1.2 - Hewlett-Packard Company)HP Power Manager (HKLM-x32\...\{E44578C7-4667-4124-8BC2-1161BCA54978}) (Version: 1.4.4 - Hewlett-Packard Company)HP Product FWUpdater (x32 Version: 4.0.0.7242 - Hewlett-Packard Company) HiddenHP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)HP Software Framework (HKLM-x32\...\{28FE073B-1230-4BF6-830C-7434FD0C0069}) (Version: 4.1.13.1 - Hewlett-Packard Company)HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)HP Unified IO (Version: 2.0.0.404 - HP) HiddenHP Unified IO (x32 Version: 2.0.0.404 - HP) HiddenHP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) HiddenhpbM276DSService (x32 Version: 001.001.05874 - Hewlett-Packard) HiddenHPDXP (x32 Version: 3.0.26.8 - HP) HiddenHPLaserJet200color-MFPM276_HelpLearnCenter_SI (HKLM-x32\...\{0F044C7A-6EE1-4F03-90AC-329AAF2FCF12}) (Version: 1.01.0000 - Hewlett-Packard)HPLJDXPHelper (x32 Version: 020.021.004 - HP) HiddenHPLJUTCore (x32 Version: 004.005.0001 - HP) HiddenHPLJUTM276 (x32 Version: 3.00.0003 - HP) HiddenhppFaxDrvM276 (x32 Version: 003.000.00002 - Hewlett-Packard) HiddenhppLaserJetService (x32 Version: 009.027.00856 - Hewlett-Packard) HiddenhppM276LaserJetService (x32 Version: 001.019.00639 - Hewlett-Packard) HiddenhppSendFaxM276 (x32 Version: 003.000.00002 - Hewlett-Packard) HiddenhpStatusAlerts (x32 Version: 050.037.00142 - Hewlett Packard) HiddenhpStatusAlertsM276 (x32 Version: 050.034.00131 - Hewlett-Packard) HiddeniCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6329.0 - IDT)iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)Java Auto Updater (x32 Version: 2.1.71.14 - Oracle, Inc.) HiddenJava 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216037FF}) (Version: 6.0.370 - Oracle)Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenLJDXPHelperUI (x32 Version: 020.021.004 - HP) HiddenLogMeIn (HKLM-x32\...\{976475B8-63E9-4559-BE2C-D26086BE4C40}) (Version: 4.1.2126 - LogMeIn, Inc.)Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) HiddenMahjong Garden Deluxe (x32 Version: 2.2.0.98 - WildTangent) HiddenMalwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office Standard 2007 (HKLM-x32\...\STANDARD) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) HiddenMotorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) HiddenNamco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) HiddenPaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)Penguins! (x32 Version: 2.2.0.95 - WildTangent) HiddenPivothead Eyewear Recorder version 0.8.7.2 (HKLM-x32\...\7E809322-61A9-4CFE-BBB0-057A760325BD_is1) (Version: 0.8.7.2 - Pivothead)Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) HiddenPlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) HiddenPolar Bowler (x32 Version: 2.2.0.95 - WildTangent) HiddenPolar Golfer (x32 Version: 2.2.0.95 - WildTangent) HiddenPowerChute Personal Edition 3.0.2 (HKLM-x32\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric)QuickBooks (x32 Version: 23.0.4012.2305 - Intuit Inc.) HiddenQuickBooks Pro 2013 (HKLM-x32\...\{3C631966-387E-4054-85D9-BBFFABE32BD8}) (Version: 23.0.4005.2305 - Intuit Inc.)Quicken 2010 (HKLM-x32\...\{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}) (Version: 19.1.9.16 - Intuit)Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit)Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.7.6 - Intuit)QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)Ralink RT5390 802.11b/g/n WiFi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 3.02.02.0 - Ralink)Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.80 - Realtek Semiconductor Corp.)Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) HiddenRoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) HiddenSmartAnalyzer for SmartOffice - Installer (HKCU\...\54cf1f7f18457d33) (Version: 1.0.0.46 - Ebix Inc)SmartAnalyzer for SmartOffice (HKLM-x32\...\{AF65A957-ABE0-4C26-AEB3-58BDB64AD733}) (Version: 1.0.46 - Ebix Inc)SmartOffice Desktop Integration - Installer (HKCU\...\43cbdbbaf98478b8) (Version: 1.0.0.90 - Ebix Inc)SmartOffice Desktop Integrations 2.0 - Installer (HKCU\...\d8e2e892d55ef4cd) (Version: 3.0.0.13 - Ebix Inc)SmartOffice Desktop Integrations 2.0 (HKLM-x32\...\{79B6DA64-8AFB-44B4-8C4F-03BC6DA15829}) (Version: 3.0.13 - Ebix Inc)Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.4.4 - Synaptics Incorporated)TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)The Weather Channel App (HKLM-x32\...\{167158CE-1637-4167-8A1C-C2549EEA966A}) (Version: 1.00.0000 - The Weather Channel)Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)Update Installer for WildTangent Games App (x32 Version: - WildTangent) HiddenVirtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) HiddenVisual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) HiddenVisual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) HiddenWildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)WildTangent Games App for HP (x32 Version: 4.0.11.9 - WildTangent) HiddenWindows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) HiddenZuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-356050647-1739812504-2184696174-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Graham\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-356050647-1739812504-2184696174-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Graham\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-356050647-1739812504-2184696174-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Graham\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-356050647-1739812504-2184696174-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Graham\AppData\Local\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)CustomCLSID: HKU\S-1-5-21-356050647-1739812504-2184696174-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Graham\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-356050647-1739812504-2184696174-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Graham\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-356050647-1739812504-2184696174-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-356050647-1739812504-2184696174-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-356050647-1739812504-2184696174-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-356050647-1739812504-2184696174-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-356050647-1739812504-2184696174-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-356050647-1739812504-2184696174-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-356050647-1739812504-2184696174-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-356050647-1739812504-2184696174-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-356050647-1739812504-2184696174-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Graham\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File ==================== Restore Points ========================= 19-10-2014 13:46:59 Scheduled Checkpoint19-10-2014 16:13:38 Installed Java 7 Update 7119-10-2014 16:14:02 Windows Update22-10-2014 16:50:41 Windows Update25-10-2014 15:58:04 Windows Backup25-10-2014 20:28:42 Windows Update28-10-2014 20:49:19 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {01CC98A0-A9F9-475F-9F69-DF9F566BFAB2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CNF8G5QBQN => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)Task: {06CB909D-7BA1-499C-B6B4-4D06CFD7D2A9} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()Task: {099A54C1-86A0-47B3-A55C-64193493F34A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-356050647-1739812504-2184696174-1001UA => C:\Users\Graham\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)Task: {0A03B829-C94A-41AB-A631-093670D2F5DA} - System32\Tasks\HPCeeScheduleForGraham => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)Task: {17BFA054-7549-48CC-853D-4609BED90055} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)Task: {1F06A448-C8BC-4DEE-B120-A4C9311DAA1A} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()Task: {3246F233-1FEE-4E7C-AD05-435D76A3DE02} - System32\Tasks\G2MUpdateTask-S-1-5-21-356050647-1739812504-2184696174-1001 => C:\Users\Graham\AppData\Local\Citrix\GoToMeeting\1831\g2mupdate.exe [2014-10-19] (Citrix Online, a division of Citrix Systems, Inc.)Task: {3CA6CF2F-0E5E-48FD-8A7B-E5AFC4B50EBF} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exeTask: {3E1FE93D-5E90-474F-9757-674337FEECD3} - System32\Tasks\{16368D8E-4947-43F6-BE13-20043D1E85AF} => C:\Program Files (x86)\Quicken\qw.exe [2014-03-04] ()Task: {45079B39-7275-415A-8E07-8C7E7BEDDDD9} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2012-06-14] (Hewlett Packard)Task: {5050D9DB-FF20-44CF-BE19-08442A0E3980} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)Task: {6304540D-490E-41CB-95AF-803BB1B04833} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {6706B596-715B-434A-9733-A0EC98B18622} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-22] (CyberLink)Task: {72671FF3-AAAC-4FAF-84A1-B85C39AA3097} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)Task: {99290D8A-CC5C-4D8C-A7AC-078B62A9EF0B} - System32\Tasks\HPCeeScheduleForGRAHAM-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)Task: {B2080E7F-2B57-4CBB-92BE-5677D1569174} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-356050647-1739812504-2184696174-1001Core => C:\Users\Graham\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)Task: {B8D67547-011F-4D73-BEA2-9DD49E0ABA0E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)Task: {C791B834-5D2B-4ACB-81E2-44B0B8936EE0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)Task: {C9DA3A46-3540-4A6B-89DB-93C6C336DEA6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-10-21] (Microsoft)Task: {CAE212A3-EBAF-48B0-A8C8-6F8007C43260} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)Task: {D6F44D96-499A-44D7-99E3-17FF8604FB2B} - System32\Tasks\{4EFFA3A2-06F4-4702-AEC2-68D8161C5E3F} => C:\Program Files (x86)\Quicken\qw.exe [2014-03-04] ()Task: {DAFAAA64-4E44-44EB-B418-F033F559D7C6} - System32\Tasks\{66388A37-E5B7-4495-9CFD-6ED8734121C4} => C:\Program Files (x86)\Quicken\qw.exe [2014-03-04] ()Task: {DCE50077-7C8C-45DE-9777-99B0247E9499} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-356050647-1739812504-2184696174-1001.job => C:\Users\Graham\AppData\Local\Citrix\GoToMeeting\1831\g2mupdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-356050647-1739812504-2184696174-1001Core.job => C:\Users\Graham\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-356050647-1739812504-2184696174-1001UA.job => C:\Users\Graham\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\HPCeeScheduleForGRAHAM-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exeTask: C:\Windows\Tasks\HPCeeScheduleForGraham.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2011-04-02 02:06 - 2011-04-02 02:06 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll2014-06-13 11:09 - 2005-04-22 00:36 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll2014-01-07 10:09 - 2014-08-26 12:16 - 00219832 _____ () C:\Users\Graham\AppData\Roaming\Dashlane\Dashlane.exe2014-08-27 08:07 - 2014-08-27 08:07 - 00055120 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe2014-08-27 08:07 - 2014-08-27 08:07 - 01164632 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.UI.dll2014-08-27 08:07 - 2014-08-27 08:07 - 00259936 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.Services.dll2014-08-27 08:07 - 2014-08-27 08:07 - 00115552 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.Models.dll2014-02-18 16:52 - 2014-08-26 12:16 - 00225464 _____ () C:\Users\Graham\AppData\Roaming\Dashlane\DashlanePlugin.exe2011-04-08 10:57 - 2011-04-08 10:57 - 01102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2013-10-31 11:05 - 2013-10-31 11:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll2014-08-26 12:14 - 2014-08-26 12:14 - 00277688 _____ () C:\Users\Graham\AppData\Roaming\Dashlane\3.0.6.69630\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.3.0.6.69630.dll2014-08-26 12:14 - 2014-08-26 12:14 - 00408760 _____ () C:\Users\Graham\AppData\Roaming\Dashlane\3.0.6.69630\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.3.0.6.69630.dll2014-08-26 12:15 - 2014-08-26 12:15 - 00427192 _____ () C:\Users\Graham\AppData\Roaming\Dashlane\3.0.6.69630\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.3.0.6.69630.dll2014-08-26 12:14 - 2014-08-26 12:14 - 30333112 _____ () C:\Users\Graham\AppData\Roaming\Dashlane\3.0.6.69630\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.3.0.6.69630.dll2014-08-26 12:15 - 2014-08-26 12:15 - 00266936 _____ () C:\Users\Graham\AppData\Roaming\Dashlane\3.0.6.69630\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.3.0.6.69630.dll2014-08-26 12:14 - 2014-08-26 12:14 - 05765304 _____ () C:\Users\Graham\AppData\Roaming\Dashlane\3.0.6.69630\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.3.0.6.69630.dll2014-08-26 12:14 - 2014-08-26 12:14 - 06068920 _____ () C:\Users\Graham\AppData\Roaming\Dashlane\3.0.6.69630\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.3.0.6.69630.dll2014-10-27 14:33 - 2014-10-22 00:04 - 01042760 _____ () C:\Users\Graham\AppData\Local\Google\Chrome\Application\38.0.2125.111\libglesv2.dll2014-10-27 14:33 - 2014-10-22 00:04 - 00211272 _____ () C:\Users\Graham\AppData\Local\Google\Chrome\Application\38.0.2125.111\libegl.dll2014-10-27 14:33 - 2014-10-22 00:04 - 08910664 _____ () C:\Users\Graham\AppData\Local\Google\Chrome\Application\38.0.2125.111\pdf.dll2014-10-27 14:33 - 2014-10-22 00:04 - 01681224 _____ () C:\Users\Graham\AppData\Local\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll2014-01-16 14:04 - 2014-01-16 14:04 - 00269128 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\boost_regex-vc90-mt-p-1_33.dll2014-01-16 14:04 - 2014-01-16 14:04 - 00021832 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBCompressor.dll2012-12-23 00:53 - 2012-12-23 00:53 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\zlib1.dll2014-01-16 14:04 - 2014-01-16 14:04 - 00141640 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBMAPILibrary.dll2014-01-16 14:04 - 2014-01-16 14:04 - 00176968 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\boost_serialization-vc90-mt-p-1_33.dll2014-01-16 14:04 - 2014-01-16 14:04 - 00415560 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\FtuEngine.dll2014-01-16 14:04 - 2014-01-16 14:04 - 00529224 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\BackupLib.dll2014-01-16 11:04 - 2014-01-16 11:04 - 00128840 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBProActiveCore.dll2014-01-16 14:04 - 2014-01-16 14:04 - 00570696 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\FeaturesBridge.dll2014-01-16 14:04 - 2014-01-16 14:04 - 00042824 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\mbpopup.dll2014-06-12 17:41 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll2014-10-28 10:32 - 2014-10-28 10:32 - 00043008 _____ () c:\users\graham\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplnwoat.dll2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\Graham\AppData\Roaming\Dropbox\bin\libcef.dll2014-08-26 12:14 - 2014-08-26 12:14 - 12242616 _____ () C:\Users\Graham\AppData\Roaming\Dashlane\3.0.6.69630\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.3.0.6.69630.dll2014-08-26 12:14 - 2014-08-26 12:14 - 02050744 _____ () C:\Users\Graham\AppData\Roaming\Dashlane\3.0.6.69630\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.3.0.6.69630.dll2014-08-26 12:14 - 2014-08-26 12:14 - 00185016 _____ () C:\Users\Graham\AppData\Roaming\Dashlane\3.0.6.69630\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_DP.3.0.6.69630.dll2011-04-08 10:57 - 2011-04-08 10:57 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Temp:0FF263E8AlternateDataStreams: C:\Users\Graham\Downloads\forwardedMessage.eml:OECustomProperty ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"MSCONFIG\startupreg: Easybits Recovery => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exeMSCONFIG\startupreg: Eye-Fi => "C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe"MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exeMSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun ========================= Accounts: ========================== Administrator (S-1-5-21-356050647-1739812504-2184696174-500 - Administrator - Disabled)Graham (S-1-5-21-356050647-1739812504-2184696174-1001 - Administrator - Enabled) => C:\Users\GrahamGuest (S-1-5-21-356050647-1739812504-2184696174-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-356050647-1739812504-2184696174-1004 - Limited - Enabled)LogMeInRemoteUser (S-1-5-21-356050647-1739812504-2184696174-1002 - Administrator - Enabled) => C:\Users\LogMeInRemoteUser ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (10/28/2014 04:40:08 PM) (Source: Application) (EventID: 0) (User: )Description: Value cannot be null.Parameter name: key Error: (10/28/2014 04:40:00 PM) (Source: Application) (EventID: 0) (User: )Description: Value cannot be null.Parameter name: key Error: (10/28/2014 04:40:00 PM) (Source: Application) (EventID: 0) (User: )Description: Value cannot be null.Parameter name: key Error: (10/28/2014 04:36:54 PM) (Source: Application) (EventID: 0) (User: )Description: Value cannot be null.Parameter name: key Error: (10/28/2014 04:06:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 17878 Error: (10/28/2014 04:06:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 17878 Error: (10/28/2014 04:06:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/28/2014 04:06:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 16864 Error: (10/28/2014 04:06:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 16864 Error: (10/28/2014 04:06:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second System errors:=============Error: (10/28/2014 11:47:37 AM) (Source: NetBT) (EventID: 4321) (User: )Description: The name "GRAHAM-HP :0" could not be registered on the interface with IP address 192.168.1.149.The computer with the IP address 192.168.1.108 did not allow the name to be claimed bythis computer. Error: (10/28/2014 11:47:34 AM) (Source: NetBT) (EventID: 4321) (User: )Description: The name "GRAHAM-HP :0" could not be registered on the interface with IP address 192.168.1.149.The computer with the IP address 192.168.1.108 did not allow the name to be claimed bythis computer. Error: (10/28/2014 10:29:24 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC) Error: (10/28/2014 10:29:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (10/28/2014 10:28:30 AM) (Source: NetBT) (EventID: 4321) (User: )Description: The name "GRAHAM-HP :20" could not be registered on the interface with IP address 192.168.1.149.The computer with the IP address 192.168.1.108 did not allow the name to be claimed bythis computer. Error: (10/28/2014 10:28:30 AM) (Source: Server) (EventID: 2505) (User: )Description: The server could not bind to the transport \Device\NetBT_Tcpip_{BA102103-93D2-4F11-91FB-B6C1E8023F30} because another computer on the network has the same name. The server could not start. Error: (10/28/2014 10:28:05 AM) (Source: NetBT) (EventID: 4321) (User: )Description: The name "GRAHAM-HP :0" could not be registered on the interface with IP address 192.168.1.149.The computer with the IP address 192.168.1.108 did not allow the name to be claimed bythis computer. Error: (10/28/2014 10:27:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Windows Media Player Network Sharing Service service failed to start due to the following error: %%1069 Error: (10/28/2014 10:27:08 AM) (Source: Service Control Manager) (EventID: 7038) (User: )Description: The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: %%50 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (10/28/2014 10:27:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Windows Search service failed to start due to the following error: %%1069 Microsoft Office Sessions:=========================Error: (06/07/2012 09:23:55 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash. Error: (05/29/2012 05:23:58 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. Error: (05/18/2012 06:42:50 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. Error: (05/12/2012 10:23:13 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash. Error: (03/26/2012 07:34:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash. Error: (03/09/2012 05:19:44 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash. Error: (02/07/2012 07:23:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash. CodeIntegrity Errors:=================================== Date: 2013-06-05 22:20:23.644 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-05 22:19:31.556 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-05 22:19:30.056 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-05 22:18:51.914 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-05 22:17:12.632 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD A6-3400M APU with Radeon HD GraphicsPercentage of memory in use: 61%Total physical RAM: 3562.9 MBAvailable physical RAM: 1362.36 MBTotal Pagefile: 7123.98 MBAvailable Pagefile: 3954.47 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:581.47 GB) (Free:433.16 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive d: (RECOVERY) (Fixed) (Total:14.41 GB) (Free:1.6 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 8D715ADE)Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=581.5 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=14.4 GB) - (Type=07 NTFS)Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ==================== End Of Log ============================

Step 8: FRST.txt Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2014 01Ran by Graham (administrator) on GRAHAM-HP on 28-10-2014 17:00:48Running from C:\Users\Graham\DownloadsLoaded Profile: Graham (Available profiles: Graham & LogMeInRemoteUser)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe(AMD) C:\Windows\System32\atiesrxx.exe(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe(AMD) C:\Windows\System32\atieclxx.exe(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Hewlett-Packard Company) C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe() C:\Users\Graham\AppData\Roaming\Dashlane\Dashlane.exe(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe(Google Inc.) C:\Users\Graham\AppData\Local\Google\Chrome\Application\chrome.exe() C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe(Google Inc.) C:\Users\Graham\AppData\Local\Google\Chrome\Application\chrome.exe(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe(Google Inc.) C:\Users\Graham\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Graham\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Graham\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Graham\AppData\Local\Google\Chrome\Application\chrome.exe(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE(Brother Industries, Ltd.) C:\Program Files (x86)\BrownyScn\Brother\BrStMonScn.exe(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe(Brother Industries, Ltd.) C:\Program Files (x86)\BrownyScn\ScannerStatusMonitorService.exe(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Dropbox, Inc.) C:\Users\Graham\AppData\Roaming\Dropbox\bin\Dropbox.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe() C:\Users\Graham\AppData\Roaming\Dashlane\DashlanePlugin.exe(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnria_nmhost.exe(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe(Google Inc.) C:\Users\Graham\AppData\Local\Google\Chrome\Application\chrome.exe(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe(Farbar) C:\Users\Graham\Downloads\FRST64 (3).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-03-11] (IDT, Inc.)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-16] (Synaptics Incorporated)HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2011-09-16] (LogMeIn, Inc.)HKLM\...\Run: [HP LaserJet 200 color MFP M276 Series Fax] => C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [3706424 2011-10-09] (Hewlett-Packard Company)HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-09-04] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.)HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-05-23] (Hewlett-Packard Development Company L.P.)HKLM-x32\...\Run: [intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3774776 2014-01-16] (Intuit Inc. All rights reserved.)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-09-25] (Brother Industries, Ltd.)HKLM-x32\...\Run: [brScnStsMon00] => C:\Program Files (x86)\BrownyScn\Brother\BrStMonScn.exe [3048448 2013-05-07] (Brother Industries, Ltd.)HKLM-x32\...\Run: [brHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [1944576 2013-03-07] (Brother Industries, Ltd.)HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056976 2014-06-27] (Carbonite, Inc.)HKLM-x32\...\Run: [iSUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking13\Ereg\Ereg.exe [325960 2014-05-30] (Nuance Communications, Inc.)HKLM-x32\...\Run: [statusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313248 2012-07-18] (Hewlett-Packard Company)HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1HKU\S-1-5-21-356050647-1739812504-2184696174-1001\...\Run: [Google Update] => C:\Users\Graham\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-19] (Google Inc.)HKU\S-1-5-21-356050647-1739812504-2184696174-1001\...\Run: [Dashlane] => C:\Users\Graham\AppData\Roaming\Dashlane\Dashlane.exe [219832 2014-08-26] ()HKU\S-1-5-21-356050647-1739812504-2184696174-1001\...\Run: [sOFileManager] => "C:\Ebix Inc\Common Files\SOFileManager.exe"HKU\S-1-5-21-356050647-1739812504-2184696174-1001\...\Run: [smartAnalyzer for SmartOffice] => C:\Users\Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ebix Inc\SmartAnalyzer for SmartOffice - Installer.appref-msHKU\S-1-5-21-356050647-1739812504-2184696174-1001\...\Run: [smartOffice Desktop Integrations] => C:\Users\Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ebix Inc\SmartOffice Desktop Integrations 2.0 - Installer.appref-msHKU\S-1-5-21-356050647-1739812504-2184696174-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)HKU\S-1-5-21-356050647-1739812504-2184696174-1001\...\Run: [GoogleChromeAutoLaunch_A4BAE6C0FC33D3253063724F847430B9] => C:\Users\Graham\AppData\Local\Google\Chrome\Application\chrome.exe [854344 2014-10-22] (Google Inc.)HKU\S-1-5-21-356050647-1739812504-2184696174-1001\...\Run: [iSUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)HKU\S-1-5-21-356050647-1739812504-2184696174-1001\...\Run: [TWC.Win7] => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe [55120 2014-08-27] ()HKU\S-1-5-21-356050647-1739812504-2184696174-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)HKU\S-1-5-21-356050647-1739812504-2184696174-1001\...\MountPoints2: H - H:\ToolLauncher-Bootstrap.exeHKU\S-1-5-21-356050647-1739812504-2184696174-1001\...\MountPoints2: I - I:\ToolLauncher-Bootstrap.exeHKU\S-1-5-21-356050647-1739812504-2184696174-1001\...\MountPoints2: {0caa949a-faba-11e1-8892-101f7415c16d} - F:\ToolLauncher-Bootstrap.exeHKU\S-1-5-21-356050647-1739812504-2184696174-1001\...\MountPoints2: {158e2fa5-a619-11e2-b327-101f7415c16d} - F:\MotorolaDeviceManagerSetup.exe -aHKU\S-1-5-21-356050647-1739812504-2184696174-1001\...\MountPoints2: {383ab370-1011-11e4-8510-101f7415c16d} - F:\MotorolaDeviceManagerSetup.exe -aHKU\S-1-5-21-356050647-1739812504-2184696174-1001\...\MountPoints2: {b340be31-de66-11e1-b9ad-cb184ff0a5a3} - F:\ToolLauncher-Bootstrap.exeStartup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnkShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnkShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnkShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnkShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.)Startup: C:\Users\Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\Graham\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)Startup: C:\Users\Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartOffice Desktop Integrations – Login.lnkShortcutTarget: SmartOffice Desktop Integrations – Login.lnk -> C:\Ebix Inc\Common Files\SmartBridgeDXO.exe (No File)Startup: C:\Users\Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartOffice Sync Tray - Launcher.lnkShortcutTarget: SmartOffice Sync Tray - Launcher.lnk -> C:\Ebix Inc\SmartOffice Desktop Integration\SmartLinkTray.exe (No File)ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}SearchScopes: HKLM - {F0C07441-FD14-4F34-9C4C-A673AFE4ADE0} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}SearchScopes: HKLM-x32 - {F0C07441-FD14-4F34-9C4C-A673AFE4ADE0} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}SearchScopes: HKCU - {F0C07441-FD14-4F34-9C4C-A673AFE4ADE0} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll (Nuance Communications, Inc.)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No FileBHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll (Nuance Communications, Inc.)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Graham\AppData\Roaming\Dashlane\ie\KWIEBar.dll (Dashlane)Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileDPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabDPF: HKLM-x32 {B8CFAE23-A32D-4D85-A685-4BAEB03D9128} http://illustrations.columbuslife.com/clb/reports/control/clbrptview.cabDPF: HKLM-x32 {BDFCAF79-6A4E-46FB-8AAC-2629A03B8CBB} https://www.ez-data.com/SmartInstaller.cabDPF: HKLM-x32 {C8BF1F77-0A43-4AEC-A0AC-BEEE472B65C6} http://www.ez-data.com/SmartAnalyser.cabDPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP31-13320/training/ieatgpc1.cabHandler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - No FileHandler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - No FileHandler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1Tcpip\..\Interfaces\{CFBB5837-FE40-4CA4-A753-7AD4F3DCF920}: [NameServer] 8.8.8.8 FireFox:========FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll (Nuance Communications, Inc.)FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No FileFF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\11\NP_wtapp.dll ()FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll (Nuance Communications, Inc.)FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Graham\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Graham\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Graham\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) Chrome: =======CHR HomePage: Default -> hxxp://www.google.com/igCHR StartupUrls: Default -> "hxxp://www.google.com/"CHR DefaultSuggestURL: Default -> http://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}CHR Profile: C:\Users\Graham\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Entanglement Web App) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2011-12-28]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]CHR Extension: (YouTube) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-28]CHR Extension: (Google Search) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-27]CHR Extension: (Dragon Web Extension) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddaloccgjfibfpkalenodgehlhkgoahe [2014-08-13]CHR Extension: (Dashlane) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2014-07-31]CHR Extension: (Poppit!) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2011-12-28]CHR Extension: (Google Wallet) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2011-12-28]CHR Extension: (Google Chrome to Phone Extension) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2012-02-12]CHR Extension: (Gmail) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-27]CHR Extension: (RSS Feed Reader) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2012-10-24]CHR HKCU\...\Chrome\Extension: [cfffenfdjeibfomfbppoljahojkbbobb] - C:\Users\Graham\AppData\Local\CRE\cfffenfdjeibfomfbppoljahojkbbobb.crx []CHR HKLM-x32\...\Chrome\Extension: [cfffenfdjeibfomfbppoljahojkbbobb] - C:\Users\Graham\AppData\Local\CRE\cfffenfdjeibfomfbppoljahojkbbobb.crx []CHR StartMenuInternet: Google Chrome - C:\Users\Graham\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-04-02] (Advanced Micro Devices, Inc.) [File not signed]R2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)R2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [137280 2014-07-12] (Nuance Communications, Inc.)R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1436192 2014-05-19] (Fitbit, Inc.)S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-05-01] (WildTangent)R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [220504 2013-08-22] (Garmin Ltd or its subsidiaries)S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [File not signed]R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-03-07] (Realsil Microelectronics Inc.) [File not signed]R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376168 2014-10-28] (LogMeIn, Inc.)R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226152 2014-10-28] (LogMeIn, Inc.)R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2011-09-16] (LogMeIn, Inc.)S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-01-16] (Intuit) [File not signed]S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-12-23] (Intuit Inc.) [File not signed]R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-12-23] (Intuit Inc.) [File not signed]R3 ScannerStatusMonitorService; C:\Program Files (x86)\BrownyScn\ScannerStatusMonitorService.exe [276992 2013-05-08] (Brother Industries, Ltd.) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-23] (LogMeIn, Inc.)S4 LMIRfsClientNP; No ImagePathR1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-10-01] (Malwarebytes Corporation)S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-28 16:57 - 2014-10-28 16:57 - 02113024 _____ (Farbar) C:\Users\Graham\Downloads\FRST64 (3).exe2014-10-28 16:56 - 2014-10-28 16:56 - 02113024 _____ (Farbar) C:\Users\Graham\Downloads\FRST64 (2).exe2014-10-28 16:53 - 2014-10-28 16:53 - 00006482 _____ () C:\Users\Graham\Desktop\eset.txt2014-10-28 11:51 - 2014-10-28 11:51 - 02347384 _____ (ESET) C:\Users\Graham\Downloads\esetsmartinstaller_enu.exe2014-10-28 11:51 - 2014-10-28 11:51 - 00000000 ____D () C:\Program Files (x86)\ESET2014-10-28 11:47 - 2014-10-28 11:47 - 00001072 _____ () C:\Users\Graham\Desktop\malware scan.txt2014-10-28 10:14 - 2014-10-28 10:14 - 01998336 _____ () C:\Users\Graham\Downloads\AdwCleaner (1).exe2014-10-28 10:02 - 2014-10-28 10:02 - 00000000 _____ () C:\Windows\SysWOW64\shoC99.tmp2014-10-28 09:34 - 2014-10-28 09:34 - 00001724 _____ () C:\Users\Graham\Desktop\JRT.txt2014-10-28 09:27 - 2014-10-28 09:27 - 00000000 ____D () C:\Windows\ERUNT2014-10-28 09:13 - 2014-10-28 09:13 - 01706144 _____ (Thisisu) C:\Users\Graham\Downloads\JRT.exe2014-10-27 22:22 - 2014-10-27 23:11 - 1118918486 _____ () C:\Users\Graham\Downloads\downton_abbey.5x06.720p_hdtv_x264-fov (1).mkv2014-10-27 20:27 - 2014-10-27 20:59 - 669433169 _____ () C:\Users\Graham\Downloads\downton_abbey.5x06.720p_hdtv_x264-fov.mkv2014-10-27 12:56 - 2014-10-27 12:56 - 00188944 _____ (Cisco WebEx LLC) C:\Users\Graham\Downloads\,assetmark,1963755534,1896325541,EC,002951617,SDJTSwAAAAFh1c3yUcT-InPiWTM51QgL8JHgK-_ZTd4BVOZXVDFWQQ2,1_webex.exe2014-10-25 16:08 - 2014-10-25 16:08 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys2014-10-25 16:08 - 2014-10-25 16:08 - 00000000 ____D () C:\ProgramData\RogueKiller2014-10-25 16:05 - 2014-10-25 16:06 - 19114072 _____ () C:\Users\Graham\Desktop\RogueKillerX64.exe2014-10-25 15:02 - 2014-10-28 10:37 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-10-25 15:02 - 2014-10-25 15:02 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-10-25 15:02 - 2014-10-25 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-10-25 15:02 - 2014-10-25 15:02 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-10-25 15:02 - 2014-10-25 15:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-10-25 15:02 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-10-25 15:02 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-10-25 15:02 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-10-25 15:00 - 2014-10-25 15:01 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Graham\Downloads\mbam-setup-2.0.3.1025.exe2014-10-25 14:46 - 2014-10-25 14:46 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Graham\Desktop\mbam-clean-2.1.1.1001.exe2014-10-25 14:34 - 2014-10-25 14:34 - 00000000 ____D () C:\Windows\ERDNT2014-10-25 14:33 - 2014-10-25 14:33 - 00000924 _____ () C:\Users\LogMeInRemoteUser\Desktop\NTREGOPT.lnk2014-10-25 14:33 - 2014-10-25 14:33 - 00000924 _____ () C:\Users\Graham\Desktop\NTREGOPT.lnk2014-10-25 14:33 - 2014-10-25 14:33 - 00000905 _____ () C:\Users\LogMeInRemoteUser\Desktop\ERUNT.lnk2014-10-25 14:33 - 2014-10-25 14:33 - 00000905 _____ () C:\Users\Graham\Desktop\ERUNT.lnk2014-10-25 14:33 - 2014-10-25 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT2014-10-25 14:33 - 2014-10-25 14:33 - 00000000 ____D () C:\Program Files (x86)\ERUNT2014-10-25 14:32 - 2014-10-25 14:32 - 00791393 _____ (Lars Hederer ) C:\Users\Graham\Desktop\erunt-setup.exe2014-10-25 14:28 - 2014-10-25 15:00 - 00002144 _____ () C:\Users\Graham\Desktop\Rkill.txt2014-10-25 14:27 - 2014-10-25 14:27 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Graham\Desktop\rkill.exe2014-10-25 13:26 - 2014-10-25 14:26 - 00000426 ____H () C:\Windows\system32\Rebecca.dat2014-10-22 17:05 - 2014-10-22 17:05 - 00001174 _____ () C:\Users\Graham\Desktop\TeamViewer 9.lnk2014-10-22 16:49 - 2014-10-22 16:53 - 00054436 _____ () C:\Users\Graham\Desktop\Addition.txt2014-10-22 16:47 - 2014-10-22 16:53 - 00059485 _____ () C:\Users\Graham\Desktop\FRST.txt2014-10-22 16:46 - 2014-10-22 16:46 - 02112000 _____ (Farbar) C:\Users\Graham\Desktop\FRST64 (2).exe2014-10-21 17:19 - 2014-10-21 17:21 - 00054079 _____ () C:\Users\Graham\Downloads\Addition.txt2014-10-21 17:16 - 2014-10-28 17:01 - 00031338 _____ () C:\Users\Graham\Downloads\FRST.txt2014-10-21 17:16 - 2014-10-21 17:16 - 02110976 _____ (Farbar) C:\Users\Graham\Downloads\FRST64 (1).exe2014-10-21 17:13 - 2014-10-28 17:00 - 00000000 ____D () C:\FRST2014-10-21 17:13 - 2014-10-21 17:13 - 02110976 _____ (Farbar) C:\Users\Graham\Downloads\FRST64.exe2014-10-19 12:32 - 2014-10-28 10:26 - 00000000 ____D () C:\AdwCleaner2014-10-19 12:31 - 2014-10-19 12:32 - 01976320 _____ () C:\Users\Graham\Downloads\AdwCleaner.exe2014-10-19 12:20 - 2014-10-19 12:20 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC2014-10-19 12:20 - 2014-10-19 12:20 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk2014-10-19 12:20 - 2014-10-19 12:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner2014-10-19 12:20 - 2014-10-19 12:20 - 00000000 ____D () C:\Program Files\CCleaner2014-10-19 12:19 - 2014-10-19 12:20 - 04965896 _____ (Piriform Ltd) C:\Users\Graham\Downloads\ccsetup418.exe2014-10-19 12:17 - 2014-10-19 12:16 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2014-10-19 12:16 - 2014-10-19 12:16 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2014-10-19 12:16 - 2014-10-19 12:16 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2014-10-19 12:16 - 2014-10-19 12:16 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2014-10-19 08:16 - 2014-10-27 12:47 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForGraham2014-10-19 08:16 - 2014-10-27 12:47 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForGraham.job2014-10-17 01:34 - 2014-10-17 01:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud2014-10-17 01:31 - 2014-10-17 01:31 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-10-17 01:31 - 2014-10-17 01:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-10-17 01:30 - 2014-10-17 01:31 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-10-17 01:30 - 2014-10-17 01:31 - 00000000 ____D () C:\Program Files\iTunes2014-10-17 01:30 - 2014-10-17 01:31 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-10-17 01:30 - 2014-10-17 01:30 - 00000000 ____D () C:\Program Files\iPod2014-10-15 17:02 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll2014-10-15 17:02 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll2014-10-15 17:02 - 2014-06-18 18:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll2014-10-15 17:01 - 2014-06-18 18:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll2014-10-15 17:01 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll2014-10-15 17:01 - 2014-06-18 18:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll2014-10-15 16:54 - 2014-10-09 22:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-10-15 16:54 - 2014-10-09 22:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll2014-10-15 16:54 - 2014-10-09 22:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-10-15 16:54 - 2014-10-06 22:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-10-15 16:54 - 2014-10-06 22:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-10-15 16:54 - 2014-09-28 20:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-10-15 16:54 - 2014-09-25 18:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-10-15 16:54 - 2014-09-25 18:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-10-15 16:54 - 2014-09-25 18:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-10-15 16:54 - 2014-09-25 18:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-10-15 16:54 - 2014-09-25 18:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-10-15 16:54 - 2014-09-25 18:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-10-15 16:54 - 2014-09-25 18:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-10-15 16:54 - 2014-09-18 22:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-10-15 16:54 - 2014-09-18 21:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-10-15 16:54 - 2014-09-18 21:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-10-15 16:54 - 2014-09-18 21:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-10-15 16:54 - 2014-09-18 21:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-10-15 16:54 - 2014-09-18 21:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-10-15 16:54 - 2014-09-18 21:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-10-15 16:54 - 2014-09-18 21:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-10-15 16:54 - 2014-09-18 21:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2014-10-15 16:54 - 2014-09-18 21:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-10-15 16:54 - 2014-09-18 21:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-10-15 16:54 - 2014-09-18 21:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-10-15 16:54 - 2014-09-18 21:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-10-15 16:54 - 2014-09-18 21:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-10-15 16:54 - 2014-09-18 21:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-10-15 16:54 - 2014-09-18 21:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-10-15 16:54 - 2014-09-18 21:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-10-15 16:54 - 2014-09-18 21:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-10-15 16:54 - 2014-09-18 21:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-10-15 16:54 - 2014-09-18 21:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-10-15 16:54 - 2014-09-18 21:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-10-15 16:54 - 2014-09-18 21:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-10-15 16:54 - 2014-09-18 21:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-10-15 16:54 - 2014-09-18 21:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-10-15 16:54 - 2014-09-18 21:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-10-15 16:54 - 2014-09-18 21:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-10-15 16:54 - 2014-09-18 20:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2014-10-15 16:54 - 2014-09-18 20:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-10-15 16:54 - 2014-09-18 20:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-10-15 16:54 - 2014-09-18 20:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-10-15 16:54 - 2014-09-18 20:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-10-15 16:54 - 2014-09-18 20:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-10-15 16:54 - 2014-09-18 20:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-10-15 16:54 - 2014-09-18 20:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-10-15 16:54 - 2014-09-18 20:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-10-15 16:54 - 2014-09-18 20:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-10-15 16:54 - 2014-09-18 20:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-10-15 16:54 - 2014-09-18 20:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-10-15 16:54 - 2014-09-18 20:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-10-15 16:54 - 2014-09-18 20:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-10-15 16:54 - 2014-09-18 20:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-10-15 16:54 - 2014-09-18 20:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-10-15 16:54 - 2014-09-18 20:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-10-15 16:54 - 2014-09-18 19:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-10-15 16:54 - 2014-09-18 19:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-10-15 16:54 - 2014-09-18 19:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-10-15 16:54 - 2014-09-18 19:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-10-15 16:54 - 2014-09-04 01:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll2014-10-15 16:54 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll2014-10-15 16:53 - 2014-09-17 22:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll2014-10-15 16:53 - 2014-09-17 21:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll2014-10-15 16:52 - 2014-07-16 22:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll2014-10-15 16:52 - 2014-07-16 22:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe2014-10-15 16:52 - 2014-07-16 22:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll2014-10-15 16:52 - 2014-07-16 22:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe2014-10-15 16:52 - 2014-07-16 22:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll2014-10-15 16:52 - 2014-07-16 22:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll2014-10-15 16:52 - 2014-07-16 22:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2014-10-15 16:52 - 2014-07-16 22:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2014-10-15 16:52 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll2014-10-15 16:52 - 2014-07-16 21:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll2014-10-15 16:52 - 2014-07-16 21:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe2014-10-15 16:52 - 2014-07-16 21:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll2014-10-15 16:52 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2014-10-15 16:52 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2014-10-15 16:52 - 2014-07-16 21:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys2014-10-15 16:52 - 2014-07-16 21:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys2014-10-14 17:17 - 2014-09-12 21:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll2014-10-14 17:17 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll2014-10-11 10:39 - 2014-10-12 10:20 - 00000000 ____D () C:\Users\Graham\Desktop\Robin Pics2014-10-10 06:03 - 2014-10-10 19:27 - 00009344 _____ () C:\Users\Graham\Documents\lowes.xlsx2014-10-08 10:11 - 2014-10-08 10:11 - 01635288 _____ () C:\Windows\Minidump\100814-44772-01.dmp2014-10-07 16:09 - 2014-10-07 16:09 - 00003750 _____ () C:\Users\Graham\Downloads\c145356.ics2014-09-30 18:13 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll2014-09-30 18:13 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll2014-09-29 14:43 - 2014-09-29 15:30 - 1053921938 _____ () C:\Users\Graham\Downloads\downton_abbey.5x02.720p_hdtv_x264-fov.mkv ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-28 16:54 - 2014-06-23 16:00 - 00000568 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-356050647-1739812504-2184696174-1001.job2014-10-28 16:52 - 2011-09-21 03:42 - 01557136 _____ () C:\Windows\WindowsUpdate.log2014-10-28 16:38 - 2011-12-27 18:20 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-356050647-1739812504-2184696174-1001UA.job2014-10-28 16:37 - 2012-04-06 09:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-10-28 10:39 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-10-28 10:39 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-10-28 10:33 - 2014-01-21 13:24 - 00001004 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk2014-10-28 10:33 - 2014-01-21 13:24 - 00000988 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk2014-10-28 10:33 - 2012-02-12 11:32 - 00000000 ___RD () C:\Users\Graham\Dropbox2014-10-28 10:33 - 2012-02-12 11:30 - 00000000 ____D () C:\Users\Graham\AppData\Roaming\Dropbox2014-10-28 10:32 - 2011-12-28 12:05 - 00000000 ____D () C:\Program Files (x86)\LogMeIn2014-10-28 10:29 - 2011-12-28 12:06 - 00107392 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll2014-10-28 10:29 - 2011-12-28 12:06 - 00092520 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll2014-10-28 10:29 - 2011-12-28 12:06 - 00035688 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll2014-10-28 10:28 - 2013-06-20 16:15 - 00000000 ____D () C:\Temp2014-10-28 10:28 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-10-28 10:27 - 2010-11-20 23:47 - 00842958 _____ () C:\Windows\PFRO.log2014-10-28 10:27 - 2009-07-14 00:51 - 00130337 _____ () C:\Windows\setupact.log2014-10-28 10:13 - 2013-01-02 11:53 - 00000000 ____D () C:\Users\Graham\Desktop\Ethiopia2014-10-28 10:12 - 2012-01-13 20:42 - 00000000 ____D () C:\Users\Graham\AppData\Local\CrashDumps2014-10-28 10:10 - 2011-12-27 21:19 - 00000000 ____D () C:\Users\Graham2014-10-28 10:08 - 2011-12-27 18:20 - 00000000 ____D () C:\Users\Graham\AppData\Local\Deployment2014-10-28 10:04 - 2011-12-28 12:06 - 00000000 ____D () C:\ProgramData\LogMeIn2014-10-28 07:22 - 2012-06-03 11:32 - 00000000 ____D () C:\Users\Graham\AppData\Roaming\vlc2014-10-28 01:28 - 2011-12-27 18:20 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-356050647-1739812504-2184696174-1001Core.job2014-10-28 01:22 - 2011-12-27 17:33 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{64F8A22D-E6A4-48CF-A58D-1626E28A6D62}2014-10-27 14:33 - 2011-12-27 18:21 - 00002370 _____ () C:\Users\Graham\Desktop\Google Chrome.lnk2014-10-27 14:00 - 2012-01-11 15:00 - 00000000 __SHD () C:\Users\Graham\Documents\cache2014-10-27 12:56 - 2012-01-11 14:59 - 00000000 ____D () C:\ProgramData\WebEx2014-10-25 12:06 - 2009-07-14 01:13 - 00783424 _____ () C:\Windows\system32\PerfStringBackup.INI2014-10-25 09:50 - 2011-12-30 17:50 - 77537280 ____R () C:\Users\Graham\Sfg02.QBW2014-10-25 09:50 - 2011-12-30 17:50 - 00327680 ____R () C:\Users\Graham\Sfg02.QBW.TLG2014-10-25 09:50 - 2011-12-30 17:50 - 00000327 _____ () C:\Users\Graham\Sfg02.QBW.ND2014-10-23 19:08 - 2012-01-19 21:24 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt2014-10-23 19:08 - 2011-12-30 17:35 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log2014-10-19 22:11 - 2014-06-23 16:00 - 00003598 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-356050647-1739812504-2184696174-10012014-10-19 12:17 - 2013-09-22 12:05 - 00000000 ____D () C:\ProgramData\Oracle2014-10-19 12:16 - 2011-05-08 15:36 - 00000000 ____D () C:\Program Files (x86)\Java2014-10-19 03:53 - 2011-12-31 22:21 - 00000000 ____D () C:\Windows\System32\Tasks\Games2014-10-19 01:23 - 2011-12-27 18:20 - 00003884 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-356050647-1739812504-2184696174-1001UA2014-10-19 01:23 - 2011-12-27 18:20 - 00003488 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-356050647-1739812504-2184696174-1001Core2014-10-16 05:53 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache2014-10-16 03:40 - 2009-07-14 00:45 - 00310240 _____ () C:\Windows\system32\FNTCACHE.DAT2014-10-16 03:36 - 2014-04-30 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-10-16 03:13 - 2012-01-03 12:47 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-10-16 03:09 - 2013-08-03 03:00 - 00000000 ____D () C:\Windows\system32\MRT2014-10-16 03:01 - 2012-01-02 10:37 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-10-15 17:02 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared2014-10-14 17:13 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF2014-10-11 10:31 - 2014-03-01 18:54 - 00000000 ____D () C:\Users\Graham\Desktop\DCIM2014-10-10 19:27 - 2013-05-29 06:08 - 00177138 _____ () C:\Users\Graham\Documents\Freedom2.xlsx2014-10-10 19:27 - 2012-03-19 20:19 - 00054784 _____ () C:\Users\Graham\Documents\perpin1.xls2014-10-09 01:42 - 2012-11-14 19:00 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForGRAHAM-HP$.job2014-10-09 01:42 - 2012-06-24 09:01 - 00003220 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForGRAHAM-HP$2014-10-08 11:01 - 2011-12-30 17:50 - 00000000 ____D () C:\Users\Graham\QuickBooksAutoDataRecovery2014-10-08 10:58 - 2013-04-30 19:03 - 00000103 _____ () C:\Users\Graham\mkx12585.ini2014-10-08 10:58 - 2011-12-31 13:17 - 00048692 _____ () C:\Users\Graham\~qbofx322014-10-08 10:11 - 2012-01-29 00:05 - 515732076 _____ () C:\Windows\MEMORY.DMP2014-10-08 10:11 - 2012-01-29 00:05 - 00000000 ____D () C:\Windows\Minidump Files to move or delete:====================C:\Users\Graham\en_res.dllC:\Users\Graham\es_res.dllC:\Users\Graham\fr_res.dllC:\Users\Graham\grm_res.dllC:\Users\Graham\it_res.dllC:\Users\Graham\jp_res.dllC:\Users\Graham\mfc80u.dllC:\Users\Graham\msvcr80.dllC:\Users\Graham\PCPE Setup.exeC:\Users\Graham\pt_res.dllC:\Users\Graham\ResourceReader.dllC:\Users\Graham\ru_res.dllC:\Users\Graham\zh_res.dll Some content of TEMP:====================C:\Users\Graham\AppData\Local\Temp\Abspdf.exeC:\Users\Graham\AppData\Local\Temp\acfpdfu.dllC:\Users\Graham\AppData\Local\Temp\acfpdfuamd64.dllC:\Users\Graham\AppData\Local\Temp\acfpdfui.dllC:\Users\Graham\AppData\Local\Temp\acfpdfuia64.dllC:\Users\Graham\AppData\Local\Temp\acfpdfuiamd64.dllC:\Users\Graham\AppData\Local\Temp\acfpdfuiia64.dllC:\Users\Graham\AppData\Local\Temp\ApnStub.exeC:\Users\Graham\AppData\Local\Temp\cdintf.dllC:\Users\Graham\AppData\Local\Temp\dllnt_dump.dllC:\Users\Graham\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplnwoat.dllC:\Users\Graham\AppData\Local\Temp\Extract.exeC:\Users\Graham\AppData\Local\Temp\EyeFiUpdates.exeC:\Users\Graham\AppData\Local\Temp\G2MInstallerExtractor.exeC:\Users\Graham\AppData\Local\Temp\HPHelpUpdater.exeC:\Users\Graham\AppData\Local\Temp\ICReinstall_Free_Download_Setup.exeC:\Users\Graham\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exeC:\Users\Graham\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exeC:\Users\Graham\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exeC:\Users\Graham\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exeC:\Users\Graham\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exeC:\Users\Graham\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exeC:\Users\Graham\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exeC:\Users\Graham\AppData\Local\Temp\MotoCast_Installer_2.0309.exeC:\Users\Graham\AppData\Local\Temp\MotorolaDeviceManager_2.0403.exeC:\Users\Graham\AppData\Local\Temp\MotorolaDeviceManager_2.0405.exeC:\Users\Graham\AppData\Local\Temp\MSIZAP.EXEC:\Users\Graham\AppData\Local\Temp\nsp72FF.tmp.tbWise.dllC:\Users\Graham\AppData\Local\Temp\ochelper.exeC:\Users\Graham\AppData\Local\Temp\oi_{89ACED93-0376-4753-83C1-B9A90F6FAF02}.exeC:\Users\Graham\AppData\Local\Temp\PDFPRT400.exeC:\Users\Graham\AppData\Local\Temp\Quarantine.exeC:\Users\Graham\AppData\Local\Temp\Resource.exeC:\Users\Graham\AppData\Local\Temp\SP53394.exeC:\Users\Graham\AppData\Local\Temp\SP53462.exeC:\Users\Graham\AppData\Local\Temp\SP54127.exeC:\Users\Graham\AppData\Local\Temp\sp54373.exeC:\Users\Graham\AppData\Local\Temp\sp54620.exeC:\Users\Graham\AppData\Local\Temp\SP54714.exeC:\Users\Graham\AppData\Local\Temp\SP55151.exeC:\Users\Graham\AppData\Local\Temp\sp58915.exeC:\Users\Graham\AppData\Local\Temp\sp64126.exeC:\Users\Graham\AppData\Local\Temp\sqlite3.dllC:\Users\Graham\AppData\Local\Temp\tbedrs.dllC:\Users\Graham\AppData\Local\Temp\tmp2CBA.exeC:\Users\Graham\AppData\Local\Temp\tmp2E.exeC:\Users\Graham\AppData\Local\Temp\tmp3ED7.exeC:\Users\Graham\AppData\Local\Temp\tmp3FA9.exeC:\Users\Graham\AppData\Local\Temp\tmp76EE.exeC:\Users\Graham\AppData\Local\Temp\tmp7A6C.exeC:\Users\Graham\AppData\Local\Temp\tmp84A9.exeC:\Users\Graham\AppData\Local\Temp\tmp8A34.exeC:\Users\Graham\AppData\Local\Temp\tmp8DBF.exeC:\Users\Graham\AppData\Local\Temp\tmp905C.exeC:\Users\Graham\AppData\Local\Temp\tmpA5BB.exeC:\Users\Graham\AppData\Local\Temp\tmpE0EB.exeC:\Users\Graham\AppData\Local\Temp\tmpF5A5.exeC:\Users\Graham\AppData\Local\Temp\UninstallHPSA.exeC:\Users\Graham\AppData\Local\Temp\UninstallHPTCA.exeC:\Users\Graham\AppData\Local\Temp\vcredist_x86.exeC:\Users\Graham\AppData\Local\Temp\xmllite.dllC:\Users\Graham\AppData\Local\Temp\_is3E69.exeC:\Users\Graham\AppData\Local\Temp\_is8D60.exeC:\Users\Graham\AppData\Local\Temp\_isA794.exeC:\Users\Graham\AppData\Local\Temp\_isBF99.exeC:\Users\Graham\AppData\Local\Temp\_isE80.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-16 05:45 ==================== End Of Log ============================

Step 7 C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\APNSetup.exe.vir a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert0.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert1.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert2.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\Expat_Shield\Expat_ShieldToolbarHelper.exe.vir Win32/Toolbar.Conduit.Q potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\Expat_Shield\ldrtbExpa.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\Expat_Shield\prxtbExpa.dll.vir Win32/Toolbar.Conduit.O potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\Expat_Shield\tbExpa.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\Your-TV\ldrtbYour.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\Your-TV\prxtbYou0.dll.vir Win32/Toolbar.Conduit.O potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\Your-TV\prxtbYour.dll.vir Win32/Toolbar.Conduit.O potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\Your-TV\tbYour.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\Your-TV\Your-TVToolbarHelper.exe.vir Win32/Toolbar.Conduit.Q potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\your-tv-live\ldrtbyour.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\your-tv-live\prxtbyou0.dll.vir Win32/Toolbar.Conduit.O potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\your-tv-live\prxtbyour.dll.vir Win32/Toolbar.Conduit.O potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\your-tv-live\tbyour.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\your-tv-live\your-tv-liveToolbarHelper.exe.vir Win32/Toolbar.Conduit.Q potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\Graham\AppData\Local\Conduit\CT2549263\Expat_ShieldAutoUpdateHelper.exe.vir Win32/Toolbar.Conduit.Q potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\Graham\AppData\Local\Conduit\CT2780272\Your-TVAutoUpdateHelper.exe.vir Win32/Toolbar.Conduit.Q potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\Graham\AppData\Local\Conduit\CT3171454\your-tv-liveAutoUpdateHelper.exe.vir Win32/Toolbar.Conduit.Q potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\Graham\AppData\LocalLow\Expat_Shield\ldrtbExpa.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\Graham\AppData\LocalLow\Expat_Shield\tbExpa.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\Graham\AppData\LocalLow\Your-TV\ldrtbYour.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\Graham\AppData\LocalLow\Your-TV\tbYour.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\Graham\AppData\LocalLow\your-tv-live\ldrtbyour.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\Graham\AppData\LocalLow\your-tv-live\tbyour.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted applicationC:\Users\Graham\AppData\Local\Downloaded Installations\{AC08ECED-D6F8-404E-93A0-F037F0623C92}\The Weather Channel App.msi a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe applicationC:\Users\Graham\AppData\Local\Temp\ApnStub.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe applicationC:\Users\Graham\AppData\Local\Temp\ASK1F63.tmp a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe applicationC:\Users\Graham\AppData\Local\Temp\ASK714E.tmp a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe applicationC:\Users\Graham\AppData\Local\Temp\ASKB5AB.tmp a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe applicationC:\Users\Graham\AppData\Local\Temp\ASKC57A.tmp a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe applicationC:\Users\Graham\AppData\Local\Temp\ICReinstall_Free_Download_Setup.exe a variant of Win32/InstallCore.RA potentially unwanted applicationC:\Users\Graham\AppData\Local\Temp\nsp72FF.tmp.tbWise.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted applicationC:\Users\Graham\AppData\Local\Temp\tbedrs.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted applicationC:\Users\Graham\AppData\Local\Temp\25832002.Uninstall\uninstaller.exe Win32/InstallCore.AZ potentially unwanted applicationC:\Users\Graham\AppData\Local\Temp\25889598.Uninstall\uninstaller.exe Win32/InstallCore.AZ potentially unwanted applicationC:\Users\Graham\AppData\Local\Temp\is357113909\uninstaller.exe Win32/InstallCore.AZ potentially unwanted applicationC:\Users\Graham\AppData\Local\Temp\{167158CE-1637-4167-8A1C-C2549EEA966A}\Offercast2821_WCL2_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe applicationC:\Users\Graham\Downloads\HSS-2.24-install-anchorfree-232-expatshield.exe a variant of Win32/Toolbar.Conduit.AI potentially unwanted applicationC:\Users\Graham\Downloads\HSS-2.90-install-hss-409-conduit.exe Win32/Toolbar.Conduit potentially unwanted applicationC:\Users\Graham\Downloads\HSS-3.42-install-hss-409-conduit.exe Win32/Toolbar.Conduit potentially unwanted applicationC:\Users\Graham\Downloads\Produtools_Manuals_2_1.exe Win32/Toolbar.Conduit potentially unwanted applicationC:\Windows\Installer\b8beaab.msi a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application

Step 6 Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 10/28/2014Scan Time: 10:39:03 AMLogfile: malware scan.txtAdministrator: Yes Version: 2.00.3.1025Malware Database: v2014.10.28.03Rootkit Database: v2014.10.22.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Enabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Graham Scan Type: Threat ScanResult: CompletedObjects Scanned: 391042Time Elapsed: 1 hr, 0 min, 21 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end)

Step 5 # AdwCleaner v4.002 - Report created 28/10/2014 at 10:26:32 # DB v2014-10-26.6# Updated 27/10/2014 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Graham - GRAHAM-HP# Running from : C:\Users\Graham\Downloads\AdwCleaner (1).exe# Option : Clean ***** [ Services ] ***** [#] Service Deleted : ExpatShieldService[#] Service Deleted : ExpatSrv[#] Service Deleted : ExpatTrayService[#] Service Deleted : ExpatWd ***** [ Files / Folders ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17344 -\\ Google Chrome v ************************* AdwCleaner[R0].txt - [15414 octets] - [19/10/2014 12:32:31]AdwCleaner[R1].txt - [1255 octets] - [28/10/2014 10:15:18]AdwCleaner[s0].txt - [14269 octets] - [19/10/2014 12:36:42]AdwCleaner[s1].txt - [1189 octets] - [28/10/2014 10:26:32] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1249 octets] ##########

Step 4 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.3.3 (10.21.2014:1)OS: Windows 7 Home Premium x64Ran by Graham on Tue 10/28/2014 at 9:27:30.48~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{449C3E0B-6B73-445B-82AE-3153B5093B57}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5D5EE544-ABDA-4953-9A7B-978D449D9B1D} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\Graham\AppData\Roaming\zip opener packages"Successfully deleted: [Folder] "C:\Users\Graham\appdata\local\cre"Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{0E2F8F2D-BE65-4547-8BCD-1168B8C8C0C2}Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{35EC0B26-C3DE-45D1-8735-60E4F304E918}Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{653CC3CC-00A1-4C15-8D60-EAF71329B5CB}Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{AAE614B3-D42F-42E8-803C-E2E79022C52E}Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{CD1B7AFE-C6EA-4DCC-8271-A2329DB06B13}Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{F219200E-D1E5-4889-A5BC-9AC6F63DED61} ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Tue 10/28/2014 at 9:34:38.96End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

RKill Log: Rkill 2.6.8 by Lawrence Abrams (Grinler)http://www.bleepingcomputer.com/Copyright 2008-2014 BleepingComputer.comMore Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 10/25/2014 02:54:32 PM in x64 mode.Windows Version: Windows 7 Home Premium Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * C:\Windows\SysWOW64\ezSharedSvcHost.exe (PID: 2084) [WD-HEUR] 1 proccess terminated! Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * No issues found. Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. Program finished at: 10/25/2014 03:00:02 PMExecution time: 0 hours(s), 5 minute(s), and 30 seconds(s)

Roguekiller Log: RogueKiller V10.0.3.0 (x64) [Oct 16 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Graham [Administrator]Mode : Scan -- Date : 10/25/2014 16:22:44 ¤¤¤ Processes : 3 ¤¤¤[suspicious.Path] Dashlane.exe -- C:\Users\Graham\AppData\Roaming\Dashlane\Dashlane.exe[7] -> Killed [TermProc][suspicious.Path] agent.exe -- C:\ProgramData\FLEXnet\Connect\11\agent.exe[7] -> Killed [TermProc][suspicious.Path] DashlanePlugin.exe -- C:\Users\Graham\AppData\Roaming\Dashlane\DashlanePlugin.exe[7] -> Killed [TermProc] ¤¤¤ Registry : 22 ¤¤¤[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-356050647-1739812504-2184696174-1001\Software\Microsoft\Windows\CurrentVersion\Run | Dashlane : "C:\Users\Graham\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup -> Found[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-356050647-1739812504-2184696174-1001\Software\Microsoft\Windows\CurrentVersion\Run | SmartAnalyzer for SmartOffice : C:\Users\Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ebix Inc\SmartAnalyzer for SmartOffice - Installer.appref-ms -> Found[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-356050647-1739812504-2184696174-1001\Software\Microsoft\Windows\CurrentVersion\Run | SmartOffice Desktop Integrations : C:\Users\Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ebix Inc\SmartOffice Desktop Integrations 2.0 - Installer.appref-ms -> Found[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-356050647-1739812504-2184696174-1001\Software\Microsoft\Windows\CurrentVersion\Run | Dashlane : "C:\Users\Graham\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup -> Found[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-356050647-1739812504-2184696174-1001\Software\Microsoft\Windows\CurrentVersion\Run | SmartAnalyzer for SmartOffice : C:\Users\Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ebix Inc\SmartAnalyzer for SmartOffice - Installer.appref-ms -> Found[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-356050647-1739812504-2184696174-1001\Software\Microsoft\Windows\CurrentVersion\Run | SmartOffice Desktop Integrations : C:\Users\Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ebix Inc\SmartOffice Desktop Integrations 2.0 - Installer.appref-ms -> Found[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ExpatShieldService (C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe) -> Found[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ExpatSrv (C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe) -> Found[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ExpatTrayService (C:\Program Files (x86)\Expat Shield\bin\ExpatTrayService.EXE) -> Found[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ExpatWd (C:\Program Files (x86)\Expat Shield\bin\hsswd.exe -product Expat) -> Found[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ExpatShieldService (C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe) -> Found[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ExpatSrv (C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe) -> Found[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ExpatTrayService (C:\Program Files (x86)\Expat Shield\bin\ExpatTrayService.EXE) -> Found[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ExpatWd (C:\Program Files (x86)\Expat Shield\bin\hsswd.exe -product Expat) -> Found[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ExpatShieldService (C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe) -> Found[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ExpatSrv (C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe) -> Found[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ExpatTrayService (C:\Program Files (x86)\Expat Shield\bin\ExpatTrayService.EXE) -> Found[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ExpatWd (C:\Program Files (x86)\Expat Shield\bin\hsswd.exe -product Expat) -> Found[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found ¤¤¤ Tasks : 1 ¤¤¤[suspicious.Path] \\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} -- "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" (/silent $(Arg0)) -> Found ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: TOSHIBA MK6476GSX SATA Disk Device +++++--- User ---[MBR] dcddd2988da2953f970b7cf3aad93e31[bSP] df2c1c2e7bbff6bdec1ef9d26964e6b2 : Windows Vista/7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 595424 MB2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1219837952 | Size: 14752 MB3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 1250050048 | Size: 103 MBUser = LL1 ... OKUser != LL2 ... KO!--- LL2 ---[MBR] c6a45de37da3e0338231e05937094ca6[bSP] df2c1c2e7bbff6bdec1ef9d26964e6b2 : Windows Vista/7/8 MBR CodePartition table:0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 77824 MB1 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 159793152 | Size: 400 MB

Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 10/25/2014 Scan Time: 3:06:48 PM Logfile: Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.10.25.05 Rootkit Database: v2014.10.22.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Graham Scan Type: Threat Scan Result: Completed Objects Scanned: 393628 Time Elapsed: 51 min, 3 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)

I cannot get malwarebytes to load or run. I have tried running it via chameleon and it does not run. Please find attached to this post the farbar scan logs. Thanks in advance for your help. Addition.txt FRST.txt

I believe that I have a virus, rootkit, or malware on my computer. My computer is not allowing me to run malwarebytes. I have tried rebooting and also running malwarebytes via chameleon and it will not work. Please help. I wish to avoid reformatting my hard drive if at all possible. Thank you.