gjwsfg
Members-
Posts
15 -
Joined
-
Last visited
Reputation
0 Neutral-
Malwarebytes Won't Run Please Help
gjwsfg replied to gjwsfg's topic in Resolved Malware Removal Logs
Everything appears to be working great now. Your help was very much appreciated thank you very much! -
Malwarebytes Won't Run Please Help
gjwsfg replied to gjwsfg's topic in Resolved Malware Removal Logs
ok finished with the panda and posted above. -
Malwarebytes Won't Run Please Help
gjwsfg replied to gjwsfg's topic in Resolved Malware Removal Logs
Unknown. FILE: C:\PROGRAM FILES (X86)\CONTROLCENTER4\BRCCBOOT.EXE to be deleted. Unknown. FILE: C:\Users\Graham\Desktop\ControlCenter4.lnk to be deleted. Unknown. FILE: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\ADS-1500W\ControlCenter4.lnk to be deleted. Unknown. REGKEY: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[ControlCenter4]. Value: ControlCenter4 To be deleted. Unknown. REGKEY: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run[ControlCenter4]. Value: ControlCenter4 To be deleted. Unknown. REGKEY: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run[ControlCenter4]. Value: ControlCenter4 To be deleted. Unknown. FILE: C:\PROGRAM FILES (X86)\CONTROLCENTER4\BRCTRLCNTR.EXE to be deleted. Unknown. FILE: C:\PROGRAM FILES (X86)\COMMON FILES\INTUIT\QUICKBOOKS\QBCFMONITORSERVICE.EXE to be deleted. Unknown. REGKEY: HKLM\SYSTEM\CurrentControlSet\Services\QBCFMonitorService. Key to be deleted. . FILE: C:\USERS\GRAHAM\DOWNLOADS\PRODUTOOLS_MANUALS_2_1.EXE to be deleted. Unknown. FILE: C:\PROGRAM FILES (X86)\BROWNYSCN\BROTHER\BRSTMONSCN.EXE to be deleted. Unknown. FILE: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\ADS-1500W\Status Monitor.lnk to be deleted. Unknown. FILE: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\ADS-1500W LAN\Status Monitor.lnk to be deleted. Unknown. REGKEY: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[brScnStsMon00]. Value: BrScnStsMon00 To be deleted. Unknown. REGKEY: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run[brScnStsMon00]. Value: BrScnStsMon00 To be deleted. Unknown. REGKEY: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run[brScnStsMon00]. Value: BrScnStsMon00 To be deleted. Unknown. FILE: C:\PROGRAM FILES (X86)\BROTHER\BROTHER HELP\BROTHERHELP.EXE to be deleted. Unknown. FILE: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\ADS-1500W\Brother Help.lnk to be deleted. Unknown. FILE: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\ADS-1500W LAN\Brother Help.lnk to be deleted. Unknown. REGKEY: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[brHelp]. Value: BrHelp To be deleted. Unknown. REGKEY: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run[brHelp]. Value: BrHelp To be deleted. Unknown. REGKEY: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run[brHelp]. Value: BrHelp To be deleted. Unknown. FILE: C:\PROGRAM FILES (X86)\BROWNYSCN\SCANNERSTATUSMONITORSERVICE.EXE to be deleted. Unknown. REGKEY: HKLM\SYSTEM\CurrentControlSet\Services\ScannerStatusMonitorService. Key to be deleted. Unknown. FILE: C:\PROGRAM FILES (X86)\CONTROLCENTER4\BRCCUXSYS.EXE to be deleted. Malware. FILE: C:\Users\Graham\AppData\Roaming\MICROSOFT\Windows\Cookies\Z7G14QIV.txt to be deleted. Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[sHOWSUPERHIDDEN] to be changed to: 0 Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[sHOWSUPERHIDDEN] to be changed to: 0 Malware. REGKEY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLEREGISTRYTOOLS]. Value: DISABLEREGISTRYTOOLS To be deleted. Malware. REGKEY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLETASKMGR]. Value: DISABLETASKMGR To be deleted. -
Malwarebytes Won't Run Please Help
gjwsfg replied to gjwsfg's topic in Resolved Malware Removal Logs
JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Wed Oct 29 09:23:20 2014 There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124. Found and removed: Software\Classes\JavaPlugin.160_37 Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.7.0.0 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects Found and removed: SOFTWARE\JavaSoft Found and removed: SOFTWARE\JreMetrics Found and removed: SOFTWARE\Classes\JavaPlugin.10402 ------------------------------------ Finished reporting. -
Malwarebytes Won't Run Please Help
gjwsfg replied to gjwsfg's topic in Resolved Malware Removal Logs
Step 8: Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-10-2014 01 Ran by Graham at 2014-10-28 17:01:46Running from C:\Users\Graham\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) HiddenAdobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) HiddenAMD APP SDK Runtime (Version: 2.4.595.9 - Advanced Micro Devices Inc.) HiddenAMD System Monitor (HKLM-x32\...\{C1C82DC9-1547-4038-8F0A-C069F0B7F2ED}) (Version: 1.0.5 - Advanced Micro Devices, Inc.)AMD VISION Engine Control Center (x32 Version: 2011.0401.2259.39449 - ATI) HiddenAnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)ATI Catalyst Install Manager (HKLM\...\{942836D4-5395-652B-F1E8-A7C5B039910C}) (Version: 3.0.820.0 - ATI Technologies, Inc.)Audacity 1.3.14 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team)Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)BBC iPlayer Desktop (HKLM-x32\...\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1) (Version: 3.2.15 - British Broadcasting Corp.)BBC iPlayer Desktop (x32 Version: 3.2.15 - British Broadcasting Corp.) HiddenBejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) HiddenBejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) HiddenBlackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) HiddenBlasterball 3 (x32 Version: 2.2.0.95 - WildTangent) HiddenBonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) HiddenBrother MFL-Pro Suite ADS-1500W (HKLM-x32\...\{BB45C673-7F52-4F7F-96BA-DE1995EEB471}) (Version: 1.0.4.0 - Brother Industries, Ltd.)Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) HiddenCake Mania (x32 Version: 2.2.0.95 - WildTangent) HiddenCarbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.5.5 build 4151 (Jun-27-2014) - Carbonite)CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) HiddenCisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.3922 - CyberLink Corp.)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDashlane (HKCU\...\Dashlane) (Version: 3.0.6.69630 - Dashlane SAS)Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) HiddenDora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) HiddenDragon NaturallySpeaking 13 (HKLM-x32\...\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}) (Version: 13.00.000 - Nuance Communications Inc.)Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)Duplicate File Finder (HKLM-x32\...\{0670E1C9-84EF-4C85-B030-CF0A5A76B212}_is1) (Version: 5.4 - Ashisoft)Elevated Installer (x32 Version: 2.2.21 - Garmin Ltd or its subsidiaries) HiddenEnergy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)Eye-Fi Center 3.4 (HKLM-x32\...\{7764F7B0-7225-4145-82B6-2AB4540D33A6}) (Version: 3.4.26 - Eye-Fi, Inc)Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) HiddenFATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) HiddenFitbit Connect (HKLM-x32\...\{D3CD091B-296B-48E9-9F0F-E9FE53E02E41}) (Version: 1.0.3.5511 - Fitbit Inc.)Garmin BaseCamp (HKLM-x32\...\{B27D272F-2860-4363-9803-956C0A9FAFB9}) (Version: 4.1.2 - Garmin Ltd or its subsidiaries)Garmin City Navigator Europe NT 2013.10 Update (HKLM-x32\...\{EC28FA6E-E38D-4F72-80EF-1FBE66B05668}) (Version: 16.10.0.0 - Garmin Ltd or its subsidiaries)Garmin City Navigator North America NT 2013.10 Update (HKLM-x32\...\{DE2E1909-12C2-4249-8003-7978BEA3A14F}) (Version: 16.10.0.0 - Garmin Ltd or its subsidiaries)Garmin Communicator Plugin (HKLM-x32\...\{647BB978-2876-487B-9B0E-FDB73F0EA4A2}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)Garmin Communicator Plugin x64 (HKLM\...\{237D687E-9E50-4A30-B810-262764CC491B}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)Garmin Communicator Plugin x64 (HKLM\...\{EB418DDD-5365-4381-87F6-D8BBB21CC1CA}) (Version: 4.0.1 - Garmin Ltd or its subsidiaries)Garmin Express (HKLM-x32\...\{31a12940-e5c8-4d27-a6ac-005212152f1f}) (Version: 2.2.21 - Garmin Ltd or its subsidiaries)Garmin Express (x32 Version: 2.2.21 - Garmin Ltd or its subsidiaries) HiddenGarmin Express Tray (x32 Version: 2.2.21 - Garmin Ltd or its subsidiaries) HiddenGarmin MapInstall (HKLM-x32\...\{5ED7CD44-1A33-4B36-BA09-0B55FE82AF95}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)Garmin Update Service (x32 Version: 2.2.21 - Garmin Ltd or its subsidiaries) HiddenGarmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)Garmin WebUpdater (HKLM-x32\...\{F4DA4C73-026F-4D38-8C6B-85F0193E4B56}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)Get the Picture! (HKLM-x32\...\com.image.getthepicture) (Version: 2.3.4 - Image Holdings)Get the Picture! (x32 Version: 2.3.4 - Image Holdings) HiddenGoogle Chrome (HKCU\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)GoToMeeting 6.4.4.1831 (HKCU\...\GoToMeeting) (Version: 6.4.4.1831 - CitrixOnline)Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) HiddenHP 3D DriveGuard (HKLM\...\{5601F151-A69F-4E30-8C60-37928124CD07}) (Version: 4.1.9.1 - Hewlett-Packard Company)HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) HiddenHP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) HiddenHP Connection Manager (HKLM-x32\...\{7A6B4340-7090-418F-8976-EE9650B35550}) (Version: 4.1.22.1 - Hewlett-Packard Company)HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) HiddenHP Documentation (HKLM-x32\...\{C1C43BC8-2460-4E01-9628-332E04523BDC}) (Version: 1.2.0.0 - Hewlett-Packard)HP DVB-T TV Tuner 8.0.64.43 (HKLM-x32\...\HP DVB-T TV Tuner) (Version: 8.0.64.43 - )HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)HP LaserJet 200 color MFP M276 (HKLM-x32\...\{CC38C23C-7824-4DBB-AC73-997CD0BBFEC7}) (Version: 5.0.14057.1503 - Hewlett-Packard)HP LaserJet 200 color MFP M276 Fax (x32 Version: 29.0.84.0 - Hewlett-Packard Co.) HiddenHP LaserJet 200 color MFP M276 HP Device Toolbox (x32 Version: 29.0.84.0 - Hewlett-Packard Co.) HiddenHP LJ200 M276 HP Scan (x32 Version: 1.0.302.0 - Hewlett-Packard Co.) HiddenHP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)HP MovieStore (x32 Version: 1.0.047 - Hewlett-Packard) HiddenHP On Screen Display (HKLM-x32\...\{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}) (Version: 1.1.2 - Hewlett-Packard Company)HP Power Manager (HKLM-x32\...\{E44578C7-4667-4124-8BC2-1161BCA54978}) (Version: 1.4.4 - Hewlett-Packard Company)HP Product FWUpdater (x32 Version: 4.0.0.7242 - Hewlett-Packard Company) HiddenHP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)HP Software Framework (HKLM-x32\...\{28FE073B-1230-4BF6-830C-7434FD0C0069}) (Version: 4.1.13.1 - Hewlett-Packard Company)HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)HP Unified IO (Version: 2.0.0.404 - HP) HiddenHP Unified IO (x32 Version: 2.0.0.404 - HP) HiddenHP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) HiddenhpbM276DSService (x32 Version: 001.001.05874 - Hewlett-Packard) HiddenHPDXP (x32 Version: 3.0.26.8 - HP) HiddenHPLaserJet200color-MFPM276_HelpLearnCenter_SI (HKLM-x32\...\{0F044C7A-6EE1-4F03-90AC-329AAF2FCF12}) (Version: 1.01.0000 - Hewlett-Packard)HPLJDXPHelper (x32 Version: 020.021.004 - HP) HiddenHPLJUTCore (x32 Version: 004.005.0001 - HP) HiddenHPLJUTM276 (x32 Version: 3.00.0003 - HP) HiddenhppFaxDrvM276 (x32 Version: 003.000.00002 - Hewlett-Packard) HiddenhppLaserJetService (x32 Version: 009.027.00856 - Hewlett-Packard) HiddenhppM276LaserJetService (x32 Version: 001.019.00639 - Hewlett-Packard) HiddenhppSendFaxM276 (x32 Version: 003.000.00002 - Hewlett-Packard) HiddenhpStatusAlerts (x32 Version: 050.037.00142 - Hewlett Packard) HiddenhpStatusAlertsM276 (x32 Version: 050.034.00131 - Hewlett-Packard) HiddeniCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6329.0 - IDT)iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)Java Auto Updater (x32 Version: 2.1.71.14 - Oracle, Inc.) HiddenJava 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216037FF}) (Version: 6.0.370 - Oracle)Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenLJDXPHelperUI (x32 Version: 020.021.004 - HP) HiddenLogMeIn (HKLM-x32\...\{976475B8-63E9-4559-BE2C-D26086BE4C40}) (Version: 4.1.2126 - LogMeIn, Inc.)Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) HiddenMahjong Garden Deluxe (x32 Version: 2.2.0.98 - WildTangent) HiddenMalwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office Standard 2007 (HKLM-x32\...\STANDARD) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) HiddenMotorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) HiddenNamco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) HiddenPaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)Penguins! (x32 Version: 2.2.0.95 - WildTangent) HiddenPivothead Eyewear Recorder version 0.8.7.2 (HKLM-x32\...\7E809322-61A9-4CFE-BBB0-057A760325BD_is1) (Version: 0.8.7.2 - Pivothead)Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) HiddenPlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) HiddenPolar Bowler (x32 Version: 2.2.0.95 - WildTangent) HiddenPolar Golfer (x32 Version: 2.2.0.95 - WildTangent) HiddenPowerChute Personal Edition 3.0.2 (HKLM-x32\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric)QuickBooks (x32 Version: 23.0.4012.2305 - Intuit Inc.) HiddenQuickBooks Pro 2013 (HKLM-x32\...\{3C631966-387E-4054-85D9-BBFFABE32BD8}) (Version: 23.0.4005.2305 - Intuit Inc.)Quicken 2010 (HKLM-x32\...\{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}) (Version: 19.1.9.16 - Intuit)Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit)Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.7.6 - Intuit)QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)Ralink RT5390 802.11b/g/n WiFi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 3.02.02.0 - Ralink)Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.80 - Realtek Semiconductor Corp.)Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) HiddenRoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) HiddenSmartAnalyzer for SmartOffice - Installer (HKCU\...\54cf1f7f18457d33) (Version: 1.0.0.46 - Ebix Inc)SmartAnalyzer for SmartOffice (HKLM-x32\...\{AF65A957-ABE0-4C26-AEB3-58BDB64AD733}) (Version: 1.0.46 - Ebix Inc)SmartOffice Desktop Integration - Installer (HKCU\...\43cbdbbaf98478b8) (Version: 1.0.0.90 - Ebix Inc)SmartOffice Desktop Integrations 2.0 - Installer (HKCU\...\d8e2e892d55ef4cd) (Version: 3.0.0.13 - Ebix Inc)SmartOffice Desktop Integrations 2.0 (HKLM-x32\...\{79B6DA64-8AFB-44B4-8C4F-03BC6DA15829}) (Version: 3.0.13 - Ebix Inc)Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.4.4 - Synaptics Incorporated)TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)The Weather Channel App (HKLM-x32\...\{167158CE-1637-4167-8A1C-C2549EEA966A}) (Version: 1.00.0000 - The Weather Channel)Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)Update Installer for WildTangent Games App (x32 Version: - WildTangent) HiddenVirtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) HiddenVisual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) HiddenVisual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) HiddenWildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)WildTangent Games App for HP (x32 Version: 4.0.11.9 - WildTangent) HiddenWindows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) HiddenZuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-356050647-1739812504-2184696174-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Graham\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-356050647-1739812504-2184696174-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Graham\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-356050647-1739812504-2184696174-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Graham\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-356050647-1739812504-2184696174-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Graham\AppData\Local\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)CustomCLSID: HKU\S-1-5-21-356050647-1739812504-2184696174-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Graham\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-356050647-1739812504-2184696174-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Graham\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-356050647-1739812504-2184696174-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-356050647-1739812504-2184696174-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-356050647-1739812504-2184696174-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-356050647-1739812504-2184696174-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-356050647-1739812504-2184696174-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-356050647-1739812504-2184696174-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-356050647-1739812504-2184696174-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-356050647-1739812504-2184696174-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-356050647-1739812504-2184696174-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Graham\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File ==================== Restore Points ========================= 19-10-2014 13:46:59 Scheduled Checkpoint19-10-2014 16:13:38 Installed Java 7 Update 7119-10-2014 16:14:02 Windows Update22-10-2014 16:50:41 Windows Update25-10-2014 15:58:04 Windows Backup25-10-2014 20:28:42 Windows Update28-10-2014 20:49:19 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {01CC98A0-A9F9-475F-9F69-DF9F566BFAB2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CNF8G5QBQN => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)Task: {06CB909D-7BA1-499C-B6B4-4D06CFD7D2A9} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()Task: {099A54C1-86A0-47B3-A55C-64193493F34A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-356050647-1739812504-2184696174-1001UA => C:\Users\Graham\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)Task: {0A03B829-C94A-41AB-A631-093670D2F5DA} - System32\Tasks\HPCeeScheduleForGraham => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)Task: {17BFA054-7549-48CC-853D-4609BED90055} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)Task: {1F06A448-C8BC-4DEE-B120-A4C9311DAA1A} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()Task: {3246F233-1FEE-4E7C-AD05-435D76A3DE02} - System32\Tasks\G2MUpdateTask-S-1-5-21-356050647-1739812504-2184696174-1001 => C:\Users\Graham\AppData\Local\Citrix\GoToMeeting\1831\g2mupdate.exe [2014-10-19] (Citrix Online, a division of Citrix Systems, Inc.)Task: {3CA6CF2F-0E5E-48FD-8A7B-E5AFC4B50EBF} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exeTask: {3E1FE93D-5E90-474F-9757-674337FEECD3} - System32\Tasks\{16368D8E-4947-43F6-BE13-20043D1E85AF} => C:\Program Files (x86)\Quicken\qw.exe [2014-03-04] ()Task: {45079B39-7275-415A-8E07-8C7E7BEDDDD9} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2012-06-14] (Hewlett Packard)Task: {5050D9DB-FF20-44CF-BE19-08442A0E3980} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)Task: {6304540D-490E-41CB-95AF-803BB1B04833} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {6706B596-715B-434A-9733-A0EC98B18622} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-22] (CyberLink)Task: {72671FF3-AAAC-4FAF-84A1-B85C39AA3097} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)Task: {99290D8A-CC5C-4D8C-A7AC-078B62A9EF0B} - System32\Tasks\HPCeeScheduleForGRAHAM-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)Task: {B2080E7F-2B57-4CBB-92BE-5677D1569174} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-356050647-1739812504-2184696174-1001Core => C:\Users\Graham\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)Task: {B8D67547-011F-4D73-BEA2-9DD49E0ABA0E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)Task: {C791B834-5D2B-4ACB-81E2-44B0B8936EE0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)Task: {C9DA3A46-3540-4A6B-89DB-93C6C336DEA6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-10-21] (Microsoft)Task: {CAE212A3-EBAF-48B0-A8C8-6F8007C43260} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)Task: {D6F44D96-499A-44D7-99E3-17FF8604FB2B} - System32\Tasks\{4EFFA3A2-06F4-4702-AEC2-68D8161C5E3F} => C:\Program Files (x86)\Quicken\qw.exe [2014-03-04] ()Task: {DAFAAA64-4E44-44EB-B418-F033F559D7C6} - System32\Tasks\{66388A37-E5B7-4495-9CFD-6ED8734121C4} => C:\Program Files (x86)\Quicken\qw.exe [2014-03-04] ()Task: {DCE50077-7C8C-45DE-9777-99B0247E9499} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-356050647-1739812504-2184696174-1001.job => C:\Users\Graham\AppData\Local\Citrix\GoToMeeting\1831\g2mupdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-356050647-1739812504-2184696174-1001Core.job => C:\Users\Graham\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-356050647-1739812504-2184696174-1001UA.job => C:\Users\Graham\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\HPCeeScheduleForGRAHAM-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exeTask: C:\Windows\Tasks\HPCeeScheduleForGraham.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2011-04-02 02:06 - 2011-04-02 02:06 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll2014-06-13 11:09 - 2005-04-22 00:36 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll2014-01-07 10:09 - 2014-08-26 12:16 - 00219832 _____ () C:\Users\Graham\AppData\Roaming\Dashlane\Dashlane.exe2014-08-27 08:07 - 2014-08-27 08:07 - 00055120 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe2014-08-27 08:07 - 2014-08-27 08:07 - 01164632 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.UI.dll2014-08-27 08:07 - 2014-08-27 08:07 - 00259936 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.Services.dll2014-08-27 08:07 - 2014-08-27 08:07 - 00115552 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.Models.dll2014-02-18 16:52 - 2014-08-26 12:16 - 00225464 _____ () C:\Users\Graham\AppData\Roaming\Dashlane\DashlanePlugin.exe2011-04-08 10:57 - 2011-04-08 10:57 - 01102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2013-10-31 11:05 - 2013-10-31 11:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll2014-08-26 12:14 - 2014-08-26 12:14 - 00277688 _____ () C:\Users\Graham\AppData\Roaming\Dashlane\3.0.6.69630\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.3.0.6.69630.dll2014-08-26 12:14 - 2014-08-26 12:14 - 00408760 _____ () C:\Users\Graham\AppData\Roaming\Dashlane\3.0.6.69630\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.3.0.6.69630.dll2014-08-26 12:15 - 2014-08-26 12:15 - 00427192 _____ () C:\Users\Graham\AppData\Roaming\Dashlane\3.0.6.69630\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.3.0.6.69630.dll2014-08-26 12:14 - 2014-08-26 12:14 - 30333112 _____ () C:\Users\Graham\AppData\Roaming\Dashlane\3.0.6.69630\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.3.0.6.69630.dll2014-08-26 12:15 - 2014-08-26 12:15 - 00266936 _____ () C:\Users\Graham\AppData\Roaming\Dashlane\3.0.6.69630\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.3.0.6.69630.dll2014-08-26 12:14 - 2014-08-26 12:14 - 05765304 _____ () C:\Users\Graham\AppData\Roaming\Dashlane\3.0.6.69630\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.3.0.6.69630.dll2014-08-26 12:14 - 2014-08-26 12:14 - 06068920 _____ () C:\Users\Graham\AppData\Roaming\Dashlane\3.0.6.69630\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.3.0.6.69630.dll2014-10-27 14:33 - 2014-10-22 00:04 - 01042760 _____ () C:\Users\Graham\AppData\Local\Google\Chrome\Application\38.0.2125.111\libglesv2.dll2014-10-27 14:33 - 2014-10-22 00:04 - 00211272 _____ () C:\Users\Graham\AppData\Local\Google\Chrome\Application\38.0.2125.111\libegl.dll2014-10-27 14:33 - 2014-10-22 00:04 - 08910664 _____ () C:\Users\Graham\AppData\Local\Google\Chrome\Application\38.0.2125.111\pdf.dll2014-10-27 14:33 - 2014-10-22 00:04 - 01681224 _____ () C:\Users\Graham\AppData\Local\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll2014-01-16 14:04 - 2014-01-16 14:04 - 00269128 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\boost_regex-vc90-mt-p-1_33.dll2014-01-16 14:04 - 2014-01-16 14:04 - 00021832 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBCompressor.dll2012-12-23 00:53 - 2012-12-23 00:53 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\zlib1.dll2014-01-16 14:04 - 2014-01-16 14:04 - 00141640 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBMAPILibrary.dll2014-01-16 14:04 - 2014-01-16 14:04 - 00176968 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\boost_serialization-vc90-mt-p-1_33.dll2014-01-16 14:04 - 2014-01-16 14:04 - 00415560 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\FtuEngine.dll2014-01-16 14:04 - 2014-01-16 14:04 - 00529224 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\BackupLib.dll2014-01-16 11:04 - 2014-01-16 11:04 - 00128840 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBProActiveCore.dll2014-01-16 14:04 - 2014-01-16 14:04 - 00570696 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\FeaturesBridge.dll2014-01-16 14:04 - 2014-01-16 14:04 - 00042824 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\mbpopup.dll2014-06-12 17:41 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll2014-10-28 10:32 - 2014-10-28 10:32 - 00043008 _____ () c:\users\graham\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplnwoat.dll2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\Graham\AppData\Roaming\Dropbox\bin\libcef.dll2014-08-26 12:14 - 2014-08-26 12:14 - 12242616 _____ () C:\Users\Graham\AppData\Roaming\Dashlane\3.0.6.69630\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.3.0.6.69630.dll2014-08-26 12:14 - 2014-08-26 12:14 - 02050744 _____ () C:\Users\Graham\AppData\Roaming\Dashlane\3.0.6.69630\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.3.0.6.69630.dll2014-08-26 12:14 - 2014-08-26 12:14 - 00185016 _____ () C:\Users\Graham\AppData\Roaming\Dashlane\3.0.6.69630\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_DP.3.0.6.69630.dll2011-04-08 10:57 - 2011-04-08 10:57 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Temp:0FF263E8AlternateDataStreams: C:\Users\Graham\Downloads\forwardedMessage.eml:OECustomProperty ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"MSCONFIG\startupreg: Easybits Recovery => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exeMSCONFIG\startupreg: Eye-Fi => "C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe"MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exeMSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun ========================= Accounts: ========================== Administrator (S-1-5-21-356050647-1739812504-2184696174-500 - Administrator - Disabled)Graham (S-1-5-21-356050647-1739812504-2184696174-1001 - Administrator - Enabled) => C:\Users\GrahamGuest (S-1-5-21-356050647-1739812504-2184696174-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-356050647-1739812504-2184696174-1004 - Limited - Enabled)LogMeInRemoteUser (S-1-5-21-356050647-1739812504-2184696174-1002 - Administrator - Enabled) => C:\Users\LogMeInRemoteUser ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (10/28/2014 04:40:08 PM) (Source: Application) (EventID: 0) (User: )Description: Value cannot be null.Parameter name: key Error: (10/28/2014 04:40:00 PM) (Source: Application) (EventID: 0) (User: )Description: Value cannot be null.Parameter name: key Error: (10/28/2014 04:40:00 PM) (Source: Application) (EventID: 0) (User: )Description: Value cannot be null.Parameter name: key Error: (10/28/2014 04:36:54 PM) (Source: Application) (EventID: 0) (User: )Description: Value cannot be null.Parameter name: key Error: (10/28/2014 04:06:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 17878 Error: (10/28/2014 04:06:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 17878 Error: (10/28/2014 04:06:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/28/2014 04:06:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 16864 Error: (10/28/2014 04:06:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 16864 Error: (10/28/2014 04:06:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second System errors:=============Error: (10/28/2014 11:47:37 AM) (Source: NetBT) (EventID: 4321) (User: )Description: The name "GRAHAM-HP :0" could not be registered on the interface with IP address 192.168.1.149.The computer with the IP address 192.168.1.108 did not allow the name to be claimed bythis computer. Error: (10/28/2014 11:47:34 AM) (Source: NetBT) (EventID: 4321) (User: )Description: The name "GRAHAM-HP :0" could not be registered on the interface with IP address 192.168.1.149.The computer with the IP address 192.168.1.108 did not allow the name to be claimed bythis computer. Error: (10/28/2014 10:29:24 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC) Error: (10/28/2014 10:29:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (10/28/2014 10:28:30 AM) (Source: NetBT) (EventID: 4321) (User: )Description: The name "GRAHAM-HP :20" could not be registered on the interface with IP address 192.168.1.149.The computer with the IP address 192.168.1.108 did not allow the name to be claimed bythis computer. Error: (10/28/2014 10:28:30 AM) (Source: Server) (EventID: 2505) (User: )Description: The server could not bind to the transport \Device\NetBT_Tcpip_{BA102103-93D2-4F11-91FB-B6C1E8023F30} because another computer on the network has the same name. The server could not start. Error: (10/28/2014 10:28:05 AM) (Source: NetBT) (EventID: 4321) (User: )Description: The name "GRAHAM-HP :0" could not be registered on the interface with IP address 192.168.1.149.The computer with the IP address 192.168.1.108 did not allow the name to be claimed bythis computer. Error: (10/28/2014 10:27:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Windows Media Player Network Sharing Service service failed to start due to the following error: %%1069 Error: (10/28/2014 10:27:08 AM) (Source: Service Control Manager) (EventID: 7038) (User: )Description: The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: %%50 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (10/28/2014 10:27:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Windows Search service failed to start due to the following error: %%1069 Microsoft Office Sessions:=========================Error: (06/07/2012 09:23:55 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash. Error: (05/29/2012 05:23:58 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. Error: (05/18/2012 06:42:50 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. Error: (05/12/2012 10:23:13 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash. Error: (03/26/2012 07:34:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash. Error: (03/09/2012 05:19:44 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash. Error: (02/07/2012 07:23:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash. CodeIntegrity Errors:=================================== Date: 2013-06-05 22:20:23.644 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-05 22:19:31.556 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-05 22:19:30.056 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-05 22:18:51.914 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-05 22:17:12.632 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD A6-3400M APU with Radeon HD GraphicsPercentage of memory in use: 61%Total physical RAM: 3562.9 MBAvailable physical RAM: 1362.36 MBTotal Pagefile: 7123.98 MBAvailable Pagefile: 3954.47 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:581.47 GB) (Free:433.16 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive d: (RECOVERY) (Fixed) (Total:14.41 GB) (Free:1.6 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 8D715ADE)Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=581.5 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=14.4 GB) - (Type=07 NTFS)Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ==================== End Of Log ============================ -
Malwarebytes Won't Run Please Help
gjwsfg replied to gjwsfg's topic in Resolved Malware Removal Logs
Step 8: FRST.txt Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2014 01Ran by Graham (administrator) on GRAHAM-HP on 28-10-2014 17:00:48Running from C:\Users\Graham\DownloadsLoaded Profile: Graham (Available profiles: Graham & LogMeInRemoteUser)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe(AMD) C:\Windows\System32\atiesrxx.exe(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe(AMD) C:\Windows\System32\atieclxx.exe(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Hewlett-Packard Company) C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe() C:\Users\Graham\AppData\Roaming\Dashlane\Dashlane.exe(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe(Google Inc.) C:\Users\Graham\AppData\Local\Google\Chrome\Application\chrome.exe() C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe(Google Inc.) C:\Users\Graham\AppData\Local\Google\Chrome\Application\chrome.exe(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe(Google Inc.) C:\Users\Graham\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Graham\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Graham\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Graham\AppData\Local\Google\Chrome\Application\chrome.exe(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE(Brother Industries, Ltd.) C:\Program Files (x86)\BrownyScn\Brother\BrStMonScn.exe(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe(Brother Industries, Ltd.) C:\Program Files (x86)\BrownyScn\ScannerStatusMonitorService.exe(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Dropbox, Inc.) C:\Users\Graham\AppData\Roaming\Dropbox\bin\Dropbox.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe() C:\Users\Graham\AppData\Roaming\Dashlane\DashlanePlugin.exe(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnria_nmhost.exe(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe(Google Inc.) C:\Users\Graham\AppData\Local\Google\Chrome\Application\chrome.exe(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe(Farbar) C:\Users\Graham\Downloads\FRST64 (3).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-03-11] (IDT, Inc.)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-16] (Synaptics Incorporated)HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2011-09-16] (LogMeIn, Inc.)HKLM\...\Run: [HP LaserJet 200 color MFP M276 Series Fax] => C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [3706424 2011-10-09] (Hewlett-Packard Company)HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-09-04] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.)HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-05-23] (Hewlett-Packard Development Company L.P.)HKLM-x32\...\Run: [intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3774776 2014-01-16] (Intuit Inc. All rights reserved.)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-09-25] (Brother Industries, Ltd.)HKLM-x32\...\Run: [brScnStsMon00] => C:\Program Files (x86)\BrownyScn\Brother\BrStMonScn.exe [3048448 2013-05-07] (Brother Industries, Ltd.)HKLM-x32\...\Run: [brHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [1944576 2013-03-07] (Brother Industries, Ltd.)HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056976 2014-06-27] (Carbonite, Inc.)HKLM-x32\...\Run: [iSUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking13\Ereg\Ereg.exe [325960 2014-05-30] (Nuance Communications, Inc.)HKLM-x32\...\Run: [statusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313248 2012-07-18] (Hewlett-Packard Company)HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1HKU\S-1-5-21-356050647-1739812504-2184696174-1001\...\Run: [Google Update] => C:\Users\Graham\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-19] (Google Inc.)HKU\S-1-5-21-356050647-1739812504-2184696174-1001\...\Run: [Dashlane] => C:\Users\Graham\AppData\Roaming\Dashlane\Dashlane.exe [219832 2014-08-26] ()HKU\S-1-5-21-356050647-1739812504-2184696174-1001\...\Run: [sOFileManager] => "C:\Ebix Inc\Common Files\SOFileManager.exe"HKU\S-1-5-21-356050647-1739812504-2184696174-1001\...\Run: [smartAnalyzer for SmartOffice] => C:\Users\Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ebix Inc\SmartAnalyzer for SmartOffice - Installer.appref-msHKU\S-1-5-21-356050647-1739812504-2184696174-1001\...\Run: [smartOffice Desktop Integrations] => C:\Users\Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ebix Inc\SmartOffice Desktop Integrations 2.0 - Installer.appref-msHKU\S-1-5-21-356050647-1739812504-2184696174-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)HKU\S-1-5-21-356050647-1739812504-2184696174-1001\...\Run: [GoogleChromeAutoLaunch_A4BAE6C0FC33D3253063724F847430B9] => C:\Users\Graham\AppData\Local\Google\Chrome\Application\chrome.exe [854344 2014-10-22] (Google Inc.)HKU\S-1-5-21-356050647-1739812504-2184696174-1001\...\Run: [iSUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)HKU\S-1-5-21-356050647-1739812504-2184696174-1001\...\Run: [TWC.Win7] => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe [55120 2014-08-27] ()HKU\S-1-5-21-356050647-1739812504-2184696174-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)HKU\S-1-5-21-356050647-1739812504-2184696174-1001\...\MountPoints2: H - H:\ToolLauncher-Bootstrap.exeHKU\S-1-5-21-356050647-1739812504-2184696174-1001\...\MountPoints2: I - I:\ToolLauncher-Bootstrap.exeHKU\S-1-5-21-356050647-1739812504-2184696174-1001\...\MountPoints2: {0caa949a-faba-11e1-8892-101f7415c16d} - F:\ToolLauncher-Bootstrap.exeHKU\S-1-5-21-356050647-1739812504-2184696174-1001\...\MountPoints2: {158e2fa5-a619-11e2-b327-101f7415c16d} - F:\MotorolaDeviceManagerSetup.exe -aHKU\S-1-5-21-356050647-1739812504-2184696174-1001\...\MountPoints2: {383ab370-1011-11e4-8510-101f7415c16d} - F:\MotorolaDeviceManagerSetup.exe -aHKU\S-1-5-21-356050647-1739812504-2184696174-1001\...\MountPoints2: {b340be31-de66-11e1-b9ad-cb184ff0a5a3} - F:\ToolLauncher-Bootstrap.exeStartup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnkShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnkShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnkShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnkShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.)Startup: C:\Users\Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\Graham\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)Startup: C:\Users\Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartOffice Desktop Integrations – Login.lnkShortcutTarget: SmartOffice Desktop Integrations – Login.lnk -> C:\Ebix Inc\Common Files\SmartBridgeDXO.exe (No File)Startup: C:\Users\Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartOffice Sync Tray - Launcher.lnkShortcutTarget: SmartOffice Sync Tray - Launcher.lnk -> C:\Ebix Inc\SmartOffice Desktop Integration\SmartLinkTray.exe (No File)ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}SearchScopes: HKLM - {F0C07441-FD14-4F34-9C4C-A673AFE4ADE0} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}SearchScopes: HKLM-x32 - {F0C07441-FD14-4F34-9C4C-A673AFE4ADE0} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}SearchScopes: HKCU - {F0C07441-FD14-4F34-9C4C-A673AFE4ADE0} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll (Nuance Communications, Inc.)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No FileBHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll (Nuance Communications, Inc.)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Graham\AppData\Roaming\Dashlane\ie\KWIEBar.dll (Dashlane)Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileDPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabDPF: HKLM-x32 {B8CFAE23-A32D-4D85-A685-4BAEB03D9128} http://illustrations.columbuslife.com/clb/reports/control/clbrptview.cabDPF: HKLM-x32 {BDFCAF79-6A4E-46FB-8AAC-2629A03B8CBB} https://www.ez-data.com/SmartInstaller.cabDPF: HKLM-x32 {C8BF1F77-0A43-4AEC-A0AC-BEEE472B65C6} http://www.ez-data.com/SmartAnalyser.cabDPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP31-13320/training/ieatgpc1.cabHandler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - No FileHandler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - No FileHandler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1Tcpip\..\Interfaces\{CFBB5837-FE40-4CA4-A753-7AD4F3DCF920}: [NameServer] 8.8.8.8 FireFox:========FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll (Nuance Communications, Inc.)FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No FileFF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\11\NP_wtapp.dll ()FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll (Nuance Communications, Inc.)FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Graham\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Graham\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Graham\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) Chrome: =======CHR HomePage: Default -> hxxp://www.google.com/igCHR StartupUrls: Default -> "hxxp://www.google.com/"CHR DefaultSuggestURL: Default -> http://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}CHR Profile: C:\Users\Graham\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Entanglement Web App) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2011-12-28]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]CHR Extension: (YouTube) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-28]CHR Extension: (Google Search) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-27]CHR Extension: (Dragon Web Extension) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddaloccgjfibfpkalenodgehlhkgoahe [2014-08-13]CHR Extension: (Dashlane) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2014-07-31]CHR Extension: (Poppit!) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2011-12-28]CHR Extension: (Google Wallet) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2011-12-28]CHR Extension: (Google Chrome to Phone Extension) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2012-02-12]CHR Extension: (Gmail) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-27]CHR Extension: (RSS Feed Reader) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2012-10-24]CHR HKCU\...\Chrome\Extension: [cfffenfdjeibfomfbppoljahojkbbobb] - C:\Users\Graham\AppData\Local\CRE\cfffenfdjeibfomfbppoljahojkbbobb.crx []CHR HKLM-x32\...\Chrome\Extension: [cfffenfdjeibfomfbppoljahojkbbobb] - C:\Users\Graham\AppData\Local\CRE\cfffenfdjeibfomfbppoljahojkbbobb.crx []CHR StartMenuInternet: Google Chrome - C:\Users\Graham\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-04-02] (Advanced Micro Devices, Inc.) [File not signed]R2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)R2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [137280 2014-07-12] (Nuance Communications, Inc.)R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1436192 2014-05-19] (Fitbit, Inc.)S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-05-01] (WildTangent)R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [220504 2013-08-22] (Garmin Ltd or its subsidiaries)S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [File not signed]R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-03-07] (Realsil Microelectronics Inc.) [File not signed]R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376168 2014-10-28] (LogMeIn, Inc.)R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226152 2014-10-28] (LogMeIn, Inc.)R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2011-09-16] (LogMeIn, Inc.)S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-01-16] (Intuit) [File not signed]S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-12-23] (Intuit Inc.) [File not signed]R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-12-23] (Intuit Inc.) [File not signed]R3 ScannerStatusMonitorService; C:\Program Files (x86)\BrownyScn\ScannerStatusMonitorService.exe [276992 2013-05-08] (Brother Industries, Ltd.) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-23] (LogMeIn, Inc.)S4 LMIRfsClientNP; No ImagePathR1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-10-01] (Malwarebytes Corporation)S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-28 16:57 - 2014-10-28 16:57 - 02113024 _____ (Farbar) C:\Users\Graham\Downloads\FRST64 (3).exe2014-10-28 16:56 - 2014-10-28 16:56 - 02113024 _____ (Farbar) C:\Users\Graham\Downloads\FRST64 (2).exe2014-10-28 16:53 - 2014-10-28 16:53 - 00006482 _____ () C:\Users\Graham\Desktop\eset.txt2014-10-28 11:51 - 2014-10-28 11:51 - 02347384 _____ (ESET) C:\Users\Graham\Downloads\esetsmartinstaller_enu.exe2014-10-28 11:51 - 2014-10-28 11:51 - 00000000 ____D () C:\Program Files (x86)\ESET2014-10-28 11:47 - 2014-10-28 11:47 - 00001072 _____ () C:\Users\Graham\Desktop\malware scan.txt2014-10-28 10:14 - 2014-10-28 10:14 - 01998336 _____ () C:\Users\Graham\Downloads\AdwCleaner (1).exe2014-10-28 10:02 - 2014-10-28 10:02 - 00000000 _____ () C:\Windows\SysWOW64\shoC99.tmp2014-10-28 09:34 - 2014-10-28 09:34 - 00001724 _____ () C:\Users\Graham\Desktop\JRT.txt2014-10-28 09:27 - 2014-10-28 09:27 - 00000000 ____D () C:\Windows\ERUNT2014-10-28 09:13 - 2014-10-28 09:13 - 01706144 _____ (Thisisu) C:\Users\Graham\Downloads\JRT.exe2014-10-27 22:22 - 2014-10-27 23:11 - 1118918486 _____ () C:\Users\Graham\Downloads\downton_abbey.5x06.720p_hdtv_x264-fov (1).mkv2014-10-27 20:27 - 2014-10-27 20:59 - 669433169 _____ () C:\Users\Graham\Downloads\downton_abbey.5x06.720p_hdtv_x264-fov.mkv2014-10-27 12:56 - 2014-10-27 12:56 - 00188944 _____ (Cisco WebEx LLC) C:\Users\Graham\Downloads\,assetmark,1963755534,1896325541,EC,002951617,SDJTSwAAAAFh1c3yUcT-InPiWTM51QgL8JHgK-_ZTd4BVOZXVDFWQQ2,1_webex.exe2014-10-25 16:08 - 2014-10-25 16:08 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys2014-10-25 16:08 - 2014-10-25 16:08 - 00000000 ____D () C:\ProgramData\RogueKiller2014-10-25 16:05 - 2014-10-25 16:06 - 19114072 _____ () C:\Users\Graham\Desktop\RogueKillerX64.exe2014-10-25 15:02 - 2014-10-28 10:37 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-10-25 15:02 - 2014-10-25 15:02 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-10-25 15:02 - 2014-10-25 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-10-25 15:02 - 2014-10-25 15:02 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-10-25 15:02 - 2014-10-25 15:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-10-25 15:02 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-10-25 15:02 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-10-25 15:02 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-10-25 15:00 - 2014-10-25 15:01 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Graham\Downloads\mbam-setup-2.0.3.1025.exe2014-10-25 14:46 - 2014-10-25 14:46 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Graham\Desktop\mbam-clean-2.1.1.1001.exe2014-10-25 14:34 - 2014-10-25 14:34 - 00000000 ____D () C:\Windows\ERDNT2014-10-25 14:33 - 2014-10-25 14:33 - 00000924 _____ () C:\Users\LogMeInRemoteUser\Desktop\NTREGOPT.lnk2014-10-25 14:33 - 2014-10-25 14:33 - 00000924 _____ () C:\Users\Graham\Desktop\NTREGOPT.lnk2014-10-25 14:33 - 2014-10-25 14:33 - 00000905 _____ () C:\Users\LogMeInRemoteUser\Desktop\ERUNT.lnk2014-10-25 14:33 - 2014-10-25 14:33 - 00000905 _____ () C:\Users\Graham\Desktop\ERUNT.lnk2014-10-25 14:33 - 2014-10-25 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT2014-10-25 14:33 - 2014-10-25 14:33 - 00000000 ____D () C:\Program Files (x86)\ERUNT2014-10-25 14:32 - 2014-10-25 14:32 - 00791393 _____ (Lars Hederer ) C:\Users\Graham\Desktop\erunt-setup.exe2014-10-25 14:28 - 2014-10-25 15:00 - 00002144 _____ () C:\Users\Graham\Desktop\Rkill.txt2014-10-25 14:27 - 2014-10-25 14:27 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Graham\Desktop\rkill.exe2014-10-25 13:26 - 2014-10-25 14:26 - 00000426 ____H () C:\Windows\system32\Rebecca.dat2014-10-22 17:05 - 2014-10-22 17:05 - 00001174 _____ () C:\Users\Graham\Desktop\TeamViewer 9.lnk2014-10-22 16:49 - 2014-10-22 16:53 - 00054436 _____ () C:\Users\Graham\Desktop\Addition.txt2014-10-22 16:47 - 2014-10-22 16:53 - 00059485 _____ () C:\Users\Graham\Desktop\FRST.txt2014-10-22 16:46 - 2014-10-22 16:46 - 02112000 _____ (Farbar) C:\Users\Graham\Desktop\FRST64 (2).exe2014-10-21 17:19 - 2014-10-21 17:21 - 00054079 _____ () C:\Users\Graham\Downloads\Addition.txt2014-10-21 17:16 - 2014-10-28 17:01 - 00031338 _____ () C:\Users\Graham\Downloads\FRST.txt2014-10-21 17:16 - 2014-10-21 17:16 - 02110976 _____ (Farbar) C:\Users\Graham\Downloads\FRST64 (1).exe2014-10-21 17:13 - 2014-10-28 17:00 - 00000000 ____D () C:\FRST2014-10-21 17:13 - 2014-10-21 17:13 - 02110976 _____ (Farbar) C:\Users\Graham\Downloads\FRST64.exe2014-10-19 12:32 - 2014-10-28 10:26 - 00000000 ____D () C:\AdwCleaner2014-10-19 12:31 - 2014-10-19 12:32 - 01976320 _____ () C:\Users\Graham\Downloads\AdwCleaner.exe2014-10-19 12:20 - 2014-10-19 12:20 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC2014-10-19 12:20 - 2014-10-19 12:20 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk2014-10-19 12:20 - 2014-10-19 12:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner2014-10-19 12:20 - 2014-10-19 12:20 - 00000000 ____D () C:\Program Files\CCleaner2014-10-19 12:19 - 2014-10-19 12:20 - 04965896 _____ (Piriform Ltd) C:\Users\Graham\Downloads\ccsetup418.exe2014-10-19 12:17 - 2014-10-19 12:16 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2014-10-19 12:16 - 2014-10-19 12:16 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2014-10-19 12:16 - 2014-10-19 12:16 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2014-10-19 12:16 - 2014-10-19 12:16 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2014-10-19 08:16 - 2014-10-27 12:47 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForGraham2014-10-19 08:16 - 2014-10-27 12:47 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForGraham.job2014-10-17 01:34 - 2014-10-17 01:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud2014-10-17 01:31 - 2014-10-17 01:31 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-10-17 01:31 - 2014-10-17 01:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-10-17 01:30 - 2014-10-17 01:31 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-10-17 01:30 - 2014-10-17 01:31 - 00000000 ____D () C:\Program Files\iTunes2014-10-17 01:30 - 2014-10-17 01:31 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-10-17 01:30 - 2014-10-17 01:30 - 00000000 ____D () C:\Program Files\iPod2014-10-15 17:02 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll2014-10-15 17:02 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll2014-10-15 17:02 - 2014-06-18 18:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll2014-10-15 17:01 - 2014-06-18 18:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll2014-10-15 17:01 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll2014-10-15 17:01 - 2014-06-18 18:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll2014-10-15 16:54 - 2014-10-09 22:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-10-15 16:54 - 2014-10-09 22:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll2014-10-15 16:54 - 2014-10-09 22:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-10-15 16:54 - 2014-10-06 22:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-10-15 16:54 - 2014-10-06 22:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-10-15 16:54 - 2014-09-28 20:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-10-15 16:54 - 2014-09-25 18:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-10-15 16:54 - 2014-09-25 18:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-10-15 16:54 - 2014-09-25 18:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-10-15 16:54 - 2014-09-25 18:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-10-15 16:54 - 2014-09-25 18:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-10-15 16:54 - 2014-09-25 18:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-10-15 16:54 - 2014-09-25 18:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-10-15 16:54 - 2014-09-18 22:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-10-15 16:54 - 2014-09-18 21:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-10-15 16:54 - 2014-09-18 21:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-10-15 16:54 - 2014-09-18 21:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-10-15 16:54 - 2014-09-18 21:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-10-15 16:54 - 2014-09-18 21:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-10-15 16:54 - 2014-09-18 21:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-10-15 16:54 - 2014-09-18 21:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-10-15 16:54 - 2014-09-18 21:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2014-10-15 16:54 - 2014-09-18 21:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-10-15 16:54 - 2014-09-18 21:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-10-15 16:54 - 2014-09-18 21:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-10-15 16:54 - 2014-09-18 21:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-10-15 16:54 - 2014-09-18 21:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-10-15 16:54 - 2014-09-18 21:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-10-15 16:54 - 2014-09-18 21:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-10-15 16:54 - 2014-09-18 21:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-10-15 16:54 - 2014-09-18 21:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-10-15 16:54 - 2014-09-18 21:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-10-15 16:54 - 2014-09-18 21:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-10-15 16:54 - 2014-09-18 21:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-10-15 16:54 - 2014-09-18 21:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-10-15 16:54 - 2014-09-18 21:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-10-15 16:54 - 2014-09-18 21:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-10-15 16:54 - 2014-09-18 21:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-10-15 16:54 - 2014-09-18 21:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-10-15 16:54 - 2014-09-18 20:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2014-10-15 16:54 - 2014-09-18 20:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-10-15 16:54 - 2014-09-18 20:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-10-15 16:54 - 2014-09-18 20:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-10-15 16:54 - 2014-09-18 20:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-10-15 16:54 - 2014-09-18 20:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-10-15 16:54 - 2014-09-18 20:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-10-15 16:54 - 2014-09-18 20:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-10-15 16:54 - 2014-09-18 20:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-10-15 16:54 - 2014-09-18 20:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-10-15 16:54 - 2014-09-18 20:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-10-15 16:54 - 2014-09-18 20:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-10-15 16:54 - 2014-09-18 20:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-10-15 16:54 - 2014-09-18 20:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-10-15 16:54 - 2014-09-18 20:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-10-15 16:54 - 2014-09-18 20:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-10-15 16:54 - 2014-09-18 20:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-10-15 16:54 - 2014-09-18 19:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-10-15 16:54 - 2014-09-18 19:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-10-15 16:54 - 2014-09-18 19:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-10-15 16:54 - 2014-09-18 19:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-10-15 16:54 - 2014-09-04 01:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll2014-10-15 16:54 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll2014-10-15 16:53 - 2014-09-17 22:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll2014-10-15 16:53 - 2014-09-17 21:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll2014-10-15 16:52 - 2014-07-16 22:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll2014-10-15 16:52 - 2014-07-16 22:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe2014-10-15 16:52 - 2014-07-16 22:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll2014-10-15 16:52 - 2014-07-16 22:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe2014-10-15 16:52 - 2014-07-16 22:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll2014-10-15 16:52 - 2014-07-16 22:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll2014-10-15 16:52 - 2014-07-16 22:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2014-10-15 16:52 - 2014-07-16 22:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2014-10-15 16:52 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll2014-10-15 16:52 - 2014-07-16 21:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll2014-10-15 16:52 - 2014-07-16 21:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe2014-10-15 16:52 - 2014-07-16 21:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll2014-10-15 16:52 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2014-10-15 16:52 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2014-10-15 16:52 - 2014-07-16 21:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys2014-10-15 16:52 - 2014-07-16 21:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys2014-10-14 17:17 - 2014-09-12 21:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll2014-10-14 17:17 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll2014-10-11 10:39 - 2014-10-12 10:20 - 00000000 ____D () C:\Users\Graham\Desktop\Robin Pics2014-10-10 06:03 - 2014-10-10 19:27 - 00009344 _____ () C:\Users\Graham\Documents\lowes.xlsx2014-10-08 10:11 - 2014-10-08 10:11 - 01635288 _____ () C:\Windows\Minidump\100814-44772-01.dmp2014-10-07 16:09 - 2014-10-07 16:09 - 00003750 _____ () C:\Users\Graham\Downloads\c145356.ics2014-09-30 18:13 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll2014-09-30 18:13 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll2014-09-29 14:43 - 2014-09-29 15:30 - 1053921938 _____ () C:\Users\Graham\Downloads\downton_abbey.5x02.720p_hdtv_x264-fov.mkv ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-28 16:54 - 2014-06-23 16:00 - 00000568 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-356050647-1739812504-2184696174-1001.job2014-10-28 16:52 - 2011-09-21 03:42 - 01557136 _____ () C:\Windows\WindowsUpdate.log2014-10-28 16:38 - 2011-12-27 18:20 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-356050647-1739812504-2184696174-1001UA.job2014-10-28 16:37 - 2012-04-06 09:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-10-28 10:39 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-10-28 10:39 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-10-28 10:33 - 2014-01-21 13:24 - 00001004 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk2014-10-28 10:33 - 2014-01-21 13:24 - 00000988 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk2014-10-28 10:33 - 2012-02-12 11:32 - 00000000 ___RD () C:\Users\Graham\Dropbox2014-10-28 10:33 - 2012-02-12 11:30 - 00000000 ____D () C:\Users\Graham\AppData\Roaming\Dropbox2014-10-28 10:32 - 2011-12-28 12:05 - 00000000 ____D () C:\Program Files (x86)\LogMeIn2014-10-28 10:29 - 2011-12-28 12:06 - 00107392 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll2014-10-28 10:29 - 2011-12-28 12:06 - 00092520 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll2014-10-28 10:29 - 2011-12-28 12:06 - 00035688 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll2014-10-28 10:28 - 2013-06-20 16:15 - 00000000 ____D () C:\Temp2014-10-28 10:28 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-10-28 10:27 - 2010-11-20 23:47 - 00842958 _____ () C:\Windows\PFRO.log2014-10-28 10:27 - 2009-07-14 00:51 - 00130337 _____ () C:\Windows\setupact.log2014-10-28 10:13 - 2013-01-02 11:53 - 00000000 ____D () C:\Users\Graham\Desktop\Ethiopia2014-10-28 10:12 - 2012-01-13 20:42 - 00000000 ____D () C:\Users\Graham\AppData\Local\CrashDumps2014-10-28 10:10 - 2011-12-27 21:19 - 00000000 ____D () C:\Users\Graham2014-10-28 10:08 - 2011-12-27 18:20 - 00000000 ____D () C:\Users\Graham\AppData\Local\Deployment2014-10-28 10:04 - 2011-12-28 12:06 - 00000000 ____D () C:\ProgramData\LogMeIn2014-10-28 07:22 - 2012-06-03 11:32 - 00000000 ____D () C:\Users\Graham\AppData\Roaming\vlc2014-10-28 01:28 - 2011-12-27 18:20 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-356050647-1739812504-2184696174-1001Core.job2014-10-28 01:22 - 2011-12-27 17:33 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{64F8A22D-E6A4-48CF-A58D-1626E28A6D62}2014-10-27 14:33 - 2011-12-27 18:21 - 00002370 _____ () C:\Users\Graham\Desktop\Google Chrome.lnk2014-10-27 14:00 - 2012-01-11 15:00 - 00000000 __SHD () C:\Users\Graham\Documents\cache2014-10-27 12:56 - 2012-01-11 14:59 - 00000000 ____D () C:\ProgramData\WebEx2014-10-25 12:06 - 2009-07-14 01:13 - 00783424 _____ () C:\Windows\system32\PerfStringBackup.INI2014-10-25 09:50 - 2011-12-30 17:50 - 77537280 ____R () C:\Users\Graham\Sfg02.QBW2014-10-25 09:50 - 2011-12-30 17:50 - 00327680 ____R () C:\Users\Graham\Sfg02.QBW.TLG2014-10-25 09:50 - 2011-12-30 17:50 - 00000327 _____ () C:\Users\Graham\Sfg02.QBW.ND2014-10-23 19:08 - 2012-01-19 21:24 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt2014-10-23 19:08 - 2011-12-30 17:35 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log2014-10-19 22:11 - 2014-06-23 16:00 - 00003598 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-356050647-1739812504-2184696174-10012014-10-19 12:17 - 2013-09-22 12:05 - 00000000 ____D () C:\ProgramData\Oracle2014-10-19 12:16 - 2011-05-08 15:36 - 00000000 ____D () C:\Program Files (x86)\Java2014-10-19 03:53 - 2011-12-31 22:21 - 00000000 ____D () C:\Windows\System32\Tasks\Games2014-10-19 01:23 - 2011-12-27 18:20 - 00003884 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-356050647-1739812504-2184696174-1001UA2014-10-19 01:23 - 2011-12-27 18:20 - 00003488 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-356050647-1739812504-2184696174-1001Core2014-10-16 05:53 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache2014-10-16 03:40 - 2009-07-14 00:45 - 00310240 _____ () C:\Windows\system32\FNTCACHE.DAT2014-10-16 03:36 - 2014-04-30 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-10-16 03:13 - 2012-01-03 12:47 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-10-16 03:09 - 2013-08-03 03:00 - 00000000 ____D () C:\Windows\system32\MRT2014-10-16 03:01 - 2012-01-02 10:37 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-10-15 17:02 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared2014-10-14 17:13 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF2014-10-11 10:31 - 2014-03-01 18:54 - 00000000 ____D () C:\Users\Graham\Desktop\DCIM2014-10-10 19:27 - 2013-05-29 06:08 - 00177138 _____ () C:\Users\Graham\Documents\Freedom2.xlsx2014-10-10 19:27 - 2012-03-19 20:19 - 00054784 _____ () C:\Users\Graham\Documents\perpin1.xls2014-10-09 01:42 - 2012-11-14 19:00 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForGRAHAM-HP$.job2014-10-09 01:42 - 2012-06-24 09:01 - 00003220 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForGRAHAM-HP$2014-10-08 11:01 - 2011-12-30 17:50 - 00000000 ____D () C:\Users\Graham\QuickBooksAutoDataRecovery2014-10-08 10:58 - 2013-04-30 19:03 - 00000103 _____ () C:\Users\Graham\mkx12585.ini2014-10-08 10:58 - 2011-12-31 13:17 - 00048692 _____ () C:\Users\Graham\~qbofx322014-10-08 10:11 - 2012-01-29 00:05 - 515732076 _____ () C:\Windows\MEMORY.DMP2014-10-08 10:11 - 2012-01-29 00:05 - 00000000 ____D () C:\Windows\Minidump Files to move or delete:====================C:\Users\Graham\en_res.dllC:\Users\Graham\es_res.dllC:\Users\Graham\fr_res.dllC:\Users\Graham\grm_res.dllC:\Users\Graham\it_res.dllC:\Users\Graham\jp_res.dllC:\Users\Graham\mfc80u.dllC:\Users\Graham\msvcr80.dllC:\Users\Graham\PCPE Setup.exeC:\Users\Graham\pt_res.dllC:\Users\Graham\ResourceReader.dllC:\Users\Graham\ru_res.dllC:\Users\Graham\zh_res.dll Some content of TEMP:====================C:\Users\Graham\AppData\Local\Temp\Abspdf.exeC:\Users\Graham\AppData\Local\Temp\acfpdfu.dllC:\Users\Graham\AppData\Local\Temp\acfpdfuamd64.dllC:\Users\Graham\AppData\Local\Temp\acfpdfui.dllC:\Users\Graham\AppData\Local\Temp\acfpdfuia64.dllC:\Users\Graham\AppData\Local\Temp\acfpdfuiamd64.dllC:\Users\Graham\AppData\Local\Temp\acfpdfuiia64.dllC:\Users\Graham\AppData\Local\Temp\ApnStub.exeC:\Users\Graham\AppData\Local\Temp\cdintf.dllC:\Users\Graham\AppData\Local\Temp\dllnt_dump.dllC:\Users\Graham\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplnwoat.dllC:\Users\Graham\AppData\Local\Temp\Extract.exeC:\Users\Graham\AppData\Local\Temp\EyeFiUpdates.exeC:\Users\Graham\AppData\Local\Temp\G2MInstallerExtractor.exeC:\Users\Graham\AppData\Local\Temp\HPHelpUpdater.exeC:\Users\Graham\AppData\Local\Temp\ICReinstall_Free_Download_Setup.exeC:\Users\Graham\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exeC:\Users\Graham\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exeC:\Users\Graham\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exeC:\Users\Graham\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exeC:\Users\Graham\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exeC:\Users\Graham\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exeC:\Users\Graham\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exeC:\Users\Graham\AppData\Local\Temp\MotoCast_Installer_2.0309.exeC:\Users\Graham\AppData\Local\Temp\MotorolaDeviceManager_2.0403.exeC:\Users\Graham\AppData\Local\Temp\MotorolaDeviceManager_2.0405.exeC:\Users\Graham\AppData\Local\Temp\MSIZAP.EXEC:\Users\Graham\AppData\Local\Temp\nsp72FF.tmp.tbWise.dllC:\Users\Graham\AppData\Local\Temp\ochelper.exeC:\Users\Graham\AppData\Local\Temp\oi_{89ACED93-0376-4753-83C1-B9A90F6FAF02}.exeC:\Users\Graham\AppData\Local\Temp\PDFPRT400.exeC:\Users\Graham\AppData\Local\Temp\Quarantine.exeC:\Users\Graham\AppData\Local\Temp\Resource.exeC:\Users\Graham\AppData\Local\Temp\SP53394.exeC:\Users\Graham\AppData\Local\Temp\SP53462.exeC:\Users\Graham\AppData\Local\Temp\SP54127.exeC:\Users\Graham\AppData\Local\Temp\sp54373.exeC:\Users\Graham\AppData\Local\Temp\sp54620.exeC:\Users\Graham\AppData\Local\Temp\SP54714.exeC:\Users\Graham\AppData\Local\Temp\SP55151.exeC:\Users\Graham\AppData\Local\Temp\sp58915.exeC:\Users\Graham\AppData\Local\Temp\sp64126.exeC:\Users\Graham\AppData\Local\Temp\sqlite3.dllC:\Users\Graham\AppData\Local\Temp\tbedrs.dllC:\Users\Graham\AppData\Local\Temp\tmp2CBA.exeC:\Users\Graham\AppData\Local\Temp\tmp2E.exeC:\Users\Graham\AppData\Local\Temp\tmp3ED7.exeC:\Users\Graham\AppData\Local\Temp\tmp3FA9.exeC:\Users\Graham\AppData\Local\Temp\tmp76EE.exeC:\Users\Graham\AppData\Local\Temp\tmp7A6C.exeC:\Users\Graham\AppData\Local\Temp\tmp84A9.exeC:\Users\Graham\AppData\Local\Temp\tmp8A34.exeC:\Users\Graham\AppData\Local\Temp\tmp8DBF.exeC:\Users\Graham\AppData\Local\Temp\tmp905C.exeC:\Users\Graham\AppData\Local\Temp\tmpA5BB.exeC:\Users\Graham\AppData\Local\Temp\tmpE0EB.exeC:\Users\Graham\AppData\Local\Temp\tmpF5A5.exeC:\Users\Graham\AppData\Local\Temp\UninstallHPSA.exeC:\Users\Graham\AppData\Local\Temp\UninstallHPTCA.exeC:\Users\Graham\AppData\Local\Temp\vcredist_x86.exeC:\Users\Graham\AppData\Local\Temp\xmllite.dllC:\Users\Graham\AppData\Local\Temp\_is3E69.exeC:\Users\Graham\AppData\Local\Temp\_is8D60.exeC:\Users\Graham\AppData\Local\Temp\_isA794.exeC:\Users\Graham\AppData\Local\Temp\_isBF99.exeC:\Users\Graham\AppData\Local\Temp\_isE80.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-16 05:45 ==================== End Of Log ============================ -
Malwarebytes Won't Run Please Help
gjwsfg replied to gjwsfg's topic in Resolved Malware Removal Logs
Step 7 C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\APNSetup.exe.vir a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert0.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert1.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert2.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\Expat_Shield\Expat_ShieldToolbarHelper.exe.vir Win32/Toolbar.Conduit.Q potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\Expat_Shield\ldrtbExpa.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\Expat_Shield\prxtbExpa.dll.vir Win32/Toolbar.Conduit.O potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\Expat_Shield\tbExpa.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\Your-TV\ldrtbYour.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\Your-TV\prxtbYou0.dll.vir Win32/Toolbar.Conduit.O potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\Your-TV\prxtbYour.dll.vir Win32/Toolbar.Conduit.O potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\Your-TV\tbYour.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\Your-TV\Your-TVToolbarHelper.exe.vir Win32/Toolbar.Conduit.Q potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\your-tv-live\ldrtbyour.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\your-tv-live\prxtbyou0.dll.vir Win32/Toolbar.Conduit.O potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\your-tv-live\prxtbyour.dll.vir Win32/Toolbar.Conduit.O potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\your-tv-live\tbyour.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\your-tv-live\your-tv-liveToolbarHelper.exe.vir Win32/Toolbar.Conduit.Q potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\Graham\AppData\Local\Conduit\CT2549263\Expat_ShieldAutoUpdateHelper.exe.vir Win32/Toolbar.Conduit.Q potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\Graham\AppData\Local\Conduit\CT2780272\Your-TVAutoUpdateHelper.exe.vir Win32/Toolbar.Conduit.Q potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\Graham\AppData\Local\Conduit\CT3171454\your-tv-liveAutoUpdateHelper.exe.vir Win32/Toolbar.Conduit.Q potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\Graham\AppData\LocalLow\Expat_Shield\ldrtbExpa.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\Graham\AppData\LocalLow\Expat_Shield\tbExpa.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\Graham\AppData\LocalLow\Your-TV\ldrtbYour.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\Graham\AppData\LocalLow\Your-TV\tbYour.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\Graham\AppData\LocalLow\your-tv-live\ldrtbyour.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\Graham\AppData\LocalLow\your-tv-live\tbyour.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted applicationC:\Users\Graham\AppData\Local\Downloaded Installations\{AC08ECED-D6F8-404E-93A0-F037F0623C92}\The Weather Channel App.msi a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe applicationC:\Users\Graham\AppData\Local\Temp\ApnStub.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe applicationC:\Users\Graham\AppData\Local\Temp\ASK1F63.tmp a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe applicationC:\Users\Graham\AppData\Local\Temp\ASK714E.tmp a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe applicationC:\Users\Graham\AppData\Local\Temp\ASKB5AB.tmp a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe applicationC:\Users\Graham\AppData\Local\Temp\ASKC57A.tmp a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe applicationC:\Users\Graham\AppData\Local\Temp\ICReinstall_Free_Download_Setup.exe a variant of Win32/InstallCore.RA potentially unwanted applicationC:\Users\Graham\AppData\Local\Temp\nsp72FF.tmp.tbWise.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted applicationC:\Users\Graham\AppData\Local\Temp\tbedrs.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted applicationC:\Users\Graham\AppData\Local\Temp\25832002.Uninstall\uninstaller.exe Win32/InstallCore.AZ potentially unwanted applicationC:\Users\Graham\AppData\Local\Temp\25889598.Uninstall\uninstaller.exe Win32/InstallCore.AZ potentially unwanted applicationC:\Users\Graham\AppData\Local\Temp\is357113909\uninstaller.exe Win32/InstallCore.AZ potentially unwanted applicationC:\Users\Graham\AppData\Local\Temp\{167158CE-1637-4167-8A1C-C2549EEA966A}\Offercast2821_WCL2_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe applicationC:\Users\Graham\Downloads\HSS-2.24-install-anchorfree-232-expatshield.exe a variant of Win32/Toolbar.Conduit.AI potentially unwanted applicationC:\Users\Graham\Downloads\HSS-2.90-install-hss-409-conduit.exe Win32/Toolbar.Conduit potentially unwanted applicationC:\Users\Graham\Downloads\HSS-3.42-install-hss-409-conduit.exe Win32/Toolbar.Conduit potentially unwanted applicationC:\Users\Graham\Downloads\Produtools_Manuals_2_1.exe Win32/Toolbar.Conduit potentially unwanted applicationC:\Windows\Installer\b8beaab.msi a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application -
Malwarebytes Won't Run Please Help
gjwsfg replied to gjwsfg's topic in Resolved Malware Removal Logs
Step 6 Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 10/28/2014Scan Time: 10:39:03 AMLogfile: malware scan.txtAdministrator: Yes Version: 2.00.3.1025Malware Database: v2014.10.28.03Rootkit Database: v2014.10.22.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Enabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Graham Scan Type: Threat ScanResult: CompletedObjects Scanned: 391042Time Elapsed: 1 hr, 0 min, 21 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) -
Malwarebytes Won't Run Please Help
gjwsfg replied to gjwsfg's topic in Resolved Malware Removal Logs
Step 5 # AdwCleaner v4.002 - Report created 28/10/2014 at 10:26:32 # DB v2014-10-26.6# Updated 27/10/2014 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Graham - GRAHAM-HP# Running from : C:\Users\Graham\Downloads\AdwCleaner (1).exe# Option : Clean ***** [ Services ] ***** [#] Service Deleted : ExpatShieldService[#] Service Deleted : ExpatSrv[#] Service Deleted : ExpatTrayService[#] Service Deleted : ExpatWd ***** [ Files / Folders ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17344 -\\ Google Chrome v ************************* AdwCleaner[R0].txt - [15414 octets] - [19/10/2014 12:32:31]AdwCleaner[R1].txt - [1255 octets] - [28/10/2014 10:15:18]AdwCleaner[s0].txt - [14269 octets] - [19/10/2014 12:36:42]AdwCleaner[s1].txt - [1189 octets] - [28/10/2014 10:26:32] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1249 octets] ########## -
Malwarebytes Won't Run Please Help
gjwsfg replied to gjwsfg's topic in Resolved Malware Removal Logs
Step 4 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.3.3 (10.21.2014:1)OS: Windows 7 Home Premium x64Ran by Graham on Tue 10/28/2014 at 9:27:30.48~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{449C3E0B-6B73-445B-82AE-3153B5093B57}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5D5EE544-ABDA-4953-9A7B-978D449D9B1D} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\Graham\AppData\Roaming\zip opener packages"Successfully deleted: [Folder] "C:\Users\Graham\appdata\local\cre"Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{0E2F8F2D-BE65-4547-8BCD-1168B8C8C0C2}Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{35EC0B26-C3DE-45D1-8735-60E4F304E918}Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{653CC3CC-00A1-4C15-8D60-EAF71329B5CB}Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{AAE614B3-D42F-42E8-803C-E2E79022C52E}Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{CD1B7AFE-C6EA-4DCC-8271-A2329DB06B13}Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{F219200E-D1E5-4889-A5BC-9AC6F63DED61} ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Tue 10/28/2014 at 9:34:38.96End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -
Malwarebytes Won't Run Please Help
gjwsfg replied to gjwsfg's topic in Resolved Malware Removal Logs
RKill Log: Rkill 2.6.8 by Lawrence Abrams (Grinler)http://www.bleepingcomputer.com/Copyright 2008-2014 BleepingComputer.comMore Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 10/25/2014 02:54:32 PM in x64 mode.Windows Version: Windows 7 Home Premium Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * C:\Windows\SysWOW64\ezSharedSvcHost.exe (PID: 2084) [WD-HEUR] 1 proccess terminated! Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * No issues found. Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. Program finished at: 10/25/2014 03:00:02 PMExecution time: 0 hours(s), 5 minute(s), and 30 seconds(s) -
Malwarebytes Won't Run Please Help
gjwsfg replied to gjwsfg's topic in Resolved Malware Removal Logs
Roguekiller Log: RogueKiller V10.0.3.0 (x64) [Oct 16 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Graham [Administrator]Mode : Scan -- Date : 10/25/2014 16:22:44 ¤¤¤ Processes : 3 ¤¤¤[suspicious.Path] Dashlane.exe -- C:\Users\Graham\AppData\Roaming\Dashlane\Dashlane.exe[7] -> Killed [TermProc][suspicious.Path] agent.exe -- C:\ProgramData\FLEXnet\Connect\11\agent.exe[7] -> Killed [TermProc][suspicious.Path] DashlanePlugin.exe -- C:\Users\Graham\AppData\Roaming\Dashlane\DashlanePlugin.exe[7] -> Killed [TermProc] ¤¤¤ Registry : 22 ¤¤¤[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-356050647-1739812504-2184696174-1001\Software\Microsoft\Windows\CurrentVersion\Run | Dashlane : "C:\Users\Graham\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup -> Found[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-356050647-1739812504-2184696174-1001\Software\Microsoft\Windows\CurrentVersion\Run | SmartAnalyzer for SmartOffice : C:\Users\Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ebix Inc\SmartAnalyzer for SmartOffice - Installer.appref-ms -> Found[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-356050647-1739812504-2184696174-1001\Software\Microsoft\Windows\CurrentVersion\Run | SmartOffice Desktop Integrations : C:\Users\Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ebix Inc\SmartOffice Desktop Integrations 2.0 - Installer.appref-ms -> Found[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-356050647-1739812504-2184696174-1001\Software\Microsoft\Windows\CurrentVersion\Run | Dashlane : "C:\Users\Graham\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup -> Found[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-356050647-1739812504-2184696174-1001\Software\Microsoft\Windows\CurrentVersion\Run | SmartAnalyzer for SmartOffice : C:\Users\Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ebix Inc\SmartAnalyzer for SmartOffice - Installer.appref-ms -> Found[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-356050647-1739812504-2184696174-1001\Software\Microsoft\Windows\CurrentVersion\Run | SmartOffice Desktop Integrations : C:\Users\Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ebix Inc\SmartOffice Desktop Integrations 2.0 - Installer.appref-ms -> Found[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ExpatShieldService (C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe) -> Found[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ExpatSrv (C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe) -> Found[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ExpatTrayService (C:\Program Files (x86)\Expat Shield\bin\ExpatTrayService.EXE) -> Found[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ExpatWd (C:\Program Files (x86)\Expat Shield\bin\hsswd.exe -product Expat) -> Found[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ExpatShieldService (C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe) -> Found[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ExpatSrv (C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe) -> Found[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ExpatTrayService (C:\Program Files (x86)\Expat Shield\bin\ExpatTrayService.EXE) -> Found[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ExpatWd (C:\Program Files (x86)\Expat Shield\bin\hsswd.exe -product Expat) -> Found[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ExpatShieldService (C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe) -> Found[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ExpatSrv (C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe) -> Found[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ExpatTrayService (C:\Program Files (x86)\Expat Shield\bin\ExpatTrayService.EXE) -> Found[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ExpatWd (C:\Program Files (x86)\Expat Shield\bin\hsswd.exe -product Expat) -> Found[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found ¤¤¤ Tasks : 1 ¤¤¤[suspicious.Path] \\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} -- "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" (/silent $(Arg0)) -> Found ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: TOSHIBA MK6476GSX SATA Disk Device +++++--- User ---[MBR] dcddd2988da2953f970b7cf3aad93e31[bSP] df2c1c2e7bbff6bdec1ef9d26964e6b2 : Windows Vista/7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 595424 MB2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1219837952 | Size: 14752 MB3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 1250050048 | Size: 103 MBUser = LL1 ... OKUser != LL2 ... KO!--- LL2 ---[MBR] c6a45de37da3e0338231e05937094ca6[bSP] df2c1c2e7bbff6bdec1ef9d26964e6b2 : Windows Vista/7/8 MBR CodePartition table:0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 77824 MB1 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 159793152 | Size: 400 MB -
Malwarebytes Won't Run Please Help
gjwsfg replied to gjwsfg's topic in Resolved Malware Removal Logs
Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 10/25/2014 Scan Time: 3:06:48 PM Logfile: Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.10.25.05 Rootkit Database: v2014.10.22.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Graham Scan Type: Threat Scan Result: Completed Objects Scanned: 393628 Time Elapsed: 51 min, 3 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) -
I cannot get malwarebytes to load or run. I have tried running it via chameleon and it does not run. Please find attached to this post the farbar scan logs. Thanks in advance for your help. Addition.txt FRST.txt
-
I believe that I have a virus, rootkit, or malware on my computer. My computer is not allowing me to run malwarebytes. I have tried rebooting and also running malwarebytes via chameleon and it will not work. Please help. I wish to avoid reformatting my hard drive if at all possible. Thank you.